Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SetupWIService.exe

Overview

General Information

Sample Name:SetupWIService.exe
Analysis ID:775485
MD5:1927469a9b3fe32f0a7c8216f444bf7c
SHA1:4f67b5dd3d3388fa4f6af3b0bb629778c27ee94c
SHA256:88c12a9f7e73f96f292fb0ca2b34c86b6d2eae652c5c1169ecc29941937d7d81
Infos:

Detection

Score:42
Range:0 - 100
Whitelisted:false
Confidence:100%

Compliance

Score:32
Range:0 - 100

Signatures

Uses netstat to query active network connections and open ports
Gathers network related connection and port information
Modifies the hosts file
Sets file extension default program settings to executables
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
May sleep (evasive loops) to hinder dynamic analysis
Contains functionality to shutdown / reboot the system
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
Stores files to the Windows start menu directory
Contains functionality to dynamically determine API calls
Found dropped PE file which has not been started or loaded
HTTP GET or POST without a user agent
Contains long sleeps (>= 3 min)
Enables debug privileges
EXE planting / hijacking vulnerabilities found
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Queries information about the installed CPU (vendor, model number etc)
AV process strings found (often used to terminate AV products)
PE file contains an invalid checksum
Drops PE files
Uses taskkill to terminate processes
Creates a process in suspended mode (likely to inject code)
Contains functionality for read data from the clipboard

Classification

Process Tree

  • System is w10x64
  • SetupWIService.exe (PID: 1316 cmdline: C:\Users\user\Desktop\SetupWIService.exe MD5: 1927469A9B3FE32F0A7C8216F444BF7C)
    • cmd.exe (PID: 4660 cmdline: cmd /C taskkill /F /IM WIService.exe MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • conhost.exe (PID: 6104 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • taskkill.exe (PID: 5156 cmdline: taskkill /F /IM WIService.exe MD5: 15E2E0ACD891510C6268CB8899F2A1A1)
    • cmd.exe (PID: 4760 cmdline: cmd /C taskkill /F /IM WIui.exe MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • conhost.exe (PID: 2192 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • taskkill.exe (PID: 4748 cmdline: taskkill /F /IM WIui.exe MD5: 15E2E0ACD891510C6268CB8899F2A1A1)
    • cmd.exe (PID: 5176 cmdline: cmd /C taskkill /F /IM wirtpproxy.exe MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • conhost.exe (PID: 3996 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • taskkill.exe (PID: 5148 cmdline: taskkill /F /IM wirtpproxy.exe MD5: 15E2E0ACD891510C6268CB8899F2A1A1)
    • cmd.exe (PID: 1516 cmdline: cmd /C taskkill /F /IM wiservice-ui.exe MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • conhost.exe (PID: 4824 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • taskkill.exe (PID: 2224 cmdline: taskkill /F /IM wiservice-ui.exe MD5: 15E2E0ACD891510C6268CB8899F2A1A1)
    • cmd.exe (PID: 1888 cmdline: cmd /C taskkill /F /IM vncsrv.exe MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • conhost.exe (PID: 1700 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • taskkill.exe (PID: 2040 cmdline: taskkill /F /IM vncsrv.exe MD5: 15E2E0ACD891510C6268CB8899F2A1A1)
    • wiservice.exe (PID: 2556 cmdline: "C:\Program Files (x86)\Wildix\WIService\wiservice.exe" --proxyex MD5: 723F23EEFB213A23959A28D1ED11D42D)
    • wiservice.exe (PID: 3644 cmdline: "C:\Program Files (x86)\Wildix\WIService\wiservice.exe" --installsvc MD5: 723F23EEFB213A23959A28D1ED11D42D)
    • explorer.exe (PID: 5144 cmdline: C:\Windows\explorer.exe" "C:\Program Files (x86)\Wildix\WIService\proxyex.lnk MD5: AD5296B280E8F522A8A897C96BAB0E1D)
    • explorer.exe (PID: 2024 cmdline: C:\Windows\explorer.exe" "C:\Program Files (x86)\Wildix\WIService\wiservice.exe MD5: AD5296B280E8F522A8A897C96BAB0E1D)
  • wiservice.exe (PID: 4768 cmdline: "C:\Program Files (x86)\Wildix\WIService\wiservice.exe" --hostsvc MD5: 723F23EEFB213A23959A28D1ED11D42D)
    • wiservice.exe (PID: 5208 cmdline: "C:\Program Files (x86)\Wildix\WIService\wiservice.exe" --watchdog MD5: 723F23EEFB213A23959A28D1ED11D42D)
      • NETSTAT.EXE (PID: 4184 cmdline: netstat -ano -p tcp MD5: 4E20FF629119A809BC0E7EE2D18A7FDB)
        • conhost.exe (PID: 5196 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • NETSTAT.EXE (PID: 4748 cmdline: netstat -ano -p tcp MD5: 4E20FF629119A809BC0E7EE2D18A7FDB)
        • conhost.exe (PID: 632 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • NETSTAT.EXE (PID: 5032 cmdline: netstat -ano -p tcp MD5: 4E20FF629119A809BC0E7EE2D18A7FDB)
        • conhost.exe (PID: 4672 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • NETSTAT.EXE (PID: 4604 cmdline: netstat -ano -p tcp MD5: 4E20FF629119A809BC0E7EE2D18A7FDB)
        • conhost.exe (PID: 4864 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • NETSTAT.EXE (PID: 204 cmdline: netstat -ano -p tcp MD5: 4E20FF629119A809BC0E7EE2D18A7FDB)
        • conhost.exe (PID: 2120 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • NETSTAT.EXE (PID: 1236 cmdline: netstat -ano -p tcp MD5: 4E20FF629119A809BC0E7EE2D18A7FDB)
        • conhost.exe (PID: 3816 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • NETSTAT.EXE (PID: 5312 cmdline: netstat -ano -p tcp MD5: 4E20FF629119A809BC0E7EE2D18A7FDB)
        • conhost.exe (PID: 5080 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • explorer.exe (PID: 4824 cmdline: C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding MD5: AD5296B280E8F522A8A897C96BAB0E1D)
    • wiservice.exe (PID: 64 cmdline: "C:\Program Files (x86)\Wildix\WIService\wiservice.exe" --proxyex MD5: 723F23EEFB213A23959A28D1ED11D42D)
  • explorer.exe (PID: 3836 cmdline: C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding MD5: AD5296B280E8F522A8A897C96BAB0E1D)
    • wiservice.exe (PID: 2736 cmdline: "C:\Program Files (x86)\Wildix\WIService\wiservice.exe" MD5: 723F23EEFB213A23959A28D1ED11D42D)
  • wiservice.exe (PID: 3372 cmdline: "C:\Program Files (x86)\Wildix\WIService\WIService.exe" MD5: 723F23EEFB213A23959A28D1ED11D42D)
    • NETSTAT.EXE (PID: 5272 cmdline: netstat -ano -p tcp MD5: 4E20FF629119A809BC0E7EE2D18A7FDB)
      • conhost.exe (PID: 5764 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results
Source: wiservice.exe, 00000010.00000002.324517941.0000000001128000.00000002.00000001.01000000.00000007.sdmpBinary or memory string: -----BEGIN PUBLIC KEY-----
Source: C:\Users\user\Desktop\SetupWIService.exeEXE: cmd.exeJump to behavior

Compliance

barindex
Uses 32bit PE files
Source: SetupWIService.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
EXE planting / hijacking vulnerabilities found
Source: C:\Users\user\Desktop\SetupWIService.exeEXE: cmd.exeJump to behavior
PE / OLE file has a valid certificate
Source: SetupWIService.exeStatic PE information: certificate valid
Contains modern PE file flags such as dynamic base (ASLR) or NX
Source: SetupWIService.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Binary contains paths to debug symbols
Source: Binary string: C:\Projects\wiservice\deploy\win-x86-release\wiservice.pdb source: wiservice.exe, 00000010.00000002.324517941.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000010.00000000.319379682.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000011.00000000.321910308.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000011.00000002.334880046.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000012.00000000.325633722.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000012.00000002.692533559.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000014.00000002.692657484.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000014.00000000.336203252.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000018.00000002.345161855.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000018.00000000.339633784.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000019.00000000.339294396.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000019.00000002.692684451.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001A.00000000.341770215.0000000001128000.00000002.00000001.01000000.00000007.sdmp
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DRMD160_ASM -DAESNI_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM source: wiservice.exe, 00000010.00000002.324517941.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000010.00000000.319379682.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000011.00000000.321910308.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000011.00000002.334880046.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000012.00000000.325633722.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000012.00000002.692533559.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000014.00000002.692657484.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000014.00000000.336203252.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000018.00000002.345161855.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000018.00000000.339633784.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000019.00000000.339294396.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000019.00000002.692684451.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001A.00000000.341770215.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001A.00000002.347903089.0000000001128000.00000002.00000001.01000000.00000007.sdmp
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DRMD160_ASM -DAESNI_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASMcrypto\rand\randfile.cFilename=RANDFILE.rndPs source: wiservice.exe, 00000010.00000002.324517941.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000010.00000000.319379682.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000011.00000000.321910308.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000011.00000002.334880046.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000012.00000000.325633722.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000012.00000002.692533559.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000014.00000002.692657484.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000014.00000000.336203252.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000018.00000002.345161855.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000018.00000000.339633784.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000019.00000000.339294396.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000019.00000002.692684451.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001A.00000000.341770215.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001A.00000002.347903089.0000000001128000.00000002.00000001.01000000.00000007.sdmp
Source: C:\Users\user\Desktop\SetupWIService.exeCode function: 0_2_00402765 FindFirstFileA,0_2_00402765
Source: C:\Users\user\Desktop\SetupWIService.exeCode function: 0_2_00406313 FindFirstFileA,FindClose,0_2_00406313
Source: C:\Users\user\Desktop\SetupWIService.exeCode function: 0_2_004057D8 GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,0_2_004057D8

Networking

barindex
Uses netstat to query active network connections and open ports
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeProcess created: C:\Windows\SysWOW64\NETSTAT.EXE netstat -ano -p tcp
Source: global trafficHTTP traffic detected: POST /api/v1/Analytics/wiservice HTTP/1.1Host: feedback.wildix.comAccept: */*Content-Length: 331Content-Type: application/x-www-form-urlencoded
Source: unknownNetwork traffic detected: HTTP traffic on port 49701 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49701
Source: wiservice.exe, 00000014.00000003.532516993.0000000000A24000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.473818095.0000000000A23000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.428861311.0000000000A23000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.567571994.0000000000A24000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.468147542.0000000000A24000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.518146565.0000000000A24000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.612314250.0000000000A23000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.473734859.0000000000A23000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.383963788.0000000000A24000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.612105223.0000000000A23000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.428711648.0000000000A23000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.567392608.0000000000A24000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.657622826.0000000000A23000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.657799339.0000000000A23000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.618332679.0000000000A24000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000019.00000002.695729947.0000000004876000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl
Source: wiservice.exe, 00000014.00000003.567456524.0000000000A38000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.612144297.0000000000A37000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.473818095.0000000000A23000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000002.691715949.0000000000A24000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.657707618.0000000000A3C000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000002.691786668.0000000000A38000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.567571994.0000000000A24000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.612261661.00000000028DD000.00000004.00000800.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.661330528.0000000000A38000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.657667797.0000000000A38000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.567631033.0000000000A38000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.428874755.00000000028DC000.00000004.00000800.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.518205999.0000000000A38000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.403372884.00000000028BC000.00000004.00000800.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.383996726.00000000028BA000.00000004.00000800.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.428834068.0000000000A2D000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.612272008.0000000000A3D000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.428827831.00000000028DC000.00000004.00000800.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.473734859.0000000000A23000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.612353461.0000000000A37000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.612216407.0000000000A3C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
Source: wiservice.exe, 00000014.00000003.473818095.0000000000A23000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.428861311.0000000000A23000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.468147542.0000000000A24000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.473734859.0000000000A23000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.428711648.0000000000A23000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.657622826.0000000000A23000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.657799339.0000000000A23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crlxe
Source: wiservice.exe, 00000019.00000002.695793174.000000000488A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.k
Source: wiservice.exe, 00000014.00000003.473818095.0000000000A23000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.473734859.0000000000A23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crt.l
Source: wiservice.exe, 00000019.00000002.695793174.000000000488A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoRSADomainVali
Source: wiservice.exe, 00000014.00000003.567456524.0000000000A38000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.657707618.0000000000A3C000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.428861311.0000000000A23000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.567571994.0000000000A24000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.567631033.0000000000A38000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.468147542.0000000000A24000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.518205999.0000000000A38000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.403372884.00000000028BC000.00000004.00000800.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.612314250.0000000000A23000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.383996726.00000000028BA000.00000004.00000800.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.612272008.0000000000A3D000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.612216407.0000000000A3C000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.612105223.0000000000A23000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.428711648.0000000000A23000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.567392608.0000000000A24000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.657622826.0000000000A23000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.489729574.00000000009F8000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.384059630.00000000028BA000.00000004.00000800.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.657799339.0000000000A23000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000019.00000002.695824219.00000000048ED000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt0#
Source: SetupWIService.exe, 00000000.00000002.691688266.0000000000807000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://firmwares.wildix.com/app/integrations/vc_redist_2019.x86.exe
Source: SetupWIService.exe, 00000000.00000002.691688266.0000000000807000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://firmwares.wildix.com/app/integrations/vc_redist_2019.x86.exegetOKError
Source: wiservice.exe, 00000010.00000002.324517941.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000010.00000000.319379682.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000011.00000000.321910308.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000011.00000002.334880046.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000012.00000000.325633722.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000012.00000002.692533559.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000014.00000002.692657484.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000014.00000000.336203252.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000018.00000002.345161855.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000018.00000000.339633784.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000019.00000000.339294396.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000019.00000002.692684451.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001A.00000000.341770215.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001A.00000002.347903089.0000000001128000.00000002.00000001.01000000.00000007.sdmpString found in binary or memory: http://jimmac.musichall.cz
Source: SetupWIService.exe, SetupWIService.exe, 00000000.00000003.316547655.0000000000855000.00000004.00000020.00020000.00000000.sdmp, SetupWIService.exe, 00000000.00000002.691080261.000000000040A000.00000004.00000001.01000000.00000003.sdmp, SetupWIService.exe, 00000000.00000000.296555763.000000000040A000.00000008.00000001.01000000.00000003.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_Error
Source: SetupWIService.exe, 00000000.00000003.316547655.0000000000855000.00000004.00000020.00020000.00000000.sdmp, SetupWIService.exe, 00000000.00000002.691080261.000000000040A000.00000004.00000001.01000000.00000003.sdmp, SetupWIService.exe, 00000000.00000000.296555763.000000000040A000.00000008.00000001.01000000.00000003.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: wiservice.exe, 00000014.00000003.384095872.00000000028BF000.00000004.00000800.00020000.00000000.sdmp, wiservice.exe, 00000019.00000002.695299237.000000000453C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com
Source: wiservice.exe, 00000014.00000003.612193679.0000000000A33000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.567456524.0000000000A38000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.612144297.0000000000A37000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.473818095.0000000000A23000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000002.691715949.0000000000A24000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.657707618.0000000000A3C000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000002.691786668.0000000000A38000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.567571994.0000000000A24000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.661330528.0000000000A38000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.657667797.0000000000A38000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.567631033.0000000000A38000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.516841538.00000000028D7000.00000004.00000800.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.518205999.0000000000A38000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.428692001.0000000000A1A000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.567372094.0000000000A1A000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.473865920.00000000028D5000.00000004.00000800.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.518146565.0000000000A24000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.612314250.0000000000A23000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.428834068.0000000000A2D000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.612272008.0000000000A3D000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.518127857.0000000000A1A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0
Source: wiservice.exe, 00000014.00000003.473818095.0000000000A23000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.473734859.0000000000A23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.comA
Source: wiservice.exe, 00000014.00000003.383920968.00000000028B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.comB/
Source: wiservice.exe, 00000014.00000003.489729574.00000000009F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.comer
Source: wiservice.exe, 00000014.00000002.691715949.0000000000A24000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.657622826.0000000000A23000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.657799339.0000000000A23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.coms
Source: wiservice.exe, 00000014.00000003.657622826.0000000000A23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.comslzP(
Source: wiservice.exe, 00000014.00000003.489729574.00000000009F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.sectigo.com
Source: wiservice.exe, 00000014.00000003.612193679.0000000000A33000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.567456524.0000000000A38000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000002.691715949.0000000000A24000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.657707618.0000000000A3C000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.428861311.0000000000A23000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.567571994.0000000000A24000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.567631033.0000000000A38000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.468147542.0000000000A24000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.516841538.00000000028D7000.00000004.00000800.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.518205999.0000000000A38000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.428692001.0000000000A1A000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.403372884.00000000028BC000.00000004.00000800.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.567372094.0000000000A1A000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.473865920.00000000028D5000.00000004.00000800.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.518146565.0000000000A24000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.612314250.0000000000A23000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.383996726.00000000028BA000.00000004.00000800.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.612272008.0000000000A3D000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.518127857.0000000000A1A000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.473709291.0000000000A1A000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.612216407.0000000000A3C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.sectigo.com09
Source: SetupWIService.exe, 00000000.00000002.691688266.0000000000807000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pbx.wildix.com
Source: SetupWIService.exe, 00000000.00000002.691688266.0000000000807000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pbx.wildix.comDisplayIconuninstall.exe
Source: wiservice.exe, 00000010.00000002.324517941.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000010.00000000.319379682.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000011.00000000.321910308.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000011.00000002.334880046.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000012.00000000.325633722.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000012.00000002.692533559.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000014.00000002.692657484.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000014.00000000.336203252.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000018.00000002.345161855.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000018.00000000.339633784.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000019.00000000.339294396.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000019.00000002.692684451.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001A.00000000.341770215.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001A.00000002.347903089.0000000001128000.00000002.00000001.01000000.00000007.sdmpString found in binary or memory: http://www.gimp.orgg
Source: wiservice.exe, 00000010.00000002.324517941.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000010.00000000.319379682.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000011.00000000.321910308.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000011.00000002.334880046.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000012.00000000.325633722.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000012.00000002.693210661.0000000001D17000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000012.00000002.692533559.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000014.00000002.692657484.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000014.00000000.336203252.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000018.00000002.345161855.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000018.00000000.339633784.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000019.00000000.339294396.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000019.00000002.692684451.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001A.00000000.341770215.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001A.00000002.347903089.0000000001128000.00000002.00000001.01000000.00000007.sdmpString found in binary or memory: https://backtrace.wildix.com/api/v1/IntegrationService/Trace/
Source: wiservice.exe, 00000012.00000002.693210661.0000000001D17000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://backtrace.wildix.com/api/v1/IntegrationService/Trace/j
Source: wiservice.exe, 00000010.00000002.324517941.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000010.00000000.319379682.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000011.00000000.321910308.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000011.00000002.334880046.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000012.00000000.325633722.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000012.00000002.692533559.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000014.00000002.692657484.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000014.00000000.336203252.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000018.00000002.345161855.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000018.00000000.339633784.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000019.00000000.339294396.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000019.00000002.692684451.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001A.00000000.341770215.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001A.00000002.347903089.0000000001128000.00000002.00000001.01000000.00000007.sdmpString found in binary or memory: https://backtrace.wildix.com/api/v1/IntegrationService/Trace/sysInfo.txtignored_processed_--dumpSend
Source: wiservice.exe, 00000010.00000002.324517941.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000010.00000000.319379682.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000011.00000000.321910308.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000011.00000002.334880046.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000012.00000000.325633722.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000012.00000002.692533559.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000014.00000002.692657484.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000014.00000000.336203252.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000018.00000002.345161855.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000018.00000000.339633784.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000019.00000000.339294396.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000019.00000002.692684451.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001A.00000000.341770215.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001A.00000002.347903089.0000000001128000.00000002.00000001.01000000.00000007.sdmpString found in binary or memory: https://curl.haxx.se/docs/http-cookies.html
Source: wiservice.exe, 00000010.00000002.324517941.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000010.00000000.319379682.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000011.00000000.321910308.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000011.00000002.334880046.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000012.00000000.325633722.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000012.00000002.692533559.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000014.00000002.692657484.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000014.00000000.336203252.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000018.00000002.345161855.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000018.00000000.339633784.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000019.00000000.339294396.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000019.00000002.692684451.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001A.00000000.341770215.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001A.00000002.347903089.0000000001128000.00000002.00000001.01000000.00000007.sdmpString found in binary or memory: https://feedback.wildix.com/api/v1/Analytics/wiservice
Source: wiservice.exe, 00000010.00000002.324517941.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000010.00000000.319379682.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000011.00000000.321910308.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000011.00000002.334880046.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000012.00000000.325633722.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000012.00000002.692533559.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000014.00000002.692657484.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000014.00000000.336203252.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000018.00000002.345161855.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000018.00000000.339633784.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000019.00000000.339294396.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000019.00000002.692684451.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001A.00000000.341770215.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001A.00000002.347903089.0000000001128000.00000002.00000001.01000000.00000007.sdmpString found in binary or memory: https://feedback.wildix.com/api/v1/Analytics/wiserviceappNamedataextextensionapppbxhostnameuserconte
Source: wiservice.exe, 00000014.00000003.567456524.0000000000A38000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.657707618.0000000000A3C000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.428861311.0000000000A23000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.567571994.0000000000A24000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.567631033.0000000000A38000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.468147542.0000000000A24000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.518205999.0000000000A38000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.403372884.00000000028BC000.00000004.00000800.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.612314250.0000000000A23000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.383996726.00000000028BA000.00000004.00000800.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.612272008.0000000000A3D000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.612216407.0000000000A3C000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.612105223.0000000000A23000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.428711648.0000000000A23000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.567392608.0000000000A24000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.657622826.0000000000A23000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.489729574.00000000009F8000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.384059630.00000000028BA000.00000004.00000800.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.657799339.0000000000A23000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000019.00000002.695824219.00000000048ED000.00000004.00000800.00020000.00000000.sdmp, wiservice.exe, 00000019.00000002.695793174.000000000488A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sectigo.com/CPS0
Source: unknownHTTP traffic detected: POST /api/v1/Analytics/wiservice HTTP/1.1Host: feedback.wildix.comAccept: */*Content-Length: 331Content-Type: application/x-www-form-urlencoded
Source: unknownDNS traffic detected: queries for: feedback.wildix.com
Source: C:\Users\user\Desktop\SetupWIService.exeCode function: 0_2_00405275 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,FindCloseChangeNotification,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_00405275

Spam, unwanted Advertisements and Ransom Demands

barindex
Modifies the hosts file
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeFile written: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: SetupWIService.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: C:\Users\user\Desktop\SetupWIService.exeCode function: 0_2_0040326B EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_0040326B
Source: C:\Users\user\Desktop\SetupWIService.exeCode function: 0_2_00406FC40_2_00406FC4
Source: C:\Users\user\Desktop\SetupWIService.exeCode function: 0_2_004067ED0_2_004067ED
Source: C:\Users\user\Desktop\SetupWIService.exeCode function: 0_2_6F541A980_2_6F541A98
Source: C:\Users\user\Desktop\SetupWIService.exeFile read: C:\Users\user\Desktop\SetupWIService.exeJump to behavior
Source: SetupWIService.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\SetupWIService.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\SetupWIService.exe C:\Users\user\Desktop\SetupWIService.exe
Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM WIService.exe
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WIService.exe
Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM WIui.exe
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WIui.exe
Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM wirtpproxy.exe
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM wirtpproxy.exe
Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM wiservice-ui.exe
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM wiservice-ui.exe
Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM vncsrv.exe
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM vncsrv.exe
Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Program Files (x86)\Wildix\WIService\wiservice.exe "C:\Program Files (x86)\Wildix\WIService\wiservice.exe" --proxyex
Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Program Files (x86)\Wildix\WIService\wiservice.exe "C:\Program Files (x86)\Wildix\WIService\wiservice.exe" --installsvc
Source: unknownProcess created: C:\Program Files (x86)\Wildix\WIService\wiservice.exe "C:\Program Files (x86)\Wildix\WIService\wiservice.exe" --hostsvc
Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\explorer.exe C:\Windows\explorer.exe" "C:\Program Files (x86)\Wildix\WIService\proxyex.lnk
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeProcess created: C:\Program Files (x86)\Wildix\WIService\wiservice.exe "C:\Program Files (x86)\Wildix\WIService\wiservice.exe" --watchdog
Source: unknownProcess created: C:\Windows\explorer.exe C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\explorer.exe C:\Windows\explorer.exe" "C:\Program Files (x86)\Wildix\WIService\wiservice.exe
Source: unknownProcess created: C:\Windows\explorer.exe C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
Source: C:\Windows\System32\conhost.exeProcess created: C:\Program Files (x86)\Wildix\WIService\wiservice.exe "C:\Program Files (x86)\Wildix\WIService\wiservice.exe" --proxyex
Source: unknownProcess created: C:\Program Files (x86)\Wildix\WIService\wiservice.exe "C:\Program Files (x86)\Wildix\WIService\WIService.exe"
Source: C:\Windows\explorer.exeProcess created: C:\Program Files (x86)\Wildix\WIService\wiservice.exe "C:\Program Files (x86)\Wildix\WIService\wiservice.exe"
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeProcess created: C:\Windows\SysWOW64\NETSTAT.EXE netstat -ano -p tcp
Source: C:\Windows\SysWOW64\NETSTAT.EXEProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeProcess created: C:\Windows\SysWOW64\NETSTAT.EXE netstat -ano -p tcp
Source: C:\Windows\SysWOW64\NETSTAT.EXEProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeProcess created: C:\Windows\SysWOW64\NETSTAT.EXE netstat -ano -p tcp
Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeProcess created: C:\Windows\SysWOW64\NETSTAT.EXE netstat -ano -p tcp
Source: C:\Windows\SysWOW64\NETSTAT.EXEProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeProcess created: C:\Windows\SysWOW64\NETSTAT.EXE netstat -ano -p tcp
Source: C:\Windows\SysWOW64\NETSTAT.EXEProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeProcess created: C:\Windows\SysWOW64\NETSTAT.EXE netstat -ano -p tcp
Source: C:\Windows\SysWOW64\NETSTAT.EXEProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeProcess created: C:\Windows\SysWOW64\NETSTAT.EXE netstat -ano -p tcp
Source: C:\Windows\SysWOW64\NETSTAT.EXEProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeProcess created: C:\Windows\SysWOW64\NETSTAT.EXE netstat -ano -p tcp
Source: C:\Windows\SysWOW64\NETSTAT.EXEProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM WIService.exeJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM WIui.exeJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM wirtpproxy.exeJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM wiservice-ui.exeJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM vncsrv.exeJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Program Files (x86)\Wildix\WIService\wiservice.exe "C:\Program Files (x86)\Wildix\WIService\wiservice.exe" --proxyexJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Program Files (x86)\Wildix\WIService\wiservice.exe "C:\Program Files (x86)\Wildix\WIService\wiservice.exe" --installsvcJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\explorer.exe C:\Windows\explorer.exe" "C:\Program Files (x86)\Wildix\WIService\proxyex.lnkJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\explorer.exe C:\Windows\explorer.exe" "C:\Program Files (x86)\Wildix\WIService\wiservice.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WIService.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WIui.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM wirtpproxy.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM wiservice-ui.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM vncsrv.exeJump to behavior
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeProcess created: C:\Program Files (x86)\Wildix\WIService\wiservice.exe "C:\Program Files (x86)\Wildix\WIService\wiservice.exe" --watchdogJump to behavior
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeProcess created: C:\Windows\SysWOW64\NETSTAT.EXE netstat -ano -p tcpJump to behavior
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeProcess created: C:\Windows\SysWOW64\NETSTAT.EXE netstat -ano -p tcpJump to behavior
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeProcess created: C:\Windows\SysWOW64\NETSTAT.EXE netstat -ano -p tcpJump to behavior
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeProcess created: C:\Windows\SysWOW64\NETSTAT.EXE netstat -ano -p tcpJump to behavior
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeProcess created: C:\Windows\SysWOW64\NETSTAT.EXE netstat -ano -p tcpJump to behavior
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeProcess created: C:\Windows\SysWOW64\NETSTAT.EXE netstat -ano -p tcpJump to behavior
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeProcess created: C:\Windows\SysWOW64\NETSTAT.EXE netstat -ano -p tcpJump to behavior
Source: C:\Windows\explorer.exeProcess created: C:\Program Files (x86)\Wildix\WIService\wiservice.exe "C:\Program Files (x86)\Wildix\WIService\wiservice.exe" --proxyexJump to behavior
Source: C:\Windows\explorer.exeProcess created: C:\Program Files (x86)\Wildix\WIService\wiservice.exe "C:\Program Files (x86)\Wildix\WIService\wiservice.exe"
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeProcess created: C:\Windows\SysWOW64\NETSTAT.EXE netstat -ano -p tcp
Source: C:\Users\user\Desktop\SetupWIService.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
Source: Uninstall.lnk.0.drLNK file: ..\..\..\..\..\..\..\Program Files (x86)\Wildix\WIService\uninstall.exe
Source: C:\Users\user\Desktop\SetupWIService.exeCode function: 0_2_0040326B EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_0040326B
Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "WIService.exe")
Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "WIui.exe")
Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "wirtpproxy.exe")
Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "wiservice-ui.exe")
Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "vncsrv.exe")
Source: C:\Windows\SysWOW64\NETSTAT.EXEWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "WIui.exe")
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeFile created: C:\Users\user\AppData\Roaming\WildixJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\Users\user\AppData\Local\Temp\nsa591C.tmpJump to behavior
Source: classification engineClassification label: mal42.troj.adwa.spyw.evad.winEXE@68/16@1/3
Source: C:\Users\user\Desktop\SetupWIService.exeCode function: 0_2_00402138 CoCreateInstance,MultiByteToWideChar,0_2_00402138
Source: C:\Users\user\Desktop\SetupWIService.exeFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeCode function: 0_2_00404530 GetDlgItem,SetWindowTextA,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA,0_2_00404530
Source: wiservice.exe, 00000010.00000002.324517941.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000010.00000000.319379682.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000011.00000000.321910308.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000011.00000002.334880046.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000012.00000000.325633722.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000012.00000002.692533559.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000014.00000002.692657484.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000014.00000000.336203252.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000018.00000002.345161855.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000018.00000000.339633784.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000019.00000000.339294396.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000019.00000002.692684451.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001A.00000000.341770215.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001A.00000002.347903089.0000000001128000.00000002.00000001.01000000.00000007.sdmpBinary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
Source: wiservice.exe, 00000010.00000002.324517941.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000010.00000000.319379682.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000011.00000000.321910308.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000011.00000002.334880046.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000012.00000000.325633722.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000012.00000002.692533559.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000014.00000002.692657484.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000014.00000000.336203252.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000018.00000002.345161855.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000018.00000000.339633784.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000019.00000000.339294396.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000019.00000002.692684451.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001A.00000000.341770215.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001A.00000002.347903089.0000000001128000.00000002.00000001.01000000.00000007.sdmpBinary or memory string: UPDATE %Q.%s SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:4864:120:WilError_01
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6104:120:WilError_01
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeMutant created: \Sessions\1\BaseNamedObjects\Local\com.wildix.desktop-integration.service
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5764:120:WilError_01
Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:5080:120:WilError_01
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3996:120:WilError_01
Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:2120:120:WilError_01
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeMutant created: \BaseNamedObjects\Local\com.wildix.desktop-integration.svchost
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeMutant created: \Sessions\1\BaseNamedObjects\Local\com.wildix.desktop-integration.proxyex
Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:4672:120:WilError_01
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2192:120:WilError_01
Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:632:120:WilError_01
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeMutant created: \BaseNamedObjects\Local\com.wildix.desktop-integration.watchdog
Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:3816:120:WilError_01
Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:5196:120:WilError_01
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WIS
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4824:120:WilError_01
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1700:120:WilError_01
Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\Program Files (x86)\WildixJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\explorer.exe
Source: unknownProcess created: C:\Windows\explorer.exe
Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\explorer.exe
Source: unknownProcess created: C:\Windows\explorer.exe
Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\explorer.exeJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\explorer.exeJump to behavior
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: SetupWIService.exeStatic file information: File size 4383096 > 1048576
Source: SetupWIService.exeStatic PE information: certificate valid
Source: SetupWIService.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: C:\Projects\wiservice\deploy\win-x86-release\wiservice.pdb source: wiservice.exe, 00000010.00000002.324517941.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000010.00000000.319379682.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000011.00000000.321910308.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000011.00000002.334880046.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000012.00000000.325633722.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000012.00000002.692533559.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000014.00000002.692657484.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000014.00000000.336203252.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000018.00000002.345161855.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000018.00000000.339633784.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000019.00000000.339294396.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000019.00000002.692684451.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001A.00000000.341770215.0000000001128000.00000002.00000001.01000000.00000007.sdmp
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DRMD160_ASM -DAESNI_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM source: wiservice.exe, 00000010.00000002.324517941.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000010.00000000.319379682.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000011.00000000.321910308.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000011.00000002.334880046.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000012.00000000.325633722.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000012.00000002.692533559.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000014.00000002.692657484.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000014.00000000.336203252.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000018.00000002.345161855.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000018.00000000.339633784.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000019.00000000.339294396.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000019.00000002.692684451.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001A.00000000.341770215.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001A.00000002.347903089.0000000001128000.00000002.00000001.01000000.00000007.sdmp
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DRMD160_ASM -DAESNI_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASMcrypto\rand\randfile.cFilename=RANDFILE.rndPs source: wiservice.exe, 00000010.00000002.324517941.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000010.00000000.319379682.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000011.00000000.321910308.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000011.00000002.334880046.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000012.00000000.325633722.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000012.00000002.692533559.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000014.00000002.692657484.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000014.00000000.336203252.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000018.00000002.345161855.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000018.00000000.339633784.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000019.00000000.339294396.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000019.00000002.692684451.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001A.00000000.341770215.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001A.00000002.347903089.0000000001128000.00000002.00000001.01000000.00000007.sdmp
Source: C:\Users\user\Desktop\SetupWIService.exeCode function: 0_2_6F542F60 push eax; ret 0_2_6F542F8E
Source: C:\Users\user\Desktop\SetupWIService.exeCode function: 0_2_6F541A98 GlobalAlloc,lstrcpyA,lstrcpyA,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyA,GetModuleHandleA,LoadLibraryA,GetProcAddress,lstrlenA,0_2_6F541A98
Source: nsExec.dll.0.drStatic PE information: real checksum: 0x0 should be: 0x8b0f
Source: uninstall.exe.0.drStatic PE information: real checksum: 0x432552 should be: 0x512d8
Source: System.dll.0.drStatic PE information: real checksum: 0x0 should be: 0xd8f8
Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\Program Files (x86)\Wildix\WIService\uninstall.exeJump to dropped file
Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\Users\user\AppData\Local\Temp\nsk595B.tmp\System.dllJump to dropped file
Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\Users\user\AppData\Local\Temp\nsk595B.tmp\nsExec.dllJump to dropped file
Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\Program Files (x86)\Wildix\WIService\wiservice.exeJump to dropped file

Boot Survival

barindex
Sets file extension default program settings to executables
Source: C:\Users\user\Desktop\SetupWIService.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\callto\shell\open\command C:\Program Files (x86)\Wildix\WIService\wiservice.exe %1Jump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\sip\shell\open\command C:\Program Files (x86)\Wildix\WIService\wiservice.exe %1Jump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\wildix\shell\open\command C:\Program Files (x86)\Wildix\WIService\wiservice.exe %1Jump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeRegistry value created: HKEY_CURRENT_USER_Classes\wiservice.callto\shell\open\command C:\Program Files (x86)\Wildix\WIService\wiservice.exe %1Jump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeRegistry value modified: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\tel\shell\open\command C:\Program Files (x86)\Wildix\WIService\wiservice.exe %1Jump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WildixJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wildix\WIServiceJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wildix\WIService\Uninstall.lnkJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exe TID: 4744Thread sleep count: 8375 > 30Jump to behavior
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exe TID: 4744Thread sleep time: -83750s >= -30000sJump to behavior
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exe TID: 2160Thread sleep count: 6245 > 30Jump to behavior
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exe TID: 2160Thread sleep time: -62450s >= -30000sJump to behavior
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exe TID: 2220Thread sleep count: 3102 > 30Jump to behavior
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exe TID: 2220Thread sleep time: -31020s >= -30000sJump to behavior
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exe TID: 2264Thread sleep time: -1844674407370954s >= -30000sJump to behavior
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exe TID: 3676Thread sleep time: -45330s >= -30000s
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Users\user\Desktop\SetupWIService.exeDropped PE file which has not been started: C:\Program Files (x86)\Wildix\WIService\uninstall.exeJump to dropped file
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeWindow / User API: threadDelayed 8375Jump to behavior
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeWindow / User API: threadDelayed 6245Jump to behavior
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeWindow / User API: threadDelayed 3102Jump to behavior
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeWindow / User API: threadDelayed 4533
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeWindow / User API: threadDelayed 1505
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeWindow / User API: threadDelayed 1159
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeCode function: 0_2_00402765 FindFirstFileA,0_2_00402765
Source: C:\Users\user\Desktop\SetupWIService.exeCode function: 0_2_00406313 FindFirstFileA,FindClose,0_2_00406313
Source: C:\Users\user\Desktop\SetupWIService.exeCode function: 0_2_004057D8 GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,0_2_004057D8
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeAPI call chain: ExitProcess graph end nodegraph_0-4270
Source: C:\Users\user\Desktop\SetupWIService.exeAPI call chain: ExitProcess graph end nodegraph_0-4277
Source: explorer.exe, 00000017.00000002.691365908.000000000143A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\xT
Source: explorer.exe, 00000017.00000002.691365908.000000000143A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}iT
Source: explorer.exe, 00000015.00000002.691396478.00000000006A6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}2
Source: wiservice.exe, 00000012.00000002.693210661.0000000001D17000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Users\user\Desktop\SetupWIService.exeCode function: 0_2_6F541A98 GlobalAlloc,lstrcpyA,lstrcpyA,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyA,GetModuleHandleA,LoadLibraryA,GetProcAddress,lstrlenA,0_2_6F541A98
Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\SysWOW64\NETSTAT.EXEProcess token adjusted: Debug
Source: C:\Windows\SysWOW64\NETSTAT.EXEProcess token adjusted: Debug
Source: C:\Windows\SysWOW64\NETSTAT.EXEProcess token adjusted: Debug
Source: C:\Windows\SysWOW64\NETSTAT.EXEProcess token adjusted: Debug
Source: C:\Windows\SysWOW64\NETSTAT.EXEProcess token adjusted: Debug
Source: C:\Windows\SysWOW64\NETSTAT.EXEProcess token adjusted: Debug
Source: C:\Windows\SysWOW64\NETSTAT.EXEProcess token adjusted: Debug
Source: C:\Windows\SysWOW64\NETSTAT.EXEProcess token adjusted: Debug
Source: C:\Windows\SysWOW64\NETSTAT.EXEProcess token adjusted: Debug
Source: C:\Windows\SysWOW64\NETSTAT.EXEProcess token adjusted: Debug
Source: C:\Windows\SysWOW64\NETSTAT.EXEProcess token adjusted: Debug
Source: C:\Windows\SysWOW64\NETSTAT.EXEProcess token adjusted: Debug
Source: C:\Windows\SysWOW64\NETSTAT.EXEProcess token adjusted: Debug
Source: C:\Windows\SysWOW64\NETSTAT.EXEProcess token adjusted: Debug
Source: C:\Windows\SysWOW64\NETSTAT.EXEProcess token adjusted: Debug
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeCode function: 16_2_010D8A00 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,16_2_010D8A00
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeCode function: 20_2_010D8A00 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,20_2_010D8A00

HIPS / PFW / Operating System Protection Evasion

barindex
Modifies the hosts file
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeFile written: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WIService.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WIui.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM wirtpproxy.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM wiservice-ui.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM vncsrv.exeJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM WIService.exeJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM WIui.exeJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM wirtpproxy.exeJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM wiservice-ui.exeJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM vncsrv.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WIService.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WIui.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM wirtpproxy.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM wiservice-ui.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM vncsrv.exeJump to behavior
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeProcess created: C:\Windows\SysWOW64\NETSTAT.EXE netstat -ano -p tcpJump to behavior
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeProcess created: C:\Windows\SysWOW64\NETSTAT.EXE netstat -ano -p tcpJump to behavior
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeProcess created: C:\Windows\SysWOW64\NETSTAT.EXE netstat -ano -p tcpJump to behavior
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeProcess created: C:\Windows\SysWOW64\NETSTAT.EXE netstat -ano -p tcpJump to behavior
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeProcess created: C:\Windows\SysWOW64\NETSTAT.EXE netstat -ano -p tcpJump to behavior
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeProcess created: C:\Windows\SysWOW64\NETSTAT.EXE netstat -ano -p tcpJump to behavior
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeProcess created: C:\Windows\SysWOW64\NETSTAT.EXE netstat -ano -p tcpJump to behavior
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeProcess created: C:\Windows\SysWOW64\NETSTAT.EXE netstat -ano -p tcp
Source: C:\Users\user\Desktop\SetupWIService.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1Jump to behavior
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeCode function: 16_2_010DA26B GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,16_2_010DA26B
Source: C:\Users\user\Desktop\SetupWIService.exeCode function: 0_2_0040326B EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_0040326B

Lowering of HIPS / PFW / Operating System Security Settings

barindex
Modifies the hosts file
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeFile written: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: wiservice.exe, 00000010.00000002.324517941.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000010.00000000.319379682.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000011.00000000.321910308.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000011.00000002.334880046.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000012.00000000.325633722.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000012.00000002.692533559.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000014.00000002.692657484.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000014.00000000.336203252.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000018.00000002.345161855.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000018.00000000.339633784.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000019.00000000.339294396.0000000001128000.00000002.00000001.01000000.00000007.sdmpBinary or memory string: avp.exe

Stealing of Sensitive Information

barindex
Gathers network related connection and port information
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeProcess created: C:\Windows\SysWOW64\NETSTAT.EXE netstat -ano -p tcp
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeProcess created: C:\Windows\SysWOW64\NETSTAT.EXE netstat -ano -p tcp
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeProcess created: C:\Windows\SysWOW64\NETSTAT.EXE netstat -ano -p tcp
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeProcess created: C:\Windows\SysWOW64\NETSTAT.EXE netstat -ano -p tcp
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeProcess created: C:\Windows\SysWOW64\NETSTAT.EXE netstat -ano -p tcp
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeProcess created: C:\Windows\SysWOW64\NETSTAT.EXE netstat -ano -p tcp
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeProcess created: C:\Windows\SysWOW64\NETSTAT.EXE netstat -ano -p tcp
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeProcess created: C:\Windows\SysWOW64\NETSTAT.EXE netstat -ano -p tcp
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeProcess created: C:\Windows\SysWOW64\NETSTAT.EXE netstat -ano -p tcpJump to behavior
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeProcess created: C:\Windows\SysWOW64\NETSTAT.EXE netstat -ano -p tcpJump to behavior
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeProcess created: C:\Windows\SysWOW64\NETSTAT.EXE netstat -ano -p tcpJump to behavior
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeProcess created: C:\Windows\SysWOW64\NETSTAT.EXE netstat -ano -p tcpJump to behavior
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeProcess created: C:\Windows\SysWOW64\NETSTAT.EXE netstat -ano -p tcpJump to behavior
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeProcess created: C:\Windows\SysWOW64\NETSTAT.EXE netstat -ano -p tcpJump to behavior
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeProcess created: C:\Windows\SysWOW64\NETSTAT.EXE netstat -ano -p tcpJump to behavior
Source: C:\Program Files (x86)\Wildix\WIService\wiservice.exeProcess created: C:\Windows\SysWOW64\NETSTAT.EXE netstat -ano -p tcp

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid Accounts1
Windows Management Instrumentation		1
DLL Search Order Hijacking		1
DLL Search Order Hijacking		1
File and Directory Permissions Modification		OS Credential Dumping1
System Time Discovery		Remote Services11
Archive Collected Data		Exfiltration Over Other Network Medium11
Encrypted Channel		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without Authorization1
System Shutdown/Reboot
Default Accounts1
Native API		1
Registry Run Keys / Startup Folder		1
Access Token Manipulation		1
Disable or Modify Tools		LSASS Memory2
System Network Connections Discovery		Remote Desktop Protocol1
Clipboard Data		Exfiltration Over Bluetooth2
Non-Application Layer Protocol		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)11
Process Injection		1
Obfuscated Files or Information		Security Account Manager2
File and Directory Discovery		SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration3
Application Layer Protocol		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)1
Registry Run Keys / Startup Folder		1
DLL Search Order Hijacking		NTDS25
System Information Discovery		Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script12
Masquerading		LSA Secrets11
Security Software Discovery		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
Replication Through Removable MediaLaunchdRc.commonRc.common21
Virtualization/Sandbox Evasion		Cached Domain Credentials1
Process Discovery		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
External Remote ServicesScheduled TaskStartup ItemsStartup Items1
Access Token Manipulation		DCSync21
Virtualization/Sandbox Evasion		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/Job11
Process Injection		Proc Filesystem1
Application Window Discovery		Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)Masquerading/etc/passwd and /etc/shadow1
Remote System Discovery		Software Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction
Supply Chain CompromiseAppleScriptAt (Windows)At (Windows)Invalid Code SignatureNetwork Sniffing1
System Network Configuration Discovery		Taint Shared ContentLocal Data StagingExfiltration Over Unencrypted/Obfuscated Non-C2 ProtocolFile Transfer ProtocolsData Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 775485 Sample: SetupWIService.exe Startdate: 29/12/2022 Architecture: WINDOWS Score: 42 86 Uses netstat to query active network connections and open ports 2->86 88 Gathers network related connection and port information 2->88 8 SetupWIService.exe 35 42 2->8         started        12 wiservice.exe 12 2->12         started        14 wiservice.exe 2->14         started        17 2 other processes 2->17 process3 dnsIp4 72 C:\Program Files (x86)\...\wiservice.exe, PE32 8->72 dropped 74 C:\Users\user\AppData\Local\...\nsExec.dll, PE32 8->74 dropped 76 C:\Users\user\AppData\Local\...\System.dll, PE32 8->76 dropped 78 C:\Program Files (x86)\...\uninstall.exe, PE32 8->78 dropped 94 Sets file extension default program settings to executables 8->94 19 wiservice.exe 1 6 8->19         started        23 cmd.exe 1 8->23         started        25 cmd.exe 1 8->25         started        36 6 other processes 8->36 27 wiservice.exe 14 12->27         started        84 feedback.wildix.com 3.64.145.227, 443, 49701 AMAZON-02US United States 14->84 96 Gathers network related connection and port information 14->96 30 NETSTAT.EXE 14->30         started        32 wiservice.exe 17->32         started        34 wiservice.exe 17->34         started        file5 signatures6 process7 dnsIp8 70 C:\Windows\System32\drivers\etc\hosts, ASCII 19->70 dropped 90 Modifies the hosts file 19->90 38 taskkill.exe 1 23->38         started        40 conhost.exe 23->40         started        50 2 other processes 25->50 80 127.0.0.1 unknown unknown 27->80 92 Gathers network related connection and port information 27->92 42 NETSTAT.EXE 27->42         started        44 NETSTAT.EXE 27->44         started        46 NETSTAT.EXE 27->46         started        52 4 other processes 27->52 82 192.168.2.1 unknown unknown 30->82 48 conhost.exe 30->48         started        54 6 other processes 36->54 file9 signatures10 process11 process12 56 conhost.exe 42->56         started        58 conhost.exe 44->58         started        60 conhost.exe 46->60         started        62 conhost.exe 52->62         started        64 conhost.exe 52->64         started        66 conhost.exe 52->66         started        68 conhost.exe 52->68         started       

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
SetupWIService.exe2%ReversingLabs
SetupWIService.exe1%VirustotalBrowse

Dropped Files

SourceDetectionScannerLabelLink
C:\Program Files (x86)\Wildix\WIService\uninstall.exe4%ReversingLabs
C:\Program Files (x86)\Wildix\WIService\wiservice.exe0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsk595B.tmp\System.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsk595B.tmp\nsExec.dll0%ReversingLabs

Unpacked PE Files

SourceDetectionScannerLabelLinkDownload
0.2.SetupWIService.exe.400000.0.unpack100%AviraHEUR/AGEN.1223491Download File
0.0.SetupWIService.exe.400000.0.unpack100%AviraHEUR/AGEN.1223491Download File

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt0#0%URL Reputationsafe
http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt0#0%URL Reputationsafe
https://sectigo.com/CPS00%URL Reputationsafe
http://ocsp.sectigo.com090%URL Reputationsafe
http://www.gimp.orgg0%URL Reputationsafe
http://jimmac.musichall.cz0%URL Reputationsafe
http://ocsp.sectigo.com0%URL Reputationsafe
http://crl.comodoca.k0%Avira URL Cloudsafe
http://crt.l0%Avira URL Cloudsafe
http://pbx.wildix.comDisplayIconuninstall.exe0%Avira URL Cloudsafe
http://crt.sectigo.com/SectigoRSADomainVali0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
feedback.wildix.com
3.64.145.227
truefalse
    		high

    Contacted URLs

    NameMaliciousAntivirus DetectionReputation
    https://feedback.wildix.com/api/v1/Analytics/wiservicefalse
      		high

      URLs from Memory and Binaries

      NameSourceMaliciousAntivirus DetectionReputation
      http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt0#wiservice.exe, 00000014.00000003.567456524.0000000000A38000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.657707618.0000000000A3C000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.428861311.0000000000A23000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.567571994.0000000000A24000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.567631033.0000000000A38000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.468147542.0000000000A24000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.518205999.0000000000A38000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.403372884.00000000028BC000.00000004.00000800.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.612314250.0000000000A23000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.383996726.00000000028BA000.00000004.00000800.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.612272008.0000000000A3D000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.612216407.0000000000A3C000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.612105223.0000000000A23000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.428711648.0000000000A23000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.567392608.0000000000A24000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.657622826.0000000000A23000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.489729574.00000000009F8000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.384059630.00000000028BA000.00000004.00000800.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.657799339.0000000000A23000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000019.00000002.695824219.00000000048ED000.00000004.00000800.00020000.00000000.sdmpfalse
      • URL Reputation: safe
      • URL Reputation: safe
      		unknown
      https://feedback.wildix.com/api/v1/Analytics/wiserviceappNamedataextextensionapppbxhostnameusercontewiservice.exe, 00000010.00000002.324517941.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000010.00000000.319379682.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000011.00000000.321910308.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000011.00000002.334880046.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000012.00000000.325633722.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000012.00000002.692533559.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000014.00000002.692657484.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000014.00000000.336203252.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000018.00000002.345161855.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000018.00000000.339633784.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000019.00000000.339294396.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000019.00000002.692684451.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001A.00000000.341770215.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001A.00000002.347903089.0000000001128000.00000002.00000001.01000000.00000007.sdmpfalse
        		high
        https://sectigo.com/CPS0wiservice.exe, 00000014.00000003.567456524.0000000000A38000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.657707618.0000000000A3C000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.428861311.0000000000A23000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.567571994.0000000000A24000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.567631033.0000000000A38000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.468147542.0000000000A24000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.518205999.0000000000A38000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.403372884.00000000028BC000.00000004.00000800.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.612314250.0000000000A23000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.383996726.00000000028BA000.00000004.00000800.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.612272008.0000000000A3D000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.612216407.0000000000A3C000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.612105223.0000000000A23000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.428711648.0000000000A23000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.567392608.0000000000A24000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.657622826.0000000000A23000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.489729574.00000000009F8000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.384059630.00000000028BA000.00000004.00000800.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.657799339.0000000000A23000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000019.00000002.695824219.00000000048ED000.00000004.00000800.00020000.00000000.sdmp, wiservice.exe, 00000019.00000002.695793174.000000000488A000.00000004.00000800.00020000.00000000.sdmpfalse
        • URL Reputation: safe
        		unknown
        http://nsis.sf.net/NSIS_ErrorSetupWIService.exe, SetupWIService.exe, 00000000.00000003.316547655.0000000000855000.00000004.00000020.00020000.00000000.sdmp, SetupWIService.exe, 00000000.00000002.691080261.000000000040A000.00000004.00000001.01000000.00000003.sdmp, SetupWIService.exe, 00000000.00000000.296555763.000000000040A000.00000008.00000001.01000000.00000003.sdmpfalse
          		high
          http://ocsp.sectigo.com09wiservice.exe, 00000014.00000003.612193679.0000000000A33000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.567456524.0000000000A38000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000002.691715949.0000000000A24000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.657707618.0000000000A3C000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.428861311.0000000000A23000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.567571994.0000000000A24000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.567631033.0000000000A38000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.468147542.0000000000A24000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.516841538.00000000028D7000.00000004.00000800.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.518205999.0000000000A38000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.428692001.0000000000A1A000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.403372884.00000000028BC000.00000004.00000800.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.567372094.0000000000A1A000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.473865920.00000000028D5000.00000004.00000800.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.518146565.0000000000A24000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.612314250.0000000000A23000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.383996726.00000000028BA000.00000004.00000800.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.612272008.0000000000A3D000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.518127857.0000000000A1A000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.473709291.0000000000A1A000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.612216407.0000000000A3C000.00000004.00000020.00020000.00000000.sdmpfalse
          • URL Reputation: safe
          		unknown
          http://www.gimp.orggwiservice.exe, 00000010.00000002.324517941.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000010.00000000.319379682.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000011.00000000.321910308.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000011.00000002.334880046.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000012.00000000.325633722.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000012.00000002.692533559.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000014.00000002.692657484.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000014.00000000.336203252.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000018.00000002.345161855.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000018.00000000.339633784.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000019.00000000.339294396.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000019.00000002.692684451.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001A.00000000.341770215.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001A.00000002.347903089.0000000001128000.00000002.00000001.01000000.00000007.sdmpfalse
          • URL Reputation: safe
          		unknown
          http://jimmac.musichall.czwiservice.exe, 00000010.00000002.324517941.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000010.00000000.319379682.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000011.00000000.321910308.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000011.00000002.334880046.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000012.00000000.325633722.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000012.00000002.692533559.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000014.00000002.692657484.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000014.00000000.336203252.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000018.00000002.345161855.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000018.00000000.339633784.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000019.00000000.339294396.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000019.00000002.692684451.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001A.00000000.341770215.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001A.00000002.347903089.0000000001128000.00000002.00000001.01000000.00000007.sdmpfalse
          • URL Reputation: safe
          		unknown
          http://firmwares.wildix.com/app/integrations/vc_redist_2019.x86.exeSetupWIService.exe, 00000000.00000002.691688266.0000000000807000.00000004.00000020.00020000.00000000.sdmpfalse
            		high
            https://backtrace.wildix.com/api/v1/IntegrationService/Trace/sysInfo.txtignored_processed_--dumpSendwiservice.exe, 00000010.00000002.324517941.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000010.00000000.319379682.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000011.00000000.321910308.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000011.00000002.334880046.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000012.00000000.325633722.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000012.00000002.692533559.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000014.00000002.692657484.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000014.00000000.336203252.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000018.00000002.345161855.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000018.00000000.339633784.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000019.00000000.339294396.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000019.00000002.692684451.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001A.00000000.341770215.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001A.00000002.347903089.0000000001128000.00000002.00000001.01000000.00000007.sdmpfalse
              		high
              http://nsis.sf.net/NSIS_ErrorErrorSetupWIService.exe, 00000000.00000003.316547655.0000000000855000.00000004.00000020.00020000.00000000.sdmp, SetupWIService.exe, 00000000.00000002.691080261.000000000040A000.00000004.00000001.01000000.00000003.sdmp, SetupWIService.exe, 00000000.00000000.296555763.000000000040A000.00000008.00000001.01000000.00000003.sdmpfalse
                		high
                http://ocsp.sectigo.comwiservice.exe, 00000014.00000003.489729574.00000000009F8000.00000004.00000020.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                http://crt.lwiservice.exe, 00000014.00000003.473818095.0000000000A23000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000014.00000003.473734859.0000000000A23000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://crt.sectigo.com/SectigoRSADomainValiwiservice.exe, 00000019.00000002.695793174.000000000488A000.00000004.00000800.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://firmwares.wildix.com/app/integrations/vc_redist_2019.x86.exegetOKErrorSetupWIService.exe, 00000000.00000002.691688266.0000000000807000.00000004.00000020.00020000.00000000.sdmpfalse
                  		high
                  http://pbx.wildix.comSetupWIService.exe, 00000000.00000002.691688266.0000000000807000.00000004.00000020.00020000.00000000.sdmpfalse
                    		high
                    http://pbx.wildix.comDisplayIconuninstall.exeSetupWIService.exe, 00000000.00000002.691688266.0000000000807000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://backtrace.wildix.com/api/v1/IntegrationService/Trace/jwiservice.exe, 00000012.00000002.693210661.0000000001D17000.00000004.00000020.00020000.00000000.sdmpfalse
                      		high
                      https://curl.haxx.se/docs/http-cookies.htmlwiservice.exe, 00000010.00000002.324517941.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000010.00000000.319379682.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000011.00000000.321910308.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000011.00000002.334880046.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000012.00000000.325633722.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000012.00000002.692533559.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000014.00000002.692657484.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000014.00000000.336203252.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000018.00000002.345161855.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000018.00000000.339633784.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000019.00000000.339294396.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000019.00000002.692684451.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001A.00000000.341770215.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001A.00000002.347903089.0000000001128000.00000002.00000001.01000000.00000007.sdmpfalse
                        		high
                        http://crl.comodoca.kwiservice.exe, 00000019.00000002.695793174.000000000488A000.00000004.00000800.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://backtrace.wildix.com/api/v1/IntegrationService/Trace/wiservice.exe, 00000010.00000002.324517941.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000010.00000000.319379682.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000011.00000000.321910308.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000011.00000002.334880046.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000012.00000000.325633722.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000012.00000002.693210661.0000000001D17000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000012.00000002.692533559.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000014.00000002.692657484.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000014.00000000.336203252.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000018.00000002.345161855.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000018.00000000.339633784.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000019.00000000.339294396.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000019.00000002.692684451.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001A.00000000.341770215.0000000001128000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001A.00000002.347903089.0000000001128000.00000002.00000001.01000000.00000007.sdmpfalse
                          		high

                          World Map of Contacted IPs

                          • No. of IPs < 25%
                          • 25% < No. of IPs < 50%
                          • 50% < No. of IPs < 75%
                          • 75% < No. of IPs

                          Public IPs

                          IPDomainCountryFlagASNASN NameMalicious
                          3.64.145.227
                          		feedback.wildix.comUnited States
                          		16509AMAZON-02USfalse

                          Private

                          IP
                          192.168.2.1
                          127.0.0.1

                          General Information

                          Joe Sandbox Version:36.0.0 Rainbow Opal
                          Analysis ID:775485
                          Start date and time:2022-12-29 16:18:29 +01:00
                          Joe Sandbox Product:CloudBasic
                          Overall analysis duration:0h 11m 16s
                          Hypervisor based Inspection enabled:false
                          Report type:full
                          Sample file name:SetupWIService.exe
                          Cookbook file name:default.jbs
                          Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                          Run name:Run with higher sleep bypass
                          Number of analysed new started processes analysed:48
                          Number of new started drivers analysed:0
                          Number of existing processes analysed:0
                          Number of existing drivers analysed:0
                          Number of injected processes analysed:0
                          Technologies:
                          • HCA enabled
                          • EGA enabled
                          • HDC enabled
                          • AMSI enabled
                          Analysis Mode:default
                          Analysis stop reason:Timeout
                          Detection:MAL
                          Classification:mal42.troj.adwa.spyw.evad.winEXE@68/16@1/3
                          EGA Information:
                          • Successful, ratio: 33.3%
                          HDC Information:
                          • Successful, ratio: 85.2% (good quality ratio 83.9%)
                          • Quality average: 87.4%
                          • Quality standard deviation: 20.8%
                          HCA Information:Failed
                          Cookbook Comments:
                          • Found application associated with file extension: .exe
                          • Sleeps bigger than 100000000ms are automatically reduced to 1000ms

                          Warnings

                          • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, WMIADAP.exe, conhost.exe, backgroundTaskHost.exe
                          • Execution Graph export aborted for target wiservice.exe, PID 2556 because there are no executed function
                          • Execution Graph export aborted for target wiservice.exe, PID 5208 because there are no executed function
                          • Not all processes where analyzed, report is missing behavior information
                          • Report creation exceeded maximum time and may have missing disassembly code information.
                          • Report size exceeded maximum capacity and may have missing behavior information.
                          • Report size getting too big, too many NtOpenKeyEx calls found.
                          • Report size getting too big, too many NtProtectVirtualMemory calls found.
                          • Report size getting too big, too many NtQueryValueKey calls found.

                          Simulations

                          Behavior and APIs

                          TimeTypeDescription
                          16:19:30AutostartRun: HKLM\Software\Microsoft\Windows\CurrentVersion\Run WIService C:\Program Files (x86)\Wildix\WIService\WIService.exe

                          Joe Sandbox View / Context

                          IPs

                          No context

                          Domains

                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                          feedback.wildix.comSetupWIService.exeGet hashmaliciousBrowse
                          • 54.93.167.246
                          SetupWIService.exeGet hashmaliciousBrowse
                          • 54.93.167.246
                          SetupWIService.exeGet hashmaliciousBrowse
                          • 35.157.107.60
                          SetupWIService.exeGet hashmaliciousBrowse
                          • 35.157.107.60

                          ASNs

                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                          AMAZON-02UShttps://www.hidrobal.net/c/blogs/find_entry?p_1_id=0&noSuchEntryRedirect=https://click.snapchat.com/aVHG?af_web_dp=https://data-feminism.mitpress.mit.edu//iscw.hu/usa/Get hashmaliciousBrowse
                          • 34.246.127.31
                          https://cym-rt-resources.s3-eu-west-1.amazonaws.com/Blindside.exeGet hashmaliciousBrowse
                          • 52.92.0.74
                          http://www.estevescaricaturas.com/Get hashmaliciousBrowse
                          • 13.224.103.104
                          EeC7Idn093.exeGet hashmaliciousBrowse
                          • 18.197.239.5
                          Payment_Confirmation_pdf.htmlGet hashmaliciousBrowse
                          • 13.224.103.67
                          https://1drv.ms/o/s!BDqukysqVsJyhDZCO8BJm2-s2I27?e=MmuF3jnYI0epuAADoZAuhg&at=9Get hashmaliciousBrowse
                          • 13.224.98.168
                          yBBiO6a8F4.elfGet hashmaliciousBrowse
                          • 52.79.204.122
                          6KAYQOZCoQ.elfGet hashmaliciousBrowse
                          • 18.175.238.173
                          SecuriteInfo.com.Win64.CrypterX-gen.10026.27258.exeGet hashmaliciousBrowse
                          • 76.223.105.230
                          https://lginddmm.darkmaster.shop/Get hashmaliciousBrowse
                          • 15.188.231.170
                          WCSetupv1.21.1023.18317_Upgrade.msi_malwareGet hashmaliciousBrowse
                          • 108.138.2.189
                          MYorfmVq9Z.exeGet hashmaliciousBrowse
                          • 54.217.118.81
                          nqJYyi2PgF.exeGet hashmaliciousBrowse
                          • 75.2.60.5
                          BESetupv1.20.111.24004_Upgrade.msi_malwareGet hashmaliciousBrowse
                          • 13.224.98.86
                          6zzjX9f2er.exeGet hashmaliciousBrowse
                          • 3.121.139.82
                          https://obaidani.lt.emlnk.com/Prod/link-tracker?notrack=1&redirectUrl=aHR0cHMlM0ElMkYlMkY1ZWppZW03aGllNzIzZXQ2Z2J3eW1rbXVkdHBtemxoN2M1djJ3bnRpbjRoMzUyZHlxLWlwZnMtdzNzLWxpbmsudHJhbnNsYXRlLmdvb2clMkYlM0ZfeF90cl9ocCUzRGJhZnliZWlkbGIlMjZfeF90cl9zbCUzRGF1dG8lMjZfeF90cl90bCUzRGVuJTI2X3hfdHJfaGwlM0Rlbi1VUyUyNl94X3RyX3B0byUzRHdhcHA=&sig=A1McGLM679HT6rRwjjaDccxK1YAkQUUhmW5K4NMXGRTe&iat=1671710008&a=%7C%7C612433256%7C%7C&account=obaidani%2Eactivehosted%2Ecom&email=hrDAW%2F183X7xunUZUCx6XPlMy%2BOWWuyaZunZiCXh6gI%3D&s=c7ffae626568a2ba1d0b1cfe9e48e5ad&i=7A9A1A22#randy@rms-companies.comGet hashmaliciousBrowse
                          • 3.126.56.137
                          Burlador ADB.exeGet hashmaliciousBrowse
                          • 52.67.16.71
                          http://tech-center.comGet hashmaliciousBrowse
                          • 3.6.51.58
                          file.exeGet hashmaliciousBrowse
                          • 3.5.134.125

                          JA3 Fingerprints

                          No context

                          Dropped Files

                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                          C:\Users\user\AppData\Local\Temp\nsk595B.tmp\System.dllSetupWIService.exeGet hashmaliciousBrowse
                            SetupWIService.exeGet hashmaliciousBrowse
                              yENafYsHns.exeGet hashmaliciousBrowse
                                yENafYsHns.exeGet hashmaliciousBrowse
                                  NFEP-CONFIDENTIALITY AGREEMENT(NDA).exeGet hashmaliciousBrowse
                                    NFEP-CONFIDENTIALITY AGREEMENT(NDA).exeGet hashmaliciousBrowse
                                      07aTSiH01G.exeGet hashmaliciousBrowse
                                        07aTSiH01G.exeGet hashmaliciousBrowse
                                          Shipment Document BLINV and packing list.jpg.exeGet hashmaliciousBrowse
                                            Shipment Document BLINV and packing list.jpg.exeGet hashmaliciousBrowse
                                              ENQ2957387940 xlsx.scr.exeGet hashmaliciousBrowse
                                                ENQ2957387940 xlsx.scr.exeGet hashmaliciousBrowse
                                                  DOC85945003805010 PDF.exeGet hashmaliciousBrowse
                                                    DOC85945003805010 PDF.exeGet hashmaliciousBrowse
                                                      OUTSTANDING PI#220800035 SOA OCT.exeGet hashmaliciousBrowse
                                                        OUTSTANDING PI#220800035 SOA OCT.exeGet hashmaliciousBrowse
                                                          RFQ NO # 577131022.pif.exeGet hashmaliciousBrowse
                                                            RFQ NO # 577131022.pif.exeGet hashmaliciousBrowse
                                                              PO-57064.scr.exeGet hashmaliciousBrowse

                                                                Created / dropped Files

                                                                C:\Program Files (x86)\Wildix\WIService\proxyex.lnk

                                                                Download File
                                                                Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Archive, ctime=Tue Jul 7 09:43:58 2020, mtime=Thu Dec 29 14:19:34 2022, atime=Tue Jul 7 09:43:58 2020, length=7814576, window=hide
                                                                Category:dropped
                                                                Size (bytes):1143
                                                                Entropy (8bit):4.687241623232722
                                                                Encrypted:false
                                                                SSDEEP:24:8ao9rQ0dOEJLAvyMFXdBvUUEIfeRfek7aB6m:8a4rQ0dOs8vycdS/MhB6
                                                                MD5:8C352C006578CCA2B23A5B3E1A680696
                                                                SHA1:5CCD94076928C96A6C242667487FDF8792BA5450
                                                                SHA-256:2588F13675CA529C67E4927C7BFEDAD603A02CB9CCDF497967EB3B53B72EA2BC
                                                                SHA-512:822AA3AA15425C77934D07E18A41769F11DB8214F7A314EF849A58988D032BFEF5B60FA1B0B564B3321AF779C1704480B7D33DCA8F3B1BBDE62D968F60BA98F8
                                                                Malicious:false
                                                                Preview:L..................F.... .....KT..."........KT...=w..........................P.O. .:i.....+00.../C:\.....................1......Ukz..PROGRA~2.........L..Ukz....................V.........P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....T.1......Ukz..Wildix..>......Ukz.Ukz.....Z........................W.i.l.d.i.x.....\.1......Uoz..WISERV~1..D......Ukz.Uoz.....Z......................0.W.I.S.e.r.v.i.c.e.....h.2..=w..P}U .WISERV~1.EXE..L.......P}U.Uoz.....Z........................w.i.s.e.r.v.i.c.e...e.x.e.......d...............-.......c...........~..w.....C:\Program Files (x86)\Wildix\WIService\wiservice.exe......\.w.i.s.e.r.v.i.c.e...e.x.e.'.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.W.i.l.d.i.x.\.W.I.S.e.r.v.i.c.e...-.-.p.r.o.x.y.e.x.........*................@Z|...K.J.........`.......X.......830021...........!a..%.H.VZAj...^!r.h............!a..%.H.VZAj...^!r.h.......................1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2.1.-.3.8.

                                                                C:\Program Files (x86)\Wildix\WIService\resources\cdr.db

                                                                Download File
                                                                Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                File Type:SQLite 3.x database, last written using SQLite version 3025001, page size 1024, file counter 3238, database pages 1081, cookie 0x1c0, schema 4, UTF-8, version-valid-for 3238
                                                                Category:dropped
                                                                Size (bytes):1106944
                                                                Entropy (8bit):6.241085330769342
                                                                Encrypted:false
                                                                SSDEEP:12288:Z012wYTfqBoW+X3wUfJ0HORmsi18vFZrutsPdBx5G59IdYb6Vb3ysZOOdFkUtet9:LTSoW+68Wkdl3CcbCROdF2w8dXSMJYU
                                                                MD5:C640C0C1357E16FCBCBB318D13F5D608
                                                                SHA1:B695D1D3CBAA0A48D99D17F32368B22CCF4ACBD7
                                                                SHA-256:6C78F1E3CE4F0D69A60EBA69590CC971AFDD91959B0F6B50BCC1FBB4C55C2149
                                                                SHA-512:2C2869560312F2510CFE008167581C0051EA8C733B368E15DC7B379312350BBC12FE127D925BD6A5AF92151197E24DC343B73B8B80E06BC06A92B67E6D06ED00
                                                                Malicious:false
                                                                Preview:SQLite format 3......@ .......9..................................................................(i...........9...............................................................................................................n...%%...tableEVENTS_STATSEVENTS_STATS.CREATE TABLE EVENTS_STATS (...ID INTEGER NOT NULL,...DAY INTEGER NOT NULL,...DATE DATE NOT NULL,...MIN_ID INTEGER NOT NULL,...MAX_ID INTEGER NOT NULL,...COMPLETE TINYINT NOT NULL,...PRIMARY KEY (ID)..).f...++...tableCOUNTRIES_AREASCOUNTRIES_AREAS.CREATE TABLE COUNTRIES_AREAS (...ID INTEGER NOT NULL,...COUNTRY_ID SMALLINT NOT NULL,...NAME VARCHAR(255) NOT NULL,...NUMBER VARCHAR(255) NOT NULL,...LENGTH TINYINT,...PRIMARY KEY (ID)..)."........tableCOUNTRIESCOUNTRIES.CREATE TABLE COUNTRIES (...ID INTEGER NOT NULL,...NAME VARCHAR(255) NOT NULL,...NUMBER VARCHAR(255) NOT NULL,...PRIMARY KEY (ID)..). ........tableCLASSESCLASSES.CREATE TABLE CLASSES (...ID INTEGER NOT NULL,...NAME VARCHAR(255) NOT NULL,...NAME_LOWER VARC...D;...87...+,.

                                                                C:\Program Files (x86)\Wildix\WIService\scripts\lib\helper.lua

                                                                Download File
                                                                Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                File Type:ASCII text, with CRLF line terminators
                                                                Category:dropped
                                                                Size (bytes):4264
                                                                Entropy (8bit):4.37287852392456
                                                                Encrypted:false
                                                                SSDEEP:96:ZS5IxN5WrgEzyhppc4YhQd5b7cIFE6EcGy4Pk8MR:ZS5IYrnyhppc4YhQdNE6E3y4Pk8MR
                                                                MD5:96BDBA14808F30F48E1D4EE652EB9270
                                                                SHA1:DF0D0594FC1998BD3BF77B3873F48C9BEA7A84E5
                                                                SHA-256:BC9DD31AEFBD62AD72C4190694BCA225C90845E7E7FB112CCAE6C5F49A0578AF
                                                                SHA-512:BDF9E755ED309567F54E795E66D7DB60E52236BA99C4B14988335784C68970BDEE9FA5F12621E8C0045B81967CE4788C8211A8771D282F42211BE717DCF081E0
                                                                Malicious:false
                                                                Preview:function get_data_dir().. return wis_get_writable_dir()..end....function split(str, pat).. local str = str or "".... if stdnse ~= nil then.. return stdnse.strsplit(pat, str).. end.... local t = {} -- NOTE: use {n = 0} in Lua-5.0.. local fpat = "(.-)" .. pat.. local last_end = 1.. local s, e, cap = tostring(str):find(fpat, 1).. .. while s do.. if s ~= 1 or cap ~= "" then.. table.insert(t,cap).. end.. .. last_end = e + 1.. s, e, cap = str:find(fpat, last_end).. end.. .. if last_end <= #str then.. cap = str:sub(last_end).. table.insert(t, cap).. end.. .. return t..end....--- Deep copy of a given table..-- @param object A table to be copied..-- @return object A copy of a given table..function tcopy (object).. local lookup_table = {}.. local function _copy(object).. if type(object) ~= "table" then.. return object.. elseif lookup_table[object] then.. return lookup

                                                                C:\Program Files (x86)\Wildix\WIService\scripts\lib\json.lua

                                                                Download File
                                                                Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                File Type:ASCII text
                                                                Category:dropped
                                                                Size (bytes):10021
                                                                Entropy (8bit):4.876845410125218
                                                                Encrypted:false
                                                                SSDEEP:192:2PrQH4Uz6TQ8AcK4vA5KIGkPTB6UXZPek2phPqTWgObsprgtUlId5XsapwBsgrEN:urnUz6TQ8A94+GkrB60ZPezHb/gIXXse
                                                                MD5:A85072B5AC6C4021232A7A69C2542F80
                                                                SHA1:6F7CD3DBEA4CC4A8F591D4E642425945A92FC24F
                                                                SHA-256:23F8986B692505C186E97304F0B0371A8B1C69BBEFD3537B6D5B04A84644C7C4
                                                                SHA-512:F2321CDCDF7A059EA59E3E6B77D6FFEC9A035250846B9394893D86FC21516A35E135CCE5A9B0003EF0CD2481E68FE3EED91D3F2A9EA091DFFC2CA1C58BB10788
                                                                Malicious:false
                                                                Preview:--.-- json.lua.--.-- Copyright (c) 2019 rxi.--.-- Permission is hereby granted, free of charge, to any person obtaining a copy of.-- this software and associated documentation files (the "Software"), to deal in.-- the Software without restriction, including without limitation the rights to.-- use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies.-- of the Software, and to permit persons to whom the Software is furnished to do.-- so, subject to the following conditions:.--.-- The above copyright notice and this permission notice shall be included in all.-- copies or substantial portions of the Software..--.-- THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.-- IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.-- FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE.-- AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER.-- LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR

                                                                C:\Program Files (x86)\Wildix\WIService\scripts\workers\cdrview.lua

                                                                Download File
                                                                Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                File Type:ASCII text, with CRLF line terminators
                                                                Category:dropped
                                                                Size (bytes):9915
                                                                Entropy (8bit):4.9141725051952205
                                                                Encrypted:false
                                                                SSDEEP:96:SaXVNVsuLLnEwnQYYV+kkizaCpcJ1tYJV3zho7ylcPe4/HewEIG4Lf4StXweHKcJ:LVsuLLnEwQm4o7ylQ+ZzqZAepcr6erYp
                                                                MD5:5AA940C070C899AAD7649509D75B4761
                                                                SHA1:3D5BFC13032E6C9FE49C29F3439F1EF8431E249B
                                                                SHA-256:91711BC1A9C62FB470F066DB838CAC1F2FFEA291C33F4FA8BCFCEF86D3DFCD57
                                                                SHA-512:A9A671C488EB319DBB6BE46FD61C09ED988D025565BFD02144BAD1113122FC3B857CBCBC78BBBA829D93AF8FF6CF268CE32B9AF83B8676BB6220805CDC5DC608
                                                                Malicious:false
                                                                Preview:require "lfs"..require "helper"....json = require "json"..sqlite3 = require "sqlite3"....cdrview = {.. version = "1.0.5",.. con = nil,.. env = nil,.. dbDirName = wis_join_path(get_data_dir(), "cdr"),.. dbFileName = "cdr_%s_%s_%s.db",.. dbSerial = "",.. dbVersion = "",.. dbFile = ""..}....function cdrview.get_connection(self).. if self.con == nil then.. self.env = sqlite3.sqlite3().. self.con, error = self.env:connect(self.dbFile, 2000).. .. if (self.con == nil) then.. return nil, error.. end.. .. self.con:execute("PRAGMA synchronous = OFF").. self.con:execute("PRAGMA cache_size = 20000").. self.con:execute("PRAGMA temp_store = MEMORY").. end.... return self.con, error..end....function cdrview.close_connection(self).. if self.con ~= nil then.. self.con:close().. self.env:close().. self.env = nil.. self.con = nil.. end..end....function cdrview.init_database

                                                                C:\Program Files (x86)\Wildix\WIService\uninstall.exe

                                                                Download File
                                                                Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                Category:dropped
                                                                Size (bytes):329213
                                                                Entropy (8bit):2.480616162610146
                                                                Encrypted:false
                                                                SSDEEP:1536:hXoKlnzpMyqDQ+IJDDctJUX0DKR+cagfzIWLU/APNlewgteU:VomnzVincQDKgcaqzIW4ASD
                                                                MD5:36FBAFFA487685FD1A2D22F16387B7E9
                                                                SHA1:C7056A8AA58CC61B0DBF01D3D443A09456267197
                                                                SHA-256:32F07C26C57FAD7E762B582A25C758E1AB28F7ED3D093304C5C290829F0AA267
                                                                SHA-512:2F41427FBE2F9E0CC098C60081416EB6E07C734EADA954D468A8E24E82DB236F7BE6083B73CBF152CB73960CF5CC6C45B76194C4FA36911BB5E74DAE3208F904
                                                                Malicious:false
                                                                Antivirus:
                                                                • Antivirus: ReversingLabs, Detection: 4%
                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........(..F..F..F.*....F..G.w.F.*....F..v..F...@..F.Rich.F.........PE..L......].................d...|......k2............@..........................P......R%C...@.................................<...........Xp...........B..!...........................................................................................text....b.......d.................. ..`.rdata..J............h..............@..@.data....U...........|..............@....ndata...................................rsrc...Xp.......r..................@..@................................................................................................................................................................................................................................................................................................................................................................

                                                                C:\Program Files (x86)\Wildix\WIService\wildix.ico

                                                                Download File
                                                                Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                File Type:MS Windows icon resource - 4 icons, 256x256, 32 bits/pixel, 48x48, 32 bits/pixel
                                                                Category:dropped
                                                                Size (bytes):285478
                                                                Entropy (8bit):1.250692577349461
                                                                Encrypted:false
                                                                SSDEEP:384:KVNjbVfkrTPIfJO4u66nfrCF+b5hO4Mn2peV:0m/YJO46nfWF+bWt2C
                                                                MD5:1642F550F6A94F846345818E6233F3C1
                                                                SHA1:655CEB82A153E33E7B5217EE7E8A55D3572EAEF7
                                                                SHA-256:9D5CDBC8FCF572F907EB052557DA7253972DA20205279E7DF64E49C5C2B42038
                                                                SHA-512:9670F4F1A838D14696F41A65445C862F988D60A6EB836028C1D5672160E9C326BD800C828A3F9C768D2D5D965CF86E72CEC08CF58DC29624CE2E454FD6638713
                                                                Malicious:false
                                                                Preview:............ .( ..F...00.... ..%..n .. .... ......F........ .h....V..(............. ...... ............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                C:\Program Files (x86)\Wildix\WIService\wiservice.exe

                                                                Download File
                                                                Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                Category:dropped
                                                                Size (bytes):7814576
                                                                Entropy (8bit):6.636077386211362
                                                                Encrypted:false
                                                                SSDEEP:98304:zDqc3ZkCqCCwIvsRq8LwSPg9TFj618F693ZGVJj0As6ZlCZ/mGtw6p+gEWBtT4x+:zOSCF0DwPTFj618F6L7fAGtw8+gH0MnT
                                                                MD5:723F23EEFB213A23959A28D1ED11D42D
                                                                SHA1:F791E99DA7185C00F365D2C91EE74099C16FDA8E
                                                                SHA-256:A460E0D19266D3FED117D27C9ABD9BFE6AC7366EEBB19BB9D22A96D3A9CA8558
                                                                SHA-512:7ACE5F760193FA56072517FD6E2E8D3FD834F352BBCD3CB66F117CBB3B1007017FF4DCC605AA1833C3C99141A05E0896B3B49C04B1BF1090E983F350E62B8B4A
                                                                Malicious:true
                                                                Antivirus:
                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                Preview:MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$.........b..............-!..............................................T.......(...........u...(...]..........................Rich............................PE..L....Q._.................lU..2M.......P.......U...@..................................w...@.................................(ok.........b............w..!...`...n....e.p.....................e.....@.e.@.............U..............................text...TkU......lU................. ..`.rdata...a....U..b...pU.............@..@.data.....,...k..v....k.............@....rsrc....b......d...Hm.............@..@.reloc...n...`...p....q.............@..B................................................................................................................................................................................................................................................

                                                                C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wildix\WIService\Uninstall.lnk

                                                                Download File
                                                                Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Icon number=0, Archive, ctime=Thu Dec 29 14:19:29 2022, mtime=Thu Dec 29 14:19:29 2022, atime=Thu Dec 29 14:19:29 2022, length=329213, window=hide
                                                                Category:dropped
                                                                Size (bytes):2131
                                                                Entropy (8bit):3.4803161540696133
                                                                Encrypted:false
                                                                SSDEEP:24:8EQ0dOEJbsXAvyMxdBT/dB5dBTrFDUUEG7eV7ek7aB6m:8EQ0dOsbswvyQdF/dPdFrF4v8hB6
                                                                MD5:8F06EF64F8223ABBBE27572E16F85839
                                                                SHA1:A2E8A197619541BAE9FA2F2AC6077E92581D2EFA
                                                                SHA-256:5B3DA2AEC71B3723A070157218D1E9844CEE2EEC987B1B5411449F07AE5A4ABA
                                                                SHA-512:44FBDC60D23F4C965B4131EDEDC61223090E2BC0134328DC863085FD8F2B8683AD73663D61116453487CA6CA93642326FD170D0026EE1B8E86536E26F134AC67
                                                                Malicious:false
                                                                Preview:L..................F.@.. ....~7.....~7.....~7.................................P.O. .:i.....+00.../C:\.....................1......Ukz..PROGRA~2.........L..Ukz....................V.........P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....T.1......Ukz..Wildix..>......Ukz.Ukz.....Z........................W.i.l.d.i.x.....\.1......Uoz..WISERV~1..D......Ukz.Uoz.....Z......................0.W.I.S.e.r.v.i.c.e.....h.2......Uoz .UNINST~1.EXE..L......Uoz.Uoz....{[......................0.u.n.i.n.s.t.a.l.l...e.x.e.......d...............-.......c...........~..w.....C:\Program Files (x86)\Wildix\WIService\uninstall.exe..G.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.W.i.l.d.i.x.\.W.I.S.e.r.v.i.c.e.\.u.n.i.n.s.t.a.l.l...e.x.e.'.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.W.i.l.d.i.x.\.W.I.S.e.r.v.i.c.e.5.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.W.i.l.d.i.x.\.W.I.S.e.r.v.i.c.e.\.u.n.i.n.s.t.a.l.l...e.x.e.........%Pr

                                                                C:\ProgramData\Wildix\WIService\wwdsettings.json

                                                                Download File
                                                                Process:C:\Program Files (x86)\Wildix\WIService\wiservice.exe
                                                                File Type:JSON data
                                                                Category:modified
                                                                Size (bytes):127
                                                                Entropy (8bit):4.534660063797104
                                                                Encrypted:false
                                                                SSDEEP:3:iX0p16O9JZvAJHf9KDyLIInpZNXtAi7T2S1QA:00p4GsVK+EyxyaqS1z
                                                                MD5:A87C7F43F89043A6E62A901A07630B9E
                                                                SHA1:F6F20EFDABF8DBBA41B92996685EB4D899BFFE77
                                                                SHA-256:4DE8611CB7B459A3E4097777B77EF2B1A52F93A65F16D04B22738C8503577D11
                                                                SHA-512:7EDF34CE40D3175E5AB58E07CDE979D795ABEA716439718A551977D5F0D5EF4EF4CDE30132F63E8A0C1B18D31054DD57D8DC58690EA2116E1FBAE556FC5C0AA6
                                                                Malicious:false
                                                                Preview:{. "garbage_lifespan_days": 30,. "log_level": "info",. "log_system": true,. "log_verbose": false,. "version": "2.15.2.1".}

                                                                C:\Users\user\AppData\Local\Temp\nsk595B.tmp\System.dll

                                                                Download File
                                                                Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                Category:dropped
                                                                Size (bytes):11776
                                                                Entropy (8bit):5.854901984552606
                                                                Encrypted:false
                                                                SSDEEP:192:qPtkiQJr7V9r3HcU17S8g1w5xzWxy6j2V7i77blbTc4U:F7VpNo8gmOyRsVc4
                                                                MD5:0063D48AFE5A0CDC02833145667B6641
                                                                SHA1:E7EB614805D183ECB1127C62DECB1A6BE1B4F7A8
                                                                SHA-256:AC9DFE3B35EA4B8932536ED7406C29A432976B685CC5322F94EF93DF920FEDE7
                                                                SHA-512:71CBBCAEB345E09306E368717EA0503FE8DF485BE2E95200FEBC61BCD8BA74FB4211CD263C232F148C0123F6C6F2E3FD4EA20BDECC4070F5208C35C6920240F0
                                                                Malicious:false
                                                                Antivirus:
                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                Joe Sandbox View:
                                                                • Filename: SetupWIService.exe, Detection: malicious, Browse
                                                                • Filename: SetupWIService.exe, Detection: malicious, Browse
                                                                • Filename: yENafYsHns.exe, Detection: malicious, Browse
                                                                • Filename: yENafYsHns.exe, Detection: malicious, Browse
                                                                • Filename: NFEP-CONFIDENTIALITY AGREEMENT(NDA).exe, Detection: malicious, Browse
                                                                • Filename: NFEP-CONFIDENTIALITY AGREEMENT(NDA).exe, Detection: malicious, Browse
                                                                • Filename: 07aTSiH01G.exe, Detection: malicious, Browse
                                                                • Filename: 07aTSiH01G.exe, Detection: malicious, Browse
                                                                • Filename: Shipment Document BLINV and packing list.jpg.exe, Detection: malicious, Browse
                                                                • Filename: Shipment Document BLINV and packing list.jpg.exe, Detection: malicious, Browse
                                                                • Filename: ENQ2957387940 xlsx.scr.exe, Detection: malicious, Browse
                                                                • Filename: ENQ2957387940 xlsx.scr.exe, Detection: malicious, Browse
                                                                • Filename: DOC85945003805010 PDF.exe, Detection: malicious, Browse
                                                                • Filename: DOC85945003805010 PDF.exe, Detection: malicious, Browse
                                                                • Filename: OUTSTANDING PI#220800035 SOA OCT.exe, Detection: malicious, Browse
                                                                • Filename: OUTSTANDING PI#220800035 SOA OCT.exe, Detection: malicious, Browse
                                                                • Filename: RFQ NO # 577131022.pif.exe, Detection: malicious, Browse
                                                                • Filename: RFQ NO # 577131022.pif.exe, Detection: malicious, Browse
                                                                • Filename: PO-57064.scr.exe, Detection: malicious, Browse
                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......ir*.-.D.-.D.-.D...J.*.D.-.E.>.D.....*.D.y0t.).D.N1n.,.D..3@.,.D.Rich-.D.........PE..L......]...........!..... ..........!).......0...............................`............@..........................2.......0..P............................P.......................................................0..X............................text............ .................. ..`.rdata..c....0.......$..............@..@.data...h....@.......(..............@....reloc..|....P.......*..............@..B................................................................................................................................................................................................................................................................................................................................................................................................

                                                                C:\Users\user\AppData\Local\Temp\nsk595B.tmp\modern-header.bmp

                                                                Download File
                                                                Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                File Type:PC bitmap, Windows 3.x format, 165 x 57 x 24, image size 28272, resolution 2835 x 2835 px/m, cbSize 28326, bits offset 54
                                                                Category:dropped
                                                                Size (bytes):28326
                                                                Entropy (8bit):2.5710862958427496
                                                                Encrypted:false
                                                                SSDEEP:192:R5ZzmIhanXqiRFlbiRoXt7m4ju119MiieiK35JW0U1JIhuauz3A:R5Zz5QX1FtiRytSEu9Miiq5JW9IhuBQ
                                                                MD5:EE5DCD5040C0616D92FA8E7A3344D455
                                                                SHA1:D2A13B9E9965C99E9637FFE0CFDC54A791B0944D
                                                                SHA-256:DAA94974E168B4D92C281BA0B774390C9E052833926E22929CD5A4569A0ECB97
                                                                SHA-512:23CB22368B444E00EE5EAC5D86427801312550A1ACDF5652756A88205A32E862D9D636877323AA6503DA660107305036AFE7E7C79B9586160362E50AD138DB68
                                                                Malicious:false
                                                                Preview:BM.n......6...(.......9...........pn....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                C:\Users\user\AppData\Local\Temp\nsk595B.tmp\nsExec.dll

                                                                Download File
                                                                Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                Category:dropped
                                                                Size (bytes):6656
                                                                Entropy (8bit):5.150852446596736
                                                                Encrypted:false
                                                                SSDEEP:96:4BNbUVOFvfcxEAxxxJzxLp+eELeoMEskzYzeHd0+uoyVeNSsX4:EUVOFvf9ABJFHE+FkEad0PLVeN
                                                                MD5:293165DB1E46070410B4209519E67494
                                                                SHA1:777B96A4F74B6C34D43A4E7C7E656757D1C97F01
                                                                SHA-256:49B7477DB8DD22F8CF2D41EE2D79CE57797F02E8C7B9E799951A6C710384349A
                                                                SHA-512:97012139F2DA5868FE8731C0B0BCB3CFDA29ED10C2E6E2336B504480C9CD9FB8F4728CCA23F1E0BD577D75DAA542E59F94D1D341F4E8AAEEBC7134BF61288C19
                                                                Malicious:false
                                                                Antivirus:
                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........................,.................Rich...........PE..L......]...........!......................... ...............................P............@..........................$..l.... ..P............................@....................................................... ...............................text............................... ..`.rdata....... ......................@..@.data........0......................@....reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                C:\Users\user\AppData\Roaming\Wildix\WIService\wiscfg.txt

                                                                Download File
                                                                Process:C:\Program Files (x86)\Wildix\WIService\wiservice.exe
                                                                File Type:ASCII text, with CRLF line terminators
                                                                Category:dropped
                                                                Size (bytes):51
                                                                Entropy (8bit):3.8279202393045604
                                                                Encrypted:false
                                                                SSDEEP:3:z0NcDdvRfsd7E0doD0dcUy:wNcDTkd7ZoAe
                                                                MD5:972AA5C4C9155F54D596404A41F7B397
                                                                SHA1:3AA6356CE61A99F836C334733A14C27C24CE90D4
                                                                SHA-256:B7F80383257471F6B123595AD2D15FE0497A8E67F6B39039B8D0FB004B42F3EC
                                                                SHA-512:8F454344984D62152CB70679D9F5BEBA28892821EF876193CD8754D89C3A6569D64267DD671257C874E4D5DCA6AFFA9F8A64BB39301D0C3A75E96DBD8F03A52A
                                                                Malicious:false
                                                                Preview:websocket:8888;hi:9889;ss:9888;oa:9890;lotus:9891..

                                                                C:\Users\user\AppData\Roaming\Wildix\WIService\wissettings.json

                                                                Download File
                                                                Process:C:\Program Files (x86)\Wildix\WIService\wiservice.exe
                                                                File Type:JSON data
                                                                Category:dropped
                                                                Size (bytes):578
                                                                Entropy (8bit):4.829417609498051
                                                                Encrypted:false
                                                                SSDEEP:12:Jh0vpUU2JEGtUwX4v9WYVKuR5pMpjSm1F2:JMZWIvr805nm1F2
                                                                MD5:01C1BD2E6520E80B408FA75F122F6FA5
                                                                SHA1:F3FD72F18C3CC65DCCF45CD727B74B5AF899ED19
                                                                SHA-256:9308C5AADB66E57075EF93B4D67DF9348CB55605C1E842F2B02E260B7639CF91
                                                                SHA-512:6C32853F7F19FA7BC5CD9451B9F44927BFF24EFF38CA14DFA24A9B02F52AF2EBD8519F61A101EF20FADCA9D5338C59DB476224CDC6258E8D533F9F7EC33D84C0
                                                                Malicious:false
                                                                Preview:{. "activityDetection": {. "enable": false,. "interval": 0. },. "activity_detection_force_disable": false,. "authorizedApps": null,. "connection_issue": "none",. "ext": "",. "garbage_lifespan_days": 14,. "http_max_threads": 4,. "http_min_threads": 1,. "log_level": "info",. "log_max_kb": 10240,. "log_str": "4fAkjjyUNiiSG0VN6vDwTmjYedvJOf24",. "log_system": false,. "log_traffic": false,. "log_verbose": false,. "lua_max_threads": 8,. "lua_min_threads": 2,. "pbx": "",. "version": "2.15.2.1",. "whitelist": null,. "ws_check_port_before_listen": true.}

                                                                C:\Windows\System32\drivers\etc\hosts

                                                                Download File
                                                                Process:C:\Program Files (x86)\Wildix\WIService\wiservice.exe
                                                                File Type:ASCII text, with CRLF, LF line terminators
                                                                Category:modified
                                                                Size (bytes):857
                                                                Entropy (8bit):4.712765723284222
                                                                Encrypted:false
                                                                SSDEEP:24:QWDZh+ragzMZfuMMs1L/JU5fFCkK8T1rTto:vDZhyoZWM9rU5fFcr
                                                                MD5:9AC77B45979A66F73EDB70B72908A616
                                                                SHA1:8B22CFA695F10D31B8300C06790B728A4E209324
                                                                SHA-256:A7777E702D4BEAD5529BFC2D026BFA2088BB64A5504DAFB57EF308CE92469E20
                                                                SHA-512:C01644C1C13F7126ED455D76A63CD3CEEB314D74265256B07AC7120F6DA512B1B632D4F21167B9E8C7AD106F75D1F20809A7B129BE6871441F8F3FF6A390CFFF
                                                                Malicious:true
                                                                Preview:# Copyright (c) 1993-2009 Microsoft Corp...#..# This is a sample HOSTS file used by Microsoft TCP/IP for Windows...#..# This file contains the mappings of IP addresses to host names. Each..# entry should be kept on an individual line. The IP address should..# be placed in the first column followed by the corresponding host name...# The IP address and the host name should be separated by at least one..# space...#..# Additionally, comments (such as these) may be inserted on individual..# lines or following the machine name denoted by a '#' symbol...#..# For example:..#..# 102.54.94.97 rhino.acme.com # source server..# 38.25.63.10 x.acme.com # x client host....# localhost name resolution is handled within DNS itself...#.127.0.0.1 localhost..#.::1 localhost...127.0.0.1..wildixintegration.eu.

                                                                Static File Info

                                                                General

                                                                File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                Entropy (8bit):7.835913460840649
                                                                TrID:
                                                                • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                • Generic Win/DOS Executable (2004/3) 0.02%
                                                                • DOS Executable Generic (2002/1) 0.02%
                                                                • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                File name:SetupWIService.exe
                                                                File size:4383096
                                                                MD5:1927469a9b3fe32f0a7c8216f444bf7c
                                                                SHA1:4f67b5dd3d3388fa4f6af3b0bb629778c27ee94c
                                                                SHA256:88c12a9f7e73f96f292fb0ca2b34c86b6d2eae652c5c1169ecc29941937d7d81
                                                                SHA512:8d0ce9d76c838812840b71b484678663b77ddec5f2876aa3de4d7010bc71a1832a17b6a3f82d113cd892ad8d502a287b051db07b321e08ccc241259ca164e473
                                                                SSDEEP:49152:FuJDiUob4l/1DjRRFBY+QCRqrjsvLMx0+QgoPfjM8MwqFcwlh+A+l4gJ/PftpQTJ:FuJ2UobOjFBX690jM79Fc0hp+pPfkw49
                                                                TLSH:CB1623959924C896DD1230F189B6A5FCB3E1DC952E387C22466773CD3E76EC2E037688
                                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........(...F...F...F.*.....F...G.w.F.*.....F...v...F...@...F.Rich..F.........PE..L......].................d...|......k2............@

                                                                File Icon

                                                                Icon Hash:1031b3aaaaccccc9

                                                                Static PE Info

                                                                General

                                                                Entrypoint:0x40326b
                                                                Entrypoint Section:.text
                                                                Digitally signed:true
                                                                Imagebase:0x400000
                                                                Subsystem:windows gui
                                                                Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                Time Stamp:0x5DF6D4F0 [Mon Dec 16 00:50:56 2019 UTC]
                                                                TLS Callbacks:
                                                                CLR (.Net) Version:
                                                                OS Version Major:4
                                                                OS Version Minor:0
                                                                File Version Major:4
                                                                File Version Minor:0
                                                                Subsystem Version Major:4
                                                                Subsystem Version Minor:0
                                                                Import Hash:e9c0657252137ac61c1eeeba4c021000

                                                                Authenticode Signature

                                                                Signature Valid:true
                                                                Signature Issuer:CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB
                                                                Signature Validation Error:The operation completed successfully
                                                                Error Number:0
                                                                Not Before, Not After
                                                                • 9/11/2018 2:00:00 AM 9/11/2021 1:59:59 AM
                                                                Subject Chain
                                                                • CN=Wildix EE OU, O=Wildix EE OU, STREET="Roosikrantsi, 2 - K309", L=Tallinn, S=Estonia, PostalCode=10119, C=IT
                                                                Version:3
                                                                Thumbprint MD5:D86660A70313A4B44379368A3359F6DC
                                                                Thumbprint SHA-1:740E47D942E3484FC1B7F799905D9C49BD111DAA
                                                                Thumbprint SHA-256:E9428FDFC636C8EE09E3C8814D3C8677C01B362525E255EE33A5AD10535C6C4A
                                                                Serial:56A07594F7C4C0EDAAB3DAB03BEAA73E

                                                                Entrypoint Preview

                                                                Instruction
                                                                sub esp, 00000184h
                                                                push ebx
                                                                push esi
                                                                push edi
                                                                xor ebx, ebx
                                                                push 00008001h
                                                                mov dword ptr [esp+18h], ebx
                                                                mov dword ptr [esp+10h], 0040A198h
                                                                mov dword ptr [esp+20h], ebx
                                                                mov byte ptr [esp+14h], 00000020h
                                                                call dword ptr [004080A0h]
                                                                call dword ptr [0040809Ch]
                                                                and eax, BFFFFFFFh
                                                                cmp ax, 00000006h
                                                                mov dword ptr [0042F40Ch], eax
                                                                je 00007F72387BE703h
                                                                push ebx
                                                                call 00007F72387C17EBh
                                                                cmp eax, ebx
                                                                je 00007F72387BE6F9h
                                                                push 00000C00h
                                                                call eax
                                                                mov esi, 00408298h
                                                                push esi
                                                                call 00007F72387C1767h
                                                                push esi
                                                                call dword ptr [00408098h]
                                                                lea esi, dword ptr [esi+eax+01h]
                                                                cmp byte ptr [esi], bl
                                                                jne 00007F72387BE6DDh
                                                                push 0000000Ah
                                                                call 00007F72387C17BFh
                                                                push 00000008h
                                                                call 00007F72387C17B8h
                                                                push 00000006h
                                                                mov dword ptr [0042F404h], eax
                                                                call 00007F72387C17ACh
                                                                cmp eax, ebx
                                                                je 00007F72387BE701h
                                                                push 0000001Eh
                                                                call eax
                                                                test eax, eax
                                                                je 00007F72387BE6F9h
                                                                or byte ptr [0042F40Fh], 00000040h
                                                                push ebp
                                                                call dword ptr [00408040h]
                                                                push ebx
                                                                call dword ptr [00408284h]
                                                                mov dword ptr [0042F4D8h], eax
                                                                push ebx
                                                                lea eax, dword ptr [esp+38h]
                                                                push 00000160h
                                                                push eax
                                                                push ebx
                                                                push 00429830h
                                                                call dword ptr [00408178h]
                                                                push 0040A188h

                                                                Rich Headers

                                                                Programming Language:
                                                                • [EXP] VC++ 6.0 SP5 build 8804

                                                                Data Directories

                                                                NameVirtual AddressVirtual Size Is in Section
                                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_IMPORT0x853c0xa0.rdata
                                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x3d0000x47058.rsrc
                                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x42bfc80x21b0
                                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_IAT0x80000x294.rdata
                                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                Sections

                                                                NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                .text0x10000x62ff0x6400False0.672421875data6.457821426487787IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                .rdata0x80000x134a0x1400False0.459765625data5.238921057104071IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                .data0xa0000x255180x600False0.4557291666666667data4.049203760121162IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                .ndata0x300000xd0000x0False0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                .rsrc0x3d0000x470580x47200False0.048845287785588755data1.3027496736142952IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                Resources

                                                                NameRVASizeTypeLanguageCountry
                                                                RT_ICON0x3d2e00x42028Device independent bitmap graphic, 256 x 512 x 32, image size 270336EnglishUnited States
                                                                RT_ICON0x7f3080x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States
                                                                RT_ICON0x818b00x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States
                                                                RT_ICON0x829580x568Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States
                                                                RT_ICON0x82ec00x468dataEnglishUnited States
                                                                RT_ICON0x833280x2e8dataEnglishUnited States
                                                                RT_ICON0x836100x128dataEnglishUnited States
                                                                RT_DIALOG0x837380x200dataEnglishUnited States
                                                                RT_DIALOG0x839380xf8dataEnglishUnited States
                                                                RT_DIALOG0x83a300xa0dataEnglishUnited States
                                                                RT_DIALOG0x83ad00xeedataEnglishUnited States
                                                                RT_GROUP_ICON0x83bc00x68dataEnglishUnited States
                                                                RT_MANIFEST0x83c280x42eXML 1.0 document, ASCII text, with very long lines (1070), with no line terminatorsEnglishUnited States

                                                                Imports

                                                                DLLImport
                                                                KERNEL32.dllGetTempPathA, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, ExitProcess, SetEnvironmentVariableA, Sleep, GetTickCount, GetCommandLineA, lstrlenA, GetVersion, SetErrorMode, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GetWindowsDirectoryA, SetFileAttributesA, GetLastError, CreateDirectoryA, CreateProcessA, RemoveDirectoryA, CreateFileA, GetTempFileNameA, ReadFile, WriteFile, lstrcpyA, MoveFileExA, lstrcatA, GetSystemDirectoryA, GetProcAddress, GetExitCodeProcess, WaitForSingleObject, CompareFileTime, SetFileTime, GetFileAttributesA, SetCurrentDirectoryA, MoveFileA, GetFullPathNameA, GetShortPathNameA, SearchPathA, CloseHandle, lstrcmpiA, CreateThread, GlobalLock, lstrcmpA, DeleteFileA, FindFirstFileA, FindNextFileA, FindClose, SetFilePointer, GetPrivateProfileStringA, WritePrivateProfileStringA, MulDiv, MultiByteToWideChar, FreeLibrary, LoadLibraryExA, GetModuleHandleA, GlobalAlloc, GlobalFree, ExpandEnvironmentStringsA
                                                                USER32.dllGetSystemMenu, SetClassLongA, EnableMenuItem, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, CallWindowProcA, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, ScreenToClient, GetWindowRect, GetDlgItem, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, GetDC, ReleaseDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, EndDialog, RegisterClassA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, ExitWindowsEx, LoadImageA, CreateDialogParamA, SetTimer, SetWindowTextA, SetForegroundWindow, ShowWindow, SetWindowLongA, SendMessageTimeoutA, FindWindowExA, IsWindow, AppendMenuA, TrackPopupMenu, CreatePopupMenu, DrawTextA, EndPaint, DestroyWindow, wsprintfA, PostQuitMessage
                                                                GDI32.dllSelectObject, SetTextColor, SetBkMode, CreateFontIndirectA, CreateBrushIndirect, DeleteObject, GetDeviceCaps, SetBkColor
                                                                SHELL32.dllSHGetSpecialFolderLocation, ShellExecuteExA, SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, SHFileOperationA
                                                                ADVAPI32.dllAdjustTokenPrivileges, RegCreateKeyExA, RegOpenKeyExA, SetFileSecurityA, OpenProcessToken, LookupPrivilegeValueA, RegEnumValueA, RegDeleteKeyA, RegDeleteValueA, RegCloseKey, RegSetValueExA, RegQueryValueExA, RegEnumKeyA
                                                                COMCTL32.dllImageList_Create, ImageList_AddMasked, ImageList_Destroy
                                                                ole32.dllOleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance

                                                                Possible Origin

                                                                Language of compilation systemCountry where language is spokenMap
                                                                EnglishUnited States

                                                                Network Behavior

                                                                Network Port Distribution

                                                                TCP Packets

                                                                TimestampSource PortDest PortSource IPDest IP
                                                                Dec 29, 2022 16:19:41.118819952 CET49701443192.168.2.43.64.145.227
                                                                Dec 29, 2022 16:19:41.118896008 CET443497013.64.145.227192.168.2.4
                                                                Dec 29, 2022 16:19:41.119517088 CET49701443192.168.2.43.64.145.227
                                                                Dec 29, 2022 16:19:41.120529890 CET49701443192.168.2.43.64.145.227
                                                                Dec 29, 2022 16:19:41.120567083 CET443497013.64.145.227192.168.2.4
                                                                Dec 29, 2022 16:19:41.207524061 CET443497013.64.145.227192.168.2.4
                                                                Dec 29, 2022 16:19:41.208288908 CET49701443192.168.2.43.64.145.227
                                                                Dec 29, 2022 16:19:41.208317041 CET443497013.64.145.227192.168.2.4
                                                                Dec 29, 2022 16:19:41.211004019 CET443497013.64.145.227192.168.2.4
                                                                Dec 29, 2022 16:19:41.211102009 CET49701443192.168.2.43.64.145.227
                                                                Dec 29, 2022 16:19:41.213946104 CET49701443192.168.2.43.64.145.227
                                                                Dec 29, 2022 16:19:41.213946104 CET49701443192.168.2.43.64.145.227
                                                                Dec 29, 2022 16:19:41.213973999 CET443497013.64.145.227192.168.2.4
                                                                Dec 29, 2022 16:19:41.214001894 CET443497013.64.145.227192.168.2.4
                                                                Dec 29, 2022 16:19:41.214131117 CET443497013.64.145.227192.168.2.4
                                                                Dec 29, 2022 16:19:41.299649000 CET443497013.64.145.227192.168.2.4
                                                                Dec 29, 2022 16:19:41.305244923 CET49701443192.168.2.43.64.145.227
                                                                Dec 29, 2022 16:19:41.334660053 CET49701443192.168.2.43.64.145.227
                                                                Dec 29, 2022 16:19:41.334660053 CET49701443192.168.2.43.64.145.227
                                                                Dec 29, 2022 16:19:41.334712029 CET443497013.64.145.227192.168.2.4

                                                                UDP Packets

                                                                TimestampSource PortDest PortSource IPDest IP
                                                                Dec 29, 2022 16:19:41.079005003 CET5680753192.168.2.48.8.8.8
                                                                Dec 29, 2022 16:19:41.097114086 CET53568078.8.8.8192.168.2.4

                                                                DNS Queries

                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                Dec 29, 2022 16:19:41.079005003 CET192.168.2.48.8.8.80x5cc9Standard query (0)feedback.wildix.comA (IP address)IN (0x0001)false

                                                                DNS Answers

                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                Dec 29, 2022 16:19:41.097114086 CET8.8.8.8192.168.2.40x5cc9No error (0)feedback.wildix.com3.64.145.227A (IP address)IN (0x0001)false
                                                                Dec 29, 2022 16:19:41.097114086 CET8.8.8.8192.168.2.40x5cc9No error (0)feedback.wildix.com54.93.167.246A (IP address)IN (0x0001)false

                                                                HTTP Request Dependency Graph

                                                                • feedback.wildix.com

                                                                HTTPS Proxied Packets

                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                0192.168.2.4497013.64.145.227443C:\Program Files (x86)\Wildix\WIService\wiservice.exe
                                                                TimestampkBytes transferredDirectionData
                                                                2022-12-29 15:19:41 UTC0OUTPOST /api/v1/Analytics/wiservice HTTP/1.1
                                                                Host: feedback.wildix.com
                                                                Accept: */*
                                                                Content-Length: 331
                                                                Content-Type: application/x-www-form-urlencoded
                                                                2022-12-29 15:19:41 UTC0OUTData Raw: 65 76 65 6e 74 3d 77 69 53 65 72 76 69 63 65 53 74 61 72 74 65 64 26 64 61 74 61 3d 7b 22 61 70 70 4e 61 6d 65 22 3a 22 77 69 73 65 72 76 69 63 65 22 2c 22 76 65 72 73 69 6f 6e 22 3a 22 32 2e 31 35 2e 32 2e 31 22 7d 26 63 6f 6e 74 65 78 74 3d 7b 22 65 78 74 65 6e 73 69 6f 6e 22 3a 22 22 2c 22 6d 65 73 73 61 67 65 49 64 22 3a 22 61 64 46 34 52 4d 4a 72 67 57 49 4e 36 49 6f 48 51 37 63 69 4f 4b 6b 4f 65 6a 64 77 55 39 73 41 22 2c 22 6f 73 22 3a 22 57 69 6e 64 6f 77 73 5f 4e 54 22 2c 22 6f 73 42 75 69 6c 64 22 3a 22 22 2c 22 6f 73 4e 61 6d 65 22 3a 22 57 69 6e 64 6f 77 73 20 31 30 20 45 6e 74 65 72 70 72 69 73 65 22 2c 22 6f 73 56 65 72 73 69 6f 6e 22 3a 22 31 30 2e 30 2e 31 37 31 33 34 22 2c 22 70 62 78 22 3a 22 22 2c 22 70 69 64 22 3a 33 33 37 32 2c 22 72
                                                                Data Ascii: event=wiServiceStarted&data={"appName":"wiservice","version":"2.15.2.1"}&context={"extension":"","messageId":"adF4RMJrgWIN6IoHQ7ciOKkOejdwU9sA","os":"Windows_NT","osBuild":"","osName":"Windows 10 Enterprise","osVersion":"10.0.17134","pbx":"","pid":3372,"r
                                                                2022-12-29 15:19:41 UTC0INHTTP/1.1 200 OK
                                                                Date: Thu, 29 Dec 2022 15:19:41 GMT
                                                                Content-Type: text/html;charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: close
                                                                Server: nginx/1.16.1
                                                                Access-Control-Allow-Origin: *
                                                                Access-Control-Allow-Headers: accept, authorization, content-type
                                                                Access-Control-Allow-Credentials: true
                                                                P3p: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
                                                                2022-12-29 15:19:41 UTC0INData Raw: 30 0d 0a 0d 0a
                                                                Data Ascii: 0


                                                                Statistics

                                                                CPU Usage

                                                                Click to jump to process

                                                                Memory Usage

                                                                Click to jump to process

                                                                High Level Behavior Distribution

                                                                Click to dive into process behavior distribution

                                                                Behavior

                                                                Click to jump to process

                                                                System Behavior

                                                                General

                                                                Target ID:0
                                                                Start time:16:19:20
                                                                Start date:29/12/2022
                                                                Path:C:\Users\user\Desktop\SetupWIService.exe
                                                                Wow64 process (32bit):true
                                                                Commandline:C:\Users\user\Desktop\SetupWIService.exe
                                                                Imagebase:0x400000
                                                                File size:4383096 bytes
                                                                MD5 hash:1927469A9B3FE32F0A7C8216F444BF7C
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Reputation:low

                                                                General

                                                                Target ID:1
                                                                Start time:16:19:20
                                                                Start date:29/12/2022
                                                                Path:C:\Windows\SysWOW64\cmd.exe
                                                                Wow64 process (32bit):true
                                                                Commandline:cmd /C taskkill /F /IM WIService.exe
                                                                Imagebase:0xd90000
                                                                File size:232960 bytes
                                                                MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Reputation:high

                                                                General

                                                                Target ID:2
                                                                Start time:16:19:21
                                                                Start date:29/12/2022
                                                                Path:C:\Windows\System32\conhost.exe
                                                                Wow64 process (32bit):false
                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                Imagebase:0x7ff7c72c0000
                                                                File size:625664 bytes
                                                                MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Reputation:high

                                                                General

                                                                Target ID:3
                                                                Start time:16:19:21
                                                                Start date:29/12/2022
                                                                Path:C:\Windows\SysWOW64\taskkill.exe
                                                                Wow64 process (32bit):true
                                                                Commandline:taskkill /F /IM WIService.exe
                                                                Imagebase:0xf60000
                                                                File size:74752 bytes
                                                                MD5 hash:15E2E0ACD891510C6268CB8899F2A1A1
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Reputation:high

                                                                General

                                                                Target ID:4
                                                                Start time:16:19:23
                                                                Start date:29/12/2022
                                                                Path:C:\Windows\SysWOW64\cmd.exe
                                                                Wow64 process (32bit):true
                                                                Commandline:cmd /C taskkill /F /IM WIui.exe
                                                                Imagebase:0xd90000
                                                                File size:232960 bytes
                                                                MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Reputation:high

                                                                General

                                                                Target ID:5
                                                                Start time:16:19:24
                                                                Start date:29/12/2022
                                                                Path:C:\Windows\System32\conhost.exe
                                                                Wow64 process (32bit):false
                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                Imagebase:0x7ff7c72c0000
                                                                File size:625664 bytes
                                                                MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Reputation:high

                                                                General

                                                                Target ID:6
                                                                Start time:16:19:24
                                                                Start date:29/12/2022
                                                                Path:C:\Windows\SysWOW64\taskkill.exe
                                                                Wow64 process (32bit):true
                                                                Commandline:taskkill /F /IM WIui.exe
                                                                Imagebase:0xf60000
                                                                File size:74752 bytes
                                                                MD5 hash:15E2E0ACD891510C6268CB8899F2A1A1
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Reputation:high

                                                                General

                                                                Target ID:7
                                                                Start time:16:19:24
                                                                Start date:29/12/2022
                                                                Path:C:\Windows\SysWOW64\cmd.exe
                                                                Wow64 process (32bit):true
                                                                Commandline:cmd /C taskkill /F /IM wirtpproxy.exe
                                                                Imagebase:0xd90000
                                                                File size:232960 bytes
                                                                MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Reputation:high

                                                                General

                                                                Target ID:8
                                                                Start time:16:19:24
                                                                Start date:29/12/2022
                                                                Path:C:\Windows\System32\conhost.exe
                                                                Wow64 process (32bit):false
                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                Imagebase:0x7ff7c72c0000
                                                                File size:625664 bytes
                                                                MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Reputation:high

                                                                General

                                                                Target ID:9
                                                                Start time:16:19:24
                                                                Start date:29/12/2022
                                                                Path:C:\Windows\SysWOW64\taskkill.exe
                                                                Wow64 process (32bit):true
                                                                Commandline:taskkill /F /IM wirtpproxy.exe
                                                                Imagebase:0x7ff7c72c0000
                                                                File size:74752 bytes
                                                                MD5 hash:15E2E0ACD891510C6268CB8899F2A1A1
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language

                                                                General

                                                                Target ID:10
                                                                Start time:16:19:25
                                                                Start date:29/12/2022
                                                                Path:C:\Windows\SysWOW64\cmd.exe
                                                                Wow64 process (32bit):true
                                                                Commandline:cmd /C taskkill /F /IM wiservice-ui.exe
                                                                Imagebase:0xd90000
                                                                File size:232960 bytes
                                                                MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language

                                                                General

                                                                Target ID:11
                                                                Start time:16:19:25
                                                                Start date:29/12/2022
                                                                Path:C:\Windows\System32\conhost.exe
                                                                Wow64 process (32bit):false
                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                Imagebase:0x7ff7c72c0000
                                                                File size:625664 bytes
                                                                MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language

                                                                General

                                                                Target ID:12
                                                                Start time:16:19:25
                                                                Start date:29/12/2022
                                                                Path:C:\Windows\SysWOW64\taskkill.exe
                                                                Wow64 process (32bit):true
                                                                Commandline:taskkill /F /IM wiservice-ui.exe
                                                                Imagebase:0xf60000
                                                                File size:74752 bytes
                                                                MD5 hash:15E2E0ACD891510C6268CB8899F2A1A1
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language

                                                                General

                                                                Target ID:13
                                                                Start time:16:19:25
                                                                Start date:29/12/2022
                                                                Path:C:\Windows\SysWOW64\cmd.exe
                                                                Wow64 process (32bit):true
                                                                Commandline:cmd /C taskkill /F /IM vncsrv.exe
                                                                Imagebase:0xd90000
                                                                File size:232960 bytes
                                                                MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language

                                                                General

                                                                Target ID:14
                                                                Start time:16:19:26
                                                                Start date:29/12/2022
                                                                Path:C:\Windows\System32\conhost.exe
                                                                Wow64 process (32bit):false
                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                Imagebase:0x7ff7c72c0000
                                                                File size:625664 bytes
                                                                MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language

                                                                General

                                                                Target ID:15
                                                                Start time:16:19:26
                                                                Start date:29/12/2022
                                                                Path:C:\Windows\SysWOW64\taskkill.exe
                                                                Wow64 process (32bit):true
                                                                Commandline:taskkill /F /IM vncsrv.exe
                                                                Imagebase:0xf60000
                                                                File size:74752 bytes
                                                                MD5 hash:15E2E0ACD891510C6268CB8899F2A1A1
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language

                                                                General

                                                                Target ID:16
                                                                Start time:16:19:30
                                                                Start date:29/12/2022
                                                                Path:C:\Program Files (x86)\Wildix\WIService\wiservice.exe
                                                                Wow64 process (32bit):true
                                                                Commandline:"C:\Program Files (x86)\Wildix\WIService\wiservice.exe" --proxyex
                                                                Imagebase:0xbd0000
                                                                File size:7814576 bytes
                                                                MD5 hash:723F23EEFB213A23959A28D1ED11D42D
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Antivirus matches:
                                                                • Detection: 0%, ReversingLabs

                                                                General

                                                                Target ID:17
                                                                Start time:16:19:31
                                                                Start date:29/12/2022
                                                                Path:C:\Program Files (x86)\Wildix\WIService\wiservice.exe
                                                                Wow64 process (32bit):true
                                                                Commandline:"C:\Program Files (x86)\Wildix\WIService\wiservice.exe" --installsvc
                                                                Imagebase:0xbd0000
                                                                File size:7814576 bytes
                                                                MD5 hash:723F23EEFB213A23959A28D1ED11D42D
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language

                                                                General

                                                                Target ID:18
                                                                Start time:16:19:33
                                                                Start date:29/12/2022
                                                                Path:C:\Program Files (x86)\Wildix\WIService\wiservice.exe
                                                                Wow64 process (32bit):true
                                                                Commandline:"C:\Program Files (x86)\Wildix\WIService\wiservice.exe" --hostsvc
                                                                Imagebase:0xbd0000
                                                                File size:7814576 bytes
                                                                MD5 hash:723F23EEFB213A23959A28D1ED11D42D
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language

                                                                General

                                                                Target ID:19
                                                                Start time:16:19:36
                                                                Start date:29/12/2022
                                                                Path:C:\Windows\explorer.exe
                                                                Wow64 process (32bit):false
                                                                Commandline:C:\Windows\explorer.exe" "C:\Program Files (x86)\Wildix\WIService\proxyex.lnk
                                                                Imagebase:0x7ff618f60000
                                                                File size:3933184 bytes
                                                                MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language

                                                                General

                                                                Target ID:20
                                                                Start time:16:19:36
                                                                Start date:29/12/2022
                                                                Path:C:\Program Files (x86)\Wildix\WIService\wiservice.exe
                                                                Wow64 process (32bit):true
                                                                Commandline:"C:\Program Files (x86)\Wildix\WIService\wiservice.exe" --watchdog
                                                                Imagebase:0xbd0000
                                                                File size:7814576 bytes
                                                                MD5 hash:723F23EEFB213A23959A28D1ED11D42D
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language

                                                                General

                                                                Target ID:21
                                                                Start time:16:19:37
                                                                Start date:29/12/2022
                                                                Path:C:\Windows\explorer.exe
                                                                Wow64 process (32bit):false
                                                                Commandline:C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                Imagebase:0x7ff618f60000
                                                                File size:3933184 bytes
                                                                MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                                                Has elevated privileges:false
                                                                Has administrator privileges:false
                                                                Programmed in:C, C++ or other language

                                                                General

                                                                Target ID:22
                                                                Start time:16:19:38
                                                                Start date:29/12/2022
                                                                Path:C:\Windows\explorer.exe
                                                                Wow64 process (32bit):false
                                                                Commandline:C:\Windows\explorer.exe" "C:\Program Files (x86)\Wildix\WIService\wiservice.exe
                                                                Imagebase:0x7ff618f60000
                                                                File size:3933184 bytes
                                                                MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language

                                                                General

                                                                Target ID:23
                                                                Start time:16:19:38
                                                                Start date:29/12/2022
                                                                Path:C:\Windows\explorer.exe
                                                                Wow64 process (32bit):false
                                                                Commandline:C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                Imagebase:0x7ff618f60000
                                                                File size:3933184 bytes
                                                                MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                                                Has elevated privileges:false
                                                                Has administrator privileges:false
                                                                Programmed in:C, C++ or other language

                                                                General

                                                                Target ID:24
                                                                Start time:16:19:39
                                                                Start date:29/12/2022
                                                                Path:C:\Program Files (x86)\Wildix\WIService\wiservice.exe
                                                                Wow64 process (32bit):true
                                                                Commandline:"C:\Program Files (x86)\Wildix\WIService\wiservice.exe" --proxyex
                                                                Imagebase:0xbd0000
                                                                File size:7814576 bytes
                                                                MD5 hash:723F23EEFB213A23959A28D1ED11D42D
                                                                Has elevated privileges:false
                                                                Has administrator privileges:false
                                                                Programmed in:C, C++ or other language

                                                                General

                                                                Target ID:25
                                                                Start time:16:19:39
                                                                Start date:29/12/2022
                                                                Path:C:\Program Files (x86)\Wildix\WIService\wiservice.exe
                                                                Wow64 process (32bit):true
                                                                Commandline:"C:\Program Files (x86)\Wildix\WIService\WIService.exe"
                                                                Imagebase:0xbd0000
                                                                File size:7814576 bytes
                                                                MD5 hash:723F23EEFB213A23959A28D1ED11D42D
                                                                Has elevated privileges:false
                                                                Has administrator privileges:false
                                                                Programmed in:C, C++ or other language

                                                                General

                                                                Target ID:26
                                                                Start time:16:19:40
                                                                Start date:29/12/2022
                                                                Path:C:\Program Files (x86)\Wildix\WIService\wiservice.exe
                                                                Wow64 process (32bit):true
                                                                Commandline:"C:\Program Files (x86)\Wildix\WIService\wiservice.exe"
                                                                Imagebase:0xbd0000
                                                                File size:7814576 bytes
                                                                MD5 hash:723F23EEFB213A23959A28D1ED11D42D
                                                                Has elevated privileges:false
                                                                Has administrator privileges:false
                                                                Programmed in:C, C++ or other language

                                                                General

                                                                Target ID:27
                                                                Start time:16:19:40
                                                                Start date:29/12/2022
                                                                Path:C:\Windows\SysWOW64\NETSTAT.EXE
                                                                Wow64 process (32bit):true
                                                                Commandline:netstat -ano -p tcp
                                                                Imagebase:0xd50000
                                                                File size:32768 bytes
                                                                MD5 hash:4E20FF629119A809BC0E7EE2D18A7FDB
                                                                Has elevated privileges:false
                                                                Has administrator privileges:false
                                                                Programmed in:C, C++ or other language

                                                                General

                                                                Target ID:28
                                                                Start time:16:19:41
                                                                Start date:29/12/2022
                                                                Path:C:\Windows\System32\conhost.exe
                                                                Wow64 process (32bit):false
                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                Imagebase:0x7ff7c72c0000
                                                                File size:625664 bytes
                                                                MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                Has elevated privileges:false
                                                                Has administrator privileges:false
                                                                Programmed in:C, C++ or other language

                                                                General

                                                                Target ID:29
                                                                Start time:16:20:00
                                                                Start date:29/12/2022
                                                                Path:C:\Windows\SysWOW64\NETSTAT.EXE
                                                                Wow64 process (32bit):true
                                                                Commandline:netstat -ano -p tcp
                                                                Imagebase:0xd50000
                                                                File size:32768 bytes
                                                                MD5 hash:4E20FF629119A809BC0E7EE2D18A7FDB
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language

                                                                General

                                                                Target ID:30
                                                                Start time:16:20:00
                                                                Start date:29/12/2022
                                                                Path:C:\Windows\System32\conhost.exe
                                                                Wow64 process (32bit):false
                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                Imagebase:0x7ff7c72c0000
                                                                File size:625664 bytes
                                                                MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language

                                                                General

                                                                Target ID:33
                                                                Start time:16:20:21
                                                                Start date:29/12/2022
                                                                Path:C:\Windows\SysWOW64\NETSTAT.EXE
                                                                Wow64 process (32bit):true
                                                                Commandline:netstat -ano -p tcp
                                                                Imagebase:0xd50000
                                                                File size:32768 bytes
                                                                MD5 hash:4E20FF629119A809BC0E7EE2D18A7FDB
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language

                                                                General

                                                                Target ID:34
                                                                Start time:16:20:21
                                                                Start date:29/12/2022
                                                                Path:C:\Windows\System32\conhost.exe
                                                                Wow64 process (32bit):false
                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                Imagebase:0x7ff7c72c0000
                                                                File size:625664 bytes
                                                                MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language

                                                                General

                                                                Target ID:35
                                                                Start time:16:20:42
                                                                Start date:29/12/2022
                                                                Path:C:\Windows\SysWOW64\NETSTAT.EXE
                                                                Wow64 process (32bit):true
                                                                Commandline:netstat -ano -p tcp
                                                                Imagebase:0xd50000
                                                                File size:32768 bytes
                                                                MD5 hash:4E20FF629119A809BC0E7EE2D18A7FDB
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language

                                                                General

                                                                Target ID:36
                                                                Start time:16:20:42
                                                                Start date:29/12/2022
                                                                Path:C:\Windows\System32\conhost.exe
                                                                Wow64 process (32bit):false
                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                Imagebase:0x7ff7c72c0000
                                                                File size:625664 bytes
                                                                MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language

                                                                General

                                                                Target ID:37
                                                                Start time:16:21:03
                                                                Start date:29/12/2022
                                                                Path:C:\Windows\SysWOW64\NETSTAT.EXE
                                                                Wow64 process (32bit):true
                                                                Commandline:netstat -ano -p tcp
                                                                Imagebase:0xd50000
                                                                File size:32768 bytes
                                                                MD5 hash:4E20FF629119A809BC0E7EE2D18A7FDB
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language

                                                                General

                                                                Target ID:38
                                                                Start time:16:21:03
                                                                Start date:29/12/2022
                                                                Path:C:\Windows\System32\conhost.exe
                                                                Wow64 process (32bit):false
                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                Imagebase:0x7ff7c72c0000
                                                                File size:625664 bytes
                                                                MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language

                                                                General

                                                                Target ID:42
                                                                Start time:16:21:26
                                                                Start date:29/12/2022
                                                                Path:C:\Windows\SysWOW64\NETSTAT.EXE
                                                                Wow64 process (32bit):true
                                                                Commandline:netstat -ano -p tcp
                                                                Imagebase:0xd50000
                                                                File size:32768 bytes
                                                                MD5 hash:4E20FF629119A809BC0E7EE2D18A7FDB
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language

                                                                General

                                                                Target ID:43
                                                                Start time:16:21:26
                                                                Start date:29/12/2022
                                                                Path:C:\Windows\System32\conhost.exe
                                                                Wow64 process (32bit):false
                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                Imagebase:0x7ff7c72c0000
                                                                File size:625664 bytes
                                                                MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language

                                                                General

                                                                Target ID:44
                                                                Start time:16:21:47
                                                                Start date:29/12/2022
                                                                Path:C:\Windows\SysWOW64\NETSTAT.EXE
                                                                Wow64 process (32bit):true
                                                                Commandline:netstat -ano -p tcp
                                                                Imagebase:0xd50000
                                                                File size:32768 bytes
                                                                MD5 hash:4E20FF629119A809BC0E7EE2D18A7FDB
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language

                                                                General

                                                                Target ID:45
                                                                Start time:16:21:47
                                                                Start date:29/12/2022
                                                                Path:C:\Windows\System32\conhost.exe
                                                                Wow64 process (32bit):false
                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                Imagebase:0x7ff7c72c0000
                                                                File size:625664 bytes
                                                                MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language

                                                                General

                                                                Target ID:46
                                                                Start time:16:22:08
                                                                Start date:29/12/2022
                                                                Path:C:\Windows\SysWOW64\NETSTAT.EXE
                                                                Wow64 process (32bit):true
                                                                Commandline:netstat -ano -p tcp
                                                                Imagebase:0xd50000
                                                                File size:32768 bytes
                                                                MD5 hash:4E20FF629119A809BC0E7EE2D18A7FDB
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language

                                                                General

                                                                Target ID:47
                                                                Start time:16:22:08
                                                                Start date:29/12/2022
                                                                Path:C:\Windows\System32\conhost.exe
                                                                Wow64 process (32bit):false
                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                Imagebase:0x7ff7c72c0000
                                                                File size:625664 bytes
                                                                MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language

                                                                Disassembly

                                                                Reset < >

                                                                  Execution Graph

                                                                  Execution Coverage:23.3%
                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                  Signature Coverage:16.9%
                                                                  Total number of Nodes:1498
                                                                  Total number of Limit Nodes:47
                                                                  execution_graph 3817 401d41 3818 401d54 GetDlgItem 3817->3818 3819 401d47 3817->3819 3821 401d4e 3818->3821 3828 402b0a 3819->3828 3822 401d8f GetClientRect LoadImageA SendMessageA 3821->3822 3831 402b2c 3821->3831 3825 4029b8 3822->3825 3826 401deb 3822->3826 3826->3825 3827 401df3 DeleteObject 3826->3827 3827->3825 3837 406032 3828->3837 3830 402b1f 3830->3821 3832 402b38 3831->3832 3833 406032 17 API calls 3832->3833 3834 402b59 3833->3834 3835 402b65 3834->3835 3836 40627a 5 API calls 3834->3836 3835->3822 3836->3835 3853 40603f 3837->3853 3838 406261 3839 406276 3838->3839 3870 406010 lstrcpynA 3838->3870 3839->3830 3841 40623b lstrlenA 3841->3853 3843 406032 10 API calls 3843->3841 3846 406157 GetSystemDirectoryA 3846->3853 3847 40616a GetWindowsDirectoryA 3847->3853 3849 406032 10 API calls 3849->3853 3850 4061e4 lstrcatA 3850->3853 3851 40619e SHGetSpecialFolderLocation 3852 4061b6 SHGetPathFromIDListA CoTaskMemFree 3851->3852 3851->3853 3852->3853 3853->3838 3853->3841 3853->3843 3853->3846 3853->3847 3853->3849 3853->3850 3853->3851 3854 405ef7 3853->3854 3859 40627a 3853->3859 3868 405f6e wsprintfA 3853->3868 3869 406010 lstrcpynA 3853->3869 3871 405e96 3854->3871 3857 405f5a 3857->3853 3858 405f2b RegQueryValueExA RegCloseKey 3858->3857 3866 406286 3859->3866 3860 4062ee 3861 4062f2 CharPrevA 3860->3861 3864 40630d 3860->3864 3861->3860 3862 4062e3 CharNextA 3862->3860 3862->3866 3864->3853 3865 4062d1 CharNextA 3865->3866 3866->3860 3866->3862 3866->3865 3867 4062de CharNextA 3866->3867 3875 4059d3 3866->3875 3867->3862 3868->3853 3869->3853 3870->3839 3872 405ea5 3871->3872 3873 405ea9 3872->3873 3874 405eae RegOpenKeyExA 3872->3874 3873->3857 3873->3858 3874->3873 3876 4059d9 3875->3876 3877 4059ec 3876->3877 3878 4059df CharNextA 3876->3878 3877->3866 3878->3876 4781 401ec3 4782 402b2c 17 API calls 4781->4782 4783 401ec9 4782->4783 4784 402b2c 17 API calls 4783->4784 4785 401ed2 4784->4785 4786 402b2c 17 API calls 4785->4786 4787 401edb 4786->4787 4788 402b2c 17 API calls 4787->4788 4789 401ee4 4788->4789 4790 401423 24 API calls 4789->4790 4791 401eeb 4790->4791 4798 4056f2 ShellExecuteExA 4791->4798 4793 401f29 4794 40641d 5 API calls 4793->4794 4795 402783 4793->4795 4796 401f43 FindCloseChangeNotification 4794->4796 4796->4795 4798->4793 4799 6f5415d1 4805 6f5414bb 4799->4805 4801 6f54162f GlobalFree 4802 6f5415e9 4802->4801 4803 6f541604 4802->4803 4804 6f54161b VirtualFree 4802->4804 4803->4801 4804->4801 4807 6f5414c1 4805->4807 4806 6f5414c7 4806->4802 4807->4806 4808 6f5414d3 GlobalFree 4807->4808 4808->4802 3992 401746 3993 402b2c 17 API calls 3992->3993 3994 40174d 3993->3994 3998 405bd8 3994->3998 3996 401754 3997 405bd8 2 API calls 3996->3997 3997->3996 3999 405be3 GetTickCount GetTempFileNameA 3998->3999 4000 405c10 3999->4000 4001 405c14 3999->4001 4000->3999 4000->4001 4001->3996 4809 401947 4810 402b2c 17 API calls 4809->4810 4811 40194e lstrlenA 4810->4811 4812 4025e4 4811->4812 4002 401f48 4003 402b2c 17 API calls 4002->4003 4004 401f4e 4003->4004 4005 405137 24 API calls 4004->4005 4006 401f58 4005->4006 4015 4056af CreateProcessA 4006->4015 4011 402783 4012 401f73 4014 401f7f FindCloseChangeNotification 4012->4014 4023 405f6e wsprintfA 4012->4023 4014->4011 4016 4056e2 CloseHandle 4015->4016 4017 401f5e 4015->4017 4016->4017 4017->4011 4017->4014 4018 40641d WaitForSingleObject 4017->4018 4019 406437 4018->4019 4020 406449 GetExitCodeProcess 4019->4020 4024 4063e4 4019->4024 4020->4012 4023->4014 4025 406401 PeekMessageA 4024->4025 4026 406411 WaitForSingleObject 4025->4026 4027 4063f7 DispatchMessageA 4025->4027 4026->4019 4027->4025 4813 401fc8 4814 402b2c 17 API calls 4813->4814 4815 401fcf 4814->4815 4816 4063a8 5 API calls 4815->4816 4817 401fde 4816->4817 4818 401ff6 GlobalAlloc 4817->4818 4819 40205e 4817->4819 4818->4819 4820 40200a 4818->4820 4821 4063a8 5 API calls 4820->4821 4822 402011 4821->4822 4823 4063a8 5 API calls 4822->4823 4824 40201b 4823->4824 4824->4819 4828 405f6e wsprintfA 4824->4828 4826 402052 4829 405f6e wsprintfA 4826->4829 4828->4826 4829->4819 4830 4025c8 4831 402b2c 17 API calls 4830->4831 4832 4025cf 4831->4832 4835 405ba9 GetFileAttributesA CreateFileA 4832->4835 4834 4025db 4835->4834 4070 403bca 4071 403be2 4070->4071 4072 403d1d 4070->4072 4071->4072 4073 403bee 4071->4073 4074 403d6e 4072->4074 4075 403d2e GetDlgItem GetDlgItem 4072->4075 4076 403bf9 SetWindowPos 4073->4076 4077 403c0c 4073->4077 4079 403dc8 4074->4079 4087 401389 2 API calls 4074->4087 4141 40409e 4075->4141 4076->4077 4081 403c11 ShowWindow 4077->4081 4082 403c29 4077->4082 4100 403d18 4079->4100 4147 4040ea 4079->4147 4081->4082 4084 403c31 DestroyWindow 4082->4084 4085 403c4b 4082->4085 4083 403d58 KiUserCallbackDispatcher 4144 40140b 4083->4144 4140 404027 4084->4140 4089 403c50 SetWindowLongA 4085->4089 4090 403c61 4085->4090 4088 403da0 4087->4088 4088->4079 4091 403da4 SendMessageA 4088->4091 4089->4100 4094 403d0a 4090->4094 4095 403c6d GetDlgItem 4090->4095 4091->4100 4092 40140b 2 API calls 4113 403dda 4092->4113 4093 404029 DestroyWindow EndDialog 4093->4140 4163 404105 4094->4163 4098 403c80 SendMessageA IsWindowEnabled 4095->4098 4099 403c9d 4095->4099 4097 404058 ShowWindow 4097->4100 4098->4099 4098->4100 4102 403caa 4099->4102 4103 403cf1 SendMessageA 4099->4103 4104 403cbd 4099->4104 4114 403ca2 4099->4114 4101 406032 17 API calls 4101->4113 4102->4103 4102->4114 4103->4094 4106 403cc5 4104->4106 4107 403cda 4104->4107 4109 40140b 2 API calls 4106->4109 4110 40140b 2 API calls 4107->4110 4108 403cd8 4108->4094 4109->4114 4112 403ce1 4110->4112 4111 40409e 18 API calls 4111->4113 4112->4094 4112->4114 4113->4092 4113->4093 4113->4100 4113->4101 4113->4111 4115 40409e 18 API calls 4113->4115 4131 403f69 DestroyWindow 4113->4131 4160 404077 4114->4160 4116 403e55 GetDlgItem 4115->4116 4117 403e72 ShowWindow KiUserCallbackDispatcher 4116->4117 4118 403e6a 4116->4118 4150 4040c0 KiUserCallbackDispatcher 4117->4150 4118->4117 4120 403e9c EnableWindow 4125 403eb0 4120->4125 4121 403eb5 GetSystemMenu EnableMenuItem SendMessageA 4122 403ee5 SendMessageA 4121->4122 4121->4125 4122->4125 4125->4121 4151 4040d3 SendMessageA 4125->4151 4152 403bab 4125->4152 4155 406010 lstrcpynA 4125->4155 4127 403f14 lstrlenA 4128 406032 17 API calls 4127->4128 4129 403f25 SetWindowTextA 4128->4129 4156 401389 4129->4156 4132 403f83 CreateDialogParamA 4131->4132 4131->4140 4133 403fb6 4132->4133 4132->4140 4134 40409e 18 API calls 4133->4134 4135 403fc1 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 4134->4135 4136 401389 2 API calls 4135->4136 4137 404007 4136->4137 4137->4100 4138 40400f ShowWindow 4137->4138 4139 4040ea SendMessageA 4138->4139 4139->4140 4140->4097 4140->4100 4142 406032 17 API calls 4141->4142 4143 4040a9 SetDlgItemTextA 4142->4143 4143->4083 4145 401389 2 API calls 4144->4145 4146 401420 4145->4146 4146->4074 4148 404102 4147->4148 4149 4040f3 SendMessageA 4147->4149 4148->4113 4149->4148 4150->4120 4151->4125 4153 406032 17 API calls 4152->4153 4154 403bb9 SetWindowTextA 4153->4154 4154->4125 4155->4127 4158 401390 4156->4158 4157 4013fe 4157->4113 4158->4157 4159 4013cb MulDiv SendMessageA 4158->4159 4159->4158 4161 404084 SendMessageA 4160->4161 4162 40407e 4160->4162 4161->4108 4162->4161 4164 40411d GetWindowLongA 4163->4164 4165 4041c8 4163->4165 4164->4165 4166 404132 4164->4166 4165->4100 4166->4165 4167 404162 4166->4167 4168 40415f GetSysColor 4166->4168 4169 404172 SetBkMode 4167->4169 4170 404168 SetTextColor 4167->4170 4168->4167 4171 404190 4169->4171 4172 40418a GetSysColor 4169->4172 4170->4169 4173 4041a1 4171->4173 4174 404197 SetBkColor 4171->4174 4172->4171 4173->4165 4175 4041b4 DeleteObject 4173->4175 4176 4041bb CreateBrushIndirect 4173->4176 4174->4173 4175->4176 4176->4165 4177 4014ca 4178 405137 24 API calls 4177->4178 4179 4014d1 4178->4179 4836 6f541058 4838 6f541074 4836->4838 4837 6f5410dc 4838->4837 4839 6f541091 4838->4839 4840 6f5414bb GlobalFree 4838->4840 4841 6f5414bb GlobalFree 4839->4841 4840->4839 4842 6f5410a1 4841->4842 4843 6f5410b1 4842->4843 4844 6f5410a8 GlobalSize 4842->4844 4845 6f5410b5 GlobalAlloc 4843->4845 4846 6f5410c6 4843->4846 4844->4843 4849 6f5414e2 wsprintfA 4845->4849 4848 6f5410d1 GlobalFree 4846->4848 4848->4837 4852 6f541266 4849->4852 4853 6f54126f GlobalAlloc lstrcpynA 4852->4853 4854 6f5412a8 4852->4854 4853->4854 4854->4846 4855 40254c 4856 402b6c 17 API calls 4855->4856 4857 402556 4856->4857 4858 402b0a 17 API calls 4857->4858 4859 40255f 4858->4859 4860 402586 RegEnumValueA 4859->4860 4861 40257a RegEnumKeyA 4859->4861 4862 402783 4859->4862 4863 40259b RegCloseKey 4860->4863 4861->4863 4863->4862 4865 6f54225a 4866 6f5422c4 4865->4866 4867 6f5422cf GlobalAlloc 4866->4867 4868 6f5422ee 4866->4868 4867->4866 4869 6f5416db 4870 6f54170b 4869->4870 4905 6f541a98 4870->4905 4872 6f541712 4873 6f541834 4872->4873 4876 6f541729 4872->4876 4932 6f5422af 4872->4932 4936 6f5422f1 4876->4936 4878 6f541770 4954 6f5424d8 4878->4954 4879 6f54178e 4883 6f541794 4879->4883 4884 6f5417dc 4879->4884 4880 6f541740 4888 6f541746 4880->4888 4945 6f5426b2 4880->4945 4881 6f541759 4881->4888 4951 6f542cc3 4881->4951 4970 6f54156b 4883->4970 4886 6f5424d8 11 API calls 4884->4886 4890 6f5417cd 4886->4890 4887 6f541776 4965 6f541559 4887->4965 4888->4878 4888->4879 4896 6f541823 4890->4896 4976 6f54249e 4890->4976 4895 6f5424d8 11 API calls 4895->4890 4896->4873 4898 6f54182d GlobalFree 4896->4898 4897 6f541266 2 API calls 4900 6f541782 GlobalFree 4897->4900 4898->4873 4900->4890 4902 6f54180f 4902->4896 4904 6f5414e2 3 API calls 4902->4904 4903 6f541808 FreeLibrary 4903->4902 4904->4896 4980 6f541215 GlobalAlloc 4905->4980 4907 6f541abf 4981 6f541215 GlobalAlloc 4907->4981 4909 6f541d00 GlobalFree GlobalFree GlobalFree 4910 6f541d1d 4909->4910 4923 6f541d67 4909->4923 4912 6f5420f1 4910->4912 4918 6f541d32 4910->4918 4910->4923 4911 6f541bbd GlobalAlloc 4924 6f541aca 4911->4924 4913 6f542113 GetModuleHandleA 4912->4913 4912->4923 4916 6f542124 LoadLibraryA 4913->4916 4930 6f542139 4913->4930 4914 6f541c08 lstrcpyA 4917 6f541c12 lstrcpyA 4914->4917 4915 6f541c26 GlobalFree 4915->4924 4916->4923 4916->4930 4917->4924 4918->4923 4984 6f541224 4918->4984 4919 6f541fb7 4987 6f541215 GlobalAlloc 4919->4987 4922 6f542197 lstrlenA 4922->4923 4923->4872 4924->4909 4924->4911 4924->4914 4924->4915 4924->4917 4924->4919 4924->4923 4925 6f541ef9 GlobalFree 4924->4925 4926 6f542033 4924->4926 4927 6f541224 2 API calls 4924->4927 4982 6f541534 GlobalSize GlobalAlloc 4924->4982 4925->4924 4926->4923 4929 6f54208c lstrcpyA 4926->4929 4927->4924 4929->4923 4930->4922 4930->4923 4931 6f541fbf 4931->4872 4933 6f5422c4 4932->4933 4934 6f5422cf GlobalAlloc 4933->4934 4935 6f5422ee 4933->4935 4934->4933 4935->4876 4943 6f54230a 4936->4943 4938 6f542446 GlobalFree 4939 6f541730 4938->4939 4938->4943 4939->4880 4939->4881 4939->4888 4940 6f5423b8 GlobalAlloc MultiByteToWideChar 4942 6f5423e4 GlobalAlloc CLSIDFromString GlobalFree 4940->4942 4940->4943 4941 6f541224 GlobalAlloc lstrcpynA 4941->4943 4942->4938 4943->4938 4943->4940 4943->4941 4989 6f5412ad 4943->4989 4993 6f542646 4943->4993 4949 6f5426e2 4945->4949 4946 6f542790 4948 6f542796 GlobalSize 4946->4948 4950 6f5427a0 4946->4950 4947 6f54277d GlobalAlloc 4947->4950 4948->4950 4949->4946 4949->4947 4950->4888 4952 6f542cce 4951->4952 4953 6f542d0e GlobalFree 4952->4953 4996 6f541215 GlobalAlloc 4954->4996 4956 6f542574 StringFromGUID2 WideCharToMultiByte 4962 6f5424e4 4956->4962 4957 6f542563 lstrcpynA 4957->4962 4958 6f542598 WideCharToMultiByte 4958->4962 4959 6f5425dd GlobalFree 4959->4962 4960 6f5425b9 wsprintfA 4960->4962 4961 6f542617 GlobalFree 4961->4887 4962->4956 4962->4957 4962->4958 4962->4959 4962->4960 4962->4961 4963 6f541266 2 API calls 4962->4963 4997 6f5412d1 4962->4997 4963->4962 5001 6f541215 GlobalAlloc 4965->5001 4967 6f54155e 4968 6f54156b 2 API calls 4967->4968 4969 6f541568 4968->4969 4969->4897 4971 6f5415a4 lstrcpyA 4970->4971 4972 6f541577 wsprintfA 4970->4972 4975 6f5415bd 4971->4975 4972->4975 4975->4895 4977 6f5417ef 4976->4977 4978 6f5424ac 4976->4978 4977->4902 4977->4903 4978->4977 4979 6f5424c5 GlobalFree 4978->4979 4979->4978 4980->4907 4981->4924 4983 6f541552 4982->4983 4983->4924 4988 6f541215 GlobalAlloc 4984->4988 4986 6f541233 lstrcpynA 4986->4923 4987->4931 4988->4986 4990 6f5412b4 4989->4990 4991 6f541224 2 API calls 4990->4991 4992 6f5412cf 4991->4992 4992->4943 4994 6f542654 VirtualAlloc 4993->4994 4995 6f5426aa 4993->4995 4994->4995 4995->4943 4996->4962 4998 6f5412f9 4997->4998 4999 6f5412da 4997->4999 4998->4962 4999->4998 5000 6f5412e0 lstrcpyA 4999->5000 5000->4998 5001->4967 5002 4041d4 lstrcpynA lstrlenA 4653 4014d6 4654 402b0a 17 API calls 4653->4654 4655 4014dc Sleep 4654->4655 4657 4029b8 4655->4657 4676 401759 4677 402b2c 17 API calls 4676->4677 4678 401760 4677->4678 4679 401786 4678->4679 4680 40177e 4678->4680 4716 406010 lstrcpynA 4679->4716 4715 406010 lstrcpynA 4680->4715 4683 401791 4685 4059a8 3 API calls 4683->4685 4684 401784 4687 40627a 5 API calls 4684->4687 4686 401797 lstrcatA 4685->4686 4686->4684 4691 4017a3 4687->4691 4688 406313 2 API calls 4688->4691 4690 405b84 2 API calls 4690->4691 4691->4688 4691->4690 4692 4017ba CompareFileTime 4691->4692 4693 40187e 4691->4693 4698 406010 lstrcpynA 4691->4698 4701 406032 17 API calls 4691->4701 4710 40572c MessageBoxIndirectA 4691->4710 4713 401855 4691->4713 4714 405ba9 GetFileAttributesA CreateFileA 4691->4714 4692->4691 4694 405137 24 API calls 4693->4694 4696 401888 4694->4696 4695 405137 24 API calls 4711 40186a 4695->4711 4697 402ffb 31 API calls 4696->4697 4699 40189b 4697->4699 4698->4691 4700 4018af SetFileTime 4699->4700 4702 4018c1 FindCloseChangeNotification 4699->4702 4700->4702 4701->4691 4703 4018d2 4702->4703 4702->4711 4704 4018d7 4703->4704 4705 4018ea 4703->4705 4706 406032 17 API calls 4704->4706 4707 406032 17 API calls 4705->4707 4708 4018df lstrcatA 4706->4708 4709 4018f2 4707->4709 4708->4709 4709->4711 4712 40572c MessageBoxIndirectA 4709->4712 4710->4691 4712->4711 4713->4695 4713->4711 4714->4691 4715->4684 4716->4683 5003 401659 5004 402b2c 17 API calls 5003->5004 5005 40165f 5004->5005 5006 406313 2 API calls 5005->5006 5007 401665 5006->5007 5008 401959 5009 402b0a 17 API calls 5008->5009 5010 401960 5009->5010 5011 402b0a 17 API calls 5010->5011 5012 40196d 5011->5012 5013 402b2c 17 API calls 5012->5013 5014 401984 lstrlenA 5013->5014 5016 401994 5014->5016 5015 4019d4 5016->5015 5020 406010 lstrcpynA 5016->5020 5018 4019c4 5018->5015 5019 4019c9 lstrlenA 5018->5019 5019->5015 5020->5018 4717 4024da 4718 402b6c 17 API calls 4717->4718 4719 4024e4 4718->4719 4720 402b2c 17 API calls 4719->4720 4721 4024ed 4720->4721 4722 4024f7 RegQueryValueExA 4721->4722 4723 402783 4721->4723 4724 40251d RegCloseKey 4722->4724 4725 402517 4722->4725 4724->4723 4725->4724 4728 405f6e wsprintfA 4725->4728 4728->4724 5021 401cda 5022 402b0a 17 API calls 5021->5022 5023 401ce0 IsWindow 5022->5023 5024 401a0e 5023->5024 5025 402cdd 5026 402d05 5025->5026 5027 402cec SetTimer 5025->5027 5028 402d5a 5026->5028 5029 402d1f MulDiv wsprintfA SetWindowTextA SetDlgItemTextA 5026->5029 5027->5026 5029->5028 5030 401a5e 5031 402b0a 17 API calls 5030->5031 5032 401a67 5031->5032 5033 402b0a 17 API calls 5032->5033 5034 401a0e 5033->5034 3883 401b63 3884 401b70 3883->3884 3885 401bb4 3883->3885 3886 40233b 3884->3886 3892 401b87 3884->3892 3887 401bb8 3885->3887 3888 401bdd GlobalAlloc 3885->3888 3890 406032 17 API calls 3886->3890 3901 401bf8 3887->3901 3902 406010 lstrcpynA 3887->3902 3889 406032 17 API calls 3888->3889 3889->3901 3891 402348 3890->3891 3891->3901 3905 40572c 3891->3905 3903 406010 lstrcpynA 3892->3903 3895 401bca GlobalFree 3895->3901 3897 401b96 3904 406010 lstrcpynA 3897->3904 3899 401ba5 3909 406010 lstrcpynA 3899->3909 3902->3895 3903->3897 3904->3899 3906 405741 3905->3906 3907 40578d 3906->3907 3908 405755 MessageBoxIndirectA 3906->3908 3907->3901 3908->3907 3909->3901 5035 401563 5036 402960 5035->5036 5039 405f6e wsprintfA 5036->5039 5038 402965 5039->5038 5040 402363 5041 402371 5040->5041 5042 40236b 5040->5042 5044 402381 5041->5044 5046 402b2c 17 API calls 5041->5046 5043 402b2c 17 API calls 5042->5043 5043->5041 5045 40238f 5044->5045 5047 402b2c 17 API calls 5044->5047 5048 402b2c 17 API calls 5045->5048 5046->5044 5047->5045 5049 402398 WritePrivateProfileStringA 5048->5049 3982 402765 3983 402b2c 17 API calls 3982->3983 3984 40276c FindFirstFileA 3983->3984 3985 40278f 3984->3985 3989 40277f 3984->3989 3990 405f6e wsprintfA 3985->3990 3987 402796 3991 406010 lstrcpynA 3987->3991 3990->3987 3991->3989 4028 4023e8 4029 40241a 4028->4029 4030 4023ef 4028->4030 4031 402b2c 17 API calls 4029->4031 4039 402b6c 4030->4039 4033 402421 4031->4033 4044 402bea 4033->4044 4036 40242e 4037 402b2c 17 API calls 4038 402407 RegDeleteValueA RegCloseKey 4037->4038 4038->4036 4040 402b2c 17 API calls 4039->4040 4041 402b83 4040->4041 4042 405e96 RegOpenKeyExA 4041->4042 4043 4023f6 4042->4043 4043->4036 4043->4037 4045 402bfd 4044->4045 4047 402bf6 4044->4047 4045->4047 4048 402c2e 4045->4048 4047->4036 4049 405e96 RegOpenKeyExA 4048->4049 4050 402c5c 4049->4050 4051 402c60 4050->4051 4052 402cd6 4050->4052 4053 402c82 RegEnumKeyA 4051->4053 4054 402c99 RegCloseKey 4051->4054 4055 402cba RegCloseKey 4051->4055 4057 402c2e 6 API calls 4051->4057 4052->4047 4053->4051 4053->4054 4061 4063a8 GetModuleHandleA 4054->4061 4055->4052 4057->4051 4059 402cca RegDeleteKeyA 4059->4052 4060 402cad 4060->4052 4062 4063c4 4061->4062 4063 4063ce GetProcAddress 4061->4063 4067 40633a GetSystemDirectoryA 4062->4067 4065 402ca9 4063->4065 4065->4059 4065->4060 4066 4063ca 4066->4063 4066->4065 4068 40635c wsprintfA LoadLibraryExA 4067->4068 4068->4066 5050 4044e9 5051 4044f9 5050->5051 5052 40451f 5050->5052 5053 40409e 18 API calls 5051->5053 5054 404105 8 API calls 5052->5054 5055 404506 SetDlgItemTextA 5053->5055 5056 40452b 5054->5056 5055->5052 4180 40206a 4181 40212a 4180->4181 4182 40207c 4180->4182 4184 401423 24 API calls 4181->4184 4183 402b2c 17 API calls 4182->4183 4185 402083 4183->4185 4190 4022a9 4184->4190 4186 402b2c 17 API calls 4185->4186 4187 40208c 4186->4187 4188 4020a1 LoadLibraryExA 4187->4188 4189 402094 GetModuleHandleA 4187->4189 4188->4181 4191 4020b1 GetProcAddress 4188->4191 4189->4188 4189->4191 4192 4020c0 4191->4192 4193 4020fd 4191->4193 4195 4020d0 4192->4195 4198 401423 4192->4198 4194 405137 24 API calls 4193->4194 4194->4195 4195->4190 4197 40211e FreeLibrary 4195->4197 4197->4190 4199 405137 24 API calls 4198->4199 4200 401431 4199->4200 4200->4195 5057 40166a 5058 402b2c 17 API calls 5057->5058 5059 401671 5058->5059 5060 402b2c 17 API calls 5059->5060 5061 40167a 5060->5061 5062 402b2c 17 API calls 5061->5062 5063 401683 MoveFileA 5062->5063 5064 401696 5063->5064 5065 40168f 5063->5065 5067 406313 2 API calls 5064->5067 5069 4022a9 5064->5069 5066 401423 24 API calls 5065->5066 5066->5069 5068 4016a5 5067->5068 5068->5069 5070 405def 36 API calls 5068->5070 5070->5065 5071 4025ea 5072 402603 5071->5072 5073 4025ef 5071->5073 5075 402b2c 17 API calls 5072->5075 5074 402b0a 17 API calls 5073->5074 5077 4025f8 5074->5077 5076 40260a lstrlenA 5075->5076 5076->5077 5078 405c50 WriteFile 5077->5078 5079 40262c 5077->5079 5078->5079 4223 40326b SetErrorMode GetVersion 4224 4032ac 4223->4224 4227 4032b2 4223->4227 4225 4063a8 5 API calls 4224->4225 4225->4227 4226 40633a 3 API calls 4228 4032c8 lstrlenA 4226->4228 4227->4226 4228->4227 4229 4032d7 4228->4229 4230 4063a8 5 API calls 4229->4230 4231 4032de 4230->4231 4232 4063a8 5 API calls 4231->4232 4233 4032e5 4232->4233 4234 4063a8 5 API calls 4233->4234 4235 4032f1 #17 OleInitialize SHGetFileInfoA 4234->4235 4313 406010 lstrcpynA 4235->4313 4238 40333d GetCommandLineA 4314 406010 lstrcpynA 4238->4314 4240 40334f 4241 4059d3 CharNextA 4240->4241 4242 403378 CharNextA 4241->4242 4251 403388 4242->4251 4243 403452 4244 403465 GetTempPathA 4243->4244 4315 40323a 4244->4315 4246 40347d 4248 403481 GetWindowsDirectoryA lstrcatA 4246->4248 4249 4034d7 DeleteFileA 4246->4249 4247 4059d3 CharNextA 4247->4251 4252 40323a 12 API calls 4248->4252 4325 402dc4 GetTickCount GetModuleFileNameA 4249->4325 4251->4243 4251->4247 4253 403454 4251->4253 4255 40349d 4252->4255 4409 406010 lstrcpynA 4253->4409 4254 4034eb 4256 403581 4254->4256 4260 403571 4254->4260 4264 4059d3 CharNextA 4254->4264 4255->4249 4258 4034a1 GetTempPathA lstrcatA SetEnvironmentVariableA SetEnvironmentVariableA 4255->4258 4426 403753 4256->4426 4259 40323a 12 API calls 4258->4259 4262 4034cf 4259->4262 4353 40382d 4260->4353 4262->4249 4262->4256 4266 403506 4264->4266 4275 4035b1 4266->4275 4276 40354c 4266->4276 4267 4036b9 4269 4036c1 GetCurrentProcess OpenProcessToken 4267->4269 4270 40373b ExitProcess 4267->4270 4268 40359b 4271 40572c MessageBoxIndirectA 4268->4271 4272 40370c 4269->4272 4273 4036dc LookupPrivilegeValueA AdjustTokenPrivileges 4269->4273 4277 4035a9 ExitProcess 4271->4277 4278 4063a8 5 API calls 4272->4278 4273->4272 4433 405697 4275->4433 4410 405a96 4276->4410 4282 403713 4278->4282 4286 403728 ExitWindowsEx 4282->4286 4289 403734 4282->4289 4284 4035d2 lstrcatA lstrcmpiA 4284->4256 4288 4035ee 4284->4288 4285 4035c7 lstrcatA 4285->4284 4286->4270 4286->4289 4291 4035f3 4288->4291 4292 4035fa 4288->4292 4293 40140b 2 API calls 4289->4293 4290 403566 4425 406010 lstrcpynA 4290->4425 4436 4055fd CreateDirectoryA 4291->4436 4441 40567a CreateDirectoryA 4292->4441 4293->4270 4298 4035ff SetCurrentDirectoryA 4299 403619 4298->4299 4300 40360e 4298->4300 4445 406010 lstrcpynA 4299->4445 4444 406010 lstrcpynA 4300->4444 4303 406032 17 API calls 4304 403658 DeleteFileA 4303->4304 4305 403665 CopyFileA 4304->4305 4310 403627 4304->4310 4305->4310 4306 4036ad 4308 405def 36 API calls 4306->4308 4308->4256 4309 406032 17 API calls 4309->4310 4310->4303 4310->4306 4310->4309 4311 4056af 2 API calls 4310->4311 4312 403699 CloseHandle 4310->4312 4446 405def MoveFileExA 4310->4446 4311->4310 4312->4310 4313->4238 4314->4240 4316 40627a 5 API calls 4315->4316 4318 403246 4316->4318 4317 403250 4317->4246 4318->4317 4450 4059a8 lstrlenA CharPrevA 4318->4450 4321 40567a 2 API calls 4322 40325e 4321->4322 4323 405bd8 2 API calls 4322->4323 4324 403269 4323->4324 4324->4246 4453 405ba9 GetFileAttributesA CreateFileA 4325->4453 4327 402e04 4351 402e14 4327->4351 4454 406010 lstrcpynA 4327->4454 4329 402e2a 4455 4059ef lstrlenA 4329->4455 4333 402e3b GetFileSize 4348 402f35 4333->4348 4352 402e52 4333->4352 4335 402f3e 4337 402f6e GlobalAlloc 4335->4337 4335->4351 4472 403223 SetFilePointer 4335->4472 4336 40320d ReadFile 4336->4352 4471 403223 SetFilePointer 4337->4471 4339 402fa1 4343 402d60 6 API calls 4339->4343 4341 402f57 4344 40320d ReadFile 4341->4344 4342 402f89 4345 402ffb 31 API calls 4342->4345 4343->4351 4346 402f62 4344->4346 4349 402f95 4345->4349 4346->4337 4346->4351 4347 402d60 6 API calls 4347->4352 4460 402d60 4348->4460 4349->4349 4350 402fd2 SetFilePointer 4349->4350 4349->4351 4350->4351 4351->4254 4352->4336 4352->4339 4352->4347 4352->4348 4352->4351 4354 4063a8 5 API calls 4353->4354 4355 403841 4354->4355 4356 403847 4355->4356 4357 403859 4355->4357 4488 405f6e wsprintfA 4356->4488 4358 405ef7 3 API calls 4357->4358 4359 403884 4358->4359 4360 4038a2 lstrcatA 4359->4360 4362 405ef7 3 API calls 4359->4362 4363 403857 4360->4363 4362->4360 4473 403af2 4363->4473 4366 405a96 18 API calls 4368 4038d4 4366->4368 4367 40395d 4369 405a96 18 API calls 4367->4369 4368->4367 4370 405ef7 3 API calls 4368->4370 4371 403963 4369->4371 4372 403900 4370->4372 4373 403973 LoadImageA 4371->4373 4376 406032 17 API calls 4371->4376 4372->4367 4379 40391c lstrlenA 4372->4379 4383 4059d3 CharNextA 4372->4383 4374 403a19 4373->4374 4375 40399a RegisterClassA 4373->4375 4378 40140b 2 API calls 4374->4378 4377 4039d0 SystemParametersInfoA CreateWindowExA 4375->4377 4408 403a23 4375->4408 4376->4373 4377->4374 4382 403a1f 4378->4382 4380 403950 4379->4380 4381 40392a lstrcmpiA 4379->4381 4386 4059a8 3 API calls 4380->4386 4381->4380 4385 40393a GetFileAttributesA 4381->4385 4388 403af2 18 API calls 4382->4388 4382->4408 4384 40391a 4383->4384 4384->4379 4387 403946 4385->4387 4389 403956 4386->4389 4387->4380 4390 4059ef 2 API calls 4387->4390 4391 403a30 4388->4391 4489 406010 lstrcpynA 4389->4489 4390->4380 4393 403a3c ShowWindow 4391->4393 4394 403abf 4391->4394 4396 40633a 3 API calls 4393->4396 4481 405209 OleInitialize 4394->4481 4398 403a54 4396->4398 4397 403ac5 4399 403ae1 4397->4399 4400 403ac9 4397->4400 4401 403a62 GetClassInfoA 4398->4401 4405 40633a 3 API calls 4398->4405 4404 40140b 2 API calls 4399->4404 4407 40140b 2 API calls 4400->4407 4400->4408 4402 403a76 GetClassInfoA RegisterClassA 4401->4402 4403 403a8c DialogBoxParamA 4401->4403 4402->4403 4406 40140b 2 API calls 4403->4406 4404->4408 4405->4401 4406->4408 4407->4408 4408->4256 4409->4244 4491 406010 lstrcpynA 4410->4491 4412 405aa7 4492 405a41 CharNextA CharNextA 4412->4492 4415 403557 4415->4256 4424 406010 lstrcpynA 4415->4424 4416 40627a 5 API calls 4422 405abd 4416->4422 4417 405ae8 lstrlenA 4418 405af3 4417->4418 4417->4422 4419 4059a8 3 API calls 4418->4419 4421 405af8 GetFileAttributesA 4419->4421 4421->4415 4422->4415 4422->4417 4423 4059ef 2 API calls 4422->4423 4498 406313 FindFirstFileA 4422->4498 4423->4417 4424->4290 4425->4260 4427 40376b 4426->4427 4428 40375d CloseHandle 4426->4428 4501 403798 4427->4501 4428->4427 4434 4063a8 5 API calls 4433->4434 4435 4035b6 lstrcatA 4434->4435 4435->4284 4435->4285 4437 4035f8 4436->4437 4438 40564e GetLastError 4436->4438 4437->4298 4438->4437 4439 40565d SetFileSecurityA 4438->4439 4439->4437 4440 405673 GetLastError 4439->4440 4440->4437 4442 40568a 4441->4442 4443 40568e GetLastError 4441->4443 4442->4298 4443->4442 4444->4299 4445->4310 4447 405e10 4446->4447 4448 405e03 4446->4448 4447->4310 4555 405c7f 4448->4555 4451 4059c2 lstrcatA 4450->4451 4452 403258 4450->4452 4451->4452 4452->4321 4453->4327 4454->4329 4456 4059fc 4455->4456 4457 405a01 CharPrevA 4456->4457 4458 402e30 4456->4458 4457->4456 4457->4458 4459 406010 lstrcpynA 4458->4459 4459->4333 4461 402d81 4460->4461 4462 402d69 4460->4462 4465 402d91 GetTickCount 4461->4465 4466 402d89 4461->4466 4463 402d72 DestroyWindow 4462->4463 4464 402d79 4462->4464 4463->4464 4464->4335 4468 402dc2 4465->4468 4469 402d9f CreateDialogParamA ShowWindow 4465->4469 4467 4063e4 2 API calls 4466->4467 4470 402d8f 4467->4470 4468->4335 4469->4468 4470->4335 4471->4342 4472->4341 4474 403b06 4473->4474 4490 405f6e wsprintfA 4474->4490 4476 403b77 4477 403bab 18 API calls 4476->4477 4479 403b7c 4477->4479 4478 4038b2 4478->4366 4479->4478 4480 406032 17 API calls 4479->4480 4480->4479 4482 4040ea SendMessageA 4481->4482 4487 40522c 4482->4487 4483 405253 4484 4040ea SendMessageA 4483->4484 4485 405265 OleUninitialize 4484->4485 4485->4397 4486 401389 2 API calls 4486->4487 4487->4483 4487->4486 4488->4363 4489->4367 4490->4476 4491->4412 4493 405a5c 4492->4493 4496 405a6c 4492->4496 4495 405a67 CharNextA 4493->4495 4493->4496 4494 405a8c 4494->4415 4494->4416 4495->4494 4496->4494 4497 4059d3 CharNextA 4496->4497 4497->4496 4499 406334 4498->4499 4500 406329 FindClose 4498->4500 4499->4422 4500->4499 4502 4037a6 4501->4502 4503 403770 4502->4503 4504 4037ab FreeLibrary GlobalFree 4502->4504 4505 4057d8 4503->4505 4504->4503 4504->4504 4506 405a96 18 API calls 4505->4506 4507 4057f8 4506->4507 4508 405800 DeleteFileA 4507->4508 4509 405817 4507->4509 4510 40358a OleUninitialize 4508->4510 4511 405945 4509->4511 4545 406010 lstrcpynA 4509->4545 4510->4267 4510->4268 4511->4510 4518 406313 2 API calls 4511->4518 4513 40583d 4514 405850 4513->4514 4515 405843 lstrcatA 4513->4515 4517 4059ef 2 API calls 4514->4517 4516 405856 4515->4516 4519 405864 lstrcatA 4516->4519 4521 40586f lstrlenA FindFirstFileA 4516->4521 4517->4516 4520 405969 4518->4520 4519->4521 4520->4510 4522 40596d 4520->4522 4521->4511 4528 405893 4521->4528 4523 4059a8 3 API calls 4522->4523 4525 405973 4523->4525 4524 4059d3 CharNextA 4524->4528 4526 405790 5 API calls 4525->4526 4527 40597f 4526->4527 4529 405983 4527->4529 4530 405999 4527->4530 4528->4524 4533 405924 FindNextFileA 4528->4533 4542 4058e5 4528->4542 4546 406010 lstrcpynA 4528->4546 4529->4510 4534 405137 24 API calls 4529->4534 4532 405137 24 API calls 4530->4532 4532->4510 4533->4528 4535 40593c FindClose 4533->4535 4536 405990 4534->4536 4535->4511 4537 405def 36 API calls 4536->4537 4540 405997 4537->4540 4539 4057d8 60 API calls 4539->4542 4540->4510 4541 405137 24 API calls 4541->4533 4542->4533 4542->4539 4542->4541 4543 405137 24 API calls 4542->4543 4544 405def 36 API calls 4542->4544 4547 405790 4542->4547 4543->4542 4544->4542 4545->4513 4546->4528 4548 405b84 2 API calls 4547->4548 4549 40579c 4548->4549 4550 4057bd 4549->4550 4551 4057b3 DeleteFileA 4549->4551 4552 4057ab RemoveDirectoryA 4549->4552 4550->4542 4553 4057b9 4551->4553 4552->4553 4553->4550 4554 4057c9 SetFileAttributesA 4553->4554 4554->4550 4556 405ca5 4555->4556 4557 405ccb GetShortPathNameA 4555->4557 4582 405ba9 GetFileAttributesA CreateFileA 4556->4582 4559 405ce0 4557->4559 4560 405dea 4557->4560 4559->4560 4562 405ce8 wsprintfA 4559->4562 4560->4447 4561 405caf CloseHandle GetShortPathNameA 4561->4560 4563 405cc3 4561->4563 4564 406032 17 API calls 4562->4564 4563->4557 4563->4560 4565 405d10 4564->4565 4583 405ba9 GetFileAttributesA CreateFileA 4565->4583 4567 405d1d 4567->4560 4568 405d2c GetFileSize GlobalAlloc 4567->4568 4569 405de3 CloseHandle 4568->4569 4570 405d4e 4568->4570 4569->4560 4571 405c21 ReadFile 4570->4571 4572 405d56 4571->4572 4572->4569 4584 405b0e lstrlenA 4572->4584 4575 405d81 4577 405b0e 4 API calls 4575->4577 4576 405d6d lstrcpyA 4578 405d8f 4576->4578 4577->4578 4579 405dc6 SetFilePointer 4578->4579 4580 405c50 WriteFile 4579->4580 4581 405ddc GlobalFree 4580->4581 4581->4569 4582->4561 4583->4567 4585 405b4f lstrlenA 4584->4585 4586 405b57 4585->4586 4587 405b28 lstrcmpiA 4585->4587 4586->4575 4586->4576 4587->4586 4588 405b46 CharNextA 4587->4588 4588->4585 5080 4037eb 5081 4037f6 5080->5081 5082 4037fa 5081->5082 5083 4037fd GlobalAlloc 5081->5083 5083->5082 5084 4019ed 5085 402b2c 17 API calls 5084->5085 5086 4019f4 5085->5086 5087 402b2c 17 API calls 5086->5087 5088 4019fd 5087->5088 5089 401a04 lstrcmpiA 5088->5089 5090 401a16 lstrcmpA 5088->5090 5091 401a0a 5089->5091 5090->5091 4589 4026ef 4590 4026f6 4589->4590 4593 402965 4589->4593 4591 402b0a 17 API calls 4590->4591 4592 4026fd 4591->4592 4594 40270c SetFilePointer 4592->4594 4594->4593 4595 40271c 4594->4595 4597 405f6e wsprintfA 4595->4597 4597->4593 5092 40156f 5093 401586 5092->5093 5094 40157f ShowWindow 5092->5094 5095 401594 ShowWindow 5093->5095 5096 4029b8 5093->5096 5094->5093 5095->5096 5097 4014f4 SetForegroundWindow 5098 4029b8 5097->5098 5099 6f5410e0 5108 6f54110e 5099->5108 5100 6f5411c4 GlobalFree 5101 6f5412ad 2 API calls 5101->5108 5102 6f5411c3 5102->5100 5103 6f5411ea GlobalFree 5103->5108 5104 6f541266 2 API calls 5107 6f5411b1 GlobalFree 5104->5107 5105 6f541155 GlobalAlloc 5105->5108 5106 6f5412d1 lstrcpyA 5106->5108 5107->5108 5108->5100 5108->5101 5108->5102 5108->5103 5108->5104 5108->5105 5108->5106 5108->5107 4604 405275 4605 405420 4604->4605 4606 405297 GetDlgItem GetDlgItem GetDlgItem 4604->4606 4608 405450 4605->4608 4609 405428 GetDlgItem CreateThread FindCloseChangeNotification 4605->4609 4649 4040d3 SendMessageA 4606->4649 4610 40547e 4608->4610 4612 405466 ShowWindow ShowWindow 4608->4612 4613 40549f 4608->4613 4609->4608 4652 405209 5 API calls 4609->4652 4614 4054d9 4610->4614 4616 4054b2 ShowWindow 4610->4616 4617 40548e 4610->4617 4611 405307 4619 40530e GetClientRect GetSystemMetrics SendMessageA SendMessageA 4611->4619 4651 4040d3 SendMessageA 4612->4651 4618 404105 8 API calls 4613->4618 4614->4613 4622 4054e6 SendMessageA 4614->4622 4625 4054d2 4616->4625 4626 4054c4 4616->4626 4623 404077 SendMessageA 4617->4623 4624 4054ab 4618->4624 4620 405360 SendMessageA SendMessageA 4619->4620 4621 40537c 4619->4621 4620->4621 4627 405381 SendMessageA 4621->4627 4628 40538f 4621->4628 4622->4624 4629 4054ff CreatePopupMenu 4622->4629 4623->4613 4631 404077 SendMessageA 4625->4631 4630 405137 24 API calls 4626->4630 4627->4628 4633 40409e 18 API calls 4628->4633 4632 406032 17 API calls 4629->4632 4630->4625 4631->4614 4634 40550f AppendMenuA 4632->4634 4635 40539f 4633->4635 4636 405540 TrackPopupMenu 4634->4636 4637 40552d GetWindowRect 4634->4637 4638 4053a8 ShowWindow 4635->4638 4639 4053dc GetDlgItem SendMessageA 4635->4639 4636->4624 4640 40555c 4636->4640 4637->4636 4641 4053cb 4638->4641 4642 4053be ShowWindow 4638->4642 4639->4624 4643 405403 SendMessageA SendMessageA 4639->4643 4644 40557b SendMessageA 4640->4644 4650 4040d3 SendMessageA 4641->4650 4642->4641 4643->4624 4644->4644 4645 405598 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 4644->4645 4647 4055ba SendMessageA 4645->4647 4647->4647 4648 4055dc GlobalUnlock SetClipboardData CloseClipboard 4647->4648 4648->4624 4649->4611 4650->4639 4651->4610 5109 6f542be3 5110 6f542bfb 5109->5110 5111 6f541534 2 API calls 5110->5111 5112 6f542c16 5111->5112 5113 401cfb 5114 402b0a 17 API calls 5113->5114 5115 401d02 5114->5115 5116 402b0a 17 API calls 5115->5116 5117 401d0e GetDlgItem 5116->5117 5118 4025e4 5117->5118 5119 4018fd 5120 401934 5119->5120 5121 402b2c 17 API calls 5120->5121 5122 401939 5121->5122 5123 4057d8 67 API calls 5122->5123 5124 401942 5123->5124 5125 401dff GetDC 5126 402b0a 17 API calls 5125->5126 5127 401e11 GetDeviceCaps MulDiv ReleaseDC 5126->5127 5128 402b0a 17 API calls 5127->5128 5129 401e42 5128->5129 5130 406032 17 API calls 5129->5130 5131 401e7f CreateFontIndirectA 5130->5131 5132 4025e4 5131->5132 5133 401000 5134 401037 BeginPaint GetClientRect 5133->5134 5136 40100c DefWindowProcA 5133->5136 5137 4010f3 5134->5137 5140 401179 5136->5140 5138 401073 CreateBrushIndirect FillRect DeleteObject 5137->5138 5139 4010fc 5137->5139 5138->5137 5141 401102 CreateFontIndirectA 5139->5141 5142 401167 EndPaint 5139->5142 5141->5142 5143 401112 6 API calls 5141->5143 5142->5140 5143->5142 5144 401900 5145 402b2c 17 API calls 5144->5145 5146 401907 5145->5146 5147 40572c MessageBoxIndirectA 5146->5147 5148 401910 5147->5148 5149 404881 5150 404891 5149->5150 5151 4048ad 5149->5151 5160 405710 GetDlgItemTextA 5150->5160 5153 4048e0 5151->5153 5154 4048b3 SHGetPathFromIDListA 5151->5154 5156 4048ca SendMessageA 5154->5156 5157 4048c3 5154->5157 5155 40489e SendMessageA 5155->5151 5156->5153 5158 40140b 2 API calls 5157->5158 5158->5156 5160->5155 5161 401502 5162 40150a 5161->5162 5164 40151d 5161->5164 5163 402b0a 17 API calls 5162->5163 5163->5164 5165 404209 5166 40421f 5165->5166 5173 40432b 5165->5173 5170 40409e 18 API calls 5166->5170 5167 40439a 5168 404464 5167->5168 5169 4043a4 GetDlgItem 5167->5169 5175 404105 8 API calls 5168->5175 5171 404422 5169->5171 5172 4043ba 5169->5172 5174 404275 5170->5174 5171->5168 5181 404434 5171->5181 5172->5171 5180 4043e0 SendMessageA LoadCursorA SetCursor 5172->5180 5173->5167 5173->5168 5176 40436f GetDlgItem SendMessageA 5173->5176 5177 40409e 18 API calls 5174->5177 5179 40445f 5175->5179 5198 4040c0 KiUserCallbackDispatcher 5176->5198 5178 404282 CheckDlgButton 5177->5178 5196 4040c0 KiUserCallbackDispatcher 5178->5196 5202 4044ad 5180->5202 5185 40443a SendMessageA 5181->5185 5186 40444b 5181->5186 5185->5186 5186->5179 5190 404451 SendMessageA 5186->5190 5187 404395 5199 404489 5187->5199 5188 4042a0 GetDlgItem 5197 4040d3 SendMessageA 5188->5197 5190->5179 5193 4042b6 SendMessageA 5194 4042d4 GetSysColor 5193->5194 5195 4042dd SendMessageA SendMessageA lstrlenA SendMessageA SendMessageA 5193->5195 5194->5195 5195->5179 5196->5188 5197->5193 5198->5187 5200 404497 5199->5200 5201 40449c SendMessageA 5199->5201 5200->5201 5201->5167 5205 4056f2 ShellExecuteExA 5202->5205 5204 404413 LoadCursorA SetCursor 5204->5171 5205->5204 4201 401c0a 4202 402b0a 17 API calls 4201->4202 4203 401c11 4202->4203 4204 402b0a 17 API calls 4203->4204 4205 401c1e 4204->4205 4206 402b2c 17 API calls 4205->4206 4209 401c33 4205->4209 4206->4209 4207 401c9a 4212 402b2c 17 API calls 4207->4212 4208 401c4e 4211 402b0a 17 API calls 4208->4211 4210 402b2c 17 API calls 4209->4210 4213 401c43 4209->4213 4210->4213 4214 401c53 4211->4214 4215 401c9f 4212->4215 4213->4207 4213->4208 4216 402b0a 17 API calls 4214->4216 4217 402b2c 17 API calls 4215->4217 4218 401c5f 4216->4218 4219 401ca8 FindWindowExA 4217->4219 4220 401c8a SendMessageA 4218->4220 4221 401c6c SendMessageTimeoutA 4218->4221 4222 401cc6 4219->4222 4220->4222 4221->4222 5206 401e8f 5207 402b0a 17 API calls 5206->5207 5208 401e95 5207->5208 5209 402b0a 17 API calls 5208->5209 5210 401ea1 5209->5210 5211 401eb8 EnableWindow 5210->5211 5212 401ead ShowWindow 5210->5212 5213 4029b8 5211->5213 5212->5213 5214 401490 5215 405137 24 API calls 5214->5215 5216 401497 5215->5216 5217 402993 SendMessageA 5218 4029b8 5217->5218 5219 4029ad InvalidateRect 5217->5219 5219->5218 5220 6f541000 5223 6f54101b 5220->5223 5224 6f5414bb GlobalFree 5223->5224 5225 6f541020 5224->5225 5226 6f541024 5225->5226 5227 6f541027 GlobalAlloc 5225->5227 5228 6f5414e2 3 API calls 5226->5228 5227->5226 5229 6f541019 5228->5229 5230 401f98 5231 402b2c 17 API calls 5230->5231 5232 401f9f 5231->5232 5233 406313 2 API calls 5232->5233 5234 401fa5 5233->5234 5236 401fb7 5234->5236 5237 405f6e wsprintfA 5234->5237 5237->5236 5238 40149d 5239 4014ab PostQuitMessage 5238->5239 5240 40234e 5238->5240 5239->5240 5241 40159d 5242 402b2c 17 API calls 5241->5242 5243 4015a4 SetFileAttributesA 5242->5243 5244 4015b6 5243->5244 5245 401a1e 5246 402b2c 17 API calls 5245->5246 5247 401a27 ExpandEnvironmentStringsA 5246->5247 5248 401a3b 5247->5248 5249 401a4e 5247->5249 5248->5249 5250 401a40 lstrcmpA 5248->5250 5250->5249 5256 40171f 5257 402b2c 17 API calls 5256->5257 5258 401726 SearchPathA 5257->5258 5259 401741 5258->5259 5260 401d20 5261 402b0a 17 API calls 5260->5261 5262 401d2e SetWindowLongA 5261->5262 5263 4029b8 5262->5263 3879 402721 3880 402727 3879->3880 3881 40272f FindClose 3880->3881 3882 4029b8 3880->3882 3881->3882 3910 4027a3 3911 402b2c 17 API calls 3910->3911 3912 4027b1 3911->3912 3913 4027c7 3912->3913 3914 402b2c 17 API calls 3912->3914 3938 405b84 GetFileAttributesA 3913->3938 3914->3913 3918 4027da 3919 4027e6 GlobalAlloc 3918->3919 3920 40287d 3918->3920 3921 402874 FindCloseChangeNotification 3919->3921 3922 4027ff 3919->3922 3923 402885 DeleteFileA 3920->3923 3924 402898 3920->3924 3921->3920 3942 403223 SetFilePointer 3922->3942 3923->3924 3926 402805 3943 40320d 3926->3943 3929 402852 3966 405c50 WriteFile 3929->3966 3930 40281e 3946 402ffb 3930->3946 3934 402ffb 31 API calls 3936 402871 3934->3936 3935 402849 GlobalFree 3935->3929 3936->3921 3937 40282b 3937->3935 3939 4027cd 3938->3939 3940 405b96 SetFileAttributesA 3938->3940 3941 405ba9 GetFileAttributesA CreateFileA 3939->3941 3940->3939 3941->3918 3942->3926 3968 405c21 ReadFile 3943->3968 3947 403011 3946->3947 3948 40303f 3947->3948 3981 403223 SetFilePointer 3947->3981 3949 40320d ReadFile 3948->3949 3951 40304a 3949->3951 3952 4031a6 3951->3952 3953 40305c GetTickCount 3951->3953 3955 403190 3951->3955 3954 4031e8 3952->3954 3959 4031aa 3952->3959 3953->3955 3962 4030ab 3953->3962 3956 40320d ReadFile 3954->3956 3955->3937 3956->3955 3957 40320d ReadFile 3957->3962 3958 40320d ReadFile 3958->3959 3959->3955 3959->3958 3960 405c50 WriteFile 3959->3960 3960->3959 3961 403101 GetTickCount 3961->3962 3962->3955 3962->3957 3962->3961 3963 403126 MulDiv wsprintfA 3962->3963 3965 405c50 WriteFile 3962->3965 3970 405137 3963->3970 3965->3962 3967 40285e GlobalFree 3966->3967 3967->3934 3969 40280e GlobalAlloc 3968->3969 3969->3929 3969->3930 3971 405152 3970->3971 3980 4051f5 3970->3980 3972 40516f lstrlenA 3971->3972 3973 406032 17 API calls 3971->3973 3974 405198 3972->3974 3975 40517d lstrlenA 3972->3975 3973->3972 3977 4051ab 3974->3977 3978 40519e SetWindowTextA 3974->3978 3976 40518f lstrcatA 3975->3976 3975->3980 3976->3974 3979 4051b1 SendMessageA SendMessageA SendMessageA 3977->3979 3977->3980 3978->3977 3979->3980 3980->3962 3981->3948 5264 404aa3 GetDlgItem GetDlgItem 5265 404af9 7 API calls 5264->5265 5268 404d20 5264->5268 5266 404ba1 DeleteObject 5265->5266 5267 404b95 SendMessageA 5265->5267 5269 404bac 5266->5269 5267->5266 5287 404e02 5268->5287 5296 404d8f 5268->5296 5317 4049f1 SendMessageA 5268->5317 5270 404be3 5269->5270 5272 406032 17 API calls 5269->5272 5273 40409e 18 API calls 5270->5273 5271 404eae 5275 404ec0 5271->5275 5276 404eb8 SendMessageA 5271->5276 5277 404bc5 SendMessageA SendMessageA 5272->5277 5278 404bf7 5273->5278 5274 404d13 5281 404105 8 API calls 5274->5281 5288 404ed2 ImageList_Destroy 5275->5288 5289 404ed9 5275->5289 5293 404ee9 5275->5293 5276->5275 5277->5269 5279 40409e 18 API calls 5278->5279 5297 404c08 5279->5297 5280 404e5b SendMessageA 5280->5274 5285 404e70 SendMessageA 5280->5285 5286 4050a4 5281->5286 5282 404df4 SendMessageA 5282->5287 5284 405058 5284->5274 5294 40506a ShowWindow GetDlgItem ShowWindow 5284->5294 5291 404e83 5285->5291 5287->5271 5287->5274 5287->5280 5288->5289 5292 404ee2 GlobalFree 5289->5292 5289->5293 5290 404ce2 GetWindowLongA SetWindowLongA 5295 404cfb 5290->5295 5302 404e94 SendMessageA 5291->5302 5292->5293 5293->5284 5311 404f24 5293->5311 5322 404a71 5293->5322 5294->5274 5298 404d00 ShowWindow 5295->5298 5299 404d18 5295->5299 5296->5282 5296->5287 5297->5290 5301 404c5a SendMessageA 5297->5301 5303 404cdd 5297->5303 5305 404c98 SendMessageA 5297->5305 5306 404cac SendMessageA 5297->5306 5315 4040d3 SendMessageA 5298->5315 5316 4040d3 SendMessageA 5299->5316 5301->5297 5302->5271 5303->5290 5303->5295 5305->5297 5306->5297 5308 40502e InvalidateRect 5308->5284 5309 405044 5308->5309 5331 4049ac 5309->5331 5310 404f52 SendMessageA 5314 404f68 5310->5314 5311->5310 5311->5314 5313 404fdc SendMessageA SendMessageA 5313->5314 5314->5308 5314->5313 5315->5274 5316->5268 5318 404a50 SendMessageA 5317->5318 5319 404a14 GetMessagePos ScreenToClient SendMessageA 5317->5319 5320 404a48 5318->5320 5319->5320 5321 404a4d 5319->5321 5320->5296 5321->5318 5334 406010 lstrcpynA 5322->5334 5324 404a84 5335 405f6e wsprintfA 5324->5335 5326 404a8e 5327 40140b 2 API calls 5326->5327 5328 404a97 5327->5328 5336 406010 lstrcpynA 5328->5336 5330 404a9e 5330->5311 5337 4048e7 5331->5337 5333 4049c1 5333->5284 5334->5324 5335->5326 5336->5330 5338 4048fd 5337->5338 5339 406032 17 API calls 5338->5339 5340 404961 5339->5340 5341 406032 17 API calls 5340->5341 5342 40496c 5341->5342 5343 406032 17 API calls 5342->5343 5344 404982 lstrlenA wsprintfA SetDlgItemTextA 5343->5344 5344->5333 5345 6f541837 5346 6f54185a 5345->5346 5347 6f54188a GlobalFree 5346->5347 5348 6f54189c __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z __allrem 5346->5348 5347->5348 5349 6f541266 2 API calls 5348->5349 5350 6f541a1e GlobalFree GlobalFree 5349->5350 5351 4023a7 5352 402b2c 17 API calls 5351->5352 5353 4023b8 5352->5353 5354 402b2c 17 API calls 5353->5354 5355 4023c1 5354->5355 5356 402b2c 17 API calls 5355->5356 5357 4023cb GetPrivateProfileStringA 5356->5357 5358 6f54103d 5359 6f54101b 5 API calls 5358->5359 5360 6f541056 5359->5360 5361 4050ab 5362 4050bb 5361->5362 5363 4050cf 5361->5363 5365 4050c1 5362->5365 5366 405118 5362->5366 5364 4050d7 IsWindowVisible 5363->5364 5372 4050ee 5363->5372 5364->5366 5367 4050e4 5364->5367 5369 4040ea SendMessageA 5365->5369 5368 40511d CallWindowProcA 5366->5368 5371 4049f1 5 API calls 5367->5371 5370 4050cb 5368->5370 5369->5370 5371->5372 5372->5368 5373 404a71 4 API calls 5372->5373 5373->5366 5374 6f541638 5375 6f541667 5374->5375 5376 6f541a98 16 API calls 5375->5376 5377 6f54166e 5376->5377 5378 6f541675 5377->5378 5379 6f541681 5377->5379 5382 6f541266 2 API calls 5378->5382 5380 6f5416a8 5379->5380 5381 6f54168b 5379->5381 5384 6f5416d2 5380->5384 5385 6f5416ae 5380->5385 5383 6f5414e2 3 API calls 5381->5383 5386 6f54167f 5382->5386 5388 6f541690 5383->5388 5387 6f5414e2 3 API calls 5384->5387 5389 6f541559 3 API calls 5385->5389 5387->5386 5390 6f541559 3 API calls 5388->5390 5391 6f5416b3 5389->5391 5392 6f541696 5390->5392 5393 6f541266 2 API calls 5391->5393 5394 6f541266 2 API calls 5392->5394 5395 6f5416b9 GlobalFree 5393->5395 5396 6f54169c GlobalFree 5394->5396 5395->5386 5397 6f5416cd GlobalFree 5395->5397 5396->5386 5397->5386 5398 40292c 5399 402b0a 17 API calls 5398->5399 5400 402932 5399->5400 5401 402967 5400->5401 5403 402944 5400->5403 5405 402783 5400->5405 5402 406032 17 API calls 5401->5402 5401->5405 5402->5405 5403->5405 5406 405f6e wsprintfA 5403->5406 5406->5405 5407 404530 5408 40455c 5407->5408 5409 40456d 5407->5409 5468 405710 GetDlgItemTextA 5408->5468 5411 404579 GetDlgItem 5409->5411 5443 4045d8 5409->5443 5414 40458d 5411->5414 5412 404567 5413 40627a 5 API calls 5412->5413 5413->5409 5416 4045a1 SetWindowTextA 5414->5416 5420 405a41 4 API calls 5414->5420 5415 4046bc 5417 404866 5415->5417 5470 405710 GetDlgItemTextA 5415->5470 5421 40409e 18 API calls 5416->5421 5419 404105 8 API calls 5417->5419 5424 40487a 5419->5424 5425 404597 5420->5425 5426 4045bd 5421->5426 5422 406032 17 API calls 5427 40464c SHBrowseForFolderA 5422->5427 5423 4046ec 5428 405a96 18 API calls 5423->5428 5425->5416 5434 4059a8 3 API calls 5425->5434 5429 40409e 18 API calls 5426->5429 5427->5415 5430 404664 CoTaskMemFree 5427->5430 5431 4046f2 5428->5431 5432 4045cb 5429->5432 5433 4059a8 3 API calls 5430->5433 5471 406010 lstrcpynA 5431->5471 5469 4040d3 SendMessageA 5432->5469 5436 404671 5433->5436 5434->5416 5439 4046a8 SetDlgItemTextA 5436->5439 5444 406032 17 API calls 5436->5444 5438 4045d1 5441 4063a8 5 API calls 5438->5441 5439->5415 5440 404709 5442 4063a8 5 API calls 5440->5442 5441->5443 5451 404710 5442->5451 5443->5415 5443->5417 5443->5422 5445 404690 lstrcmpiA 5444->5445 5445->5439 5448 4046a1 lstrcatA 5445->5448 5446 40474c 5472 406010 lstrcpynA 5446->5472 5448->5439 5449 404753 5450 405a41 4 API calls 5449->5450 5452 404759 GetDiskFreeSpaceA 5450->5452 5451->5446 5455 4059ef 2 API calls 5451->5455 5457 4047a4 5451->5457 5454 40477d MulDiv 5452->5454 5452->5457 5454->5457 5455->5451 5456 404815 5459 404838 5456->5459 5461 40140b 2 API calls 5456->5461 5457->5456 5458 4049ac 20 API calls 5457->5458 5460 404802 5458->5460 5473 4040c0 KiUserCallbackDispatcher 5459->5473 5463 404817 SetDlgItemTextA 5460->5463 5464 404807 5460->5464 5461->5459 5463->5456 5466 4048e7 20 API calls 5464->5466 5465 404854 5465->5417 5467 404489 SendMessageA 5465->5467 5466->5456 5467->5417 5468->5412 5469->5438 5470->5423 5471->5440 5472->5449 5473->5465 5474 402631 5475 402b0a 17 API calls 5474->5475 5479 40263b 5475->5479 5476 4026a9 5477 405c21 ReadFile 5477->5479 5478 4026ab 5483 405f6e wsprintfA 5478->5483 5479->5476 5479->5477 5479->5478 5480 4026bb 5479->5480 5480->5476 5482 4026d1 SetFilePointer 5480->5482 5482->5476 5483->5476 5484 4022b2 5485 402b2c 17 API calls 5484->5485 5486 4022b8 5485->5486 5487 402b2c 17 API calls 5486->5487 5488 4022c1 5487->5488 5489 402b2c 17 API calls 5488->5489 5490 4022ca 5489->5490 5491 406313 2 API calls 5490->5491 5492 4022d3 5491->5492 5493 4022e4 lstrlenA lstrlenA 5492->5493 5497 4022d7 5492->5497 5495 405137 24 API calls 5493->5495 5494 405137 24 API calls 5498 4022df 5494->5498 5496 402320 SHFileOperationA 5495->5496 5496->5497 5496->5498 5497->5494 5497->5498 5499 402334 5500 40234e 5499->5500 5501 40233b 5499->5501 5502 406032 17 API calls 5501->5502 5503 402348 5502->5503 5503->5500 5504 40572c MessageBoxIndirectA 5503->5504 5504->5500 5505 4014b7 5506 4014bd 5505->5506 5507 401389 2 API calls 5506->5507 5508 4014c5 5507->5508 4658 402138 4659 402b2c 17 API calls 4658->4659 4660 40213f 4659->4660 4661 402b2c 17 API calls 4660->4661 4662 402149 4661->4662 4663 402b2c 17 API calls 4662->4663 4664 402153 4663->4664 4665 402b2c 17 API calls 4664->4665 4666 40215d 4665->4666 4667 402b2c 17 API calls 4666->4667 4668 402167 4667->4668 4669 4021a9 CoCreateInstance 4668->4669 4670 402b2c 17 API calls 4668->4670 4673 4021c8 4669->4673 4675 402273 4669->4675 4670->4669 4671 401423 24 API calls 4672 4022a9 4671->4672 4674 402253 MultiByteToWideChar 4673->4674 4673->4675 4674->4675 4675->4671 4675->4672 4729 4015bb 4730 402b2c 17 API calls 4729->4730 4731 4015c2 4730->4731 4732 405a41 4 API calls 4731->4732 4745 4015ca 4732->4745 4733 401624 4735 401652 4733->4735 4736 401629 4733->4736 4734 4059d3 CharNextA 4734->4745 4738 401423 24 API calls 4735->4738 4737 401423 24 API calls 4736->4737 4739 401630 4737->4739 4740 40164a 4738->4740 4748 406010 lstrcpynA 4739->4748 4742 40567a 2 API calls 4742->4745 4743 405697 5 API calls 4743->4745 4744 40163b SetCurrentDirectoryA 4744->4740 4745->4733 4745->4734 4745->4742 4745->4743 4746 40160c GetFileAttributesA 4745->4746 4747 4055fd 4 API calls 4745->4747 4746->4745 4747->4745 4748->4744 4749 40273b 4750 402741 4749->4750 4751 402745 FindNextFileA 4750->4751 4753 402757 4750->4753 4752 402796 4751->4752 4751->4753 4755 406010 lstrcpynA 4752->4755 4755->4753 5509 4016bb 5510 402b2c 17 API calls 5509->5510 5511 4016c1 GetFullPathNameA 5510->5511 5512 4016d8 5511->5512 5513 4016f9 5511->5513 5512->5513 5516 406313 2 API calls 5512->5516 5514 4029b8 5513->5514 5515 40170d GetShortPathNameA 5513->5515 5515->5514 5517 4016e9 5516->5517 5517->5513 5519 406010 lstrcpynA 5517->5519 5519->5513 4756 40243d 4757 402b2c 17 API calls 4756->4757 4758 40244f 4757->4758 4759 402b2c 17 API calls 4758->4759 4760 402459 4759->4760 4773 402bbc 4760->4773 4763 4029b8 4764 40248e 4765 40249a 4764->4765 4767 402b0a 17 API calls 4764->4767 4768 4024b9 RegSetValueExA 4765->4768 4770 402ffb 31 API calls 4765->4770 4766 402b2c 17 API calls 4769 402487 lstrlenA 4766->4769 4767->4765 4771 4024cf RegCloseKey 4768->4771 4769->4764 4770->4768 4771->4763 4774 402bd7 4773->4774 4777 405ec4 4774->4777 4778 405ed3 4777->4778 4779 405ede RegCreateKeyExA 4778->4779 4780 402469 4778->4780 4779->4780 4780->4763 4780->4764 4780->4766 5520 401b3f 5521 402b2c 17 API calls 5520->5521 5522 401b46 5521->5522 5523 402b0a 17 API calls 5522->5523 5524 401b4f wsprintfA 5523->5524 5525 4029b8 5524->5525

                                                                  Executed Functions

                                                                  Function 0040326B Relevance: 89.6, APIs: 32, Strings: 19, Instructions: 366stringcomfileCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 0 40326b-4032aa SetErrorMode GetVersion 1 4032ac-4032b4 call 4063a8 0->1 2 4032bd 0->2 1->2 7 4032b6 1->7 4 4032c2-4032d5 call 40633a lstrlenA 2->4 9 4032d7-4032f3 call 4063a8 * 3 4->9 7->2 16 403304-403362 #17 OleInitialize SHGetFileInfoA call 406010 GetCommandLineA call 406010 9->16 17 4032f5-4032fb 9->17 24 403364-403369 16->24 25 40336e-403383 call 4059d3 CharNextA 16->25 17->16 21 4032fd 17->21 21->16 24->25 28 403448-40344c 25->28 29 403452 28->29 30 403388-40338b 28->30 33 403465-40347f GetTempPathA call 40323a 29->33 31 403393-40339b 30->31 32 40338d-403391 30->32 34 4033a3-4033a6 31->34 35 40339d-40339e 31->35 32->31 32->32 43 403481-40349f GetWindowsDirectoryA lstrcatA call 40323a 33->43 44 4034d7-4034f1 DeleteFileA call 402dc4 33->44 37 403438-403445 call 4059d3 34->37 38 4033ac-4033b0 34->38 35->34 37->28 53 403447 37->53 41 4033b2-4033b8 38->41 42 4033c8-4033f5 38->42 47 4033ba-4033bc 41->47 48 4033be 41->48 49 4033f7-4033fd 42->49 50 403408-403436 42->50 43->44 61 4034a1-4034d1 GetTempPathA lstrcatA SetEnvironmentVariableA * 2 call 40323a 43->61 58 403585-403595 call 403753 OleUninitialize 44->58 59 4034f7-4034fd 44->59 47->42 47->48 48->42 55 403403 49->55 56 4033ff-403401 49->56 50->37 52 403454-403460 call 406010 50->52 52->33 53->28 55->50 56->50 56->55 72 4036b9-4036bf 58->72 73 40359b-4035ab call 40572c ExitProcess 58->73 63 403575-40357c call 40382d 59->63 64 4034ff-40350a call 4059d3 59->64 61->44 61->58 70 403581 63->70 76 403540-40354a 64->76 77 40350c-403535 64->77 70->58 74 4036c1-4036da GetCurrentProcess OpenProcessToken 72->74 75 40373b-403743 72->75 79 40370c-40371a call 4063a8 74->79 80 4036dc-403706 LookupPrivilegeValueA AdjustTokenPrivileges 74->80 82 403745 75->82 83 403749-40374d ExitProcess 75->83 84 4035b1-4035c5 call 405697 lstrcatA 76->84 85 40354c-403559 call 405a96 76->85 81 403537-403539 77->81 97 403728-403732 ExitWindowsEx 79->97 98 40371c-403726 79->98 80->79 81->76 88 40353b-40353e 81->88 82->83 95 4035d2-4035ec lstrcatA lstrcmpiA 84->95 96 4035c7-4035cd lstrcatA 84->96 85->58 94 40355b-403571 call 406010 * 2 85->94 88->76 88->81 94->63 95->58 100 4035ee-4035f1 95->100 96->95 97->75 101 403734-403736 call 40140b 97->101 98->97 98->101 103 4035f3-4035f8 call 4055fd 100->103 104 4035fa call 40567a 100->104 101->75 112 4035ff-40360c SetCurrentDirectoryA 103->112 104->112 113 403619-403641 call 406010 112->113 114 40360e-403614 call 406010 112->114 118 403647-403663 call 406032 DeleteFileA 113->118 114->113 121 4036a4-4036ab 118->121 122 403665-403675 CopyFileA 118->122 121->118 124 4036ad-4036b4 call 405def 121->124 122->121 123 403677-403697 call 405def call 406032 call 4056af 122->123 123->121 133 403699-4036a0 CloseHandle 123->133 124->58 133->121
                                                                  C-Code - Quality: 86%
                                                                  			_entry_() {
				signed int _t42;
				intOrPtr* _t47;
				CHAR* _t51;
				char* _t53;
				CHAR* _t55;
				void* _t59;
				intOrPtr _t61;
				int _t63;
				int _t66;
				signed int _t67;
				int _t68;
				signed int _t70;
				void* _t94;
				signed int _t110;
				void* _t113;
				void* _t118;
				intOrPtr* _t119;
				char _t122;
				signed int _t141;
				signed int _t142;
				int _t150;
				void* _t151;
				intOrPtr* _t153;
				CHAR* _t156;
				CHAR* _t157;
				void* _t159;
				char* _t160;
				void* _t163;
				void* _t164;
				char _t189;

				 *(_t164 + 0x18) = 0;
				 *((intOrPtr*)(_t164 + 0x10)) = "Error writing temporary file. Make sure your temp folder is valid.";
				 *(_t164 + 0x20) = 0;
				 *(_t164 + 0x14) = 0x20;
				SetErrorMode(0x8001); // executed
				_t42 = GetVersion() & 0xbfffffff;
				 *0x42f40c = _t42;
				if(_t42 != 6) {
					_t119 = E004063A8(0);
					if(_t119 != 0) {
						 *_t119(0xc00);
					}
				}
				_t156 = "UXTHEME";
				do {
					E0040633A(_t156); // executed
					_t156 =  &(_t156[lstrlenA(_t156) + 1]);
				} while ( *_t156 != 0);
				E004063A8(0xa);
				 *0x42f404 = E004063A8(8);
				_t47 = E004063A8(6);
				if(_t47 != 0) {
					_t47 =  *_t47(0x1e);
					if(_t47 != 0) {
						 *0x42f40f =  *0x42f40f | 0x00000040;
					}
				}
				__imp__#17(_t159);
				__imp__OleInitialize(0); // executed
				 *0x42f4d8 = _t47;
				SHGetFileInfoA(0x429830, 0, _t164 + 0x38, 0x160, 0); // executed
				E00406010("Wildix WIService  v2.15.2 Setup", "NSIS Error");
				_t51 = GetCommandLineA();
				_t160 = "\"C:\\Users\\jones\\Desktop\\SetupWIService.exe\"";
				E00406010(_t160, _t51);
				 *0x42f400 = 0x400000;
				_t53 = _t160;
				if("\"C:\\Users\\jones\\Desktop\\SetupWIService.exe\"" == 0x22) {
					 *(_t164 + 0x14) = 0x22;
					_t53 =  &M00435001;
				}
				_t55 = CharNextA(E004059D3(_t53,  *(_t164 + 0x14)));
				 *(_t164 + 0x1c) = _t55;
				while(1) {
					_t122 =  *_t55;
					_t172 = _t122;
					if(_t122 == 0) {
						break;
					}
					__eflags = _t122 - 0x20;
					if(_t122 != 0x20) {
						L13:
						__eflags =  *_t55 - 0x22;
						 *(_t164 + 0x14) = 0x20;
						if( *_t55 == 0x22) {
							_t55 =  &(_t55[1]);
							__eflags = _t55;
							 *(_t164 + 0x14) = 0x22;
						}
						__eflags =  *_t55 - 0x2f;
						if( *_t55 != 0x2f) {
							L25:
							_t55 = E004059D3(_t55,  *(_t164 + 0x14));
							__eflags =  *_t55 - 0x22;
							if(__eflags == 0) {
								_t55 =  &(_t55[1]);
								__eflags = _t55;
							}
							continue;
						} else {
							_t55 =  &(_t55[1]);
							__eflags =  *_t55 - 0x53;
							if( *_t55 != 0x53) {
								L20:
								__eflags =  *_t55 - ((( *0x40a183 << 0x00000008 |  *0x40a182) << 0x00000008 |  *0x40a181) << 0x00000008 | "NCRC");
								if( *_t55 != ((( *0x40a183 << 0x00000008 |  *0x40a182) << 0x00000008 |  *0x40a181) << 0x00000008 | "NCRC")) {
									L24:
									__eflags =  *((intOrPtr*)(_t55 - 2)) - ((( *0x40a17b << 0x00000008 |  *0x40a17a) << 0x00000008 |  *0x40a179) << 0x00000008 | " /D=");
									if( *((intOrPtr*)(_t55 - 2)) == ((( *0x40a17b << 0x00000008 |  *0x40a17a) << 0x00000008 |  *0x40a179) << 0x00000008 | " /D=")) {
										 *((char*)(_t55 - 2)) = 0;
										__eflags =  &(_t55[2]);
										E00406010("C:\\Program Files (x86)\\Wildix\\WIService",  &(_t55[2]));
										L30:
										_t157 = "C:\\Users\\jones\\AppData\\Local\\Temp\\";
										GetTempPathA(0x400, _t157); // executed
										_t59 = E0040323A(_t172);
										_t173 = _t59;
										if(_t59 != 0) {
											L33:
											DeleteFileA("1033"); // executed
											_t61 = E00402DC4(_t175,  *(_t164 + 0x20)); // executed
											 *((intOrPtr*)(_t164 + 0x10)) = _t61;
											if(_t61 != 0) {
												L43:
												E00403753();
												__imp__OleUninitialize();
												_t185 =  *((intOrPtr*)(_t164 + 0x10));
												if( *((intOrPtr*)(_t164 + 0x10)) == 0) {
													__eflags =  *0x42f4b4;
													if( *0x42f4b4 == 0) {
														L67:
														_t63 =  *0x42f4cc;
														__eflags = _t63 - 0xffffffff;
														if(_t63 != 0xffffffff) {
															 *(_t164 + 0x14) = _t63;
														}
														ExitProcess( *(_t164 + 0x14));
													}
													_t66 = OpenProcessToken(GetCurrentProcess(), 0x28, _t164 + 0x18);
													__eflags = _t66;
													_t150 = 2;
													if(_t66 != 0) {
														LookupPrivilegeValueA(0, "SeShutdownPrivilege", _t164 + 0x24);
														 *(_t164 + 0x38) = 1;
														 *(_t164 + 0x44) = _t150;
														AdjustTokenPrivileges( *(_t164 + 0x2c), 0, _t164 + 0x28, 0, 0, 0);
													}
													_t67 = E004063A8(4);
													__eflags = _t67;
													if(_t67 == 0) {
														L65:
														_t68 = ExitWindowsEx(_t150, 0x80040002);
														__eflags = _t68;
														if(_t68 != 0) {
															goto L67;
														}
														goto L66;
													} else {
														_t70 =  *_t67(0, 0, 0, 0x25, 0x80040002);
														__eflags = _t70;
														if(_t70 == 0) {
															L66:
															E0040140B(9);
															goto L67;
														}
														goto L65;
													}
												}
												E0040572C( *((intOrPtr*)(_t164 + 0x10)), 0x200010);
												ExitProcess(2);
											}
											if( *0x42f420 == 0) {
												L42:
												 *0x42f4cc =  *0x42f4cc | 0xffffffff;
												 *(_t164 + 0x18) = E0040382D( *0x42f4cc);
												goto L43;
											}
											_t153 = E004059D3(_t160, 0);
											if(_t153 < _t160) {
												L39:
												_t182 = _t153 - _t160;
												 *((intOrPtr*)(_t164 + 0x10)) = "Error launching installer";
												if(_t153 < _t160) {
													_t151 = E00405697(_t185);
													lstrcatA(_t157, "~nsu");
													if(_t151 != 0) {
														lstrcatA(_t157, "A");
													}
													lstrcatA(_t157, ".tmp");
													_t162 = "C:\\Users\\jones\\Desktop";
													if(lstrcmpiA(_t157, "C:\\Users\\jones\\Desktop") != 0) {
														_push(_t157);
														if(_t151 == 0) {
															E0040567A();
														} else {
															E004055FD();
														}
														SetCurrentDirectoryA(_t157);
														_t189 = "C:\\Program Files (x86)\\Wildix\\WIService"; // 0x43
														if(_t189 == 0) {
															E00406010("C:\\Program Files (x86)\\Wildix\\WIService", _t162);
														}
														E00406010(0x430000,  *(_t164 + 0x1c));
														_t137 = "A";
														_t163 = 0x1a;
														 *0x430400 = "A";
														do {
															E00406032(0, 0x429430, _t157, 0x429430,  *((intOrPtr*)( *0x42f414 + 0x120)));
															DeleteFileA(0x429430);
															if( *((intOrPtr*)(_t164 + 0x10)) != 0 && CopyFileA("C:\\Users\\jones\\Desktop\\SetupWIService.exe", 0x429430, 1) != 0) {
																E00405DEF(_t137, 0x429430, 0);
																E00406032(0, 0x429430, _t157, 0x429430,  *((intOrPtr*)( *0x42f414 + 0x124)));
																_t94 = E004056AF(0x429430);
																if(_t94 != 0) {
																	CloseHandle(_t94);
																	 *((intOrPtr*)(_t164 + 0x10)) = 0;
																}
															}
															 *0x430400 =  *0x430400 + 1;
															_t163 = _t163 - 1;
														} while (_t163 != 0);
														E00405DEF(_t137, _t157, 0);
													}
													goto L43;
												}
												 *_t153 = 0;
												_t154 = _t153 + 4;
												if(E00405A96(_t182, _t153 + 4) == 0) {
													goto L43;
												}
												E00406010("C:\\Program Files (x86)\\Wildix\\WIService", _t154);
												E00406010("C:\\Program Files (x86)\\Wildix\\WIService", _t154);
												 *((intOrPtr*)(_t164 + 0x10)) = 0;
												goto L42;
											}
											_t110 = (( *0x40a15b << 0x00000008 |  *0x40a15a) << 0x00000008 |  *0x40a159) << 0x00000008 | " _?=";
											while( *_t153 != _t110) {
												_t153 = _t153 - 1;
												if(_t153 >= _t160) {
													continue;
												}
												goto L39;
											}
											goto L39;
										}
										GetWindowsDirectoryA(_t157, 0x3fb);
										lstrcatA(_t157, "\\Temp");
										_t113 = E0040323A(_t173);
										_t174 = _t113;
										if(_t113 != 0) {
											goto L33;
										}
										GetTempPathA(0x3fc, _t157);
										lstrcatA(_t157, "Low");
										SetEnvironmentVariableA("TEMP", _t157);
										SetEnvironmentVariableA("TMP", _t157);
										_t118 = E0040323A(_t174);
										_t175 = _t118;
										if(_t118 == 0) {
											goto L43;
										}
										goto L33;
									}
									goto L25;
								}
								_t141 = _t55[4];
								__eflags = _t141 - 0x20;
								if(_t141 == 0x20) {
									L23:
									_t15 = _t164 + 0x20;
									 *_t15 =  *(_t164 + 0x20) | 0x00000004;
									__eflags =  *_t15;
									goto L24;
								}
								__eflags = _t141;
								if(_t141 != 0) {
									goto L24;
								}
								goto L23;
							}
							_t142 = _t55[1];
							__eflags = _t142 - 0x20;
							if(_t142 == 0x20) {
								L19:
								 *0x42f4c0 = 1;
								goto L20;
							}
							__eflags = _t142;
							if(_t142 != 0) {
								goto L20;
							}
							goto L19;
						}
					} else {
						goto L12;
					}
					do {
						L12:
						_t55 =  &(_t55[1]);
						__eflags =  *_t55 - 0x20;
					} while ( *_t55 == 0x20);
					goto L13;
				}
				goto L30;
			}

































                                                                  0x0040327b
                                                                  0x0040327f
                                                                  0x00403287
                                                                  0x0040328b
                                                                  0x00403290
                                                                  0x0040329c
                                                                  0x004032a5
                                                                  0x004032aa
                                                                  0x004032ad
                                                                  0x004032b4
                                                                  0x004032bb
                                                                  0x004032bb
                                                                  0x004032b4
                                                                  0x004032bd
                                                                  0x004032c2
                                                                  0x004032c3
                                                                  0x004032cf
                                                                  0x004032d3
                                                                  0x004032d9
                                                                  0x004032e7
                                                                  0x004032ec
                                                                  0x004032f3
                                                                  0x004032f7
                                                                  0x004032fb
                                                                  0x004032fd
                                                                  0x004032fd
                                                                  0x004032fb
                                                                  0x00403305
                                                                  0x0040330c
                                                                  0x00403312
                                                                  0x00403328
                                                                  0x00403338
                                                                  0x0040333d
                                                                  0x00403343
                                                                  0x0040334a
                                                                  0x00403356
                                                                  0x00403360
                                                                  0x00403362
                                                                  0x00403364
                                                                  0x00403369
                                                                  0x00403369
                                                                  0x00403379
                                                                  0x0040337f
                                                                  0x00403448
                                                                  0x00403448
                                                                  0x0040344a
                                                                  0x0040344c
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00403388
                                                                  0x0040338b
                                                                  0x00403393
                                                                  0x00403393
                                                                  0x00403396
                                                                  0x0040339b
                                                                  0x0040339d
                                                                  0x0040339d
                                                                  0x0040339e
                                                                  0x0040339e
                                                                  0x004033a3
                                                                  0x004033a6
                                                                  0x00403438
                                                                  0x0040343d
                                                                  0x00403442
                                                                  0x00403445
                                                                  0x00403447
                                                                  0x00403447
                                                                  0x00403447
                                                                  0x00000000
                                                                  0x004033ac
                                                                  0x004033ac
                                                                  0x004033ad
                                                                  0x004033b0
                                                                  0x004033c8
                                                                  0x004033f3
                                                                  0x004033f5
                                                                  0x00403408
                                                                  0x00403433
                                                                  0x00403436
                                                                  0x00403454
                                                                  0x00403457
                                                                  0x00403460
                                                                  0x00403465
                                                                  0x0040346b
                                                                  0x00403476
                                                                  0x00403478
                                                                  0x0040347d
                                                                  0x0040347f
                                                                  0x004034d7
                                                                  0x004034dc
                                                                  0x004034e6
                                                                  0x004034ed
                                                                  0x004034f1
                                                                  0x00403585
                                                                  0x00403585
                                                                  0x0040358a
                                                                  0x00403590
                                                                  0x00403595
                                                                  0x004036b9
                                                                  0x004036bf
                                                                  0x0040373b
                                                                  0x0040373b
                                                                  0x00403740
                                                                  0x00403743
                                                                  0x00403745
                                                                  0x00403745
                                                                  0x0040374d
                                                                  0x0040374d
                                                                  0x004036cf
                                                                  0x004036d7
                                                                  0x004036d9
                                                                  0x004036da
                                                                  0x004036e7
                                                                  0x004036fa
                                                                  0x00403702
                                                                  0x00403706
                                                                  0x00403706
                                                                  0x0040370e
                                                                  0x00403713
                                                                  0x0040371a
                                                                  0x00403728
                                                                  0x0040372a
                                                                  0x00403730
                                                                  0x00403732
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x0040371c
                                                                  0x00403722
                                                                  0x00403724
                                                                  0x00403726
                                                                  0x00403734
                                                                  0x00403736
                                                                  0x00000000
                                                                  0x00403736
                                                                  0x00000000
                                                                  0x00403726
                                                                  0x0040371a
                                                                  0x004035a4
                                                                  0x004035ab
                                                                  0x004035ab
                                                                  0x004034fd
                                                                  0x00403575
                                                                  0x00403575
                                                                  0x00403581
                                                                  0x00000000
                                                                  0x00403581
                                                                  0x00403506
                                                                  0x0040350a
                                                                  0x00403540
                                                                  0x00403540
                                                                  0x00403542
                                                                  0x0040354a
                                                                  0x004035bc
                                                                  0x004035be
                                                                  0x004035c5
                                                                  0x004035cd
                                                                  0x004035cd
                                                                  0x004035d8
                                                                  0x004035dd
                                                                  0x004035ec
                                                                  0x004035f0
                                                                  0x004035f1
                                                                  0x004035fa
                                                                  0x004035f3
                                                                  0x004035f3
                                                                  0x004035f3
                                                                  0x00403600
                                                                  0x00403606
                                                                  0x0040360c
                                                                  0x00403614
                                                                  0x00403614
                                                                  0x00403622
                                                                  0x00403627
                                                                  0x00403639
                                                                  0x00403641
                                                                  0x00403647
                                                                  0x00403653
                                                                  0x00403659
                                                                  0x00403663
                                                                  0x00403679
                                                                  0x0040368a
                                                                  0x00403690
                                                                  0x00403697
                                                                  0x0040369a
                                                                  0x004036a0
                                                                  0x004036a0
                                                                  0x00403697
                                                                  0x004036a4
                                                                  0x004036aa
                                                                  0x004036aa
                                                                  0x004036af
                                                                  0x004036af
                                                                  0x00000000
                                                                  0x004035ec
                                                                  0x0040354c
                                                                  0x0040354e
                                                                  0x00403559
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00403561
                                                                  0x0040356c
                                                                  0x00403571
                                                                  0x00000000
                                                                  0x00403571
                                                                  0x00403535
                                                                  0x00403537
                                                                  0x0040353b
                                                                  0x0040353e
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x0040353e
                                                                  0x00000000
                                                                  0x00403537
                                                                  0x00403487
                                                                  0x00403493
                                                                  0x00403498
                                                                  0x0040349d
                                                                  0x0040349f
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x004034a7
                                                                  0x004034af
                                                                  0x004034c0
                                                                  0x004034c8
                                                                  0x004034ca
                                                                  0x004034cf
                                                                  0x004034d1
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x004034d1
                                                                  0x00000000
                                                                  0x00403436
                                                                  0x004033f7
                                                                  0x004033fa
                                                                  0x004033fd
                                                                  0x00403403
                                                                  0x00403403
                                                                  0x00403403
                                                                  0x00403403
                                                                  0x00000000
                                                                  0x00403403
                                                                  0x004033ff
                                                                  0x00403401
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00403401
                                                                  0x004033b2
                                                                  0x004033b5
                                                                  0x004033b8
                                                                  0x004033be
                                                                  0x004033be
                                                                  0x00000000
                                                                  0x004033be
                                                                  0x004033ba
                                                                  0x004033bc
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x004033bc
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x0040338d
                                                                  0x0040338d
                                                                  0x0040338d
                                                                  0x0040338e
                                                                  0x0040338e
                                                                  0x00000000
                                                                  0x0040338d
                                                                  0x00000000

                                                                  APIs
                                                                  • SetErrorMode.KERNELBASE ref: 00403290
                                                                  • GetVersion.KERNEL32 ref: 00403296
                                                                  • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 004032C9
                                                                  • #17.COMCTL32(?,00000006,00000008,0000000A), ref: 00403305
                                                                  • OleInitialize.OLE32(00000000), ref: 0040330C
                                                                  • SHGetFileInfoA.SHELL32(00429830,00000000,?,00000160,00000000,?,00000006,00000008,0000000A), ref: 00403328
                                                                  • GetCommandLineA.KERNEL32(Wildix WIService v2.15.2 Setup,NSIS Error,?,00000006,00000008,0000000A), ref: 0040333D
                                                                  • CharNextA.USER32(00000000,"C:\Users\user\Desktop\SetupWIService.exe",00000020,"C:\Users\user\Desktop\SetupWIService.exe",00000000,?,00000006,00000008,0000000A), ref: 00403379
                                                                  • GetTempPathA.KERNELBASE(00000400,C:\Users\user\AppData\Local\Temp\,00000000,00000020,?,00000006,00000008,0000000A), ref: 00403476
                                                                  • GetWindowsDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB,?,00000006,00000008,0000000A), ref: 00403487
                                                                  • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp,?,00000006,00000008,0000000A), ref: 00403493
                                                                  • GetTempPathA.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp,?,00000006,00000008,0000000A), ref: 004034A7
                                                                  • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low,?,00000006,00000008,0000000A), ref: 004034AF
                                                                  • SetEnvironmentVariableA.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low,?,00000006,00000008,0000000A), ref: 004034C0
                                                                  • SetEnvironmentVariableA.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\,?,00000006,00000008,0000000A), ref: 004034C8
                                                                  • DeleteFileA.KERNELBASE(1033,?,00000006,00000008,0000000A), ref: 004034DC
                                                                    • Part of subcall function 004063A8: GetModuleHandleA.KERNEL32(?,?,?,004032DE,0000000A), ref: 004063BA
                                                                    • Part of subcall function 004063A8: GetProcAddress.KERNEL32(00000000,?), ref: 004063D5
                                                                    • Part of subcall function 0040382D: lstrlenA.KERNEL32(: Completed,?,?,?,: Completed,00000000,C:\Program Files (x86)\Wildix\WIService,1033,Wildix WIService v2.15.2 Setup: Completed,80000001,Control Panel\Desktop\ResourceLocale,00000000,Wildix WIService v2.15.2 Setup: Completed,00000000,00000002,7476FA90), ref: 0040391D
                                                                    • Part of subcall function 0040382D: lstrcmpiA.KERNEL32(?,.exe,: Completed,?,?,?,: Completed,00000000,C:\Program Files (x86)\Wildix\WIService,1033,Wildix WIService v2.15.2 Setup: Completed,80000001,Control Panel\Desktop\ResourceLocale,00000000,Wildix WIService v2.15.2 Setup: Completed,00000000), ref: 00403930
                                                                    • Part of subcall function 0040382D: GetFileAttributesA.KERNEL32(: Completed), ref: 0040393B
                                                                    • Part of subcall function 0040382D: LoadImageA.USER32 ref: 00403984
                                                                    • Part of subcall function 0040382D: RegisterClassA.USER32 ref: 004039C1
                                                                    • Part of subcall function 00403753: CloseHandle.KERNEL32(000002B0,0040358A,?,?,00000006,00000008,0000000A), ref: 0040375E
                                                                  • OleUninitialize.OLE32(?,?,00000006,00000008,0000000A), ref: 0040358A
                                                                  • ExitProcess.KERNEL32 ref: 004035AB
                                                                  • GetCurrentProcess.KERNEL32(00000028,?,00000006,00000008,0000000A), ref: 004036C8
                                                                  • OpenProcessToken.ADVAPI32(00000000), ref: 004036CF
                                                                  • LookupPrivilegeValueA.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 004036E7
                                                                  • AdjustTokenPrivileges.ADVAPI32(?,?,?,?,00000000,?,00000000,00000000,00000000), ref: 00403706
                                                                  • ExitWindowsEx.USER32(00000002,80040002), ref: 0040372A
                                                                  • ExitProcess.KERNEL32 ref: 0040374D
                                                                    • Part of subcall function 0040572C: MessageBoxIndirectA.USER32(0040A218), ref: 00405787
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.691031265.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.691022035.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691058909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691080261.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691237627.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691253951.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691263137.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691442975.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                  Similarity
                                                                  • API ID: Process$ExitFile$EnvironmentHandlePathTempTokenVariableWindowslstrcatlstrlen$AddressAdjustAttributesCharClassCloseCommandCurrentDeleteDirectoryErrorImageIndirectInfoInitializeLineLoadLookupMessageModeModuleNextOpenPrivilegePrivilegesProcRegisterUninitializeValueVersionlstrcmpi
                                                                  • String ID: "$"C:\Users\user\Desktop\SetupWIService.exe"$.tmp$1033$C:\Program Files (x86)\Wildix\WIService$C:\Program Files (x86)\Wildix\WIService$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\SetupWIService.exe$Error launching installer$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$Wildix WIService v2.15.2 Setup$\Temp$~nsu
                                                                  • API String ID: 3776617018-2221089028
                                                                  • Opcode ID: 4775c68527fbb917aecb0a7c801f737b56a4a891fa957fa25b7ad5f6c3460015
                                                                  • Instruction ID: c488d4947f624a60ea111d8e8e2b3f6be1d3d76fce8bfd42f4ae142e8cae794f
                                                                  • Opcode Fuzzy Hash: 4775c68527fbb917aecb0a7c801f737b56a4a891fa957fa25b7ad5f6c3460015
                                                                  • Instruction Fuzzy Hash: 9EC10570104741AAD7216F759D49B2F3EA8AF4570AF44443FF582B61E2CB7C8A198B2F
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 00405275 Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 282windowclipboardmemoryCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 134 405275-405291 135 405420-405426 134->135 136 405297-40535e GetDlgItem * 3 call 4040d3 call 4049c4 GetClientRect GetSystemMetrics SendMessageA * 2 134->136 138 405450-40545c 135->138 139 405428-40544a GetDlgItem CreateThread FindCloseChangeNotification 135->139 154 405360-40537a SendMessageA * 2 136->154 155 40537c-40537f 136->155 140 40547e-405484 138->140 141 40545e-405464 138->141 139->138 145 405486-40548c 140->145 146 4054d9-4054dc 140->146 143 405466-405479 ShowWindow * 2 call 4040d3 141->143 144 40549f-4054a6 call 404105 141->144 143->140 158 4054ab-4054af 144->158 150 4054b2-4054c2 ShowWindow 145->150 151 40548e-40549a call 404077 145->151 146->144 148 4054de-4054e4 146->148 148->144 156 4054e6-4054f9 SendMessageA 148->156 159 4054d2-4054d4 call 404077 150->159 160 4054c4-4054cd call 405137 150->160 151->144 154->155 161 405381-40538d SendMessageA 155->161 162 40538f-4053a6 call 40409e 155->162 163 4055f6-4055f8 156->163 164 4054ff-40552b CreatePopupMenu call 406032 AppendMenuA 156->164 159->146 160->159 161->162 173 4053a8-4053bc ShowWindow 162->173 174 4053dc-4053fd GetDlgItem SendMessageA 162->174 163->158 171 405540-405556 TrackPopupMenu 164->171 172 40552d-40553d GetWindowRect 164->172 171->163 175 40555c-405576 171->175 172->171 176 4053cb 173->176 177 4053be-4053c9 ShowWindow 173->177 174->163 178 405403-40541b SendMessageA * 2 174->178 179 40557b-405596 SendMessageA 175->179 180 4053d1-4053d7 call 4040d3 176->180 177->180 178->163 179->179 181 405598-4055b8 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 179->181 180->174 183 4055ba-4055da SendMessageA 181->183 183->183 184 4055dc-4055f0 GlobalUnlock SetClipboardData CloseClipboard 183->184 184->163
                                                                  C-Code - Quality: 96%
                                                                  			E00405275(struct HWND__* _a4, long _a8, long _a12, unsigned int _a16) {
				struct HWND__* _v8;
				struct tagRECT _v24;
				void* _v32;
				signed int _v36;
				int _v40;
				int _v44;
				signed int _v48;
				int _v52;
				void* _v56;
				void* _v64;
				void* __ebx;
				void* __edi;
				void* __esi;
				struct HWND__* _t87;
				struct HWND__* _t89;
				long _t90;
				int _t95;
				int _t96;
				long _t99;
				void* _t102;
				intOrPtr _t113;
				void* _t121;
				intOrPtr _t124;
				struct HWND__* _t128;
				int _t150;
				int _t153;
				long _t157;
				struct HWND__* _t161;
				struct HMENU__* _t163;
				long _t165;
				void* _t166;
				char* _t167;
				char* _t168;
				int _t169;

				_t87 =  *0x42ebe4; // 0x10436
				_t157 = _a8;
				_t150 = 0;
				_v8 = _t87;
				if(_t157 != 0x110) {
					__eflags = _t157 - 0x405;
					if(_t157 == 0x405) {
						_t121 = CreateThread(0, 0, E00405209, GetDlgItem(_a4, 0x3ec), 0,  &_a8); // executed
						FindCloseChangeNotification(_t121);
					}
					__eflags = _t157 - 0x111;
					if(_t157 != 0x111) {
						L17:
						__eflags = _t157 - 0x404;
						if(_t157 != 0x404) {
							L25:
							__eflags = _t157 - 0x7b;
							if(_t157 != 0x7b) {
								goto L20;
							}
							_t89 = _v8;
							__eflags = _a12 - _t89;
							if(_a12 != _t89) {
								goto L20;
							}
							_t90 = SendMessageA(_t89, 0x1004, _t150, _t150);
							__eflags = _t90 - _t150;
							_a12 = _t90;
							if(_t90 <= _t150) {
								L36:
								return 0;
							}
							_t163 = CreatePopupMenu();
							AppendMenuA(_t163, _t150, 1, E00406032(_t150, _t157, _t163, _t150, 0xffffffe1));
							_t95 = _a16;
							__eflags = _a16 - 0xffffffff;
							_t153 = _a16 >> 0x10;
							if(_a16 == 0xffffffff) {
								GetWindowRect(_v8,  &_v24);
								_t95 = _v24.left;
								_t153 = _v24.top;
							}
							_t96 = TrackPopupMenu(_t163, 0x180, _t95, _t153, _t150, _a4, _t150);
							__eflags = _t96 - 1;
							if(_t96 == 1) {
								_t165 = 1;
								__eflags = 1;
								_v56 = _t150;
								_v44 = 0x42a870;
								_v40 = 0x1000;
								_a4 = _a12;
								do {
									_a4 = _a4 - 1;
									_t99 = SendMessageA(_v8, 0x102d, _a4,  &_v64);
									__eflags = _a4 - _t150;
									_t165 = _t165 + _t99 + 2;
								} while (_a4 != _t150);
								OpenClipboard(_t150);
								EmptyClipboard();
								_t102 = GlobalAlloc(0x42, _t165);
								_a4 = _t102;
								_t166 = GlobalLock(_t102);
								do {
									_v44 = _t166;
									_t167 = _t166 + SendMessageA(_v8, 0x102d, _t150,  &_v64);
									 *_t167 = 0xd;
									_t168 = _t167 + 1;
									 *_t168 = 0xa;
									_t166 = _t168 + 1;
									_t150 = _t150 + 1;
									__eflags = _t150 - _a12;
								} while (_t150 < _a12);
								GlobalUnlock(_a4);
								SetClipboardData(1, _a4);
								CloseClipboard();
							}
							goto L36;
						}
						__eflags =  *0x42ebcc - _t150; // 0x0
						if(__eflags == 0) {
							ShowWindow( *0x42f408, 8); // executed
							__eflags =  *0x42f4ac - _t150;
							if( *0x42f4ac == _t150) {
								_t113 =  *0x42a048; // 0x829e04
								E00405137( *((intOrPtr*)(_t113 + 0x34)), _t150); // executed
							}
							E00404077(1);
							goto L25;
						}
						 *0x429c40 = 2;
						E00404077(0x78);
						goto L20;
					} else {
						__eflags = _a12 - 0x403;
						if(_a12 != 0x403) {
							L20:
							return E00404105(_t157, _a12, _a16);
						}
						ShowWindow( *0x42ebd0, _t150);
						ShowWindow(_v8, 8);
						E004040D3(_v8);
						goto L17;
					}
				}
				_v48 = _v48 | 0xffffffff;
				_v36 = _v36 | 0xffffffff;
				_t169 = 2;
				_v56 = _t169;
				_v52 = 0;
				_v44 = 0;
				_v40 = 0;
				asm("stosd");
				asm("stosd");
				_t124 =  *0x42f414;
				_a12 =  *((intOrPtr*)(_t124 + 0x5c));
				_a8 =  *((intOrPtr*)(_t124 + 0x60));
				 *0x42ebd0 = GetDlgItem(_a4, 0x403);
				 *0x42ebc8 = GetDlgItem(_a4, 0x3ee);
				_t128 = GetDlgItem(_a4, 0x3f8);
				 *0x42ebe4 = _t128;
				_v8 = _t128;
				E004040D3( *0x42ebd0);
				 *0x42ebd4 = E004049C4(4);
				 *0x42ebec = 0;
				GetClientRect(_v8,  &_v24);
				_v48 = _v24.right - GetSystemMetrics(_t169);
				SendMessageA(_v8, 0x101b, 0,  &_v56);
				SendMessageA(_v8, 0x1036, 0x4000, 0x4000); // executed
				if(_a12 >= 0) {
					SendMessageA(_v8, 0x1001, 0, _a12);
					SendMessageA(_v8, 0x1026, 0, _a12);
				}
				if(_a8 >= _t150) {
					SendMessageA(_v8, 0x1024, _t150, _a8);
				}
				_push( *((intOrPtr*)(_a16 + 0x30)));
				_push(0x1b);
				E0040409E(_a4);
				if(( *0x42f41c & 0x00000003) != 0) {
					ShowWindow( *0x42ebd0, _t150);
					if(( *0x42f41c & 0x00000002) != 0) {
						 *0x42ebd0 = _t150;
					} else {
						ShowWindow(_v8, 8);
					}
					E004040D3( *0x42ebc8);
				}
				_t161 = GetDlgItem(_a4, 0x3ec);
				SendMessageA(_t161, 0x401, _t150, 0x75300000);
				if(( *0x42f41c & 0x00000004) != 0) {
					SendMessageA(_t161, 0x409, _t150, _a8);
					SendMessageA(_t161, 0x2001, _t150, _a12);
				}
				goto L36;
			}





































                                                                  0x0040527b
                                                                  0x00405283
                                                                  0x00405286
                                                                  0x0040528e
                                                                  0x00405291
                                                                  0x00405420
                                                                  0x00405426
                                                                  0x00405443
                                                                  0x0040544a
                                                                  0x0040544a
                                                                  0x00405456
                                                                  0x0040545c
                                                                  0x0040547e
                                                                  0x0040547e
                                                                  0x00405484
                                                                  0x004054d9
                                                                  0x004054d9
                                                                  0x004054dc
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x004054de
                                                                  0x004054e1
                                                                  0x004054e4
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x004054ee
                                                                  0x004054f4
                                                                  0x004054f6
                                                                  0x004054f9
                                                                  0x004055f6
                                                                  0x00000000
                                                                  0x004055f6
                                                                  0x00405508
                                                                  0x00405514
                                                                  0x0040551d
                                                                  0x00405524
                                                                  0x00405528
                                                                  0x0040552b
                                                                  0x00405534
                                                                  0x0040553a
                                                                  0x0040553d
                                                                  0x0040553d
                                                                  0x0040554d
                                                                  0x00405553
                                                                  0x00405556
                                                                  0x00405561
                                                                  0x00405561
                                                                  0x00405562
                                                                  0x00405565
                                                                  0x0040556c
                                                                  0x00405573
                                                                  0x0040557b
                                                                  0x0040557b
                                                                  0x00405589
                                                                  0x0040558f
                                                                  0x00405592
                                                                  0x00405592
                                                                  0x00405599
                                                                  0x0040559f
                                                                  0x004055a8
                                                                  0x004055af
                                                                  0x004055b8
                                                                  0x004055ba
                                                                  0x004055bd
                                                                  0x004055cc
                                                                  0x004055ce
                                                                  0x004055d1
                                                                  0x004055d2
                                                                  0x004055d5
                                                                  0x004055d6
                                                                  0x004055d7
                                                                  0x004055d7
                                                                  0x004055df
                                                                  0x004055ea
                                                                  0x004055f0
                                                                  0x004055f0
                                                                  0x00000000
                                                                  0x00405556
                                                                  0x00405486
                                                                  0x0040548c
                                                                  0x004054ba
                                                                  0x004054bc
                                                                  0x004054c2
                                                                  0x004054c4
                                                                  0x004054cd
                                                                  0x004054cd
                                                                  0x004054d4
                                                                  0x00000000
                                                                  0x004054d4
                                                                  0x00405490
                                                                  0x0040549a
                                                                  0x00000000
                                                                  0x0040545e
                                                                  0x0040545e
                                                                  0x00405464
                                                                  0x0040549f
                                                                  0x00000000
                                                                  0x004054a6
                                                                  0x0040546d
                                                                  0x00405474
                                                                  0x00405479
                                                                  0x00000000
                                                                  0x00405479
                                                                  0x0040545c
                                                                  0x00405297
                                                                  0x0040529b
                                                                  0x004052a3
                                                                  0x004052a7
                                                                  0x004052aa
                                                                  0x004052ad
                                                                  0x004052b0
                                                                  0x004052b3
                                                                  0x004052b4
                                                                  0x004052b5
                                                                  0x004052ce
                                                                  0x004052d1
                                                                  0x004052db
                                                                  0x004052ea
                                                                  0x004052f2
                                                                  0x004052fa
                                                                  0x004052ff
                                                                  0x00405302
                                                                  0x0040530e
                                                                  0x00405317
                                                                  0x00405320
                                                                  0x00405342
                                                                  0x00405348
                                                                  0x00405359
                                                                  0x0040535e
                                                                  0x0040536c
                                                                  0x0040537a
                                                                  0x0040537a
                                                                  0x0040537f
                                                                  0x0040538d
                                                                  0x0040538d
                                                                  0x00405392
                                                                  0x00405395
                                                                  0x0040539a
                                                                  0x004053a6
                                                                  0x004053af
                                                                  0x004053bc
                                                                  0x004053cb
                                                                  0x004053be
                                                                  0x004053c3
                                                                  0x004053c3
                                                                  0x004053d7
                                                                  0x004053d7
                                                                  0x004053eb
                                                                  0x004053f4
                                                                  0x004053fd
                                                                  0x0040540d
                                                                  0x00405419
                                                                  0x00405419
                                                                  0x00000000

                                                                  APIs
                                                                  • GetDlgItem.USER32 ref: 004052D4
                                                                  • GetDlgItem.USER32 ref: 004052E3
                                                                  • GetClientRect.USER32 ref: 00405320
                                                                  • GetSystemMetrics.USER32 ref: 00405327
                                                                  • SendMessageA.USER32(?,0000101B,00000000,?), ref: 00405348
                                                                  • SendMessageA.USER32(?,00001036,00004000,00004000), ref: 00405359
                                                                  • SendMessageA.USER32(?,00001001,00000000,?), ref: 0040536C
                                                                  • SendMessageA.USER32(?,00001026,00000000,?), ref: 0040537A
                                                                  • SendMessageA.USER32(?,00001024,00000000,?), ref: 0040538D
                                                                  • ShowWindow.USER32(00000000,?,0000001B,?), ref: 004053AF
                                                                  • ShowWindow.USER32(?,00000008), ref: 004053C3
                                                                  • GetDlgItem.USER32 ref: 004053E4
                                                                  • SendMessageA.USER32(00000000,00000401,00000000,75300000), ref: 004053F4
                                                                  • SendMessageA.USER32(00000000,00000409,00000000,?), ref: 0040540D
                                                                  • SendMessageA.USER32(00000000,00002001,00000000,?), ref: 00405419
                                                                  • GetDlgItem.USER32 ref: 004052F2
                                                                    • Part of subcall function 004040D3: SendMessageA.USER32(00000028,?,00000001,00403F03), ref: 004040E1
                                                                  • GetDlgItem.USER32 ref: 00405435
                                                                  • CreateThread.KERNELBASE ref: 00405443
                                                                  • FindCloseChangeNotification.KERNELBASE(00000000), ref: 0040544A
                                                                  • ShowWindow.USER32(00000000), ref: 0040546D
                                                                  • ShowWindow.USER32(?,00000008), ref: 00405474
                                                                  • ShowWindow.USER32(00000008), ref: 004054BA
                                                                  • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 004054EE
                                                                  • CreatePopupMenu.USER32 ref: 004054FF
                                                                  • AppendMenuA.USER32 ref: 00405514
                                                                  • GetWindowRect.USER32 ref: 00405534
                                                                  • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 0040554D
                                                                  • SendMessageA.USER32(?,0000102D,00000000,?), ref: 00405589
                                                                  • OpenClipboard.USER32(00000000), ref: 00405599
                                                                  • EmptyClipboard.USER32 ref: 0040559F
                                                                  • GlobalAlloc.KERNEL32(00000042,?), ref: 004055A8
                                                                  • GlobalLock.KERNEL32 ref: 004055B2
                                                                  • SendMessageA.USER32(?,0000102D,00000000,?), ref: 004055C6
                                                                  • GlobalUnlock.KERNEL32(00000000), ref: 004055DF
                                                                  • SetClipboardData.USER32 ref: 004055EA
                                                                  • CloseClipboard.USER32 ref: 004055F0
                                                                  Strings
                                                                  • Wildix WIService v2.15.2 Setup: Completed, xrefs: 00405565
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.691031265.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.691022035.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691058909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691080261.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691237627.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691253951.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691263137.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691442975.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                  Similarity
                                                                  • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendChangeClientDataEmptyFindLockMetricsNotificationOpenSystemThreadTrackUnlock
                                                                  • String ID: Wildix WIService v2.15.2 Setup: Completed
                                                                  • API String ID: 4154960007-2136058454
                                                                  • Opcode ID: 850865324eda7255bc617561a744910c99d6829a0b955d2a94bbb97841d7110d
                                                                  • Instruction ID: 66d789517199d7de7cfadb6731c275bc9a2b232ae8febcf914e4846c803f5e83
                                                                  • Opcode Fuzzy Hash: 850865324eda7255bc617561a744910c99d6829a0b955d2a94bbb97841d7110d
                                                                  • Instruction Fuzzy Hash: A3A147B0900608BFDB119F61DE89AAF7F79FB08354F40403AFA41BA1A0C7755E519F68
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 004057D8 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 159filestringCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 493 4057d8-4057fe call 405a96 496 405800-405812 DeleteFileA 493->496 497 405817-40581e 493->497 498 4059a1-4059a5 496->498 499 405820-405822 497->499 500 405831-405841 call 406010 497->500 501 405828-40582b 499->501 502 40594f-405954 499->502 506 405850-405851 call 4059ef 500->506 507 405843-40584e lstrcatA 500->507 501->500 501->502 502->498 504 405956-405959 502->504 508 405963-40596b call 406313 504->508 509 40595b-405961 504->509 510 405856-405859 506->510 507->510 508->498 517 40596d-405981 call 4059a8 call 405790 508->517 509->498 513 405864-40586a lstrcatA 510->513 514 40585b-405862 510->514 516 40586f-40588d lstrlenA FindFirstFileA 513->516 514->513 514->516 518 405893-4058aa call 4059d3 516->518 519 405945-405949 516->519 529 405983-405986 517->529 530 405999-40599c call 405137 517->530 527 4058b5-4058b8 518->527 528 4058ac-4058b0 518->528 519->502 521 40594b 519->521 521->502 532 4058ba-4058bf 527->532 533 4058cb-4058d9 call 406010 527->533 528->527 531 4058b2 528->531 529->509 535 405988-405997 call 405137 call 405def 529->535 530->498 531->527 537 4058c1-4058c3 532->537 538 405924-405936 FindNextFileA 532->538 543 4058f0-4058fb call 405790 533->543 544 4058db-4058e3 533->544 535->498 537->533 542 4058c5-4058c9 537->542 538->518 541 40593c-40593f FindClose 538->541 541->519 542->533 542->538 553 40591c-40591f call 405137 543->553 554 4058fd-405900 543->554 544->538 546 4058e5-4058ee call 4057d8 544->546 546->538 553->538 556 405902-405912 call 405137 call 405def 554->556 557 405914-40591a 554->557 556->538 557->538
                                                                  C-Code - Quality: 98%
                                                                  			E004057D8(void* __eflags, signed int _a4, signed int _a8) {
				signed int _v8;
				void* _v12;
				signed int _v16;
				struct _WIN32_FIND_DATAA _v336;
				signed int _t40;
				char* _t53;
				signed int _t55;
				signed int _t58;
				signed int _t64;
				signed int _t66;
				void* _t68;
				signed char _t69;
				CHAR* _t71;
				void* _t72;
				CHAR* _t73;
				char* _t76;

				_t69 = _a8;
				_t73 = _a4;
				_v8 = _t69 & 0x00000004;
				_t40 = E00405A96(__eflags, _t73);
				_v16 = _t40;
				if((_t69 & 0x00000008) != 0) {
					_t66 = DeleteFileA(_t73); // executed
					asm("sbb eax, eax");
					_t68 =  ~_t66 + 1;
					 *0x42f4a8 =  *0x42f4a8 + _t68;
					return _t68;
				}
				_a4 = _t69;
				_t8 =  &_a4;
				 *_t8 = _a4 & 0x00000001;
				__eflags =  *_t8;
				if( *_t8 == 0) {
					L5:
					E00406010(0x42b878, _t73);
					__eflags = _a4;
					if(_a4 == 0) {
						E004059EF(_t73);
					} else {
						lstrcatA(0x42b878, "\*.*");
					}
					__eflags =  *_t73;
					if( *_t73 != 0) {
						L10:
						lstrcatA(_t73, 0x40a014);
						L11:
						_t71 =  &(_t73[lstrlenA(_t73)]); // executed
						_t40 = FindFirstFileA(0x42b878,  &_v336); // executed
						__eflags = _t40 - 0xffffffff;
						_v12 = _t40;
						if(_t40 == 0xffffffff) {
							L29:
							__eflags = _a4;
							if(_a4 != 0) {
								_t32 = _t71 - 1;
								 *_t32 =  *(_t71 - 1) & 0x00000000;
								__eflags =  *_t32;
							}
							goto L31;
						} else {
							goto L12;
						}
						do {
							L12:
							_t76 =  &(_v336.cFileName);
							_t53 = E004059D3( &(_v336.cFileName), 0x3f);
							__eflags =  *_t53;
							if( *_t53 != 0) {
								__eflags = _v336.cAlternateFileName;
								if(_v336.cAlternateFileName != 0) {
									_t76 =  &(_v336.cAlternateFileName);
								}
							}
							__eflags =  *_t76 - 0x2e;
							if( *_t76 != 0x2e) {
								L19:
								E00406010(_t71, _t76);
								__eflags = _v336.dwFileAttributes & 0x00000010;
								if(__eflags == 0) {
									_t55 = E00405790(__eflags, _t73, _v8);
									__eflags = _t55;
									if(_t55 != 0) {
										E00405137(0xfffffff2, _t73);
									} else {
										__eflags = _v8 - _t55;
										if(_v8 == _t55) {
											 *0x42f4a8 =  *0x42f4a8 + 1;
										} else {
											E00405137(0xfffffff1, _t73);
											E00405DEF(_t72, _t73, 0);
										}
									}
								} else {
									__eflags = (_a8 & 0x00000003) - 3;
									if(__eflags == 0) {
										E004057D8(__eflags, _t73, _a8);
									}
								}
								goto L27;
							}
							_t64 =  *((intOrPtr*)(_t76 + 1));
							__eflags = _t64;
							if(_t64 == 0) {
								goto L27;
							}
							__eflags = _t64 - 0x2e;
							if(_t64 != 0x2e) {
								goto L19;
							}
							__eflags =  *((char*)(_t76 + 2));
							if( *((char*)(_t76 + 2)) == 0) {
								goto L27;
							}
							goto L19;
							L27:
							_t58 = FindNextFileA(_v12,  &_v336);
							__eflags = _t58;
						} while (_t58 != 0);
						_t40 = FindClose(_v12);
						goto L29;
					}
					__eflags =  *0x42b878 - 0x5c;
					if( *0x42b878 != 0x5c) {
						goto L11;
					}
					goto L10;
				} else {
					__eflags = _t40;
					if(_t40 == 0) {
						L31:
						__eflags = _a4;
						if(_a4 == 0) {
							L39:
							return _t40;
						}
						__eflags = _v16;
						if(_v16 != 0) {
							_t40 = E00406313(_t73);
							__eflags = _t40;
							if(_t40 == 0) {
								goto L39;
							}
							E004059A8(_t73);
							_t40 = E00405790(__eflags, _t73, _v8 | 0x00000001);
							__eflags = _t40;
							if(_t40 != 0) {
								return E00405137(0xffffffe5, _t73);
							}
							__eflags = _v8;
							if(_v8 == 0) {
								goto L33;
							}
							E00405137(0xfffffff1, _t73);
							return E00405DEF(_t72, _t73, 0);
						}
						L33:
						 *0x42f4a8 =  *0x42f4a8 + 1;
						return _t40;
					}
					__eflags = _t69 & 0x00000002;
					if((_t69 & 0x00000002) == 0) {
						goto L31;
					}
					goto L5;
				}
			}



















                                                                  0x004057e2
                                                                  0x004057e7
                                                                  0x004057f0
                                                                  0x004057f3
                                                                  0x004057fb
                                                                  0x004057fe
                                                                  0x00405801
                                                                  0x00405809
                                                                  0x0040580b
                                                                  0x0040580c
                                                                  0x00000000
                                                                  0x0040580c
                                                                  0x00405817
                                                                  0x0040581a
                                                                  0x0040581a
                                                                  0x0040581a
                                                                  0x0040581e
                                                                  0x00405831
                                                                  0x00405838
                                                                  0x0040583d
                                                                  0x00405841
                                                                  0x00405851
                                                                  0x00405843
                                                                  0x00405849
                                                                  0x00405849
                                                                  0x00405856
                                                                  0x00405859
                                                                  0x00405864
                                                                  0x0040586a
                                                                  0x0040586f
                                                                  0x0040587f
                                                                  0x00405881
                                                                  0x00405887
                                                                  0x0040588a
                                                                  0x0040588d
                                                                  0x00405945
                                                                  0x00405945
                                                                  0x00405949
                                                                  0x0040594b
                                                                  0x0040594b
                                                                  0x0040594b
                                                                  0x0040594b
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00405893
                                                                  0x00405893
                                                                  0x0040589c
                                                                  0x004058a2
                                                                  0x004058a7
                                                                  0x004058aa
                                                                  0x004058ac
                                                                  0x004058b0
                                                                  0x004058b2
                                                                  0x004058b2
                                                                  0x004058b0
                                                                  0x004058b5
                                                                  0x004058b8
                                                                  0x004058cb
                                                                  0x004058cd
                                                                  0x004058d2
                                                                  0x004058d9
                                                                  0x004058f4
                                                                  0x004058f9
                                                                  0x004058fb
                                                                  0x0040591f
                                                                  0x004058fd
                                                                  0x004058fd
                                                                  0x00405900
                                                                  0x00405914
                                                                  0x00405902
                                                                  0x00405905
                                                                  0x0040590d
                                                                  0x0040590d
                                                                  0x00405900
                                                                  0x004058db
                                                                  0x004058e1
                                                                  0x004058e3
                                                                  0x004058e9
                                                                  0x004058e9
                                                                  0x004058e3
                                                                  0x00000000
                                                                  0x004058d9
                                                                  0x004058ba
                                                                  0x004058bd
                                                                  0x004058bf
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x004058c1
                                                                  0x004058c3
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x004058c5
                                                                  0x004058c9
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00405924
                                                                  0x0040592e
                                                                  0x00405934
                                                                  0x00405934
                                                                  0x0040593f
                                                                  0x00000000
                                                                  0x0040593f
                                                                  0x0040585b
                                                                  0x00405862
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00405820
                                                                  0x00405820
                                                                  0x00405822
                                                                  0x0040594f
                                                                  0x00405951
                                                                  0x00405954
                                                                  0x004059a5
                                                                  0x004059a5
                                                                  0x004059a5
                                                                  0x00405956
                                                                  0x00405959
                                                                  0x00405964
                                                                  0x00405969
                                                                  0x0040596b
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x0040596e
                                                                  0x0040597a
                                                                  0x0040597f
                                                                  0x00405981
                                                                  0x00000000
                                                                  0x0040599c
                                                                  0x00405983
                                                                  0x00405986
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x0040598b
                                                                  0x00000000
                                                                  0x00405992
                                                                  0x0040595b
                                                                  0x0040595b
                                                                  0x00000000
                                                                  0x0040595b
                                                                  0x00405828
                                                                  0x0040582b
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x0040582b

                                                                  APIs
                                                                  • DeleteFileA.KERNELBASE(?,?,7476FA90,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405801
                                                                  • lstrcatA.KERNEL32(C:\Program Files (x86)\Wildix\WIService\lua,\*.*,C:\Program Files (x86)\Wildix\WIService\lua,?,?,7476FA90,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405849
                                                                  • lstrcatA.KERNEL32(?,0040A014,?,C:\Program Files (x86)\Wildix\WIService\lua,?,?,7476FA90,C:\Users\user\AppData\Local\Temp\,00000000), ref: 0040586A
                                                                  • lstrlenA.KERNEL32(?,?,0040A014,?,C:\Program Files (x86)\Wildix\WIService\lua,?,?,7476FA90,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405870
                                                                  • FindFirstFileA.KERNELBASE(C:\Program Files (x86)\Wildix\WIService\lua,?,?,?,0040A014,?,C:\Program Files (x86)\Wildix\WIService\lua,?,?,7476FA90,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405881
                                                                  • FindNextFileA.KERNEL32(00000000,00000010,000000F2,?,?,?,00000000,?,?,0000003F), ref: 0040592E
                                                                  • FindClose.KERNEL32(00000000), ref: 0040593F
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.691031265.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.691022035.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691058909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691080261.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691237627.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691253951.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691263137.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691442975.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                  Similarity
                                                                  • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                  • String ID: "C:\Users\user\Desktop\SetupWIService.exe"$C:\Program Files (x86)\Wildix\WIService\lua$C:\Users\user\AppData\Local\Temp\$\*.*
                                                                  • API String ID: 2035342205-2587908562
                                                                  • Opcode ID: 2683fea5af7fdc3d0ee3d5ea6d34bfce251760fda2a5c41c4c388f4f242317a9
                                                                  • Instruction ID: b1b2ef924c21ee39ce724be99c412cdb4e11523259fae964be374fa5306f8f12
                                                                  • Opcode Fuzzy Hash: 2683fea5af7fdc3d0ee3d5ea6d34bfce251760fda2a5c41c4c388f4f242317a9
                                                                  • Instruction Fuzzy Hash: 9A51A171800A04EADB216B618C45BBF7AB8DF42728F14807BF845B51D1C73C4982DE6A
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 00402138 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 139comCOMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 74%
                                                                  			E00402138(void* __eflags) {
				signed int _t55;
				void* _t59;
				intOrPtr* _t63;
				intOrPtr _t64;
				intOrPtr* _t65;
				intOrPtr* _t67;
				intOrPtr* _t69;
				intOrPtr* _t71;
				intOrPtr* _t73;
				intOrPtr* _t75;
				intOrPtr* _t78;
				intOrPtr* _t80;
				intOrPtr* _t82;
				intOrPtr* _t84;
				int _t87;
				intOrPtr* _t95;
				signed int _t105;
				signed int _t109;
				void* _t111;

				 *(_t111 - 0x10) = E00402B2C(0xfffffff0);
				 *(_t111 - 0xc) = E00402B2C(0xffffffdf);
				 *((intOrPtr*)(_t111 - 0x44)) = E00402B2C(2);
				 *((intOrPtr*)(_t111 - 0x40)) = E00402B2C(0xffffffcd);
				 *((intOrPtr*)(_t111 - 0x4c)) = E00402B2C(0x45);
				_t55 =  *(_t111 - 0x24);
				 *(_t111 - 0x88) = _t55 & 0x00000fff;
				_t105 = _t55 & 0x00008000;
				_t109 = _t55 >> 0x0000000c & 0x00000007;
				 *(_t111 - 0x3c) = _t55 >> 0x00000010 & 0x0000ffff;
				if(E00405A15( *(_t111 - 0xc)) == 0) {
					E00402B2C(0x21);
				}
				_t59 = _t111 + 8;
				__imp__CoCreateInstance(0x40851c, _t87, 1, 0x40850c, _t59); // executed
				if(_t59 < _t87) {
					L15:
					 *((intOrPtr*)(_t111 - 4)) = 1;
					_push(0xfffffff0);
				} else {
					_t63 =  *((intOrPtr*)(_t111 + 8));
					_t64 =  *((intOrPtr*)( *_t63))(_t63, 0x40852c, _t111 - 0x1c);
					 *((intOrPtr*)(_t111 - 8)) = _t64;
					if(_t64 >= _t87) {
						_t67 =  *((intOrPtr*)(_t111 + 8));
						 *((intOrPtr*)(_t111 - 8)) =  *((intOrPtr*)( *_t67 + 0x50))(_t67,  *(_t111 - 0xc));
						if(_t105 == _t87) {
							_t84 =  *((intOrPtr*)(_t111 + 8));
							 *((intOrPtr*)( *_t84 + 0x24))(_t84, "C:\\Program Files (x86)\\Wildix\\WIService");
						}
						if(_t109 != _t87) {
							_t82 =  *((intOrPtr*)(_t111 + 8));
							 *((intOrPtr*)( *_t82 + 0x3c))(_t82, _t109);
						}
						_t69 =  *((intOrPtr*)(_t111 + 8));
						 *((intOrPtr*)( *_t69 + 0x34))(_t69,  *(_t111 - 0x3c));
						_t95 =  *((intOrPtr*)(_t111 - 0x40));
						if( *_t95 != _t87) {
							_t80 =  *((intOrPtr*)(_t111 + 8));
							 *((intOrPtr*)( *_t80 + 0x44))(_t80, _t95,  *(_t111 - 0x88));
						}
						_t71 =  *((intOrPtr*)(_t111 + 8));
						 *((intOrPtr*)( *_t71 + 0x2c))(_t71,  *((intOrPtr*)(_t111 - 0x44)));
						_t73 =  *((intOrPtr*)(_t111 + 8));
						 *((intOrPtr*)( *_t73 + 0x1c))(_t73,  *((intOrPtr*)(_t111 - 0x4c)));
						if( *((intOrPtr*)(_t111 - 8)) >= _t87) {
							 *((intOrPtr*)(_t111 - 8)) = 0x80004005;
							if(MultiByteToWideChar(_t87, _t87,  *(_t111 - 0x10), 0xffffffff,  *(_t111 - 0xc), 0x400) != 0) {
								_t78 =  *((intOrPtr*)(_t111 - 0x1c));
								 *((intOrPtr*)(_t111 - 8)) =  *((intOrPtr*)( *_t78 + 0x18))(_t78,  *(_t111 - 0xc), 1);
							}
						}
						_t75 =  *((intOrPtr*)(_t111 - 0x1c));
						 *((intOrPtr*)( *_t75 + 8))(_t75);
					}
					_t65 =  *((intOrPtr*)(_t111 + 8));
					 *((intOrPtr*)( *_t65 + 8))(_t65);
					if( *((intOrPtr*)(_t111 - 8)) >= _t87) {
						_push(0xfffffff4);
					} else {
						goto L15;
					}
				}
				E00401423();
				 *0x42f4a8 =  *0x42f4a8 +  *((intOrPtr*)(_t111 - 4));
				return 0;
			}






















                                                                  0x00402141
                                                                  0x0040214b
                                                                  0x00402155
                                                                  0x0040215f
                                                                  0x0040216a
                                                                  0x0040216d
                                                                  0x00402187
                                                                  0x0040218d
                                                                  0x00402193
                                                                  0x00402196
                                                                  0x004021a0
                                                                  0x004021a4
                                                                  0x004021a4
                                                                  0x004021a9
                                                                  0x004021ba
                                                                  0x004021c2
                                                                  0x0040229b
                                                                  0x0040229b
                                                                  0x004022a2
                                                                  0x004021c8
                                                                  0x004021c8
                                                                  0x004021d7
                                                                  0x004021db
                                                                  0x004021de
                                                                  0x004021e4
                                                                  0x004021f2
                                                                  0x004021f5
                                                                  0x004021f7
                                                                  0x00402202
                                                                  0x00402202
                                                                  0x00402207
                                                                  0x00402209
                                                                  0x00402210
                                                                  0x00402210
                                                                  0x00402213
                                                                  0x0040221c
                                                                  0x0040221f
                                                                  0x00402224
                                                                  0x00402226
                                                                  0x00402233
                                                                  0x00402233
                                                                  0x00402236
                                                                  0x0040223f
                                                                  0x00402242
                                                                  0x0040224b
                                                                  0x00402251
                                                                  0x00402258
                                                                  0x00402271
                                                                  0x00402273
                                                                  0x00402281
                                                                  0x00402281
                                                                  0x00402271
                                                                  0x00402284
                                                                  0x0040228a
                                                                  0x0040228a
                                                                  0x0040228d
                                                                  0x00402293
                                                                  0x00402299
                                                                  0x004022ae
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00402299
                                                                  0x004022a4
                                                                  0x004029bb
                                                                  0x004029c7

                                                                  APIs
                                                                  • CoCreateInstance.OLE32(0040851C,?,00000001,0040850C,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 004021BA
                                                                  • MultiByteToWideChar.KERNEL32(?,?,?,000000FF,?,00000400,?,00000001,0040850C,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402269
                                                                  Strings
                                                                  • C:\Program Files (x86)\Wildix\WIService, xrefs: 004021FA
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.691031265.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.691022035.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691058909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691080261.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691237627.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691253951.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691263137.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691442975.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                  Similarity
                                                                  • API ID: ByteCharCreateInstanceMultiWide
                                                                  • String ID: C:\Program Files (x86)\Wildix\WIService
                                                                  • API String ID: 123533781-4211190453
                                                                  • Opcode ID: 5e26a4cef9836c5db1ff9a72d0abbf1eb8f5a6fdc757ce25d6c6e23b25beee3e
                                                                  • Instruction ID: 754b6e0833e3014b2c682637ef6945f2e05814b0a8fe180c789646af90cdafbf
                                                                  • Opcode Fuzzy Hash: 5e26a4cef9836c5db1ff9a72d0abbf1eb8f5a6fdc757ce25d6c6e23b25beee3e
                                                                  • Instruction Fuzzy Hash: DD510771A00209AFCB04DFE4C988A9D7BB5EF48314F2045BAF515EB2D1DB799941CF54
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 00406313 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14fileCOMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 100%
                                                                  			E00406313(CHAR* _a4) {
				void* _t2;

				_t2 = FindFirstFileA(_a4, 0x42c0c0); // executed
				if(_t2 == 0xffffffff) {
					return 0;
				}
				FindClose(_t2); // executed
				return 0x42c0c0;
			}




                                                                  0x0040631e
                                                                  0x00406327
                                                                  0x00000000
                                                                  0x00406334
                                                                  0x0040632a
                                                                  0x00000000

                                                                  APIs
                                                                  • FindFirstFileA.KERNELBASE(7476FA90,0042C0C0,C:\,00405AD9,C:\,C:\,00000000,C:\,C:\,7476FA90,?,C:\Users\user\AppData\Local\Temp\,004057F8,?,7476FA90,C:\Users\user\AppData\Local\Temp\), ref: 0040631E
                                                                  • FindClose.KERNELBASE(00000000), ref: 0040632A
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.691031265.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.691022035.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691058909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691080261.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691237627.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691253951.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691263137.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691442975.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                  Similarity
                                                                  • API ID: Find$CloseFileFirst
                                                                  • String ID: C:\
                                                                  • API String ID: 2295610775-3404278061
                                                                  • Opcode ID: 1839775ab65f4c7429e333cf5f3a5f1104f42c23ffe018d7624b5080913ebc3e
                                                                  • Instruction ID: f1da5dbc8fb4190b670de1866088b9aea297c62f24eccc1d76d376cb4bf46ee5
                                                                  • Opcode Fuzzy Hash: 1839775ab65f4c7429e333cf5f3a5f1104f42c23ffe018d7624b5080913ebc3e
                                                                  • Instruction Fuzzy Hash: A8D0123250A030ABC350177C7E0C88F7A989F163347218A36F4A6F21E0C7348C2286DC
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 00402765 Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 41%
                                                                  			E00402765(char __ebx, char* __edi, char* __esi) {
				void* _t6;
				void* _t19;

				_t6 = FindFirstFileA(E00402B2C(2), _t19 - 0x1c8); // executed
				if(_t6 != 0xffffffff) {
					E00405F6E(__edi, _t6);
					_push(_t19 - 0x19c);
					_push(__esi);
					E00406010();
				} else {
					 *__edi = __ebx;
					 *__esi = __ebx;
					 *((intOrPtr*)(_t19 - 4)) = 1;
				}
				 *0x42f4a8 =  *0x42f4a8 +  *((intOrPtr*)(_t19 - 4));
				return 0;
			}





                                                                  0x00402774
                                                                  0x0040277d
                                                                  0x00402791
                                                                  0x0040279c
                                                                  0x0040279d
                                                                  0x004028d6
                                                                  0x0040277f
                                                                  0x0040277f
                                                                  0x00402781
                                                                  0x00402783
                                                                  0x00402783
                                                                  0x004029bb
                                                                  0x004029c7

                                                                  APIs
                                                                  • FindFirstFileA.KERNELBASE(00000000,?,00000002), ref: 00402774
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.691031265.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.691022035.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691058909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691080261.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691237627.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691253951.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691263137.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691442975.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                  Similarity
                                                                  • API ID: FileFindFirst
                                                                  • String ID:
                                                                  • API String ID: 1974802433-0
                                                                  • Opcode ID: d49b052ccc37abe76686d4a71a1dd7afab77a5349bca0cf12c91bef43c1fe758
                                                                  • Instruction ID: 5c82bf4159fd1739121f93a17669663fbe331ae18c29918af2b78fc5806f8225
                                                                  • Opcode Fuzzy Hash: d49b052ccc37abe76686d4a71a1dd7afab77a5349bca0cf12c91bef43c1fe758
                                                                  • Instruction Fuzzy Hash: 39F0EC725441009BD301EB749A49AFEB77CEF15324F60017BE141F21C1D6F84945D77A
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 00403BCA Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 346windowstringCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 185 403bca-403bdc 186 403be2-403be8 185->186 187 403d1d-403d2c 185->187 186->187 188 403bee-403bf7 186->188 189 403d7b-403d90 187->189 190 403d2e-403d69 GetDlgItem * 2 call 40409e KiUserCallbackDispatcher call 40140b 187->190 191 403bf9-403c06 SetWindowPos 188->191 192 403c0c-403c0f 188->192 194 403dd0-403dd5 call 4040ea 189->194 195 403d92-403d95 189->195 213 403d6e-403d76 190->213 191->192 197 403c11-403c23 ShowWindow 192->197 198 403c29-403c2f 192->198 203 403dda-403df5 194->203 200 403d97-403da2 call 401389 195->200 201 403dc8-403dca 195->201 197->198 204 403c31-403c46 DestroyWindow 198->204 205 403c4b-403c4e 198->205 200->201 216 403da4-403dc3 SendMessageA 200->216 201->194 202 40406b 201->202 211 40406d-404074 202->211 209 403df7-403df9 call 40140b 203->209 210 403dfe-403e04 203->210 212 404048-40404e 204->212 214 403c50-403c5c SetWindowLongA 205->214 215 403c61-403c67 205->215 209->210 219 404029-404042 DestroyWindow EndDialog 210->219 220 403e0a-403e15 210->220 212->202 218 404050-404056 212->218 213->189 214->211 221 403d0a-403d18 call 404105 215->221 222 403c6d-403c7e GetDlgItem 215->222 216->211 218->202 224 404058-404061 ShowWindow 218->224 219->212 220->219 225 403e1b-403e68 call 406032 call 40409e * 3 GetDlgItem 220->225 221->211 226 403c80-403c97 SendMessageA IsWindowEnabled 222->226 227 403c9d-403ca0 222->227 224->202 255 403e72-403eae ShowWindow KiUserCallbackDispatcher call 4040c0 EnableWindow 225->255 256 403e6a-403e6f 225->256 226->202 226->227 228 403ca2-403ca3 227->228 229 403ca5-403ca8 227->229 232 403cd3-403cd8 call 404077 228->232 233 403cb6-403cbb 229->233 234 403caa-403cb0 229->234 232->221 236 403cf1-403d04 SendMessageA 233->236 238 403cbd-403cc3 233->238 234->236 237 403cb2-403cb4 234->237 236->221 237->232 241 403cc5-403ccb call 40140b 238->241 242 403cda-403ce3 call 40140b 238->242 253 403cd1 241->253 242->221 251 403ce5-403cef 242->251 251->253 253->232 259 403eb0-403eb1 255->259 260 403eb3 255->260 256->255 261 403eb5-403ee3 GetSystemMenu EnableMenuItem SendMessageA 259->261 260->261 262 403ee5-403ef6 SendMessageA 261->262 263 403ef8 261->263 264 403efe-403f38 call 4040d3 call 403bab call 406010 lstrlenA call 406032 SetWindowTextA call 401389 262->264 263->264 264->203 275 403f3e-403f40 264->275 275->203 276 403f46-403f4a 275->276 277 403f69-403f7d DestroyWindow 276->277 278 403f4c-403f52 276->278 277->212 280 403f83-403fb0 CreateDialogParamA 277->280 278->202 279 403f58-403f5e 278->279 279->203 281 403f64 279->281 280->212 282 403fb6-40400d call 40409e GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401389 280->282 281->202 282->202 287 40400f-404022 ShowWindow call 4040ea 282->287 289 404027 287->289 289->212
                                                                  C-Code - Quality: 84%
                                                                  			E00403BCA(struct HWND__* _a4, signed int _a8, int _a12, long _a16) {
				struct HWND__* _v32;
				void* _v84;
				void* _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t35;
				signed int _t37;
				signed int _t39;
				struct HWND__* _t49;
				signed int _t68;
				struct HWND__* _t74;
				signed int _t87;
				struct HWND__* _t92;
				signed int _t100;
				int _t104;
				signed int _t116;
				signed int _t117;
				int _t118;
				signed int _t123;
				struct HWND__* _t126;
				struct HWND__* _t127;
				int _t128;
				long _t131;
				int _t133;
				int _t134;
				void* _t135;
				void* _t142;
				void* _t143;

				_t116 = _a8;
				if(_t116 == 0x110 || _t116 == 0x408) {
					_t35 = _a12;
					_t126 = _a4;
					__eflags = _t116 - 0x110;
					 *0x42a858 = _t35;
					if(_t116 == 0x110) {
						 *0x42f408 = _t126;
						 *0x42a86c = GetDlgItem(_t126, 1);
						_t92 = GetDlgItem(_t126, 2);
						_push(0xffffffff);
						_push(0x1c);
						 *0x429838 = _t92;
						E0040409E(_t126);
						SetClassLongA(_t126, 0xfffffff2,  *0x42ebe8); // executed
						 *0x42ebcc = E0040140B(4);
						_t35 = 1;
						__eflags = 1;
						 *0x42a858 = 1;
					}
					_t123 =  *0x40a1dc; // 0x1
					_t134 = 0;
					_t131 = (_t123 << 6) +  *0x42f440;
					__eflags = _t123;
					if(_t123 < 0) {
						L34:
						E004040EA(0x40b);
						while(1) {
							_t37 =  *0x42a858; // 0x1
							 *0x40a1dc =  *0x40a1dc + _t37;
							_t131 = _t131 + (_t37 << 6);
							_t39 =  *0x40a1dc; // 0x1
							__eflags = _t39 -  *0x42f444;
							if(_t39 ==  *0x42f444) {
								E0040140B(1);
							}
							__eflags =  *0x42ebcc - _t134; // 0x0
							if(__eflags != 0) {
								break;
							}
							__eflags =  *0x40a1dc -  *0x42f444; // 0x1
							if(__eflags >= 0) {
								break;
							}
							_t117 =  *(_t131 + 0x14);
							E00406032(_t117, _t126, _t131, 0x437800,  *((intOrPtr*)(_t131 + 0x24)));
							_push( *((intOrPtr*)(_t131 + 0x20)));
							_push(0xfffffc19);
							E0040409E(_t126);
							_push( *((intOrPtr*)(_t131 + 0x1c)));
							_push(0xfffffc1b);
							E0040409E(_t126);
							_push( *((intOrPtr*)(_t131 + 0x28)));
							_push(0xfffffc1a);
							E0040409E(_t126);
							_t49 = GetDlgItem(_t126, 3);
							__eflags =  *0x42f4ac - _t134;
							_v32 = _t49;
							if( *0x42f4ac != _t134) {
								_t117 = _t117 & 0x0000fefd | 0x00000004;
								__eflags = _t117;
							}
							ShowWindow(_t49, _t117 & 0x00000008); // executed
							EnableWindow( *(_t135 + 0x30), _t117 & 0x00000100); // executed
							E004040C0(_t117 & 0x00000002);
							_t118 = _t117 & 0x00000004;
							EnableWindow( *0x429838, _t118);
							__eflags = _t118 - _t134;
							if(_t118 == _t134) {
								_push(1);
							} else {
								_push(_t134);
							}
							EnableMenuItem(GetSystemMenu(_t126, _t134), 0xf060, ??);
							SendMessageA( *(_t135 + 0x38), 0xf4, _t134, 1);
							__eflags =  *0x42f4ac - _t134;
							if( *0x42f4ac == _t134) {
								_push( *0x42a86c);
							} else {
								SendMessageA(_t126, 0x401, 2, _t134);
								_push( *0x429838);
							}
							E004040D3();
							E00406010(0x42a870, E00403BAB());
							E00406032(0x42a870, _t126, _t131,  &(0x42a870[lstrlenA(0x42a870)]),  *((intOrPtr*)(_t131 + 0x18)));
							SetWindowTextA(_t126, 0x42a870); // executed
							_push(_t134);
							_t68 = E00401389( *((intOrPtr*)(_t131 + 8)));
							__eflags = _t68;
							if(_t68 != 0) {
								continue;
							} else {
								__eflags =  *_t131 - _t134;
								if( *_t131 == _t134) {
									continue;
								}
								__eflags =  *(_t131 + 4) - 5;
								if( *(_t131 + 4) != 5) {
									DestroyWindow( *0x42ebd8); // executed
									 *0x42a048 = _t131;
									__eflags =  *_t131 - _t134;
									if( *_t131 <= _t134) {
										goto L58;
									}
									_t74 = CreateDialogParamA( *0x42f400,  *_t131 +  *0x42ebe0 & 0x0000ffff, _t126,  *(0x40a1e0 +  *(_t131 + 4) * 4), _t131); // executed
									__eflags = _t74 - _t134;
									 *0x42ebd8 = _t74;
									if(_t74 == _t134) {
										goto L58;
									}
									_push( *((intOrPtr*)(_t131 + 0x2c)));
									_push(6);
									E0040409E(_t74);
									GetWindowRect(GetDlgItem(_t126, 0x3fa), _t135 + 0x10);
									ScreenToClient(_t126, _t135 + 0x10);
									SetWindowPos( *0x42ebd8, _t134,  *(_t135 + 0x20),  *(_t135 + 0x20), _t134, _t134, 0x15);
									_push(_t134);
									E00401389( *((intOrPtr*)(_t131 + 0xc)));
									__eflags =  *0x42ebcc - _t134; // 0x0
									if(__eflags != 0) {
										goto L61;
									}
									ShowWindow( *0x42ebd8, 8); // executed
									E004040EA(0x405);
									goto L58;
								}
								__eflags =  *0x42f4ac - _t134;
								if( *0x42f4ac != _t134) {
									goto L61;
								}
								__eflags =  *0x42f4a0 - _t134;
								if( *0x42f4a0 != _t134) {
									continue;
								}
								goto L61;
							}
						}
						DestroyWindow( *0x42ebd8);
						 *0x42f408 = _t134;
						EndDialog(_t126,  *0x429c40);
						goto L58;
					} else {
						__eflags = _t35 - 1;
						if(_t35 != 1) {
							L33:
							__eflags =  *_t131 - _t134;
							if( *_t131 == _t134) {
								goto L61;
							}
							goto L34;
						}
						_push(0);
						_t87 = E00401389( *((intOrPtr*)(_t131 + 0x10)));
						__eflags = _t87;
						if(_t87 == 0) {
							goto L33;
						}
						SendMessageA( *0x42ebd8, 0x40f, 0, 1);
						__eflags =  *0x42ebcc - _t134; // 0x0
						return 0 | __eflags == 0x00000000;
					}
				} else {
					_t126 = _a4;
					_t134 = 0;
					if(_t116 == 0x47) {
						SetWindowPos( *0x42a850, _t126, 0, 0, 0, 0, 0x13);
					}
					if(_t116 == 5) {
						asm("sbb eax, eax");
						ShowWindow( *0x42a850,  ~(_a12 - 1) & _t116);
					}
					if(_t116 != 0x40d) {
						__eflags = _t116 - 0x11;
						if(_t116 != 0x11) {
							__eflags = _t116 - 0x111;
							if(_t116 != 0x111) {
								L26:
								return E00404105(_t116, _a12, _a16);
							}
							_t133 = _a12 & 0x0000ffff;
							_t127 = GetDlgItem(_t126, _t133);
							__eflags = _t127 - _t134;
							if(_t127 == _t134) {
								L13:
								__eflags = _t133 - 1;
								if(_t133 != 1) {
									__eflags = _t133 - 3;
									if(_t133 != 3) {
										_t128 = 2;
										__eflags = _t133 - _t128;
										if(_t133 != _t128) {
											L25:
											SendMessageA( *0x42ebd8, 0x111, _a12, _a16);
											goto L26;
										}
										__eflags =  *0x42f4ac - _t134;
										if( *0x42f4ac == _t134) {
											_t100 = E0040140B(3);
											__eflags = _t100;
											if(_t100 != 0) {
												goto L26;
											}
											 *0x429c40 = 1;
											L21:
											_push(0x78);
											L22:
											E00404077();
											goto L26;
										}
										E0040140B(_t128);
										 *0x429c40 = _t128;
										goto L21;
									}
									__eflags =  *0x40a1dc - _t134; // 0x1
									if(__eflags <= 0) {
										goto L25;
									}
									_push(0xffffffff);
									goto L22;
								}
								_push(_t133);
								goto L22;
							}
							SendMessageA(_t127, 0xf3, _t134, _t134);
							_t104 = IsWindowEnabled(_t127);
							__eflags = _t104;
							if(_t104 == 0) {
								goto L61;
							}
							goto L13;
						}
						SetWindowLongA(_t126, _t134, _t134);
						return 1;
					} else {
						DestroyWindow( *0x42ebd8);
						 *0x42ebd8 = _a12;
						L58:
						_t142 =  *0x42b870 - _t134; // 0x1
						if(_t142 == 0) {
							_t143 =  *0x42ebd8 - _t134; // 0x1042e
							if(_t143 != 0) {
								ShowWindow(_t126, 0xa); // executed
								 *0x42b870 = 1;
							}
						}
						L61:
						return 0;
					}
				}
			}
































                                                                  0x00403bd3
                                                                  0x00403bdc
                                                                  0x00403d1d
                                                                  0x00403d21
                                                                  0x00403d25
                                                                  0x00403d27
                                                                  0x00403d2c
                                                                  0x00403d37
                                                                  0x00403d42
                                                                  0x00403d47
                                                                  0x00403d49
                                                                  0x00403d4b
                                                                  0x00403d4e
                                                                  0x00403d53
                                                                  0x00403d61
                                                                  0x00403d6e
                                                                  0x00403d75
                                                                  0x00403d75
                                                                  0x00403d76
                                                                  0x00403d76
                                                                  0x00403d7b
                                                                  0x00403d81
                                                                  0x00403d88
                                                                  0x00403d8e
                                                                  0x00403d90
                                                                  0x00403dd0
                                                                  0x00403dd5
                                                                  0x00403dda
                                                                  0x00403dda
                                                                  0x00403ddf
                                                                  0x00403de8
                                                                  0x00403dea
                                                                  0x00403def
                                                                  0x00403df5
                                                                  0x00403df9
                                                                  0x00403df9
                                                                  0x00403dfe
                                                                  0x00403e04
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00403e0f
                                                                  0x00403e15
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00403e1e
                                                                  0x00403e26
                                                                  0x00403e2b
                                                                  0x00403e2e
                                                                  0x00403e34
                                                                  0x00403e39
                                                                  0x00403e3c
                                                                  0x00403e42
                                                                  0x00403e47
                                                                  0x00403e4a
                                                                  0x00403e50
                                                                  0x00403e58
                                                                  0x00403e5e
                                                                  0x00403e64
                                                                  0x00403e68
                                                                  0x00403e6f
                                                                  0x00403e6f
                                                                  0x00403e6f
                                                                  0x00403e79
                                                                  0x00403e8b
                                                                  0x00403e97
                                                                  0x00403e9c
                                                                  0x00403ea6
                                                                  0x00403eac
                                                                  0x00403eae
                                                                  0x00403eb3
                                                                  0x00403eb0
                                                                  0x00403eb0
                                                                  0x00403eb0
                                                                  0x00403ec3
                                                                  0x00403edb
                                                                  0x00403edd
                                                                  0x00403ee3
                                                                  0x00403ef8
                                                                  0x00403ee5
                                                                  0x00403eee
                                                                  0x00403ef0
                                                                  0x00403ef0
                                                                  0x00403efe
                                                                  0x00403f0f
                                                                  0x00403f20
                                                                  0x00403f27
                                                                  0x00403f2d
                                                                  0x00403f31
                                                                  0x00403f36
                                                                  0x00403f38
                                                                  0x00000000
                                                                  0x00403f3e
                                                                  0x00403f3e
                                                                  0x00403f40
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00403f46
                                                                  0x00403f4a
                                                                  0x00403f6f
                                                                  0x00403f75
                                                                  0x00403f7b
                                                                  0x00403f7d
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00403fa3
                                                                  0x00403fa9
                                                                  0x00403fab
                                                                  0x00403fb0
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00403fb6
                                                                  0x00403fb9
                                                                  0x00403fbc
                                                                  0x00403fd3
                                                                  0x00403fdf
                                                                  0x00403ff8
                                                                  0x00403ffe
                                                                  0x00404002
                                                                  0x00404007
                                                                  0x0040400d
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00404017
                                                                  0x00404022
                                                                  0x00000000
                                                                  0x00404022
                                                                  0x00403f4c
                                                                  0x00403f52
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00403f58
                                                                  0x00403f5e
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00403f64
                                                                  0x00403f38
                                                                  0x0040402f
                                                                  0x0040403b
                                                                  0x00404042
                                                                  0x00000000
                                                                  0x00403d92
                                                                  0x00403d92
                                                                  0x00403d95
                                                                  0x00403dc8
                                                                  0x00403dc8
                                                                  0x00403dca
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00403dca
                                                                  0x00403d97
                                                                  0x00403d9b
                                                                  0x00403da0
                                                                  0x00403da2
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00403db2
                                                                  0x00403dba
                                                                  0x00000000
                                                                  0x00403dc0
                                                                  0x00403bee
                                                                  0x00403bee
                                                                  0x00403bf2
                                                                  0x00403bf7
                                                                  0x00403c06
                                                                  0x00403c06
                                                                  0x00403c0f
                                                                  0x00403c18
                                                                  0x00403c23
                                                                  0x00403c23
                                                                  0x00403c2f
                                                                  0x00403c4b
                                                                  0x00403c4e
                                                                  0x00403c61
                                                                  0x00403c67
                                                                  0x00403d0a
                                                                  0x00000000
                                                                  0x00403d13
                                                                  0x00403c6d
                                                                  0x00403c7a
                                                                  0x00403c7c
                                                                  0x00403c7e
                                                                  0x00403c9d
                                                                  0x00403c9d
                                                                  0x00403ca0
                                                                  0x00403ca5
                                                                  0x00403ca8
                                                                  0x00403cb8
                                                                  0x00403cb9
                                                                  0x00403cbb
                                                                  0x00403cf1
                                                                  0x00403d04
                                                                  0x00000000
                                                                  0x00403d04
                                                                  0x00403cbd
                                                                  0x00403cc3
                                                                  0x00403cdc
                                                                  0x00403ce1
                                                                  0x00403ce3
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00403ce5
                                                                  0x00403cd1
                                                                  0x00403cd1
                                                                  0x00403cd3
                                                                  0x00403cd3
                                                                  0x00000000
                                                                  0x00403cd3
                                                                  0x00403cc6
                                                                  0x00403ccb
                                                                  0x00000000
                                                                  0x00403ccb
                                                                  0x00403caa
                                                                  0x00403cb0
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00403cb2
                                                                  0x00000000
                                                                  0x00403cb2
                                                                  0x00403ca2
                                                                  0x00000000
                                                                  0x00403ca2
                                                                  0x00403c88
                                                                  0x00403c8f
                                                                  0x00403c95
                                                                  0x00403c97
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00403c97
                                                                  0x00403c53
                                                                  0x00000000
                                                                  0x00403c31
                                                                  0x00403c37
                                                                  0x00403c41
                                                                  0x00404048
                                                                  0x00404048
                                                                  0x0040404e
                                                                  0x00404050
                                                                  0x00404056
                                                                  0x0040405b
                                                                  0x00404061
                                                                  0x00404061
                                                                  0x00404056
                                                                  0x0040406b
                                                                  0x00000000
                                                                  0x0040406b
                                                                  0x00403c2f

                                                                  APIs
                                                                  • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403C06
                                                                  • ShowWindow.USER32(?), ref: 00403C23
                                                                  • DestroyWindow.USER32 ref: 00403C37
                                                                  • SetWindowLongA.USER32 ref: 00403C53
                                                                  • GetDlgItem.USER32 ref: 00403C74
                                                                  • SendMessageA.USER32(00000000,000000F3,00000000,00000000), ref: 00403C88
                                                                  • IsWindowEnabled.USER32(00000000), ref: 00403C8F
                                                                  • GetDlgItem.USER32 ref: 00403D3D
                                                                  • GetDlgItem.USER32 ref: 00403D47
                                                                  • KiUserCallbackDispatcher.NTDLL(?,000000F2,?,0000001C,000000FF), ref: 00403D61
                                                                  • SendMessageA.USER32(0000040F,00000000,00000001,?), ref: 00403DB2
                                                                  • GetDlgItem.USER32 ref: 00403E58
                                                                  • ShowWindow.USER32(00000000,?), ref: 00403E79
                                                                  • KiUserCallbackDispatcher.NTDLL(?,?), ref: 00403E8B
                                                                  • EnableWindow.USER32(?,?), ref: 00403EA6
                                                                  • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00403EBC
                                                                  • EnableMenuItem.USER32 ref: 00403EC3
                                                                  • SendMessageA.USER32(?,000000F4,00000000,00000001), ref: 00403EDB
                                                                  • SendMessageA.USER32(?,00000401,00000002,00000000), ref: 00403EEE
                                                                  • lstrlenA.KERNEL32(Wildix WIService v2.15.2 Setup: Completed,?,Wildix WIService v2.15.2 Setup: Completed,00000000), ref: 00403F18
                                                                  • SetWindowTextA.USER32(?,Wildix WIService v2.15.2 Setup: Completed), ref: 00403F27
                                                                  • ShowWindow.USER32(?,0000000A), ref: 0040405B
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.691031265.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.691022035.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691058909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691080261.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691237627.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691253951.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691263137.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691442975.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                  Similarity
                                                                  • API ID: Window$Item$MessageSend$Show$CallbackDispatcherEnableMenuUser$DestroyEnabledLongSystemTextlstrlen
                                                                  • String ID: Wildix WIService v2.15.2 Setup: Completed
                                                                  • API String ID: 3906175533-2136058454
                                                                  • Opcode ID: 5ffd1eee2a53c0bce8439eebe02f74cc0bfe9fdaa9e9cbb129ddddf772baf92f
                                                                  • Instruction ID: 8391a727dd330e9af47019fb45b898bbd0b6ec160f5193fdc8e4d7e88c7c5567
                                                                  • Opcode Fuzzy Hash: 5ffd1eee2a53c0bce8439eebe02f74cc0bfe9fdaa9e9cbb129ddddf772baf92f
                                                                  • Instruction Fuzzy Hash: 39C1B171600704AFDB20AF62EE45E2B3AA9FB95706F40043EF642B51E1CB799852DB1D
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 0040382D Relevance: 47.5, APIs: 13, Strings: 14, Instructions: 215stringregistryCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 290 40382d-403845 call 4063a8 293 403847-403857 call 405f6e 290->293 294 403859-40388a call 405ef7 290->294 302 4038ad-4038d6 call 403af2 call 405a96 293->302 298 4038a2-4038a8 lstrcatA 294->298 299 40388c-40389d call 405ef7 294->299 298->302 299->298 308 4038dc-4038e1 302->308 309 40395d-403965 call 405a96 302->309 308->309 310 4038e3-4038fb call 405ef7 308->310 315 403973-403998 LoadImageA 309->315 316 403967-40396e call 406032 309->316 314 403900-403907 310->314 314->309 319 403909-40390b 314->319 317 403a19-403a21 call 40140b 315->317 318 40399a-4039ca RegisterClassA 315->318 316->315 333 403a23-403a26 317->333 334 403a2b-403a36 call 403af2 317->334 321 4039d0-403a14 SystemParametersInfoA CreateWindowExA 318->321 322 403ae8 318->322 324 40391c-403928 lstrlenA 319->324 325 40390d-40391a call 4059d3 319->325 321->317 326 403aea-403af1 322->326 327 403950-403958 call 4059a8 call 406010 324->327 328 40392a-403938 lstrcmpiA 324->328 325->324 327->309 328->327 332 40393a-403944 GetFileAttributesA 328->332 336 403946-403948 332->336 337 40394a-40394b call 4059ef 332->337 333->326 343 403a3c-403a56 ShowWindow call 40633a 334->343 344 403abf-403ac0 call 405209 334->344 336->327 336->337 337->327 351 403a62-403a74 GetClassInfoA 343->351 352 403a58-403a5d call 40633a 343->352 347 403ac5-403ac7 344->347 349 403ae1-403ae3 call 40140b 347->349 350 403ac9-403acf 347->350 349->322 350->333 355 403ad5-403adc call 40140b 350->355 353 403a76-403a86 GetClassInfoA RegisterClassA 351->353 354 403a8c-403aaf DialogBoxParamA call 40140b 351->354 352->351 353->354 360 403ab4-403abd call 40377d 354->360 355->333 360->326
                                                                  C-Code - Quality: 96%
                                                                  			E0040382D(void* __eflags) {
				intOrPtr _v4;
				intOrPtr _v8;
				int _v12;
				void _v16;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t17;
				void* _t25;
				void* _t27;
				int _t28;
				void* _t31;
				int _t34;
				int _t35;
				intOrPtr _t36;
				int _t39;
				char _t57;
				CHAR* _t59;
				signed char _t63;
				CHAR* _t74;
				intOrPtr _t76;
				CHAR* _t81;

				_t76 =  *0x42f414;
				_t17 = E004063A8(2);
				_t84 = _t17;
				if(_t17 == 0) {
					_t74 = 0x42a870;
					"1033" = 0x30;
					 *0x436001 = 0x78;
					 *0x436002 = 0;
					E00405EF7(_t71, __eflags, 0x80000001, "Control Panel\\Desktop\\ResourceLocale", 0, 0x42a870, 0);
					__eflags =  *0x42a870; // 0x57
					if(__eflags == 0) {
						E00405EF7(_t71, __eflags, 0x80000003, ".DEFAULT\\Control Panel\\International",  &M00408362, 0x42a870, 0);
					}
					lstrcatA("1033", _t74);
				} else {
					E00405F6E("1033",  *_t17() & 0x0000ffff);
				}
				E00403AF2(_t71, _t84);
				_t80 = "C:\\Program Files (x86)\\Wildix\\WIService";
				 *0x42f4a0 =  *0x42f41c & 0x00000020;
				 *0x42f4bc = 0x10000;
				if(E00405A96(_t84, "C:\\Program Files (x86)\\Wildix\\WIService") != 0) {
					L16:
					if(E00405A96(_t92, _t80) == 0) {
						E00406032(0, _t74, _t76, _t80,  *((intOrPtr*)(_t76 + 0x118))); // executed
					}
					_t25 = LoadImageA( *0x42f400, 0x67, 1, 0, 0, 0x8040); // executed
					 *0x42ebe8 = _t25;
					if( *((intOrPtr*)(_t76 + 0x50)) == 0xffffffff) {
						L21:
						if(E0040140B(0) == 0) {
							_t27 = E00403AF2(_t71, __eflags);
							__eflags =  *0x42f4c0;
							if( *0x42f4c0 != 0) {
								_t28 = E00405209(_t27, 0);
								__eflags = _t28;
								if(_t28 == 0) {
									E0040140B(1);
									goto L33;
								}
								__eflags =  *0x42ebcc; // 0x0
								if(__eflags == 0) {
									E0040140B(2);
								}
								goto L22;
							}
							ShowWindow( *0x42a850, 5); // executed
							_t34 = E0040633A("RichEd20"); // executed
							__eflags = _t34;
							if(_t34 == 0) {
								E0040633A("RichEd32");
							}
							_t81 = "RichEdit20A";
							_t35 = GetClassInfoA(0, _t81, 0x42eba0);
							__eflags = _t35;
							if(_t35 == 0) {
								GetClassInfoA(0, "RichEdit", 0x42eba0);
								 *0x42ebc4 = _t81;
								RegisterClassA(0x42eba0);
							}
							_t36 =  *0x42ebe0; // 0x0
							_t39 = DialogBoxParamA( *0x42f400, _t36 + 0x00000069 & 0x0000ffff, 0, E00403BCA, 0); // executed
							E0040377D(E0040140B(5), 1);
							return _t39;
						}
						L22:
						_t31 = 2;
						return _t31;
					} else {
						_t71 =  *0x42f400;
						 *0x42eba4 = E00401000;
						 *0x42ebb0 =  *0x42f400;
						 *0x42ebb4 = _t25;
						 *0x42ebc4 = 0x40a1f4;
						if(RegisterClassA(0x42eba0) == 0) {
							L33:
							__eflags = 0;
							return 0;
						}
						SystemParametersInfoA(0x30, 0,  &_v16, 0);
						 *0x42a850 = CreateWindowExA(0x80, 0x40a1f4, 0, 0x80000000, _v16, _v12, _v8 - _v16, _v4 - _v12, 0, 0,  *0x42f400, 0);
						goto L21;
					}
				} else {
					_t71 =  *(_t76 + 0x48);
					_t86 = _t71;
					if(_t71 == 0) {
						goto L16;
					}
					_t74 = 0x42e3a0;
					E00405EF7(_t71, _t86,  *((intOrPtr*)(_t76 + 0x44)), _t71,  *((intOrPtr*)(_t76 + 0x4c)) +  *0x42f458, 0x42e3a0, 0);
					_t57 =  *0x42e3a0; // 0x3a
					if(_t57 == 0) {
						goto L16;
					}
					if(_t57 == 0x22) {
						_t74 = 0x42e3a1;
						 *((char*)(E004059D3(0x42e3a1, 0x22))) = 0;
					}
					_t59 = lstrlenA(_t74) + _t74 - 4;
					if(_t59 <= _t74 || lstrcmpiA(_t59, ?str?) != 0) {
						L15:
						E00406010(_t80, E004059A8(_t74));
						goto L16;
					} else {
						_t63 = GetFileAttributesA(_t74);
						if(_t63 == 0xffffffff) {
							L14:
							E004059EF(_t74);
							goto L15;
						}
						_t92 = _t63 & 0x00000010;
						if((_t63 & 0x00000010) != 0) {
							goto L15;
						}
						goto L14;
					}
				}
			}

























                                                                  0x00403833
                                                                  0x0040383c
                                                                  0x00403843
                                                                  0x00403845
                                                                  0x00403859
                                                                  0x0040386b
                                                                  0x00403872
                                                                  0x00403879
                                                                  0x0040387f
                                                                  0x00403884
                                                                  0x0040388a
                                                                  0x0040389d
                                                                  0x0040389d
                                                                  0x004038a8
                                                                  0x00403847
                                                                  0x00403852
                                                                  0x00403852
                                                                  0x004038ad
                                                                  0x004038b7
                                                                  0x004038c0
                                                                  0x004038c5
                                                                  0x004038d6
                                                                  0x0040395d
                                                                  0x00403965
                                                                  0x0040396e
                                                                  0x0040396e
                                                                  0x00403984
                                                                  0x0040398a
                                                                  0x00403998
                                                                  0x00403a19
                                                                  0x00403a21
                                                                  0x00403a2b
                                                                  0x00403a30
                                                                  0x00403a36
                                                                  0x00403ac0
                                                                  0x00403ac5
                                                                  0x00403ac7
                                                                  0x00403ae3
                                                                  0x00000000
                                                                  0x00403ae3
                                                                  0x00403ac9
                                                                  0x00403acf
                                                                  0x00403ad7
                                                                  0x00403ad7
                                                                  0x00000000
                                                                  0x00403acf
                                                                  0x00403a44
                                                                  0x00403a4f
                                                                  0x00403a54
                                                                  0x00403a56
                                                                  0x00403a5d
                                                                  0x00403a5d
                                                                  0x00403a68
                                                                  0x00403a70
                                                                  0x00403a72
                                                                  0x00403a74
                                                                  0x00403a7d
                                                                  0x00403a80
                                                                  0x00403a86
                                                                  0x00403a86
                                                                  0x00403a8c
                                                                  0x00403aa5
                                                                  0x00403ab6
                                                                  0x00000000
                                                                  0x00403abb
                                                                  0x00403a23
                                                                  0x00403a25
                                                                  0x00000000
                                                                  0x0040399a
                                                                  0x0040399a
                                                                  0x004039a6
                                                                  0x004039b0
                                                                  0x004039b6
                                                                  0x004039bb
                                                                  0x004039ca
                                                                  0x00403ae8
                                                                  0x00403ae8
                                                                  0x00000000
                                                                  0x00403ae8
                                                                  0x004039d9
                                                                  0x00403a14
                                                                  0x00000000
                                                                  0x00403a14
                                                                  0x004038dc
                                                                  0x004038dc
                                                                  0x004038df
                                                                  0x004038e1
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x004038eb
                                                                  0x004038fb
                                                                  0x00403900
                                                                  0x00403907
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x0040390b
                                                                  0x0040390d
                                                                  0x0040391a
                                                                  0x0040391a
                                                                  0x00403922
                                                                  0x00403928
                                                                  0x00403950
                                                                  0x00403958
                                                                  0x00000000
                                                                  0x0040393a
                                                                  0x0040393b
                                                                  0x00403944
                                                                  0x0040394a
                                                                  0x0040394b
                                                                  0x00000000
                                                                  0x0040394b
                                                                  0x00403946
                                                                  0x00403948
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00403948
                                                                  0x00403928

                                                                  APIs
                                                                    • Part of subcall function 004063A8: GetModuleHandleA.KERNEL32(?,?,?,004032DE,0000000A), ref: 004063BA
                                                                    • Part of subcall function 004063A8: GetProcAddress.KERNEL32(00000000,?), ref: 004063D5
                                                                  • lstrcatA.KERNEL32(1033,Wildix WIService v2.15.2 Setup: Completed,80000001,Control Panel\Desktop\ResourceLocale,00000000,Wildix WIService v2.15.2 Setup: Completed,00000000,00000002,7476FA90,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\SetupWIService.exe",00000000), ref: 004038A8
                                                                  • lstrlenA.KERNEL32(: Completed,?,?,?,: Completed,00000000,C:\Program Files (x86)\Wildix\WIService,1033,Wildix WIService v2.15.2 Setup: Completed,80000001,Control Panel\Desktop\ResourceLocale,00000000,Wildix WIService v2.15.2 Setup: Completed,00000000,00000002,7476FA90), ref: 0040391D
                                                                  • lstrcmpiA.KERNEL32(?,.exe,: Completed,?,?,?,: Completed,00000000,C:\Program Files (x86)\Wildix\WIService,1033,Wildix WIService v2.15.2 Setup: Completed,80000001,Control Panel\Desktop\ResourceLocale,00000000,Wildix WIService v2.15.2 Setup: Completed,00000000), ref: 00403930
                                                                  • GetFileAttributesA.KERNEL32(: Completed), ref: 0040393B
                                                                  • LoadImageA.USER32 ref: 00403984
                                                                    • Part of subcall function 00405F6E: wsprintfA.USER32 ref: 00405F7B
                                                                  • RegisterClassA.USER32 ref: 004039C1
                                                                  • SystemParametersInfoA.USER32(00000030,00000000,?,00000000), ref: 004039D9
                                                                  • CreateWindowExA.USER32 ref: 00403A0E
                                                                  • ShowWindow.USER32(00000005,00000000), ref: 00403A44
                                                                  • GetClassInfoA.USER32 ref: 00403A70
                                                                  • GetClassInfoA.USER32 ref: 00403A7D
                                                                  • RegisterClassA.USER32 ref: 00403A86
                                                                  • DialogBoxParamA.USER32 ref: 00403AA5
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.691031265.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.691022035.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691058909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691080261.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691237627.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691253951.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691263137.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691442975.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                  Similarity
                                                                  • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                                  • String ID: "C:\Users\user\Desktop\SetupWIService.exe"$.DEFAULT\Control Panel\International$.exe$1033$: Completed$C:\Program Files (x86)\Wildix\WIService$C:\Users\user\AppData\Local\Temp\$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20A$Wildix WIService v2.15.2 Setup: Completed$_Nb
                                                                  • API String ID: 1975747703-2914575356
                                                                  • Opcode ID: 15822f17e376e41266fbf8a251ac5c412d7bb8a3b85e81a9d7c16052a8cecaf4
                                                                  • Instruction ID: 5bdd09b32da2b5bd11ad56600dd1adb443959310d265eb20ccced3f07ac4f103
                                                                  • Opcode Fuzzy Hash: 15822f17e376e41266fbf8a251ac5c412d7bb8a3b85e81a9d7c16052a8cecaf4
                                                                  • Instruction Fuzzy Hash: B461C770340201AED620BB669D45F2B3E6CEB54749F80447FF981B22E2CB7D9D469B2D
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 00402DC4 Relevance: 29.9, APIs: 5, Strings: 12, Instructions: 181memoryCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 364 402dc4-402e12 GetTickCount GetModuleFileNameA call 405ba9 367 402e14-402e19 364->367 368 402e1e-402e4c call 406010 call 4059ef call 406010 GetFileSize 364->368 369 402ff4-402ff8 367->369 376 402e52 368->376 377 402f37-402f45 call 402d60 368->377 378 402e57-402e6e 376->378 383 402f47-402f4a 377->383 384 402f9a-402f9f 377->384 380 402e70 378->380 381 402e72-402e7b call 40320d 378->381 380->381 390 402fa1-402fa9 call 402d60 381->390 391 402e81-402e88 381->391 386 402f4c-402f64 call 403223 call 40320d 383->386 387 402f6e-402f98 GlobalAlloc call 403223 call 402ffb 383->387 384->369 386->384 410 402f66-402f6c 386->410 387->384 415 402fab-402fbc 387->415 390->384 394 402f04-402f08 391->394 395 402e8a-402e9e call 405b64 391->395 399 402f12-402f18 394->399 400 402f0a-402f11 call 402d60 394->400 395->399 413 402ea0-402ea7 395->413 406 402f27-402f2f 399->406 407 402f1a-402f24 call 40645f 399->407 400->399 406->378 414 402f35 406->414 407->406 410->384 410->387 413->399 419 402ea9-402eb0 413->419 414->377 416 402fc4-402fc9 415->416 417 402fbe 415->417 420 402fca-402fd0 416->420 417->416 419->399 421 402eb2-402eb9 419->421 420->420 422 402fd2-402fed SetFilePointer call 405b64 420->422 421->399 423 402ebb-402ec2 421->423 426 402ff2 422->426 423->399 425 402ec4-402ee4 423->425 425->384 427 402eea-402eee 425->427 426->369 428 402ef0-402ef4 427->428 429 402ef6-402efe 427->429 428->414 428->429 429->399 430 402f00-402f02 429->430 430->399
                                                                  C-Code - Quality: 80%
                                                                  			E00402DC4(void* __eflags, signed int _a4) {
				DWORD* _v8;
				DWORD* _v12;
				void* _v16;
				intOrPtr _v20;
				long _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				signed int _v44;
				long _t43;
				signed int _t50;
				void* _t53;
				void* _t57;
				intOrPtr* _t59;
				long _t60;
				signed int _t65;
				signed int _t70;
				signed int _t71;
				signed int _t77;
				intOrPtr _t80;
				long _t82;
				signed int _t85;
				signed int _t87;
				void* _t89;
				signed int _t90;
				signed int _t93;
				void* _t94;

				_t82 = 0;
				_v12 = 0;
				_v8 = 0;
				_t43 = GetTickCount();
				_t91 = "C:\\Users\\jones\\Desktop\\SetupWIService.exe";
				 *0x42f410 = _t43 + 0x3e8;
				GetModuleFileNameA(0, "C:\\Users\\jones\\Desktop\\SetupWIService.exe", 0x400);
				_t89 = E00405BA9(_t91, 0x80000000, 3);
				_v16 = _t89;
				 *0x40a018 = _t89;
				if(_t89 == 0xffffffff) {
					return "Error launching installer";
				}
				_t92 = "C:\\Users\\jones\\Desktop";
				E00406010("C:\\Users\\jones\\Desktop", _t91);
				E00406010("SetupWIService.exe", E004059EF(_t92));
				_t50 = GetFileSize(_t89, 0);
				__eflags = _t50;
				 *0x42942c = _t50;
				_t93 = _t50;
				if(_t50 <= 0) {
					L24:
					E00402D60(1);
					__eflags =  *0x42f418 - _t82;
					if( *0x42f418 == _t82) {
						goto L29;
					}
					__eflags = _v8 - _t82;
					if(_v8 == _t82) {
						L28:
						_t53 = GlobalAlloc(0x40, _v24); // executed
						_t94 = _t53;
						E00403223( *0x42f418 + 0x1c);
						_push(_v24);
						_push(_t94);
						_push(_t82);
						_push(0xffffffff); // executed
						_t57 = E00402FFB(); // executed
						__eflags = _t57 - _v24;
						if(_t57 == _v24) {
							__eflags = _v44 & 0x00000001;
							 *0x42f414 = _t94;
							 *0x42f41c =  *_t94;
							if((_v44 & 0x00000001) != 0) {
								 *0x42f420 =  *0x42f420 + 1;
								__eflags =  *0x42f420;
							}
							_t40 = _t94 + 0x44; // 0x44
							_t59 = _t40;
							_t85 = 8;
							do {
								_t59 = _t59 - 8;
								 *_t59 =  *_t59 + _t94;
								_t85 = _t85 - 1;
								__eflags = _t85;
							} while (_t85 != 0);
							_t60 = SetFilePointer(_v16, _t82, _t82, 1); // executed
							 *(_t94 + 0x3c) = _t60;
							E00405B64(0x42f440, _t94 + 4, 0x40);
							__eflags = 0;
							return 0;
						}
						goto L29;
					}
					E00403223( *0x41d420);
					_t65 = E0040320D( &_a4, 4);
					__eflags = _t65;
					if(_t65 == 0) {
						goto L29;
					}
					__eflags = _v12 - _a4;
					if(_v12 != _a4) {
						goto L29;
					}
					goto L28;
				} else {
					do {
						_t90 = _t93;
						asm("sbb eax, eax");
						_t70 = ( ~( *0x42f418) & 0x00007e00) + 0x200;
						__eflags = _t93 - _t70;
						if(_t93 >= _t70) {
							_t90 = _t70;
						}
						_t71 = E0040320D(0x415420, _t90);
						__eflags = _t71;
						if(_t71 == 0) {
							E00402D60(1);
							L29:
							return "Installer integrity check has failed. Common causes include\nincomplete download and damaged media. Contact the\ninstaller\'s author to obtain a new copy.\n\nMore information at:\nhttp://nsis.sf.net/NSIS_Error";
						}
						__eflags =  *0x42f418;
						if( *0x42f418 != 0) {
							__eflags = _a4 & 0x00000002;
							if((_a4 & 0x00000002) == 0) {
								E00402D60(0);
							}
							goto L20;
						}
						E00405B64( &_v44, 0x415420, 0x1c);
						_t77 = _v44;
						__eflags = _t77 & 0xfffffff0;
						if((_t77 & 0xfffffff0) != 0) {
							goto L20;
						}
						__eflags = _v40 - 0xdeadbeef;
						if(_v40 != 0xdeadbeef) {
							goto L20;
						}
						__eflags = _v28 - 0x74736e49;
						if(_v28 != 0x74736e49) {
							goto L20;
						}
						__eflags = _v32 - 0x74666f73;
						if(_v32 != 0x74666f73) {
							goto L20;
						}
						__eflags = _v36 - 0x6c6c754e;
						if(_v36 != 0x6c6c754e) {
							goto L20;
						}
						_a4 = _a4 | _t77;
						_t87 =  *0x41d420; // 0x42bfbf
						 *0x42f4c0 =  *0x42f4c0 | _a4 & 0x00000002;
						_t80 = _v20;
						__eflags = _t80 - _t93;
						 *0x42f418 = _t87;
						if(_t80 > _t93) {
							goto L29;
						}
						__eflags = _a4 & 0x00000008;
						if((_a4 & 0x00000008) != 0) {
							L16:
							_v8 = _v8 + 1;
							_t24 = _t80 - 4; // 0x40a194
							_t93 = _t24;
							__eflags = _t90 - _t93;
							if(_t90 > _t93) {
								_t90 = _t93;
							}
							goto L20;
						}
						__eflags = _a4 & 0x00000004;
						if((_a4 & 0x00000004) != 0) {
							break;
						}
						goto L16;
						L20:
						__eflags = _t93 -  *0x42942c; // 0x42e178
						if(__eflags < 0) {
							_v12 = E0040645F(_v12, 0x415420, _t90);
						}
						 *0x41d420 =  *0x41d420 + _t90;
						_t93 = _t93 - _t90;
						__eflags = _t93;
					} while (_t93 != 0);
					_t82 = 0;
					__eflags = 0;
					goto L24;
				}
			}































                                                                  0x00402dcc
                                                                  0x00402dcf
                                                                  0x00402dd2
                                                                  0x00402dd5
                                                                  0x00402ddb
                                                                  0x00402dec
                                                                  0x00402df1
                                                                  0x00402e04
                                                                  0x00402e09
                                                                  0x00402e0c
                                                                  0x00402e12
                                                                  0x00000000
                                                                  0x00402e14
                                                                  0x00402e1f
                                                                  0x00402e25
                                                                  0x00402e36
                                                                  0x00402e3d
                                                                  0x00402e43
                                                                  0x00402e45
                                                                  0x00402e4a
                                                                  0x00402e4c
                                                                  0x00402f37
                                                                  0x00402f39
                                                                  0x00402f3e
                                                                  0x00402f45
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00402f47
                                                                  0x00402f4a
                                                                  0x00402f6e
                                                                  0x00402f73
                                                                  0x00402f79
                                                                  0x00402f84
                                                                  0x00402f89
                                                                  0x00402f8c
                                                                  0x00402f8d
                                                                  0x00402f8e
                                                                  0x00402f90
                                                                  0x00402f95
                                                                  0x00402f98
                                                                  0x00402fab
                                                                  0x00402faf
                                                                  0x00402fb7
                                                                  0x00402fbc
                                                                  0x00402fbe
                                                                  0x00402fbe
                                                                  0x00402fbe
                                                                  0x00402fc6
                                                                  0x00402fc6
                                                                  0x00402fc9
                                                                  0x00402fca
                                                                  0x00402fca
                                                                  0x00402fcd
                                                                  0x00402fcf
                                                                  0x00402fcf
                                                                  0x00402fcf
                                                                  0x00402fd9
                                                                  0x00402fdf
                                                                  0x00402fed
                                                                  0x00402ff2
                                                                  0x00000000
                                                                  0x00402ff2
                                                                  0x00000000
                                                                  0x00402f98
                                                                  0x00402f52
                                                                  0x00402f5d
                                                                  0x00402f62
                                                                  0x00402f64
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00402f69
                                                                  0x00402f6c
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00402e52
                                                                  0x00402e57
                                                                  0x00402e5c
                                                                  0x00402e60
                                                                  0x00402e67
                                                                  0x00402e6c
                                                                  0x00402e6e
                                                                  0x00402e70
                                                                  0x00402e70
                                                                  0x00402e74
                                                                  0x00402e79
                                                                  0x00402e7b
                                                                  0x00402fa3
                                                                  0x00402f9a
                                                                  0x00000000
                                                                  0x00402f9a
                                                                  0x00402e81
                                                                  0x00402e88
                                                                  0x00402f04
                                                                  0x00402f08
                                                                  0x00402f0c
                                                                  0x00402f11
                                                                  0x00000000
                                                                  0x00402f08
                                                                  0x00402e91
                                                                  0x00402e96
                                                                  0x00402e99
                                                                  0x00402e9e
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00402ea0
                                                                  0x00402ea7
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00402ea9
                                                                  0x00402eb0
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00402eb2
                                                                  0x00402eb9
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00402ebb
                                                                  0x00402ec2
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00402ec4
                                                                  0x00402eca
                                                                  0x00402ed3
                                                                  0x00402ed9
                                                                  0x00402edc
                                                                  0x00402ede
                                                                  0x00402ee4
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00402eea
                                                                  0x00402eee
                                                                  0x00402ef6
                                                                  0x00402ef6
                                                                  0x00402ef9
                                                                  0x00402ef9
                                                                  0x00402efc
                                                                  0x00402efe
                                                                  0x00402f00
                                                                  0x00402f00
                                                                  0x00000000
                                                                  0x00402efe
                                                                  0x00402ef0
                                                                  0x00402ef4
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00402f12
                                                                  0x00402f12
                                                                  0x00402f18
                                                                  0x00402f24
                                                                  0x00402f24
                                                                  0x00402f27
                                                                  0x00402f2d
                                                                  0x00402f2d
                                                                  0x00402f2d
                                                                  0x00402f35
                                                                  0x00402f35
                                                                  0x00000000
                                                                  0x00402f35

                                                                  APIs
                                                                  • GetTickCount.KERNEL32 ref: 00402DD5
                                                                  • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\SetupWIService.exe,00000400), ref: 00402DF1
                                                                    • Part of subcall function 00405BA9: GetFileAttributesA.KERNELBASE(00000003,00402E04,C:\Users\user\Desktop\SetupWIService.exe,80000000,00000003), ref: 00405BAD
                                                                    • Part of subcall function 00405BA9: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405BCF
                                                                  • GetFileSize.KERNEL32(00000000,00000000,SetupWIService.exe,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\SetupWIService.exe,C:\Users\user\Desktop\SetupWIService.exe,80000000,00000003), ref: 00402E3D
                                                                  • GlobalAlloc.KERNELBASE(00000040,00000020), ref: 00402F73
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.691031265.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.691022035.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691058909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691080261.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691237627.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691253951.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691263137.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691442975.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                  Similarity
                                                                  • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                                                                  • String ID: TA$"C:\Users\user\Desktop\SetupWIService.exe"$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\SetupWIService.exe$Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error$Null$SetupWIService.exe$soft$xB
                                                                  • API String ID: 2803837635-1581843007
                                                                  • Opcode ID: 3c26cd80f5ca0164e146d59bef7a49d427e8a8d66c9553730fc88e5362c2f084
                                                                  • Instruction ID: 027006cf2d98db9fa9c400e5027e86f3261d974ae097fd254c994c4dc937b6e6
                                                                  • Opcode Fuzzy Hash: 3c26cd80f5ca0164e146d59bef7a49d427e8a8d66c9553730fc88e5362c2f084
                                                                  • Instruction Fuzzy Hash: FF51E471900215ABCB20AF64DE89B9F7BB8EB14359F50403BF500B32D1C6BC9E459AAD
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 00406032 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 199stringCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 431 406032-40603d 432 406050-406066 431->432 433 40603f-40604e 431->433 434 406257-40625b 432->434 435 40606c-406077 432->435 433->432 437 406261-40626b 434->437 438 406089-406093 434->438 435->434 436 40607d-406084 435->436 436->434 440 406276-406277 437->440 441 40626d-406271 call 406010 437->441 438->437 439 406099-4060a0 438->439 442 4060a6-4060da 439->442 443 40624a 439->443 441->440 445 4060e0-4060ea 442->445 446 4061f7-4061fa 442->446 447 406254-406256 443->447 448 40624c-406252 443->448 449 406104 445->449 450 4060ec-4060f0 445->450 451 40622a-40622d 446->451 452 4061fc-4061ff 446->452 447->434 448->434 458 40610b-406112 449->458 450->449 455 4060f2-4060f6 450->455 453 40623b-406248 lstrlenA 451->453 454 40622f-406236 call 406032 451->454 456 406201-40620d call 405f6e 452->456 457 40620f-40621b call 406010 452->457 453->434 454->453 455->449 463 4060f8-4060fc 455->463 467 406220-406226 456->467 457->467 459 406114-406116 458->459 460 406117-406119 458->460 459->460 465 406152-406155 460->465 466 40611b-406136 call 405ef7 460->466 463->449 468 4060fe-406102 463->468 472 406165-406168 465->472 473 406157-406163 GetSystemDirectoryA 465->473 474 40613b-40613e 466->474 467->453 471 406228 467->471 468->458 475 4061ef-4061f5 call 40627a 471->475 477 4061d5-4061d7 472->477 478 40616a-406178 GetWindowsDirectoryA 472->478 476 4061d9-4061dc 473->476 479 406144-40614d call 406032 474->479 480 4061de-4061e2 474->480 475->453 476->475 476->480 477->476 481 40617a-406184 477->481 478->477 479->476 480->475 484 4061e4-4061ea lstrcatA 480->484 486 406186-406189 481->486 487 40619e-4061b4 SHGetSpecialFolderLocation 481->487 484->475 486->487 491 40618b-406192 486->491 488 4061d2 487->488 489 4061b6-4061d0 SHGetPathFromIDListA CoTaskMemFree 487->489 488->477 489->476 489->488 492 40619a-40619c 491->492 492->476 492->487
                                                                  C-Code - Quality: 72%
                                                                  			E00406032(void* __ebx, void* __edi, void* __esi, signed int _a4, signed int _a8) {
				struct _ITEMIDLIST* _v8;
				char _v12;
				signed int _v16;
				signed char _v20;
				signed int _v24;
				signed char _v28;
				signed int _t38;
				CHAR* _t39;
				signed int _t41;
				char _t52;
				char _t53;
				char _t55;
				char _t57;
				void* _t65;
				char* _t66;
				signed int _t80;
				intOrPtr _t86;
				char _t88;
				void* _t89;
				CHAR* _t90;
				void* _t92;
				signed int _t97;
				signed int _t99;
				void* _t100;

				_t92 = __esi;
				_t89 = __edi;
				_t65 = __ebx;
				_t38 = _a8;
				if(_t38 < 0) {
					_t86 =  *0x42ebdc; // 0x82e563
					_t38 =  *(_t86 - 4 + _t38 * 4);
				}
				_push(_t65);
				_push(_t92);
				_push(_t89);
				_t66 = _t38 +  *0x42f458;
				_t39 = 0x42e3a0;
				_t90 = 0x42e3a0;
				if(_a4 >= 0x42e3a0 && _a4 - 0x42e3a0 < 0x800) {
					_t90 = _a4;
					_a4 = _a4 & 0x00000000;
				}
				while(1) {
					_t88 =  *_t66;
					if(_t88 == 0) {
						break;
					}
					__eflags = _t90 - _t39 - 0x400;
					if(_t90 - _t39 >= 0x400) {
						break;
					}
					_t66 = _t66 + 1;
					__eflags = _t88 - 4;
					_a8 = _t66;
					if(__eflags >= 0) {
						if(__eflags != 0) {
							 *_t90 = _t88;
							_t90 =  &(_t90[1]);
							__eflags = _t90;
						} else {
							 *_t90 =  *_t66;
							_t90 =  &(_t90[1]);
							_t66 = _t66 + 1;
						}
						continue;
					}
					_t41 =  *((char*)(_t66 + 1));
					_t80 =  *_t66;
					_t97 = (_t41 & 0x0000007f) << 0x00000007 | _t80 & 0x0000007f;
					_v24 = _t80;
					_v28 = _t80 | 0x00000080;
					_v16 = _t41;
					_v20 = _t41 | 0x00000080;
					_t66 = _a8 + 2;
					__eflags = _t88 - 2;
					if(_t88 != 2) {
						__eflags = _t88 - 3;
						if(_t88 != 3) {
							__eflags = _t88 - 1;
							if(_t88 == 1) {
								__eflags = (_t41 | 0xffffffff) - _t97;
								E00406032(_t66, _t90, _t97, _t90, (_t41 | 0xffffffff) - _t97);
							}
							L42:
							_t90 =  &(_t90[lstrlenA(_t90)]);
							_t39 = 0x42e3a0;
							continue;
						}
						__eflags = _t97 - 0x1d;
						if(_t97 != 0x1d) {
							__eflags = (_t97 << 0xa) + 0x430000;
							E00406010(_t90, (_t97 << 0xa) + 0x430000);
						} else {
							E00405F6E(_t90,  *0x42f408);
						}
						__eflags = _t97 + 0xffffffeb - 7;
						if(_t97 + 0xffffffeb < 7) {
							L33:
							E0040627A(_t90);
						}
						goto L42;
					}
					_t52 =  *0x42f40c;
					__eflags = _t52;
					_t99 = 2;
					if(_t52 >= 0) {
						L13:
						_a8 = 1;
						L14:
						__eflags =  *0x42f4a4;
						if( *0x42f4a4 != 0) {
							_t99 = 4;
						}
						__eflags = _t80;
						if(__eflags >= 0) {
							__eflags = _t80 - 0x25;
							if(_t80 != 0x25) {
								__eflags = _t80 - 0x24;
								if(_t80 == 0x24) {
									GetWindowsDirectoryA(_t90, 0x400);
									_t99 = 0;
								}
								while(1) {
									__eflags = _t99;
									if(_t99 == 0) {
										goto L30;
									}
									_t53 =  *0x42f404;
									_t99 = _t99 - 1;
									__eflags = _t53;
									if(_t53 == 0) {
										L26:
										_t55 = SHGetSpecialFolderLocation( *0x42f408,  *(_t100 + _t99 * 4 - 0x18),  &_v8);
										__eflags = _t55;
										if(_t55 != 0) {
											L28:
											 *_t90 =  *_t90 & 0x00000000;
											__eflags =  *_t90;
											continue;
										}
										__imp__SHGetPathFromIDListA(_v8, _t90);
										_v12 = _t55;
										__imp__CoTaskMemFree(_v8);
										__eflags = _v12;
										if(_v12 != 0) {
											goto L30;
										}
										goto L28;
									}
									__eflags = _a8;
									if(_a8 == 0) {
										goto L26;
									}
									_t57 =  *_t53( *0x42f408,  *(_t100 + _t99 * 4 - 0x18), 0, 0, _t90); // executed
									__eflags = _t57;
									if(_t57 == 0) {
										goto L30;
									}
									goto L26;
								}
								goto L30;
							}
							GetSystemDirectoryA(_t90, 0x400);
							goto L30;
						} else {
							E00405EF7((_t80 & 0x0000003f) +  *0x42f458, __eflags, 0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion", (_t80 & 0x0000003f) +  *0x42f458, _t90, _t80 & 0x00000040); // executed
							__eflags =  *_t90;
							if( *_t90 != 0) {
								L31:
								__eflags = _v16 - 0x1a;
								if(_v16 == 0x1a) {
									lstrcatA(_t90, "\\Microsoft\\Internet Explorer\\Quick Launch");
								}
								goto L33;
							}
							E00406032(_t66, _t90, _t99, _t90, _v16);
							L30:
							__eflags =  *_t90;
							if( *_t90 == 0) {
								goto L33;
							}
							goto L31;
						}
					}
					__eflags = _t52 - 0x5a04;
					if(_t52 == 0x5a04) {
						goto L13;
					}
					__eflags = _v16 - 0x23;
					if(_v16 == 0x23) {
						goto L13;
					}
					__eflags = _v16 - 0x2e;
					if(_v16 == 0x2e) {
						goto L13;
					} else {
						_a8 = _a8 & 0x00000000;
						goto L14;
					}
				}
				 *_t90 =  *_t90 & 0x00000000;
				if(_a4 == 0) {
					return _t39;
				}
				return E00406010(_a4, _t39);
			}



























                                                                  0x00406032
                                                                  0x00406032
                                                                  0x00406032
                                                                  0x00406038
                                                                  0x0040603d
                                                                  0x0040603f
                                                                  0x0040604e
                                                                  0x0040604e
                                                                  0x00406056
                                                                  0x00406057
                                                                  0x00406058
                                                                  0x00406059
                                                                  0x0040605c
                                                                  0x00406064
                                                                  0x00406066
                                                                  0x0040607d
                                                                  0x00406080
                                                                  0x00406080
                                                                  0x00406257
                                                                  0x00406257
                                                                  0x0040625b
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x0040608d
                                                                  0x00406093
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00406099
                                                                  0x0040609a
                                                                  0x0040609d
                                                                  0x004060a0
                                                                  0x0040624a
                                                                  0x00406254
                                                                  0x00406256
                                                                  0x00406256
                                                                  0x0040624c
                                                                  0x0040624e
                                                                  0x00406250
                                                                  0x00406251
                                                                  0x00406251
                                                                  0x00000000
                                                                  0x0040624a
                                                                  0x004060a6
                                                                  0x004060aa
                                                                  0x004060ba
                                                                  0x004060c1
                                                                  0x004060c4
                                                                  0x004060cc
                                                                  0x004060cf
                                                                  0x004060d6
                                                                  0x004060d7
                                                                  0x004060da
                                                                  0x004061f7
                                                                  0x004061fa
                                                                  0x0040622a
                                                                  0x0040622d
                                                                  0x00406232
                                                                  0x00406236
                                                                  0x00406236
                                                                  0x0040623b
                                                                  0x00406241
                                                                  0x00406243
                                                                  0x00000000
                                                                  0x00406243
                                                                  0x004061fc
                                                                  0x004061ff
                                                                  0x00406214
                                                                  0x0040621b
                                                                  0x00406201
                                                                  0x00406208
                                                                  0x00406208
                                                                  0x00406223
                                                                  0x00406226
                                                                  0x004061ef
                                                                  0x004061f0
                                                                  0x004061f0
                                                                  0x00000000
                                                                  0x00406226
                                                                  0x004060e0
                                                                  0x004060e7
                                                                  0x004060e9
                                                                  0x004060ea
                                                                  0x00406104
                                                                  0x00406104
                                                                  0x0040610b
                                                                  0x0040610b
                                                                  0x00406112
                                                                  0x00406116
                                                                  0x00406116
                                                                  0x00406117
                                                                  0x00406119
                                                                  0x00406152
                                                                  0x00406155
                                                                  0x00406165
                                                                  0x00406168
                                                                  0x00406170
                                                                  0x00406176
                                                                  0x00406176
                                                                  0x004061d5
                                                                  0x004061d5
                                                                  0x004061d7
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x0040617a
                                                                  0x00406181
                                                                  0x00406182
                                                                  0x00406184
                                                                  0x0040619e
                                                                  0x004061ac
                                                                  0x004061b2
                                                                  0x004061b4
                                                                  0x004061d2
                                                                  0x004061d2
                                                                  0x004061d2
                                                                  0x00000000
                                                                  0x004061d2
                                                                  0x004061ba
                                                                  0x004061c3
                                                                  0x004061c6
                                                                  0x004061cc
                                                                  0x004061d0
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x004061d0
                                                                  0x00406186
                                                                  0x00406189
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00406198
                                                                  0x0040619a
                                                                  0x0040619c
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x0040619c
                                                                  0x00000000
                                                                  0x004061d5
                                                                  0x0040615d
                                                                  0x00000000
                                                                  0x0040611b
                                                                  0x00406136
                                                                  0x0040613b
                                                                  0x0040613e
                                                                  0x004061de
                                                                  0x004061de
                                                                  0x004061e2
                                                                  0x004061ea
                                                                  0x004061ea
                                                                  0x00000000
                                                                  0x004061e2
                                                                  0x00406148
                                                                  0x004061d9
                                                                  0x004061d9
                                                                  0x004061dc
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x004061dc
                                                                  0x00406119
                                                                  0x004060ec
                                                                  0x004060f0
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x004060f2
                                                                  0x004060f6
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x004060f8
                                                                  0x004060fc
                                                                  0x00000000
                                                                  0x004060fe
                                                                  0x004060fe
                                                                  0x00000000
                                                                  0x004060fe
                                                                  0x004060fc
                                                                  0x00406261
                                                                  0x0040626b
                                                                  0x00406277
                                                                  0x00406277
                                                                  0x00000000

                                                                  APIs
                                                                  • GetSystemDirectoryA.KERNEL32 ref: 0040615D
                                                                  • GetWindowsDirectoryA.KERNEL32(: Completed,00000400,?,Completed,00000000,0040516F,Completed,00000000), ref: 00406170
                                                                  • SHGetSpecialFolderLocation.SHELL32(0040516F,7476EA30,?,Completed,00000000,0040516F,Completed,00000000), ref: 004061AC
                                                                  • SHGetPathFromIDListA.SHELL32(7476EA30,: Completed), ref: 004061BA
                                                                  • CoTaskMemFree.OLE32(7476EA30), ref: 004061C6
                                                                  • lstrcatA.KERNEL32(: Completed,\Microsoft\Internet Explorer\Quick Launch), ref: 004061EA
                                                                  • lstrlenA.KERNEL32(: Completed,?,Completed,00000000,0040516F,Completed,00000000,00000000,008A7114,7476EA30), ref: 0040623C
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.691031265.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.691022035.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691058909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691080261.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691237627.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691253951.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691263137.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691442975.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                  Similarity
                                                                  • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskWindowslstrcatlstrlen
                                                                  • String ID: : Completed$Completed$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                  • API String ID: 717251189-905382516
                                                                  • Opcode ID: b5f21783dff86301b55f28ea11f9c7815398c55a2ca1ca21ed943f87329636d9
                                                                  • Instruction ID: 0eb145c1bee873094c14c85ea59bbbcbcc52f889deb60e0de917f7e6e63be494
                                                                  • Opcode Fuzzy Hash: b5f21783dff86301b55f28ea11f9c7815398c55a2ca1ca21ed943f87329636d9
                                                                  • Instruction Fuzzy Hash: F1610171900114AEDF24AF64CC84BBE3BA5AB15314F52417FE913BA2D2C77C49A2CB5E
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 00401759 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 147stringtimeCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 562 401759-40177c call 402b2c call 405a15 567 401786-401798 call 406010 call 4059a8 lstrcatA 562->567 568 40177e-401784 call 406010 562->568 574 40179d-4017a3 call 40627a 567->574 568->574 578 4017a8-4017ac 574->578 579 4017ae-4017b8 call 406313 578->579 580 4017df-4017e2 578->580 588 4017ca-4017dc 579->588 589 4017ba-4017c8 CompareFileTime 579->589 582 4017e4-4017e5 call 405b84 580->582 583 4017ea-401806 call 405ba9 580->583 582->583 590 401808-40180b 583->590 591 40187e-4018a7 call 405137 call 402ffb 583->591 588->580 589->588 592 401860-40186a call 405137 590->592 593 40180d-40184f call 406010 * 2 call 406032 call 406010 call 40572c 590->593 605 4018a9-4018ad 591->605 606 4018af-4018bb SetFileTime 591->606 603 401873-401879 592->603 593->578 627 401855-401856 593->627 607 4029c1 603->607 605->606 609 4018c1-4018cc FindCloseChangeNotification 605->609 606->609 610 4029c3-4029c7 607->610 612 4018d2-4018d5 609->612 613 4029b8-4029bb 609->613 615 4018d7-4018e8 call 406032 lstrcatA 612->615 616 4018ea-4018ed call 406032 612->616 613->607 621 4018f2-402349 615->621 616->621 625 40234e-402353 621->625 626 402349 call 40572c 621->626 625->610 626->625 627->603 628 401858-401859 627->628 628->592
                                                                  C-Code - Quality: 61%
                                                                  			E00401759(FILETIME* __ebx, void* __eflags) {
				void* _t33;
				void* _t41;
				void* _t43;
				FILETIME* _t49;
				FILETIME* _t62;
				void* _t64;
				signed int _t70;
				FILETIME* _t71;
				FILETIME* _t75;
				signed int _t77;
				void* _t80;
				CHAR* _t82;
				CHAR* _t83;
				void* _t85;

				_t75 = __ebx;
				_t82 = E00402B2C(0x31);
				 *(_t85 - 8) = _t82;
				 *(_t85 + 8) =  *(_t85 - 0x34) & 0x00000007;
				_t33 = E00405A15(_t82);
				_push(_t82);
				_t83 = "\"C:\\Windows\\explorer.exe\" \"C:\\Program Files (x86)\\Wildix\\WIService\\wiservice.exe\"";
				if(_t33 == 0) {
					lstrcatA(E004059A8(E00406010(_t83, "C:\\Program Files (x86)\\Wildix\\WIService")), ??);
				} else {
					E00406010();
				}
				E0040627A(_t83);
				while(1) {
					__eflags =  *(_t85 + 8) - 3;
					if( *(_t85 + 8) >= 3) {
						_t64 = E00406313(_t83);
						_t77 = 0;
						__eflags = _t64 - _t75;
						if(_t64 != _t75) {
							_t71 = _t64 + 0x14;
							__eflags = _t71;
							_t77 = CompareFileTime(_t71, _t85 - 0x28);
						}
						asm("sbb eax, eax");
						_t70 =  ~(( *(_t85 + 8) + 0xfffffffd | 0x80000000) & _t77) + 1;
						__eflags = _t70;
						 *(_t85 + 8) = _t70;
					}
					__eflags =  *(_t85 + 8) - _t75;
					if( *(_t85 + 8) == _t75) {
						E00405B84(_t83);
					}
					__eflags =  *(_t85 + 8) - 1;
					_t41 = E00405BA9(_t83, 0x40000000, (0 |  *(_t85 + 8) != 0x00000001) + 1);
					__eflags = _t41 - 0xffffffff;
					 *(_t85 - 0xc) = _t41;
					if(_t41 != 0xffffffff) {
						break;
					}
					__eflags =  *(_t85 + 8) - _t75;
					if( *(_t85 + 8) != _t75) {
						E00405137(0xffffffe2,  *(_t85 - 8));
						__eflags =  *(_t85 + 8) - 2;
						if(__eflags == 0) {
							 *((intOrPtr*)(_t85 - 4)) = 1;
						}
						L31:
						 *0x42f4a8 =  *0x42f4a8 +  *((intOrPtr*)(_t85 - 4));
						__eflags =  *0x42f4a8;
						goto L32;
					} else {
						E00406010(0x40ac18, 0x430000);
						E00406010(0x430000, _t83);
						E00406032(_t75, 0x40ac18, _t83, "C:\Program Files (x86)\Wildix\WIService\proxyex.lnk",  *((intOrPtr*)(_t85 - 0x20)));
						E00406010(0x430000, 0x40ac18);
						_t62 = E0040572C("C:\Program Files (x86)\Wildix\WIService\proxyex.lnk",  *(_t85 - 0x34) >> 3) - 4;
						__eflags = _t62;
						if(_t62 == 0) {
							continue;
						} else {
							__eflags = _t62 == 1;
							if(_t62 == 1) {
								 *0x42f4a8 =  &( *0x42f4a8->dwLowDateTime);
								L32:
								_t49 = 0;
								__eflags = 0;
							} else {
								_push(_t83);
								_push(0xfffffffa);
								E00405137();
								L29:
								_t49 = 0x7fffffff;
							}
						}
					}
					L33:
					return _t49;
				}
				E00405137(0xffffffea,  *(_t85 - 8)); // executed
				 *0x42f4d4 =  *0x42f4d4 + 1;
				_push(_t75);
				_push(_t75);
				_push( *(_t85 - 0xc));
				_push( *((intOrPtr*)(_t85 - 0x2c)));
				_t43 = E00402FFB(); // executed
				 *0x42f4d4 =  *0x42f4d4 - 1;
				__eflags =  *(_t85 - 0x28) - 0xffffffff;
				_t80 = _t43;
				if( *(_t85 - 0x28) != 0xffffffff) {
					L22:
					SetFileTime( *(_t85 - 0xc), _t85 - 0x28, _t75, _t85 - 0x28); // executed
				} else {
					__eflags =  *((intOrPtr*)(_t85 - 0x24)) - 0xffffffff;
					if( *((intOrPtr*)(_t85 - 0x24)) != 0xffffffff) {
						goto L22;
					}
				}
				FindCloseChangeNotification( *(_t85 - 0xc)); // executed
				__eflags = _t80 - _t75;
				if(_t80 >= _t75) {
					goto L31;
				} else {
					__eflags = _t80 - 0xfffffffe;
					if(_t80 != 0xfffffffe) {
						E00406032(_t75, _t80, _t83, _t83, 0xffffffee);
					} else {
						E00406032(_t75, _t80, _t83, _t83, 0xffffffe9);
						lstrcatA(_t83,  *(_t85 - 8));
					}
					_push(0x200010);
					_push(_t83);
					E0040572C();
					goto L29;
				}
				goto L33;
			}

















                                                                  0x00401759
                                                                  0x00401760
                                                                  0x00401769
                                                                  0x0040176c
                                                                  0x0040176f
                                                                  0x00401774
                                                                  0x00401775
                                                                  0x0040177c
                                                                  0x00401798
                                                                  0x0040177e
                                                                  0x0040177f
                                                                  0x0040177f
                                                                  0x0040179e
                                                                  0x004017a8
                                                                  0x004017a8
                                                                  0x004017ac
                                                                  0x004017af
                                                                  0x004017b4
                                                                  0x004017b6
                                                                  0x004017b8
                                                                  0x004017bd
                                                                  0x004017bd
                                                                  0x004017c8
                                                                  0x004017c8
                                                                  0x004017d9
                                                                  0x004017db
                                                                  0x004017db
                                                                  0x004017dc
                                                                  0x004017dc
                                                                  0x004017df
                                                                  0x004017e2
                                                                  0x004017e5
                                                                  0x004017e5
                                                                  0x004017ec
                                                                  0x004017fb
                                                                  0x00401800
                                                                  0x00401803
                                                                  0x00401806
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00401808
                                                                  0x0040180b
                                                                  0x00401865
                                                                  0x0040186a
                                                                  0x004015b0
                                                                  0x00402783
                                                                  0x00402783
                                                                  0x004029b8
                                                                  0x004029bb
                                                                  0x004029bb
                                                                  0x00000000
                                                                  0x0040180d
                                                                  0x00401813
                                                                  0x0040181e
                                                                  0x0040182b
                                                                  0x00401836
                                                                  0x0040184c
                                                                  0x0040184c
                                                                  0x0040184f
                                                                  0x00000000
                                                                  0x00401855
                                                                  0x00401855
                                                                  0x00401856
                                                                  0x00401873
                                                                  0x004029c1
                                                                  0x004029c1
                                                                  0x004029c1
                                                                  0x00401858
                                                                  0x00401858
                                                                  0x00401859
                                                                  0x00401492
                                                                  0x0040234e
                                                                  0x0040234e
                                                                  0x0040234e
                                                                  0x00401856
                                                                  0x0040184f
                                                                  0x004029c3
                                                                  0x004029c7
                                                                  0x004029c7
                                                                  0x00401883
                                                                  0x00401888
                                                                  0x0040188e
                                                                  0x0040188f
                                                                  0x00401890
                                                                  0x00401893
                                                                  0x00401896
                                                                  0x0040189b
                                                                  0x004018a1
                                                                  0x004018a5
                                                                  0x004018a7
                                                                  0x004018af
                                                                  0x004018bb
                                                                  0x004018a9
                                                                  0x004018a9
                                                                  0x004018ad
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x004018ad
                                                                  0x004018c4
                                                                  0x004018ca
                                                                  0x004018cc
                                                                  0x00000000
                                                                  0x004018d2
                                                                  0x004018d2
                                                                  0x004018d5
                                                                  0x004018ed
                                                                  0x004018d7
                                                                  0x004018da
                                                                  0x004018e3
                                                                  0x004018e3
                                                                  0x004018f2
                                                                  0x004018f7
                                                                  0x00402349
                                                                  0x00000000
                                                                  0x00402349
                                                                  0x00000000

                                                                  APIs
                                                                  • lstrcatA.KERNEL32(00000000,00000000,"C:\Windows\explorer.exe" "C:\Program Files (x86)\Wildix\WIService\wiservice.exe",C:\Program Files (x86)\Wildix\WIService,00000000,00000000,00000031), ref: 00401798
                                                                  • CompareFileTime.KERNEL32(-00000014,?,"C:\Windows\explorer.exe" "C:\Program Files (x86)\Wildix\WIService\wiservice.exe","C:\Windows\explorer.exe" "C:\Program Files (x86)\Wildix\WIService\wiservice.exe",00000000,00000000,"C:\Windows\explorer.exe" "C:\Program Files (x86)\Wildix\WIService\wiservice.exe",C:\Program Files (x86)\Wildix\WIService,00000000,00000000,00000031), ref: 004017C2
                                                                    • Part of subcall function 00406010: lstrcpynA.KERNEL32(?,?,00000400,0040333D,Wildix WIService v2.15.2 Setup,NSIS Error,?,00000006,00000008,0000000A), ref: 0040601D
                                                                    • Part of subcall function 00405137: lstrlenA.KERNEL32(Completed,00000000,008A7114,7476EA30,?,?,?,?,?,?,?,?,?,00403156,00000000,?), ref: 00405170
                                                                    • Part of subcall function 00405137: lstrlenA.KERNEL32(00403156,Completed,00000000,008A7114,7476EA30,?,?,?,?,?,?,?,?,?,00403156,00000000), ref: 00405180
                                                                    • Part of subcall function 00405137: lstrcatA.KERNEL32(Completed,00403156,00403156,Completed,00000000,008A7114,7476EA30), ref: 00405193
                                                                    • Part of subcall function 00405137: SetWindowTextA.USER32(Completed,Completed), ref: 004051A5
                                                                    • Part of subcall function 00405137: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 004051CB
                                                                    • Part of subcall function 00405137: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 004051E5
                                                                    • Part of subcall function 00405137: SendMessageA.USER32(?,00001013,?,00000000), ref: 004051F3
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.691031265.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.691022035.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691058909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691080261.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691237627.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691253951.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691263137.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691442975.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                  Similarity
                                                                  • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                  • String ID: "C:\Windows\explorer.exe" "C:\Program Files (x86)\Wildix\WIService\wiservice.exe"$C:\Program Files (x86)\Wildix\WIService$C:\Program Files (x86)\Wildix\WIService\proxyex.lnk$C:\Program Files (x86)\Wildix\WIService\proxyex.lnk
                                                                  • API String ID: 1941528284-1728483264
                                                                  • Opcode ID: cc8a64cde302f3a0d7e4e6b58743aafa825bddb27035146b1d963bb07c31155c
                                                                  • Instruction ID: fcac4804817dd72ce497849c2c59a0292666c96c0e268c836f952ab8254f0f2b
                                                                  • Opcode Fuzzy Hash: cc8a64cde302f3a0d7e4e6b58743aafa825bddb27035146b1d963bb07c31155c
                                                                  • Instruction Fuzzy Hash: 5941E571900114BACF10BBB5CD45E9F3A79EF45369F20823BF412F20E2DA7C8A519A6D
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 00405137 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 73stringwindowCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 629 405137-40514c 630 405202-405206 629->630 631 405152-405164 629->631 632 405166-40516a call 406032 631->632 633 40516f-40517b lstrlenA 631->633 632->633 635 405198-40519c 633->635 636 40517d-40518d lstrlenA 633->636 638 4051ab-4051af 635->638 639 40519e-4051a5 SetWindowTextA 635->639 636->630 637 40518f-405193 lstrcatA 636->637 637->635 640 4051b1-4051f3 SendMessageA * 3 638->640 641 4051f5-4051f7 638->641 639->638 640->641 641->630 642 4051f9-4051fc 641->642 642->630
                                                                  C-Code - Quality: 100%
                                                                  			E00405137(CHAR* _a4, CHAR* _a8) {
				struct HWND__* _v8;
				signed int _v12;
				CHAR* _v32;
				long _v44;
				int _v48;
				void* _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				CHAR* _t26;
				signed int _t27;
				CHAR* _t28;
				long _t29;
				signed int _t39;

				_t26 =  *0x42ebe4; // 0x10436
				_v8 = _t26;
				if(_t26 != 0) {
					_t27 =  *0x42f4d4;
					_v12 = _t27;
					_t39 = _t27 & 0x00000001;
					if(_t39 == 0) {
						E00406032(0, _t39, 0x42a050, 0x42a050, _a4);
					}
					_t26 = lstrlenA(0x42a050);
					_a4 = _t26;
					if(_a8 == 0) {
						L6:
						if((_v12 & 0x00000004) == 0) {
							_t26 = SetWindowTextA( *0x42ebc8, 0x42a050); // executed
						}
						if((_v12 & 0x00000002) == 0) {
							_v32 = 0x42a050;
							_v52 = 1;
							_t29 = SendMessageA(_v8, 0x1004, 0, 0); // executed
							_v44 = 0;
							_v48 = _t29 - _t39;
							SendMessageA(_v8, 0x1007 - _t39, 0,  &_v52); // executed
							_t26 = SendMessageA(_v8, 0x1013, _v48, 0); // executed
						}
						if(_t39 != 0) {
							_t28 = _a4;
							 *((char*)(_t28 + 0x42a050)) = 0;
							return _t28;
						}
					} else {
						_t26 =  &(_a4[lstrlenA(_a8)]);
						if(_t26 < 0x800) {
							_t26 = lstrcatA(0x42a050, _a8);
							goto L6;
						}
					}
				}
				return _t26;
			}

















                                                                  0x0040513d
                                                                  0x00405149
                                                                  0x0040514c
                                                                  0x00405152
                                                                  0x0040515e
                                                                  0x00405161
                                                                  0x00405164
                                                                  0x0040516a
                                                                  0x0040516a
                                                                  0x00405170
                                                                  0x00405178
                                                                  0x0040517b
                                                                  0x00405198
                                                                  0x0040519c
                                                                  0x004051a5
                                                                  0x004051a5
                                                                  0x004051af
                                                                  0x004051b8
                                                                  0x004051c4
                                                                  0x004051cb
                                                                  0x004051cf
                                                                  0x004051d2
                                                                  0x004051e5
                                                                  0x004051f3
                                                                  0x004051f3
                                                                  0x004051f7
                                                                  0x004051f9
                                                                  0x004051fc
                                                                  0x00000000
                                                                  0x004051fc
                                                                  0x0040517d
                                                                  0x00405185
                                                                  0x0040518d
                                                                  0x00405193
                                                                  0x00000000
                                                                  0x00405193
                                                                  0x0040518d
                                                                  0x0040517b
                                                                  0x00405206

                                                                  APIs
                                                                  • lstrlenA.KERNEL32(Completed,00000000,008A7114,7476EA30,?,?,?,?,?,?,?,?,?,00403156,00000000,?), ref: 00405170
                                                                  • lstrlenA.KERNEL32(00403156,Completed,00000000,008A7114,7476EA30,?,?,?,?,?,?,?,?,?,00403156,00000000), ref: 00405180
                                                                  • lstrcatA.KERNEL32(Completed,00403156,00403156,Completed,00000000,008A7114,7476EA30), ref: 00405193
                                                                  • SetWindowTextA.USER32(Completed,Completed), ref: 004051A5
                                                                  • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 004051CB
                                                                  • SendMessageA.USER32(?,00001007,00000000,00000001), ref: 004051E5
                                                                  • SendMessageA.USER32(?,00001013,?,00000000), ref: 004051F3
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.691031265.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.691022035.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691058909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691080261.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691237627.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691253951.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691263137.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691442975.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                  Similarity
                                                                  • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                                  • String ID: Completed
                                                                  • API String ID: 2531174081-3087654605
                                                                  • Opcode ID: 2f522a59394b9be444cbcacf3a1b4d18be92345b96de9eacb0d1f76aaf85f54b
                                                                  • Instruction ID: 7d4789c60296e211bada9a9e2a19d16c38d622f2d1b0cadef69f4b7d7b7d07eb
                                                                  • Opcode Fuzzy Hash: 2f522a59394b9be444cbcacf3a1b4d18be92345b96de9eacb0d1f76aaf85f54b
                                                                  • Instruction Fuzzy Hash: CE21A971900118BFDB119FA5CD85ADEBFA9EF08354F04807AF844A6291C7398E408FA8
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 004055FD Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 39COMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 643 4055fd-405648 CreateDirectoryA 644 40564a-40564c 643->644 645 40564e-40565b GetLastError 643->645 646 405675-405677 644->646 645->646 647 40565d-405671 SetFileSecurityA 645->647 647->644 648 405673 GetLastError 647->648 648->646
                                                                  C-Code - Quality: 100%
                                                                  			E004055FD(CHAR* _a4) {
				struct _SECURITY_ATTRIBUTES _v16;
				struct _SECURITY_DESCRIPTOR _v36;
				int _t22;
				long _t23;

				_v36.Sbz1 = _v36.Sbz1 & 0x00000000;
				_v36.Owner = 0x40837c;
				_v36.Group = 0x40837c;
				_v36.Sacl = _v36.Sacl & 0x00000000;
				_v16.bInheritHandle = _v16.bInheritHandle & 0x00000000;
				_v16.lpSecurityDescriptor =  &_v36;
				_v36.Revision = 1;
				_v36.Control = 4;
				_v36.Dacl = 0x40836c;
				_v16.nLength = 0xc;
				_t22 = CreateDirectoryA(_a4,  &_v16); // executed
				if(_t22 != 0) {
					L1:
					return 0;
				}
				_t23 = GetLastError();
				if(_t23 == 0xb7) {
					if(SetFileSecurityA(_a4, 0x80000007,  &_v36) != 0) {
						goto L1;
					}
					return GetLastError();
				}
				return _t23;
			}







                                                                  0x00405608
                                                                  0x0040560c
                                                                  0x0040560f
                                                                  0x00405615
                                                                  0x00405619
                                                                  0x0040561d
                                                                  0x00405625
                                                                  0x0040562c
                                                                  0x00405632
                                                                  0x00405639
                                                                  0x00405640
                                                                  0x00405648
                                                                  0x0040564a
                                                                  0x00000000
                                                                  0x0040564a
                                                                  0x00405654
                                                                  0x0040565b
                                                                  0x00405671
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00405673
                                                                  0x00405677

                                                                  APIs
                                                                  • CreateDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405640
                                                                  • GetLastError.KERNEL32 ref: 00405654
                                                                  • SetFileSecurityA.ADVAPI32(?,80000007,00000001), ref: 00405669
                                                                  • GetLastError.KERNEL32 ref: 00405673
                                                                  Strings
                                                                  • C:\Users\user\AppData\Local\Temp\, xrefs: 00405623
                                                                  • C:\Users\user\Desktop, xrefs: 004055FD
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.691031265.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.691022035.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691058909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691080261.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691237627.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691253951.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691263137.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691442975.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                  Similarity
                                                                  • API ID: ErrorLast$CreateDirectoryFileSecurity
                                                                  • String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop
                                                                  • API String ID: 3449924974-2028306314
                                                                  • Opcode ID: 3f07113bbed92aa299f899006a5ac68722d9e9d13463f273e10feef126da3ab7
                                                                  • Instruction ID: eb9787142c6b7489d22a19a099e3bfbf20428df61be735a73e08cf58b85abbae
                                                                  • Opcode Fuzzy Hash: 3f07113bbed92aa299f899006a5ac68722d9e9d13463f273e10feef126da3ab7
                                                                  • Instruction Fuzzy Hash: 89010871C00219EAEF009FA1C904BEFBBB8EB14354F00847AD545B6290DB7996088FA9
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 0040633A Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 649 40633a-40635a GetSystemDirectoryA 650 40635c 649->650 651 40635e-406360 649->651 650->651 652 406370-406372 651->652 653 406362-40636a 651->653 655 406373-4063a5 wsprintfA LoadLibraryExA 652->655 653->652 654 40636c-40636e 653->654 654->655
                                                                  C-Code - Quality: 100%
                                                                  			E0040633A(intOrPtr _a4) {
				char _v292;
				int _t10;
				struct HINSTANCE__* _t14;
				void* _t16;
				void* _t21;

				_t10 = GetSystemDirectoryA( &_v292, 0x104);
				if(_t10 > 0x104) {
					_t10 = 0;
				}
				if(_t10 == 0 ||  *((char*)(_t21 + _t10 - 0x121)) == 0x5c) {
					_t16 = 1;
				} else {
					_t16 = 0;
				}
				_t5 = _t16 + 0x40a014; // 0x5c
				wsprintfA(_t21 + _t10 - 0x120, "%s%s.dll", _t5, _a4);
				_t14 = LoadLibraryExA( &_v292, 0, 8); // executed
				return _t14;
			}








                                                                  0x00406351
                                                                  0x0040635a
                                                                  0x0040635c
                                                                  0x0040635c
                                                                  0x00406360
                                                                  0x00406372
                                                                  0x0040636c
                                                                  0x0040636c
                                                                  0x0040636c
                                                                  0x00406376
                                                                  0x0040638a
                                                                  0x0040639e
                                                                  0x004063a5

                                                                  APIs
                                                                  • GetSystemDirectoryA.KERNEL32 ref: 00406351
                                                                  • wsprintfA.USER32 ref: 0040638A
                                                                  • LoadLibraryExA.KERNELBASE(?,00000000,00000008), ref: 0040639E
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.691031265.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.691022035.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691058909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691080261.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691237627.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691253951.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691263137.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691442975.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                  Similarity
                                                                  • API ID: DirectoryLibraryLoadSystemwsprintf
                                                                  • String ID: %s%s.dll$UXTHEME$\
                                                                  • API String ID: 2200240437-4240819195
                                                                  • Opcode ID: 99878a05f639d6717cee7e73d8174e66263622090e4b33b6bcde024c159c7dc8
                                                                  • Instruction ID: 4d0fdf3fe302aa3e605d302367287b0bc06203fc89102858e08200231af957cf
                                                                  • Opcode Fuzzy Hash: 99878a05f639d6717cee7e73d8174e66263622090e4b33b6bcde024c159c7dc8
                                                                  • Instruction Fuzzy Hash: 9EF0F670510609ABEB24AB74DD0DFEB366CAB08305F14057AAA86E11D1EA78D9358BDC
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 004027A3 Relevance: 9.1, APIs: 6, Instructions: 86memoryfileCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  C-Code - Quality: 38%
                                                                  			E004027A3(void* __ebx, void* __eflags) {
				void* _t26;
				long _t31;
				void* _t32;
				intOrPtr _t39;
				void* _t45;
				void* _t49;
				void* _t51;
				void* _t54;
				void* _t55;
				void* _t56;

				_t45 = __ebx;
				 *((intOrPtr*)(_t56 - 0xc)) = 0xfffffd66;
				_t50 = E00402B2C(0xfffffff0);
				 *(_t56 - 0x4c) = _t23;
				if(E00405A15(_t50) == 0) {
					E00402B2C(0xffffffed);
				}
				E00405B84(_t50);
				_t26 = E00405BA9(_t50, 0x40000000, 2);
				 *(_t56 + 8) = _t26;
				if(_t26 != 0xffffffff) {
					_t31 =  *0x42f418;
					 *(_t56 - 0x1c) = _t31;
					_t32 = GlobalAlloc(0x40, _t31); // executed
					_t49 = _t32;
					if(_t49 != _t45) {
						E00403223(_t45);
						E0040320D(_t49,  *(_t56 - 0x1c));
						_t54 = GlobalAlloc(0x40,  *(_t56 - 0x2c));
						 *(_t56 - 0x10) = _t54;
						if(_t54 != _t45) {
							_push( *(_t56 - 0x2c));
							_push(_t54);
							_push(_t45);
							_push( *((intOrPtr*)(_t56 - 0x30)));
							E00402FFB(); // executed
							while( *_t54 != _t45) {
								_t47 =  *_t54;
								_t55 = _t54 + 8;
								 *(_t56 - 0x48) =  *_t54;
								E00405B64( *((intOrPtr*)(_t54 + 4)) + _t49, _t55, _t47);
								_t54 = _t55 +  *(_t56 - 0x48);
							}
							GlobalFree( *(_t56 - 0x10));
						}
						E00405C50( *(_t56 + 8), _t49,  *(_t56 - 0x1c)); // executed
						GlobalFree(_t49);
						_push(_t45);
						_push(_t45);
						_push( *(_t56 + 8));
						_push(0xffffffff); // executed
						_t39 = E00402FFB(); // executed
						 *((intOrPtr*)(_t56 - 0xc)) = _t39;
					}
					FindCloseChangeNotification( *(_t56 + 8)); // executed
				}
				_t51 = 0xfffffff3;
				if( *((intOrPtr*)(_t56 - 0xc)) < _t45) {
					_t51 = 0xffffffef;
					DeleteFileA( *(_t56 - 0x4c));
					 *((intOrPtr*)(_t56 - 4)) = 1;
				}
				_push(_t51);
				E00401423();
				 *0x42f4a8 =  *0x42f4a8 +  *((intOrPtr*)(_t56 - 4));
				return 0;
			}













                                                                  0x004027a3
                                                                  0x004027a5
                                                                  0x004027b1
                                                                  0x004027b4
                                                                  0x004027be
                                                                  0x004027c2
                                                                  0x004027c2
                                                                  0x004027c8
                                                                  0x004027d5
                                                                  0x004027dd
                                                                  0x004027e0
                                                                  0x004027e6
                                                                  0x004027f4
                                                                  0x004027f7
                                                                  0x004027f9
                                                                  0x004027fd
                                                                  0x00402800
                                                                  0x00402809
                                                                  0x00402815
                                                                  0x00402819
                                                                  0x0040281c
                                                                  0x0040281e
                                                                  0x00402821
                                                                  0x00402822
                                                                  0x00402823
                                                                  0x00402826
                                                                  0x00402845
                                                                  0x0040282d
                                                                  0x00402832
                                                                  0x0040283a
                                                                  0x0040283d
                                                                  0x00402842
                                                                  0x00402842
                                                                  0x0040284c
                                                                  0x0040284c
                                                                  0x00402859
                                                                  0x0040285f
                                                                  0x00402865
                                                                  0x00402866
                                                                  0x00402867
                                                                  0x0040286a
                                                                  0x0040286c
                                                                  0x00402871
                                                                  0x00402871
                                                                  0x00402877
                                                                  0x00402877
                                                                  0x00402882
                                                                  0x00402883
                                                                  0x00402887
                                                                  0x0040288b
                                                                  0x00402891
                                                                  0x00402891
                                                                  0x00402898
                                                                  0x004022a4
                                                                  0x004029bb
                                                                  0x004029c7

                                                                  APIs
                                                                  • GlobalAlloc.KERNELBASE(00000040,?,00000000,40000000,00000002,00000000,00000000,?,?,?,000000F0), ref: 004027F7
                                                                  • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,?,000000F0), ref: 00402813
                                                                  • GlobalFree.KERNEL32 ref: 0040284C
                                                                  • GlobalFree.KERNEL32 ref: 0040285F
                                                                  • FindCloseChangeNotification.KERNELBASE(?,?,?,?,000000F0), ref: 00402877
                                                                  • DeleteFileA.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,?,?,?,000000F0), ref: 0040288B
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.691031265.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.691022035.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691058909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691080261.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691237627.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691253951.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691263137.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691442975.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                  Similarity
                                                                  • API ID: Global$AllocFree$ChangeCloseDeleteFileFindNotification
                                                                  • String ID:
                                                                  • API String ID: 2989416154-0
                                                                  • Opcode ID: d423437e9e5f782c63fddd206f57cae0302ec6232405e06ee6d00e39a8c5ddf5
                                                                  • Instruction ID: 78559feecc0fcc9b474bd36237e9e6194516f5e07b3510cecd676cf0fe7807ca
                                                                  • Opcode Fuzzy Hash: d423437e9e5f782c63fddd206f57cae0302ec6232405e06ee6d00e39a8c5ddf5
                                                                  • Instruction Fuzzy Hash: A4217C72C00224ABCF217FA5CD49DAE7F79EF09364B10823AF520762E1CA7959419F98
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 00402FFB Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 166COMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 691 402ffb-40300f 692 403011 691->692 693 403018-403021 691->693 692->693 694 403023 693->694 695 40302a-40302f 693->695 694->695 696 403031-40303a call 403223 695->696 697 40303f-40304c call 40320d 695->697 696->697 701 403052-403056 697->701 702 4031fb 697->702 703 4031a6-4031a8 701->703 704 40305c-4030a5 GetTickCount 701->704 705 4031fd-4031fe 702->705 706 4031e8-4031eb 703->706 707 4031aa-4031ad 703->707 708 403203 704->708 709 4030ab-4030b3 704->709 710 403206-40320a 705->710 714 4031f0-4031f9 call 40320d 706->714 715 4031ed 706->715 707->708 711 4031af 707->711 708->710 712 4030b5 709->712 713 4030b8-4030c6 call 40320d 709->713 717 4031b2-4031b8 711->717 712->713 713->702 725 4030cc-4030d5 713->725 714->702 723 403200 714->723 715->714 720 4031ba 717->720 721 4031bc-4031ca call 40320d 717->721 720->721 721->702 728 4031cc-4031d1 call 405c50 721->728 723->708 727 4030db-4030fb call 4064cd 725->727 733 403101-403114 GetTickCount 727->733 734 40319e-4031a0 727->734 732 4031d6-4031d8 728->732 735 4031a2-4031a4 732->735 736 4031da-4031e4 732->736 737 403116-40311e 733->737 738 403159-40315b 733->738 734->705 735->705 736->717 741 4031e6 736->741 742 403120-403124 737->742 743 403126-403151 MulDiv wsprintfA call 405137 737->743 739 403192-403196 738->739 740 40315d-403161 738->740 739->709 747 40319c 739->747 745 403163-40316a call 405c50 740->745 746 403178-403183 740->746 741->708 742->738 742->743 748 403156 743->748 751 40316f-403171 745->751 750 403186-40318a 746->750 747->708 748->738 750->727 752 403190 750->752 751->735 753 403173-403176 751->753 752->708 753->750
                                                                  C-Code - Quality: 95%
                                                                  			E00402FFB(int _a4, intOrPtr _a8, intOrPtr _a12, int _a16, signed char _a19) {
				signed int _v8;
				int _v12;
				intOrPtr _v16;
				long _v20;
				intOrPtr _v24;
				char _v88;
				void* _t65;
				void* _t69;
				long _t70;
				intOrPtr _t75;
				long _t76;
				intOrPtr _t77;
				void* _t78;
				int _t88;
				intOrPtr _t92;
				intOrPtr _t95;
				long _t96;
				signed int _t97;
				int _t98;
				int _t99;
				intOrPtr _t100;
				void* _t101;
				void* _t102;

				_t97 = _a16;
				_t92 = _a12;
				_v12 = _t97;
				if(_t92 == 0) {
					_v12 = 0x8000;
				}
				_v8 = _v8 & 0x00000000;
				_v16 = _t92;
				if(_t92 == 0) {
					_v16 = 0x421428;
				}
				_t62 = _a4;
				if(_a4 >= 0) {
					E00403223( *0x42f478 + _t62);
				}
				if(E0040320D( &_a16, 4) == 0) {
					L41:
					_push(0xfffffffd);
					goto L42;
				} else {
					if((_a19 & 0x00000080) == 0) {
						if(_t92 != 0) {
							if(_a16 < _t97) {
								_t97 = _a16;
							}
							if(E0040320D(_t92, _t97) != 0) {
								_v8 = _t97;
								L44:
								return _v8;
							} else {
								goto L41;
							}
						}
						if(_a16 <= _t92) {
							goto L44;
						}
						_t88 = _v12;
						while(1) {
							_t98 = _a16;
							if(_a16 >= _t88) {
								_t98 = _t88;
							}
							if(E0040320D(0x41d428, _t98) == 0) {
								goto L41;
							}
							_t69 = E00405C50(_a8, 0x41d428, _t98); // executed
							if(_t69 == 0) {
								L28:
								_push(0xfffffffe);
								L42:
								_pop(_t65);
								return _t65;
							}
							_v8 = _v8 + _t98;
							_a16 = _a16 - _t98;
							if(_a16 > 0) {
								continue;
							}
							goto L44;
						}
						goto L41;
					}
					_t70 = GetTickCount();
					 *0x40bd8c =  *0x40bd8c & 0x00000000;
					 *0x40bd88 =  *0x40bd88 & 0x00000000;
					_t14 =  &_a16;
					 *_t14 = _a16 & 0x7fffffff;
					_v20 = _t70;
					 *0x40b870 = 8;
					 *0x415418 = 0x40d410;
					 *0x415414 = 0x40d410;
					 *0x415410 = 0x415410;
					_a4 = _a16;
					if( *_t14 <= 0) {
						goto L44;
					} else {
						goto L9;
					}
					while(1) {
						L9:
						_t99 = 0x4000;
						if(_a16 < 0x4000) {
							_t99 = _a16;
						}
						if(E0040320D(0x41d428, _t99) == 0) {
							goto L41;
						}
						_a16 = _a16 - _t99;
						 *0x40b860 = 0x41d428;
						 *0x40b864 = _t99;
						while(1) {
							_t95 = _v16;
							 *0x40b868 = _t95;
							 *0x40b86c = _v12;
							_t75 = E004064CD(0x40b860);
							_v24 = _t75;
							if(_t75 < 0) {
								break;
							}
							_t100 =  *0x40b868; // 0x8a7114
							_t101 = _t100 - _t95;
							_t76 = GetTickCount();
							_t96 = _t76;
							if(( *0x42f4d4 & 0x00000001) != 0 && (_t76 - _v20 > 0xc8 || _a16 == 0)) {
								wsprintfA( &_v88, "... %d%%", MulDiv(_a4 - _a16, 0x64, _a4));
								_t102 = _t102 + 0xc;
								E00405137(0,  &_v88); // executed
								_v20 = _t96;
							}
							if(_t101 == 0) {
								if(_a16 > 0) {
									goto L9;
								}
								goto L44;
							} else {
								if(_a12 != 0) {
									_t77 =  *0x40b868; // 0x8a7114
									_v8 = _v8 + _t101;
									_v12 = _v12 - _t101;
									_v16 = _t77;
									L23:
									if(_v24 != 1) {
										continue;
									}
									goto L44;
								}
								_t78 = E00405C50(_a8, _v16, _t101); // executed
								if(_t78 == 0) {
									goto L28;
								}
								_v8 = _v8 + _t101;
								goto L23;
							}
						}
						_push(0xfffffffc);
						goto L42;
					}
					goto L41;
				}
			}


























                                                                  0x00403003
                                                                  0x00403007
                                                                  0x0040300a
                                                                  0x0040300f
                                                                  0x00403011
                                                                  0x00403011
                                                                  0x00403018
                                                                  0x0040301c
                                                                  0x00403021
                                                                  0x00403023
                                                                  0x00403023
                                                                  0x0040302a
                                                                  0x0040302f
                                                                  0x0040303a
                                                                  0x0040303a
                                                                  0x0040304c
                                                                  0x004031fb
                                                                  0x004031fb
                                                                  0x00000000
                                                                  0x00403052
                                                                  0x00403056
                                                                  0x004031a8
                                                                  0x004031eb
                                                                  0x004031ed
                                                                  0x004031ed
                                                                  0x004031f9
                                                                  0x00403200
                                                                  0x00403203
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x004031f9
                                                                  0x004031ad
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x004031af
                                                                  0x004031b2
                                                                  0x004031b5
                                                                  0x004031b8
                                                                  0x004031ba
                                                                  0x004031ba
                                                                  0x004031ca
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x004031d1
                                                                  0x004031d8
                                                                  0x004031a2
                                                                  0x004031a2
                                                                  0x004031fd
                                                                  0x004031fd
                                                                  0x00000000
                                                                  0x004031fd
                                                                  0x004031da
                                                                  0x004031dd
                                                                  0x004031e4
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x004031e6
                                                                  0x00000000
                                                                  0x004031b2
                                                                  0x00403062
                                                                  0x00403064
                                                                  0x0040306b
                                                                  0x00403072
                                                                  0x00403072
                                                                  0x00403079
                                                                  0x00403081
                                                                  0x0040308b
                                                                  0x00403090
                                                                  0x00403098
                                                                  0x004030a2
                                                                  0x004030a5
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x004030ab
                                                                  0x004030ab
                                                                  0x004030ab
                                                                  0x004030b3
                                                                  0x004030b5
                                                                  0x004030b5
                                                                  0x004030c6
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x004030cc
                                                                  0x004030cf
                                                                  0x004030d5
                                                                  0x004030db
                                                                  0x004030db
                                                                  0x004030e6
                                                                  0x004030ec
                                                                  0x004030f1
                                                                  0x004030f8
                                                                  0x004030fb
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00403101
                                                                  0x00403107
                                                                  0x00403109
                                                                  0x00403112
                                                                  0x00403114
                                                                  0x00403142
                                                                  0x00403148
                                                                  0x00403151
                                                                  0x00403156
                                                                  0x00403156
                                                                  0x0040315b
                                                                  0x00403196
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x0040315d
                                                                  0x00403161
                                                                  0x00403178
                                                                  0x0040317d
                                                                  0x00403180
                                                                  0x00403183
                                                                  0x00403186
                                                                  0x0040318a
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00403190
                                                                  0x0040316a
                                                                  0x00403171
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00403173
                                                                  0x00000000
                                                                  0x00403173
                                                                  0x0040315b
                                                                  0x0040319e
                                                                  0x00000000
                                                                  0x0040319e
                                                                  0x00000000
                                                                  0x004030ab

                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.691031265.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.691022035.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691058909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691080261.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691237627.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691253951.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691263137.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691442975.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                  Similarity
                                                                  • API ID: CountTick$wsprintf
                                                                  • String ID: ... %d%%
                                                                  • API String ID: 551687249-2449383134
                                                                  • Opcode ID: fadbfff98126c3f33fc218ff52c7570f2bc54738a50a490896210387b9f65f46
                                                                  • Instruction ID: 2f86f0e091d903dd4c8dc1f0d7d1d97a23866136c8ad304ef4da6da149bc5d25
                                                                  • Opcode Fuzzy Hash: fadbfff98126c3f33fc218ff52c7570f2bc54738a50a490896210387b9f65f46
                                                                  • Instruction Fuzzy Hash: D2518D71801219EBDB10DF65DA44A9E7FB8EF08316F10817BE810B72E1C7789B44CBA9
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 00405BD8 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 33COMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 754 405bd8-405be2 755 405be3-405c0e GetTickCount GetTempFileNameA 754->755 756 405c10-405c12 755->756 757 405c1d-405c1f 755->757 756->755 758 405c14 756->758 759 405c17-405c1a 757->759 758->759
                                                                  C-Code - Quality: 100%
                                                                  			E00405BD8(char _a4, intOrPtr _a6, CHAR* _a8) {
				char _t11;
				signed int _t12;
				int _t15;
				signed int _t17;
				void* _t20;
				CHAR* _t21;

				_t21 = _a4;
				_t20 = 0x64;
				while(1) {
					_t11 =  *0x40a3b4; // 0x61736e
					_t20 = _t20 - 1;
					_a4 = _t11;
					_t12 = GetTickCount();
					_t17 = 0x1a;
					_a6 = _a6 + _t12 % _t17;
					_t15 = GetTempFileNameA(_a8,  &_a4, 0, _t21); // executed
					if(_t15 != 0) {
						break;
					}
					if(_t20 != 0) {
						continue;
					}
					 *_t21 =  *_t21 & 0x00000000;
					return _t15;
				}
				return _t21;
			}









                                                                  0x00405bdc
                                                                  0x00405be2
                                                                  0x00405be3
                                                                  0x00405be3
                                                                  0x00405be8
                                                                  0x00405be9
                                                                  0x00405bec
                                                                  0x00405bf6
                                                                  0x00405c03
                                                                  0x00405c06
                                                                  0x00405c0e
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00405c12
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00405c14
                                                                  0x00000000
                                                                  0x00405c14
                                                                  0x00000000

                                                                  APIs
                                                                  • GetTickCount.KERNEL32 ref: 00405BEC
                                                                  • GetTempFileNameA.KERNELBASE(?,?,00000000,?,?,00000006,00000008,0000000A), ref: 00405C06
                                                                  Strings
                                                                  • C:\Users\user\AppData\Local\Temp\, xrefs: 00405BDB
                                                                  • nsa, xrefs: 00405BE3
                                                                  • "C:\Users\user\Desktop\SetupWIService.exe", xrefs: 00405BD8
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.691031265.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.691022035.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691058909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691080261.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691237627.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691253951.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691263137.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691442975.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                  Similarity
                                                                  • API ID: CountFileNameTempTick
                                                                  • String ID: "C:\Users\user\Desktop\SetupWIService.exe"$C:\Users\user\AppData\Local\Temp\$nsa
                                                                  • API String ID: 1716503409-1085235570
                                                                  • Opcode ID: 81a8a72dc23b4af90602e2553ee1124644ae594fa0167b908fb3a738e8e2aa10
                                                                  • Instruction ID: 7981c9ddf24778652055132877b92488972f9a5eb9cf132aa873dca7e4a118a1
                                                                  • Opcode Fuzzy Hash: 81a8a72dc23b4af90602e2553ee1124644ae594fa0167b908fb3a738e8e2aa10
                                                                  • Instruction Fuzzy Hash: 0FF082363183046BEB109F56DD04B9B7BA9DFD2750F14803BFA489B290D6B4A9548B58
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 00401D41 Relevance: 7.6, APIs: 5, Instructions: 70windowCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 760 401d41-401d45 761 401d54-401d58 GetDlgItem 760->761 762 401d47-401d52 call 402b0a 760->762 764 401d5e-401d87 761->764 762->764 765 401d91 764->765 766 401d89-401d8f call 402b2c 764->766 769 401d95-401de5 GetClientRect LoadImageA SendMessageA 765->769 766->769 771 4029b8-4029c7 769->771 772 401deb-401ded 769->772 772->771 774 401df3-401dfa DeleteObject 772->774 774->771
                                                                  C-Code - Quality: 94%
                                                                  			E00401D41(int __edx) {
				struct HWND__* _t24;
				CHAR* _t30;
				long _t39;
				void* _t40;
				void* _t44;
				signed int _t46;
				int _t50;
				signed int _t53;
				void* _t57;

				_t48 = __edx;
				if(( *(_t57 - 0x2b) & 0x00000001) == 0) {
					_t24 = GetDlgItem( *(_t57 - 8), __edx);
				} else {
					_t24 = E00402B0A(1);
					 *(_t57 - 0x10) = _t48;
				}
				_t46 =  *(_t57 - 0x2c);
				 *(_t57 + 8) = _t24;
				 *(_t57 - 8) = _t46 >> 0x1f;
				_t50 = _t46 & 0x00000003;
				_t53 = _t46 & 0x00000004;
				 *(_t57 - 0x1c) = _t46 >> 0x0000001e & 0x00000001;
				if((_t46 & 0x00010000) == 0) {
					_t30 =  *(_t57 - 0x34) & 0x0000ffff;
				} else {
					_t30 = E00402B2C(_t44);
				}
				 *(_t57 - 0xc) = _t30;
				GetClientRect( *(_t57 + 8), _t57 - 0x58);
				asm("sbb esi, esi");
				_t39 = LoadImageA( ~_t53 &  *0x42f400,  *(_t57 - 0xc), _t50,  *(_t57 - 0x50) *  *(_t57 - 8),  *(_t57 - 0x4c) *  *(_t57 - 0x1c),  *(_t57 - 0x2c) & 0x0000fef0); // executed
				_t40 = SendMessageA( *(_t57 + 8), 0x172, _t50, _t39); // executed
				if(_t40 != _t44 && _t50 == _t44) {
					DeleteObject(_t40);
				}
				 *0x42f4a8 =  *0x42f4a8 +  *((intOrPtr*)(_t57 - 4));
				return 0;
			}












                                                                  0x00401d41
                                                                  0x00401d45
                                                                  0x00401d58
                                                                  0x00401d47
                                                                  0x00401d49
                                                                  0x00401d4f
                                                                  0x00401d4f
                                                                  0x00401d5e
                                                                  0x00401d61
                                                                  0x00401d6b
                                                                  0x00401d72
                                                                  0x00401d78
                                                                  0x00401d84
                                                                  0x00401d87
                                                                  0x00401d91
                                                                  0x00401d89
                                                                  0x00401d8a
                                                                  0x00401d8a
                                                                  0x00401d95
                                                                  0x00401d9f
                                                                  0x00401dc4
                                                                  0x00401dcd
                                                                  0x00401ddd
                                                                  0x00401de5
                                                                  0x00401df4
                                                                  0x00401df4
                                                                  0x004029bb
                                                                  0x004029c7

                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.691031265.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.691022035.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691058909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691080261.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691237627.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691253951.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691263137.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691442975.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                  Similarity
                                                                  • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                  • String ID:
                                                                  • API String ID: 1849352358-0
                                                                  • Opcode ID: 00f1612270fd0f543acd8efcffc28e16e01318b1b3b826732ee9862bf9fbfd2f
                                                                  • Instruction ID: 7a7dd6c208c7a4d57f36c402fdb0fe657614a2e015b6db45afd3f1aca9992802
                                                                  • Opcode Fuzzy Hash: 00f1612270fd0f543acd8efcffc28e16e01318b1b3b826732ee9862bf9fbfd2f
                                                                  • Instruction Fuzzy Hash: 30215172E00109AFDB05DF98DE44AEEBBB9FB58310F10403AF945F62A1CB789941CB58
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 00401C0A Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 59%
                                                                  			E00401C0A(intOrPtr __edx) {
				int _t29;
				long _t30;
				signed int _t32;
				CHAR* _t35;
				long _t36;
				int _t41;
				signed int _t42;
				int _t46;
				int _t56;
				intOrPtr _t57;
				struct HWND__* _t61;
				void* _t64;

				_t57 = __edx;
				_t29 = E00402B0A(3);
				 *((intOrPtr*)(_t64 - 0x10)) = _t57;
				 *(_t64 - 8) = _t29;
				_t30 = E00402B0A(4);
				 *((intOrPtr*)(_t64 - 0x10)) = _t57;
				 *(_t64 + 8) = _t30;
				if(( *(_t64 - 0x20) & 0x00000001) != 0) {
					 *((intOrPtr*)(__ebp - 8)) = E00402B2C(0x33);
				}
				__eflags =  *(_t64 - 0x20) & 0x00000002;
				if(( *(_t64 - 0x20) & 0x00000002) != 0) {
					 *(_t64 + 8) = E00402B2C(0x44);
				}
				__eflags =  *((intOrPtr*)(_t64 - 0x38)) - 0x21;
				_push(1);
				if(__eflags != 0) {
					_t59 = E00402B2C();
					_t32 = E00402B2C();
					asm("sbb ecx, ecx");
					asm("sbb eax, eax");
					_t35 =  ~( *_t31) & _t59;
					__eflags = _t35;
					_t36 = FindWindowExA( *(_t64 - 8),  *(_t64 + 8), _t35,  ~( *_t32) & _t32);
					goto L10;
				} else {
					_t61 = E00402B0A();
					 *((intOrPtr*)(_t64 - 0x10)) = _t57;
					_t41 = E00402B0A(2);
					 *((intOrPtr*)(_t64 - 0x10)) = _t57;
					_t56 =  *(_t64 - 0x20) >> 2;
					if(__eflags == 0) {
						_t36 = SendMessageA(_t61, _t41,  *(_t64 - 8),  *(_t64 + 8)); // executed
						L10:
						 *(_t64 - 0xc) = _t36;
					} else {
						_t42 = SendMessageTimeoutA(_t61, _t41,  *(_t64 - 8),  *(_t64 + 8), _t46, _t56, _t64 - 0xc);
						asm("sbb eax, eax");
						 *((intOrPtr*)(_t64 - 4)) =  ~_t42 + 1;
					}
				}
				__eflags =  *((intOrPtr*)(_t64 - 0x34)) - _t46;
				if( *((intOrPtr*)(_t64 - 0x34)) >= _t46) {
					_push( *(_t64 - 0xc));
					E00405F6E();
				}
				 *0x42f4a8 =  *0x42f4a8 +  *((intOrPtr*)(_t64 - 4));
				return 0;
			}















                                                                  0x00401c0a
                                                                  0x00401c0c
                                                                  0x00401c13
                                                                  0x00401c16
                                                                  0x00401c19
                                                                  0x00401c23
                                                                  0x00401c27
                                                                  0x00401c2a
                                                                  0x00401c33
                                                                  0x00401c33
                                                                  0x00401c36
                                                                  0x00401c3a
                                                                  0x00401c43
                                                                  0x00401c43
                                                                  0x00401c46
                                                                  0x00401c4a
                                                                  0x00401c4c
                                                                  0x00401ca1
                                                                  0x00401ca3
                                                                  0x00401cac
                                                                  0x00401cb4
                                                                  0x00401cb7
                                                                  0x00401cb7
                                                                  0x00401cc0
                                                                  0x00000000
                                                                  0x00401c4e
                                                                  0x00401c55
                                                                  0x00401c57
                                                                  0x00401c5a
                                                                  0x00401c60
                                                                  0x00401c67
                                                                  0x00401c6a
                                                                  0x00401c92
                                                                  0x00401cc6
                                                                  0x00401cc6
                                                                  0x00401c6c
                                                                  0x00401c7a
                                                                  0x00401c82
                                                                  0x00401c85
                                                                  0x00401c85
                                                                  0x00401c6a
                                                                  0x00401cc9
                                                                  0x00401ccc
                                                                  0x00401cd2
                                                                  0x00402960
                                                                  0x00402960
                                                                  0x004029bb
                                                                  0x004029c7

                                                                  APIs
                                                                  • SendMessageTimeoutA.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C7A
                                                                  • SendMessageA.USER32(00000000,00000000,?,?), ref: 00401C92
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.691031265.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.691022035.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691058909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691080261.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691237627.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691253951.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691263137.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691442975.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                  Similarity
                                                                  • API ID: MessageSend$Timeout
                                                                  • String ID: !
                                                                  • API String ID: 1777923405-2657877971
                                                                  • Opcode ID: d1a5455d7aacc09bf912e97d7887ce2258fe7abf1a6a230a252a42dd7e2e40c1
                                                                  • Instruction ID: f2250e9d7a54984aac42e0f48c7b57cae310fb8b86675e6ff90c870375dfe4cb
                                                                  • Opcode Fuzzy Hash: d1a5455d7aacc09bf912e97d7887ce2258fe7abf1a6a230a252a42dd7e2e40c1
                                                                  • Instruction Fuzzy Hash: 4D216BB1944208BEEF06AFA4D98AAAD7FB5EB44304F10447EF501B61D1C7B88640DB18
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 0040243D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64registrystringCOMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 83%
                                                                  			E0040243D(void* __eax, int __ebx, intOrPtr __edx, void* __eflags) {
				void* _t18;
				void* _t19;
				int _t22;
				long _t23;
				int _t28;
				intOrPtr _t31;
				void* _t32;
				intOrPtr _t35;
				void* _t37;
				void* _t40;

				_t40 = __eflags;
				_t31 = __edx;
				_t28 = __ebx;
				_t35 =  *((intOrPtr*)(_t37 - 0x24));
				_t32 = __eax;
				 *(_t37 - 0x10) =  *(_t37 - 0x20);
				 *(_t37 - 0x4c) = E00402B2C(2);
				_t18 = E00402B2C(0x11);
				 *(_t37 - 4) = 1;
				_t19 = E00402BBC(_t40, _t32, _t18, 2); // executed
				 *(_t37 + 8) = _t19;
				if(_t19 != __ebx) {
					_t22 = 0;
					if(_t35 == 1) {
						E00402B2C(0x23);
						_t22 = lstrlenA(0x40ac18) + 1;
					}
					if(_t35 == 4) {
						 *0x40ac18 = E00402B0A(3);
						 *((intOrPtr*)(_t37 - 0x44)) = _t31;
						_t22 = _t35;
					}
					if(_t35 == 3) {
						_t22 = E00402FFB( *((intOrPtr*)(_t37 - 0x28)), _t28, 0x40ac18, 0xc00);
					}
					_t23 = RegSetValueExA( *(_t37 + 8),  *(_t37 - 0x4c), _t28,  *(_t37 - 0x10), 0x40ac18, _t22); // executed
					if(_t23 == 0) {
						 *(_t37 - 4) = _t28;
					}
					_push( *(_t37 + 8));
					RegCloseKey(); // executed
				}
				 *0x42f4a8 =  *0x42f4a8 +  *(_t37 - 4);
				return 0;
			}













                                                                  0x0040243d
                                                                  0x0040243d
                                                                  0x0040243d
                                                                  0x0040243d
                                                                  0x00402440
                                                                  0x00402447
                                                                  0x00402451
                                                                  0x00402454
                                                                  0x0040245d
                                                                  0x00402464
                                                                  0x0040246b
                                                                  0x0040246e
                                                                  0x00402474
                                                                  0x0040247e
                                                                  0x00402482
                                                                  0x0040248d
                                                                  0x0040248d
                                                                  0x00402491
                                                                  0x0040249b
                                                                  0x004024a1
                                                                  0x004024a4
                                                                  0x004024a4
                                                                  0x004024a8
                                                                  0x004024b4
                                                                  0x004024b4
                                                                  0x004024c5
                                                                  0x004024cd
                                                                  0x004024cf
                                                                  0x004024cf
                                                                  0x004024d2
                                                                  0x004025a9
                                                                  0x004025a9
                                                                  0x004029bb
                                                                  0x004029c7

                                                                  APIs
                                                                  • lstrlenA.KERNEL32(C:\Program Files (x86)\Wildix\WIService\proxyex.lnk,00000023,00000011,00000002), ref: 00402488
                                                                  • RegSetValueExA.KERNELBASE(?,?,?,?,C:\Program Files (x86)\Wildix\WIService\proxyex.lnk,00000000,00000011,00000002), ref: 004024C5
                                                                  • RegCloseKey.KERNELBASE(?,?,?,C:\Program Files (x86)\Wildix\WIService\proxyex.lnk,00000000,00000011,00000002), ref: 004025A9
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.691031265.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.691022035.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691058909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691080261.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691237627.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691253951.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691263137.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691442975.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                  Similarity
                                                                  • API ID: CloseValuelstrlen
                                                                  • String ID: C:\Program Files (x86)\Wildix\WIService\proxyex.lnk
                                                                  • API String ID: 2655323295-2130598922
                                                                  • Opcode ID: 220cfe30d1646cf9600db30c69b26d3c8c914c002f0e367b9718bea176d4d9e9
                                                                  • Instruction ID: 559559637a649bcd28a1cc64439ef7fed2494afba8ff337a7fe29a68e97d1b61
                                                                  • Opcode Fuzzy Hash: 220cfe30d1646cf9600db30c69b26d3c8c914c002f0e367b9718bea176d4d9e9
                                                                  • Instruction Fuzzy Hash: 26115E71E00218AFEB01AFA58E49EAE7AB4EB48314F21443BF504B71C1D6F95D419B68
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 00405A96 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 46stringCOMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 53%
                                                                  			E00405A96(void* __eflags, intOrPtr _a4) {
				int _t11;
				signed char* _t12;
				long _t16;
				intOrPtr _t18;
				intOrPtr* _t21;
				void* _t22;

				E00406010(0x42bc78, _a4);
				_t21 = E00405A41(0x42bc78);
				if(_t21 != 0) {
					E0040627A(_t21);
					if(( *0x42f41c & 0x00000080) == 0) {
						L5:
						_t22 = _t21 - 0x42bc78;
						while(1) {
							_t11 = lstrlenA(0x42bc78);
							_push(0x42bc78);
							if(_t11 <= _t22) {
								break;
							}
							_t12 = E00406313();
							if(_t12 == 0 || ( *_t12 & 0x00000010) != 0) {
								E004059EF(0x42bc78);
								continue;
							} else {
								goto L1;
							}
						}
						E004059A8();
						_t16 = GetFileAttributesA(??); // executed
						return 0 | _t16 != 0xffffffff;
					}
					_t18 =  *_t21;
					if(_t18 == 0 || _t18 == 0x5c) {
						goto L1;
					} else {
						goto L5;
					}
				}
				L1:
				return 0;
			}









                                                                  0x00405aa2
                                                                  0x00405aad
                                                                  0x00405ab1
                                                                  0x00405ab8
                                                                  0x00405ac4
                                                                  0x00405ad0
                                                                  0x00405ad0
                                                                  0x00405ae8
                                                                  0x00405ae9
                                                                  0x00405af0
                                                                  0x00405af1
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00405ad4
                                                                  0x00405adb
                                                                  0x00405ae3
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00405adb
                                                                  0x00405af3
                                                                  0x00405af9
                                                                  0x00000000
                                                                  0x00405b07
                                                                  0x00405ac6
                                                                  0x00405aca
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00405aca
                                                                  0x00405ab3
                                                                  0x00000000

                                                                  APIs
                                                                    • Part of subcall function 00406010: lstrcpynA.KERNEL32(?,?,00000400,0040333D,Wildix WIService v2.15.2 Setup,NSIS Error,?,00000006,00000008,0000000A), ref: 0040601D
                                                                    • Part of subcall function 00405A41: CharNextA.USER32(?,?,C:\,?,00405AAD,C:\,C:\,7476FA90,?,C:\Users\user\AppData\Local\Temp\,004057F8,?,7476FA90,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405A4F
                                                                    • Part of subcall function 00405A41: CharNextA.USER32(00000000), ref: 00405A54
                                                                    • Part of subcall function 00405A41: CharNextA.USER32(00000000), ref: 00405A68
                                                                  • lstrlenA.KERNEL32(C:\,00000000,C:\,C:\,7476FA90,?,C:\Users\user\AppData\Local\Temp\,004057F8,?,7476FA90,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405AE9
                                                                  • GetFileAttributesA.KERNELBASE(C:\,C:\,C:\,C:\,C:\,C:\,00000000,C:\,C:\,7476FA90,?,C:\Users\user\AppData\Local\Temp\,004057F8,?,7476FA90,C:\Users\user\AppData\Local\Temp\), ref: 00405AF9
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.691031265.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.691022035.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691058909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691080261.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691237627.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691253951.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691263137.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691442975.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                  Similarity
                                                                  • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                                                  • String ID: C:\$C:\Users\user\AppData\Local\Temp\
                                                                  • API String ID: 3248276644-3049482934
                                                                  • Opcode ID: a0e90dbc06f1550ade5f4dfcb0fddeac6c7db65a8ba4490088ce0944d0043635
                                                                  • Instruction ID: 19c9bca0149f7da3aa3ccb8fe98c792d35a3de88cc2685bd8f8020a319c38c36
                                                                  • Opcode Fuzzy Hash: a0e90dbc06f1550ade5f4dfcb0fddeac6c7db65a8ba4490088ce0944d0043635
                                                                  • Instruction Fuzzy Hash: 94F0F425305D6116DA22323A5D85AAF2A44CED632471A073BF852B12C3DB3C89439DFE
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 0040206A Relevance: 6.1, APIs: 4, Instructions: 73libraryloaderCOMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 60%
                                                                  			E0040206A(void* __ebx, void* __eflags) {
				struct HINSTANCE__* _t18;
				struct HINSTANCE__* _t26;
				void* _t27;
				struct HINSTANCE__* _t30;
				CHAR* _t32;
				intOrPtr* _t33;
				void* _t34;

				_t27 = __ebx;
				asm("sbb eax, 0x42f4d8");
				 *(_t34 - 4) = 1;
				if(__eflags < 0) {
					_push(0xffffffe7);
					L15:
					E00401423();
					L16:
					 *0x42f4a8 =  *0x42f4a8 +  *(_t34 - 4);
					return 0;
				}
				_t32 = E00402B2C(0xfffffff0);
				 *(_t34 + 8) = E00402B2C(1);
				if( *((intOrPtr*)(_t34 - 0x24)) == __ebx) {
					L3:
					_t18 = LoadLibraryExA(_t32, _t27, 8); // executed
					_t30 = _t18;
					if(_t30 == _t27) {
						_push(0xfffffff6);
						goto L15;
					}
					L4:
					_t33 = GetProcAddress(_t30,  *(_t34 + 8));
					if(_t33 == _t27) {
						E00405137(0xfffffff7,  *(_t34 + 8));
					} else {
						 *(_t34 - 4) = _t27;
						if( *((intOrPtr*)(_t34 - 0x2c)) == _t27) {
							 *_t33( *((intOrPtr*)(_t34 - 8)), 0x400, 0x430000, 0x40b858, 0x40a000);
						} else {
							E00401423( *((intOrPtr*)(_t34 - 0x2c)));
							if( *_t33() != 0) {
								 *(_t34 - 4) = 1;
							}
						}
					}
					if( *((intOrPtr*)(_t34 - 0x28)) == _t27 && E004037CD(_t30) != 0) {
						FreeLibrary(_t30); // executed
					}
					goto L16;
				}
				_t26 = GetModuleHandleA(_t32); // executed
				_t30 = _t26;
				if(_t30 != __ebx) {
					goto L4;
				}
				goto L3;
			}










                                                                  0x0040206a
                                                                  0x0040206a
                                                                  0x0040206f
                                                                  0x00402076
                                                                  0x00402131
                                                                  0x004022a4
                                                                  0x004022a4
                                                                  0x004029b8
                                                                  0x004029bb
                                                                  0x004029c7
                                                                  0x004029c7
                                                                  0x00402085
                                                                  0x0040208f
                                                                  0x00402092
                                                                  0x004020a1
                                                                  0x004020a5
                                                                  0x004020ab
                                                                  0x004020af
                                                                  0x0040212a
                                                                  0x00000000
                                                                  0x0040212a
                                                                  0x004020b1
                                                                  0x004020ba
                                                                  0x004020be
                                                                  0x00402102
                                                                  0x004020c0
                                                                  0x004020c3
                                                                  0x004020c6
                                                                  0x004020f6
                                                                  0x004020c8
                                                                  0x004020cb
                                                                  0x004020d4
                                                                  0x004020d6
                                                                  0x004020d6
                                                                  0x004020d4
                                                                  0x004020c6
                                                                  0x0040210a
                                                                  0x0040211f
                                                                  0x0040211f
                                                                  0x00000000
                                                                  0x0040210a
                                                                  0x00402095
                                                                  0x0040209b
                                                                  0x0040209f
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000

                                                                  APIs
                                                                  • GetModuleHandleA.KERNELBASE(00000000,00000001,000000F0), ref: 00402095
                                                                    • Part of subcall function 00405137: lstrlenA.KERNEL32(Completed,00000000,008A7114,7476EA30,?,?,?,?,?,?,?,?,?,00403156,00000000,?), ref: 00405170
                                                                    • Part of subcall function 00405137: lstrlenA.KERNEL32(00403156,Completed,00000000,008A7114,7476EA30,?,?,?,?,?,?,?,?,?,00403156,00000000), ref: 00405180
                                                                    • Part of subcall function 00405137: lstrcatA.KERNEL32(Completed,00403156,00403156,Completed,00000000,008A7114,7476EA30), ref: 00405193
                                                                    • Part of subcall function 00405137: SetWindowTextA.USER32(Completed,Completed), ref: 004051A5
                                                                    • Part of subcall function 00405137: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 004051CB
                                                                    • Part of subcall function 00405137: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 004051E5
                                                                    • Part of subcall function 00405137: SendMessageA.USER32(?,00001013,?,00000000), ref: 004051F3
                                                                  • LoadLibraryExA.KERNELBASE(00000000,?,00000008,00000001,000000F0), ref: 004020A5
                                                                  • GetProcAddress.KERNEL32(00000000,?), ref: 004020B5
                                                                  • FreeLibrary.KERNELBASE(00000000,00000000,000000F7,?,?,00000008,00000001,000000F0), ref: 0040211F
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.691031265.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.691022035.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691058909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691080261.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691237627.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691253951.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691263137.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691442975.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                  Similarity
                                                                  • API ID: MessageSend$Librarylstrlen$AddressFreeHandleLoadModuleProcTextWindowlstrcat
                                                                  • String ID:
                                                                  • API String ID: 2987980305-0
                                                                  • Opcode ID: 532ce0de4b0eb58012e9db3c58e41f5788510b7f5f76953fa1d2d9dfe9513583
                                                                  • Instruction ID: 166643d80e3f452ca3a3677f95ea327ecca8534a485506fba34b2def260d9046
                                                                  • Opcode Fuzzy Hash: 532ce0de4b0eb58012e9db3c58e41f5788510b7f5f76953fa1d2d9dfe9513583
                                                                  • Instruction Fuzzy Hash: EA21C671900214ABCF217FA4CF89AAE7A74AF15318F20413BF601B62D0D6FD49829A5E
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 00402C2E Relevance: 6.1, APIs: 4, Instructions: 63registryCOMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 84%
                                                                  			E00402C2E(void* __eflags, void* _a4, char* _a8, signed int _a12) {
				void* _v8;
				char _v272;
				void* _t19;
				signed int _t25;
				intOrPtr* _t27;
				signed int _t32;
				signed int _t33;
				signed int _t34;

				_t33 = _a12;
				_t34 = _t33 & 0x00000300;
				_t32 = _t33 & 0x00000001;
				_t19 = E00405E96(__eflags, _a4, _a8, _t34 | 0x00000008,  &_v8); // executed
				if(_t19 == 0) {
					while(RegEnumKeyA(_v8, 0,  &_v272, 0x105) == 0) {
						__eflags = _t32;
						if(__eflags != 0) {
							RegCloseKey(_v8);
							return 0x3eb;
						}
						_t25 = E00402C2E(__eflags, _v8,  &_v272, _a12);
						__eflags = _t25;
						if(_t25 != 0) {
							break;
						}
					}
					RegCloseKey(_v8);
					_t27 = E004063A8(3);
					if(_t27 == 0) {
						return RegDeleteKeyA(_a4, _a8);
					}
					return  *_t27(_a4, _a8, _t34, 0);
				}
				return _t19;
			}











                                                                  0x00402c39
                                                                  0x00402c42
                                                                  0x00402c4b
                                                                  0x00402c57
                                                                  0x00402c5e
                                                                  0x00402c82
                                                                  0x00402c68
                                                                  0x00402c6a
                                                                  0x00402cbd
                                                                  0x00000000
                                                                  0x00402cc3
                                                                  0x00402c79
                                                                  0x00402c7e
                                                                  0x00402c80
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00402c80
                                                                  0x00402c9c
                                                                  0x00402ca4
                                                                  0x00402cab
                                                                  0x00000000
                                                                  0x00402cd0
                                                                  0x00000000
                                                                  0x00402cb6
                                                                  0x00402cda

                                                                  APIs
                                                                  • RegEnumKeyA.ADVAPI32(?,00000000,?,00000105), ref: 00402C93
                                                                  • RegCloseKey.ADVAPI32(?,?,?), ref: 00402C9C
                                                                  • RegCloseKey.ADVAPI32(?,?,?), ref: 00402CBD
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.691031265.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.691022035.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691058909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691080261.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691237627.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691253951.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691263137.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691442975.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                  Similarity
                                                                  • API ID: Close$Enum
                                                                  • String ID:
                                                                  • API String ID: 464197530-0
                                                                  • Opcode ID: effb832a44eae474ef75c518ed00afd6638a3a1b55d5a88c518eff5d822b0912
                                                                  • Instruction ID: 2c23bb11d6ae01cf130d195ddd5538b48d854d6e1d77fd04796d14e07e1bb179
                                                                  • Opcode Fuzzy Hash: effb832a44eae474ef75c518ed00afd6638a3a1b55d5a88c518eff5d822b0912
                                                                  • Instruction Fuzzy Hash: 70116A32504109FBEF129F90DF09B9E7B6DEB54340F204036BD45B61E0E7B59E15ABA8
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 004015BB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 87%
                                                                  			E004015BB(char __ebx, void* __eflags) {
				void* _t13;
				int _t19;
				char _t21;
				void* _t22;
				char _t23;
				signed char _t24;
				char _t26;
				CHAR* _t28;
				char* _t32;
				void* _t33;

				_t26 = __ebx;
				_t28 = E00402B2C(0xfffffff0);
				_t13 = E00405A41(_t28);
				_t30 = _t13;
				if(_t13 != __ebx) {
					do {
						_t32 = E004059D3(_t30, 0x5c);
						_t21 =  *_t32;
						 *_t32 = _t26;
						 *((char*)(_t33 + 0xb)) = _t21;
						if(_t21 != _t26) {
							L5:
							_t22 = E0040567A(_t28);
						} else {
							_t39 =  *((intOrPtr*)(_t33 - 0x2c)) - _t26;
							if( *((intOrPtr*)(_t33 - 0x2c)) == _t26 || E00405697(_t39) == 0) {
								goto L5;
							} else {
								_t22 = E004055FD(_t28); // executed
							}
						}
						if(_t22 != _t26) {
							if(_t22 != 0xb7) {
								L9:
								 *((intOrPtr*)(_t33 - 4)) =  *((intOrPtr*)(_t33 - 4)) + 1;
							} else {
								_t24 = GetFileAttributesA(_t28); // executed
								if((_t24 & 0x00000010) == 0) {
									goto L9;
								}
							}
						}
						_t23 =  *((intOrPtr*)(_t33 + 0xb));
						 *_t32 = _t23;
						_t30 = _t32 + 1;
					} while (_t23 != _t26);
				}
				if( *((intOrPtr*)(_t33 - 0x30)) == _t26) {
					_push(0xfffffff5);
					E00401423();
				} else {
					E00401423(0xffffffe6);
					E00406010("C:\\Program Files (x86)\\Wildix\\WIService", _t28);
					_t19 = SetCurrentDirectoryA(_t28); // executed
					if(_t19 == 0) {
						 *((intOrPtr*)(_t33 - 4)) =  *((intOrPtr*)(_t33 - 4)) + 1;
					}
				}
				 *0x42f4a8 =  *0x42f4a8 +  *((intOrPtr*)(_t33 - 4));
				return 0;
			}













                                                                  0x004015bb
                                                                  0x004015c2
                                                                  0x004015c5
                                                                  0x004015ca
                                                                  0x004015ce
                                                                  0x004015d0
                                                                  0x004015d8
                                                                  0x004015da
                                                                  0x004015dc
                                                                  0x004015e0
                                                                  0x004015e3
                                                                  0x004015fb
                                                                  0x004015fc
                                                                  0x004015e5
                                                                  0x004015e5
                                                                  0x004015e8
                                                                  0x00000000
                                                                  0x004015f3
                                                                  0x004015f4
                                                                  0x004015f4
                                                                  0x004015e8
                                                                  0x00401603
                                                                  0x0040160a
                                                                  0x00401617
                                                                  0x00401617
                                                                  0x0040160c
                                                                  0x0040160d
                                                                  0x00401615
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00401615
                                                                  0x0040160a
                                                                  0x0040161a
                                                                  0x0040161d
                                                                  0x0040161f
                                                                  0x00401620
                                                                  0x004015d0
                                                                  0x00401627
                                                                  0x00401652
                                                                  0x004022a4
                                                                  0x00401629
                                                                  0x0040162b
                                                                  0x00401636
                                                                  0x0040163c
                                                                  0x00401644
                                                                  0x0040164a
                                                                  0x0040164a
                                                                  0x00401644
                                                                  0x004029bb
                                                                  0x004029c7

                                                                  APIs
                                                                    • Part of subcall function 00405A41: CharNextA.USER32(?,?,C:\,?,00405AAD,C:\,C:\,7476FA90,?,C:\Users\user\AppData\Local\Temp\,004057F8,?,7476FA90,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405A4F
                                                                    • Part of subcall function 00405A41: CharNextA.USER32(00000000), ref: 00405A54
                                                                    • Part of subcall function 00405A41: CharNextA.USER32(00000000), ref: 00405A68
                                                                  • GetFileAttributesA.KERNELBASE(00000000,00000000,00000000,0000005C,00000000,000000F0), ref: 0040160D
                                                                    • Part of subcall function 004055FD: CreateDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405640
                                                                  • SetCurrentDirectoryA.KERNELBASE(00000000,C:\Program Files (x86)\Wildix\WIService,00000000,00000000,000000F0), ref: 0040163C
                                                                  Strings
                                                                  • C:\Program Files (x86)\Wildix\WIService, xrefs: 00401631
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.691031265.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.691022035.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691058909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691080261.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691237627.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691253951.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691263137.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691442975.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                  Similarity
                                                                  • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                                                  • String ID: C:\Program Files (x86)\Wildix\WIService
                                                                  • API String ID: 1892508949-4211190453
                                                                  • Opcode ID: 08a3087bb2a30077ba34e7e92968e352eff6a2b7baf1aa2c3a4ea80dfe544a50
                                                                  • Instruction ID: 1afb8a6b6fc663fc0b529d5452f3d1f5a7876e1f873962654dbae4e79628cbca
                                                                  • Opcode Fuzzy Hash: 08a3087bb2a30077ba34e7e92968e352eff6a2b7baf1aa2c3a4ea80dfe544a50
                                                                  • Instruction Fuzzy Hash: 08112731508141EBCB217FB54D41A7F36B4AE96324F68093FE4D1B22E2D63D4842AA2F
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 00401EC3 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 54COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 69%
                                                                  			E00401EC3(void* __ecx, void* __eflags) {
				intOrPtr _t20;
				void* _t39;
				void* _t42;
				void* _t47;

				_t42 = __ecx;
				_t45 = E00402B2C(_t39);
				_t20 = E00402B2C(0x31);
				_t43 = E00402B2C(0x22);
				E00402B2C(0x15);
				E00401423(0xffffffec);
				 *(_t47 - 0x80) =  *(_t47 - 0x24);
				 *((intOrPtr*)(_t47 - 0x7c)) =  *((intOrPtr*)(_t47 - 8));
				 *((intOrPtr*)(_t47 - 0x68)) =  *((intOrPtr*)(_t47 - 0x28));
				asm("sbb eax, eax");
				 *((intOrPtr*)(_t47 - 0x74)) = _t20;
				 *(_t47 - 0x78) =  ~( *_t19) & _t45;
				asm("sbb eax, eax");
				 *(_t47 - 0x6c) = "C:\\Program Files (x86)\\Wildix\\WIService";
				 *(_t47 - 0x70) =  ~( *_t21) & _t43;
				if(E004056F2(_t47 - 0x84) == 0) {
					 *((intOrPtr*)(_t47 - 4)) = 1;
				} else {
					if(( *(_t47 - 0x80) & 0x00000040) != 0) {
						E0040641D(_t42,  *((intOrPtr*)(_t47 - 0x4c)));
						_push( *((intOrPtr*)(_t47 - 0x4c)));
						FindCloseChangeNotification(); // executed
					}
				}
				 *0x42f4a8 =  *0x42f4a8 +  *((intOrPtr*)(_t47 - 4));
				return 0;
			}







                                                                  0x00401ec3
                                                                  0x00401ecb
                                                                  0x00401ecd
                                                                  0x00401edd
                                                                  0x00401edf
                                                                  0x00401ee6
                                                                  0x00401eee
                                                                  0x00401ef4
                                                                  0x00401efa
                                                                  0x00401f01
                                                                  0x00401f03
                                                                  0x00401f08
                                                                  0x00401f0f
                                                                  0x00401f11
                                                                  0x00401f1a
                                                                  0x00401f2b
                                                                  0x00402783
                                                                  0x00401f31
                                                                  0x00401f35
                                                                  0x00401f3e
                                                                  0x00401f43
                                                                  0x00401f8d
                                                                  0x00401f8d
                                                                  0x00401f35
                                                                  0x004029bb
                                                                  0x004029c7

                                                                  APIs
                                                                    • Part of subcall function 004056F2: ShellExecuteExA.SHELL32(?,004044E5,?), ref: 00405701
                                                                    • Part of subcall function 0040641D: WaitForSingleObject.KERNEL32(?,00000064), ref: 0040642E
                                                                    • Part of subcall function 0040641D: GetExitCodeProcess.KERNEL32 ref: 00406450
                                                                  • FindCloseChangeNotification.KERNELBASE(?,?,?,?,?,?), ref: 00401F8D
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.691031265.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.691022035.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691058909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691080261.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691237627.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691253951.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691263137.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691442975.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                  Similarity
                                                                  • API ID: ChangeCloseCodeExecuteExitFindNotificationObjectProcessShellSingleWait
                                                                  • String ID: @$C:\Program Files (x86)\Wildix\WIService
                                                                  • API String ID: 4215836453-1207270012
                                                                  • Opcode ID: 7a305fa7ebdee270b2f6feef7d621283433115b8e7cc8e56de74ece495ab6e09
                                                                  • Instruction ID: 577b900a760e5ca89da3760b6b8950c99b83f280e087cd582299b2594771d0cd
                                                                  • Opcode Fuzzy Hash: 7a305fa7ebdee270b2f6feef7d621283433115b8e7cc8e56de74ece495ab6e09
                                                                  • Instruction Fuzzy Hash: 66113D71E042049ACB11EFB98A45A8DBFF4AF08314F64057BE450F72C2D7B88805DF18
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 00405EF7 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44registryCOMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 90%
                                                                  			E00405EF7(void* __ecx, void* __eflags, intOrPtr _a4, int _a8, char* _a12, char* _a16, signed int _a20) {
				int _v8;
				long _t21;
				long _t24;
				char* _t30;

				asm("sbb eax, eax");
				_v8 = 0x400;
				_t21 = E00405E96(__eflags, _a4, _a8,  ~_a20 & 0x00000100 | 0x00020019,  &_a20); // executed
				_t30 = _a16;
				if(_t21 != 0) {
					L4:
					 *_t30 =  *_t30 & 0x00000000;
				} else {
					_t24 = RegQueryValueExA(_a20, _a12, 0,  &_a8, _t30,  &_v8); // executed
					_t21 = RegCloseKey(_a20); // executed
					_t30[0x3ff] = _t30[0x3ff] & 0x00000000;
					if(_t24 != 0 || _a8 != 1 && _a8 != 2) {
						goto L4;
					}
				}
				return _t21;
			}







                                                                  0x00405f05
                                                                  0x00405f07
                                                                  0x00405f1f
                                                                  0x00405f24
                                                                  0x00405f29
                                                                  0x00405f66
                                                                  0x00405f66
                                                                  0x00405f2b
                                                                  0x00405f3d
                                                                  0x00405f48
                                                                  0x00405f4e
                                                                  0x00405f58
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00405f58
                                                                  0x00405f6b

                                                                  APIs
                                                                  • RegQueryValueExA.KERNELBASE(?,?,00000000,?,?,00000400,: Completed,?,?,?,?,00000002,: Completed,?,0040613B,80000002), ref: 00405F3D
                                                                  • RegCloseKey.KERNELBASE(?,?,0040613B,80000002,Software\Microsoft\Windows\CurrentVersion,: Completed,: Completed,: Completed,?,Completed), ref: 00405F48
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.691031265.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.691022035.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691058909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691080261.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691237627.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691253951.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691263137.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691442975.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                  Similarity
                                                                  • API ID: CloseQueryValue
                                                                  • String ID: : Completed
                                                                  • API String ID: 3356406503-2954849223
                                                                  • Opcode ID: 074503bd4819f587f33d8f4257f8029770edcc3592d90d126d241b317bef6944
                                                                  • Instruction ID: 2ff6a7a209fcbf00177f68e0cac6a7fed3d2e9df1b1dc864ec66af95abe17f1f
                                                                  • Opcode Fuzzy Hash: 074503bd4819f587f33d8f4257f8029770edcc3592d90d126d241b317bef6944
                                                                  • Instruction Fuzzy Hash: 63017C7250060AABDF228F61CD09FDB3FA8EF59364F04403AF955E2190D2B8DA54CFA4
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 004056AF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 100%
                                                                  			E004056AF(CHAR* _a4) {
				struct _PROCESS_INFORMATION _v20;
				int _t7;

				0x42c078->cb = 0x44;
				_t7 = CreateProcessA(0, _a4, 0, 0, 0, 0x4000000, 0, 0, 0x42c078,  &_v20); // executed
				if(_t7 != 0) {
					CloseHandle(_v20.hThread);
					return _v20.hProcess;
				}
				return _t7;
			}





                                                                  0x004056b8
                                                                  0x004056d8
                                                                  0x004056e0
                                                                  0x004056e5
                                                                  0x00000000
                                                                  0x004056eb
                                                                  0x004056ef

                                                                  APIs
                                                                  • CreateProcessA.KERNELBASE(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,0042C078,Error launching installer), ref: 004056D8
                                                                  • CloseHandle.KERNEL32(?), ref: 004056E5
                                                                  Strings
                                                                  • Error launching installer, xrefs: 004056C2
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.691031265.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.691022035.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691058909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691080261.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691237627.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691253951.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691263137.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691442975.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                  Similarity
                                                                  • API ID: CloseCreateHandleProcess
                                                                  • String ID: Error launching installer
                                                                  • API String ID: 3712363035-66219284
                                                                  • Opcode ID: a2b9ecb8406674d5a7d1aded78611502900df459338db245270d40db8d5eaf79
                                                                  • Instruction ID: d682804100e664e073205113f6b11307167482a28e2818ee20dd6d85df95f7a7
                                                                  • Opcode Fuzzy Hash: a2b9ecb8406674d5a7d1aded78611502900df459338db245270d40db8d5eaf79
                                                                  • Instruction Fuzzy Hash: CFE046F0640209BFEB109FA0EE49F7F7AADEB00704F404521BD00F2190EA7498088A7C
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 00401B63 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 72memoryCOMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 59%
                                                                  			E00401B63(void* __ebx, void* __edx) {
				intOrPtr _t7;
				void* _t8;
				void _t11;
				void* _t13;
				void* _t21;
				void* _t24;
				void* _t30;
				void* _t33;
				void* _t34;
				char* _t36;
				void* _t37;

				_t27 = __ebx;
				_t7 =  *((intOrPtr*)(_t37 - 0x2c));
				_t30 =  *0x40b858; // 0x852798
				if(_t7 == __ebx) {
					if(__edx == __ebx) {
						_t8 = GlobalAlloc(0x40, 0x404); // executed
						_t34 = _t8;
						_t4 = _t34 + 4; // 0x4
						E00406032(__ebx, _t30, _t34, _t4,  *((intOrPtr*)(_t37 - 0x34)));
						_t11 =  *0x40b858; // 0x852798
						 *_t34 = _t11;
						 *0x40b858 = _t34;
					} else {
						if(_t30 == __ebx) {
							 *((intOrPtr*)(_t37 - 4)) = 1;
						} else {
							_t2 = _t30 + 4; // 0x85279c
							E00406010(_t33, _t2);
							_push(_t30);
							 *0x40b858 =  *_t30; // executed
							GlobalFree(); // executed
						}
					}
					goto L15;
				} else {
					while(1) {
						_t7 = _t7 - 1;
						if(_t30 == _t27) {
							break;
						}
						_t30 =  *_t30;
						if(_t7 != _t27) {
							continue;
						} else {
							if(_t30 == _t27) {
								break;
							} else {
								_t32 = _t30 + 4;
								_t36 = "\"C:\\Windows\\explorer.exe\" \"C:\\Program Files (x86)\\Wildix\\WIService\\wiservice.exe\"";
								E00406010(_t36, _t30 + 4);
								_t21 =  *0x40b858; // 0x852798
								E00406010(_t32, _t21 + 4);
								_t24 =  *0x40b858; // 0x852798
								_push(_t36);
								_push(_t24 + 4);
								E00406010();
								L15:
								 *0x42f4a8 =  *0x42f4a8 +  *((intOrPtr*)(_t37 - 4));
								_t13 = 0;
							}
						}
						goto L17;
					}
					_push(0x200010);
					_push(E00406032(_t27, _t30, _t33, _t27, 0xffffffe8));
					E0040572C();
					_t13 = 0x7fffffff;
				}
				L17:
				return _t13;
			}














                                                                  0x00401b63
                                                                  0x00401b63
                                                                  0x00401b66
                                                                  0x00401b6e
                                                                  0x00401bb6
                                                                  0x00401be4
                                                                  0x00401bed
                                                                  0x00401bef
                                                                  0x00401bf3
                                                                  0x00401bf8
                                                                  0x00401bfd
                                                                  0x00401bff
                                                                  0x00401bb8
                                                                  0x00401bba
                                                                  0x00402783
                                                                  0x00401bc0
                                                                  0x00401bc0
                                                                  0x00401bc5
                                                                  0x00401bcc
                                                                  0x00401bcd
                                                                  0x00401bd2
                                                                  0x00401bd2
                                                                  0x00401bba
                                                                  0x00000000
                                                                  0x00401b70
                                                                  0x00401b70
                                                                  0x00401b70
                                                                  0x00401b73
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00401b79
                                                                  0x00401b7d
                                                                  0x00000000
                                                                  0x00401b7f
                                                                  0x00401b81
                                                                  0x00000000
                                                                  0x00401b87
                                                                  0x00401b87
                                                                  0x00401b8a
                                                                  0x00401b91
                                                                  0x00401b96
                                                                  0x00401ba0
                                                                  0x00401ba5
                                                                  0x00401baa
                                                                  0x00401bae
                                                                  0x004028d6
                                                                  0x004029b8
                                                                  0x004029bb
                                                                  0x004029c1
                                                                  0x004029c1
                                                                  0x00401b81
                                                                  0x00000000
                                                                  0x00401b7d
                                                                  0x0040233b
                                                                  0x00402348
                                                                  0x00402349
                                                                  0x0040234e
                                                                  0x0040234e
                                                                  0x004029c3
                                                                  0x004029c7

                                                                  APIs
                                                                  • GlobalFree.KERNEL32 ref: 00401BD2
                                                                  • GlobalAlloc.KERNELBASE(00000040,00000404), ref: 00401BE4
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.691031265.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.691022035.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691058909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691080261.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691237627.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691253951.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691263137.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691442975.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                  Similarity
                                                                  • API ID: Global$AllocFree
                                                                  • String ID: "C:\Windows\explorer.exe" "C:\Program Files (x86)\Wildix\WIService\wiservice.exe"
                                                                  • API String ID: 3394109436-3775993315
                                                                  • Opcode ID: 6d7ff2a269b29df243dac5a31b31c390212993cd2cb387205d16563d3155f2c3
                                                                  • Instruction ID: d4b557a109d17d81ab43e8b3f8c0bc9708487bd5a7f62e569783b32eaae16c6e
                                                                  • Opcode Fuzzy Hash: 6d7ff2a269b29df243dac5a31b31c390212993cd2cb387205d16563d3155f2c3
                                                                  • Instruction Fuzzy Hash: 8D2193B2640140ABC710FFA8DA88A5E73ADEB44314B21843BF142F72D1D77899919B9D
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 0040254C Relevance: 4.5, APIs: 3, Instructions: 47registryCOMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 86%
                                                                  			E0040254C(int* __ebx, intOrPtr __edx, char* __esi) {
				int _t10;
				long _t13;
				int* _t16;
				intOrPtr _t21;
				void* _t22;
				char* _t24;
				void* _t26;
				void* _t29;

				_t24 = __esi;
				_t21 = __edx;
				_t16 = __ebx;
				_t22 = E00402B6C(_t29, 0x20019);
				_t10 = E00402B0A(3);
				 *((intOrPtr*)(_t26 - 0x10)) = _t21;
				 *__esi = __ebx;
				if(_t22 == __ebx) {
					 *((intOrPtr*)(_t26 - 4)) = 1;
				} else {
					 *(_t26 + 8) = 0x3ff;
					if( *((intOrPtr*)(_t26 - 0x24)) == __ebx) {
						_t13 = RegEnumValueA(_t22, _t10, __esi, _t26 + 8, __ebx, __ebx, __ebx, __ebx);
						__eflags = _t13;
						if(_t13 != 0) {
							 *((intOrPtr*)(_t26 - 4)) = 1;
						}
					} else {
						RegEnumKeyA(_t22, _t10, __esi, 0x3ff);
					}
					_t24[0x3ff] = _t16;
					_push(_t22); // executed
					RegCloseKey(); // executed
				}
				 *0x42f4a8 =  *0x42f4a8 +  *((intOrPtr*)(_t26 - 4));
				return 0;
			}











                                                                  0x0040254c
                                                                  0x0040254c
                                                                  0x0040254c
                                                                  0x00402558
                                                                  0x0040255a
                                                                  0x00402562
                                                                  0x00402565
                                                                  0x00402567
                                                                  0x00402783
                                                                  0x0040256d
                                                                  0x00402575
                                                                  0x00402578
                                                                  0x00402591
                                                                  0x00402597
                                                                  0x00402599
                                                                  0x0040259b
                                                                  0x0040259b
                                                                  0x0040257a
                                                                  0x0040257e
                                                                  0x0040257e
                                                                  0x004025a2
                                                                  0x004025a8
                                                                  0x004025a9
                                                                  0x004025a9
                                                                  0x004029bb
                                                                  0x004029c7

                                                                  APIs
                                                                  • RegEnumKeyA.ADVAPI32(00000000,00000000,?,000003FF), ref: 0040257E
                                                                  • RegEnumValueA.ADVAPI32(00000000,00000000,?,?), ref: 00402591
                                                                  • RegCloseKey.KERNELBASE(?,?,?,C:\Program Files (x86)\Wildix\WIService\proxyex.lnk,00000000,00000011,00000002), ref: 004025A9
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.691031265.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.691022035.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691058909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691080261.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691237627.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691253951.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691263137.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691442975.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                  Similarity
                                                                  • API ID: Enum$CloseValue
                                                                  • String ID:
                                                                  • API String ID: 397863658-0
                                                                  • Opcode ID: 37e738cec324d61a2f70768af6b191aeff6b55d76fe7f4a5df61323c4f48b18c
                                                                  • Instruction ID: 759f5540e81814690deb71b34766d19dbbd7be08400e999f0e3afb18397e9514
                                                                  • Opcode Fuzzy Hash: 37e738cec324d61a2f70768af6b191aeff6b55d76fe7f4a5df61323c4f48b18c
                                                                  • Instruction Fuzzy Hash: 7501BCB1A01205FFE7119F699E89ABF7ABCEB40344F10003EF442B62C0D6F84E049669
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 6F542921 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 21memoryCOMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 100%
                                                                  			_entry_(intOrPtr _a4, intOrPtr _a8) {

				 *0x6f544038 = _a4;
				if(_a8 == 1) {
					VirtualProtect(0x6f54404c, 4, 0x40, 0x6f54403c); // executed
					 *0x6f54404c = 0xc2;
					 *0x6f54403c = 0;
					 *0x6f544044 = 0;
					 *0x6f544058 = 0;
					 *0x6f544048 = 0;
					 *0x6f544040 = 0;
					 *0x6f544050 = 0;
					 *0x6f54404e = 0;
				}
				return 1;
			}



                                                                  0x6f54292a
                                                                  0x6f54292f
                                                                  0x6f54293f
                                                                  0x6f542947
                                                                  0x6f54294e
                                                                  0x6f542953
                                                                  0x6f542958
                                                                  0x6f54295d
                                                                  0x6f542962
                                                                  0x6f542967
                                                                  0x6f54296c
                                                                  0x6f54296c
                                                                  0x6f542974

                                                                  APIs
                                                                  • VirtualProtect.KERNELBASE(6F54404C,00000004,00000040,6F54403C), ref: 6F54293F
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.692110359.000000006F541000.00000020.00000001.01000000.00000005.sdmp, Offset: 6F540000, based on PE: true
                                                                  • Associated: 00000000.00000002.692101817.000000006F540000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                  • Associated: 00000000.00000002.692119078.000000006F543000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                  • Associated: 00000000.00000002.692127055.000000006F545000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6f540000_SetupWIService.jbxd
                                                                  Similarity
                                                                  • API ID: ProtectVirtual
                                                                  • String ID: `gqt@Mqt
                                                                  • API String ID: 544645111-3052285678
                                                                  • Opcode ID: d7bdfc95bd78bbbcdde5a4dfa9b379806e1917edbce5f901ec63205812902139
                                                                  • Instruction ID: 325ee715b05a45d66e6516ee06d1560ae92384f1c82088c94bb772629699f6cc
                                                                  • Opcode Fuzzy Hash: d7bdfc95bd78bbbcdde5a4dfa9b379806e1917edbce5f901ec63205812902139
                                                                  • Instruction Fuzzy Hash: 15F0A5B1588A80DECB60EF7886457053FE0B71A364B03452AE95CDF241E3344C7CAB11
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 004024DA Relevance: 3.1, APIs: 2, Instructions: 56registryCOMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 84%
                                                                  			E004024DA(int* __ebx, char* __esi) {
				void* _t17;
				char* _t18;
				long _t21;
				void* _t33;
				void* _t37;
				void* _t40;

				_t35 = __esi;
				_t27 = __ebx;
				_t17 = E00402B6C(_t40, 0x20019); // executed
				_t33 = _t17;
				_t18 = E00402B2C(0x33);
				 *__esi = __ebx;
				if(_t33 == __ebx) {
					 *(_t37 - 4) = 1;
				} else {
					 *(_t37 - 0x10) = 0x400;
					_t21 = RegQueryValueExA(_t33, _t18, __ebx, _t37 + 8, __esi, _t37 - 0x10); // executed
					if(_t21 != 0) {
						L7:
						 *_t35 = _t27;
						 *(_t37 - 4) = 1;
					} else {
						if( *(_t37 + 8) == 4) {
							__eflags =  *(_t37 - 0x24) - __ebx;
							 *(_t37 - 4) = 0 |  *(_t37 - 0x24) == __ebx;
							E00405F6E(__esi,  *__esi);
						} else {
							if( *(_t37 + 8) == 1 ||  *(_t37 + 8) == 2) {
								 *(_t37 - 4) =  *(_t37 - 0x24);
								_t35[0x3ff] = _t27;
							} else {
								goto L7;
							}
						}
					}
					_push(_t33); // executed
					RegCloseKey(); // executed
				}
				 *0x42f4a8 =  *0x42f4a8 +  *(_t37 - 4);
				return 0;
			}









                                                                  0x004024da
                                                                  0x004024da
                                                                  0x004024df
                                                                  0x004024e6
                                                                  0x004024e8
                                                                  0x004024ef
                                                                  0x004024f1
                                                                  0x00402783
                                                                  0x004024f7
                                                                  0x004024fa
                                                                  0x0040250a
                                                                  0x00402515
                                                                  0x00402545
                                                                  0x00402545
                                                                  0x00402547
                                                                  0x00402517
                                                                  0x0040251b
                                                                  0x00402534
                                                                  0x0040253b
                                                                  0x0040253e
                                                                  0x0040251d
                                                                  0x00402520
                                                                  0x0040252b
                                                                  0x004025a2
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00402520
                                                                  0x0040251b
                                                                  0x004025a8
                                                                  0x004025a9
                                                                  0x004025a9
                                                                  0x004029bb
                                                                  0x004029c7

                                                                  APIs
                                                                  • RegQueryValueExA.KERNELBASE(00000000,00000000,?,?,?,?,?,?,?,?,00000033), ref: 0040250A
                                                                  • RegCloseKey.KERNELBASE(?,?,?,C:\Program Files (x86)\Wildix\WIService\proxyex.lnk,00000000,00000011,00000002), ref: 004025A9
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.691031265.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.691022035.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691058909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691080261.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691237627.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691253951.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691263137.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691442975.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                  Similarity
                                                                  • API ID: CloseQueryValue
                                                                  • String ID:
                                                                  • API String ID: 3356406503-0
                                                                  • Opcode ID: a37d31d288198b64adb47b8aa86d19c7af9168ca8919097579984168ba4b2254
                                                                  • Instruction ID: 8c7c89e59df7b4709da067e0fd7ec9be99446db0afc11a297a964fac99c2b4a6
                                                                  • Opcode Fuzzy Hash: a37d31d288198b64adb47b8aa86d19c7af9168ca8919097579984168ba4b2254
                                                                  • Instruction Fuzzy Hash: E5116A71901205EEDB11CF64CA599AEBAB4AB19348F60447FE042B62C0D6B88A45DB6D
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 59%
                                                                  			E00401389(signed int _a4) {
				intOrPtr* _t6;
				void* _t8;
				void* _t10;
				signed int _t11;
				void* _t12;
				signed int _t16;
				signed int _t17;
				void* _t18;

				_t17 = _a4;
				while(_t17 >= 0) {
					_t6 = _t17 * 0x1c +  *0x42f450;
					if( *_t6 == 1) {
						break;
					}
					_push(_t6); // executed
					_t8 = E00401434(); // executed
					if(_t8 == 0x7fffffff) {
						return 0x7fffffff;
					}
					_t10 = E0040136D(_t8);
					if(_t10 != 0) {
						_t11 = _t10 - 1;
						_t16 = _t17;
						_t17 = _t11;
						_t12 = _t11 - _t16;
					} else {
						_t12 = _t10 + 1;
						_t17 = _t17 + 1;
					}
					if( *((intOrPtr*)(_t18 + 0xc)) != 0) {
						 *0x42ebec =  *0x42ebec + _t12;
						SendMessageA( *(_t18 + 0x18), 0x402, MulDiv( *0x42ebec, 0x7530,  *0x42ebd4), 0); // executed
					}
				}
				return 0;
			}











                                                                  0x0040138a
                                                                  0x004013fa
                                                                  0x0040139b
                                                                  0x004013a0
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x004013a2
                                                                  0x004013a3
                                                                  0x004013ad
                                                                  0x00000000
                                                                  0x00401404
                                                                  0x004013b0
                                                                  0x004013b7
                                                                  0x004013bd
                                                                  0x004013be
                                                                  0x004013c0
                                                                  0x004013c2
                                                                  0x004013b9
                                                                  0x004013b9
                                                                  0x004013ba
                                                                  0x004013ba
                                                                  0x004013c9
                                                                  0x004013cb
                                                                  0x004013f4
                                                                  0x004013f4
                                                                  0x004013c9
                                                                  0x00000000

                                                                  APIs
                                                                  • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                  • SendMessageA.USER32(?,00000402,00000000), ref: 004013F4
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.691031265.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.691022035.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691058909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691080261.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691237627.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691253951.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691263137.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691442975.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                  Similarity
                                                                  • API ID: MessageSend
                                                                  • String ID:
                                                                  • API String ID: 3850602802-0
                                                                  • Opcode ID: 3ffebd5fca59fb87aab51f7597ede924ce92eaed1a0ec0a619fe9c5b1ad01a7d
                                                                  • Instruction ID: 5ed4d9c38c73c282456bb639181f16eab54b9a7fb1a82fe129ff52a3f74c88ba
                                                                  • Opcode Fuzzy Hash: 3ffebd5fca59fb87aab51f7597ede924ce92eaed1a0ec0a619fe9c5b1ad01a7d
                                                                  • Instruction Fuzzy Hash: B101F4317242109BE7199B399D04B6A3698E710719F54823FF852F61F1D678EC028B4C
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 004023E8 Relevance: 3.0, APIs: 2, Instructions: 39registryCOMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 100%
                                                                  			E004023E8(void* __ebx, void* __edx) {
				long _t6;
				void* _t9;
				long _t11;
				void* _t13;
				long _t18;
				void* _t20;
				void* _t22;
				void* _t23;

				_t13 = __ebx;
				_t26 =  *(_t23 - 0x24) - __ebx;
				_t20 = __edx;
				if( *(_t23 - 0x24) != __ebx) {
					_t6 = E00402BEA(_t20, E00402B2C(0x22),  *(_t23 - 0x24) >> 1); // executed
					_t18 = _t6;
					goto L4;
				} else {
					_t9 = E00402B6C(_t26, 2); // executed
					_t22 = _t9;
					if(_t22 == __ebx) {
						L6:
						 *((intOrPtr*)(_t23 - 4)) = 1;
					} else {
						_t11 = RegDeleteValueA(_t22, E00402B2C(0x33)); // executed
						_t18 = _t11; // executed
						RegCloseKey(_t22); // executed
						L4:
						if(_t18 != _t13) {
							goto L6;
						}
					}
				}
				 *0x42f4a8 =  *0x42f4a8 +  *((intOrPtr*)(_t23 - 4));
				return 0;
			}











                                                                  0x004023e8
                                                                  0x004023e8
                                                                  0x004023eb
                                                                  0x004023ed
                                                                  0x00402429
                                                                  0x0040242e
                                                                  0x00000000
                                                                  0x004023ef
                                                                  0x004023f1
                                                                  0x004023f6
                                                                  0x004023fa
                                                                  0x00402783
                                                                  0x00402783
                                                                  0x00402400
                                                                  0x00402409
                                                                  0x00402410
                                                                  0x00402412
                                                                  0x00402430
                                                                  0x00402432
                                                                  0x00000000
                                                                  0x00402438
                                                                  0x00402432
                                                                  0x004023fa
                                                                  0x004029bb
                                                                  0x004029c7

                                                                  APIs
                                                                  • RegDeleteValueA.KERNELBASE(00000000,00000000,00000033), ref: 00402409
                                                                  • RegCloseKey.KERNELBASE(00000000), ref: 00402412
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.691031265.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.691022035.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691058909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691080261.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691237627.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691253951.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691263137.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691442975.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                  Similarity
                                                                  • API ID: CloseDeleteValue
                                                                  • String ID:
                                                                  • API String ID: 2831762973-0
                                                                  • Opcode ID: e7d8a32b6411c19df594e44ef8f442ab4c5114c567b1e7e96baca4bbbe39ce49
                                                                  • Instruction ID: 992cd2d97de9e3103286cc81bf95427654d5587fd7cb6228862516595ad29640
                                                                  • Opcode Fuzzy Hash: e7d8a32b6411c19df594e44ef8f442ab4c5114c567b1e7e96baca4bbbe39ce49
                                                                  • Instruction Fuzzy Hash: 17F0BB32A00120ABD701AFB89B4DBAE72B9DB54314F15017FF502B72C1D5F85E01876D
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 00405209 Relevance: 3.0, APIs: 2, Instructions: 32comCOMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 50%
                                                                  			E00405209(signed int __eax) {
				intOrPtr _v0;
				intOrPtr _t10;
				intOrPtr _t11;
				intOrPtr* _t12;

				_t11 =  *0x42f448;
				_t10 =  *0x42f44c;
				__imp__OleInitialize(0);
				 *0x42f4d8 =  *0x42f4d8 | __eax;
				E004040EA(0);
				if(_t10 != 0) {
					_t12 = _t11 + 0xc;
					while(1) {
						_t10 = _t10 - 1;
						if(( *(_t12 - 4) & 0x00000001) != 0 && E00401389( *_t12, _v0) != 0) {
							break;
						}
						_t12 = _t12 + 0x418;
						if(_t10 != 0) {
							continue;
						} else {
						}
						goto L7;
					}
					 *0x42f4ac =  *0x42f4ac + 1;
				}
				L7:
				E004040EA(0x404); // executed
				__imp__OleUninitialize(); // executed
				return  *0x42f4ac;
			}







                                                                  0x0040520a
                                                                  0x00405211
                                                                  0x00405219
                                                                  0x0040521f
                                                                  0x00405227
                                                                  0x0040522e
                                                                  0x00405230
                                                                  0x00405233
                                                                  0x00405233
                                                                  0x00405238
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00405249
                                                                  0x00405251
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00405253
                                                                  0x00000000
                                                                  0x00405251
                                                                  0x00405255
                                                                  0x00405255
                                                                  0x0040525b
                                                                  0x00405260
                                                                  0x00405265
                                                                  0x00405272

                                                                  APIs
                                                                  • OleInitialize.OLE32(00000000), ref: 00405219
                                                                    • Part of subcall function 004040EA: SendMessageA.USER32(0001042E,00000000,00000000,00000000), ref: 004040FC
                                                                  • OleUninitialize.OLE32(00000404,00000000), ref: 00405265
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.691031265.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.691022035.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691058909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691080261.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691237627.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691253951.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691263137.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691442975.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                  Similarity
                                                                  • API ID: InitializeMessageSendUninitialize
                                                                  • String ID:
                                                                  • API String ID: 2896919175-0
                                                                  • Opcode ID: ff5a6a7b65a814117e5c60406d4b68c11f41b4a06df9feb66e55404f69fd7fd5
                                                                  • Instruction ID: 9a3391529ab878983223843ca161e5b6bea3d4eac8d78fefe4e57b08d02bc963
                                                                  • Opcode Fuzzy Hash: ff5a6a7b65a814117e5c60406d4b68c11f41b4a06df9feb66e55404f69fd7fd5
                                                                  • Instruction Fuzzy Hash: 7CF02E76600A009BE7607B419D00B2773B0EFE4304F89407EEF84B32E0C6B4480A8E2D
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 004063A8 Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 100%
                                                                  			E004063A8(signed int _a4) {
				struct HINSTANCE__* _t5;
				signed int _t10;

				_t10 = _a4 << 3;
				_t8 =  *(_t10 + 0x40a240);
				_t5 = GetModuleHandleA( *(_t10 + 0x40a240));
				if(_t5 != 0) {
					L2:
					return GetProcAddress(_t5,  *(_t10 + 0x40a244));
				}
				_t5 = E0040633A(_t8); // executed
				if(_t5 == 0) {
					return 0;
				}
				goto L2;
			}





                                                                  0x004063b0
                                                                  0x004063b3
                                                                  0x004063ba
                                                                  0x004063c2
                                                                  0x004063ce
                                                                  0x00000000
                                                                  0x004063d5
                                                                  0x004063c5
                                                                  0x004063cc
                                                                  0x00000000
                                                                  0x004063dd
                                                                  0x00000000

                                                                  APIs
                                                                  • GetModuleHandleA.KERNEL32(?,?,?,004032DE,0000000A), ref: 004063BA
                                                                  • GetProcAddress.KERNEL32(00000000,?), ref: 004063D5
                                                                    • Part of subcall function 0040633A: GetSystemDirectoryA.KERNEL32 ref: 00406351
                                                                    • Part of subcall function 0040633A: wsprintfA.USER32 ref: 0040638A
                                                                    • Part of subcall function 0040633A: LoadLibraryExA.KERNELBASE(?,00000000,00000008), ref: 0040639E
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.691031265.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.691022035.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691058909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691080261.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691237627.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691253951.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691263137.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691442975.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                  Similarity
                                                                  • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                                  • String ID:
                                                                  • API String ID: 2547128583-0
                                                                  • Opcode ID: dd9300423111a071ed2c714751f7876f95e5d132df45129638b184150075da19
                                                                  • Instruction ID: 650a49b09a3c495eabc0f371936d9c907298e200c4f2363c251d84495e191d7a
                                                                  • Opcode Fuzzy Hash: dd9300423111a071ed2c714751f7876f95e5d132df45129638b184150075da19
                                                                  • Instruction Fuzzy Hash: B4E08C32604220ABD2106A74AE0493B72A89E94710302083EF947F2240DB389C3697AD
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 00405BA9 Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 68%
                                                                  			E00405BA9(CHAR* _a4, long _a8, long _a12) {
				signed int _t5;
				void* _t6;

				_t5 = GetFileAttributesA(_a4); // executed
				asm("sbb ecx, ecx");
				_t6 = CreateFileA(_a4, _a8, 1, 0, _a12,  ~(_t5 + 1) & _t5, 0); // executed
				return _t6;
			}





                                                                  0x00405bad
                                                                  0x00405bba
                                                                  0x00405bcf
                                                                  0x00405bd5

                                                                  APIs
                                                                  • GetFileAttributesA.KERNELBASE(00000003,00402E04,C:\Users\user\Desktop\SetupWIService.exe,80000000,00000003), ref: 00405BAD
                                                                  • CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405BCF
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.691031265.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.691022035.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691058909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691080261.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691237627.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691253951.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691263137.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691442975.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                  Similarity
                                                                  • API ID: File$AttributesCreate
                                                                  • String ID:
                                                                  • API String ID: 415043291-0
                                                                  • Opcode ID: 80243517f436f95d2d00e5b5224d95f101b34955670c918b0becce4e09b30ec3
                                                                  • Instruction ID: 6905ba7dec075751c4c8bdaf1e97cd52a4ed4154a0977e2bcfee25d1bc4df630
                                                                  • Opcode Fuzzy Hash: 80243517f436f95d2d00e5b5224d95f101b34955670c918b0becce4e09b30ec3
                                                                  • Instruction Fuzzy Hash: F5D09E31254201EFEF098F20DE16F2EBBA2EB94B00F11952CB682944E1DA715819AB19
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 00405B84 Relevance: 3.0, APIs: 2, Instructions: 13COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 100%
                                                                  			E00405B84(CHAR* _a4) {
				signed char _t3;
				signed char _t7;

				_t3 = GetFileAttributesA(_a4); // executed
				_t7 = _t3;
				if(_t7 != 0xffffffff) {
					SetFileAttributesA(_a4, _t3 & 0x000000fe);
				}
				return _t7;
			}





                                                                  0x00405b89
                                                                  0x00405b8f
                                                                  0x00405b94
                                                                  0x00405b9d
                                                                  0x00405b9d
                                                                  0x00405ba6

                                                                  APIs
                                                                  • GetFileAttributesA.KERNELBASE(?,?,0040579C,?,?,00000000,0040597F,?,?,?,?), ref: 00405B89
                                                                  • SetFileAttributesA.KERNEL32(?,00000000), ref: 00405B9D
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.691031265.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.691022035.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691058909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691080261.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691237627.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691253951.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691263137.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691442975.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                  Similarity
                                                                  • API ID: AttributesFile
                                                                  • String ID:
                                                                  • API String ID: 3188754299-0
                                                                  • Opcode ID: a53a5738952024e77fe51bdf82e6835a24f68a8863f167a8e3b3ad13dd9f075c
                                                                  • Instruction ID: 89bb1c08115ccb47c9876ad1094a3663263f91dea81084495bed50ebcc9a35d2
                                                                  • Opcode Fuzzy Hash: a53a5738952024e77fe51bdf82e6835a24f68a8863f167a8e3b3ad13dd9f075c
                                                                  • Instruction Fuzzy Hash: B7D0C972504421ABD2102728AE0889BBBA5DB542717028A36F9A5A22B1DB304C569A99
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 0040567A Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 100%
                                                                  			E0040567A(CHAR* _a4) {
				int _t2;

				_t2 = CreateDirectoryA(_a4, 0); // executed
				if(_t2 == 0) {
					return GetLastError();
				}
				return 0;
			}




                                                                  0x00405680
                                                                  0x00405688
                                                                  0x00000000
                                                                  0x0040568e
                                                                  0x00000000

                                                                  APIs
                                                                  • CreateDirectoryA.KERNELBASE(?,00000000,0040325E,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040347D,?,00000006,00000008,0000000A), ref: 00405680
                                                                  • GetLastError.KERNEL32(?,00000006,00000008,0000000A), ref: 0040568E
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.691031265.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.691022035.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691058909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691080261.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691237627.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691253951.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691263137.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691442975.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                  Similarity
                                                                  • API ID: CreateDirectoryErrorLast
                                                                  • String ID:
                                                                  • API String ID: 1375471231-0
                                                                  • Opcode ID: f012ed4f2e447eb03a7c1a9074efbf4aa4d4dcf66ab1e3e2b7403bfb804529af
                                                                  • Instruction ID: cb450b3a329ff4c2b820c3640ee2c86a22e1ba63869c3c930ac7c2b00640337e
                                                                  • Opcode Fuzzy Hash: f012ed4f2e447eb03a7c1a9074efbf4aa4d4dcf66ab1e3e2b7403bfb804529af
                                                                  • Instruction Fuzzy Hash: B3C04C302145029EDA515B319E08B1B7A59AB90781F528839654AE81B0DE768455DD2E
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 00401F48 Relevance: 1.5, APIs: 1, Instructions: 37COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 78%
                                                                  			E00401F48(void* __ecx) {
				void* _t8;
				void* _t12;
				void* _t14;
				void* _t16;
				void* _t17;
				void* _t20;
				void* _t22;

				_t16 = __ecx;
				_t19 = E00402B2C(_t14);
				E00405137(0xffffffeb, _t6); // executed
				_t8 = E004056AF(_t19); // executed
				_t20 = _t8;
				if(_t20 == _t14) {
					 *((intOrPtr*)(_t22 - 4)) = 1;
				} else {
					if( *((intOrPtr*)(_t22 - 0x2c)) != _t14) {
						_t12 = E0040641D(_t16, _t20);
						if( *((intOrPtr*)(_t22 - 0x30)) < _t14) {
							if(_t12 != _t14) {
								 *((intOrPtr*)(_t22 - 4)) = 1;
							}
						} else {
							E00405F6E(_t17, _t12);
						}
					}
					_push(_t20); // executed
					FindCloseChangeNotification(); // executed
				}
				 *0x42f4a8 =  *0x42f4a8 +  *((intOrPtr*)(_t22 - 4));
				return 0;
			}










                                                                  0x00401f48
                                                                  0x00401f4e
                                                                  0x00401f53
                                                                  0x00401f59
                                                                  0x00401f5e
                                                                  0x00401f62
                                                                  0x00402783
                                                                  0x00401f68
                                                                  0x00401f6b
                                                                  0x00401f6e
                                                                  0x00401f76
                                                                  0x00401f83
                                                                  0x00401f85
                                                                  0x00401f85
                                                                  0x00401f78
                                                                  0x00401f7a
                                                                  0x00401f7a
                                                                  0x00401f76
                                                                  0x00401f8c
                                                                  0x00401f8d
                                                                  0x00401f8d
                                                                  0x004029bb
                                                                  0x004029c7

                                                                  APIs
                                                                    • Part of subcall function 00405137: lstrlenA.KERNEL32(Completed,00000000,008A7114,7476EA30,?,?,?,?,?,?,?,?,?,00403156,00000000,?), ref: 00405170
                                                                    • Part of subcall function 00405137: lstrlenA.KERNEL32(00403156,Completed,00000000,008A7114,7476EA30,?,?,?,?,?,?,?,?,?,00403156,00000000), ref: 00405180
                                                                    • Part of subcall function 00405137: lstrcatA.KERNEL32(Completed,00403156,00403156,Completed,00000000,008A7114,7476EA30), ref: 00405193
                                                                    • Part of subcall function 00405137: SetWindowTextA.USER32(Completed,Completed), ref: 004051A5
                                                                    • Part of subcall function 00405137: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 004051CB
                                                                    • Part of subcall function 00405137: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 004051E5
                                                                    • Part of subcall function 00405137: SendMessageA.USER32(?,00001013,?,00000000), ref: 004051F3
                                                                    • Part of subcall function 004056AF: CreateProcessA.KERNELBASE(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,0042C078,Error launching installer), ref: 004056D8
                                                                    • Part of subcall function 004056AF: CloseHandle.KERNEL32(?), ref: 004056E5
                                                                  • FindCloseChangeNotification.KERNELBASE(?,?,?,?,?,?), ref: 00401F8D
                                                                    • Part of subcall function 0040641D: WaitForSingleObject.KERNEL32(?,00000064), ref: 0040642E
                                                                    • Part of subcall function 0040641D: GetExitCodeProcess.KERNEL32 ref: 00406450
                                                                    • Part of subcall function 00405F6E: wsprintfA.USER32 ref: 00405F7B
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.691031265.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.691022035.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691058909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691080261.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691237627.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691253951.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691263137.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691442975.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                  Similarity
                                                                  • API ID: MessageSend$CloseProcesslstrlen$ChangeCodeCreateExitFindHandleNotificationObjectSingleTextWaitWindowlstrcatwsprintf
                                                                  • String ID:
                                                                  • API String ID: 1543427666-0
                                                                  • Opcode ID: 4d1dbd549cc0ea850eaf704625dc632adefc872b984d05e79ff9616bf0b299dc
                                                                  • Instruction ID: 496c5526ea8919913ac139df2c9003272b56504e991eb5cf70cacdc6c7c0cc95
                                                                  • Opcode Fuzzy Hash: 4d1dbd549cc0ea850eaf704625dc632adefc872b984d05e79ff9616bf0b299dc
                                                                  • Instruction Fuzzy Hash: B2F09072A04121ABCB21BBA59A849EF72A8DF41314F51017BE901B72D1C37C0A428ABE
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 004026EF Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 40%
                                                                  			E004026EF(intOrPtr __edx, void* __eflags) {
				long _t7;
				long _t9;
				LONG* _t11;
				void* _t13;
				intOrPtr _t14;
				void* _t17;
				void* _t19;

				_t14 = __edx;
				_push(ds);
				if(__eflags != 0) {
					_t7 = E00402B0A(2);
					_pop(_t13);
					 *((intOrPtr*)(_t19 - 0x10)) = _t14;
					_t9 = SetFilePointer(E00405F87(_t13, _t17), _t7, _t11,  *(_t19 - 0x28)); // executed
					if( *((intOrPtr*)(_t19 - 0x30)) >= _t11) {
						_push(_t9);
						E00405F6E();
					}
				}
				 *0x42f4a8 =  *0x42f4a8 +  *((intOrPtr*)(_t19 - 4));
				return 0;
			}










                                                                  0x004026ef
                                                                  0x004026ef
                                                                  0x004026f0
                                                                  0x004026f8
                                                                  0x004026fd
                                                                  0x004026fe
                                                                  0x0040270d
                                                                  0x00402716
                                                                  0x0040295e
                                                                  0x00402960
                                                                  0x00402960
                                                                  0x00402716
                                                                  0x004029bb
                                                                  0x004029c7

                                                                  APIs
                                                                  • SetFilePointer.KERNELBASE(00000000,?,00000000,?,?), ref: 0040270D
                                                                    • Part of subcall function 00405F6E: wsprintfA.USER32 ref: 00405F7B
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.691031265.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.691022035.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691058909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691080261.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691237627.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691253951.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691263137.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691442975.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                  Similarity
                                                                  • API ID: FilePointerwsprintf
                                                                  • String ID:
                                                                  • API String ID: 327478801-0
                                                                  • Opcode ID: e2356404ccad4a8935ddbf8fc280853e41599541898f6f199fb76157ee16f907
                                                                  • Instruction ID: 342abdd748c97434aad0a636f6a3342ea7e6d44647dfd0d52b4034c74de68662
                                                                  • Opcode Fuzzy Hash: e2356404ccad4a8935ddbf8fc280853e41599541898f6f199fb76157ee16f907
                                                                  • Instruction Fuzzy Hash: 32E06DB2700215ABD702ABA4AE89DBF776CEB44314F10043BF200F10C0C6B948428A69
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 0040273B Relevance: 1.5, APIs: 1, Instructions: 27fileCOMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 41%
                                                                  			E0040273B(char __ebx, void* __ecx, char* __esi, void* __eflags) {
				void* _t5;
				int _t8;
				char _t11;
				void* _t15;
				void* _t19;

				_t17 = __esi;
				_t11 = __ebx;
				_t5 = E00405F87(__ecx, _t15);
				if(_t5 == __ebx) {
					L2:
					 *((intOrPtr*)(_t19 - 4)) = 1;
					 *_t17 = _t11;
				} else {
					_t8 = FindNextFileA(_t5, _t19 - 0x1c8); // executed
					if(_t8 != 0) {
						_push(_t19 - 0x19c);
						_push(__esi);
						E00406010();
					} else {
						goto L2;
					}
				}
				 *0x42f4a8 =  *0x42f4a8 +  *((intOrPtr*)(_t19 - 4));
				return 0;
			}








                                                                  0x0040273b
                                                                  0x0040273b
                                                                  0x0040273c
                                                                  0x00402743
                                                                  0x00402757
                                                                  0x00402757
                                                                  0x0040275e
                                                                  0x00402745
                                                                  0x0040274d
                                                                  0x00402755
                                                                  0x0040279c
                                                                  0x0040279d
                                                                  0x004028d6
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00402755
                                                                  0x004029bb
                                                                  0x004029c7

                                                                  APIs
                                                                  • FindNextFileA.KERNELBASE(00000000,?), ref: 0040274D
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.691031265.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.691022035.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691058909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691080261.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691237627.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691253951.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691263137.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691442975.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                  Similarity
                                                                  • API ID: FileFindNext
                                                                  • String ID:
                                                                  • API String ID: 2029273394-0
                                                                  • Opcode ID: 6c16fb3265d5434a67bbc3a754364c03fa3765a95b5e2a99f6dd1015abf345d3
                                                                  • Instruction ID: d4e75fc674a14897d4eb9114d760336efd11fbe9bbc54defada1aced3dc9a7b2
                                                                  • Opcode Fuzzy Hash: 6c16fb3265d5434a67bbc3a754364c03fa3765a95b5e2a99f6dd1015abf345d3
                                                                  • Instruction Fuzzy Hash: E7E06D726001159BD711EBA49A88AAEB3ACEB15314F60447BD142F31C0E6B999869B29
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 00405EC4 Relevance: 1.5, APIs: 1, Instructions: 24registryCOMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 100%
                                                                  			E00405EC4(void* __eflags, intOrPtr _a4, char* _a8, int _a12, void** _a16) {
				void* _t7;
				long _t8;
				void* _t9;

				_t7 = E00405E1B(_a4,  &_a12);
				if(_t7 != 0) {
					_t8 = RegCreateKeyExA(_t7, _a8, 0, 0, 0, _a12, 0, _a16, 0); // executed
					return _t8;
				}
				_t9 = 6;
				return _t9;
			}






                                                                  0x00405ece
                                                                  0x00405ed7
                                                                  0x00405eed
                                                                  0x00000000
                                                                  0x00405eed
                                                                  0x00405edb
                                                                  0x00000000

                                                                  APIs
                                                                  • RegCreateKeyExA.KERNELBASE(00000000,?,00000000,00000000,00000000,?,00000000,?,00000000,?,?,?,00402BDD,00000000,?,?), ref: 00405EED
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.691031265.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.691022035.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691058909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691080261.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691237627.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691253951.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691263137.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691442975.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                  Similarity
                                                                  • API ID: Create
                                                                  • String ID:
                                                                  • API String ID: 2289755597-0
                                                                  • Opcode ID: e8292e86e66d8bfc399a73dea3ede4946860b06fd3b50e0b30bb299c90100862
                                                                  • Instruction ID: 1d4fb08659ff36ace7b23f5759770be8a1f2413d8495cc917bdfefdc51ec9cff
                                                                  • Opcode Fuzzy Hash: e8292e86e66d8bfc399a73dea3ede4946860b06fd3b50e0b30bb299c90100862
                                                                  • Instruction Fuzzy Hash: 64E0E67201050DBEDF195F50DD0AD7B371DE704304F10492EFA45D5150E6B5AA716B78
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 00405C50 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 100%
                                                                  			E00405C50(void* _a4, void* _a8, long _a12) {
				int _t7;
				long _t11;

				_t11 = _a12;
				_t7 = WriteFile(_a4, _a8, _t11,  &_a12, 0); // executed
				if(_t7 == 0 || _t11 != _a12) {
					return 0;
				} else {
					return 1;
				}
			}





                                                                  0x00405c54
                                                                  0x00405c64
                                                                  0x00405c6c
                                                                  0x00000000
                                                                  0x00405c73
                                                                  0x00000000
                                                                  0x00405c75

                                                                  APIs
                                                                  • WriteFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,000000FF,?,004031D6,00000000,0041D428,000000FF,0041D428,000000FF,000000FF,00000004,00000000), ref: 00405C64
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.691031265.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.691022035.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691058909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691080261.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691237627.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691253951.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691263137.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691442975.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                  Similarity
                                                                  • API ID: FileWrite
                                                                  • String ID:
                                                                  • API String ID: 3934441357-0
                                                                  • Opcode ID: d47d29d2c4ad98e9097244963089aa7711ad8f9da7a01510603535aa68a2578c
                                                                  • Instruction ID: df976955bb7b77361248817f919be03bb6bd2f6f3b4dc1c0c3d16748aaf5f5c5
                                                                  • Opcode Fuzzy Hash: d47d29d2c4ad98e9097244963089aa7711ad8f9da7a01510603535aa68a2578c
                                                                  • Instruction Fuzzy Hash: 65E0EC3221476EABEF509F559D04EEB7B6CEB06360F004436FE25E2550D631E9219BA8
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 00405C21 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 100%
                                                                  			E00405C21(void* _a4, void* _a8, long _a12) {
				int _t7;
				long _t11;

				_t11 = _a12;
				_t7 = ReadFile(_a4, _a8, _t11,  &_a12, 0); // executed
				if(_t7 == 0 || _t11 != _a12) {
					return 0;
				} else {
					return 1;
				}
			}





                                                                  0x00405c25
                                                                  0x00405c35
                                                                  0x00405c3d
                                                                  0x00000000
                                                                  0x00405c44
                                                                  0x00000000
                                                                  0x00405c46

                                                                  APIs
                                                                  • ReadFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,000000FF,?,00403220,00000000,00000000,0040304A,000000FF,00000004,00000000,00000000,00000000), ref: 00405C35
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.691031265.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.691022035.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691058909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691080261.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691237627.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691253951.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691263137.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691442975.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                  Similarity
                                                                  • API ID: FileRead
                                                                  • String ID:
                                                                  • API String ID: 2738559852-0
                                                                  • Opcode ID: c828ac78080eafadef002e80ceae40fa9d69551b6ff84e56452d6cc727993955
                                                                  • Instruction ID: 6d14d449f293f6f00ca5a49b865ea561f53b7d8d8b79739f6419f9b8fb6d3ad5
                                                                  • Opcode Fuzzy Hash: c828ac78080eafadef002e80ceae40fa9d69551b6ff84e56452d6cc727993955
                                                                  • Instruction Fuzzy Hash: 9EE0EC3221476AABEF109E559C00EEB7B6CEB05361F008836F915E3150D631E8219FA8
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 00405E96 Relevance: 1.5, APIs: 1, Instructions: 19registryCOMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 100%
                                                                  			E00405E96(void* __eflags, intOrPtr _a4, char* _a8, int _a12, void** _a16) {
				void* _t7;
				long _t8;
				void* _t9;

				_t7 = E00405E1B(_a4,  &_a12);
				if(_t7 != 0) {
					_t8 = RegOpenKeyExA(_t7, _a8, 0, _a12, _a16); // executed
					return _t8;
				}
				_t9 = 6;
				return _t9;
			}






                                                                  0x00405ea0
                                                                  0x00405ea7
                                                                  0x00405eba
                                                                  0x00000000
                                                                  0x00405eba
                                                                  0x00405eab
                                                                  0x00000000

                                                                  APIs
                                                                  • RegOpenKeyExA.KERNELBASE(00000000,?,00000000,?,?,?,?,?,00405F24,?,?,?,?,00000002,: Completed), ref: 00405EBA
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.691031265.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.691022035.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691058909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691080261.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691237627.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691253951.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691263137.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691442975.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                  Similarity
                                                                  • API ID: Open
                                                                  • String ID:
                                                                  • API String ID: 71445658-0
                                                                  • Opcode ID: a8e94fdf895113144ef30ac0413fc9f69bed743b5e5124c6f76e238eb3875bc5
                                                                  • Instruction ID: 4562f56e26d1b405a4b2aa3aa7a0366252bc09d65f2ff82b9814b1ce5e7315b9
                                                                  • Opcode Fuzzy Hash: a8e94fdf895113144ef30ac0413fc9f69bed743b5e5124c6f76e238eb3875bc5
                                                                  • Instruction Fuzzy Hash: 19D0EC3200020DBADF115F90DD05FAB3B2EEB04310F004426FA45A50A0D775D630AA58
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 00402721 Relevance: 1.5, APIs: 1, Instructions: 15COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 100%
                                                                  			E00402721(void* __ebx, void* __eflags) {
				void* _t2;
				void* _t8;
				void* _t10;
				void* _t12;

				_t2 = E00405F87(_t8, _t10);
				if(_t2 != __ebx) {
					FindClose(_t2); // executed
				}
				 *0x42f4a8 =  *0x42f4a8 +  *((intOrPtr*)(_t12 - 4));
				return 0;
			}







                                                                  0x00402722
                                                                  0x00402729
                                                                  0x00402730
                                                                  0x00402730
                                                                  0x004029bb
                                                                  0x004029c7

                                                                  APIs
                                                                  • FindClose.KERNELBASE(00000000), ref: 00402730
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.691031265.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.691022035.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691058909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691080261.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691237627.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691253951.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691263137.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691442975.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                  Similarity
                                                                  • API ID: CloseFind
                                                                  • String ID:
                                                                  • API String ID: 1863332320-0
                                                                  • Opcode ID: 4506bba4b704d6741d86915a9ca1c5bc908dce85ff837cb48e803fd9577ae136
                                                                  • Instruction ID: 19961fc132e34598667f6606421f923b3b198842f905c93f4125f20b851fcaf6
                                                                  • Opcode Fuzzy Hash: 4506bba4b704d6741d86915a9ca1c5bc908dce85ff837cb48e803fd9577ae136
                                                                  • Instruction Fuzzy Hash: 8DD012737011019BC711EBE8AB8895F73A8EB61365B600437D141F6180D67C89064A6D
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 0040409E Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 100%
                                                                  			E0040409E(intOrPtr _a12) {
				intOrPtr _v0;
				struct HWND__* _v4;
				int _t7;
				void* _t8;
				void* _t9;
				void* _t10;

				_t7 = SetDlgItemTextA(_v4, _v0 + 0x3e8, E00406032(_t8, _t9, _t10, 0, _a12)); // executed
				return _t7;
			}









                                                                  0x004040b8
                                                                  0x004040bd

                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.691031265.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.691022035.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691058909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691080261.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691237627.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691253951.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691263137.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691442975.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                  Similarity
                                                                  • API ID: ItemText
                                                                  • String ID:
                                                                  • API String ID: 3367045223-0
                                                                  • Opcode ID: 3342009c4bcc52ea6558533371d894f69e84579cd7c87dcd0a7fc8e4b7aae4f8
                                                                  • Instruction ID: 6a473d6abd2afb14868c07d698b52ed5b96812309ea8467a529f180f5ae5c3ae
                                                                  • Opcode Fuzzy Hash: 3342009c4bcc52ea6558533371d894f69e84579cd7c87dcd0a7fc8e4b7aae4f8
                                                                  • Instruction Fuzzy Hash: 7BC04C75188300FFD641E769CC42F1FB7DDEFA4716F40C52EB15CA11D1C63589209A26
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 004040EA Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 100%
                                                                  			E004040EA(int _a4) {
				struct HWND__* _t2;
				long _t3;

				_t2 =  *0x42ebd8; // 0x1042e
				if(_t2 != 0) {
					_t3 = SendMessageA(_t2, _a4, 0, 0); // executed
					return _t3;
				}
				return _t2;
			}





                                                                  0x004040ea
                                                                  0x004040f1
                                                                  0x004040fc
                                                                  0x00000000
                                                                  0x004040fc
                                                                  0x00404102

                                                                  APIs
                                                                  • SendMessageA.USER32(0001042E,00000000,00000000,00000000), ref: 004040FC
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.691031265.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.691022035.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691058909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691080261.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691237627.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691253951.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691263137.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691442975.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                  Similarity
                                                                  • API ID: MessageSend
                                                                  • String ID:
                                                                  • API String ID: 3850602802-0
                                                                  • Opcode ID: 72d0fdd0e21cb56c477cf419d385c95605940825065c69d2cee1e8d6d2b2924a
                                                                  • Instruction ID: 7943fe6562f209d381c89a283f4c80e3b99f892abcbfa0530db3e7c971cb473d
                                                                  • Opcode Fuzzy Hash: 72d0fdd0e21cb56c477cf419d385c95605940825065c69d2cee1e8d6d2b2924a
                                                                  • Instruction Fuzzy Hash: D1C04C717406006AEA20CB519D4DF0677556750B01F5484797351E50D0C674E850DA1C
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 00403223 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 100%
                                                                  			E00403223(long _a4) {
				long _t2;

				_t2 = SetFilePointer( *0x40a018, _a4, 0, 0); // executed
				return _t2;
			}




                                                                  0x00403231
                                                                  0x00403237

                                                                  APIs
                                                                  • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00402F89,?), ref: 00403231
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.691031265.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.691022035.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691058909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691080261.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691237627.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691253951.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691263137.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691442975.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                  Similarity
                                                                  • API ID: FilePointer
                                                                  • String ID:
                                                                  • API String ID: 973152223-0
                                                                  • Opcode ID: af556f1437a27586b8d302be8c6d190c2fb2fb51029204f11d8d070fc2108142
                                                                  • Instruction ID: 81fdcbbc46e9ac73494c3809a02cbb86869920566b24394b282a4516d046c7b0
                                                                  • Opcode Fuzzy Hash: af556f1437a27586b8d302be8c6d190c2fb2fb51029204f11d8d070fc2108142
                                                                  • Instruction Fuzzy Hash: 32B01231140300BFDA214F00DF09F057B21AB90700F10C034B384780F086711075EB0D
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 004040D3 Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 100%
                                                                  			E004040D3(int _a4) {
				long _t2;

				_t2 = SendMessageA( *0x42f408, 0x28, _a4, 1); // executed
				return _t2;
			}




                                                                  0x004040e1
                                                                  0x004040e7

                                                                  APIs
                                                                  • SendMessageA.USER32(00000028,?,00000001,00403F03), ref: 004040E1
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.691031265.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.691022035.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691058909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691080261.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691237627.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691253951.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691263137.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691442975.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                  Similarity
                                                                  • API ID: MessageSend
                                                                  • String ID:
                                                                  • API String ID: 3850602802-0
                                                                  • Opcode ID: 2bf10b83fa6dd9bc40a18547b02fbce2a65827e50004d0a7ab2884d4d9fdcea2
                                                                  • Instruction ID: 0adc9c0e194aa77c868d6ef978719a9753de7db756a7c543b14a3307e76eee0a
                                                                  • Opcode Fuzzy Hash: 2bf10b83fa6dd9bc40a18547b02fbce2a65827e50004d0a7ab2884d4d9fdcea2
                                                                  • Instruction Fuzzy Hash: B2B09235280A00AAEA215B00DE09F467A62A764701F408038B240250B1CAB200A6DB18
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 004040C0 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 100%
                                                                  			E004040C0(int _a4) {
				int _t2;

				_t2 = EnableWindow( *0x42a86c, _a4); // executed
				return _t2;
			}




                                                                  0x004040ca
                                                                  0x004040d0

                                                                  APIs
                                                                  • KiUserCallbackDispatcher.NTDLL(?,00403E9C), ref: 004040CA
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.691031265.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.691022035.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691058909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691080261.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691237627.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691253951.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691263137.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691442975.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                  Similarity
                                                                  • API ID: CallbackDispatcherUser
                                                                  • String ID:
                                                                  • API String ID: 2492992576-0
                                                                  • Opcode ID: a5e593389213340eb0093cabe197c3c64578a6f34cb7028dbabfa569c0510a2c
                                                                  • Instruction ID: d750239a91494785f156a03a2b8d5ac9aaa4eec5ddabb582aaccf4f48b9497e5
                                                                  • Opcode Fuzzy Hash: a5e593389213340eb0093cabe197c3c64578a6f34cb7028dbabfa569c0510a2c
                                                                  • Instruction Fuzzy Hash: C9A012710000009BCB015B00EF04C057F61AB507007018434A2404003186310432FF1D
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 004014D6 Relevance: 1.3, APIs: 1, Instructions: 19sleepCOMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 100%
                                                                  			E004014D6(intOrPtr __edx) {
				long _t3;
				void* _t7;
				intOrPtr _t10;
				void* _t13;

				_t10 = __edx;
				_t3 = E00402B0A(_t7);
				 *((intOrPtr*)(_t13 - 0x10)) = _t10;
				if(_t3 <= 1) {
					_t3 = 1;
				}
				Sleep(_t3); // executed
				 *0x42f4a8 =  *0x42f4a8 +  *((intOrPtr*)(_t13 - 4));
				return 0;
			}







                                                                  0x004014d6
                                                                  0x004014d7
                                                                  0x004014e0
                                                                  0x004014e3
                                                                  0x004014e7
                                                                  0x004014e7
                                                                  0x004014e9
                                                                  0x004029bb
                                                                  0x004029c7

                                                                  APIs
                                                                  • Sleep.KERNELBASE(00000000), ref: 004014E9
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.691031265.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.691022035.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691058909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691080261.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691237627.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691253951.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691263137.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691442975.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                  Similarity
                                                                  • API ID: Sleep
                                                                  • String ID:
                                                                  • API String ID: 3472027048-0
                                                                  • Opcode ID: 304e40c09ca84ea39dbdbc89486c3f13133389b82dc946018d0dbde829e4e3d0
                                                                  • Instruction ID: bd841e02301729f6c733b5dcab67e03884b535d4bcf0bc385101bf129f75e5b0
                                                                  • Opcode Fuzzy Hash: 304e40c09ca84ea39dbdbc89486c3f13133389b82dc946018d0dbde829e4e3d0
                                                                  • Instruction Fuzzy Hash: A6D05E73B10201CBD710EBB8AE8485F73B8E7503257604837D542F2191E6B8C9428668
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 004059D3 Relevance: 1.3, APIs: 1, Instructions: 10COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 100%
                                                                  			E004059D3(CHAR* _a4, intOrPtr _a8) {
				CHAR* _t3;
				char _t4;

				_t3 = _a4;
				while(1) {
					_t4 =  *_t3;
					if(_t4 == 0) {
						break;
					}
					if(_t4 != _a8) {
						_t3 = CharNextA(_t3); // executed
						continue;
					}
					break;
				}
				return _t3;
			}





                                                                  0x004059d3
                                                                  0x004059e6
                                                                  0x004059e6
                                                                  0x004059ea
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x004059dd
                                                                  0x004059e0
                                                                  0x00000000
                                                                  0x004059e0
                                                                  0x00000000
                                                                  0x004059dd
                                                                  0x004059ec

                                                                  APIs
                                                                  • CharNextA.USER32(?,00403378,"C:\Users\user\Desktop\SetupWIService.exe",00000020,"C:\Users\user\Desktop\SetupWIService.exe",00000000,?,00000006,00000008,0000000A), ref: 004059E0
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.691031265.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.691022035.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691058909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691080261.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691237627.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691253951.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691263137.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691442975.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                  Similarity
                                                                  • API ID: CharNext
                                                                  • String ID:
                                                                  • API String ID: 3213498283-0
                                                                  • Opcode ID: b3d75e14ea0bc4fa348e11ce3f4095a46dc29e6244dbf990e81a5bdbde5f45a4
                                                                  • Instruction ID: fb46cbef96bab5e8de83f3e70455494bb3dc5217d55310dbd9e97dfd5a00caf8
                                                                  • Opcode Fuzzy Hash: b3d75e14ea0bc4fa348e11ce3f4095a46dc29e6244dbf990e81a5bdbde5f45a4
                                                                  • Instruction Fuzzy Hash: 17C0807040C540E7C5105720912556B7FE49B52310F6484DBF4C173251C1345C008F25
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Non-executed Functions

                                                                  Function 6F541A98 Relevance: 25.1, APIs: 13, Strings: 1, Instructions: 591stringlibrarymemoryCOMMONCrypto
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 95%
                                                                  			E6F541A98() {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				CHAR* _v24;
				CHAR* _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				CHAR* _v48;
				signed int _v52;
				void* _v56;
				intOrPtr _v60;
				CHAR* _t207;
				signed int _t210;
				void* _t212;
				void* _t214;
				CHAR* _t216;
				void* _t224;
				struct HINSTANCE__* _t225;
				struct HINSTANCE__* _t226;
				struct HINSTANCE__* _t228;
				signed short _t230;
				struct HINSTANCE__* _t233;
				struct HINSTANCE__* _t235;
				void* _t236;
				char* _t237;
				void* _t248;
				signed char _t249;
				signed int _t250;
				struct HINSTANCE__* _t256;
				void* _t257;
				signed int _t259;
				intOrPtr _t260;
				char* _t263;
				signed int _t268;
				signed int _t271;
				signed int _t273;
				void* _t276;
				void* _t280;
				struct HINSTANCE__* _t282;
				intOrPtr _t285;
				void _t286;
				signed int _t287;
				signed int _t299;
				signed int _t300;
				intOrPtr _t303;
				void* _t304;
				signed int _t308;
				signed int _t311;
				signed int _t314;
				signed int _t315;
				signed int _t316;
				intOrPtr _t319;
				intOrPtr* _t320;
				CHAR* _t321;
				CHAR* _t323;
				CHAR* _t324;
				struct HINSTANCE__* _t325;
				void* _t327;
				signed int _t328;
				void* _t329;

				_t282 = 0;
				_v32 = 0;
				_v36 = 0;
				_v16 = 0;
				_v8 = 0;
				_v40 = 0;
				_t329 = 0;
				_v52 = 0;
				_v44 = 0;
				_t207 = E6F541215();
				_v24 = _t207;
				_v28 = _t207;
				_v48 = E6F541215();
				_t320 = E6F54123B();
				_v56 = _t320;
				_v12 = _t320;
				while(1) {
					_t210 = _v32;
					_v60 = _t210;
					if(_t210 != _t282 && _t329 == _t282) {
						break;
					}
					_t319 =  *_t320;
					_t285 = _t319;
					_t212 = _t285 - _t282;
					if(_t212 == 0) {
						_t37 =  &_v32;
						 *_t37 = _v32 | 0xffffffff;
						__eflags =  *_t37;
						L20:
						_t214 = _v60 - _t282;
						if(_t214 == 0) {
							 *_v28 =  *_v28 & 0x00000000;
							__eflags = _t329 - _t282;
							if(_t329 == _t282) {
								_t329 = GlobalAlloc(0x40, 0x14a4);
								 *(_t329 + 0x810) = _t282;
								 *(_t329 + 0x814) = _t282;
							}
							_t286 = _v36;
							_t47 = _t329 + 8; // 0x8
							_t216 = _t47;
							_t48 = _t329 + 0x408; // 0x408
							_t321 = _t48;
							 *_t329 = _t286;
							 *_t216 =  *_t216 & 0x00000000;
							 *(_t329 + 0x808) = _t282;
							 *_t321 =  *_t321 & 0x00000000;
							_t287 = _t286 - _t282;
							__eflags = _t287;
							 *(_t329 + 0x80c) = _t282;
							 *(_t329 + 4) = _t282;
							if(_t287 == 0) {
								__eflags = _v28 - _v24;
								if(_v28 == _v24) {
									goto L42;
								}
								_t327 = 0;
								GlobalFree(_t329);
								_t329 = E6F5412FE(_v24);
								__eflags = _t329 - _t282;
								if(_t329 == _t282) {
									goto L42;
								} else {
									goto L35;
								}
								while(1) {
									L35:
									_t248 =  *(_t329 + 0x14a0);
									__eflags = _t248 - _t282;
									if(_t248 == _t282) {
										break;
									}
									_t327 = _t329;
									_t329 = _t248;
									__eflags = _t329 - _t282;
									if(_t329 != _t282) {
										continue;
									}
									break;
								}
								__eflags = _t327 - _t282;
								if(_t327 != _t282) {
									 *(_t327 + 0x14a0) = _t282;
								}
								_t249 =  *(_t329 + 0x810);
								__eflags = _t249 & 0x00000008;
								if((_t249 & 0x00000008) == 0) {
									_t250 = _t249 | 0x00000002;
									__eflags = _t250;
									 *(_t329 + 0x810) = _t250;
								} else {
									_t329 = E6F541534(_t329);
									 *(_t329 + 0x810) =  *(_t329 + 0x810) & 0xfffffff5;
								}
								goto L42;
							} else {
								_t299 = _t287 - 1;
								__eflags = _t299;
								if(_t299 == 0) {
									L31:
									lstrcpyA(_t216, _v48);
									L32:
									lstrcpyA(_t321, _v24);
									goto L42;
								}
								_t300 = _t299 - 1;
								__eflags = _t300;
								if(_t300 == 0) {
									goto L32;
								}
								__eflags = _t300 != 1;
								if(_t300 != 1) {
									goto L42;
								}
								goto L31;
							}
						} else {
							if(_t214 == 1) {
								_t256 = _v16;
								if(_v40 == _t282) {
									_t256 = _t256 - 1;
								}
								 *(_t329 + 0x814) = _t256;
							}
							L42:
							_v12 = _v12 + 1;
							_v28 = _v24;
							L59:
							if(_v32 != 0xffffffff) {
								_t320 = _v12;
								continue;
							}
							break;
						}
					}
					_t257 = _t212 - 0x23;
					if(_t257 == 0) {
						__eflags = _t320 - _v56;
						if(_t320 <= _v56) {
							L17:
							__eflags = _v44 - _t282;
							if(_v44 != _t282) {
								L43:
								_t259 = _v32 - _t282;
								__eflags = _t259;
								if(_t259 == 0) {
									_t260 = _t319;
									while(1) {
										__eflags = _t260 - 0x22;
										if(_t260 != 0x22) {
											break;
										}
										_t320 = _t320 + 1;
										__eflags = _v44 - _t282;
										_v12 = _t320;
										if(_v44 == _t282) {
											_v44 = 1;
											L162:
											_v28 =  &(_v28[1]);
											 *_v28 =  *_t320;
											L58:
											_t328 = _t320 + 1;
											__eflags = _t328;
											_v12 = _t328;
											goto L59;
										}
										_t260 =  *_t320;
										_v44 = _t282;
									}
									__eflags = _t260 - 0x2a;
									if(_t260 == 0x2a) {
										_v36 = 2;
										L57:
										_t320 = _v12;
										_v28 = _v24;
										_t282 = 0;
										__eflags = 0;
										goto L58;
									}
									__eflags = _t260 - 0x2d;
									if(_t260 == 0x2d) {
										L151:
										_t303 =  *_t320;
										__eflags = _t303 - 0x2d;
										if(_t303 != 0x2d) {
											L154:
											_t263 = _t320 + 1;
											__eflags =  *_t263 - 0x3a;
											if( *_t263 != 0x3a) {
												goto L162;
											}
											__eflags = _t303 - 0x2d;
											if(_t303 == 0x2d) {
												goto L162;
											}
											_v36 = 1;
											L157:
											_v12 = _t263;
											__eflags = _v28 - _v24;
											if(_v28 <= _v24) {
												 *_v48 =  *_v48 & 0x00000000;
											} else {
												 *_v28 =  *_v28 & 0x00000000;
												lstrcpyA(_v48, _v24);
											}
											goto L57;
										}
										_t263 = _t320 + 1;
										__eflags =  *_t263 - 0x3e;
										if( *_t263 != 0x3e) {
											goto L154;
										}
										_v36 = 3;
										goto L157;
									}
									__eflags = _t260 - 0x3a;
									if(_t260 != 0x3a) {
										goto L162;
									}
									goto L151;
								}
								_t268 = _t259 - 1;
								__eflags = _t268;
								if(_t268 == 0) {
									L80:
									_t304 = _t285 + 0xffffffde;
									__eflags = _t304 - 0x55;
									if(_t304 > 0x55) {
										goto L57;
									}
									switch( *((intOrPtr*)(( *(_t304 + 0x6f542259) & 0x000000ff) * 4 +  &M6F5421CD))) {
										case 0:
											__eax = _v24;
											__edi = _v12;
											while(1) {
												__edi = __edi + 1;
												_v12 = __edi;
												__cl =  *__edi;
												__eflags = __cl - __dl;
												if(__cl != __dl) {
													goto L132;
												}
												L131:
												__eflags =  *(__edi + 1) - __dl;
												if( *(__edi + 1) != __dl) {
													L136:
													 *__eax =  *__eax & 0x00000000;
													__eax = E6F541224(_v24);
													__ebx = __eax;
													goto L97;
												}
												L132:
												__eflags = __cl;
												if(__cl == 0) {
													goto L136;
												}
												__eflags = __cl - __dl;
												if(__cl == __dl) {
													__edi = __edi + 1;
													__eflags = __edi;
												}
												__cl =  *__edi;
												 *__eax =  *__edi;
												__eax = __eax + 1;
												__edi = __edi + 1;
												_v12 = __edi;
												__cl =  *__edi;
												__eflags = __cl - __dl;
												if(__cl != __dl) {
													goto L132;
												}
												goto L131;
											}
										case 1:
											_v8 = 1;
											goto L57;
										case 2:
											_v8 = _v8 | 0xffffffff;
											goto L57;
										case 3:
											_v8 = _v8 & 0x00000000;
											_v20 = _v20 & 0x00000000;
											_v16 = _v16 + 1;
											goto L85;
										case 4:
											__eflags = _v20;
											if(_v20 != 0) {
												goto L57;
											}
											_v12 = _v12 - 1;
											__ebx = E6F541215();
											 &_v12 = E6F541A36( &_v12);
											__eax = E6F541429(__edx, __eax, __edx, __ebx);
											goto L97;
										case 5:
											L105:
											_v20 = _v20 + 1;
											goto L57;
										case 6:
											_push(7);
											goto L123;
										case 7:
											_push(0x19);
											goto L143;
										case 8:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L107;
										case 9:
											_push(0x15);
											goto L143;
										case 0xa:
											_push(0x16);
											goto L143;
										case 0xb:
											_push(0x18);
											goto L143;
										case 0xc:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L118;
										case 0xd:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L109;
										case 0xe:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L111;
										case 0xf:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L122;
										case 0x10:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L113;
										case 0x11:
											_push(3);
											goto L123;
										case 0x12:
											_push(0x17);
											L143:
											_pop(__ebx);
											goto L98;
										case 0x13:
											__eax =  &_v12;
											__eax = E6F541A36( &_v12);
											__ebx = __eax;
											__ebx = __eax + 1;
											__eflags = __ebx - 0xb;
											if(__ebx < 0xb) {
												__ebx = __ebx + 0xa;
											}
											goto L97;
										case 0x14:
											__ebx = 0xffffffff;
											goto L98;
										case 0x15:
											__eax = 0;
											__eflags = 0;
											goto L116;
										case 0x16:
											__ecx = 0;
											__eflags = 0;
											goto L91;
										case 0x17:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L120;
										case 0x18:
											_t270 =  *(_t329 + 0x814);
											__eflags = _t270 - _v16;
											if(_t270 > _v16) {
												_v16 = _t270;
											}
											_v8 = _v8 & 0x00000000;
											_v20 = _v20 & 0x00000000;
											_v36 - 3 = _t270 - (_v36 == 3);
											if(_t270 != _v36 == 3) {
												L85:
												_v40 = 1;
											}
											goto L57;
										case 0x19:
											L107:
											__ecx = 0;
											_v8 = 2;
											__ecx = 1;
											goto L91;
										case 0x1a:
											L118:
											_push(5);
											goto L123;
										case 0x1b:
											L109:
											__ecx = 0;
											_v8 = 3;
											__ecx = 1;
											goto L91;
										case 0x1c:
											L111:
											__ecx = 0;
											__ecx = 1;
											goto L91;
										case 0x1d:
											L122:
											_push(6);
											goto L123;
										case 0x1e:
											L113:
											_push(2);
											goto L123;
										case 0x1f:
											__eax =  &_v12;
											__eax = E6F541A36( &_v12);
											__ebx = __eax;
											__ebx = __eax + 1;
											goto L97;
										case 0x20:
											L116:
											_v52 = _v52 + 1;
											_push(3);
											_pop(__ecx);
											goto L91;
										case 0x21:
											L120:
											_push(4);
											L123:
											_pop(__ecx);
											L91:
											__edi = _v16;
											__edx =  *(0x6f54305c + __ecx * 4);
											__eax =  ~__eax;
											asm("sbb eax, eax");
											_v40 = 1;
											__edi = _v16 << 5;
											__eax = __eax & 0x00008000;
											__edi = (_v16 << 5) + __esi;
											__eax = __eax | __ecx;
											__eflags = _v8;
											 *(__edi + 0x818) = __eax;
											if(_v8 < 0) {
												L93:
												__edx = 0;
												__edx = 1;
												__eflags = 1;
												L94:
												__eflags = _v8 - 1;
												 *(__edi + 0x828) = __edx;
												if(_v8 == 1) {
													__eax =  &_v12;
													__eax = E6F541A36( &_v12);
													__eax = __eax + 1;
													__eflags = __eax;
													_v8 = __eax;
												}
												__eax = _v8;
												 *((intOrPtr*)(__edi + 0x81c)) = _v8;
												_t136 = _v16 + 0x41; // 0x41
												_t136 = _t136 << 5;
												__eax = 0;
												__eflags = 0;
												 *((intOrPtr*)((_t136 << 5) + __esi)) = 0;
												 *((intOrPtr*)(__edi + 0x830)) = 0;
												 *((intOrPtr*)(__edi + 0x82c)) = 0;
												L97:
												__eflags = __ebx;
												if(__ebx == 0) {
													goto L57;
												}
												L98:
												__eflags = _v20;
												_v40 = 1;
												if(_v20 != 0) {
													L103:
													__eflags = _v20 - 1;
													if(_v20 == 1) {
														__eax = _v16;
														__eax = _v16 << 5;
														__eflags = __eax;
														 *(__eax + __esi + 0x82c) = __ebx;
													}
													goto L105;
												}
												_v16 = _v16 << 5;
												_t144 = __esi + 0x830; // 0x830
												__edi = (_v16 << 5) + _t144;
												__eax =  *__edi;
												__eflags = __eax - 0xffffffff;
												if(__eax <= 0xffffffff) {
													L101:
													__eax = GlobalFree(__eax);
													L102:
													 *__edi = __ebx;
													goto L103;
												}
												__eflags = __eax - 0x19;
												if(__eax <= 0x19) {
													goto L102;
												}
												goto L101;
											}
											__eflags = __edx;
											if(__edx > 0) {
												goto L94;
											}
											goto L93;
										case 0x22:
											goto L57;
									}
								}
								_t271 = _t268 - 1;
								__eflags = _t271;
								if(_t271 == 0) {
									_v16 = _t282;
									goto L80;
								}
								__eflags = _t271 != 1;
								if(_t271 != 1) {
									goto L162;
								}
								__eflags = _t285 - 0x6e;
								if(__eflags > 0) {
									_t308 = _t285 - 0x72;
									__eflags = _t308;
									if(_t308 == 0) {
										_push(4);
										L74:
										_pop(_t273);
										L75:
										__eflags = _v8 - 1;
										if(_v8 != 1) {
											_t96 = _t329 + 0x810;
											 *_t96 =  *(_t329 + 0x810) &  !_t273;
											__eflags =  *_t96;
										} else {
											 *(_t329 + 0x810) =  *(_t329 + 0x810) | _t273;
										}
										_v8 = 1;
										goto L57;
									}
									_t311 = _t308 - 1;
									__eflags = _t311;
									if(_t311 == 0) {
										_push(0x10);
										goto L74;
									}
									__eflags = _t311 != 0;
									if(_t311 != 0) {
										goto L57;
									}
									_push(0x40);
									goto L74;
								}
								if(__eflags == 0) {
									_push(8);
									goto L74;
								}
								_t314 = _t285 - 0x21;
								__eflags = _t314;
								if(_t314 == 0) {
									_v8 =  ~_v8;
									goto L57;
								}
								_t315 = _t314 - 0x11;
								__eflags = _t315;
								if(_t315 == 0) {
									_t273 = 0x100;
									goto L75;
								}
								_t316 = _t315 - 0x31;
								__eflags = _t316;
								if(_t316 == 0) {
									_t273 = 1;
									goto L75;
								}
								__eflags = _t316 != 0;
								if(_t316 != 0) {
									goto L57;
								}
								_push(0x20);
								goto L74;
							} else {
								_v32 = _t282;
								_v36 = _t282;
								goto L20;
							}
						}
						__eflags =  *((char*)(_t320 - 1)) - 0x3a;
						if( *((char*)(_t320 - 1)) != 0x3a) {
							goto L17;
						}
						__eflags = _v32 - _t282;
						if(_v32 == _t282) {
							goto L43;
						}
						goto L17;
					}
					_t276 = _t257 - 5;
					if(_t276 == 0) {
						__eflags = _v44 - _t282;
						if(_v44 != _t282) {
							goto L43;
						} else {
							__eflags = _v36 - 3;
							_v32 = 1;
							_v8 = _t282;
							_v20 = _t282;
							_v16 = (0 | _v36 == 0x00000003) + 1;
							_v40 = _t282;
							goto L20;
						}
					}
					_t280 = _t276 - 1;
					if(_t280 == 0) {
						__eflags = _v44 - _t282;
						if(_v44 != _t282) {
							goto L43;
						} else {
							_v32 = 2;
							_v8 = _t282;
							_v20 = _t282;
							goto L20;
						}
					}
					if(_t280 != 0x16) {
						goto L43;
					} else {
						_v32 = 3;
						_v8 = 1;
						goto L20;
					}
				}
				GlobalFree(_v56);
				GlobalFree(_v24);
				GlobalFree(_v48);
				if(_t329 == _t282 ||  *(_t329 + 0x80c) != _t282) {
					L182:
					return _t329;
				} else {
					_t224 =  *_t329 - 1;
					if(_t224 == 0) {
						_t187 = _t329 + 8; // 0x8
						_t323 = _t187;
						__eflags =  *_t323;
						if( *_t323 != 0) {
							_t225 = GetModuleHandleA(_t323);
							__eflags = _t225 - _t282;
							 *(_t329 + 0x808) = _t225;
							if(_t225 != _t282) {
								L171:
								_t192 = _t329 + 0x408; // 0x408
								_t324 = _t192;
								_t226 = E6F5415C2( *(_t329 + 0x808), _t324);
								__eflags = _t226 - _t282;
								 *(_t329 + 0x80c) = _t226;
								if(_t226 == _t282) {
									__eflags =  *_t324 - 0x23;
									if( *_t324 == 0x23) {
										_t195 = _t329 + 0x409; // 0x409
										_t230 = E6F5412FE(_t195);
										__eflags = _t230 - _t282;
										if(_t230 != _t282) {
											__eflags = _t230 & 0xffff0000;
											if((_t230 & 0xffff0000) == 0) {
												 *(_t329 + 0x80c) = GetProcAddress( *(_t329 + 0x808), _t230 & 0x0000ffff);
											}
										}
									}
								}
								__eflags = _v52 - _t282;
								if(_v52 != _t282) {
									L178:
									_t324[lstrlenA(_t324)] = 0x41;
									_t228 = E6F5415C2( *(_t329 + 0x808), _t324);
									__eflags = _t228 - _t282;
									if(_t228 != _t282) {
										L166:
										 *(_t329 + 0x80c) = _t228;
										goto L182;
									}
									__eflags =  *(_t329 + 0x80c) - _t282;
									L180:
									if(__eflags != 0) {
										goto L182;
									}
									L181:
									_t205 = _t329 + 4;
									 *_t205 =  *(_t329 + 4) | 0xffffffff;
									__eflags =  *_t205;
									goto L182;
								} else {
									__eflags =  *(_t329 + 0x80c) - _t282;
									if( *(_t329 + 0x80c) != _t282) {
										goto L182;
									}
									goto L178;
								}
							}
							_t233 = LoadLibraryA(_t323);
							__eflags = _t233 - _t282;
							 *(_t329 + 0x808) = _t233;
							if(_t233 == _t282) {
								goto L181;
							}
							goto L171;
						}
						_t188 = _t329 + 0x408; // 0x408
						_t235 = E6F5412FE(_t188);
						 *(_t329 + 0x80c) = _t235;
						__eflags = _t235 - _t282;
						goto L180;
					}
					_t236 = _t224 - 1;
					if(_t236 == 0) {
						_t185 = _t329 + 0x408; // 0x408
						_t237 = _t185;
						__eflags =  *_t237;
						if( *_t237 == 0) {
							goto L182;
						}
						_t228 = E6F5412FE(_t237);
						L165:
						goto L166;
					}
					if(_t236 != 1) {
						goto L182;
					}
					_t81 = _t329 + 8; // 0x8
					_t283 = _t81;
					_t325 = E6F5412FE(_t81);
					 *(_t329 + 0x808) = _t325;
					if(_t325 == 0) {
						goto L181;
					}
					 *(_t329 + 0x84c) =  *(_t329 + 0x84c) & 0x00000000;
					 *((intOrPtr*)(_t329 + 0x850)) = E6F541224(_t283);
					 *(_t329 + 0x83c) =  *(_t329 + 0x83c) & 0x00000000;
					 *((intOrPtr*)(_t329 + 0x848)) = 1;
					 *((intOrPtr*)(_t329 + 0x838)) = 1;
					_t90 = _t329 + 0x408; // 0x408
					_t228 =  *(_t325->i + E6F5412FE(_t90) * 4);
					goto L165;
				}
			}


































































                                                                  0x6f541aa0
                                                                  0x6f541aa3
                                                                  0x6f541aa6
                                                                  0x6f541aa9
                                                                  0x6f541aac
                                                                  0x6f541aaf
                                                                  0x6f541ab2
                                                                  0x6f541ab4
                                                                  0x6f541ab7
                                                                  0x6f541aba
                                                                  0x6f541abf
                                                                  0x6f541ac2
                                                                  0x6f541aca
                                                                  0x6f541ad2
                                                                  0x6f541ad4
                                                                  0x6f541ad7
                                                                  0x6f541adf
                                                                  0x6f541adf
                                                                  0x6f541ae4
                                                                  0x6f541ae7
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x6f541af1
                                                                  0x6f541af3
                                                                  0x6f541af8
                                                                  0x6f541afa
                                                                  0x6f541b8b
                                                                  0x6f541b8b
                                                                  0x6f541b8b
                                                                  0x6f541b8f
                                                                  0x6f541b92
                                                                  0x6f541b94
                                                                  0x6f541bb6
                                                                  0x6f541bb9
                                                                  0x6f541bbb
                                                                  0x6f541bca
                                                                  0x6f541bcc
                                                                  0x6f541bd2
                                                                  0x6f541bd2
                                                                  0x6f541bd8
                                                                  0x6f541bdb
                                                                  0x6f541bdb
                                                                  0x6f541bde
                                                                  0x6f541bde
                                                                  0x6f541be4
                                                                  0x6f541be6
                                                                  0x6f541be9
                                                                  0x6f541bef
                                                                  0x6f541bf2
                                                                  0x6f541bf2
                                                                  0x6f541bf4
                                                                  0x6f541bfa
                                                                  0x6f541bfd
                                                                  0x6f541c21
                                                                  0x6f541c24
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x6f541c27
                                                                  0x6f541c29
                                                                  0x6f541c37
                                                                  0x6f541c3a
                                                                  0x6f541c3c
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x6f541c3e
                                                                  0x6f541c3e
                                                                  0x6f541c3e
                                                                  0x6f541c44
                                                                  0x6f541c46
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x6f541c48
                                                                  0x6f541c4a
                                                                  0x6f541c4c
                                                                  0x6f541c4e
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x6f541c4e
                                                                  0x6f541c50
                                                                  0x6f541c52
                                                                  0x6f541c54
                                                                  0x6f541c54
                                                                  0x6f541c5a
                                                                  0x6f541c60
                                                                  0x6f541c62
                                                                  0x6f541c76
                                                                  0x6f541c76
                                                                  0x6f541c78
                                                                  0x6f541c64
                                                                  0x6f541c6a
                                                                  0x6f541c6d
                                                                  0x6f541c6d
                                                                  0x00000000
                                                                  0x6f541bff
                                                                  0x6f541bff
                                                                  0x6f541bff
                                                                  0x6f541c00
                                                                  0x6f541c08
                                                                  0x6f541c0c
                                                                  0x6f541c12
                                                                  0x6f541c16
                                                                  0x00000000
                                                                  0x6f541c16
                                                                  0x6f541c02
                                                                  0x6f541c02
                                                                  0x6f541c03
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x6f541c05
                                                                  0x6f541c06
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x6f541c06
                                                                  0x6f541b96
                                                                  0x6f541b97
                                                                  0x6f541ba0
                                                                  0x6f541ba3
                                                                  0x6f541bb0
                                                                  0x6f541bb0
                                                                  0x6f541ba5
                                                                  0x6f541ba5
                                                                  0x6f541c7e
                                                                  0x6f541c81
                                                                  0x6f541c84
                                                                  0x6f541cf6
                                                                  0x6f541cfa
                                                                  0x6f541adc
                                                                  0x00000000
                                                                  0x6f541adc
                                                                  0x00000000
                                                                  0x6f541cfa
                                                                  0x6f541b94
                                                                  0x6f541b00
                                                                  0x6f541b03
                                                                  0x6f541b66
                                                                  0x6f541b69
                                                                  0x6f541b7a
                                                                  0x6f541b7a
                                                                  0x6f541b7d
                                                                  0x6f541c89
                                                                  0x6f541c8c
                                                                  0x6f541c8c
                                                                  0x6f541c8e
                                                                  0x6f542033
                                                                  0x6f542045
                                                                  0x6f542045
                                                                  0x6f542047
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x6f542037
                                                                  0x6f542038
                                                                  0x6f54203b
                                                                  0x6f54203e
                                                                  0x6f5420ba
                                                                  0x6f5420c1
                                                                  0x6f5420c6
                                                                  0x6f5420c9
                                                                  0x6f541cf2
                                                                  0x6f541cf2
                                                                  0x6f541cf2
                                                                  0x6f541cf3
                                                                  0x00000000
                                                                  0x6f541cf3
                                                                  0x6f542040
                                                                  0x6f542042
                                                                  0x6f542042
                                                                  0x6f542049
                                                                  0x6f54204b
                                                                  0x6f5420ae
                                                                  0x6f541ce7
                                                                  0x6f541cea
                                                                  0x6f541ced
                                                                  0x6f541cf0
                                                                  0x6f541cf0
                                                                  0x00000000
                                                                  0x6f541cf0
                                                                  0x6f54204d
                                                                  0x6f54204f
                                                                  0x6f542055
                                                                  0x6f542055
                                                                  0x6f542057
                                                                  0x6f54205a
                                                                  0x6f54206d
                                                                  0x6f54206d
                                                                  0x6f542070
                                                                  0x6f542073
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x6f542075
                                                                  0x6f542078
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x6f54207a
                                                                  0x6f542081
                                                                  0x6f542081
                                                                  0x6f542087
                                                                  0x6f54208a
                                                                  0x6f5420a6
                                                                  0x6f54208c
                                                                  0x6f542095
                                                                  0x6f542098
                                                                  0x6f542098
                                                                  0x00000000
                                                                  0x6f54208a
                                                                  0x6f54205c
                                                                  0x6f54205f
                                                                  0x6f542062
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x6f542064
                                                                  0x00000000
                                                                  0x6f542064
                                                                  0x6f542051
                                                                  0x6f542053
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x6f542053
                                                                  0x6f541c94
                                                                  0x6f541c94
                                                                  0x6f541c95
                                                                  0x6f541dde
                                                                  0x6f541dde
                                                                  0x6f541de5
                                                                  0x6f541de8
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x6f541df5
                                                                  0x00000000
                                                                  0x6f541fdb
                                                                  0x6f541fde
                                                                  0x6f541fe1
                                                                  0x6f541fe1
                                                                  0x6f541fe2
                                                                  0x6f541fe5
                                                                  0x6f541fe7
                                                                  0x6f541fe9
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x6f541feb
                                                                  0x6f541feb
                                                                  0x6f541fee
                                                                  0x6f542000
                                                                  0x6f542003
                                                                  0x6f542006
                                                                  0x6f54200c
                                                                  0x00000000
                                                                  0x6f54200c
                                                                  0x6f541ff0
                                                                  0x6f541ff0
                                                                  0x6f541ff2
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x6f541ff4
                                                                  0x6f541ff6
                                                                  0x6f541ff8
                                                                  0x6f541ff8
                                                                  0x6f541ff8
                                                                  0x6f541ff9
                                                                  0x6f541ffb
                                                                  0x6f541ffd
                                                                  0x6f541fe1
                                                                  0x6f541fe2
                                                                  0x6f541fe5
                                                                  0x6f541fe7
                                                                  0x6f541fe9
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x6f541fe9
                                                                  0x00000000
                                                                  0x6f541e3c
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x6f541e48
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x6f541e2f
                                                                  0x6f541e33
                                                                  0x6f541e37
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x6f541fad
                                                                  0x6f541fb1
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x6f541fb7
                                                                  0x6f541fbf
                                                                  0x6f541fc6
                                                                  0x6f541fce
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x6f541f15
                                                                  0x6f541f15
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x6f541e51
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x6f54202b
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x6f541f1d
                                                                  0x6f541f1f
                                                                  0x6f541f1f
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x6f54201b
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x6f54201f
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x6f542027
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x6f541f64
                                                                  0x6f541f66
                                                                  0x6f541f66
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x6f541f2f
                                                                  0x6f541f31
                                                                  0x6f541f31
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x6f541f41
                                                                  0x6f541f43
                                                                  0x6f541f43
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x6f541f72
                                                                  0x6f541f74
                                                                  0x6f541f74
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x6f541f4c
                                                                  0x6f541f4e
                                                                  0x6f541f4e
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x6f541f53
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x6f542023
                                                                  0x6f54202d
                                                                  0x6f54202d
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x6f541f7d
                                                                  0x6f541f81
                                                                  0x6f541f86
                                                                  0x6f541f89
                                                                  0x6f541f8a
                                                                  0x6f541f8d
                                                                  0x6f541f93
                                                                  0x6f541f93
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x6f542013
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x6f541f57
                                                                  0x6f541f57
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x6f541e58
                                                                  0x6f541e58
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x6f541f6b
                                                                  0x6f541f6d
                                                                  0x6f541f6d
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x6f541dfc
                                                                  0x6f541e02
                                                                  0x6f541e05
                                                                  0x6f541e07
                                                                  0x6f541e07
                                                                  0x6f541e0a
                                                                  0x6f541e0e
                                                                  0x6f541e1b
                                                                  0x6f541e1d
                                                                  0x6f541e23
                                                                  0x6f541e23
                                                                  0x6f541e23
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x6f541f20
                                                                  0x6f541f20
                                                                  0x6f541f22
                                                                  0x6f541f29
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x6f541f67
                                                                  0x6f541f67
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x6f541f32
                                                                  0x6f541f32
                                                                  0x6f541f34
                                                                  0x6f541f3b
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x6f541f44
                                                                  0x6f541f44
                                                                  0x6f541f46
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x6f541f75
                                                                  0x6f541f75
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x6f541f4f
                                                                  0x6f541f4f
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x6f541f9b
                                                                  0x6f541f9f
                                                                  0x6f541fa4
                                                                  0x6f541fa7
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x6f541f59
                                                                  0x6f541f59
                                                                  0x6f541f5c
                                                                  0x6f541f5e
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x6f541f6e
                                                                  0x6f541f6e
                                                                  0x6f541f77
                                                                  0x6f541f77
                                                                  0x6f541e5a
                                                                  0x6f541e5a
                                                                  0x6f541e5d
                                                                  0x6f541e64
                                                                  0x6f541e66
                                                                  0x6f541e68
                                                                  0x6f541e6f
                                                                  0x6f541e72
                                                                  0x6f541e77
                                                                  0x6f541e79
                                                                  0x6f541e7b
                                                                  0x6f541e7f
                                                                  0x6f541e85
                                                                  0x6f541e8b
                                                                  0x6f541e8b
                                                                  0x6f541e8d
                                                                  0x6f541e8d
                                                                  0x6f541e8e
                                                                  0x6f541e8e
                                                                  0x6f541e92
                                                                  0x6f541e98
                                                                  0x6f541e9a
                                                                  0x6f541e9e
                                                                  0x6f541ea3
                                                                  0x6f541ea3
                                                                  0x6f541ea5
                                                                  0x6f541ea5
                                                                  0x6f541ea8
                                                                  0x6f541eab
                                                                  0x6f541eb4
                                                                  0x6f541eb7
                                                                  0x6f541eba
                                                                  0x6f541eba
                                                                  0x6f541ebc
                                                                  0x6f541ebf
                                                                  0x6f541ec5
                                                                  0x6f541ecb
                                                                  0x6f541ecb
                                                                  0x6f541ecd
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x6f541ed3
                                                                  0x6f541ed3
                                                                  0x6f541ed7
                                                                  0x6f541ede
                                                                  0x6f541f02
                                                                  0x6f541f02
                                                                  0x6f541f06
                                                                  0x6f541f08
                                                                  0x6f541f0b
                                                                  0x6f541f0b
                                                                  0x6f541f0e
                                                                  0x6f541f0e
                                                                  0x00000000
                                                                  0x6f541f06
                                                                  0x6f541ee3
                                                                  0x6f541ee6
                                                                  0x6f541ee6
                                                                  0x6f541eed
                                                                  0x6f541eef
                                                                  0x6f541ef2
                                                                  0x6f541ef9
                                                                  0x6f541efa
                                                                  0x6f541f00
                                                                  0x6f541f00
                                                                  0x00000000
                                                                  0x6f541f00
                                                                  0x6f541ef4
                                                                  0x6f541ef7
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x6f541ef7
                                                                  0x6f541e87
                                                                  0x6f541e89
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x6f541df5
                                                                  0x6f541c9b
                                                                  0x6f541c9b
                                                                  0x6f541c9c
                                                                  0x6f541ddb
                                                                  0x00000000
                                                                  0x6f541ddb
                                                                  0x6f541ca2
                                                                  0x6f541ca3
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x6f541ca9
                                                                  0x6f541cac
                                                                  0x6f541da0
                                                                  0x6f541da0
                                                                  0x6f541da3
                                                                  0x6f541db8
                                                                  0x6f541dba
                                                                  0x6f541dba
                                                                  0x6f541dbb
                                                                  0x6f541dbe
                                                                  0x6f541dc1
                                                                  0x6f541dcd
                                                                  0x6f541dcd
                                                                  0x6f541dcd
                                                                  0x6f541dc3
                                                                  0x6f541dc3
                                                                  0x6f541dc3
                                                                  0x6f541dd3
                                                                  0x00000000
                                                                  0x6f541dd3
                                                                  0x6f541da5
                                                                  0x6f541da5
                                                                  0x6f541da6
                                                                  0x6f541db4
                                                                  0x00000000
                                                                  0x6f541db4
                                                                  0x6f541da9
                                                                  0x6f541daa
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x6f541db0
                                                                  0x00000000
                                                                  0x6f541db0
                                                                  0x6f541cb2
                                                                  0x6f541d9c
                                                                  0x00000000
                                                                  0x6f541d9c
                                                                  0x6f541cb8
                                                                  0x6f541cb8
                                                                  0x6f541cbb
                                                                  0x6f541ce4
                                                                  0x00000000
                                                                  0x6f541ce4
                                                                  0x6f541cbd
                                                                  0x6f541cbd
                                                                  0x6f541cc0
                                                                  0x6f541cda
                                                                  0x00000000
                                                                  0x6f541cda
                                                                  0x6f541cc2
                                                                  0x6f541cc2
                                                                  0x6f541cc5
                                                                  0x6f541cd4
                                                                  0x00000000
                                                                  0x6f541cd4
                                                                  0x6f541cc8
                                                                  0x6f541cc9
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x6f541ccb
                                                                  0x00000000
                                                                  0x6f541b83
                                                                  0x6f541b83
                                                                  0x6f541b86
                                                                  0x00000000
                                                                  0x6f541b86
                                                                  0x6f541b7d
                                                                  0x6f541b6b
                                                                  0x6f541b6f
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x6f541b71
                                                                  0x6f541b74
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x6f541b74
                                                                  0x6f541b05
                                                                  0x6f541b08
                                                                  0x6f541b3e
                                                                  0x6f541b41
                                                                  0x00000000
                                                                  0x6f541b47
                                                                  0x6f541b49
                                                                  0x6f541b4d
                                                                  0x6f541b54
                                                                  0x6f541b5b
                                                                  0x6f541b5e
                                                                  0x6f541b61
                                                                  0x00000000
                                                                  0x6f541b61
                                                                  0x6f541b41
                                                                  0x6f541b0a
                                                                  0x6f541b0b
                                                                  0x6f541b26
                                                                  0x6f541b29
                                                                  0x00000000
                                                                  0x6f541b2f
                                                                  0x6f541b2f
                                                                  0x6f541b36
                                                                  0x6f541b39
                                                                  0x00000000
                                                                  0x6f541b39
                                                                  0x6f541b29
                                                                  0x6f541b10
                                                                  0x00000000
                                                                  0x6f541b16
                                                                  0x6f541b16
                                                                  0x6f541b1d
                                                                  0x00000000
                                                                  0x6f541b1d
                                                                  0x6f541b10
                                                                  0x6f541d09
                                                                  0x6f541d0e
                                                                  0x6f541d13
                                                                  0x6f541d17
                                                                  0x6f5421c6
                                                                  0x6f5421cc
                                                                  0x6f541d29
                                                                  0x6f541d2b
                                                                  0x6f541d2c
                                                                  0x6f5420f1
                                                                  0x6f5420f1
                                                                  0x6f5420f4
                                                                  0x6f5420f7
                                                                  0x6f542114
                                                                  0x6f54211a
                                                                  0x6f54211c
                                                                  0x6f542122
                                                                  0x6f542139
                                                                  0x6f542139
                                                                  0x6f542139
                                                                  0x6f542146
                                                                  0x6f54214c
                                                                  0x6f54214f
                                                                  0x6f542155
                                                                  0x6f542157
                                                                  0x6f54215a
                                                                  0x6f54215c
                                                                  0x6f542163
                                                                  0x6f542168
                                                                  0x6f54216b
                                                                  0x6f54216d
                                                                  0x6f542172
                                                                  0x6f542184
                                                                  0x6f542184
                                                                  0x6f542172
                                                                  0x6f54216b
                                                                  0x6f54215a
                                                                  0x6f54218a
                                                                  0x6f54218d
                                                                  0x6f542197
                                                                  0x6f54219f
                                                                  0x6f5421ab
                                                                  0x6f5421b1
                                                                  0x6f5421b4
                                                                  0x6f5420e6
                                                                  0x6f5420e6
                                                                  0x00000000
                                                                  0x6f5420e6
                                                                  0x6f5421ba
                                                                  0x6f5421c0
                                                                  0x6f5421c0
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x6f5421c2
                                                                  0x6f5421c2
                                                                  0x6f5421c2
                                                                  0x6f5421c2
                                                                  0x00000000
                                                                  0x6f54218f
                                                                  0x6f54218f
                                                                  0x6f542195
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x6f542195
                                                                  0x6f54218d
                                                                  0x6f542125
                                                                  0x6f54212b
                                                                  0x6f54212d
                                                                  0x6f542133
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x6f542133
                                                                  0x6f5420f9
                                                                  0x6f542100
                                                                  0x6f542106
                                                                  0x6f54210c
                                                                  0x00000000
                                                                  0x6f54210c
                                                                  0x6f541d32
                                                                  0x6f541d33
                                                                  0x6f5420d0
                                                                  0x6f5420d0
                                                                  0x6f5420d6
                                                                  0x6f5420d9
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x6f5420e0
                                                                  0x6f5420e5
                                                                  0x00000000
                                                                  0x6f5420e5
                                                                  0x6f541d3a
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x6f541d40
                                                                  0x6f541d40
                                                                  0x6f541d49
                                                                  0x6f541d4e
                                                                  0x6f541d54
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x6f541d5a
                                                                  0x6f541d67
                                                                  0x6f541d6d
                                                                  0x6f541d77
                                                                  0x6f541d7d
                                                                  0x6f541d85
                                                                  0x6f541d95
                                                                  0x00000000
                                                                  0x6f541d95

                                                                  APIs
                                                                    • Part of subcall function 6F541215: GlobalAlloc.KERNEL32(00000040,6F541233,?,6F5412CF,-6F54404B,6F5411AB,-000000A0), ref: 6F54121D
                                                                  • GlobalAlloc.KERNEL32(00000040,000014A4), ref: 6F541BC4
                                                                  • lstrcpyA.KERNEL32(00000008,?), ref: 6F541C0C
                                                                  • lstrcpyA.KERNEL32(00000408,?), ref: 6F541C16
                                                                  • GlobalFree.KERNEL32 ref: 6F541C29
                                                                  • GlobalFree.KERNEL32 ref: 6F541D09
                                                                  • GlobalFree.KERNEL32 ref: 6F541D0E
                                                                  • GlobalFree.KERNEL32 ref: 6F541D13
                                                                  • GlobalFree.KERNEL32 ref: 6F541EFA
                                                                  • lstrcpyA.KERNEL32(?,?), ref: 6F542098
                                                                  • GetModuleHandleA.KERNEL32(00000008), ref: 6F542114
                                                                  • LoadLibraryA.KERNEL32(00000008), ref: 6F542125
                                                                  • GetProcAddress.KERNEL32(?,?), ref: 6F54217E
                                                                  • lstrlenA.KERNEL32(00000408), ref: 6F542198
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.692110359.000000006F541000.00000020.00000001.01000000.00000005.sdmp, Offset: 6F540000, based on PE: true
                                                                  • Associated: 00000000.00000002.692101817.000000006F540000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                  • Associated: 00000000.00000002.692119078.000000006F543000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                  • Associated: 00000000.00000002.692127055.000000006F545000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6f540000_SetupWIService.jbxd
                                                                  Similarity
                                                                  • API ID: Global$Free$lstrcpy$Alloc$AddressHandleLibraryLoadModuleProclstrlen
                                                                  • String ID: Nqt
                                                                  • API String ID: 245916457-806837294
                                                                  • Opcode ID: 9bfecfe727fddb3ad68e4ac450ca34d7ed29affe263004034a080aa75745e1f7
                                                                  • Instruction ID: 013c5400f5604ea7c9c5267c7083e34445002aad59c17b43f30d9ada671fd5a0
                                                                  • Opcode Fuzzy Hash: 9bfecfe727fddb3ad68e4ac450ca34d7ed29affe263004034a080aa75745e1f7
                                                                  • Instruction Fuzzy Hash: A6228D7194461ADEDB12CFB8C9847EDBBF0BF06315F204A3AD1A9E6180DB746D61CB90
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 00404530 Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 274stringCOMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 78%
                                                                  			E00404530(unsigned int __edx, struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, intOrPtr _a16) {
				signed int _v8;
				signed int _v12;
				long _v16;
				long _v20;
				long _v24;
				char _v28;
				intOrPtr _v32;
				long _v36;
				char _v40;
				unsigned int _v44;
				signed int _v48;
				CHAR* _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				CHAR* _v72;
				void _v76;
				struct HWND__* _v80;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t82;
				long _t87;
				signed char* _t89;
				void* _t95;
				signed int _t96;
				int _t109;
				signed char _t114;
				signed int _t118;
				struct HWND__** _t122;
				intOrPtr* _t138;
				CHAR* _t146;
				intOrPtr _t147;
				unsigned int _t150;
				signed int _t152;
				unsigned int _t156;
				signed int _t158;
				signed int* _t159;
				signed char* _t160;
				struct HWND__* _t165;
				struct HWND__* _t166;
				int _t168;
				unsigned int _t197;
				void* _t205;

				_t156 = __edx;
				_t82 =  *0x42a048; // 0x829e04
				_v32 = _t82;
				_t146 = ( *(_t82 + 0x3c) << 0xa) + 0x430000;
				_v12 =  *((intOrPtr*)(_t82 + 0x38));
				if(_a8 == 0x40b) {
					E00405710(0x3fb, _t146);
					E0040627A(_t146);
				}
				_t166 = _a4;
				if(_a8 != 0x110) {
					L8:
					if(_a8 != 0x111) {
						L20:
						if(_a8 == 0x40f) {
							L22:
							_v8 = _v8 & 0x00000000;
							_v12 = _v12 & 0x00000000;
							E00405710(0x3fb, _t146);
							if(E00405A96(_t185, _t146) == 0) {
								_v8 = 1;
							}
							E00406010(0x429840, _t146);
							_t87 = E004063A8(1);
							_v16 = _t87;
							if(_t87 == 0) {
								L30:
								E00406010(0x429840, _t146);
								_t89 = E00405A41(0x429840);
								_t158 = 0;
								if(_t89 != 0) {
									 *_t89 =  *_t89 & 0x00000000;
								}
								if(GetDiskFreeSpaceA(0x429840,  &_v20,  &_v24,  &_v16,  &_v36) == 0) {
									goto L35;
								} else {
									_t168 = 0x400;
									_t109 = MulDiv(_v20 * _v24, _v16, 0x400);
									asm("cdq");
									_v48 = _t109;
									_v44 = _t156;
									_v12 = 1;
									goto L36;
								}
							} else {
								_t159 = 0;
								if(0 == 0x429840) {
									goto L30;
								} else {
									goto L26;
								}
								while(1) {
									L26:
									_t114 = _v16(0x429840,  &_v48,  &_v28,  &_v40);
									if(_t114 != 0) {
										break;
									}
									if(_t159 != 0) {
										 *_t159 =  *_t159 & _t114;
									}
									_t160 = E004059EF(0x429840);
									 *_t160 =  *_t160 & 0x00000000;
									_t159 = _t160 - 1;
									 *_t159 = 0x5c;
									if(_t159 != 0x429840) {
										continue;
									} else {
										goto L30;
									}
								}
								_t150 = _v44;
								_v48 = (_t150 << 0x00000020 | _v48) >> 0xa;
								_v44 = _t150 >> 0xa;
								_v12 = 1;
								_t158 = 0;
								__eflags = 0;
								L35:
								_t168 = 0x400;
								L36:
								_t95 = E004049C4(5);
								if(_v12 != _t158) {
									_t197 = _v44;
									if(_t197 <= 0 && (_t197 < 0 || _v48 < _t95)) {
										_v8 = 2;
									}
								}
								_t147 =  *0x42ebdc; // 0x82e563
								if( *((intOrPtr*)(_t147 + 0x10)) != _t158) {
									E004049AC(0x3ff, 0xfffffffb, _t95);
									if(_v12 == _t158) {
										SetDlgItemTextA(_a4, _t168, 0x429830);
									} else {
										E004048E7(_t168, 0xfffffffc, _v48, _v44);
									}
								}
								_t96 = _v8;
								 *0x42f4c4 = _t96;
								if(_t96 == _t158) {
									_v8 = E0040140B(7);
								}
								if(( *(_v32 + 0x14) & _t168) != 0) {
									_v8 = _t158;
								}
								E004040C0(0 | _v8 == _t158);
								if(_v8 == _t158) {
									_t205 =  *0x42a860 - _t158; // 0x0
									if(_t205 == 0) {
										E00404489();
									}
								}
								 *0x42a860 = _t158;
								goto L53;
							}
						}
						_t185 = _a8 - 0x405;
						if(_a8 != 0x405) {
							goto L53;
						}
						goto L22;
					}
					_t118 = _a12 & 0x0000ffff;
					if(_t118 != 0x3fb) {
						L12:
						if(_t118 == 0x3e9) {
							_t152 = 7;
							memset( &_v76, 0, _t152 << 2);
							_v80 = _t166;
							_v72 = 0x42a870;
							_v60 = E00404881;
							_v56 = _t146;
							_v68 = E00406032(_t146, 0x42a870, _t166, 0x429c48, _v12);
							_t122 =  &_v80;
							_v64 = 0x41;
							__imp__SHBrowseForFolderA(_t122);
							if(_t122 == 0) {
								_a8 = 0x40f;
							} else {
								__imp__CoTaskMemFree(_t122);
								E004059A8(_t146);
								_t125 =  *((intOrPtr*)( *0x42f414 + 0x11c));
								if( *((intOrPtr*)( *0x42f414 + 0x11c)) != 0 && _t146 == "C:\\Program Files (x86)\\Wildix\\WIService") {
									E00406032(_t146, 0x42a870, _t166, 0, _t125);
									if(lstrcmpiA(0x42e3a0, 0x42a870) != 0) {
										lstrcatA(_t146, 0x42e3a0);
									}
								}
								 *0x42a860 =  *0x42a860 + 1;
								SetDlgItemTextA(_t166, 0x3fb, _t146);
							}
						}
						goto L20;
					}
					if(_a12 >> 0x10 != 0x300) {
						goto L53;
					} else {
						_a8 = 0x40f;
						goto L12;
					}
				} else {
					_t165 = GetDlgItem(_t166, 0x3fb);
					if(E00405A15(_t146) != 0 && E00405A41(_t146) == 0) {
						E004059A8(_t146);
					}
					 *0x42ebd8 = _t166;
					SetWindowTextA(_t165, _t146);
					_push( *((intOrPtr*)(_a16 + 0x34)));
					_push(1);
					E0040409E(_t166);
					_push( *((intOrPtr*)(_a16 + 0x30)));
					_push(0x14);
					E0040409E(_t166);
					E004040D3(_t165);
					_t138 = E004063A8(7);
					if(_t138 == 0) {
						L53:
						return E00404105(_a8, _a12, _a16);
					} else {
						 *_t138(_t165, 1);
						goto L8;
					}
				}
			}















































                                                                  0x00404530
                                                                  0x00404536
                                                                  0x0040453c
                                                                  0x00404549
                                                                  0x00404557
                                                                  0x0040455a
                                                                  0x00404562
                                                                  0x00404568
                                                                  0x00404568
                                                                  0x00404574
                                                                  0x00404577
                                                                  0x004045e5
                                                                  0x004045ec
                                                                  0x004046c3
                                                                  0x004046ca
                                                                  0x004046d9
                                                                  0x004046d9
                                                                  0x004046dd
                                                                  0x004046e7
                                                                  0x004046f4
                                                                  0x004046f6
                                                                  0x004046f6
                                                                  0x00404704
                                                                  0x0040470b
                                                                  0x00404712
                                                                  0x00404715
                                                                  0x0040474c
                                                                  0x0040474e
                                                                  0x00404754
                                                                  0x00404759
                                                                  0x0040475d
                                                                  0x0040475f
                                                                  0x0040475f
                                                                  0x0040477b
                                                                  0x00000000
                                                                  0x0040477d
                                                                  0x00404780
                                                                  0x0040478e
                                                                  0x00404794
                                                                  0x00404795
                                                                  0x00404798
                                                                  0x0040479b
                                                                  0x00000000
                                                                  0x0040479b
                                                                  0x00404717
                                                                  0x00404719
                                                                  0x0040471d
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x0040471f
                                                                  0x0040471f
                                                                  0x0040472c
                                                                  0x00404731
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00404735
                                                                  0x00404737
                                                                  0x00404737
                                                                  0x0040473f
                                                                  0x00404741
                                                                  0x00404744
                                                                  0x00404747
                                                                  0x0040474a
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x0040474a
                                                                  0x004047a7
                                                                  0x004047b1
                                                                  0x004047b4
                                                                  0x004047b7
                                                                  0x004047be
                                                                  0x004047be
                                                                  0x004047c0
                                                                  0x004047c0
                                                                  0x004047c5
                                                                  0x004047c7
                                                                  0x004047cf
                                                                  0x004047d6
                                                                  0x004047d8
                                                                  0x004047e3
                                                                  0x004047e3
                                                                  0x004047d8
                                                                  0x004047ea
                                                                  0x004047f3
                                                                  0x004047fd
                                                                  0x00404805
                                                                  0x00404820
                                                                  0x00404807
                                                                  0x00404810
                                                                  0x00404810
                                                                  0x00404805
                                                                  0x00404825
                                                                  0x0040482a
                                                                  0x0040482f
                                                                  0x00404838
                                                                  0x00404838
                                                                  0x00404841
                                                                  0x00404843
                                                                  0x00404843
                                                                  0x0040484f
                                                                  0x00404857
                                                                  0x00404859
                                                                  0x0040485f
                                                                  0x00404861
                                                                  0x00404861
                                                                  0x0040485f
                                                                  0x00404866
                                                                  0x00000000
                                                                  0x00404866
                                                                  0x00404715
                                                                  0x004046cc
                                                                  0x004046d3
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x004046d3
                                                                  0x004045f2
                                                                  0x004045fb
                                                                  0x00404615
                                                                  0x0040461a
                                                                  0x00404624
                                                                  0x0040462b
                                                                  0x00404637
                                                                  0x0040463a
                                                                  0x0040463d
                                                                  0x00404644
                                                                  0x0040464c
                                                                  0x0040464f
                                                                  0x00404653
                                                                  0x0040465a
                                                                  0x00404662
                                                                  0x004046bc
                                                                  0x00404664
                                                                  0x00404665
                                                                  0x0040466c
                                                                  0x00404676
                                                                  0x0040467e
                                                                  0x0040468b
                                                                  0x0040469f
                                                                  0x004046a3
                                                                  0x004046a3
                                                                  0x0040469f
                                                                  0x004046a8
                                                                  0x004046b5
                                                                  0x004046b5
                                                                  0x00404662
                                                                  0x00000000
                                                                  0x0040461a
                                                                  0x00404608
                                                                  0x00000000
                                                                  0x0040460e
                                                                  0x0040460e
                                                                  0x00000000
                                                                  0x0040460e
                                                                  0x00404579
                                                                  0x00404586
                                                                  0x0040458f
                                                                  0x0040459c
                                                                  0x0040459c
                                                                  0x004045a3
                                                                  0x004045a9
                                                                  0x004045b2
                                                                  0x004045b5
                                                                  0x004045b8
                                                                  0x004045c0
                                                                  0x004045c3
                                                                  0x004045c6
                                                                  0x004045cc
                                                                  0x004045d3
                                                                  0x004045da
                                                                  0x0040486c
                                                                  0x0040487e
                                                                  0x004045e0
                                                                  0x004045e3
                                                                  0x00000000
                                                                  0x004045e3
                                                                  0x004045da

                                                                  APIs
                                                                  • GetDlgItem.USER32 ref: 0040457F
                                                                  • SetWindowTextA.USER32(00000000,?), ref: 004045A9
                                                                  • SHBrowseForFolderA.SHELL32(?,00429C48,?), ref: 0040465A
                                                                  • CoTaskMemFree.OLE32(00000000), ref: 00404665
                                                                  • lstrcmpiA.KERNEL32(: Completed,Wildix WIService v2.15.2 Setup: Completed,00000000,?,?), ref: 00404697
                                                                  • lstrcatA.KERNEL32(?,: Completed), ref: 004046A3
                                                                  • SetDlgItemTextA.USER32 ref: 004046B5
                                                                    • Part of subcall function 00405710: GetDlgItemTextA.USER32 ref: 00405723
                                                                    • Part of subcall function 0040627A: CharNextA.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\SetupWIService.exe",7476FA90,C:\Users\user\AppData\Local\Temp\,00000000,00403246,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040347D,?,00000006,00000008,0000000A), ref: 004062D2
                                                                    • Part of subcall function 0040627A: CharNextA.USER32(?,?,?,00000000,?,00000006,00000008,0000000A), ref: 004062DF
                                                                    • Part of subcall function 0040627A: CharNextA.USER32(?,"C:\Users\user\Desktop\SetupWIService.exe",7476FA90,C:\Users\user\AppData\Local\Temp\,00000000,00403246,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040347D,?,00000006,00000008,0000000A), ref: 004062E4
                                                                    • Part of subcall function 0040627A: CharPrevA.USER32(?,?,7476FA90,C:\Users\user\AppData\Local\Temp\,00000000,00403246,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040347D,?,00000006,00000008,0000000A), ref: 004062F4
                                                                  • GetDiskFreeSpaceA.KERNEL32(00429840,?,?,0000040F,?,00429840,00429840,?,00000001,00429840,?,?,000003FB,?), ref: 00404773
                                                                  • MulDiv.KERNEL32(?,0000040F,00000400), ref: 0040478E
                                                                    • Part of subcall function 004048E7: lstrlenA.KERNEL32(Wildix WIService v2.15.2 Setup: Completed,Wildix WIService v2.15.2 Setup: Completed,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,00404802,000000DF,00000000,00000400,?), ref: 00404985
                                                                    • Part of subcall function 004048E7: wsprintfA.USER32 ref: 0040498D
                                                                    • Part of subcall function 004048E7: SetDlgItemTextA.USER32 ref: 004049A0
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.691031265.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.691022035.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691058909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691080261.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691237627.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691253951.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691263137.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691442975.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                  Similarity
                                                                  • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                                  • String ID: : Completed$A$C:\Program Files (x86)\Wildix\WIService$Wildix WIService v2.15.2 Setup: Completed
                                                                  • API String ID: 2624150263-1400710911
                                                                  • Opcode ID: f8c5b323b79a30612e5f20638997160abd30a80c2805ffb51c5d0b55a3138d2a
                                                                  • Instruction ID: 05eea3de79cf24fe9bb33e9012793c4f482d3b98f46f23a5f19240ee3c7d349e
                                                                  • Opcode Fuzzy Hash: f8c5b323b79a30612e5f20638997160abd30a80c2805ffb51c5d0b55a3138d2a
                                                                  • Instruction Fuzzy Hash: 78A160B1900218ABDB11AFA6CD45AAF77B8AF85314F14843BF601B62D1D77C8A418B6D
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 004067ED Relevance: .3, Instructions: 334COMMONCrypto
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 79%
                                                                  			E004067ED(signed int __ebx, signed int* __esi) {
				signed int _t396;
				signed int _t425;
				signed int _t442;
				signed int _t443;
				signed int* _t446;
				void* _t448;

				L0:
				while(1) {
					L0:
					_t446 = __esi;
					_t425 = __ebx;
					if( *(_t448 - 0x34) == 0) {
						break;
					}
					L55:
					__eax =  *(__ebp - 0x38);
					 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
					__ecx = __ebx;
					 *( *(__ebp - 0x38)) & 0x000000ff = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
					 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
					 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
					__ebx = __ebx + 8;
					while(1) {
						L56:
						if(__ebx < 0xe) {
							goto L0;
						}
						L57:
						__eax =  *(__ebp - 0x40);
						__eax =  *(__ebp - 0x40) & 0x00003fff;
						__ecx = __eax;
						__esi[1] = __eax;
						__ecx = __eax & 0x0000001f;
						if(__cl > 0x1d) {
							L9:
							_t443 = _t442 | 0xffffffff;
							 *_t446 = 0x11;
							L10:
							_t446[0x147] =  *(_t448 - 0x40);
							_t446[0x146] = _t425;
							( *(_t448 + 8))[1] =  *(_t448 - 0x34);
							L11:
							 *( *(_t448 + 8)) =  *(_t448 - 0x38);
							_t446[0x26ea] =  *(_t448 - 0x30);
							E00406F5C( *(_t448 + 8));
							return _t443;
						}
						L58:
						__eax = __eax & 0x000003e0;
						if(__eax > 0x3a0) {
							goto L9;
						}
						L59:
						 *(__ebp - 0x40) =  *(__ebp - 0x40) >> 0xe;
						__ebx = __ebx - 0xe;
						_t94 =  &(__esi[2]);
						 *_t94 = __esi[2] & 0x00000000;
						 *__esi = 0xc;
						while(1) {
							L60:
							__esi[1] = __esi[1] >> 0xa;
							__eax = (__esi[1] >> 0xa) + 4;
							if(__esi[2] >= (__esi[1] >> 0xa) + 4) {
								goto L68;
							}
							L61:
							while(1) {
								L64:
								if(__ebx >= 3) {
									break;
								}
								L62:
								if( *(__ebp - 0x34) == 0) {
									goto L182;
								}
								L63:
								__eax =  *(__ebp - 0x38);
								 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
								__ecx = __ebx;
								 *( *(__ebp - 0x38)) & 0x000000ff = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
								 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
								 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
								__ebx = __ebx + 8;
							}
							L65:
							__ecx = __esi[2];
							 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000007;
							__ebx = __ebx - 3;
							_t108 = __ecx + 0x408400; // 0x121110
							__ecx =  *_t108;
							 *(__ebp - 0x40) =  *(__ebp - 0x40) >> 3;
							 *(__esi + 0xc +  *_t108 * 4) =  *(__ebp - 0x40) & 0x00000007;
							__ecx = __esi[1];
							__esi[2] = __esi[2] + 1;
							__eax = __esi[2];
							__esi[1] >> 0xa = (__esi[1] >> 0xa) + 4;
							if(__esi[2] < (__esi[1] >> 0xa) + 4) {
								goto L64;
							}
							L66:
							while(1) {
								L68:
								if(__esi[2] >= 0x13) {
									break;
								}
								L67:
								_t119 = __esi[2] + 0x408400; // 0x4000300
								__eax =  *_t119;
								 *(__esi + 0xc +  *_t119 * 4) =  *(__esi + 0xc +  *_t119 * 4) & 0x00000000;
								_t126 =  &(__esi[2]);
								 *_t126 = __esi[2] + 1;
							}
							L69:
							__ecx = __ebp - 8;
							__edi =  &(__esi[0x143]);
							 &(__esi[0x148]) =  &(__esi[0x144]);
							__eax = 0;
							 *(__ebp - 8) = 0;
							__eax =  &(__esi[3]);
							 *__edi = 7;
							__eax = E00406FC4( &(__esi[3]), 0x13, 0x13, 0, 0,  &(__esi[0x144]), __edi,  &(__esi[0x148]), __ebp - 8);
							if(__eax != 0) {
								L72:
								 *__esi = 0x11;
								while(1) {
									L180:
									_t396 =  *_t446;
									if(_t396 > 0xf) {
										break;
									}
									L1:
									switch( *((intOrPtr*)(_t396 * 4 +  &M00406F1C))) {
										case 0:
											L101:
											__eax = __esi[4] & 0x000000ff;
											__esi[3] = __esi[4] & 0x000000ff;
											__eax = __esi[5];
											__esi[2] = __esi[5];
											 *__esi = 1;
											goto L102;
										case 1:
											L102:
											__eax = __esi[3];
											while(1) {
												L105:
												__eflags = __ebx - __eax;
												if(__ebx >= __eax) {
													break;
												}
												L103:
												__eflags =  *(__ebp - 0x34);
												if( *(__ebp - 0x34) == 0) {
													goto L182;
												}
												L104:
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
												__edx =  *( *(__ebp - 0x38)) & 0x000000ff;
												__ecx = __ebx;
												__edx = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
												__ebx = __ebx + 8;
												__eflags = __ebx;
											}
											L106:
											__eax =  *(0x40a3e8 + __eax * 2) & 0x0000ffff;
											__eax = __eax &  *(__ebp - 0x40);
											__ecx = __esi[2];
											__eax = __esi[2] + __eax * 4;
											__ecx =  *(__eax + 1) & 0x000000ff;
											 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
											__ebx = __ebx - ( *(__eax + 1) & 0x000000ff);
											__ecx =  *__eax & 0x000000ff;
											__eflags = __ecx;
											if(__ecx != 0) {
												L108:
												__eflags = __cl & 0x00000010;
												if((__cl & 0x00000010) == 0) {
													L110:
													__eflags = __cl & 0x00000040;
													if((__cl & 0x00000040) == 0) {
														goto L125;
													}
													L111:
													__eflags = __cl & 0x00000020;
													if((__cl & 0x00000020) == 0) {
														goto L9;
													}
													L112:
													 *__esi = 7;
													goto L180;
												}
												L109:
												__esi[2] = __ecx;
												__esi[1] = __eax;
												 *__esi = 2;
												goto L180;
											}
											L107:
											__esi[2] = __eax;
											 *__esi = 6;
											goto L180;
										case 2:
											L113:
											__eax = __esi[2];
											while(1) {
												L116:
												__eflags = __ebx - __eax;
												if(__ebx >= __eax) {
													break;
												}
												L114:
												__eflags =  *(__ebp - 0x34);
												if( *(__ebp - 0x34) == 0) {
													goto L182;
												}
												L115:
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
												__edx =  *( *(__ebp - 0x38)) & 0x000000ff;
												__ecx = __ebx;
												__edx = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
												__ebx = __ebx + 8;
												__eflags = __ebx;
											}
											L117:
											 *(0x40a3e8 + __eax * 2) & 0x0000ffff =  *(0x40a3e8 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40);
											__esi[1] = __esi[1] + ( *(0x40a3e8 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40));
											__ecx = __eax;
											 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
											__ebx = __ebx - __eax;
											__eflags = __ebx;
											__eax = __esi[4] & 0x000000ff;
											__esi[3] = __esi[4] & 0x000000ff;
											__eax = __esi[6];
											__esi[2] = __esi[6];
											 *__esi = 3;
											goto L118;
										case 3:
											L118:
											__eax = __esi[3];
											while(1) {
												L121:
												__eflags = __ebx - __eax;
												if(__ebx >= __eax) {
													break;
												}
												L119:
												__eflags =  *(__ebp - 0x34);
												if( *(__ebp - 0x34) == 0) {
													goto L182;
												}
												L120:
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
												__edx =  *( *(__ebp - 0x38)) & 0x000000ff;
												__ecx = __ebx;
												__edx = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
												__ebx = __ebx + 8;
												__eflags = __ebx;
											}
											L122:
											__eax =  *(0x40a3e8 + __eax * 2) & 0x0000ffff;
											__eax = __eax &  *(__ebp - 0x40);
											__ecx = __esi[2];
											__eax = __esi[2] + __eax * 4;
											__ecx =  *(__eax + 1) & 0x000000ff;
											 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
											__ebx = __ebx - ( *(__eax + 1) & 0x000000ff);
											__ecx =  *__eax & 0x000000ff;
											__eflags = __cl & 0x00000010;
											if((__cl & 0x00000010) == 0) {
												L124:
												__eflags = __cl & 0x00000040;
												if((__cl & 0x00000040) != 0) {
													goto L9;
												}
												L125:
												__esi[3] = __ecx;
												__ecx =  *(__eax + 2) & 0x0000ffff;
												__esi[2] = __eax;
												goto L180;
											}
											L123:
											__esi[2] = __ecx;
											__esi[3] = __eax;
											 *__esi = 4;
											goto L180;
										case 4:
											L126:
											__eax = __esi[2];
											while(1) {
												L129:
												__eflags = __ebx - __eax;
												if(__ebx >= __eax) {
													break;
												}
												L127:
												__eflags =  *(__ebp - 0x34);
												if( *(__ebp - 0x34) == 0) {
													goto L182;
												}
												L128:
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
												__edx =  *( *(__ebp - 0x38)) & 0x000000ff;
												__ecx = __ebx;
												__edx = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
												__ebx = __ebx + 8;
												__eflags = __ebx;
											}
											L130:
											 *(0x40a3e8 + __eax * 2) & 0x0000ffff =  *(0x40a3e8 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40);
											__esi[3] = __esi[3] + ( *(0x40a3e8 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40));
											__ecx = __eax;
											 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
											__ebx = __ebx - __eax;
											__eflags = __ebx;
											 *__esi = 5;
											goto L131;
										case 5:
											L131:
											__eax =  *(__ebp - 0x30);
											__edx = __esi[3];
											__eax = __eax - __esi;
											__ecx = __eax - __esi - 0x1ba0;
											__eflags = __eax - __esi - 0x1ba0 - __edx;
											if(__eax - __esi - 0x1ba0 >= __edx) {
												__ecx = __eax;
												__ecx = __eax - __edx;
												__eflags = __ecx;
											} else {
												__esi[0x26e8] = __esi[0x26e8] - __edx;
												__ecx = __esi[0x26e8] - __edx - __esi;
												__ecx = __esi[0x26e8] - __edx - __esi + __eax - 0x1ba0;
											}
											__eflags = __esi[1];
											 *(__ebp - 0x20) = __ecx;
											if(__esi[1] != 0) {
												L135:
												__edi =  *(__ebp - 0x2c);
												do {
													L136:
													__eflags = __edi;
													if(__edi != 0) {
														goto L152;
													}
													L137:
													__edi = __esi[0x26e8];
													__eflags = __eax - __edi;
													if(__eax != __edi) {
														L143:
														__esi[0x26ea] = __eax;
														__eax = E00406F5C( *((intOrPtr*)(__ebp + 8)));
														__eax = __esi[0x26ea];
														__ecx = __esi[0x26e9];
														__eflags = __eax - __ecx;
														 *(__ebp - 0x30) = __eax;
														if(__eax >= __ecx) {
															__edi = __esi[0x26e8];
															__edi = __esi[0x26e8] - __eax;
															__eflags = __edi;
														} else {
															__ecx = __ecx - __eax;
															__edi = __ecx - __eax - 1;
														}
														__edx = __esi[0x26e8];
														__eflags = __eax - __edx;
														 *(__ebp - 8) = __edx;
														if(__eax == __edx) {
															__edx =  &(__esi[0x6e8]);
															__eflags = __ecx - __edx;
															if(__ecx != __edx) {
																__eax = __edx;
																__eflags = __eax - __ecx;
																 *(__ebp - 0x30) = __eax;
																if(__eax >= __ecx) {
																	__edi =  *(__ebp - 8);
																	__edi =  *(__ebp - 8) - __eax;
																	__eflags = __edi;
																} else {
																	__ecx = __ecx - __eax;
																	__edi = __ecx;
																}
															}
														}
														__eflags = __edi;
														if(__edi == 0) {
															goto L183;
														} else {
															goto L152;
														}
													}
													L138:
													__ecx = __esi[0x26e9];
													__edx =  &(__esi[0x6e8]);
													__eflags = __ecx - __edx;
													if(__ecx == __edx) {
														goto L143;
													}
													L139:
													__eax = __edx;
													__eflags = __eax - __ecx;
													if(__eax >= __ecx) {
														__edi = __edi - __eax;
														__eflags = __edi;
													} else {
														__ecx = __ecx - __eax;
														__edi = __ecx;
													}
													__eflags = __edi;
													if(__edi == 0) {
														goto L143;
													}
													L152:
													__ecx =  *(__ebp - 0x20);
													 *__eax =  *__ecx;
													__eax = __eax + 1;
													__ecx = __ecx + 1;
													__edi = __edi - 1;
													__eflags = __ecx - __esi[0x26e8];
													 *(__ebp - 0x30) = __eax;
													 *(__ebp - 0x20) = __ecx;
													 *(__ebp - 0x2c) = __edi;
													if(__ecx == __esi[0x26e8]) {
														__ecx =  &(__esi[0x6e8]);
														 *(__ebp - 0x20) =  &(__esi[0x6e8]);
													}
													_t357 =  &(__esi[1]);
													 *_t357 = __esi[1] - 1;
													__eflags =  *_t357;
												} while ( *_t357 != 0);
											}
											goto L23;
										case 6:
											L156:
											__eax =  *(__ebp - 0x2c);
											__edi =  *(__ebp - 0x30);
											__eflags = __eax;
											if(__eax != 0) {
												L172:
												__cl = __esi[2];
												 *__edi = __cl;
												__edi = __edi + 1;
												__eax = __eax - 1;
												 *(__ebp - 0x30) = __edi;
												 *(__ebp - 0x2c) = __eax;
												goto L23;
											}
											L157:
											__ecx = __esi[0x26e8];
											__eflags = __edi - __ecx;
											if(__edi != __ecx) {
												L163:
												__esi[0x26ea] = __edi;
												__eax = E00406F5C( *((intOrPtr*)(__ebp + 8)));
												__edi = __esi[0x26ea];
												__ecx = __esi[0x26e9];
												__eflags = __edi - __ecx;
												 *(__ebp - 0x30) = __edi;
												if(__edi >= __ecx) {
													__eax = __esi[0x26e8];
													__eax = __esi[0x26e8] - __edi;
													__eflags = __eax;
												} else {
													__ecx = __ecx - __edi;
													__eax = __ecx - __edi - 1;
												}
												__edx = __esi[0x26e8];
												__eflags = __edi - __edx;
												 *(__ebp - 8) = __edx;
												if(__edi == __edx) {
													__edx =  &(__esi[0x6e8]);
													__eflags = __ecx - __edx;
													if(__ecx != __edx) {
														__edi = __edx;
														__eflags = __edi - __ecx;
														 *(__ebp - 0x30) = __edi;
														if(__edi >= __ecx) {
															__eax =  *(__ebp - 8);
															__eax =  *(__ebp - 8) - __edi;
															__eflags = __eax;
														} else {
															__ecx = __ecx - __edi;
															__eax = __ecx;
														}
													}
												}
												__eflags = __eax;
												if(__eax == 0) {
													goto L183;
												} else {
													goto L172;
												}
											}
											L158:
											__eax = __esi[0x26e9];
											__edx =  &(__esi[0x6e8]);
											__eflags = __eax - __edx;
											if(__eax == __edx) {
												goto L163;
											}
											L159:
											__edi = __edx;
											__eflags = __edi - __eax;
											if(__edi >= __eax) {
												__ecx = __ecx - __edi;
												__eflags = __ecx;
												__eax = __ecx;
											} else {
												__eax = __eax - __edi;
												__eax = __eax - 1;
											}
											__eflags = __eax;
											if(__eax != 0) {
												goto L172;
											} else {
												goto L163;
											}
										case 7:
											L173:
											__eflags = __ebx - 7;
											if(__ebx > 7) {
												__ebx = __ebx - 8;
												 *(__ebp - 0x34) =  *(__ebp - 0x34) + 1;
												_t380 = __ebp - 0x38;
												 *_t380 =  *(__ebp - 0x38) - 1;
												__eflags =  *_t380;
											}
											goto L175;
										case 8:
											L4:
											while(_t425 < 3) {
												if( *(_t448 - 0x34) == 0) {
													goto L182;
												} else {
													 *(_t448 - 0x34) =  *(_t448 - 0x34) - 1;
													 *(_t448 - 0x40) =  *(_t448 - 0x40) | ( *( *(_t448 - 0x38)) & 0x000000ff) << _t425;
													 *(_t448 - 0x38) =  &(( *(_t448 - 0x38))[1]);
													_t425 = _t425 + 8;
													continue;
												}
											}
											_t425 = _t425 - 3;
											 *(_t448 - 0x40) =  *(_t448 - 0x40) >> 3;
											_t406 =  *(_t448 - 0x40) & 0x00000007;
											asm("sbb ecx, ecx");
											_t408 = _t406 >> 1;
											_t446[0x145] = ( ~(_t406 & 0x00000001) & 0x00000007) + 8;
											if(_t408 == 0) {
												L24:
												 *_t446 = 9;
												_t436 = _t425 & 0x00000007;
												 *(_t448 - 0x40) =  *(_t448 - 0x40) >> _t436;
												_t425 = _t425 - _t436;
												goto L180;
											}
											L6:
											_t411 = _t408 - 1;
											if(_t411 == 0) {
												L13:
												__eflags =  *0x42e388;
												if( *0x42e388 != 0) {
													L22:
													_t412 =  *0x40a40c; // 0x9
													_t446[4] = _t412;
													_t413 =  *0x40a410; // 0x5
													_t446[4] = _t413;
													_t414 =  *0x42d204; // 0x0
													_t446[5] = _t414;
													_t415 =  *0x42d200; // 0x0
													_t446[6] = _t415;
													L23:
													 *_t446 =  *_t446 & 0x00000000;
													goto L180;
												} else {
													_t26 = _t448 - 8;
													 *_t26 =  *(_t448 - 8) & 0x00000000;
													__eflags =  *_t26;
													_t416 = 0x42d208;
													goto L15;
													L20:
													 *_t416 = _t438;
													_t416 = _t416 + 4;
													__eflags = _t416 - 0x42d688;
													if(_t416 < 0x42d688) {
														L15:
														__eflags = _t416 - 0x42d444;
														_t438 = 8;
														if(_t416 > 0x42d444) {
															__eflags = _t416 - 0x42d608;
															if(_t416 >= 0x42d608) {
																__eflags = _t416 - 0x42d668;
																if(_t416 < 0x42d668) {
																	_t438 = 7;
																}
															} else {
																_t438 = 9;
															}
														}
														goto L20;
													} else {
														E00406FC4(0x42d208, 0x120, 0x101, 0x408414, 0x408454, 0x42d204, 0x40a40c, 0x42db08, _t448 - 8);
														_push(0x1e);
														_pop(_t440);
														_push(5);
														_pop(_t419);
														memset(0x42d208, _t419, _t440 << 2);
														_t450 = _t450 + 0xc;
														_t442 = 0x42d208 + _t440;
														E00406FC4(0x42d208, 0x1e, 0, 0x408494, 0x4084d0, 0x42d200, 0x40a410, 0x42db08, _t448 - 8);
														 *0x42e388 =  *0x42e388 + 1;
														__eflags =  *0x42e388;
														goto L22;
													}
												}
											}
											L7:
											_t423 = _t411 - 1;
											if(_t423 == 0) {
												 *_t446 = 0xb;
												goto L180;
											}
											L8:
											if(_t423 != 1) {
												goto L180;
											}
											goto L9;
										case 9:
											while(1) {
												L27:
												__eflags = __ebx - 0x20;
												if(__ebx >= 0x20) {
													break;
												}
												L25:
												__eflags =  *(__ebp - 0x34);
												if( *(__ebp - 0x34) == 0) {
													goto L182;
												}
												L26:
												__eax =  *(__ebp - 0x38);
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
												__ecx = __ebx;
												 *( *(__ebp - 0x38)) & 0x000000ff = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
												__ebx = __ebx + 8;
												__eflags = __ebx;
											}
											L28:
											__eax =  *(__ebp - 0x40);
											__ebx = 0;
											__eax =  *(__ebp - 0x40) & 0x0000ffff;
											 *(__ebp - 0x40) = 0;
											__eflags = __eax;
											__esi[1] = __eax;
											if(__eax == 0) {
												goto L53;
											}
											L29:
											_push(0xa);
											_pop(__eax);
											goto L54;
										case 0xa:
											L30:
											__eflags =  *(__ebp - 0x34);
											if( *(__ebp - 0x34) == 0) {
												goto L182;
											}
											L31:
											__eax =  *(__ebp - 0x2c);
											__eflags = __eax;
											if(__eax != 0) {
												L48:
												__eflags = __eax -  *(__ebp - 0x34);
												if(__eax >=  *(__ebp - 0x34)) {
													__eax =  *(__ebp - 0x34);
												}
												__ecx = __esi[1];
												__eflags = __ecx - __eax;
												__edi = __ecx;
												if(__ecx >= __eax) {
													__edi = __eax;
												}
												__eax = E00405B64( *(__ebp - 0x30),  *(__ebp - 0x38), __edi);
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + __edi;
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - __edi;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __edi;
												 *(__ebp - 0x2c) =  *(__ebp - 0x2c) - __edi;
												_t80 =  &(__esi[1]);
												 *_t80 = __esi[1] - __edi;
												__eflags =  *_t80;
												if( *_t80 == 0) {
													L53:
													__eax = __esi[0x145];
													L54:
													 *__esi = __eax;
												}
												goto L180;
											}
											L32:
											__ecx = __esi[0x26e8];
											__edx =  *(__ebp - 0x30);
											__eflags = __edx - __ecx;
											if(__edx != __ecx) {
												L38:
												__esi[0x26ea] = __edx;
												__eax = E00406F5C( *((intOrPtr*)(__ebp + 8)));
												__edx = __esi[0x26ea];
												__ecx = __esi[0x26e9];
												__eflags = __edx - __ecx;
												 *(__ebp - 0x30) = __edx;
												if(__edx >= __ecx) {
													__eax = __esi[0x26e8];
													__eax = __esi[0x26e8] - __edx;
													__eflags = __eax;
												} else {
													__ecx = __ecx - __edx;
													__eax = __ecx - __edx - 1;
												}
												__edi = __esi[0x26e8];
												 *(__ebp - 0x2c) = __eax;
												__eflags = __edx - __edi;
												if(__edx == __edi) {
													__edx =  &(__esi[0x6e8]);
													__eflags = __edx - __ecx;
													if(__eflags != 0) {
														 *(__ebp - 0x30) = __edx;
														if(__eflags >= 0) {
															__edi = __edi - __edx;
															__eflags = __edi;
															__eax = __edi;
														} else {
															__ecx = __ecx - __edx;
															__eax = __ecx;
														}
														 *(__ebp - 0x2c) = __eax;
													}
												}
												__eflags = __eax;
												if(__eax == 0) {
													goto L183;
												} else {
													goto L48;
												}
											}
											L33:
											__eax = __esi[0x26e9];
											__edi =  &(__esi[0x6e8]);
											__eflags = __eax - __edi;
											if(__eax == __edi) {
												goto L38;
											}
											L34:
											__edx = __edi;
											__eflags = __edx - __eax;
											 *(__ebp - 0x30) = __edx;
											if(__edx >= __eax) {
												__ecx = __ecx - __edx;
												__eflags = __ecx;
												__eax = __ecx;
											} else {
												__eax = __eax - __edx;
												__eax = __eax - 1;
											}
											__eflags = __eax;
											 *(__ebp - 0x2c) = __eax;
											if(__eax != 0) {
												goto L48;
											} else {
												goto L38;
											}
										case 0xb:
											goto L56;
										case 0xc:
											L60:
											__esi[1] = __esi[1] >> 0xa;
											__eax = (__esi[1] >> 0xa) + 4;
											if(__esi[2] >= (__esi[1] >> 0xa) + 4) {
												goto L68;
											}
											goto L61;
										case 0xd:
											while(1) {
												L93:
												__eax = __esi[1];
												__ecx = __esi[2];
												__edx = __eax;
												__eax = __eax & 0x0000001f;
												__edx = __edx >> 5;
												__eax = __edx + __eax + 0x102;
												__eflags = __esi[2] - __eax;
												if(__esi[2] >= __eax) {
													break;
												}
												L73:
												__eax = __esi[0x143];
												while(1) {
													L76:
													__eflags = __ebx - __eax;
													if(__ebx >= __eax) {
														break;
													}
													L74:
													__eflags =  *(__ebp - 0x34);
													if( *(__ebp - 0x34) == 0) {
														goto L182;
													}
													L75:
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
													__edx =  *( *(__ebp - 0x38)) & 0x000000ff;
													__ecx = __ebx;
													__edx = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
													 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
													 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
													__ebx = __ebx + 8;
													__eflags = __ebx;
												}
												L77:
												__eax =  *(0x40a3e8 + __eax * 2) & 0x0000ffff;
												__eax = __eax &  *(__ebp - 0x40);
												__ecx = __esi[0x144];
												__eax = __esi[0x144] + __eax * 4;
												__edx =  *(__eax + 1) & 0x000000ff;
												__eax =  *(__eax + 2) & 0x0000ffff;
												__eflags = __eax - 0x10;
												 *(__ebp - 0x14) = __eax;
												if(__eax >= 0x10) {
													L79:
													__eflags = __eax - 0x12;
													if(__eax != 0x12) {
														__eax = __eax + 0xfffffff2;
														 *(__ebp - 8) = 3;
													} else {
														_push(7);
														 *(__ebp - 8) = 0xb;
														_pop(__eax);
													}
													while(1) {
														L84:
														__ecx = __eax + __edx;
														__eflags = __ebx - __eax + __edx;
														if(__ebx >= __eax + __edx) {
															break;
														}
														L82:
														__eflags =  *(__ebp - 0x34);
														if( *(__ebp - 0x34) == 0) {
															goto L182;
														}
														L83:
														__ecx =  *(__ebp - 0x38);
														 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
														__edi =  *( *(__ebp - 0x38)) & 0x000000ff;
														__ecx = __ebx;
														__edi = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
														 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
														 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
														__ebx = __ebx + 8;
														__eflags = __ebx;
													}
													L85:
													__ecx = __edx;
													__ebx = __ebx - __edx;
													 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
													 *(0x40a3e8 + __eax * 2) & 0x0000ffff =  *(0x40a3e8 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40);
													__edx =  *(__ebp - 8);
													__ebx = __ebx - __eax;
													__edx =  *(__ebp - 8) + ( *(0x40a3e8 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40));
													__ecx = __eax;
													__eax = __esi[1];
													 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
													__ecx = __esi[2];
													__eax = __eax >> 5;
													__edi = __eax >> 0x00000005 & 0x0000001f;
													__eax = __eax & 0x0000001f;
													__eax = __edi + __eax + 0x102;
													__edi = __edx + __ecx;
													__eflags = __edx + __ecx - __eax;
													if(__edx + __ecx > __eax) {
														goto L9;
													}
													L86:
													__eflags =  *(__ebp - 0x14) - 0x10;
													if( *(__ebp - 0x14) != 0x10) {
														L89:
														__edi = 0;
														__eflags = 0;
														L90:
														__eax = __esi + 0xc + __ecx * 4;
														do {
															L91:
															 *__eax = __edi;
															__ecx = __ecx + 1;
															__eax = __eax + 4;
															__edx = __edx - 1;
															__eflags = __edx;
														} while (__edx != 0);
														__esi[2] = __ecx;
														continue;
													}
													L87:
													__eflags = __ecx - 1;
													if(__ecx < 1) {
														goto L9;
													}
													L88:
													__edi =  *(__esi + 8 + __ecx * 4);
													goto L90;
												}
												L78:
												__ecx = __edx;
												__ebx = __ebx - __edx;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
												__ecx = __esi[2];
												 *(__esi + 0xc + __esi[2] * 4) = __eax;
												__esi[2] = __esi[2] + 1;
											}
											L94:
											__eax = __esi[1];
											__esi[0x144] = __esi[0x144] & 0x00000000;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) & 0x00000000;
											__edi = __eax;
											__eax = __eax >> 5;
											__edi = __edi & 0x0000001f;
											__ecx = 0x101;
											__eax = __eax & 0x0000001f;
											__edi = __edi + 0x101;
											__eax = __eax + 1;
											__edx = __ebp - 0xc;
											 *(__ebp - 0x14) = __eax;
											 &(__esi[0x148]) = __ebp - 4;
											 *(__ebp - 4) = 9;
											__ebp - 0x18 =  &(__esi[3]);
											 *(__ebp - 0x10) = 6;
											__eax = E00406FC4( &(__esi[3]), __edi, 0x101, 0x408414, 0x408454, __ebp - 0x18, __ebp - 4,  &(__esi[0x148]), __ebp - 0xc);
											__eflags =  *(__ebp - 4);
											if( *(__ebp - 4) == 0) {
												__eax = __eax | 0xffffffff;
												__eflags = __eax;
											}
											__eflags = __eax;
											if(__eax != 0) {
												goto L9;
											} else {
												L97:
												__ebp - 0xc =  &(__esi[0x148]);
												__ebp - 0x10 = __ebp - 0x1c;
												__eax = __esi + 0xc + __edi * 4;
												__eax = E00406FC4(__esi + 0xc + __edi * 4,  *(__ebp - 0x14), 0, 0x408494, 0x4084d0, __ebp - 0x1c, __ebp - 0x10,  &(__esi[0x148]), __ebp - 0xc);
												__eflags = __eax;
												if(__eax != 0) {
													goto L9;
												}
												L98:
												__eax =  *(__ebp - 0x10);
												__eflags =  *(__ebp - 0x10);
												if( *(__ebp - 0x10) != 0) {
													L100:
													__cl =  *(__ebp - 4);
													 *__esi =  *__esi & 0x00000000;
													__eflags =  *__esi;
													__esi[4] = __al;
													__eax =  *(__ebp - 0x18);
													__esi[5] =  *(__ebp - 0x18);
													__eax =  *(__ebp - 0x1c);
													__esi[4] = __cl;
													__esi[6] =  *(__ebp - 0x1c);
													goto L101;
												}
												L99:
												__eflags = __edi - 0x101;
												if(__edi > 0x101) {
													goto L9;
												}
												goto L100;
											}
										case 0xe:
											goto L9;
										case 0xf:
											L175:
											__eax =  *(__ebp - 0x30);
											__esi[0x26ea] =  *(__ebp - 0x30);
											__eax = E00406F5C( *((intOrPtr*)(__ebp + 8)));
											__ecx = __esi[0x26ea];
											__edx = __esi[0x26e9];
											__eflags = __ecx - __edx;
											 *(__ebp - 0x30) = __ecx;
											if(__ecx >= __edx) {
												__eax = __esi[0x26e8];
												__eax = __esi[0x26e8] - __ecx;
												__eflags = __eax;
											} else {
												__edx = __edx - __ecx;
												__eax = __edx - __ecx - 1;
											}
											__eflags = __ecx - __edx;
											 *(__ebp - 0x2c) = __eax;
											if(__ecx != __edx) {
												L183:
												__edi = 0;
												goto L10;
											} else {
												L179:
												__eax = __esi[0x145];
												__eflags = __eax - 8;
												 *__esi = __eax;
												if(__eax != 8) {
													L184:
													0 = 1;
													goto L10;
												}
												goto L180;
											}
									}
								}
								L181:
								goto L9;
							}
							L70:
							if( *__edi == __eax) {
								goto L72;
							}
							L71:
							__esi[2] = __esi[2] & __eax;
							 *__esi = 0xd;
							goto L93;
						}
					}
				}
				L182:
				_t443 = 0;
				_t446[0x147] =  *(_t448 - 0x40);
				_t446[0x146] = _t425;
				( *(_t448 + 8))[1] = 0;
				goto L11;
			}









                                                                  0x004067ed
                                                                  0x004067ed
                                                                  0x004067ed
                                                                  0x004067ed
                                                                  0x004067ed
                                                                  0x004067f1
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x004067f7
                                                                  0x004067f7
                                                                  0x004067fa
                                                                  0x004067fd
                                                                  0x00406802
                                                                  0x00406804
                                                                  0x00406807
                                                                  0x0040680a
                                                                  0x0040680d
                                                                  0x0040680d
                                                                  0x00406810
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00406812
                                                                  0x00406812
                                                                  0x00406815
                                                                  0x0040681a
                                                                  0x0040681c
                                                                  0x0040681f
                                                                  0x00406825
                                                                  0x00406584
                                                                  0x00406584
                                                                  0x00406587
                                                                  0x0040658d
                                                                  0x00406593
                                                                  0x0040659c
                                                                  0x004065a2
                                                                  0x004065a5
                                                                  0x004065ac
                                                                  0x004065b1
                                                                  0x004065b7
                                                                  0x004065c2
                                                                  0x004065c2
                                                                  0x0040682b
                                                                  0x0040682b
                                                                  0x00406835
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x0040683b
                                                                  0x0040683b
                                                                  0x0040683f
                                                                  0x00406842
                                                                  0x00406842
                                                                  0x00406846
                                                                  0x0040684c
                                                                  0x0040684c
                                                                  0x0040684f
                                                                  0x00406852
                                                                  0x00406858
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x0040685a
                                                                  0x0040687c
                                                                  0x0040687c
                                                                  0x0040687f
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x0040685c
                                                                  0x00406860
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00406866
                                                                  0x00406866
                                                                  0x00406869
                                                                  0x0040686c
                                                                  0x00406871
                                                                  0x00406873
                                                                  0x00406876
                                                                  0x00406879
                                                                  0x00406879
                                                                  0x00406881
                                                                  0x00406881
                                                                  0x00406887
                                                                  0x0040688a
                                                                  0x0040688d
                                                                  0x0040688d
                                                                  0x00406894
                                                                  0x00406898
                                                                  0x0040689c
                                                                  0x0040689f
                                                                  0x004068a2
                                                                  0x004068a8
                                                                  0x004068ad
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x004068af
                                                                  0x004068c3
                                                                  0x004068c3
                                                                  0x004068c7
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x004068b1
                                                                  0x004068b4
                                                                  0x004068b4
                                                                  0x004068bb
                                                                  0x004068c0
                                                                  0x004068c0
                                                                  0x004068c0
                                                                  0x004068c9
                                                                  0x004068c9
                                                                  0x004068cc
                                                                  0x004068da
                                                                  0x004068e0
                                                                  0x004068e5
                                                                  0x004068eb
                                                                  0x004068f1
                                                                  0x004068f7
                                                                  0x004068fe
                                                                  0x00406912
                                                                  0x00406912
                                                                  0x00406ee1
                                                                  0x00406ee1
                                                                  0x00406ee1
                                                                  0x00406ee6
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x0040651e
                                                                  0x0040651e
                                                                  0x00000000
                                                                  0x00406b19
                                                                  0x00406b19
                                                                  0x00406b1d
                                                                  0x00406b20
                                                                  0x00406b23
                                                                  0x00406b26
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00406b2c
                                                                  0x00406b2c
                                                                  0x00406b51
                                                                  0x00406b51
                                                                  0x00406b51
                                                                  0x00406b53
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00406b31
                                                                  0x00406b31
                                                                  0x00406b35
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00406b3b
                                                                  0x00406b3b
                                                                  0x00406b3e
                                                                  0x00406b41
                                                                  0x00406b44
                                                                  0x00406b46
                                                                  0x00406b48
                                                                  0x00406b4b
                                                                  0x00406b4e
                                                                  0x00406b4e
                                                                  0x00406b4e
                                                                  0x00406b55
                                                                  0x00406b55
                                                                  0x00406b5d
                                                                  0x00406b60
                                                                  0x00406b63
                                                                  0x00406b66
                                                                  0x00406b6a
                                                                  0x00406b6d
                                                                  0x00406b6f
                                                                  0x00406b72
                                                                  0x00406b74
                                                                  0x00406b88
                                                                  0x00406b88
                                                                  0x00406b8b
                                                                  0x00406ba5
                                                                  0x00406ba5
                                                                  0x00406ba8
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00406bae
                                                                  0x00406bae
                                                                  0x00406bb1
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00406bb7
                                                                  0x00406bb7
                                                                  0x00000000
                                                                  0x00406bb7
                                                                  0x00406b8d
                                                                  0x00406b90
                                                                  0x00406b97
                                                                  0x00406b9a
                                                                  0x00000000
                                                                  0x00406b9a
                                                                  0x00406b76
                                                                  0x00406b7a
                                                                  0x00406b7d
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00406bc2
                                                                  0x00406bc2
                                                                  0x00406be7
                                                                  0x00406be7
                                                                  0x00406be7
                                                                  0x00406be9
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00406bc7
                                                                  0x00406bc7
                                                                  0x00406bcb
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00406bd1
                                                                  0x00406bd1
                                                                  0x00406bd4
                                                                  0x00406bd7
                                                                  0x00406bda
                                                                  0x00406bdc
                                                                  0x00406bde
                                                                  0x00406be1
                                                                  0x00406be4
                                                                  0x00406be4
                                                                  0x00406be4
                                                                  0x00406beb
                                                                  0x00406bf3
                                                                  0x00406bf6
                                                                  0x00406bf9
                                                                  0x00406bfb
                                                                  0x00406bfe
                                                                  0x00406bfe
                                                                  0x00406c00
                                                                  0x00406c04
                                                                  0x00406c07
                                                                  0x00406c0a
                                                                  0x00406c0d
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00406c13
                                                                  0x00406c13
                                                                  0x00406c38
                                                                  0x00406c38
                                                                  0x00406c38
                                                                  0x00406c3a
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00406c18
                                                                  0x00406c18
                                                                  0x00406c1c
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00406c22
                                                                  0x00406c22
                                                                  0x00406c25
                                                                  0x00406c28
                                                                  0x00406c2b
                                                                  0x00406c2d
                                                                  0x00406c2f
                                                                  0x00406c32
                                                                  0x00406c35
                                                                  0x00406c35
                                                                  0x00406c35
                                                                  0x00406c3c
                                                                  0x00406c3c
                                                                  0x00406c44
                                                                  0x00406c47
                                                                  0x00406c4a
                                                                  0x00406c4d
                                                                  0x00406c51
                                                                  0x00406c54
                                                                  0x00406c56
                                                                  0x00406c59
                                                                  0x00406c5c
                                                                  0x00406c76
                                                                  0x00406c76
                                                                  0x00406c79
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00406c7f
                                                                  0x00406c7f
                                                                  0x00406c82
                                                                  0x00406c89
                                                                  0x00000000
                                                                  0x00406c89
                                                                  0x00406c5e
                                                                  0x00406c61
                                                                  0x00406c68
                                                                  0x00406c6b
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00406c91
                                                                  0x00406c91
                                                                  0x00406cb6
                                                                  0x00406cb6
                                                                  0x00406cb6
                                                                  0x00406cb8
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00406c96
                                                                  0x00406c96
                                                                  0x00406c9a
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00406ca0
                                                                  0x00406ca0
                                                                  0x00406ca3
                                                                  0x00406ca6
                                                                  0x00406ca9
                                                                  0x00406cab
                                                                  0x00406cad
                                                                  0x00406cb0
                                                                  0x00406cb3
                                                                  0x00406cb3
                                                                  0x00406cb3
                                                                  0x00406cba
                                                                  0x00406cc2
                                                                  0x00406cc5
                                                                  0x00406cc8
                                                                  0x00406cca
                                                                  0x00406ccd
                                                                  0x00406ccd
                                                                  0x00406ccf
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00406cd5
                                                                  0x00406cd5
                                                                  0x00406cd8
                                                                  0x00406cdd
                                                                  0x00406cdf
                                                                  0x00406ce5
                                                                  0x00406ce7
                                                                  0x00406cfc
                                                                  0x00406cfe
                                                                  0x00406cfe
                                                                  0x00406ce9
                                                                  0x00406cef
                                                                  0x00406cf1
                                                                  0x00406cf3
                                                                  0x00406cf3
                                                                  0x00406d00
                                                                  0x00406d04
                                                                  0x00406d07
                                                                  0x00406d0d
                                                                  0x00406d0d
                                                                  0x00406d10
                                                                  0x00406d10
                                                                  0x00406d10
                                                                  0x00406d12
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00406d18
                                                                  0x00406d18
                                                                  0x00406d1e
                                                                  0x00406d20
                                                                  0x00406d45
                                                                  0x00406d48
                                                                  0x00406d4e
                                                                  0x00406d53
                                                                  0x00406d59
                                                                  0x00406d5f
                                                                  0x00406d61
                                                                  0x00406d64
                                                                  0x00406d6d
                                                                  0x00406d73
                                                                  0x00406d73
                                                                  0x00406d66
                                                                  0x00406d68
                                                                  0x00406d6a
                                                                  0x00406d6a
                                                                  0x00406d75
                                                                  0x00406d7b
                                                                  0x00406d7d
                                                                  0x00406d80
                                                                  0x00406d82
                                                                  0x00406d88
                                                                  0x00406d8a
                                                                  0x00406d8c
                                                                  0x00406d8e
                                                                  0x00406d90
                                                                  0x00406d93
                                                                  0x00406d9c
                                                                  0x00406d9f
                                                                  0x00406d9f
                                                                  0x00406d95
                                                                  0x00406d95
                                                                  0x00406d98
                                                                  0x00406d98
                                                                  0x00406d93
                                                                  0x00406d8a
                                                                  0x00406da1
                                                                  0x00406da3
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00406da3
                                                                  0x00406d22
                                                                  0x00406d22
                                                                  0x00406d28
                                                                  0x00406d2e
                                                                  0x00406d30
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00406d32
                                                                  0x00406d32
                                                                  0x00406d34
                                                                  0x00406d36
                                                                  0x00406d3f
                                                                  0x00406d3f
                                                                  0x00406d38
                                                                  0x00406d38
                                                                  0x00406d3b
                                                                  0x00406d3b
                                                                  0x00406d41
                                                                  0x00406d43
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00406da9
                                                                  0x00406da9
                                                                  0x00406dae
                                                                  0x00406db0
                                                                  0x00406db1
                                                                  0x00406db2
                                                                  0x00406db3
                                                                  0x00406db9
                                                                  0x00406dbc
                                                                  0x00406dbf
                                                                  0x00406dc2
                                                                  0x00406dc4
                                                                  0x00406dca
                                                                  0x00406dca
                                                                  0x00406dcd
                                                                  0x00406dcd
                                                                  0x00406dcd
                                                                  0x00406dcd
                                                                  0x00406dd6
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00406ddb
                                                                  0x00406ddb
                                                                  0x00406dde
                                                                  0x00406de1
                                                                  0x00406de3
                                                                  0x00406e7a
                                                                  0x00406e7a
                                                                  0x00406e7d
                                                                  0x00406e7f
                                                                  0x00406e80
                                                                  0x00406e81
                                                                  0x00406e84
                                                                  0x00000000
                                                                  0x00406e84
                                                                  0x00406de9
                                                                  0x00406de9
                                                                  0x00406def
                                                                  0x00406df1
                                                                  0x00406e16
                                                                  0x00406e19
                                                                  0x00406e1f
                                                                  0x00406e24
                                                                  0x00406e2a
                                                                  0x00406e30
                                                                  0x00406e32
                                                                  0x00406e35
                                                                  0x00406e3e
                                                                  0x00406e44
                                                                  0x00406e44
                                                                  0x00406e37
                                                                  0x00406e39
                                                                  0x00406e3b
                                                                  0x00406e3b
                                                                  0x00406e46
                                                                  0x00406e4c
                                                                  0x00406e4e
                                                                  0x00406e51
                                                                  0x00406e53
                                                                  0x00406e59
                                                                  0x00406e5b
                                                                  0x00406e5d
                                                                  0x00406e5f
                                                                  0x00406e61
                                                                  0x00406e64
                                                                  0x00406e6d
                                                                  0x00406e70
                                                                  0x00406e70
                                                                  0x00406e66
                                                                  0x00406e66
                                                                  0x00406e69
                                                                  0x00406e69
                                                                  0x00406e64
                                                                  0x00406e5b
                                                                  0x00406e72
                                                                  0x00406e74
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00406e74
                                                                  0x00406df3
                                                                  0x00406df3
                                                                  0x00406df9
                                                                  0x00406dff
                                                                  0x00406e01
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00406e03
                                                                  0x00406e03
                                                                  0x00406e05
                                                                  0x00406e07
                                                                  0x00406e0e
                                                                  0x00406e0e
                                                                  0x00406e10
                                                                  0x00406e09
                                                                  0x00406e09
                                                                  0x00406e0b
                                                                  0x00406e0b
                                                                  0x00406e12
                                                                  0x00406e14
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00406e8c
                                                                  0x00406e8c
                                                                  0x00406e8f
                                                                  0x00406e91
                                                                  0x00406e94
                                                                  0x00406e97
                                                                  0x00406e97
                                                                  0x00406e97
                                                                  0x00406e97
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00406545
                                                                  0x00406529
                                                                  0x00000000
                                                                  0x0040652f
                                                                  0x00406532
                                                                  0x0040653c
                                                                  0x0040653f
                                                                  0x00406542
                                                                  0x00000000
                                                                  0x00406542
                                                                  0x00406529
                                                                  0x0040654d
                                                                  0x00406550
                                                                  0x00406554
                                                                  0x0040655e
                                                                  0x00406568
                                                                  0x0040656b
                                                                  0x00406571
                                                                  0x004066a5
                                                                  0x004066a7
                                                                  0x004066ad
                                                                  0x004066b0
                                                                  0x004066b3
                                                                  0x00000000
                                                                  0x004066b3
                                                                  0x00406577
                                                                  0x00406577
                                                                  0x00406578
                                                                  0x004065d0
                                                                  0x004065d0
                                                                  0x004065d7
                                                                  0x0040667d
                                                                  0x0040667d
                                                                  0x00406682
                                                                  0x00406685
                                                                  0x0040668a
                                                                  0x0040668d
                                                                  0x00406692
                                                                  0x00406695
                                                                  0x0040669a
                                                                  0x0040669d
                                                                  0x0040669d
                                                                  0x00000000
                                                                  0x004065dd
                                                                  0x004065dd
                                                                  0x004065dd
                                                                  0x004065dd
                                                                  0x004065e1
                                                                  0x004065e1
                                                                  0x00406603
                                                                  0x00406606
                                                                  0x00406608
                                                                  0x0040660b
                                                                  0x00406610
                                                                  0x004065e6
                                                                  0x004065e6
                                                                  0x004065eb
                                                                  0x004065ed
                                                                  0x004065ef
                                                                  0x004065f4
                                                                  0x004065fa
                                                                  0x004065ff
                                                                  0x00406601
                                                                  0x00406601
                                                                  0x004065f6
                                                                  0x004065f6
                                                                  0x004065f6
                                                                  0x004065f4
                                                                  0x00000000
                                                                  0x00406612
                                                                  0x0040663f
                                                                  0x00406644
                                                                  0x00406646
                                                                  0x00406647
                                                                  0x00406649
                                                                  0x0040664a
                                                                  0x0040664a
                                                                  0x0040664a
                                                                  0x00406672
                                                                  0x00406677
                                                                  0x00406677
                                                                  0x00000000
                                                                  0x00406677
                                                                  0x00406610
                                                                  0x004065d7
                                                                  0x0040657a
                                                                  0x0040657a
                                                                  0x0040657b
                                                                  0x004065c5
                                                                  0x00000000
                                                                  0x004065c5
                                                                  0x0040657d
                                                                  0x0040657e
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x004066da
                                                                  0x004066da
                                                                  0x004066da
                                                                  0x004066dd
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x004066ba
                                                                  0x004066ba
                                                                  0x004066be
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x004066c4
                                                                  0x004066c4
                                                                  0x004066c7
                                                                  0x004066ca
                                                                  0x004066cf
                                                                  0x004066d1
                                                                  0x004066d4
                                                                  0x004066d7
                                                                  0x004066d7
                                                                  0x004066d7
                                                                  0x004066df
                                                                  0x004066df
                                                                  0x004066e2
                                                                  0x004066e4
                                                                  0x004066e9
                                                                  0x004066ec
                                                                  0x004066ee
                                                                  0x004066f1
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x004066f7
                                                                  0x004066f7
                                                                  0x004066f9
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x004066ff
                                                                  0x004066ff
                                                                  0x00406703
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00406709
                                                                  0x00406709
                                                                  0x0040670c
                                                                  0x0040670e
                                                                  0x004067ac
                                                                  0x004067ac
                                                                  0x004067af
                                                                  0x004067b1
                                                                  0x004067b1
                                                                  0x004067b4
                                                                  0x004067b7
                                                                  0x004067b9
                                                                  0x004067bb
                                                                  0x004067bd
                                                                  0x004067bd
                                                                  0x004067c6
                                                                  0x004067cb
                                                                  0x004067ce
                                                                  0x004067d1
                                                                  0x004067d4
                                                                  0x004067d7
                                                                  0x004067d7
                                                                  0x004067d7
                                                                  0x004067da
                                                                  0x004067e0
                                                                  0x004067e0
                                                                  0x004067e6
                                                                  0x004067e6
                                                                  0x004067e6
                                                                  0x00000000
                                                                  0x004067da
                                                                  0x00406714
                                                                  0x00406714
                                                                  0x0040671a
                                                                  0x0040671d
                                                                  0x0040671f
                                                                  0x0040674a
                                                                  0x0040674d
                                                                  0x00406753
                                                                  0x00406758
                                                                  0x0040675e
                                                                  0x00406764
                                                                  0x00406766
                                                                  0x00406769
                                                                  0x00406772
                                                                  0x00406778
                                                                  0x00406778
                                                                  0x0040676b
                                                                  0x0040676d
                                                                  0x0040676f
                                                                  0x0040676f
                                                                  0x0040677a
                                                                  0x00406780
                                                                  0x00406783
                                                                  0x00406785
                                                                  0x00406787
                                                                  0x0040678d
                                                                  0x0040678f
                                                                  0x00406791
                                                                  0x00406794
                                                                  0x0040679d
                                                                  0x0040679d
                                                                  0x0040679f
                                                                  0x00406796
                                                                  0x00406796
                                                                  0x00406799
                                                                  0x00406799
                                                                  0x004067a1
                                                                  0x004067a1
                                                                  0x0040678f
                                                                  0x004067a4
                                                                  0x004067a6
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x004067a6
                                                                  0x00406721
                                                                  0x00406721
                                                                  0x00406727
                                                                  0x0040672d
                                                                  0x0040672f
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00406731
                                                                  0x00406731
                                                                  0x00406733
                                                                  0x00406735
                                                                  0x00406738
                                                                  0x0040673f
                                                                  0x0040673f
                                                                  0x00406741
                                                                  0x0040673a
                                                                  0x0040673a
                                                                  0x0040673c
                                                                  0x0040673c
                                                                  0x00406743
                                                                  0x00406745
                                                                  0x00406748
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x0040684c
                                                                  0x0040684f
                                                                  0x00406852
                                                                  0x00406858
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00406a2f
                                                                  0x00406a2f
                                                                  0x00406a2f
                                                                  0x00406a32
                                                                  0x00406a35
                                                                  0x00406a37
                                                                  0x00406a3a
                                                                  0x00406a40
                                                                  0x00406a47
                                                                  0x00406a49
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x0040691d
                                                                  0x0040691d
                                                                  0x00406945
                                                                  0x00406945
                                                                  0x00406945
                                                                  0x00406947
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00406925
                                                                  0x00406925
                                                                  0x00406929
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x0040692f
                                                                  0x0040692f
                                                                  0x00406932
                                                                  0x00406935
                                                                  0x00406938
                                                                  0x0040693a
                                                                  0x0040693c
                                                                  0x0040693f
                                                                  0x00406942
                                                                  0x00406942
                                                                  0x00406942
                                                                  0x00406949
                                                                  0x00406949
                                                                  0x00406951
                                                                  0x00406954
                                                                  0x0040695a
                                                                  0x0040695d
                                                                  0x00406961
                                                                  0x00406965
                                                                  0x00406968
                                                                  0x0040696b
                                                                  0x00406983
                                                                  0x00406983
                                                                  0x00406986
                                                                  0x00406994
                                                                  0x00406997
                                                                  0x00406988
                                                                  0x00406988
                                                                  0x0040698a
                                                                  0x00406991
                                                                  0x00406991
                                                                  0x004069c0
                                                                  0x004069c0
                                                                  0x004069c0
                                                                  0x004069c3
                                                                  0x004069c5
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x004069a0
                                                                  0x004069a0
                                                                  0x004069a4
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x004069aa
                                                                  0x004069aa
                                                                  0x004069ad
                                                                  0x004069b0
                                                                  0x004069b3
                                                                  0x004069b5
                                                                  0x004069b7
                                                                  0x004069ba
                                                                  0x004069bd
                                                                  0x004069bd
                                                                  0x004069bd
                                                                  0x004069c7
                                                                  0x004069c7
                                                                  0x004069c9
                                                                  0x004069cb
                                                                  0x004069d6
                                                                  0x004069d9
                                                                  0x004069dc
                                                                  0x004069de
                                                                  0x004069e0
                                                                  0x004069e2
                                                                  0x004069e5
                                                                  0x004069e8
                                                                  0x004069ed
                                                                  0x004069f0
                                                                  0x004069f3
                                                                  0x004069f6
                                                                  0x004069fd
                                                                  0x00406a00
                                                                  0x00406a02
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00406a08
                                                                  0x00406a08
                                                                  0x00406a0c
                                                                  0x00406a1d
                                                                  0x00406a1d
                                                                  0x00406a1d
                                                                  0x00406a1f
                                                                  0x00406a1f
                                                                  0x00406a23
                                                                  0x00406a23
                                                                  0x00406a23
                                                                  0x00406a25
                                                                  0x00406a26
                                                                  0x00406a29
                                                                  0x00406a29
                                                                  0x00406a29
                                                                  0x00406a2c
                                                                  0x00000000
                                                                  0x00406a2c
                                                                  0x00406a0e
                                                                  0x00406a0e
                                                                  0x00406a11
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00406a17
                                                                  0x00406a17
                                                                  0x00000000
                                                                  0x00406a17
                                                                  0x0040696d
                                                                  0x0040696d
                                                                  0x0040696f
                                                                  0x00406971
                                                                  0x00406974
                                                                  0x00406977
                                                                  0x0040697b
                                                                  0x0040697b
                                                                  0x00406a4f
                                                                  0x00406a4f
                                                                  0x00406a52
                                                                  0x00406a59
                                                                  0x00406a5d
                                                                  0x00406a5f
                                                                  0x00406a62
                                                                  0x00406a65
                                                                  0x00406a6a
                                                                  0x00406a6d
                                                                  0x00406a6f
                                                                  0x00406a70
                                                                  0x00406a73
                                                                  0x00406a7e
                                                                  0x00406a81
                                                                  0x00406a98
                                                                  0x00406a9d
                                                                  0x00406aa4
                                                                  0x00406aa9
                                                                  0x00406aad
                                                                  0x00406aaf
                                                                  0x00406aaf
                                                                  0x00406aaf
                                                                  0x00406ab2
                                                                  0x00406ab4
                                                                  0x00000000
                                                                  0x00406aba
                                                                  0x00406aba
                                                                  0x00406abe
                                                                  0x00406ac9
                                                                  0x00406adc
                                                                  0x00406ae1
                                                                  0x00406ae6
                                                                  0x00406ae8
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00406aee
                                                                  0x00406aee
                                                                  0x00406af1
                                                                  0x00406af3
                                                                  0x00406b01
                                                                  0x00406b01
                                                                  0x00406b04
                                                                  0x00406b04
                                                                  0x00406b07
                                                                  0x00406b0a
                                                                  0x00406b0d
                                                                  0x00406b10
                                                                  0x00406b13
                                                                  0x00406b16
                                                                  0x00000000
                                                                  0x00406b16
                                                                  0x00406af5
                                                                  0x00406af5
                                                                  0x00406afb
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00406afb
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00406e9a
                                                                  0x00406e9a
                                                                  0x00406ea0
                                                                  0x00406ea6
                                                                  0x00406eab
                                                                  0x00406eb1
                                                                  0x00406eb7
                                                                  0x00406eb9
                                                                  0x00406ebc
                                                                  0x00406ec5
                                                                  0x00406ecb
                                                                  0x00406ecb
                                                                  0x00406ebe
                                                                  0x00406ec0
                                                                  0x00406ec2
                                                                  0x00406ec2
                                                                  0x00406ecd
                                                                  0x00406ecf
                                                                  0x00406ed2
                                                                  0x00406f0d
                                                                  0x00406f0d
                                                                  0x00000000
                                                                  0x00406ed4
                                                                  0x00406ed4
                                                                  0x00406ed4
                                                                  0x00406eda
                                                                  0x00406edd
                                                                  0x00406edf
                                                                  0x00406f14
                                                                  0x00406f16
                                                                  0x00000000
                                                                  0x00406f16
                                                                  0x00000000
                                                                  0x00406edf
                                                                  0x00000000
                                                                  0x0040651e
                                                                  0x00406eec
                                                                  0x00000000
                                                                  0x00406eec
                                                                  0x00406900
                                                                  0x00406902
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00406904
                                                                  0x00406904
                                                                  0x00406907
                                                                  0x00000000
                                                                  0x00406907
                                                                  0x0040684c
                                                                  0x0040680d
                                                                  0x00406ef1
                                                                  0x00406ef4
                                                                  0x00406ef6
                                                                  0x00406eff
                                                                  0x00406f05
                                                                  0x00000000

                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.691031265.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.691022035.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691058909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691080261.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691237627.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691253951.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691263137.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691442975.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 82a44bc8fd526afdff965e1cd5e7f2d0a246497ca5c27b0c944ad4ba04d420dd
                                                                  • Instruction ID: dc39b55080118b2a9f2c57fc2b953182458e36931565741e2945480d6a34e330
                                                                  • Opcode Fuzzy Hash: 82a44bc8fd526afdff965e1cd5e7f2d0a246497ca5c27b0c944ad4ba04d420dd
                                                                  • Instruction Fuzzy Hash: D2E19A7190070ADFDB24CF58D890BAAB7F1EB44305F15842EE897A76C1D738AA95CF44
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 00406FC4 Relevance: .3, Instructions: 300COMMONCrypto
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 100%
                                                                  			E00406FC4(signed char _a4, char _a5, short _a6, signed int _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, signed int* _a24, signed int _a28, intOrPtr _a32, signed int* _a36) {
				signed int _v8;
				unsigned int _v12;
				signed int _v16;
				intOrPtr _v20;
				signed int _v24;
				signed int _v28;
				intOrPtr* _v32;
				signed int* _v36;
				signed int _v40;
				signed int _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				void _v116;
				signed int _v176;
				signed int _v180;
				signed int _v240;
				signed int _t166;
				signed int _t168;
				intOrPtr _t175;
				signed int _t181;
				void* _t182;
				intOrPtr _t183;
				signed int* _t184;
				signed int _t186;
				signed int _t187;
				signed int* _t189;
				signed int _t190;
				intOrPtr* _t191;
				intOrPtr _t192;
				signed int _t193;
				signed int _t195;
				signed int _t200;
				signed int _t205;
				void* _t207;
				short _t208;
				signed char _t222;
				signed int _t224;
				signed int _t225;
				signed int* _t232;
				signed int _t233;
				signed int _t234;
				void* _t235;
				signed int _t236;
				signed int _t244;
				signed int _t246;
				signed int _t251;
				signed int _t254;
				signed int _t256;
				signed int _t259;
				signed int _t262;
				void* _t263;
				void* _t264;
				signed int _t267;
				intOrPtr _t269;
				intOrPtr _t271;
				signed int _t274;
				intOrPtr* _t275;
				unsigned int _t276;
				void* _t277;
				signed int _t278;
				intOrPtr* _t279;
				signed int _t281;
				intOrPtr _t282;
				intOrPtr _t283;
				signed int* _t284;
				signed int _t286;
				signed int _t287;
				signed int _t288;
				signed int _t296;
				signed int* _t297;
				intOrPtr _t298;
				void* _t299;

				_t278 = _a8;
				_t187 = 0x10;
				memset( &_v116, 0, _t187 << 2);
				_t189 = _a4;
				_t233 = _t278;
				do {
					_t166 =  *_t189;
					_t189 =  &(_t189[1]);
					 *((intOrPtr*)(_t299 + _t166 * 4 - 0x70)) =  *((intOrPtr*)(_t299 + _t166 * 4 - 0x70)) + 1;
					_t233 = _t233 - 1;
				} while (_t233 != 0);
				if(_v116 != _t278) {
					_t279 = _a28;
					_t267 =  *_t279;
					_t190 = 1;
					_a28 = _t267;
					_t234 = 0xf;
					while(1) {
						_t168 = 0;
						if( *((intOrPtr*)(_t299 + _t190 * 4 - 0x70)) != 0) {
							break;
						}
						_t190 = _t190 + 1;
						if(_t190 <= _t234) {
							continue;
						}
						break;
					}
					_v8 = _t190;
					if(_t267 < _t190) {
						_a28 = _t190;
					}
					while( *((intOrPtr*)(_t299 + _t234 * 4 - 0x70)) == _t168) {
						_t234 = _t234 - 1;
						if(_t234 != 0) {
							continue;
						}
						break;
					}
					_v28 = _t234;
					if(_a28 > _t234) {
						_a28 = _t234;
					}
					 *_t279 = _a28;
					_t181 = 1 << _t190;
					while(_t190 < _t234) {
						_t182 = _t181 -  *((intOrPtr*)(_t299 + _t190 * 4 - 0x70));
						if(_t182 < 0) {
							L64:
							return _t168 | 0xffffffff;
						}
						_t190 = _t190 + 1;
						_t181 = _t182 + _t182;
					}
					_t281 = _t234 << 2;
					_t191 = _t299 + _t281 - 0x70;
					_t269 =  *_t191;
					_t183 = _t181 - _t269;
					_v52 = _t183;
					if(_t183 < 0) {
						goto L64;
					}
					_v176 = _t168;
					 *_t191 = _t269 + _t183;
					_t192 = 0;
					_t235 = _t234 - 1;
					if(_t235 == 0) {
						L21:
						_t184 = _a4;
						_t271 = 0;
						do {
							_t193 =  *_t184;
							_t184 =  &(_t184[1]);
							if(_t193 != _t168) {
								_t232 = _t299 + _t193 * 4 - 0xb0;
								_t236 =  *_t232;
								 *((intOrPtr*)(0x42d688 + _t236 * 4)) = _t271;
								 *_t232 = _t236 + 1;
							}
							_t271 = _t271 + 1;
						} while (_t271 < _a8);
						_v16 = _v16 | 0xffffffff;
						_v40 = _v40 & 0x00000000;
						_a8 =  *((intOrPtr*)(_t299 + _t281 - 0xb0));
						_t195 = _v8;
						_t186 =  ~_a28;
						_v12 = _t168;
						_v180 = _t168;
						_v36 = 0x42d688;
						_v240 = _t168;
						if(_t195 > _v28) {
							L62:
							_t168 = 0;
							if(_v52 == 0 || _v28 == 1) {
								return _t168;
							} else {
								goto L64;
							}
						}
						_v44 = _t195 - 1;
						_v32 = _t299 + _t195 * 4 - 0x70;
						do {
							_t282 =  *_v32;
							if(_t282 == 0) {
								goto L61;
							}
							while(1) {
								_t283 = _t282 - 1;
								_t200 = _a28 + _t186;
								_v48 = _t283;
								_v24 = _t200;
								if(_v8 <= _t200) {
									goto L45;
								}
								L31:
								_v20 = _t283 + 1;
								do {
									_v16 = _v16 + 1;
									_t296 = _v28 - _v24;
									if(_t296 > _a28) {
										_t296 = _a28;
									}
									_t222 = _v8 - _v24;
									_t254 = 1 << _t222;
									if(1 <= _v20) {
										L40:
										_t256 =  *_a36;
										_t168 = 1 << _t222;
										_v40 = 1;
										_t274 = _t256 + 1;
										if(_t274 > 0x5a0) {
											goto L64;
										}
									} else {
										_t275 = _v32;
										_t263 = _t254 + (_t168 | 0xffffffff) - _v48;
										if(_t222 >= _t296) {
											goto L40;
										}
										while(1) {
											_t222 = _t222 + 1;
											if(_t222 >= _t296) {
												goto L40;
											}
											_t275 = _t275 + 4;
											_t264 = _t263 + _t263;
											_t175 =  *_t275;
											if(_t264 <= _t175) {
												goto L40;
											}
											_t263 = _t264 - _t175;
										}
										goto L40;
									}
									_t168 = _a32 + _t256 * 4;
									_t297 = _t299 + _v16 * 4 - 0xec;
									 *_a36 = _t274;
									_t259 = _v16;
									 *_t297 = _t168;
									if(_t259 == 0) {
										 *_a24 = _t168;
									} else {
										_t276 = _v12;
										_t298 =  *((intOrPtr*)(_t297 - 4));
										 *(_t299 + _t259 * 4 - 0xb0) = _t276;
										_a5 = _a28;
										_a4 = _t222;
										_t262 = _t276 >> _t186;
										_a6 = (_t168 - _t298 >> 2) - _t262;
										 *(_t298 + _t262 * 4) = _a4;
									}
									_t224 = _v24;
									_t186 = _t224;
									_t225 = _t224 + _a28;
									_v24 = _t225;
								} while (_v8 > _t225);
								L45:
								_t284 = _v36;
								_a5 = _v8 - _t186;
								if(_t284 < 0x42d688 + _a8 * 4) {
									_t205 =  *_t284;
									if(_t205 >= _a12) {
										_t207 = _t205 - _a12 + _t205 - _a12;
										_v36 =  &(_v36[1]);
										_a4 =  *((intOrPtr*)(_t207 + _a20)) + 0x50;
										_t208 =  *((intOrPtr*)(_t207 + _a16));
									} else {
										_a4 = (_t205 & 0xffffff00 | _t205 - 0x00000100 > 0x00000000) - 0x00000001 & 0x00000060;
										_t208 =  *_t284;
										_v36 =  &(_t284[1]);
									}
									_a6 = _t208;
								} else {
									_a4 = 0xc0;
								}
								_t286 = 1 << _v8 - _t186;
								_t244 = _v12 >> _t186;
								while(_t244 < _v40) {
									 *(_t168 + _t244 * 4) = _a4;
									_t244 = _t244 + _t286;
								}
								_t287 = _v12;
								_t246 = 1 << _v44;
								while((_t287 & _t246) != 0) {
									_t287 = _t287 ^ _t246;
									_t246 = _t246 >> 1;
								}
								_t288 = _t287 ^ _t246;
								_v20 = 1;
								_v12 = _t288;
								_t251 = _v16;
								if(((1 << _t186) - 0x00000001 & _t288) ==  *((intOrPtr*)(_t299 + _t251 * 4 - 0xb0))) {
									L60:
									if(_v48 != 0) {
										_t282 = _v48;
										_t283 = _t282 - 1;
										_t200 = _a28 + _t186;
										_v48 = _t283;
										_v24 = _t200;
										if(_v8 <= _t200) {
											goto L45;
										}
										goto L31;
									}
									break;
								} else {
									goto L58;
								}
								do {
									L58:
									_t186 = _t186 - _a28;
									_t251 = _t251 - 1;
								} while (((1 << _t186) - 0x00000001 & _v12) !=  *((intOrPtr*)(_t299 + _t251 * 4 - 0xb0)));
								_v16 = _t251;
								goto L60;
							}
							L61:
							_v8 = _v8 + 1;
							_v32 = _v32 + 4;
							_v44 = _v44 + 1;
						} while (_v8 <= _v28);
						goto L62;
					}
					_t277 = 0;
					do {
						_t192 = _t192 +  *((intOrPtr*)(_t299 + _t277 - 0x6c));
						_t277 = _t277 + 4;
						_t235 = _t235 - 1;
						 *((intOrPtr*)(_t299 + _t277 - 0xac)) = _t192;
					} while (_t235 != 0);
					goto L21;
				}
				 *_a24 =  *_a24 & 0x00000000;
				 *_a28 =  *_a28 & 0x00000000;
				return 0;
			}











































































                                                                  0x00406fcf
                                                                  0x00406fd7
                                                                  0x00406fdb
                                                                  0x00406fdd
                                                                  0x00406fe0
                                                                  0x00406fe2
                                                                  0x00406fe2
                                                                  0x00406fe4
                                                                  0x00406feb
                                                                  0x00406fed
                                                                  0x00406fed
                                                                  0x00406ff3
                                                                  0x00407008
                                                                  0x00407010
                                                                  0x00407012
                                                                  0x00407014
                                                                  0x00407017
                                                                  0x00407018
                                                                  0x00407018
                                                                  0x0040701e
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00407020
                                                                  0x00407023
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00407023
                                                                  0x00407027
                                                                  0x0040702a
                                                                  0x0040702c
                                                                  0x0040702c
                                                                  0x0040702f
                                                                  0x00407035
                                                                  0x00407036
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00407036
                                                                  0x0040703b
                                                                  0x0040703e
                                                                  0x00407040
                                                                  0x00407040
                                                                  0x00407046
                                                                  0x00407048
                                                                  0x00407059
                                                                  0x0040704c
                                                                  0x00407050
                                                                  0x004072f5
                                                                  0x00000000
                                                                  0x004072f5
                                                                  0x00407056
                                                                  0x00407057
                                                                  0x00407057
                                                                  0x0040705f
                                                                  0x00407062
                                                                  0x00407066
                                                                  0x00407068
                                                                  0x0040706a
                                                                  0x0040706d
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00407075
                                                                  0x0040707b
                                                                  0x0040707d
                                                                  0x0040707f
                                                                  0x00407080
                                                                  0x00407095
                                                                  0x00407095
                                                                  0x00407098
                                                                  0x0040709a
                                                                  0x0040709a
                                                                  0x0040709c
                                                                  0x004070a1
                                                                  0x004070a3
                                                                  0x004070aa
                                                                  0x004070ac
                                                                  0x004070b4
                                                                  0x004070b4
                                                                  0x004070b6
                                                                  0x004070b7
                                                                  0x004070c6
                                                                  0x004070ca
                                                                  0x004070ce
                                                                  0x004070d1
                                                                  0x004070d4
                                                                  0x004070d9
                                                                  0x004070dc
                                                                  0x004070e2
                                                                  0x004070e9
                                                                  0x004070ef
                                                                  0x004072e8
                                                                  0x004072e8
                                                                  0x004072ed
                                                                  0x004072fc
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x004072ed
                                                                  0x004070fc
                                                                  0x004070ff
                                                                  0x00407102
                                                                  0x00407105
                                                                  0x00407109
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00407114
                                                                  0x00407117
                                                                  0x00407118
                                                                  0x0040711a
                                                                  0x00407120
                                                                  0x00407123
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00407129
                                                                  0x0040712a
                                                                  0x0040712d
                                                                  0x00407130
                                                                  0x00407133
                                                                  0x00407139
                                                                  0x0040713b
                                                                  0x0040713b
                                                                  0x00407143
                                                                  0x00407147
                                                                  0x0040714c
                                                                  0x00407171
                                                                  0x00407177
                                                                  0x00407179
                                                                  0x0040717b
                                                                  0x0040717e
                                                                  0x00407187
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x0040714e
                                                                  0x0040714e
                                                                  0x00407157
                                                                  0x0040715b
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x0040716c
                                                                  0x0040716c
                                                                  0x0040716f
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x0040715f
                                                                  0x00407162
                                                                  0x00407164
                                                                  0x00407168
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x0040716a
                                                                  0x0040716a
                                                                  0x00000000
                                                                  0x0040716c
                                                                  0x00407190
                                                                  0x00407196
                                                                  0x004071a0
                                                                  0x004071a2
                                                                  0x004071a7
                                                                  0x004071a9
                                                                  0x004071df
                                                                  0x004071ab
                                                                  0x004071ab
                                                                  0x004071ae
                                                                  0x004071b1
                                                                  0x004071bb
                                                                  0x004071be
                                                                  0x004071c5
                                                                  0x004071d0
                                                                  0x004071d7
                                                                  0x004071d7
                                                                  0x004071e1
                                                                  0x004071e4
                                                                  0x004071e6
                                                                  0x004071ec
                                                                  0x004071ec
                                                                  0x004071f5
                                                                  0x004071f8
                                                                  0x004071fd
                                                                  0x0040720c
                                                                  0x00407214
                                                                  0x00407219
                                                                  0x0040723d
                                                                  0x00407245
                                                                  0x00407249
                                                                  0x0040724f
                                                                  0x0040721b
                                                                  0x00407229
                                                                  0x0040722c
                                                                  0x00407232
                                                                  0x00407232
                                                                  0x00407253
                                                                  0x0040720e
                                                                  0x0040720e
                                                                  0x0040720e
                                                                  0x00407264
                                                                  0x00407268
                                                                  0x00407274
                                                                  0x0040726f
                                                                  0x00407272
                                                                  0x00407272
                                                                  0x0040727c
                                                                  0x00407281
                                                                  0x00407289
                                                                  0x00407285
                                                                  0x00407287
                                                                  0x00407287
                                                                  0x0040728f
                                                                  0x00407291
                                                                  0x00407298
                                                                  0x004072a2
                                                                  0x004072ac
                                                                  0x004072c8
                                                                  0x004072cc
                                                                  0x00407111
                                                                  0x00407117
                                                                  0x00407118
                                                                  0x0040711a
                                                                  0x00407120
                                                                  0x00407123
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00407123
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x004072ae
                                                                  0x004072ae
                                                                  0x004072ae
                                                                  0x004072b3
                                                                  0x004072bc
                                                                  0x004072c5
                                                                  0x00000000
                                                                  0x004072c5
                                                                  0x004072d2
                                                                  0x004072d2
                                                                  0x004072d5
                                                                  0x004072dc
                                                                  0x004072df
                                                                  0x00000000
                                                                  0x00407102
                                                                  0x00407082
                                                                  0x00407084
                                                                  0x00407084
                                                                  0x00407088
                                                                  0x0040708b
                                                                  0x0040708c
                                                                  0x0040708c
                                                                  0x00000000
                                                                  0x00407084
                                                                  0x00406ff8
                                                                  0x00406ffe
                                                                  0x00000000

                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.691031265.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.691022035.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691058909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691080261.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691237627.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691253951.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691263137.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691442975.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: fca4b55698b2abcc8e5cbf272b741b12ffb4e3b740e9774b5bdfc5da95159218
                                                                  • Instruction ID: 2f0950e66cb79552dca6b2fc49cb98149526550dbc918883d7c1b9af38c738a1
                                                                  • Opcode Fuzzy Hash: fca4b55698b2abcc8e5cbf272b741b12ffb4e3b740e9774b5bdfc5da95159218
                                                                  • Instruction Fuzzy Hash: 42C13831E042598BCF18CF68D4905EEB7B2BF99314F25827ED8567B380D734A942CB95
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 00404AA3 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 489windowmemoryCOMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 96%
                                                                  			E00404AA3(struct HWND__* _a4, int _a8, signed int _a12, int _a16) {
				struct HWND__* _v8;
				struct HWND__* _v12;
				long _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				signed char* _v32;
				int _v36;
				signed int _v44;
				int _v48;
				signed int* _v60;
				signed char* _v64;
				signed int _v68;
				long _v72;
				void* _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				void* _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t203;
				void* _t205;
				intOrPtr _t206;
				intOrPtr _t208;
				long _t212;
				signed int _t216;
				signed int _t227;
				void* _t230;
				void* _t231;
				int _t237;
				long _t242;
				long _t243;
				signed int _t244;
				signed int _t250;
				signed int _t252;
				signed char _t253;
				signed char _t259;
				void* _t264;
				void* _t266;
				signed char* _t284;
				signed char _t285;
				long _t287;
				long _t290;
				void* _t291;
				signed int _t300;
				signed int _t308;
				void* _t309;
				void* _t310;
				signed char* _t316;
				int _t320;
				int _t321;
				signed int* _t322;
				int _t323;
				long _t324;
				signed int _t325;
				long _t327;
				int _t328;
				signed int _t329;
				void* _t331;

				_v12 = GetDlgItem(_a4, 0x3f9);
				_v8 = GetDlgItem(_a4, 0x408);
				_t331 = SendMessageA;
				_v24 =  *0x42f448;
				_v28 =  *0x42f414 + 0x94;
				_t320 = 0x10;
				if(_a8 != 0x110) {
					L23:
					if(_a8 != 0x405) {
						_t298 = _a16;
					} else {
						_a12 = 0;
						_t298 = 1;
						_a8 = 0x40f;
						_a16 = 1;
					}
					if(_a8 == 0x4e || _a8 == 0x413) {
						_v16 = _t298;
						if(_a8 == 0x413 ||  *((intOrPtr*)(_t298 + 4)) == 0x408) {
							if(( *0x42f41d & 0x00000002) != 0) {
								L41:
								if(_v16 != 0) {
									_t242 = _v16;
									if( *((intOrPtr*)(_t242 + 8)) == 0xfffffe6e) {
										SendMessageA(_v8, 0x419, 0,  *(_t242 + 0x5c));
									}
									_t243 = _v16;
									if( *((intOrPtr*)(_t243 + 8)) == 0xfffffe6a) {
										_t298 = _v24;
										_t244 =  *(_t243 + 0x5c);
										if( *((intOrPtr*)(_t243 + 0xc)) != 2) {
											 *(_t244 * 0x418 + _t298 + 8) =  *(_t244 * 0x418 + _t298 + 8) & 0xffffffdf;
										} else {
											 *(_t244 * 0x418 + _t298 + 8) =  *(_t244 * 0x418 + _t298 + 8) | 0x00000020;
										}
									}
								}
								goto L48;
							}
							if(_a8 == 0x413) {
								L33:
								_t298 = 0 | _a8 != 0x00000413;
								_t250 = E004049F1(_v8, _a8 != 0x413);
								_t325 = _t250;
								if(_t325 >= 0) {
									_t99 = _v24 + 8; // 0x8
									_t298 = _t250 * 0x418 + _t99;
									_t252 =  *_t298;
									if((_t252 & 0x00000010) == 0) {
										if((_t252 & 0x00000040) == 0) {
											_t253 = _t252 ^ 0x00000001;
										} else {
											_t259 = _t252 ^ 0x00000080;
											if(_t259 >= 0) {
												_t253 = _t259 & 0x000000fe;
											} else {
												_t253 = _t259 | 0x00000001;
											}
										}
										 *_t298 = _t253;
										E0040117D(_t325);
										_a12 = _t325 + 1;
										_a16 =  !( *0x42f41c) >> 0x00000008 & 0x00000001;
										_a8 = 0x40f;
									}
								}
								goto L41;
							}
							_t298 = _a16;
							if( *((intOrPtr*)(_a16 + 8)) != 0xfffffffe) {
								goto L41;
							}
							goto L33;
						} else {
							goto L48;
						}
					} else {
						L48:
						if(_a8 != 0x111) {
							L56:
							if(_a8 == 0x200) {
								SendMessageA(_v8, 0x200, 0, 0);
							}
							if(_a8 == 0x40b) {
								_t230 =  *0x42a854; // 0x0
								if(_t230 != 0) {
									ImageList_Destroy(_t230);
								}
								_t231 =  *0x42a868; // 0x0
								if(_t231 != 0) {
									GlobalFree(_t231);
								}
								 *0x42a854 = 0;
								 *0x42a868 = 0;
								 *0x42f480 = 0;
							}
							if(_a8 != 0x40f) {
								L88:
								if(_a8 == 0x420 && ( *0x42f41d & 0x00000001) != 0) {
									_t321 = (0 | _a16 == 0x00000020) << 3;
									ShowWindow(_v8, _t321);
									ShowWindow(GetDlgItem(_a4, 0x3fe), _t321);
								}
								goto L91;
							} else {
								E004011EF(_t298, 0, 0);
								_t203 = _a12;
								if(_t203 != 0) {
									if(_t203 != 0xffffffff) {
										_t203 = _t203 - 1;
									}
									_push(_t203);
									_push(8);
									E00404A71();
								}
								if(_a16 == 0) {
									L75:
									E004011EF(_t298, 0, 0);
									_t205 =  *0x42a868; // 0x0
									_v36 = _t205;
									_t206 =  *0x42f448;
									_v64 = 0xf030;
									_v24 = 0;
									if( *0x42f44c <= 0) {
										L86:
										InvalidateRect(_v8, 0, 1);
										_t208 =  *0x42ebdc; // 0x82e563
										if( *((intOrPtr*)(_t208 + 0x10)) != 0) {
											E004049AC(0x3ff, 0xfffffffb, E004049C4(5));
										}
										goto L88;
									}
									_t322 = _t206 + 8;
									do {
										_t212 =  *((intOrPtr*)(_v36 + _v24 * 4));
										if(_t212 != 0) {
											_t300 =  *_t322;
											_v72 = _t212;
											_v76 = 8;
											if((_t300 & 0x00000001) != 0) {
												_v76 = 9;
												_v60 =  &(_t322[4]);
												_t322[0] = _t322[0] & 0x000000fe;
											}
											if((_t300 & 0x00000040) == 0) {
												_t216 = (_t300 & 0x00000001) + 1;
												if((_t300 & 0x00000010) != 0) {
													_t216 = _t216 + 3;
												}
											} else {
												_t216 = 3;
											}
											_v68 = (_t216 << 0x0000000b | _t300 & 0x00000008) + (_t216 << 0x0000000b | _t300 & 0x00000008) | _t300 & 0x00000020;
											SendMessageA(_v8, 0x1102, (_t300 >> 0x00000005 & 0x00000001) + 1, _v72);
											SendMessageA(_v8, 0x110d, 0,  &_v76);
										}
										_v24 = _v24 + 1;
										_t322 =  &(_t322[0x106]);
									} while (_v24 <  *0x42f44c);
									goto L86;
								} else {
									_t323 = E004012E2( *0x42a868);
									E00401299(_t323);
									_t227 = 0;
									_t298 = 0;
									if(_t323 <= 0) {
										L74:
										SendMessageA(_v12, 0x14e, _t298, 0);
										_a16 = _t323;
										_a8 = 0x420;
										goto L75;
									} else {
										goto L71;
									}
									do {
										L71:
										if( *((intOrPtr*)(_v28 + _t227 * 4)) != 0) {
											_t298 = _t298 + 1;
										}
										_t227 = _t227 + 1;
									} while (_t227 < _t323);
									goto L74;
								}
							}
						}
						if(_a12 != 0x3f9 || _a12 >> 0x10 != 1) {
							goto L91;
						} else {
							_t237 = SendMessageA(_v12, 0x147, 0, 0);
							if(_t237 == 0xffffffff) {
								goto L91;
							}
							_t324 = SendMessageA(_v12, 0x150, _t237, 0);
							if(_t324 == 0xffffffff ||  *((intOrPtr*)(_v28 + _t324 * 4)) == 0) {
								_t324 = 0x20;
							}
							E00401299(_t324);
							SendMessageA(_a4, 0x420, 0, _t324);
							_a12 = _a12 | 0xffffffff;
							_a16 = 0;
							_a8 = 0x40f;
							goto L56;
						}
					}
				} else {
					_v36 = 0;
					 *0x42f480 = _a4;
					_v20 = 2;
					 *0x42a868 = GlobalAlloc(0x40,  *0x42f44c << 2);
					_t264 = LoadImageA( *0x42f400, 0x6e, 0, 0, 0, 0);
					 *0x42a85c =  *0x42a85c | 0xffffffff;
					_v16 = _t264;
					 *0x42a864 = SetWindowLongA(_v8, 0xfffffffc, E004050AB);
					_t266 = ImageList_Create(_t320, _t320, 0x21, 6, 0);
					 *0x42a854 = _t266;
					ImageList_AddMasked(_t266, _v16, 0xff00ff);
					SendMessageA(_v8, 0x1109, 2,  *0x42a854);
					if(SendMessageA(_v8, 0x111c, 0, 0) < _t320) {
						SendMessageA(_v8, 0x111b, _t320, 0);
					}
					DeleteObject(_v16);
					_t327 = 0;
					do {
						_t272 =  *((intOrPtr*)(_v28 + _t327 * 4));
						if( *((intOrPtr*)(_v28 + _t327 * 4)) != 0) {
							if(_t327 != 0x20) {
								_v20 = 0;
							}
							SendMessageA(_v12, 0x151, SendMessageA(_v12, 0x143, 0, E00406032(0, _t327, _t331, 0, _t272)), _t327);
						}
						_t327 = _t327 + 1;
					} while (_t327 < 0x21);
					_t328 = _a16;
					_push( *((intOrPtr*)(_t328 + 0x30 + _v20 * 4)));
					_push(0x15);
					E0040409E(_a4);
					_push( *((intOrPtr*)(_t328 + 0x34 + _v20 * 4)));
					_push(0x16);
					E0040409E(_a4);
					_t329 = 0;
					_v16 = 0;
					if( *0x42f44c <= 0) {
						L19:
						SetWindowLongA(_v8, 0xfffffff0, GetWindowLongA(_v8, 0xfffffff0) & 0x000000fb);
						goto L20;
					} else {
						_t316 = _v24 + 8;
						_v32 = _t316;
						do {
							_t284 =  &(_t316[0x10]);
							if( *_t284 != 0) {
								_v64 = _t284;
								_t285 =  *_t316;
								_v88 = _v16;
								_t308 = 0x20;
								_v84 = 0xffff0002;
								_v80 = 0xd;
								_v68 = _t308;
								_v44 = _t329;
								_v72 = _t285 & _t308;
								if((_t285 & 0x00000002) == 0) {
									if((_t285 & 0x00000004) == 0) {
										_t287 = SendMessageA(_v8, 0x1100, 0,  &_v88);
										_t309 =  *0x42a868; // 0x0
										 *(_t309 + _t329 * 4) = _t287;
									} else {
										_v16 = SendMessageA(_v8, 0x110a, 3, _v16);
									}
								} else {
									_v80 = 0x4d;
									_v48 = 1;
									_t290 = SendMessageA(_v8, 0x1100, 0,  &_v88);
									_t310 =  *0x42a868; // 0x0
									_v36 = 1;
									 *(_t310 + _t329 * 4) = _t290;
									_t291 =  *0x42a868; // 0x0
									_v16 =  *(_t291 + _t329 * 4);
								}
							}
							_t329 = _t329 + 1;
							_t316 =  &(_v32[0x418]);
							_v32 = _t316;
						} while (_t329 <  *0x42f44c);
						if(_v36 != 0) {
							L20:
							if(_v20 != 0) {
								E004040D3(_v8);
								goto L23;
							} else {
								ShowWindow(_v12, 5);
								E004040D3(_v12);
								L91:
								return E00404105(_a8, _a12, _a16);
							}
						}
						goto L19;
					}
				}
			}































































                                                                  0x00404ac1
                                                                  0x00404ac9
                                                                  0x00404ad1
                                                                  0x00404ad7
                                                                  0x00404aef
                                                                  0x00404af2
                                                                  0x00404af3
                                                                  0x00404d20
                                                                  0x00404d27
                                                                  0x00404d3b
                                                                  0x00404d29
                                                                  0x00404d2b
                                                                  0x00404d2e
                                                                  0x00404d2f
                                                                  0x00404d36
                                                                  0x00404d36
                                                                  0x00404d47
                                                                  0x00404d55
                                                                  0x00404d58
                                                                  0x00404d6e
                                                                  0x00404de3
                                                                  0x00404de6
                                                                  0x00404de8
                                                                  0x00404df2
                                                                  0x00404e00
                                                                  0x00404e00
                                                                  0x00404e02
                                                                  0x00404e0c
                                                                  0x00404e12
                                                                  0x00404e15
                                                                  0x00404e18
                                                                  0x00404e33
                                                                  0x00404e1a
                                                                  0x00404e24
                                                                  0x00404e24
                                                                  0x00404e18
                                                                  0x00404e0c
                                                                  0x00000000
                                                                  0x00404de6
                                                                  0x00404d73
                                                                  0x00404d7e
                                                                  0x00404d83
                                                                  0x00404d8a
                                                                  0x00404d8f
                                                                  0x00404d93
                                                                  0x00404d9e
                                                                  0x00404d9e
                                                                  0x00404da2
                                                                  0x00404da6
                                                                  0x00404daa
                                                                  0x00404dbd
                                                                  0x00404dac
                                                                  0x00404dac
                                                                  0x00404db3
                                                                  0x00404db9
                                                                  0x00404db5
                                                                  0x00404db5
                                                                  0x00404db5
                                                                  0x00404db3
                                                                  0x00404dc1
                                                                  0x00404dc3
                                                                  0x00404dd6
                                                                  0x00404dd9
                                                                  0x00404ddc
                                                                  0x00404ddc
                                                                  0x00404da6
                                                                  0x00000000
                                                                  0x00404d93
                                                                  0x00404d75
                                                                  0x00404d7c
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00404e36
                                                                  0x00404e36
                                                                  0x00404e3d
                                                                  0x00404eae
                                                                  0x00404eb6
                                                                  0x00404ebe
                                                                  0x00404ebe
                                                                  0x00404ec7
                                                                  0x00404ec9
                                                                  0x00404ed0
                                                                  0x00404ed3
                                                                  0x00404ed3
                                                                  0x00404ed9
                                                                  0x00404ee0
                                                                  0x00404ee3
                                                                  0x00404ee3
                                                                  0x00404ee9
                                                                  0x00404eef
                                                                  0x00404ef5
                                                                  0x00404ef5
                                                                  0x00404f02
                                                                  0x00405058
                                                                  0x0040505f
                                                                  0x0040507c
                                                                  0x00405082
                                                                  0x00405094
                                                                  0x00405094
                                                                  0x00000000
                                                                  0x00404f08
                                                                  0x00404f0a
                                                                  0x00404f0f
                                                                  0x00404f14
                                                                  0x00404f19
                                                                  0x00404f1b
                                                                  0x00404f1b
                                                                  0x00404f1c
                                                                  0x00404f1d
                                                                  0x00404f1f
                                                                  0x00404f1f
                                                                  0x00404f27
                                                                  0x00404f68
                                                                  0x00404f6a
                                                                  0x00404f6f
                                                                  0x00404f7a
                                                                  0x00404f7d
                                                                  0x00404f82
                                                                  0x00404f89
                                                                  0x00404f8c
                                                                  0x0040502e
                                                                  0x00405034
                                                                  0x0040503a
                                                                  0x00405042
                                                                  0x00405053
                                                                  0x00405053
                                                                  0x00000000
                                                                  0x00405042
                                                                  0x00404f92
                                                                  0x00404f95
                                                                  0x00404f9b
                                                                  0x00404fa0
                                                                  0x00404fa2
                                                                  0x00404fa4
                                                                  0x00404faa
                                                                  0x00404fb1
                                                                  0x00404fb6
                                                                  0x00404fbd
                                                                  0x00404fc0
                                                                  0x00404fc0
                                                                  0x00404fc7
                                                                  0x00404fd3
                                                                  0x00404fd7
                                                                  0x00404fd9
                                                                  0x00404fd9
                                                                  0x00404fc9
                                                                  0x00404fcb
                                                                  0x00404fcb
                                                                  0x00404ff9
                                                                  0x00405005
                                                                  0x00405014
                                                                  0x00405014
                                                                  0x00405016
                                                                  0x00405019
                                                                  0x00405022
                                                                  0x00000000
                                                                  0x00404f29
                                                                  0x00404f34
                                                                  0x00404f37
                                                                  0x00404f3c
                                                                  0x00404f3e
                                                                  0x00404f42
                                                                  0x00404f52
                                                                  0x00404f5c
                                                                  0x00404f5e
                                                                  0x00404f61
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00404f44
                                                                  0x00404f44
                                                                  0x00404f4a
                                                                  0x00404f4c
                                                                  0x00404f4c
                                                                  0x00404f4d
                                                                  0x00404f4e
                                                                  0x00000000
                                                                  0x00404f44
                                                                  0x00404f27
                                                                  0x00404f02
                                                                  0x00404e45
                                                                  0x00000000
                                                                  0x00404e5b
                                                                  0x00404e65
                                                                  0x00404e6a
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00404e7c
                                                                  0x00404e81
                                                                  0x00404e8d
                                                                  0x00404e8d
                                                                  0x00404e8f
                                                                  0x00404e9e
                                                                  0x00404ea0
                                                                  0x00404ea4
                                                                  0x00404ea7
                                                                  0x00000000
                                                                  0x00404ea7
                                                                  0x00404e45
                                                                  0x00404af9
                                                                  0x00404afc
                                                                  0x00404aff
                                                                  0x00404b0f
                                                                  0x00404b22
                                                                  0x00404b2d
                                                                  0x00404b33
                                                                  0x00404b41
                                                                  0x00404b54
                                                                  0x00404b59
                                                                  0x00404b64
                                                                  0x00404b6d
                                                                  0x00404b83
                                                                  0x00404b93
                                                                  0x00404b9f
                                                                  0x00404b9f
                                                                  0x00404ba4
                                                                  0x00404baa
                                                                  0x00404bac
                                                                  0x00404baf
                                                                  0x00404bb4
                                                                  0x00404bb9
                                                                  0x00404bbb
                                                                  0x00404bbb
                                                                  0x00404bdb
                                                                  0x00404bdb
                                                                  0x00404bdd
                                                                  0x00404bde
                                                                  0x00404be3
                                                                  0x00404be9
                                                                  0x00404bed
                                                                  0x00404bf2
                                                                  0x00404bfa
                                                                  0x00404bfe
                                                                  0x00404c03
                                                                  0x00404c08
                                                                  0x00404c10
                                                                  0x00404c13
                                                                  0x00404ce2
                                                                  0x00404cf5
                                                                  0x00000000
                                                                  0x00404c19
                                                                  0x00404c1c
                                                                  0x00404c1f
                                                                  0x00404c22
                                                                  0x00404c22
                                                                  0x00404c27
                                                                  0x00404c30
                                                                  0x00404c33
                                                                  0x00404c37
                                                                  0x00404c3a
                                                                  0x00404c3d
                                                                  0x00404c46
                                                                  0x00404c4f
                                                                  0x00404c52
                                                                  0x00404c55
                                                                  0x00404c58
                                                                  0x00404c96
                                                                  0x00404cb9
                                                                  0x00404cbb
                                                                  0x00404cc1
                                                                  0x00404c98
                                                                  0x00404ca7
                                                                  0x00404ca7
                                                                  0x00404c5a
                                                                  0x00404c5d
                                                                  0x00404c6b
                                                                  0x00404c75
                                                                  0x00404c77
                                                                  0x00404c7d
                                                                  0x00404c84
                                                                  0x00404c87
                                                                  0x00404c8f
                                                                  0x00404c8f
                                                                  0x00404c58
                                                                  0x00404cc7
                                                                  0x00404cc8
                                                                  0x00404cd4
                                                                  0x00404cd4
                                                                  0x00404ce0
                                                                  0x00404cfb
                                                                  0x00404cfe
                                                                  0x00404d1b
                                                                  0x00000000
                                                                  0x00404d00
                                                                  0x00404d05
                                                                  0x00404d0e
                                                                  0x00405096
                                                                  0x004050a8
                                                                  0x004050a8
                                                                  0x00404cfe
                                                                  0x00000000
                                                                  0x00404ce0
                                                                  0x00404c13

                                                                  APIs
                                                                  • GetDlgItem.USER32 ref: 00404ABA
                                                                  • GetDlgItem.USER32 ref: 00404AC7
                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 00404B16
                                                                  • LoadImageA.USER32 ref: 00404B2D
                                                                  • SetWindowLongA.USER32 ref: 00404B47
                                                                  • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404B59
                                                                  • ImageList_AddMasked.COMCTL32(00000000,00000110,00FF00FF), ref: 00404B6D
                                                                  • SendMessageA.USER32(?,00001109,00000002), ref: 00404B83
                                                                  • SendMessageA.USER32(?,0000111C,00000000,00000000), ref: 00404B8F
                                                                  • SendMessageA.USER32(?,0000111B,00000010,00000000), ref: 00404B9F
                                                                  • DeleteObject.GDI32(00000110), ref: 00404BA4
                                                                  • SendMessageA.USER32(?,00000143,00000000,00000000), ref: 00404BCF
                                                                  • SendMessageA.USER32(?,00000151,00000000,00000000), ref: 00404BDB
                                                                  • SendMessageA.USER32(?,00001100,00000000,?), ref: 00404C75
                                                                  • SendMessageA.USER32(?,0000110A,00000003,00000110), ref: 00404CA5
                                                                    • Part of subcall function 004040D3: SendMessageA.USER32(00000028,?,00000001,00403F03), ref: 004040E1
                                                                  • SendMessageA.USER32(?,00001100,00000000,?), ref: 00404CB9
                                                                  • GetWindowLongA.USER32 ref: 00404CE7
                                                                  • SetWindowLongA.USER32 ref: 00404CF5
                                                                  • ShowWindow.USER32(?,00000005), ref: 00404D05
                                                                  • SendMessageA.USER32(?,00000419,00000000,?), ref: 00404E00
                                                                  • SendMessageA.USER32(?,00000147,00000000,00000000), ref: 00404E65
                                                                  • SendMessageA.USER32(?,00000150,00000000,00000000), ref: 00404E7A
                                                                  • SendMessageA.USER32(?,00000420,00000000,00000020), ref: 00404E9E
                                                                  • SendMessageA.USER32(?,00000200,00000000,00000000), ref: 00404EBE
                                                                  • ImageList_Destroy.COMCTL32(00000000), ref: 00404ED3
                                                                  • GlobalFree.KERNEL32 ref: 00404EE3
                                                                  • SendMessageA.USER32(?,0000014E,00000000,00000000), ref: 00404F5C
                                                                  • SendMessageA.USER32(?,00001102,?,?), ref: 00405005
                                                                  • SendMessageA.USER32(?,0000110D,00000000,00000008), ref: 00405014
                                                                  • InvalidateRect.USER32(?,00000000,00000001), ref: 00405034
                                                                  • ShowWindow.USER32(?,00000000), ref: 00405082
                                                                  • GetDlgItem.USER32 ref: 0040508D
                                                                  • ShowWindow.USER32(00000000), ref: 00405094
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.691031265.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.691022035.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691058909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691080261.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691237627.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691253951.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691263137.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691442975.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                  Similarity
                                                                  • API ID: MessageSend$Window$Image$ItemList_LongShow$Global$AllocCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                  • String ID: $M$N
                                                                  • API String ID: 2564846305-813528018
                                                                  • Opcode ID: 7979eb89c2ba789210c478efbd40ca5770d0cf58fb7a2a7deeb4f629e08dd5c3
                                                                  • Instruction ID: b93138f0eedc2449d1e9bfda9be5258a8e47cdb0f0c7c2118b7039f3366b9e37
                                                                  • Opcode Fuzzy Hash: 7979eb89c2ba789210c478efbd40ca5770d0cf58fb7a2a7deeb4f629e08dd5c3
                                                                  • Instruction Fuzzy Hash: AA026EB0900209AFEB20DFA5DD45AAE7BB5FB44314F14813AF614B62E0C7799D52CF58
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 00404209 Relevance: 37.0, APIs: 19, Strings: 2, Instructions: 202windowstringCOMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 93%
                                                                  			E00404209(struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, int _a16) {
				intOrPtr _v8;
				signed int _v12;
				void* _v16;
				struct HWND__* _t52;
				long _t86;
				int _t98;
				struct HWND__* _t99;
				signed int _t100;
				intOrPtr _t103;
				signed int _t106;
				intOrPtr _t107;
				intOrPtr _t109;
				int _t110;
				signed int* _t112;
				signed int _t113;
				char* _t114;
				CHAR* _t115;

				if(_a8 != 0x110) {
					__eflags = _a8 - 0x111;
					if(_a8 != 0x111) {
						L11:
						__eflags = _a8 - 0x4e;
						if(_a8 != 0x4e) {
							__eflags = _a8 - 0x40b;
							if(_a8 == 0x40b) {
								 *0x42983c =  *0x42983c + 1;
								__eflags =  *0x42983c;
							}
							L25:
							_t110 = _a16;
							L26:
							return E00404105(_a8, _a12, _t110);
						}
						_t52 = GetDlgItem(_a4, 0x3e8);
						_t110 = _a16;
						__eflags =  *((intOrPtr*)(_t110 + 8)) - 0x70b;
						if( *((intOrPtr*)(_t110 + 8)) == 0x70b) {
							__eflags =  *((intOrPtr*)(_t110 + 0xc)) - 0x201;
							if( *((intOrPtr*)(_t110 + 0xc)) == 0x201) {
								_t100 =  *((intOrPtr*)(_t110 + 0x1c));
								_t109 =  *((intOrPtr*)(_t110 + 0x18));
								_v12 = _t100;
								__eflags = _t100 - _t109 - 0x800;
								_v16 = _t109;
								_v8 = 0x42e3a0;
								if(_t100 - _t109 < 0x800) {
									SendMessageA(_t52, 0x44b, 0,  &_v16);
									SetCursor(LoadCursorA(0, 0x7f02));
									_push(1);
									E004044AD(_a4, _v8);
									SetCursor(LoadCursorA(0, 0x7f00));
									_t110 = _a16;
								}
							}
						}
						__eflags =  *((intOrPtr*)(_t110 + 8)) - 0x700;
						if( *((intOrPtr*)(_t110 + 8)) != 0x700) {
							goto L26;
						} else {
							__eflags =  *((intOrPtr*)(_t110 + 0xc)) - 0x100;
							if( *((intOrPtr*)(_t110 + 0xc)) != 0x100) {
								goto L26;
							}
							__eflags =  *((intOrPtr*)(_t110 + 0x10)) - 0xd;
							if( *((intOrPtr*)(_t110 + 0x10)) == 0xd) {
								SendMessageA( *0x42f408, 0x111, 1, 0);
							}
							__eflags =  *((intOrPtr*)(_t110 + 0x10)) - 0x1b;
							if( *((intOrPtr*)(_t110 + 0x10)) == 0x1b) {
								SendMessageA( *0x42f408, 0x10, 0, 0);
							}
							return 1;
						}
					}
					__eflags = _a12 >> 0x10;
					if(_a12 >> 0x10 != 0) {
						goto L25;
					}
					__eflags =  *0x42983c; // 0x0
					if(__eflags != 0) {
						goto L25;
					}
					_t103 =  *0x42a048; // 0x829e04
					_t25 = _t103 + 0x14; // 0x829e18
					_t112 = _t25;
					__eflags =  *_t112 & 0x00000020;
					if(( *_t112 & 0x00000020) == 0) {
						goto L25;
					}
					_t106 =  *_t112 & 0xfffffffe | SendMessageA(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001;
					__eflags = _t106;
					 *_t112 = _t106;
					E004040C0(SendMessageA(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001);
					E00404489();
					goto L11;
				} else {
					_t98 = _a16;
					_t113 =  *(_t98 + 0x30);
					if(_t113 < 0) {
						_t107 =  *0x42ebdc; // 0x82e563
						_t113 =  *(_t107 - 4 + _t113 * 4);
					}
					_push( *((intOrPtr*)(_t98 + 0x34)));
					_t114 = _t113 +  *0x42f458;
					_push(0x22);
					_a16 =  *_t114;
					_v12 = _v12 & 0x00000000;
					_t115 = _t114 + 1;
					_v16 = _t115;
					_v8 = E004041D4;
					E0040409E(_a4);
					_push( *((intOrPtr*)(_t98 + 0x38)));
					_push(0x23);
					E0040409E(_a4);
					CheckDlgButton(_a4, (0 | ( !( *(_t98 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t98 + 0x14) & 0x00000001) == 0x00000000) + 0x40a, 1);
					E004040C0( !( *(_t98 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t98 + 0x14) & 0x00000001);
					_t99 = GetDlgItem(_a4, 0x3e8);
					E004040D3(_t99);
					SendMessageA(_t99, 0x45b, 1, 0);
					_t86 =  *( *0x42f414 + 0x68);
					if(_t86 < 0) {
						_t86 = GetSysColor( ~_t86);
					}
					SendMessageA(_t99, 0x443, 0, _t86);
					SendMessageA(_t99, 0x445, 0, 0x4010000);
					SendMessageA(_t99, 0x435, 0, lstrlenA(_t115));
					 *0x42983c = 0;
					SendMessageA(_t99, 0x449, _a16,  &_v16);
					 *0x42983c = 0;
					return 0;
				}
			}




















                                                                  0x00404219
                                                                  0x0040432b
                                                                  0x0040433e
                                                                  0x0040439a
                                                                  0x0040439a
                                                                  0x0040439e
                                                                  0x00404464
                                                                  0x0040446b
                                                                  0x0040446d
                                                                  0x0040446d
                                                                  0x0040446d
                                                                  0x00404473
                                                                  0x00404473
                                                                  0x00404476
                                                                  0x00000000
                                                                  0x0040447d
                                                                  0x004043ac
                                                                  0x004043ae
                                                                  0x004043b1
                                                                  0x004043b8
                                                                  0x004043ba
                                                                  0x004043c1
                                                                  0x004043c3
                                                                  0x004043c6
                                                                  0x004043c9
                                                                  0x004043ce
                                                                  0x004043d4
                                                                  0x004043d7
                                                                  0x004043de
                                                                  0x004043ec
                                                                  0x00404404
                                                                  0x00404406
                                                                  0x0040440e
                                                                  0x0040441d
                                                                  0x0040441f
                                                                  0x0040441f
                                                                  0x004043de
                                                                  0x004043c1
                                                                  0x00404422
                                                                  0x00404429
                                                                  0x00000000
                                                                  0x0040442b
                                                                  0x0040442b
                                                                  0x00404432
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00404434
                                                                  0x00404438
                                                                  0x00404449
                                                                  0x00404449
                                                                  0x0040444b
                                                                  0x0040444f
                                                                  0x0040445d
                                                                  0x0040445d
                                                                  0x00000000
                                                                  0x00404461
                                                                  0x00404429
                                                                  0x00404346
                                                                  0x00404349
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00404351
                                                                  0x00404357
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x0040435d
                                                                  0x00404363
                                                                  0x00404363
                                                                  0x00404366
                                                                  0x00404369
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x0040438c
                                                                  0x0040438c
                                                                  0x0040438e
                                                                  0x00404390
                                                                  0x00404395
                                                                  0x00000000
                                                                  0x0040421f
                                                                  0x0040421f
                                                                  0x00404222
                                                                  0x00404227
                                                                  0x00404229
                                                                  0x00404238
                                                                  0x00404238
                                                                  0x0040423f
                                                                  0x00404242
                                                                  0x00404244
                                                                  0x00404249
                                                                  0x00404252
                                                                  0x00404258
                                                                  0x00404264
                                                                  0x00404267
                                                                  0x00404270
                                                                  0x00404275
                                                                  0x00404278
                                                                  0x0040427d
                                                                  0x00404294
                                                                  0x0040429b
                                                                  0x004042ae
                                                                  0x004042b1
                                                                  0x004042c6
                                                                  0x004042cd
                                                                  0x004042d2
                                                                  0x004042d7
                                                                  0x004042d7
                                                                  0x004042e6
                                                                  0x004042f5
                                                                  0x00404307
                                                                  0x0040430c
                                                                  0x0040431c
                                                                  0x0040431e
                                                                  0x00000000
                                                                  0x00404324

                                                                  APIs
                                                                  • CheckDlgButton.USER32 ref: 00404294
                                                                  • GetDlgItem.USER32 ref: 004042A8
                                                                  • SendMessageA.USER32(00000000,0000045B,00000001,00000000), ref: 004042C6
                                                                  • GetSysColor.USER32(?), ref: 004042D7
                                                                  • SendMessageA.USER32(00000000,00000443,00000000,?), ref: 004042E6
                                                                  • SendMessageA.USER32(00000000,00000445,00000000,04010000), ref: 004042F5
                                                                  • lstrlenA.KERNEL32(?), ref: 004042F8
                                                                  • SendMessageA.USER32(00000000,00000435,00000000,00000000), ref: 00404307
                                                                  • SendMessageA.USER32(00000000,00000449,?,00000110), ref: 0040431C
                                                                  • GetDlgItem.USER32 ref: 0040437E
                                                                  • SendMessageA.USER32(00000000), ref: 00404381
                                                                  • GetDlgItem.USER32 ref: 004043AC
                                                                  • SendMessageA.USER32(00000000,0000044B,00000000,00000201), ref: 004043EC
                                                                  • LoadCursorA.USER32 ref: 004043FB
                                                                  • SetCursor.USER32(00000000), ref: 00404404
                                                                  • LoadCursorA.USER32 ref: 0040441A
                                                                  • SetCursor.USER32(00000000), ref: 0040441D
                                                                  • SendMessageA.USER32(00000111,00000001,00000000), ref: 00404449
                                                                  • SendMessageA.USER32(00000010,00000000,00000000), ref: 0040445D
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.691031265.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.691022035.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691058909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691080261.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691237627.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691253951.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691263137.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691442975.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                  Similarity
                                                                  • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorlstrlen
                                                                  • String ID: : Completed$N
                                                                  • API String ID: 3103080414-2140067464
                                                                  • Opcode ID: 448c26d367fa4ce24fea73f86f3c1ebcb169a2680b3cc918c82a0762cc84cb42
                                                                  • Instruction ID: e1855738532d9be41fcebd9a9c4146cd0e241e622fdf0fb061f71f1fb699f553
                                                                  • Opcode Fuzzy Hash: 448c26d367fa4ce24fea73f86f3c1ebcb169a2680b3cc918c82a0762cc84cb42
                                                                  • Instruction Fuzzy Hash: 2661A4B1A40208BFDB109F61DD45F6A7B69FB84314F00803AFB057A1D1C7B8A952CF98
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 00401000 Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 125COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 90%
                                                                  			E00401000(struct HWND__* _a4, void* _a8, signed int _a12, void* _a16) {
				struct tagLOGBRUSH _v16;
				struct tagRECT _v32;
				struct tagPAINTSTRUCT _v96;
				struct HDC__* _t70;
				struct HBRUSH__* _t87;
				struct HFONT__* _t94;
				long _t102;
				signed int _t126;
				struct HDC__* _t128;
				intOrPtr _t130;

				if(_a8 == 0xf) {
					_t130 =  *0x42f414;
					_t70 = BeginPaint(_a4,  &_v96);
					_v16.lbStyle = _v16.lbStyle & 0x00000000;
					_a8 = _t70;
					GetClientRect(_a4,  &_v32);
					_t126 = _v32.bottom;
					_v32.bottom = _v32.bottom & 0x00000000;
					while(_v32.top < _t126) {
						_a12 = _t126 - _v32.top;
						asm("cdq");
						asm("cdq");
						asm("cdq");
						_v16.lbColor = 0 << 0x00000008 | (( *(_t130 + 0x50) & 0x000000ff) * _a12 + ( *(_t130 + 0x54) & 0x000000ff) * _v32.top) / _t126 & 0x000000ff;
						_t87 = CreateBrushIndirect( &_v16);
						_v32.bottom = _v32.bottom + 4;
						_a16 = _t87;
						FillRect(_a8,  &_v32, _t87);
						DeleteObject(_a16);
						_v32.top = _v32.top + 4;
					}
					if( *(_t130 + 0x58) != 0xffffffff) {
						_t94 = CreateFontIndirectA( *(_t130 + 0x34));
						_a16 = _t94;
						if(_t94 != 0) {
							_t128 = _a8;
							_v32.left = 0x10;
							_v32.top = 8;
							SetBkMode(_t128, 1);
							SetTextColor(_t128,  *(_t130 + 0x58));
							_a8 = SelectObject(_t128, _a16);
							DrawTextA(_t128, "Wildix WIService  v2.15.2 Setup", 0xffffffff,  &_v32, 0x820);
							SelectObject(_t128, _a8);
							DeleteObject(_a16);
						}
					}
					EndPaint(_a4,  &_v96);
					return 0;
				}
				_t102 = _a16;
				if(_a8 == 0x46) {
					 *(_t102 + 0x18) =  *(_t102 + 0x18) | 0x00000010;
					 *((intOrPtr*)(_t102 + 4)) =  *0x42f408;
				}
				return DefWindowProcA(_a4, _a8, _a12, _t102);
			}













                                                                  0x0040100a
                                                                  0x00401039
                                                                  0x00401047
                                                                  0x0040104d
                                                                  0x00401051
                                                                  0x0040105b
                                                                  0x00401061
                                                                  0x00401064
                                                                  0x004010f3
                                                                  0x00401089
                                                                  0x0040108c
                                                                  0x004010a6
                                                                  0x004010bd
                                                                  0x004010cc
                                                                  0x004010cf
                                                                  0x004010d5
                                                                  0x004010d9
                                                                  0x004010e4
                                                                  0x004010ed
                                                                  0x004010ef
                                                                  0x004010ef
                                                                  0x00401100
                                                                  0x00401105
                                                                  0x0040110d
                                                                  0x00401110
                                                                  0x00401112
                                                                  0x00401118
                                                                  0x0040111f
                                                                  0x00401126
                                                                  0x00401130
                                                                  0x00401142
                                                                  0x00401156
                                                                  0x00401160
                                                                  0x00401165
                                                                  0x00401165
                                                                  0x00401110
                                                                  0x0040116e
                                                                  0x00000000
                                                                  0x00401178
                                                                  0x00401010
                                                                  0x00401013
                                                                  0x00401015
                                                                  0x0040101f
                                                                  0x0040101f
                                                                  0x00000000

                                                                  APIs
                                                                  • DefWindowProcA.USER32(?,00000046,?,?), ref: 0040102C
                                                                  • BeginPaint.USER32(?,?), ref: 00401047
                                                                  • GetClientRect.USER32 ref: 0040105B
                                                                  • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                  • FillRect.USER32 ref: 004010E4
                                                                  • DeleteObject.GDI32(?), ref: 004010ED
                                                                  • CreateFontIndirectA.GDI32(?), ref: 00401105
                                                                  • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                                  • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                                  • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                  • DrawTextA.USER32(00000000,Wildix WIService v2.15.2 Setup,000000FF,00000010,00000820), ref: 00401156
                                                                  • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                  • DeleteObject.GDI32(?), ref: 00401165
                                                                  • EndPaint.USER32(?,?), ref: 0040116E
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.691031265.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.691022035.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691058909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691080261.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691237627.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691253951.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691263137.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691442975.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                  Similarity
                                                                  • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                  • String ID: F$Wildix WIService v2.15.2 Setup
                                                                  • API String ID: 941294808-1758028607
                                                                  • Opcode ID: 7b2e9886d4a0a86190cfd2eb73994447d751dd60ad8b28ccd238e082d53d4ecc
                                                                  • Instruction ID: a83fe4be3842045fa55e49ef5e4516223b86fcdf0b70f1128ddfc4a40beffe79
                                                                  • Opcode Fuzzy Hash: 7b2e9886d4a0a86190cfd2eb73994447d751dd60ad8b28ccd238e082d53d4ecc
                                                                  • Instruction Fuzzy Hash: 48418C71400209AFCB058FA5DE459BF7BB9FF45314F00842EF9A1AA1A0C7749955DFA4
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 00405C7F Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 129memorystringCOMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 100%
                                                                  			E00405C7F(void* __ecx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				long _t12;
				long _t24;
				char* _t31;
				int _t37;
				void* _t38;
				intOrPtr* _t39;
				long _t42;
				CHAR* _t44;
				void* _t46;
				void* _t48;
				void* _t49;
				void* _t52;
				void* _t53;

				_t38 = __ecx;
				_t44 =  *(_t52 + 0x14);
				 *0x42c600 = 0x4c554e;
				if(_t44 == 0) {
					L3:
					_t12 = GetShortPathNameA( *(_t52 + 0x1c), 0x42ca00, 0x400);
					if(_t12 != 0 && _t12 <= 0x400) {
						_t37 = wsprintfA(0x42c200, "%s=%s\r\n", 0x42c600, 0x42ca00);
						_t53 = _t52 + 0x10;
						E00406032(_t37, 0x400, 0x42ca00, 0x42ca00,  *((intOrPtr*)( *0x42f414 + 0x128)));
						_t12 = E00405BA9(0x42ca00, 0xc0000000, 4);
						_t48 = _t12;
						 *(_t53 + 0x18) = _t48;
						if(_t48 != 0xffffffff) {
							_t42 = GetFileSize(_t48, 0);
							_t6 = _t37 + 0xa; // 0xa
							_t46 = GlobalAlloc(0x40, _t42 + _t6);
							if(_t46 == 0 || E00405C21(_t48, _t46, _t42) == 0) {
								L18:
								return CloseHandle(_t48);
							} else {
								if(E00405B0E(_t38, _t46, "[Rename]\r\n") != 0) {
									_t49 = E00405B0E(_t38, _t21 + 0xa, 0x40a3b8);
									if(_t49 == 0) {
										_t48 =  *(_t53 + 0x18);
										L16:
										_t24 = _t42;
										L17:
										E00405B64(_t24 + _t46, 0x42c200, _t37);
										SetFilePointer(_t48, 0, 0, 0);
										E00405C50(_t48, _t46, _t42 + _t37);
										GlobalFree(_t46);
										goto L18;
									}
									_t39 = _t46 + _t42;
									_t31 = _t39 + _t37;
									while(_t39 > _t49) {
										 *_t31 =  *_t39;
										_t31 = _t31 - 1;
										_t39 = _t39 - 1;
									}
									_t24 = _t49 - _t46 + 1;
									_t48 =  *(_t53 + 0x18);
									goto L17;
								}
								lstrcpyA(_t46 + _t42, "[Rename]\r\n");
								_t42 = _t42 + 0xa;
								goto L16;
							}
						}
					}
				} else {
					CloseHandle(E00405BA9(_t44, 0, 1));
					_t12 = GetShortPathNameA(_t44, 0x42c600, 0x400);
					if(_t12 != 0 && _t12 <= 0x400) {
						goto L3;
					}
				}
				return _t12;
			}



















                                                                  0x00405c7f
                                                                  0x00405c88
                                                                  0x00405c8f
                                                                  0x00405ca3
                                                                  0x00405ccb
                                                                  0x00405cd6
                                                                  0x00405cda
                                                                  0x00405cfa
                                                                  0x00405d01
                                                                  0x00405d0b
                                                                  0x00405d18
                                                                  0x00405d1d
                                                                  0x00405d22
                                                                  0x00405d26
                                                                  0x00405d35
                                                                  0x00405d37
                                                                  0x00405d44
                                                                  0x00405d48
                                                                  0x00405de3
                                                                  0x00000000
                                                                  0x00405d5e
                                                                  0x00405d6b
                                                                  0x00405d8f
                                                                  0x00405d93
                                                                  0x00405db2
                                                                  0x00405db6
                                                                  0x00405db6
                                                                  0x00405db8
                                                                  0x00405dc1
                                                                  0x00405dcc
                                                                  0x00405dd7
                                                                  0x00405ddd
                                                                  0x00000000
                                                                  0x00405ddd
                                                                  0x00405d95
                                                                  0x00405d98
                                                                  0x00405da3
                                                                  0x00405d9f
                                                                  0x00405da1
                                                                  0x00405da2
                                                                  0x00405da2
                                                                  0x00405daa
                                                                  0x00405dac
                                                                  0x00000000
                                                                  0x00405dac
                                                                  0x00405d76
                                                                  0x00405d7c
                                                                  0x00000000
                                                                  0x00405d7c
                                                                  0x00405d48
                                                                  0x00405d26
                                                                  0x00405ca5
                                                                  0x00405cb0
                                                                  0x00405cb9
                                                                  0x00405cbd
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00405cbd
                                                                  0x00405dee

                                                                  APIs
                                                                  • CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,?,00000000,00405E10,?,?), ref: 00405CB0
                                                                  • GetShortPathNameA.KERNEL32 ref: 00405CB9
                                                                    • Part of subcall function 00405B0E: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405D69,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405B1E
                                                                    • Part of subcall function 00405B0E: lstrlenA.KERNEL32(00000000,?,00000000,00405D69,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405B50
                                                                  • GetShortPathNameA.KERNEL32 ref: 00405CD6
                                                                  • wsprintfA.USER32 ref: 00405CF4
                                                                  • GetFileSize.KERNEL32(00000000,00000000,0042CA00,C0000000,00000004,0042CA00,?,?,?,?,?), ref: 00405D2F
                                                                  • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 00405D3E
                                                                  • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D76
                                                                  • SetFilePointer.KERNEL32(0040A3B8,00000000,00000000,00000000,00000000,0042C200,00000000,-0000000A,0040A3B8,00000000,[Rename],00000000,00000000,00000000), ref: 00405DCC
                                                                  • GlobalFree.KERNEL32 ref: 00405DDD
                                                                  • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 00405DE4
                                                                    • Part of subcall function 00405BA9: GetFileAttributesA.KERNELBASE(00000003,00402E04,C:\Users\user\Desktop\SetupWIService.exe,80000000,00000003), ref: 00405BAD
                                                                    • Part of subcall function 00405BA9: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405BCF
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.691031265.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.691022035.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691058909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691080261.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691237627.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691253951.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691263137.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691442975.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                  Similarity
                                                                  • API ID: File$CloseGlobalHandleNamePathShortlstrlen$AllocAttributesCreateFreePointerSizelstrcpywsprintf
                                                                  • String ID: %s=%s$[Rename]
                                                                  • API String ID: 2171350718-1727408572
                                                                  • Opcode ID: f77fbfde1968c6cc6d109ac9641d83ed14e9d60a65f6ef3fc352fd67b9dcf635
                                                                  • Instruction ID: 5f10e72b046bb4c3808544f3b96a1b07f09bbbda3d3e46611c613b54f85f09c3
                                                                  • Opcode Fuzzy Hash: f77fbfde1968c6cc6d109ac9641d83ed14e9d60a65f6ef3fc352fd67b9dcf635
                                                                  • Instruction Fuzzy Hash: F631F231600B15ABD2207BA59D4DFAB3A6CDF42754F14443BFA01F62D2DA7CE8058ABD
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 0040627A Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 100%
                                                                  			E0040627A(CHAR* _a4) {
				char _t5;
				char _t7;
				char* _t15;
				char* _t16;
				CHAR* _t17;

				_t17 = _a4;
				if( *_t17 == 0x5c && _t17[1] == 0x5c && _t17[2] == 0x3f && _t17[3] == 0x5c) {
					_t17 =  &(_t17[4]);
				}
				if( *_t17 != 0 && E00405A15(_t17) != 0) {
					_t17 =  &(_t17[2]);
				}
				_t5 =  *_t17;
				_t15 = _t17;
				_t16 = _t17;
				if(_t5 != 0) {
					do {
						if(_t5 > 0x1f &&  *((char*)(E004059D3("*?|<>/\":", _t5))) == 0) {
							E00405B64(_t16, _t17, CharNextA(_t17) - _t17);
							_t16 = CharNextA(_t16);
						}
						_t17 = CharNextA(_t17);
						_t5 =  *_t17;
					} while (_t5 != 0);
				}
				 *_t16 =  *_t16 & 0x00000000;
				while(1) {
					_t16 = CharPrevA(_t15, _t16);
					_t7 =  *_t16;
					if(_t7 != 0x20 && _t7 != 0x5c) {
						break;
					}
					 *_t16 =  *_t16 & 0x00000000;
					if(_t15 < _t16) {
						continue;
					}
					break;
				}
				return _t7;
			}








                                                                  0x0040627c
                                                                  0x00406284
                                                                  0x00406298
                                                                  0x00406298
                                                                  0x0040629e
                                                                  0x004062ab
                                                                  0x004062ab
                                                                  0x004062ac
                                                                  0x004062ae
                                                                  0x004062b2
                                                                  0x004062b4
                                                                  0x004062bd
                                                                  0x004062bf
                                                                  0x004062d9
                                                                  0x004062e1
                                                                  0x004062e1
                                                                  0x004062e6
                                                                  0x004062e8
                                                                  0x004062ea
                                                                  0x004062ee
                                                                  0x004062ef
                                                                  0x004062f2
                                                                  0x004062fa
                                                                  0x004062fc
                                                                  0x00406300
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00406306
                                                                  0x0040630b
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x0040630b
                                                                  0x00406310

                                                                  APIs
                                                                  • CharNextA.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\SetupWIService.exe",7476FA90,C:\Users\user\AppData\Local\Temp\,00000000,00403246,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040347D,?,00000006,00000008,0000000A), ref: 004062D2
                                                                  • CharNextA.USER32(?,?,?,00000000,?,00000006,00000008,0000000A), ref: 004062DF
                                                                  • CharNextA.USER32(?,"C:\Users\user\Desktop\SetupWIService.exe",7476FA90,C:\Users\user\AppData\Local\Temp\,00000000,00403246,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040347D,?,00000006,00000008,0000000A), ref: 004062E4
                                                                  • CharPrevA.USER32(?,?,7476FA90,C:\Users\user\AppData\Local\Temp\,00000000,00403246,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040347D,?,00000006,00000008,0000000A), ref: 004062F4
                                                                  Strings
                                                                  • C:\Users\user\AppData\Local\Temp\, xrefs: 0040627B
                                                                  • "C:\Users\user\Desktop\SetupWIService.exe", xrefs: 004062B6
                                                                  • *?|<>/":, xrefs: 004062C2
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.691031265.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.691022035.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691058909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691080261.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691237627.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691253951.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691263137.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691442975.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                  Similarity
                                                                  • API ID: Char$Next$Prev
                                                                  • String ID: "C:\Users\user\Desktop\SetupWIService.exe"$*?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                                  • API String ID: 589700163-365024208
                                                                  • Opcode ID: a4ab23b94a56fbb4e4ab915d6a0181bd243ee2e30b5e95404a857257d08c8b81
                                                                  • Instruction ID: 6247d5b4c7038ff51e561e9c2f84ae45375c8bcee8d01d3c6d5c321a6abb2e6d
                                                                  • Opcode Fuzzy Hash: a4ab23b94a56fbb4e4ab915d6a0181bd243ee2e30b5e95404a857257d08c8b81
                                                                  • Instruction Fuzzy Hash: 2211E95180479029EB3226246C40BBB7F884F97751F1A00BFE8C2722C1C67C5C52867D
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 00402CDD Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 40timeCOMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 100%
                                                                  			E00402CDD(struct HWND__* _a4, intOrPtr _a8) {
				char _v68;
				int _t11;
				int _t20;

				if(_a8 == 0x110) {
					SetTimer(_a4, 1, 0xfa, 0);
					_a8 = 0x113;
				}
				if(_a8 == 0x113) {
					_t20 =  *0x41d420; // 0x42bfbf
					_t11 =  *0x42942c; // 0x42e178
					if(_t20 >= _t11) {
						_t20 = _t11;
					}
					wsprintfA( &_v68, "verifying installer: %d%%", MulDiv(_t20, 0x64, _t11));
					SetWindowTextA(_a4,  &_v68);
					SetDlgItemTextA(_a4, 0x406,  &_v68);
				}
				return 0;
			}






                                                                  0x00402cea
                                                                  0x00402cf8
                                                                  0x00402cfe
                                                                  0x00402cfe
                                                                  0x00402d0c
                                                                  0x00402d0e
                                                                  0x00402d14
                                                                  0x00402d1b
                                                                  0x00402d1d
                                                                  0x00402d1d
                                                                  0x00402d33
                                                                  0x00402d43
                                                                  0x00402d55
                                                                  0x00402d55
                                                                  0x00402d5d

                                                                  APIs
                                                                  • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402CF8
                                                                  • MulDiv.KERNEL32(0042BFBF,00000064,0042E178), ref: 00402D23
                                                                  • wsprintfA.USER32 ref: 00402D33
                                                                  • SetWindowTextA.USER32(?,?), ref: 00402D43
                                                                  • SetDlgItemTextA.USER32 ref: 00402D55
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.691031265.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.691022035.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691058909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691080261.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691237627.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691253951.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691263137.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691442975.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                  Similarity
                                                                  • API ID: Text$ItemTimerWindowwsprintf
                                                                  • String ID: verifying installer: %d%%$xB
                                                                  • API String ID: 1451636040-1929740994
                                                                  • Opcode ID: f8f7fb574b01a37347c2b5a7030e5195f98b1542352a9ab3f35e70a1f9b9ac5a
                                                                  • Instruction ID: 025fba79a5afffe449226ec8edfc98a8674e121caf39d96b1da50a976b993c92
                                                                  • Opcode Fuzzy Hash: f8f7fb574b01a37347c2b5a7030e5195f98b1542352a9ab3f35e70a1f9b9ac5a
                                                                  • Instruction Fuzzy Hash: AA01FF71640209FBEF249F60DE49FAE37A9FB04345F008039FA06B61D0DBB599568F59
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 00404105 Relevance: 12.1, APIs: 8, Instructions: 68COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 100%
                                                                  			E00404105(intOrPtr _a4, struct HDC__* _a8, struct HWND__* _a12) {
				struct tagLOGBRUSH _v16;
				long _t39;
				long _t41;
				void* _t44;
				signed char _t50;
				long* _t54;

				if(_a4 + 0xfffffecd > 5) {
					L18:
					return 0;
				}
				_t54 = GetWindowLongA(_a12, 0xffffffeb);
				if(_t54 == 0 || _t54[2] > 1 || _t54[4] > 2) {
					goto L18;
				} else {
					_t50 = _t54[5];
					if((_t50 & 0xffffffe0) != 0) {
						goto L18;
					}
					_t39 =  *_t54;
					if((_t50 & 0x00000002) != 0) {
						_t39 = GetSysColor(_t39);
					}
					if((_t54[5] & 0x00000001) != 0) {
						SetTextColor(_a8, _t39);
					}
					SetBkMode(_a8, _t54[4]);
					_t41 = _t54[1];
					_v16.lbColor = _t41;
					if((_t54[5] & 0x00000008) != 0) {
						_t41 = GetSysColor(_t41);
						_v16.lbColor = _t41;
					}
					if((_t54[5] & 0x00000004) != 0) {
						SetBkColor(_a8, _t41);
					}
					if((_t54[5] & 0x00000010) != 0) {
						_v16.lbStyle = _t54[2];
						_t44 = _t54[3];
						if(_t44 != 0) {
							DeleteObject(_t44);
						}
						_t54[3] = CreateBrushIndirect( &_v16);
					}
					return _t54[3];
				}
			}









                                                                  0x00404117
                                                                  0x004041cd
                                                                  0x00000000
                                                                  0x004041cd
                                                                  0x00404128
                                                                  0x0040412c
                                                                  0x00000000
                                                                  0x00404146
                                                                  0x00404146
                                                                  0x0040414f
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00404151
                                                                  0x0040415d
                                                                  0x00404160
                                                                  0x00404160
                                                                  0x00404166
                                                                  0x0040416c
                                                                  0x0040416c
                                                                  0x00404178
                                                                  0x0040417e
                                                                  0x00404185
                                                                  0x00404188
                                                                  0x0040418b
                                                                  0x0040418d
                                                                  0x0040418d
                                                                  0x00404195
                                                                  0x0040419b
                                                                  0x0040419b
                                                                  0x004041a5
                                                                  0x004041aa
                                                                  0x004041ad
                                                                  0x004041b2
                                                                  0x004041b5
                                                                  0x004041b5
                                                                  0x004041c5
                                                                  0x004041c5
                                                                  0x00000000
                                                                  0x004041c8

                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.691031265.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.691022035.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691058909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691080261.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691237627.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691253951.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691263137.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691442975.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                  Similarity
                                                                  • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                  • String ID:
                                                                  • API String ID: 2320649405-0
                                                                  • Opcode ID: 2fd397ab70c88e7053abfa2b1889d7e6adf273714bf8f91ffd366fbe1d5efa4b
                                                                  • Instruction ID: 549509973aaa983cd2a57f184cdff44cbcc336d3318ba047a0b32752f088f93e
                                                                  • Opcode Fuzzy Hash: 2fd397ab70c88e7053abfa2b1889d7e6adf273714bf8f91ffd366fbe1d5efa4b
                                                                  • Instruction Fuzzy Hash: 7D2162715007049BCB219F68DD4CB5BBBF8AF91714B048A3EEA96A66E0C734E984CB54
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 6F5424D8 Relevance: 10.6, APIs: 7, Instructions: 124COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 77%
                                                                  			E6F5424D8(intOrPtr* _a4) {
				char _v80;
				int _v84;
				intOrPtr _v88;
				short _v92;
				intOrPtr* _t28;
				void* _t30;
				intOrPtr _t31;
				signed int _t43;
				void* _t44;
				intOrPtr _t45;
				void* _t48;

				_t44 = E6F541215();
				_t28 = _a4;
				_t45 =  *((intOrPtr*)(_t28 + 0x814));
				_v88 = _t45;
				_t48 = (_t45 + 0x41 << 5) + _t28;
				do {
					if( *((intOrPtr*)(_t48 - 4)) >= 0) {
					}
					_t43 =  *(_t48 - 8) & 0x000000ff;
					if(_t43 <= 7) {
						switch( *((intOrPtr*)(_t43 * 4 +  &M6F542626))) {
							case 0:
								 *_t44 = 0;
								goto L17;
							case 1:
								__eax =  *__eax;
								if(__ecx > __ebx) {
									_v84 = __ecx;
									__ecx =  *(0x6f54307c + __edx * 4);
									__edx = _v84;
									__ecx = __ecx * __edx;
									asm("sbb edx, edx");
									__edx = __edx & __ecx;
									__eax = __eax &  *(0x6f54309c + __edx * 4);
								}
								_push(__eax);
								goto L15;
							case 2:
								__eax = E6F541429(__edx,  *__eax,  *((intOrPtr*)(__eax + 4)), __edi);
								goto L16;
							case 3:
								__eax = lstrcpynA(__edi,  *__eax,  *0x6f54405c);
								goto L17;
							case 4:
								__ecx =  *0x6f54405c;
								__edx = __ecx - 1;
								__eax = WideCharToMultiByte(__ebx, __ebx,  *__eax, __ecx, __edi, __edx, __ebx, __ebx);
								__eax =  *0x6f54405c;
								 *((char*)(__eax + __edi - 1)) = __bl;
								goto L17;
							case 5:
								__ecx =  &_v80;
								_push(0x27);
								_push(__ecx);
								_push( *__eax);
								__imp__StringFromGUID2();
								__eax =  &_v92;
								__eax = WideCharToMultiByte(__ebx, __ebx,  &_v92,  &_v92, __edi,  *0x6f54405c, __ebx, __ebx);
								goto L17;
							case 6:
								_push( *__esi);
								L15:
								__eax = wsprintfA(__edi, 0x6f544000);
								L16:
								__esp = __esp + 0xc;
								goto L17;
						}
					}
					L17:
					_t30 =  *(_t48 + 0x14);
					if(_t30 != 0 && ( *_a4 != 2 ||  *((intOrPtr*)(_t48 - 4)) > 0)) {
						GlobalFree(_t30);
					}
					_t31 =  *((intOrPtr*)(_t48 + 0xc));
					if(_t31 != 0) {
						if(_t31 != 0xffffffff) {
							if(_t31 > 0) {
								E6F5412D1(_t31 - 1, _t44);
								goto L26;
							}
						} else {
							E6F541266(_t44);
							L26:
						}
					}
					_v88 = _v88 - 1;
					_t48 = _t48 - 0x20;
				} while (_v88 >= 0);
				return GlobalFree(_t44);
			}














                                                                  0x6f5424e4
                                                                  0x6f5424e6
                                                                  0x6f5424f0
                                                                  0x6f5424f6
                                                                  0x6f542500
                                                                  0x6f542504
                                                                  0x6f542509
                                                                  0x6f542509
                                                                  0x6f542511
                                                                  0x6f542518
                                                                  0x6f54251e
                                                                  0x00000000
                                                                  0x6f542525
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x6f54252c
                                                                  0x6f542530
                                                                  0x6f542533
                                                                  0x6f542537
                                                                  0x6f54253e
                                                                  0x6f542542
                                                                  0x6f542548
                                                                  0x6f54254a
                                                                  0x6f54254c
                                                                  0x6f54254c
                                                                  0x6f542553
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x6f54255c
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x6f54256c
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x6f542598
                                                                  0x6f5425a0
                                                                  0x6f5425aa
                                                                  0x6f5425ac
                                                                  0x6f5425b1
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x6f542574
                                                                  0x6f542578
                                                                  0x6f54257a
                                                                  0x6f54257b
                                                                  0x6f54257d
                                                                  0x6f54258d
                                                                  0x6f542594
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x6f5425b7
                                                                  0x6f5425b9
                                                                  0x6f5425bf
                                                                  0x6f5425c5
                                                                  0x6f5425c5
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x6f54251e
                                                                  0x6f5425c8
                                                                  0x6f5425c8
                                                                  0x6f5425cd
                                                                  0x6f5425de
                                                                  0x6f5425de
                                                                  0x6f5425e4
                                                                  0x6f5425e9
                                                                  0x6f5425ee
                                                                  0x6f5425fa
                                                                  0x6f5425ff
                                                                  0x00000000
                                                                  0x6f542604
                                                                  0x6f5425f0
                                                                  0x6f5425f1
                                                                  0x6f542605
                                                                  0x6f542605
                                                                  0x6f5425ee
                                                                  0x6f542606
                                                                  0x6f54260a
                                                                  0x6f54260d
                                                                  0x6f542625

                                                                  APIs
                                                                    • Part of subcall function 6F541215: GlobalAlloc.KERNEL32(00000040,6F541233,?,6F5412CF,-6F54404B,6F5411AB,-000000A0), ref: 6F54121D
                                                                  • GlobalFree.KERNEL32 ref: 6F5425DE
                                                                  • GlobalFree.KERNEL32 ref: 6F542618
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.692110359.000000006F541000.00000020.00000001.01000000.00000005.sdmp, Offset: 6F540000, based on PE: true
                                                                  • Associated: 00000000.00000002.692101817.000000006F540000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                  • Associated: 00000000.00000002.692119078.000000006F543000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                  • Associated: 00000000.00000002.692127055.000000006F545000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6f540000_SetupWIService.jbxd
                                                                  Similarity
                                                                  • API ID: Global$Free$Alloc
                                                                  • String ID:
                                                                  • API String ID: 1780285237-0
                                                                  • Opcode ID: 985566f94e4c9464b59932ef661d065742ab1d9a787369abdf2a0a63a2602fca
                                                                  • Instruction ID: 22548fe77a102c817f991455fd25a54840b92487fbb7a682e13d8b0342fdd595
                                                                  • Opcode Fuzzy Hash: 985566f94e4c9464b59932ef661d065742ab1d9a787369abdf2a0a63a2602fca
                                                                  • Instruction Fuzzy Hash: 4C41F072108210EFDB01DF64CE98C6A7BBAFB86314B014A7DF524DB150DB30AD28DB62
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 004049F1 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 100%
                                                                  			E004049F1(struct HWND__* _a4, intOrPtr _a8) {
				long _v8;
				signed char _v12;
				unsigned int _v16;
				void* _v20;
				intOrPtr _v24;
				long _v56;
				void* _v60;
				long _t15;
				unsigned int _t19;
				signed int _t25;
				struct HWND__* _t28;

				_t28 = _a4;
				_t15 = SendMessageA(_t28, 0x110a, 9, 0);
				if(_a8 == 0) {
					L4:
					_v56 = _t15;
					_v60 = 4;
					SendMessageA(_t28, 0x110c, 0,  &_v60);
					return _v24;
				}
				_t19 = GetMessagePos();
				_v16 = _t19 >> 0x10;
				_v20 = _t19;
				ScreenToClient(_t28,  &_v20);
				_t25 = SendMessageA(_t28, 0x1111, 0,  &_v20);
				if((_v12 & 0x00000066) != 0) {
					_t15 = _v8;
					goto L4;
				}
				return _t25 | 0xffffffff;
			}














                                                                  0x004049ff
                                                                  0x00404a0c
                                                                  0x00404a12
                                                                  0x00404a50
                                                                  0x00404a50
                                                                  0x00404a5f
                                                                  0x00404a66
                                                                  0x00000000
                                                                  0x00404a68
                                                                  0x00404a14
                                                                  0x00404a23
                                                                  0x00404a2b
                                                                  0x00404a2e
                                                                  0x00404a40
                                                                  0x00404a46
                                                                  0x00404a4d
                                                                  0x00000000
                                                                  0x00404a4d
                                                                  0x00000000

                                                                  APIs
                                                                  • SendMessageA.USER32(?,0000110A,00000009,00000000), ref: 00404A0C
                                                                  • GetMessagePos.USER32 ref: 00404A14
                                                                  • ScreenToClient.USER32 ref: 00404A2E
                                                                  • SendMessageA.USER32(?,00001111,00000000,?), ref: 00404A40
                                                                  • SendMessageA.USER32(?,0000110C,00000000,?), ref: 00404A66
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.691031265.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.691022035.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691058909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691080261.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691237627.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691253951.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691263137.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691442975.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                  Similarity
                                                                  • API ID: Message$Send$ClientScreen
                                                                  • String ID: f
                                                                  • API String ID: 41195575-1993550816
                                                                  • Opcode ID: b233b2991907e98a40282691d164461162982266b543cde43f51771bab81e11a
                                                                  • Instruction ID: dd2724b276b0829887a11dc4f26b79c7971af77995a7330ace4ae867cc8e4813
                                                                  • Opcode Fuzzy Hash: b233b2991907e98a40282691d164461162982266b543cde43f51771bab81e11a
                                                                  • Instruction Fuzzy Hash: 4B018071940218BADB00DB94DD81BFEBBB8AF95711F10412BBA11B61C0C7B455018FA4
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 00401DFF Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 43COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 73%
                                                                  			E00401DFF(intOrPtr __edx) {
				void* __esi;
				int _t9;
				signed char _t15;
				struct HFONT__* _t18;
				intOrPtr _t30;
				struct HDC__* _t31;
				void* _t33;
				void* _t35;

				_t30 = __edx;
				_t31 = GetDC( *(_t35 - 8));
				_t9 = E00402B0A(2);
				 *((intOrPtr*)(_t35 - 0x10)) = _t30;
				0x40b818->lfHeight =  ~(MulDiv(_t9, GetDeviceCaps(_t31, 0x5a), 0x48));
				ReleaseDC( *(_t35 - 8), _t31);
				 *0x40b828 = E00402B0A(3);
				_t15 =  *((intOrPtr*)(_t35 - 0x24));
				 *((intOrPtr*)(_t35 - 0x10)) = _t30;
				 *0x40b82f = 1;
				 *0x40b82c = _t15 & 0x00000001;
				 *0x40b82d = _t15 & 0x00000002;
				 *0x40b82e = _t15 & 0x00000004;
				E00406032(_t9, _t31, _t33, "MS Shell Dlg",  *((intOrPtr*)(_t35 - 0x30)));
				_t18 = CreateFontIndirectA(0x40b818);
				_push(_t18);
				_push(_t33);
				E00405F6E();
				 *0x42f4a8 =  *0x42f4a8 +  *((intOrPtr*)(_t35 - 4));
				return 0;
			}











                                                                  0x00401dff
                                                                  0x00401e0a
                                                                  0x00401e0c
                                                                  0x00401e19
                                                                  0x00401e30
                                                                  0x00401e35
                                                                  0x00401e42
                                                                  0x00401e47
                                                                  0x00401e4b
                                                                  0x00401e56
                                                                  0x00401e5d
                                                                  0x00401e6f
                                                                  0x00401e75
                                                                  0x00401e7a
                                                                  0x00401e84
                                                                  0x004025e4
                                                                  0x00401569
                                                                  0x00402960
                                                                  0x004029bb
                                                                  0x004029c7

                                                                  APIs
                                                                  • GetDC.USER32(?), ref: 00401E02
                                                                  • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401E1C
                                                                  • MulDiv.KERNEL32(00000000,00000000), ref: 00401E24
                                                                  • ReleaseDC.USER32 ref: 00401E35
                                                                  • CreateFontIndirectA.GDI32(0040B818), ref: 00401E84
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.691031265.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.691022035.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691058909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691080261.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691237627.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691253951.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691263137.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691442975.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                  Similarity
                                                                  • API ID: CapsCreateDeviceFontIndirectRelease
                                                                  • String ID: MS Shell Dlg
                                                                  • API String ID: 3808545654-76309092
                                                                  • Opcode ID: 4e2ac4968fbcfc45df335883300c5f964cad547b4711af948e6fa709055a9030
                                                                  • Instruction ID: a7e809a5f5c9b27870585acda152ffb90eb46fec6a88876af75f69e410eeec04
                                                                  • Opcode Fuzzy Hash: 4e2ac4968fbcfc45df335883300c5f964cad547b4711af948e6fa709055a9030
                                                                  • Instruction Fuzzy Hash: A6015672544240AFD7016B74AE4ABA93FB8EB59305F108839F141B61F2C7750505CB9C
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 6F5422F1 Relevance: 9.1, APIs: 6, Instructions: 140memoryCOMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 86%
                                                                  			E6F5422F1(void* __edx, intOrPtr _a4) {
				signed int _v4;
				signed int _v8;
				void* _t38;
				signed int _t39;
				void* _t40;
				void* _t43;
				void* _t48;
				signed int* _t50;
				signed char* _t51;

				_v8 = 0 |  *((intOrPtr*)(_a4 + 0x814)) > 0x00000000;
				while(1) {
					_t9 = _a4 + 0x818; // 0x818
					_t51 = (_v8 << 5) + _t9;
					_t38 = _t51[0x18];
					if(_t38 == 0) {
						goto L9;
					}
					_t48 = 0x1a;
					if(_t38 == _t48) {
						goto L9;
					}
					if(_t38 != 0xffffffff) {
						if(_t38 <= 0 || _t38 > 0x19) {
							_t51[0x18] = _t48;
						} else {
							_t38 = E6F5412AD(_t38 - 1);
							L10:
						}
						goto L11;
					} else {
						_t38 = E6F54123B();
						L11:
						_t43 = _t38;
						_t13 =  &(_t51[8]); // 0x820
						_t50 = _t13;
						if(_t51[4] >= 0) {
						}
						_t39 =  *_t51 & 0x000000ff;
						_t51[0x1c] = _t51[0x1c] & 0x00000000;
						_v4 = _t39;
						if(_t39 > 7) {
							L27:
							_t40 = GlobalFree(_t43);
							if(_v8 == 0) {
								return _t40;
							}
							if(_v8 !=  *((intOrPtr*)(_a4 + 0x814))) {
								_v8 = _v8 + 1;
							} else {
								_v8 = _v8 & 0x00000000;
							}
							continue;
						} else {
							switch( *((intOrPtr*)(_t39 * 4 +  &M6F54247E))) {
								case 0:
									 *_t50 =  *_t50 & 0x00000000;
									goto L27;
								case 1:
									__eax = E6F5412FE(__ebx);
									goto L20;
								case 2:
									 *__ebp = E6F5412FE(__ebx);
									_a4 = __edx;
									goto L27;
								case 3:
									__eax = E6F541224(__ebx);
									 *(__esi + 0x1c) = __eax;
									L20:
									 *__ebp = __eax;
									goto L27;
								case 4:
									 *0x6f54405c =  *0x6f54405c +  *0x6f54405c;
									__edi = GlobalAlloc(0x40,  *0x6f54405c +  *0x6f54405c);
									 *0x6f54405c = MultiByteToWideChar(0, 0, __ebx,  *0x6f54405c, __edi,  *0x6f54405c);
									if(_v4 != 5) {
										 *(__esi + 0x1c) = __edi;
										 *__ebp = __edi;
									} else {
										__eax = GlobalAlloc(0x40, 0x10);
										_push(__eax);
										 *(__esi + 0x1c) = __eax;
										_push(__edi);
										 *__ebp = __eax;
										__imp__CLSIDFromString();
										__eax = GlobalFree(__edi);
									}
									goto L27;
								case 5:
									if( *__ebx != 0) {
										__eax = E6F5412FE(__ebx);
										 *__edi = __eax;
									}
									goto L27;
								case 6:
									__esi =  *(__esi + 0x18);
									__esi = __esi - 1;
									__esi = __esi *  *0x6f54405c;
									__esi = __esi +  *0x6f544064;
									__eax = __esi + 0xc;
									 *__edi = __esi + 0xc;
									asm("cdq");
									__eax = E6F541429(__edx, __esi + 0xc, __edx, __esi);
									goto L27;
							}
						}
					}
					L9:
					_t38 = E6F541224(0x6f544034);
					goto L10;
				}
			}












                                                                  0x6f542306
                                                                  0x6f54230a
                                                                  0x6f542315
                                                                  0x6f542315
                                                                  0x6f54231c
                                                                  0x6f542321
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x6f542325
                                                                  0x6f542328
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x6f54232d
                                                                  0x6f542338
                                                                  0x6f542348
                                                                  0x6f54233f
                                                                  0x6f542341
                                                                  0x6f542357
                                                                  0x6f542357
                                                                  0x00000000
                                                                  0x6f54232f
                                                                  0x6f54232f
                                                                  0x6f542358
                                                                  0x6f54235c
                                                                  0x6f54235e
                                                                  0x6f54235e
                                                                  0x6f542361
                                                                  0x6f542361
                                                                  0x6f542369
                                                                  0x6f54236c
                                                                  0x6f542373
                                                                  0x6f542377
                                                                  0x6f542446
                                                                  0x6f542447
                                                                  0x6f542452
                                                                  0x6f54247d
                                                                  0x6f54247d
                                                                  0x6f542462
                                                                  0x6f54246e
                                                                  0x6f542464
                                                                  0x6f542464
                                                                  0x6f542464
                                                                  0x00000000
                                                                  0x6f54237d
                                                                  0x6f54237d
                                                                  0x00000000
                                                                  0x6f542384
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x6f54238d
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x6f54239b
                                                                  0x6f54239e
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x6f5423a7
                                                                  0x6f5423ac
                                                                  0x6f5423af
                                                                  0x6f5423b0
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x6f5423bd
                                                                  0x6f5423c8
                                                                  0x6f5423d7
                                                                  0x6f5423e2
                                                                  0x6f542405
                                                                  0x6f542408
                                                                  0x6f5423e4
                                                                  0x6f5423e8
                                                                  0x6f5423ee
                                                                  0x6f5423ef
                                                                  0x6f5423f2
                                                                  0x6f5423f3
                                                                  0x6f5423f6
                                                                  0x6f5423fd
                                                                  0x6f5423fd
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x6f542410
                                                                  0x6f542413
                                                                  0x6f54241f
                                                                  0x6f542421
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x6f542424
                                                                  0x6f542427
                                                                  0x6f542428
                                                                  0x6f54242f
                                                                  0x6f542436
                                                                  0x6f542439
                                                                  0x6f54243b
                                                                  0x6f54243e
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x6f54237d
                                                                  0x6f542377
                                                                  0x6f54234d
                                                                  0x6f542352
                                                                  0x00000000
                                                                  0x6f542352

                                                                  APIs
                                                                  • GlobalFree.KERNEL32 ref: 6F542447
                                                                    • Part of subcall function 6F541224: lstrcpynA.KERNEL32(00000000,?,6F5412CF,-6F54404B,6F5411AB,-000000A0), ref: 6F541234
                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 6F5423C2
                                                                  • MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,?), ref: 6F5423D7
                                                                  • GlobalAlloc.KERNEL32(00000040,00000010), ref: 6F5423E8
                                                                  • CLSIDFromString.OLE32(00000000,00000000), ref: 6F5423F6
                                                                  • GlobalFree.KERNEL32 ref: 6F5423FD
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.692110359.000000006F541000.00000020.00000001.01000000.00000005.sdmp, Offset: 6F540000, based on PE: true
                                                                  • Associated: 00000000.00000002.692101817.000000006F540000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                  • Associated: 00000000.00000002.692119078.000000006F543000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                  • Associated: 00000000.00000002.692127055.000000006F545000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6f540000_SetupWIService.jbxd
                                                                  Similarity
                                                                  • API ID: Global$AllocFree$ByteCharFromMultiStringWidelstrcpyn
                                                                  • String ID:
                                                                  • API String ID: 3730416702-0
                                                                  • Opcode ID: b045efbe34086e5dbaeb873a021cecd5ac5e22380e9275c9ec615e8c146d3a84
                                                                  • Instruction ID: e2a59b56bf64db034b19191cae7a7b581d59048466250a874f97b3cedb70493c
                                                                  • Opcode Fuzzy Hash: b045efbe34086e5dbaeb873a021cecd5ac5e22380e9275c9ec615e8c146d3a84
                                                                  • Instruction Fuzzy Hash: 7041AD71508B10EFD710DF649944B6ABBF8FF81325F004A7AE849CA190E730AD58DB62
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 004048E7 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 84stringCOMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 77%
                                                                  			E004048E7(int _a4, intOrPtr _a8, signed int _a12, signed int _a16) {
				char _v36;
				char _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t21;
				signed int _t22;
				void* _t29;
				void* _t31;
				void* _t32;
				void* _t41;
				signed int _t43;
				signed int _t47;
				signed int _t50;
				signed int _t51;
				signed int _t53;

				_t21 = _a16;
				_t51 = _a12;
				_t41 = 0xffffffdc;
				if(_t21 == 0) {
					_push(0x14);
					_pop(0);
					_t22 = _t51;
					if(_t51 < 0x100000) {
						_push(0xa);
						_pop(0);
						_t41 = 0xffffffdd;
					}
					if(_t51 < 0x400) {
						_t41 = 0xffffffde;
					}
					if(_t51 < 0xffff3333) {
						_t50 = 0x14;
						asm("cdq");
						_t22 = 1 / _t50 + _t51;
					}
					_t23 = _t22 & 0x00ffffff;
					_t53 = _t22 >> 0;
					_t43 = 0xa;
					_t47 = ((_t22 & 0x00ffffff) + _t23 * 4 + (_t22 & 0x00ffffff) + _t23 * 4 >> 0) % _t43;
				} else {
					_t53 = (_t21 << 0x00000020 | _t51) >> 0x14;
					_t47 = 0;
				}
				_t29 = E00406032(_t41, _t47, _t53,  &_v36, 0xffffffdf);
				_t31 = E00406032(_t41, _t47, _t53,  &_v68, _t41);
				_t32 = E00406032(_t41, _t47, 0x42a870, 0x42a870, _a8);
				wsprintfA(_t32 + lstrlenA(0x42a870), "%u.%u%s%s", _t53, _t47, _t31, _t29);
				return SetDlgItemTextA( *0x42ebd8, _a4, 0x42a870);
			}



















                                                                  0x004048ed
                                                                  0x004048f2
                                                                  0x004048fa
                                                                  0x004048fb
                                                                  0x00404908
                                                                  0x00404910
                                                                  0x00404911
                                                                  0x00404913
                                                                  0x00404915
                                                                  0x00404917
                                                                  0x0040491a
                                                                  0x0040491a
                                                                  0x00404921
                                                                  0x00404927
                                                                  0x00404927
                                                                  0x0040492e
                                                                  0x00404935
                                                                  0x00404938
                                                                  0x0040493b
                                                                  0x0040493b
                                                                  0x0040493f
                                                                  0x0040494f
                                                                  0x00404951
                                                                  0x00404954
                                                                  0x004048fd
                                                                  0x004048fd
                                                                  0x00404904
                                                                  0x00404904
                                                                  0x0040495c
                                                                  0x00404967
                                                                  0x0040497d
                                                                  0x0040498d
                                                                  0x004049a9

                                                                  APIs
                                                                  • lstrlenA.KERNEL32(Wildix WIService v2.15.2 Setup: Completed,Wildix WIService v2.15.2 Setup: Completed,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,00404802,000000DF,00000000,00000400,?), ref: 00404985
                                                                  • wsprintfA.USER32 ref: 0040498D
                                                                  • SetDlgItemTextA.USER32 ref: 004049A0
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.691031265.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.691022035.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691058909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691080261.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691237627.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691253951.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691263137.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691442975.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                  Similarity
                                                                  • API ID: ItemTextlstrlenwsprintf
                                                                  • String ID: %u.%u%s%s$Wildix WIService v2.15.2 Setup: Completed
                                                                  • API String ID: 3540041739-2546757289
                                                                  • Opcode ID: 8f52a3d2b7158611b8ddfee5cd82df9920a420a3de20037d500134a76e905cd2
                                                                  • Instruction ID: e3696489e73bdb8ba2be03c53b0d6a47c9a41464d55e6eab91935fd2637341d8
                                                                  • Opcode Fuzzy Hash: 8f52a3d2b7158611b8ddfee5cd82df9920a420a3de20037d500134a76e905cd2
                                                                  • Instruction Fuzzy Hash: 0E11E473A441286BDB10A57D9C41EAF329CDB85374F254237FA26F31D1E978CC2282A9
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 6F541837 Relevance: 7.7, APIs: 5, Instructions: 194COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 97%
                                                                  			E6F541837(signed int __edx, void* __eflags, void* _a8, void* _a16) {
				void* _v8;
				signed int _v12;
				signed int _v20;
				signed int _v24;
				char _v52;
				void _t45;
				void _t46;
				signed int _t47;
				signed int _t48;
				signed int _t57;
				signed int _t58;
				signed int _t59;
				signed int _t60;
				signed int _t61;
				void* _t67;
				void* _t68;
				void* _t69;
				void* _t70;
				void* _t71;
				signed int _t77;
				void* _t81;
				signed int _t83;
				signed int _t85;
				signed int _t87;
				signed int _t90;
				void* _t101;

				_t85 = __edx;
				 *0x6f54405c = _a8;
				_t77 = 0;
				 *0x6f544060 = _a16;
				_v12 = 0;
				_v8 = E6F54123B();
				_t90 = E6F5412FE(_t42);
				_t87 = _t85;
				_t81 = E6F54123B();
				_a8 = _t81;
				_t45 =  *_t81;
				if(_t45 != 0x7e && _t45 != 0x21) {
					_a16 = E6F54123B();
					_t77 = E6F5412FE(_t74);
					_v12 = _t85;
					GlobalFree(_a16);
					_t81 = _a8;
				}
				_t46 =  *_t81;
				_t101 = _t46 - 0x2f;
				if(_t101 > 0) {
					_t47 = _t46 - 0x3c;
					__eflags = _t47;
					if(_t47 == 0) {
						__eflags =  *((char*)(_t81 + 1)) - 0x3c;
						if( *((char*)(_t81 + 1)) != 0x3c) {
							__eflags = _t87 - _v12;
							if(__eflags > 0) {
								L56:
								_t48 = 0;
								__eflags = 0;
								L57:
								asm("cdq");
								L58:
								_t90 = _t48;
								_t87 = _t85;
								L59:
								E6F541429(_t85, _t90, _t87,  &_v52);
								E6F541266( &_v52);
								GlobalFree(_v8);
								return GlobalFree(_a8);
							}
							if(__eflags < 0) {
								L49:
								__eflags = 0;
								L50:
								_t48 = 1;
								goto L57;
							}
							__eflags = _t90 - _t77;
							if(_t90 < _t77) {
								goto L49;
							}
							goto L56;
						}
						_t85 = _t87;
						_t48 = E6F542EF0(_t90, _t77, _t85);
						goto L58;
					}
					_t57 = _t47 - 1;
					__eflags = _t57;
					if(_t57 == 0) {
						__eflags = _t90 - _t77;
						if(_t90 != _t77) {
							goto L56;
						}
						__eflags = _t87 - _v12;
						if(_t87 != _v12) {
							goto L56;
						}
						goto L49;
					}
					_t58 = _t57 - 1;
					__eflags = _t58;
					if(_t58 == 0) {
						__eflags =  *((char*)(_t81 + 1)) - 0x3e;
						if( *((char*)(_t81 + 1)) != 0x3e) {
							__eflags = _t87 - _v12;
							if(__eflags < 0) {
								goto L56;
							}
							if(__eflags > 0) {
								goto L49;
							}
							__eflags = _t90 - _t77;
							if(_t90 <= _t77) {
								goto L56;
							}
							goto L49;
						}
						__eflags =  *((char*)(_t81 + 2)) - 0x3e;
						_t85 = _t87;
						_t59 = _t90;
						_t83 = _t77;
						if( *((char*)(_t81 + 2)) != 0x3e) {
							_t48 = E6F542F10(_t59, _t83, _t85);
						} else {
							_t48 = E6F542F40(_t59, _t83, _t85);
						}
						goto L58;
					}
					_t60 = _t58 - 0x20;
					__eflags = _t60;
					if(_t60 == 0) {
						_t90 = _t90 ^ _t77;
						_t87 = _t87 ^ _v12;
						goto L59;
					}
					_t61 = _t60 - 0x1e;
					__eflags = _t61;
					if(_t61 == 0) {
						__eflags =  *((char*)(_t81 + 1)) - 0x7c;
						if( *((char*)(_t81 + 1)) != 0x7c) {
							_t90 = _t90 | _t77;
							_t87 = _t87 | _v12;
							goto L59;
						}
						__eflags = _t90 | _t87;
						if((_t90 | _t87) != 0) {
							goto L49;
						}
						__eflags = _t77 | _v12;
						if((_t77 | _v12) != 0) {
							goto L49;
						}
						goto L56;
					}
					__eflags = _t61 == 0;
					if(_t61 == 0) {
						_t90 =  !_t90;
						_t87 =  !_t87;
					}
					goto L59;
				}
				if(_t101 == 0) {
					L21:
					__eflags = _t77 | _v12;
					if((_t77 | _v12) != 0) {
						_v24 = E6F542D80(_t90, _t87, _t77, _v12);
						_v20 = _t85;
						_t48 = E6F542E30(_t90, _t87, _t77, _v12);
						_t81 = _a8;
					} else {
						_v24 = _v24 & 0x00000000;
						_v20 = _v20 & 0x00000000;
						_t48 = _t90;
						_t85 = _t87;
					}
					__eflags =  *_t81 - 0x2f;
					if( *_t81 != 0x2f) {
						goto L58;
					} else {
						_t90 = _v24;
						_t87 = _v20;
						goto L59;
					}
				}
				_t67 = _t46 - 0x21;
				if(_t67 == 0) {
					_t48 = 0;
					__eflags = _t90 | _t87;
					if((_t90 | _t87) != 0) {
						goto L57;
					}
					goto L50;
				}
				_t68 = _t67 - 4;
				if(_t68 == 0) {
					goto L21;
				}
				_t69 = _t68 - 1;
				if(_t69 == 0) {
					__eflags =  *((char*)(_t81 + 1)) - 0x26;
					if( *((char*)(_t81 + 1)) != 0x26) {
						_t90 = _t90 & _t77;
						_t87 = _t87 & _v12;
						goto L59;
					}
					__eflags = _t90 | _t87;
					if((_t90 | _t87) == 0) {
						goto L56;
					}
					__eflags = _t77 | _v12;
					if((_t77 | _v12) == 0) {
						goto L56;
					}
					goto L49;
				}
				_t70 = _t69 - 4;
				if(_t70 == 0) {
					_t48 = E6F542D40(_t90, _t87, _t77, _v12);
					goto L58;
				} else {
					_t71 = _t70 - 1;
					if(_t71 == 0) {
						_t90 = _t90 + _t77;
						asm("adc edi, [ebp-0x8]");
					} else {
						if(_t71 == 0) {
							_t90 = _t90 - _t77;
							asm("sbb edi, [ebp-0x8]");
						}
					}
					goto L59;
				}
			}





























                                                                  0x6f541837
                                                                  0x6f541841
                                                                  0x6f54184a
                                                                  0x6f54184d
                                                                  0x6f541852
                                                                  0x6f54185b
                                                                  0x6f541864
                                                                  0x6f541866
                                                                  0x6f54186d
                                                                  0x6f54186f
                                                                  0x6f541872
                                                                  0x6f541876
                                                                  0x6f541882
                                                                  0x6f54188b
                                                                  0x6f541890
                                                                  0x6f541893
                                                                  0x6f541899
                                                                  0x6f541899
                                                                  0x6f54189c
                                                                  0x6f54189f
                                                                  0x6f5418a2
                                                                  0x6f541968
                                                                  0x6f541968
                                                                  0x6f54196b
                                                                  0x6f5419e5
                                                                  0x6f5419e9
                                                                  0x6f5419f8
                                                                  0x6f5419fb
                                                                  0x6f541a03
                                                                  0x6f541a03
                                                                  0x6f541a03
                                                                  0x6f541a05
                                                                  0x6f541a05
                                                                  0x6f541a06
                                                                  0x6f541a06
                                                                  0x6f541a08
                                                                  0x6f541a0a
                                                                  0x6f541a10
                                                                  0x6f541a19
                                                                  0x6f541a2a
                                                                  0x6f541a35
                                                                  0x6f541a35
                                                                  0x6f5419fd
                                                                  0x6f5419e0
                                                                  0x6f5419e0
                                                                  0x6f5419e2
                                                                  0x6f5419e2
                                                                  0x00000000
                                                                  0x6f5419e2
                                                                  0x6f5419ff
                                                                  0x6f541a01
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x6f541a01
                                                                  0x6f5419ed
                                                                  0x6f5419f1
                                                                  0x00000000
                                                                  0x6f5419f1
                                                                  0x6f54196d
                                                                  0x6f54196d
                                                                  0x6f54196e
                                                                  0x6f5419d7
                                                                  0x6f5419d9
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x6f5419db
                                                                  0x6f5419de
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x6f5419de
                                                                  0x6f541970
                                                                  0x6f541970
                                                                  0x6f541971
                                                                  0x6f5419aa
                                                                  0x6f5419ae
                                                                  0x6f5419ca
                                                                  0x6f5419cd
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x6f5419cf
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x6f5419d1
                                                                  0x6f5419d3
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x6f5419d5
                                                                  0x6f5419b0
                                                                  0x6f5419b4
                                                                  0x6f5419b6
                                                                  0x6f5419b8
                                                                  0x6f5419ba
                                                                  0x6f5419c3
                                                                  0x6f5419bc
                                                                  0x6f5419bc
                                                                  0x6f5419bc
                                                                  0x00000000
                                                                  0x6f5419ba
                                                                  0x6f541973
                                                                  0x6f541973
                                                                  0x6f541976
                                                                  0x6f5419a3
                                                                  0x6f5419a5
                                                                  0x00000000
                                                                  0x6f5419a5
                                                                  0x6f541978
                                                                  0x6f541978
                                                                  0x6f54197b
                                                                  0x6f54198b
                                                                  0x6f54198f
                                                                  0x6f54199c
                                                                  0x6f54199e
                                                                  0x00000000
                                                                  0x6f54199e
                                                                  0x6f541991
                                                                  0x6f541993
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x6f541995
                                                                  0x6f541998
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x6f54199a
                                                                  0x6f54197e
                                                                  0x6f54197f
                                                                  0x6f541985
                                                                  0x6f541987
                                                                  0x6f541987
                                                                  0x00000000
                                                                  0x6f54197f
                                                                  0x6f5418a8
                                                                  0x6f541920
                                                                  0x6f541922
                                                                  0x6f541925
                                                                  0x6f541943
                                                                  0x6f541946
                                                                  0x6f54194c
                                                                  0x6f541951
                                                                  0x6f541927
                                                                  0x6f541927
                                                                  0x6f54192b
                                                                  0x6f54192f
                                                                  0x6f541931
                                                                  0x6f541931
                                                                  0x6f541954
                                                                  0x6f541957
                                                                  0x00000000
                                                                  0x6f54195d
                                                                  0x6f54195d
                                                                  0x6f541960
                                                                  0x00000000
                                                                  0x6f541960
                                                                  0x6f541957
                                                                  0x6f5418aa
                                                                  0x6f5418ad
                                                                  0x6f541911
                                                                  0x6f541913
                                                                  0x6f541915
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x6f54191b
                                                                  0x6f5418af
                                                                  0x6f5418b2
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x6f5418b4
                                                                  0x6f5418b5
                                                                  0x6f5418eb
                                                                  0x6f5418ef
                                                                  0x6f541907
                                                                  0x6f541909
                                                                  0x00000000
                                                                  0x6f541909
                                                                  0x6f5418f1
                                                                  0x6f5418f3
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x6f5418f9
                                                                  0x6f5418fc
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x6f541902
                                                                  0x6f5418b7
                                                                  0x6f5418ba
                                                                  0x6f5418e1
                                                                  0x00000000
                                                                  0x6f5418bc
                                                                  0x6f5418bc
                                                                  0x6f5418bd
                                                                  0x6f5418d1
                                                                  0x6f5418d3
                                                                  0x6f5418bf
                                                                  0x6f5418c1
                                                                  0x6f5418c7
                                                                  0x6f5418c9
                                                                  0x6f5418c9
                                                                  0x6f5418c1
                                                                  0x00000000
                                                                  0x6f5418bd

                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.692110359.000000006F541000.00000020.00000001.01000000.00000005.sdmp, Offset: 6F540000, based on PE: true
                                                                  • Associated: 00000000.00000002.692101817.000000006F540000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                  • Associated: 00000000.00000002.692119078.000000006F543000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                  • Associated: 00000000.00000002.692127055.000000006F545000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6f540000_SetupWIService.jbxd
                                                                  Similarity
                                                                  • API ID: FreeGlobal
                                                                  • String ID:
                                                                  • API String ID: 2979337801-0
                                                                  • Opcode ID: 1d3216507bba349f765a30dadd27bb47298c7cdc61afe834237c8aa0372a965f
                                                                  • Instruction ID: 5f24252a2ebfdf0b1d20e3d92251931b0f0cb328ed3ce9ecf0d5d791da1c5a55
                                                                  • Opcode Fuzzy Hash: 1d3216507bba349f765a30dadd27bb47298c7cdc61afe834237c8aa0372a965f
                                                                  • Instruction Fuzzy Hash: D751E372D48298AEDB03CFB9CA406AEBFB5AF86359F05057BD404E7140C731BE6187A1
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 6F5416DB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 120COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 94%
                                                                  			E6F5416DB(void* __edx, void* __edi, void* __esi, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				void _v36;
				char _v88;
				struct HINSTANCE__* _t37;
				intOrPtr _t42;
				void* _t48;
				void* _t49;
				void* _t50;
				void* _t54;
				intOrPtr _t57;
				signed int _t61;
				signed int _t63;
				void* _t67;
				void* _t68;
				void* _t72;
				void* _t76;

				_t76 = __esi;
				_t68 = __edi;
				_t67 = __edx;
				 *0x6f54405c = _a8;
				 *0x6f544060 = _a16;
				 *0x6f544064 = _a12;
				 *((intOrPtr*)(_a20 + 0xc))( *0x6f544038, E6F541556);
				_push(1);
				_t37 = E6F541A98();
				_t54 = _t37;
				if(_t54 == 0) {
					L28:
					return _t37;
				} else {
					if( *((intOrPtr*)(_t54 + 4)) != 1) {
						E6F5422AF(_t54);
					}
					E6F5422F1(_t67, _t54);
					_t57 =  *((intOrPtr*)(_t54 + 4));
					if(_t57 == 0xffffffff) {
						L14:
						if(( *(_t54 + 0x810) & 0x00000004) == 0) {
							if( *((intOrPtr*)(_t54 + 4)) == 0) {
								_t37 = E6F5424D8(_t54);
							} else {
								_push(_t76);
								_push(_t68);
								_t61 = 8;
								_t13 = _t54 + 0x818; // 0x818
								memcpy( &_v36, _t13, _t61 << 2);
								_t42 = E6F54156B(_t54,  &_v88);
								 *(_t54 + 0x834) =  *(_t54 + 0x834) & 0x00000000;
								_t18 = _t54 + 0x818; // 0x818
								_t72 = _t18;
								 *((intOrPtr*)(_t54 + 0x820)) = _t42;
								 *_t72 = 3;
								E6F5424D8(_t54);
								_t63 = 8;
								_t37 = memcpy(_t72,  &_v36, _t63 << 2);
							}
						} else {
							E6F5424D8(_t54);
							_t37 = GlobalFree(E6F541266(E6F541559(_t54)));
						}
						if( *((intOrPtr*)(_t54 + 4)) != 1) {
							_t37 = E6F54249E(_t54);
							if(( *(_t54 + 0x810) & 0x00000040) != 0 &&  *_t54 == 1) {
								_t37 =  *(_t54 + 0x808);
								if(_t37 != 0) {
									_t37 = FreeLibrary(_t37);
								}
							}
							if(( *(_t54 + 0x810) & 0x00000020) != 0) {
								_t37 = E6F5414E2( *0x6f544058);
							}
						}
						if(( *(_t54 + 0x810) & 0x00000002) != 0) {
							goto L28;
						} else {
							return GlobalFree(_t54);
						}
					}
					_t48 =  *_t54;
					if(_t48 == 0) {
						if(_t57 != 1) {
							goto L14;
						}
						E6F542CC3(_t54);
						L12:
						_t54 = _t48;
						L13:
						goto L14;
					}
					_t49 = _t48 - 1;
					if(_t49 == 0) {
						L8:
						_t48 = E6F542A38(_t57, _t54);
						goto L12;
					}
					_t50 = _t49 - 1;
					if(_t50 == 0) {
						E6F5426B2(_t54);
						goto L13;
					}
					if(_t50 != 1) {
						goto L14;
					}
					goto L8;
				}
			}


















                                                                  0x6f5416db
                                                                  0x6f5416db
                                                                  0x6f5416db
                                                                  0x6f5416e5
                                                                  0x6f5416ed
                                                                  0x6f5416fa
                                                                  0x6f541708
                                                                  0x6f54170b
                                                                  0x6f54170d
                                                                  0x6f541712
                                                                  0x6f541717
                                                                  0x6f541836
                                                                  0x6f541836
                                                                  0x6f54171d
                                                                  0x6f541721
                                                                  0x6f541724
                                                                  0x6f541729
                                                                  0x6f54172b
                                                                  0x6f541731
                                                                  0x6f541737
                                                                  0x6f541767
                                                                  0x6f54176e
                                                                  0x6f541792
                                                                  0x6f5417dd
                                                                  0x6f541794
                                                                  0x6f541794
                                                                  0x6f541795
                                                                  0x6f54179b
                                                                  0x6f54179c
                                                                  0x6f5417a6
                                                                  0x6f5417a9
                                                                  0x6f5417ae
                                                                  0x6f5417b5
                                                                  0x6f5417b5
                                                                  0x6f5417bc
                                                                  0x6f5417c2
                                                                  0x6f5417c8
                                                                  0x6f5417d5
                                                                  0x6f5417d6
                                                                  0x6f5417d9
                                                                  0x6f541770
                                                                  0x6f541771
                                                                  0x6f541786
                                                                  0x6f541786
                                                                  0x6f5417e7
                                                                  0x6f5417ea
                                                                  0x6f5417f7
                                                                  0x6f5417fe
                                                                  0x6f541806
                                                                  0x6f541809
                                                                  0x6f541809
                                                                  0x6f541806
                                                                  0x6f541816
                                                                  0x6f54181e
                                                                  0x6f541823
                                                                  0x6f541816
                                                                  0x6f54182b
                                                                  0x00000000
                                                                  0x6f54182d
                                                                  0x00000000
                                                                  0x6f54182e
                                                                  0x6f54182b
                                                                  0x6f54173b
                                                                  0x6f54173e
                                                                  0x6f54175c
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x6f54175f
                                                                  0x6f541764
                                                                  0x6f541764
                                                                  0x6f541766
                                                                  0x00000000
                                                                  0x6f541766
                                                                  0x6f541740
                                                                  0x6f541741
                                                                  0x6f541749
                                                                  0x6f54174a
                                                                  0x00000000
                                                                  0x6f54174a
                                                                  0x6f541743
                                                                  0x6f541744
                                                                  0x6f541752
                                                                  0x00000000
                                                                  0x6f541752
                                                                  0x6f541747
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x6f541747

                                                                  APIs
                                                                    • Part of subcall function 6F541A98: GlobalFree.KERNEL32 ref: 6F541D09
                                                                    • Part of subcall function 6F541A98: GlobalFree.KERNEL32 ref: 6F541D0E
                                                                    • Part of subcall function 6F541A98: GlobalFree.KERNEL32 ref: 6F541D13
                                                                  • GlobalFree.KERNEL32 ref: 6F541786
                                                                  • FreeLibrary.KERNEL32(?), ref: 6F541809
                                                                  • GlobalFree.KERNEL32 ref: 6F54182E
                                                                    • Part of subcall function 6F5422AF: GlobalAlloc.KERNEL32(00000040,?), ref: 6F5422E0
                                                                    • Part of subcall function 6F5426B2: GlobalAlloc.KERNEL32(00000040,00000000,?,?,00000000,?,?,?,6F541757,00000000), ref: 6F542782
                                                                    • Part of subcall function 6F54156B: wsprintfA.USER32 ref: 6F541599
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.692110359.000000006F541000.00000020.00000001.01000000.00000005.sdmp, Offset: 6F540000, based on PE: true
                                                                  • Associated: 00000000.00000002.692101817.000000006F540000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                  • Associated: 00000000.00000002.692119078.000000006F543000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                  • Associated: 00000000.00000002.692127055.000000006F545000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6f540000_SetupWIService.jbxd
                                                                  Similarity
                                                                  • API ID: Global$Free$Alloc$Librarywsprintf
                                                                  • String ID:
                                                                  • API String ID: 3962662361-3916222277
                                                                  • Opcode ID: 0cfc35d2bcb4c9a083d987802ad8f828b10a767ed27c05a555b30a79bc418cac
                                                                  • Instruction ID: b6065ce8927c94778f83ffad20542313bc301119cc55aec87821603b16f385a1
                                                                  • Opcode Fuzzy Hash: 0cfc35d2bcb4c9a083d987802ad8f828b10a767ed27c05a555b30a79bc418cac
                                                                  • Instruction Fuzzy Hash: 9E419F711007089ACB02EF74D984BD63BA8BF45328F058576E9199E4C7DB74AC65CBA4
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 004059A8 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 100%
                                                                  			E004059A8(CHAR* _a4) {
				CHAR* _t7;

				_t7 = _a4;
				if( *(CharPrevA(_t7,  &(_t7[lstrlenA(_t7)]))) != 0x5c) {
					lstrcatA(_t7, 0x40a014);
				}
				return _t7;
			}




                                                                  0x004059a9
                                                                  0x004059c0
                                                                  0x004059c8
                                                                  0x004059c8
                                                                  0x004059d0

                                                                  APIs
                                                                  • lstrlenA.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,00403258,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040347D,?,00000006,00000008,0000000A), ref: 004059AE
                                                                  • CharPrevA.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,00403258,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040347D,?,00000006,00000008,0000000A), ref: 004059B7
                                                                  • lstrcatA.KERNEL32(?,0040A014,?,00000006,00000008,0000000A), ref: 004059C8
                                                                  Strings
                                                                  • C:\Users\user\AppData\Local\Temp\, xrefs: 004059A8
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.691031265.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.691022035.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691058909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691080261.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691237627.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691253951.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691263137.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691442975.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                  Similarity
                                                                  • API ID: CharPrevlstrcatlstrlen
                                                                  • String ID: C:\Users\user\AppData\Local\Temp\
                                                                  • API String ID: 2659869361-3081826266
                                                                  • Opcode ID: dfed55a16eab86d89f3af7970decdd3a6c9dbbcd65d2cf450bad9cf681275afb
                                                                  • Instruction ID: 62df29c05e3eff7e61c48a1ee3c1863d20e1198667f6a1bd608fcc747cda2104
                                                                  • Opcode Fuzzy Hash: dfed55a16eab86d89f3af7970decdd3a6c9dbbcd65d2cf450bad9cf681275afb
                                                                  • Instruction Fuzzy Hash: 90D0A9B2211A30BAE20266259E09ECF2E088F06310B060037F200B21A1CA3D0D1287FE
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 00405A41 Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 41COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 100%
                                                                  			E00405A41(CHAR* _a4) {
				CHAR* _t5;
				char* _t7;
				CHAR* _t9;
				char _t10;
				CHAR* _t11;
				void* _t13;

				_t11 = _a4;
				_t9 = CharNextA(_t11);
				_t5 = CharNextA(_t9);
				_t10 =  *_t11;
				if(_t10 == 0 ||  *_t9 != 0x3a || _t9[1] != 0x5c) {
					if(_t10 != 0x5c || _t11[1] != _t10) {
						L10:
						return 0;
					} else {
						_t13 = 2;
						while(1) {
							_t13 = _t13 - 1;
							_t7 = E004059D3(_t5, 0x5c);
							if( *_t7 == 0) {
								goto L10;
							}
							_t5 = _t7 + 1;
							if(_t13 != 0) {
								continue;
							}
							return _t5;
						}
						goto L10;
					}
				} else {
					return CharNextA(_t5);
				}
			}









                                                                  0x00405a4a
                                                                  0x00405a51
                                                                  0x00405a54
                                                                  0x00405a56
                                                                  0x00405a5a
                                                                  0x00405a6f
                                                                  0x00405a8e
                                                                  0x00000000
                                                                  0x00405a76
                                                                  0x00405a78
                                                                  0x00405a79
                                                                  0x00405a7c
                                                                  0x00405a7d
                                                                  0x00405a85
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00405a87
                                                                  0x00405a8a
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00405a8a
                                                                  0x00000000
                                                                  0x00405a79
                                                                  0x00405a67
                                                                  0x00000000
                                                                  0x00405a68

                                                                  APIs
                                                                  • CharNextA.USER32(?,?,C:\,?,00405AAD,C:\,C:\,7476FA90,?,C:\Users\user\AppData\Local\Temp\,004057F8,?,7476FA90,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405A4F
                                                                  • CharNextA.USER32(00000000), ref: 00405A54
                                                                  • CharNextA.USER32(00000000), ref: 00405A68
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.691031265.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.691022035.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691058909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691080261.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691237627.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691253951.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691263137.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691442975.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                  Similarity
                                                                  • API ID: CharNext
                                                                  • String ID: C:\
                                                                  • API String ID: 3213498283-3404278061
                                                                  • Opcode ID: b0e8f5e89ebadb76a027bec09a8a2b8523dc58ec169e45d2c78276560c1d622b
                                                                  • Instruction ID: 984e8433726efb403dd44e64a223cc5f2fc3fa985c42d0e1b55ccc4b068145f6
                                                                  • Opcode Fuzzy Hash: b0e8f5e89ebadb76a027bec09a8a2b8523dc58ec169e45d2c78276560c1d622b
                                                                  • Instruction Fuzzy Hash: F9F06251B04F656AFB2292744C94B7B5B8CCB55361F184667D980662C282784C418FAA
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 00402D60 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 100%
                                                                  			E00402D60(intOrPtr _a4) {
				long _t2;
				struct HWND__* _t3;
				struct HWND__* _t6;

				if(_a4 == 0) {
					__eflags =  *0x429428; // 0x0
					if(__eflags == 0) {
						_t2 = GetTickCount();
						__eflags = _t2 -  *0x42f410;
						if(_t2 >  *0x42f410) {
							_t3 = CreateDialogParamA( *0x42f400, 0x6f, 0, E00402CDD, 0);
							 *0x429428 = _t3;
							return ShowWindow(_t3, 5);
						}
						return _t2;
					} else {
						return E004063E4(0);
					}
				} else {
					_t6 =  *0x429428; // 0x0
					if(_t6 != 0) {
						_t6 = DestroyWindow(_t6);
					}
					 *0x429428 = 0;
					return _t6;
				}
			}






                                                                  0x00402d67
                                                                  0x00402d81
                                                                  0x00402d87
                                                                  0x00402d91
                                                                  0x00402d97
                                                                  0x00402d9d
                                                                  0x00402dae
                                                                  0x00402db7
                                                                  0x00000000
                                                                  0x00402dbc
                                                                  0x00402dc3
                                                                  0x00402d89
                                                                  0x00402d90
                                                                  0x00402d90
                                                                  0x00402d69
                                                                  0x00402d69
                                                                  0x00402d70
                                                                  0x00402d73
                                                                  0x00402d73
                                                                  0x00402d79
                                                                  0x00402d80
                                                                  0x00402d80

                                                                  APIs
                                                                  • DestroyWindow.USER32(00000000,00000000,00402F3E,00000001), ref: 00402D73
                                                                  • GetTickCount.KERNEL32 ref: 00402D91
                                                                  • CreateDialogParamA.USER32(0000006F,00000000,00402CDD,00000000), ref: 00402DAE
                                                                  • ShowWindow.USER32(00000000,00000005), ref: 00402DBC
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.691031265.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.691022035.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691058909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691080261.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691237627.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691253951.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691263137.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691442975.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                  Similarity
                                                                  • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                                  • String ID:
                                                                  • API String ID: 2102729457-0
                                                                  • Opcode ID: 92830607251259d7b21fa7f6a4b037c479e5f1f9739c9a057c3e932900ba9aab
                                                                  • Instruction ID: 761b86bf19c83071f88326f4280a43ff42c19d235faedd25f12e3078a496723d
                                                                  • Opcode Fuzzy Hash: 92830607251259d7b21fa7f6a4b037c479e5f1f9739c9a057c3e932900ba9aab
                                                                  • Instruction Fuzzy Hash: 62F0F431A05621ABC6217B64BE4C9DF7A64BB04B11B51047AF545B22E4DB744C878BAC
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 004050AB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 91%
                                                                  			E004050AB(struct HWND__* _a4, int _a8, int _a12, long _a16) {
				int _t11;
				int _t15;
				long _t16;

				_t15 = _a8;
				if(_t15 != 0x102) {
					__eflags = _t15 - 0x200;
					if(_t15 != 0x200) {
						_t16 = _a16;
						L7:
						__eflags = _t15 - 0x419;
						if(_t15 == 0x419) {
							__eflags =  *0x42a85c - _t16; // 0x0
							if(__eflags != 0) {
								_push(_t16);
								_push(6);
								 *0x42a85c = _t16;
								E00404A71();
							}
						}
						L11:
						return CallWindowProcA( *0x42a864, _a4, _t15, _a12, _t16);
					}
					_t11 = IsWindowVisible(_a4);
					__eflags = _t11;
					if(_t11 == 0) {
						L10:
						_t16 = _a16;
						goto L11;
					}
					_t16 = E004049F1(_a4, 1);
					_t15 = 0x419;
					goto L7;
				}
				if(_a12 == 0x20) {
					E004040EA(0x413);
					return 0;
				}
				goto L10;
			}






                                                                  0x004050af
                                                                  0x004050b9
                                                                  0x004050cf
                                                                  0x004050d5
                                                                  0x004050f7
                                                                  0x004050fa
                                                                  0x004050fa
                                                                  0x00405100
                                                                  0x00405102
                                                                  0x00405108
                                                                  0x0040510a
                                                                  0x0040510b
                                                                  0x0040510d
                                                                  0x00405113
                                                                  0x00405113
                                                                  0x00405108
                                                                  0x0040511d
                                                                  0x00000000
                                                                  0x0040512b
                                                                  0x004050da
                                                                  0x004050e0
                                                                  0x004050e2
                                                                  0x0040511a
                                                                  0x0040511a
                                                                  0x00000000
                                                                  0x0040511a
                                                                  0x004050ee
                                                                  0x004050f0
                                                                  0x00000000
                                                                  0x004050f0
                                                                  0x004050bf
                                                                  0x004050c6
                                                                  0x00000000
                                                                  0x004050cb
                                                                  0x00000000

                                                                  APIs
                                                                  • IsWindowVisible.USER32(?), ref: 004050DA
                                                                  • CallWindowProcA.USER32 ref: 0040512B
                                                                    • Part of subcall function 004040EA: SendMessageA.USER32(0001042E,00000000,00000000,00000000), ref: 004040FC
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.691031265.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.691022035.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691058909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691080261.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691237627.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691253951.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691263137.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691442975.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                  Similarity
                                                                  • API ID: Window$CallMessageProcSendVisible
                                                                  • String ID:
                                                                  • API String ID: 3748168415-3916222277
                                                                  • Opcode ID: e888eab98be9719f5677808cf14d784dfa63dd3181dd39c0deeb7150e6d77b2f
                                                                  • Instruction ID: 77e6a5b3f6bfc6627eb61d09ca0671ae0e6a579f7b3ef645513b94fc1d41cd39
                                                                  • Opcode Fuzzy Hash: e888eab98be9719f5677808cf14d784dfa63dd3181dd39c0deeb7150e6d77b2f
                                                                  • Instruction Fuzzy Hash: FD017171600648ABDF206F11DD81A5B3B65EB84750F144036FA417A1D2D73A8C629F6E
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 00403798 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 100%
                                                                  			E00403798() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t8;

				_t8 =  *0x429834; // 0x84bdd0
				_t3 = E0040377D(_t2, 0);
				if(_t8 != 0) {
					do {
						_t6 = _t8;
						_t8 =  *_t8;
						FreeLibrary( *(_t6 + 8));
						_t3 = GlobalFree(_t6);
					} while (_t8 != 0);
				}
				 *0x429834 =  *0x429834 & 0x00000000;
				return _t3;
			}







                                                                  0x00403799
                                                                  0x004037a1
                                                                  0x004037a8
                                                                  0x004037ab
                                                                  0x004037ab
                                                                  0x004037ad
                                                                  0x004037b2
                                                                  0x004037b9
                                                                  0x004037bf
                                                                  0x004037c3
                                                                  0x004037c4
                                                                  0x004037cc

                                                                  APIs
                                                                  • FreeLibrary.KERNEL32(?,7476FA90,00000000,C:\Users\user\AppData\Local\Temp\,00403770,0040358A,?,?,00000006,00000008,0000000A), ref: 004037B2
                                                                  • GlobalFree.KERNEL32 ref: 004037B9
                                                                  Strings
                                                                  • C:\Users\user\AppData\Local\Temp\, xrefs: 00403798
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.691031265.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.691022035.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691058909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691080261.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691237627.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691253951.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691263137.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691442975.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                  Similarity
                                                                  • API ID: Free$GlobalLibrary
                                                                  • String ID: C:\Users\user\AppData\Local\Temp\
                                                                  • API String ID: 1100898210-3081826266
                                                                  • Opcode ID: 248c780681ff10c09d9810c58c710ba8abcca500869ff380da07a7f320702544
                                                                  • Instruction ID: 06ba742c3ad1fb67bc09d12af4c86e1058789e05b1a36190638fabe2eea0851a
                                                                  • Opcode Fuzzy Hash: 248c780681ff10c09d9810c58c710ba8abcca500869ff380da07a7f320702544
                                                                  • Instruction Fuzzy Hash: EAE0C27352212097C7312F15EE04B1AB7A86F86F22F09403AE8407B2A087741C438BCC
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 004059EF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 100%
                                                                  			E004059EF(char* _a4) {
				char* _t3;
				char* _t5;

				_t5 = _a4;
				_t3 =  &(_t5[lstrlenA(_t5)]);
				while( *_t3 != 0x5c) {
					_t3 = CharPrevA(_t5, _t3);
					if(_t3 > _t5) {
						continue;
					}
					break;
				}
				 *_t3 =  *_t3 & 0x00000000;
				return  &(_t3[1]);
			}





                                                                  0x004059f0
                                                                  0x004059fa
                                                                  0x004059fc
                                                                  0x00405a03
                                                                  0x00405a0b
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00405a0b
                                                                  0x00405a0d
                                                                  0x00405a12

                                                                  APIs
                                                                  • lstrlenA.KERNEL32(80000000,C:\Users\user\Desktop,00402E30,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\SetupWIService.exe,C:\Users\user\Desktop\SetupWIService.exe,80000000,00000003), ref: 004059F5
                                                                  • CharPrevA.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,00402E30,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\SetupWIService.exe,C:\Users\user\Desktop\SetupWIService.exe,80000000,00000003), ref: 00405A03
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.691031265.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.691022035.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691058909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691080261.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691237627.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691253951.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691263137.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691442975.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                  Similarity
                                                                  • API ID: CharPrevlstrlen
                                                                  • String ID: C:\Users\user\Desktop
                                                                  • API String ID: 2709904686-224404859
                                                                  • Opcode ID: 4402843b33e5109e67992b99d0281bb7e81fac819ebae0ac34b6d7d52c4d849b
                                                                  • Instruction ID: 7185998fb8cc4c4ccda179d560b4c8302004e2739ffdff7e1043df3a51136750
                                                                  • Opcode Fuzzy Hash: 4402843b33e5109e67992b99d0281bb7e81fac819ebae0ac34b6d7d52c4d849b
                                                                  • Instruction Fuzzy Hash: E6D0C7B3519DB06EE30392549D04B9F6A48DF16710F094566E181A6195C6784D424BED
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 6F5410E0 Relevance: 5.1, APIs: 4, Instructions: 102memoryCOMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 100%
                                                                  			E6F5410E0(void* _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				char* _t17;
				char _t19;
				void* _t20;
				void* _t24;
				void* _t27;
				void* _t31;
				void* _t37;
				void* _t39;
				void* _t40;
				signed int _t43;
				void* _t52;
				char* _t53;
				char* _t55;
				void* _t56;
				void* _t58;

				 *0x6f54405c = _a8;
				 *0x6f544060 = _a16;
				 *0x6f544064 = _a12;
				 *((intOrPtr*)(_a20 + 0xc))( *0x6f544038, E6F541556, _t52);
				_t43 =  *0x6f54405c +  *0x6f54405c * 4 << 2;
				_t17 = E6F54123B();
				_a8 = _t17;
				_t53 = _t17;
				if( *_t17 == 0) {
					L16:
					return GlobalFree(_a8);
				} else {
					do {
						_t19 =  *_t53;
						_t55 = _t53 + 1;
						_t58 = _t19 - 0x6c;
						if(_t58 > 0) {
							_t20 = _t19 - 0x70;
							if(_t20 == 0) {
								L12:
								_t53 = _t55 + 1;
								_t24 = E6F541266(E6F5412AD( *_t55 - 0x30));
								L13:
								GlobalFree(_t24);
								goto L14;
							}
							_t27 = _t20;
							if(_t27 == 0) {
								L10:
								_t53 = _t55 + 1;
								_t24 = E6F5412D1( *_t55 - 0x30, E6F54123B());
								goto L13;
							}
							L7:
							if(_t27 == 1) {
								_t31 = GlobalAlloc(0x40, _t43 + 4);
								 *_t31 =  *0x6f544030;
								 *0x6f544030 = _t31;
								E6F541508(_t31 + 4,  *0x6f544064, _t43);
								_t56 = _t56 + 0xc;
							}
							goto L14;
						}
						if(_t58 == 0) {
							L17:
							_t34 =  *0x6f544030;
							if( *0x6f544030 != 0) {
								E6F541508( *0x6f544064, _t34 + 4, _t43);
								_t37 =  *0x6f544030;
								_t56 = _t56 + 0xc;
								GlobalFree(_t37);
								 *0x6f544030 =  *_t37;
							}
							goto L14;
						}
						_t39 = _t19 - 0x4c;
						if(_t39 == 0) {
							goto L17;
						}
						_t40 = _t39 - 4;
						if(_t40 == 0) {
							 *_t55 =  *_t55 + 0xa;
							goto L12;
						}
						_t27 = _t40;
						if(_t27 == 0) {
							 *_t55 =  *_t55 + 0xa;
							goto L10;
						}
						goto L7;
						L14:
					} while ( *_t53 != 0);
					goto L16;
				}
			}


















                                                                  0x6f5410e7
                                                                  0x6f5410ef
                                                                  0x6f541103
                                                                  0x6f54110b
                                                                  0x6f541116
                                                                  0x6f541119
                                                                  0x6f541121
                                                                  0x6f541124
                                                                  0x6f541126
                                                                  0x6f5411c4
                                                                  0x6f5411d0
                                                                  0x6f54112c
                                                                  0x6f54112d
                                                                  0x6f54112d
                                                                  0x6f541130
                                                                  0x6f541131
                                                                  0x6f541134
                                                                  0x6f541203
                                                                  0x6f541206
                                                                  0x6f54119e
                                                                  0x6f5411a4
                                                                  0x6f5411ac
                                                                  0x6f5411b1
                                                                  0x6f5411b4
                                                                  0x00000000
                                                                  0x6f5411b4
                                                                  0x6f541209
                                                                  0x6f54120a
                                                                  0x6f541186
                                                                  0x6f54118c
                                                                  0x6f541194
                                                                  0x00000000
                                                                  0x6f541194
                                                                  0x6f541152
                                                                  0x6f541153
                                                                  0x6f54115b
                                                                  0x6f541168
                                                                  0x6f541170
                                                                  0x6f541179
                                                                  0x6f54117e
                                                                  0x6f54117e
                                                                  0x00000000
                                                                  0x6f541153
                                                                  0x6f54113a
                                                                  0x6f5411d1
                                                                  0x6f5411d1
                                                                  0x6f5411d8
                                                                  0x6f5411e5
                                                                  0x6f5411ea
                                                                  0x6f5411ef
                                                                  0x6f5411f5
                                                                  0x6f5411fb
                                                                  0x6f5411fb
                                                                  0x00000000
                                                                  0x6f5411d8
                                                                  0x6f541140
                                                                  0x6f541143
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x6f541149
                                                                  0x6f54114c
                                                                  0x6f54119b
                                                                  0x00000000
                                                                  0x6f54119b
                                                                  0x6f54114f
                                                                  0x6f541150
                                                                  0x6f541183
                                                                  0x00000000
                                                                  0x6f541183
                                                                  0x00000000
                                                                  0x6f5411ba
                                                                  0x6f5411ba
                                                                  0x00000000
                                                                  0x6f5411c3

                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.692110359.000000006F541000.00000020.00000001.01000000.00000005.sdmp, Offset: 6F540000, based on PE: true
                                                                  • Associated: 00000000.00000002.692101817.000000006F540000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                  • Associated: 00000000.00000002.692119078.000000006F543000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                  • Associated: 00000000.00000002.692127055.000000006F545000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6f540000_SetupWIService.jbxd
                                                                  Similarity
                                                                  • API ID: Global$Free$Alloc
                                                                  • String ID:
                                                                  • API String ID: 1780285237-0
                                                                  • Opcode ID: c9961b0be151e10d79510e3731634c9b28986368f3e13ebce5076a4c33cc79e1
                                                                  • Instruction ID: 062249ff61d6fa59e4ae5e375dd93ce125ff868585efceafac5a98068ba708cc
                                                                  • Opcode Fuzzy Hash: c9961b0be151e10d79510e3731634c9b28986368f3e13ebce5076a4c33cc79e1
                                                                  • Instruction Fuzzy Hash: 2731AFB1448644AFEB02EF79DA49A667FF8FB46360B150536E859CA250D734AC36CF20
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 00405B0E Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 100%
                                                                  			E00405B0E(void* __ecx, CHAR* _a4, CHAR* _a8) {
				int _v8;
				int _t12;
				int _t14;
				int _t15;
				CHAR* _t17;
				CHAR* _t27;

				_t12 = lstrlenA(_a8);
				_t27 = _a4;
				_v8 = _t12;
				while(lstrlenA(_t27) >= _v8) {
					_t14 = _v8;
					 *(_t14 + _t27) =  *(_t14 + _t27) & 0x00000000;
					_t15 = lstrcmpiA(_t27, _a8);
					_t27[_v8] =  *(_t14 + _t27);
					if(_t15 == 0) {
						_t17 = _t27;
					} else {
						_t27 = CharNextA(_t27);
						continue;
					}
					L5:
					return _t17;
				}
				_t17 = 0;
				goto L5;
			}









                                                                  0x00405b1e
                                                                  0x00405b20
                                                                  0x00405b23
                                                                  0x00405b4f
                                                                  0x00405b28
                                                                  0x00405b31
                                                                  0x00405b36
                                                                  0x00405b41
                                                                  0x00405b44
                                                                  0x00405b60
                                                                  0x00405b46
                                                                  0x00405b4d
                                                                  0x00000000
                                                                  0x00405b4d
                                                                  0x00405b59
                                                                  0x00405b5d
                                                                  0x00405b5d
                                                                  0x00405b57
                                                                  0x00000000

                                                                  APIs
                                                                  • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405D69,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405B1E
                                                                  • lstrcmpiA.KERNEL32(00000000,00000000,?,00000000,00405D69,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405B36
                                                                  • CharNextA.USER32(00000000,?,00000000,00405D69,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405B47
                                                                  • lstrlenA.KERNEL32(00000000,?,00000000,00405D69,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405B50
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.691031265.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.691022035.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691058909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691080261.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691237627.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691253951.000000000043D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691263137.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.691442975.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                  Similarity
                                                                  • API ID: lstrlen$CharNextlstrcmpi
                                                                  • String ID:
                                                                  • API String ID: 190613189-0
                                                                  • Opcode ID: dddc0b46adaff912d9c321cf48e41736a02eed0190ef2a74250491e495455120
                                                                  • Instruction ID: 0197496b5d832c36441f5dd9a15c5c44ab4bce902fcb82863052ee0cfca36748
                                                                  • Opcode Fuzzy Hash: dddc0b46adaff912d9c321cf48e41736a02eed0190ef2a74250491e495455120
                                                                  • Instruction Fuzzy Hash: C9F0C231600418BFC7029BA5DD00D9EBBB8DF06250B2540BAE840F7210D634FE019BA8
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Non-executed Functions

                                                                  Function 00DF19A0 Relevance: 7.7, APIs: 5, Instructions: 161filethreadCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000001,00000080,00000000,?,?,?,?), ref: 00DF19EB
                                                                  • GetCurrentThreadId.KERNEL32 ref: 00DF1A36
                                                                  • VirtualQueryEx.KERNEL32(?,00000000,?,0000001C), ref: 00DF1AA1
                                                                  • GetProcessId.KERNEL32(?,00000000,?,00000000,?,00DF16B0), ref: 00DF1B6D
                                                                  • CloseHandle.KERNEL32(00000000), ref: 00DF1B81
                                                                  Memory Dump Source
                                                                  • Source File: 00000010.00000002.321457682.0000000000BD1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BD0000, based on PE: true
                                                                  • Associated: 00000010.00000002.321452793.0000000000BD0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                  • Associated: 00000010.00000002.324517941.0000000001128000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                  • Associated: 00000010.00000002.325352785.000000000128F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                  • Associated: 00000010.00000002.325385464.0000000001292000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                  • Associated: 00000010.00000002.325400953.0000000001294000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                  • Associated: 00000010.00000002.325408639.0000000001297000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                  • Associated: 00000010.00000002.325422141.00000000012A6000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                  • Associated: 00000010.00000002.325429512.00000000012AF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                  • Associated: 00000010.00000002.325472598.0000000001559000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                  • Associated: 00000010.00000002.325479643.000000000155C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                  • Associated: 00000010.00000002.325486595.000000000155F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                  • Associated: 00000010.00000002.325495903.0000000001562000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                  • Associated: 00000010.00000002.325642586.000000000159F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_16_2_bd0000_wiservice.jbxd
                                                                  Similarity
                                                                  • API ID: CloseCreateCurrentFileHandleProcessQueryThreadVirtual
                                                                  • String ID:
                                                                  • API String ID: 1837238986-0
                                                                  • Opcode ID: c18e156cffd1a6c84908e87f0ab522f7729488cc7d832b208962116eb5f8674b
                                                                  • Instruction ID: 3658a145012d95da6dfef33bdcfd6f72dee23dc336fc8ac879234e64d996d77e
                                                                  • Opcode Fuzzy Hash: c18e156cffd1a6c84908e87f0ab522f7729488cc7d832b208962116eb5f8674b
                                                                  • Instruction Fuzzy Hash: 08515975608344DFD324CF29D884B6ABBE4FB89310F19892EE29AC7260E771D945CF52
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Non-executed Functions

                                                                  Function 00DF19A0 Relevance: 7.7, APIs: 5, Instructions: 161filethreadCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000001,00000080,00000000,?,?,?,?), ref: 00DF19EB
                                                                  • GetCurrentThreadId.KERNEL32 ref: 00DF1A36
                                                                  • VirtualQueryEx.KERNEL32(?,00000000,?,0000001C), ref: 00DF1AA1
                                                                  • GetProcessId.KERNEL32(?,00000000,?,00000000,?,00DF16B0), ref: 00DF1B6D
                                                                  • CloseHandle.KERNEL32(00000000), ref: 00DF1B81
                                                                  Memory Dump Source
                                                                  • Source File: 00000014.00000002.691823087.0000000000BD1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BD0000, based on PE: true
                                                                  • Associated: 00000014.00000002.691815827.0000000000BD0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                  • Associated: 00000014.00000002.692657484.0000000001128000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                  • Associated: 00000014.00000002.692857830.000000000128F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                  • Associated: 00000014.00000002.692875921.0000000001297000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                  • Associated: 00000014.00000002.692897000.00000000012A6000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                  • Associated: 00000014.00000002.692908863.00000000012AF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                  • Associated: 00000014.00000002.692964134.0000000001559000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                  • Associated: 00000014.00000002.692977775.000000000155C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                  • Associated: 00000014.00000002.692994261.000000000155F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                  • Associated: 00000014.00000002.693002131.0000000001562000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                  • Associated: 00000014.00000002.693058439.000000000159F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_20_2_bd0000_wiservice.jbxd
                                                                  Similarity
                                                                  • API ID: CloseCreateCurrentFileHandleProcessQueryThreadVirtual
                                                                  • String ID:
                                                                  • API String ID: 1837238986-0
                                                                  • Opcode ID: c18e156cffd1a6c84908e87f0ab522f7729488cc7d832b208962116eb5f8674b
                                                                  • Instruction ID: 3658a145012d95da6dfef33bdcfd6f72dee23dc336fc8ac879234e64d996d77e
                                                                  • Opcode Fuzzy Hash: c18e156cffd1a6c84908e87f0ab522f7729488cc7d832b208962116eb5f8674b
                                                                  • Instruction Fuzzy Hash: 08515975608344DFD324CF29D884B6ABBE4FB89310F19892EE29AC7260E771D945CF52
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%