Edit tour

Windows Analysis Report
SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe

Overview

General Information

Sample name:	SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe
Analysis ID:	1543362
MD5:	8f8a0f2077cbfcd3629341d33bf37ce1
SHA1:	40a72524fbb37571df5d6aa2ca2b92084f07d17d
SHA256:	daf8cc294ba724439152137c2d028d6a54180d7f1ae98fec5a72c7bb11f9748a
Tags:	exe
Infos:

Detection

Score:	64
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Multi AV Scanner detection for submitted file

AI detected suspicious sample

Machine Learning detection for sample

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)

Contains functionality to dynamically determine API calls

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to query locales information (e.g. system language)

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Found evasive API chain checking for process token information

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

One or more processes crash

Sample execution stops while process was sleeping (likely an evasion)

Classification

Process Tree

System is w10x64

SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe (PID: 3500 cmdline: "C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe" MD5: 8F8A0F2077CBFCD3629341D33BF37CE1)

conhost.exe (PID: 6044 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 6180 cmdline: C:\Windows\system32\cmd.exe /c certutil -hashfile "C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe" MD5 | find /i /v "md5" | find /i /v "certutil" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

certutil.exe (PID: 4564 cmdline: certutil -hashfile "C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe" MD5 MD5: F17616EC0522FC5633151F7CAA278CAA)

find.exe (PID: 2228 cmdline: find /i /v "md5" MD5: 4BF76A28D31FC73AA9FC970B22D056AF)

find.exe (PID: 432 cmdline: find /i /v "certutil" MD5: 4BF76A28D31FC73AA9FC970B22D056AF)

cmd.exe (PID: 6640 cmdline: C:\Windows\system32\cmd.exe /c start cmd /C "color b && title Error && echo SSL connect error && timeout /t 5" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

cmd.exe (PID: 5652 cmdline: cmd /C "color b && title Error && echo SSL connect error && timeout /t 5" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 4304 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

timeout.exe (PID: 6480 cmdline: timeout /t 5 MD5: 100065E21CFBBDE57CBA2838921F84D6)

WerFault.exe (PID: 6768 cmdline: C:\Windows\system32\WerFault.exe -u -p 3500 -s 840 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)

cleanup

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe

Avira: detected

Multi AV Scanner detection for submitted file

Source: SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe

ReversingLabs: Detection: 65%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe

Joe Sandbox ML: detected

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe	Code function: -----BEGIN PUBLIC KEY-----		0_2_00007FF68407EB60
Source: SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe	Binary or memory string: -----BEGIN PUBLIC KEY-----

Source: unknown

HTTPS traffic detected: 104.26.0.5:443 -> 192.168.2.5:49708 version: TLS 1.2

Source: SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe

Code function: 0_2_00007FF6840BDED4 GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,__std_fs_open_handle,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,abort,GetFileInformationByHandleEx,GetLastError,CloseHandle,abort,GetFileInformationByHandleEx,GetLastError,CloseHandle,abort,CloseHandle,CloseHandle,abort,

0_2_00007FF6840BDED4

Source: Joe Sandbox View

IP Address: 104.26.0.5 104.26.0.5

Source: Joe Sandbox View

JA3 fingerprint: ce5f3254611a8c095a3d821d44539877

Source: unknown

UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe

Code function: 0_2_00007FF6840936A0 socket,htonl,setsockopt,bind,getsockname,listen,socket,connect,accept,send,recv,memcmp,closesocket,closesocket,closesocket,closesocket,

0_2_00007FF6840936A0

Source: global traffic

DNS traffic detected: DNS query: keyauth.win

Source: SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe	String found in binary or memory: https://curl.haxx.se/docs/http-cookies.html
Source: SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe	String found in binary or memory: https://curl.haxx.se/docs/http-cookies.html#
Source: SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe, 00000000.00000002.2086083684.00000158289BC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://keyauth.win/api/1.2/
Source: SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe, 00000000.00000002.2086083684.00000158289BC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://keyauth.win/api/1.2/8n
Source: SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe, 00000000.00000002.2086083684.00000158289BC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://keyauth.win/api/1.2/em

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708

Source: unknown

HTTPS traffic detected: 104.26.0.5:443 -> 192.168.2.5:49708 version: TLS 1.2

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe	Code function: 0_2_00007FF684087690	0_2_00007FF684087690
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe	Code function: 0_2_00007FF6840618A0	0_2_00007FF6840618A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe	Code function: 0_2_00007FF6840882B0	0_2_00007FF6840882B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe	Code function: 0_2_00007FF684086350	0_2_00007FF684086350
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe	Code function: 0_2_00007FF684045A3D	0_2_00007FF684045A3D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe	Code function: 0_2_00007FF684061B50	0_2_00007FF684061B50
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe	Code function: 0_2_00007FF684066B89	0_2_00007FF684066B89
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe	Code function: 0_2_00007FF684069C60	0_2_00007FF684069C60
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe	Code function: 0_2_00007FF684056570	0_2_00007FF684056570
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe	Code function: 0_2_00007FF684068560	0_2_00007FF684068560
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe	Code function: 0_2_00007FF68405E583	0_2_00007FF68405E583
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe	Code function: 0_2_00007FF684049619	0_2_00007FF684049619
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe	Code function: 0_2_00007FF684074690	0_2_00007FF684074690
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe	Code function: 0_2_00007FF6840626E0	0_2_00007FF6840626E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe	Code function: 0_2_00007FF684069790	0_2_00007FF684069790
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe	Code function: 0_2_00007FF684056890	0_2_00007FF684056890
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe	Code function: 0_2_00007FF68406489E	0_2_00007FF68406489E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe	Code function: 0_2_00007FF684096900	0_2_00007FF684096900
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe	Code function: 0_2_00007FF684054900	0_2_00007FF684054900
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe	Code function: 0_2_00007FF684064150	0_2_00007FF684064150
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe	Code function: 0_2_00007FF6840451F0	0_2_00007FF6840451F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe	Code function: 0_2_00007FF68405D22C	0_2_00007FF68405D22C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe	Code function: 0_2_00007FF684056240	0_2_00007FF684056240
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe	Code function: 0_2_00007FF684062270	0_2_00007FF684062270
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe	Code function: 0_2_00007FF684041330	0_2_00007FF684041330
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe	Code function: 0_2_00007FF68405D31A	0_2_00007FF68405D31A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe	Code function: 0_2_00007FF684078420	0_2_00007FF684078420
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe	Code function: 0_2_00007FF68405E45E	0_2_00007FF68405E45E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe	Code function: 0_2_00007FF684044480	0_2_00007FF684044480
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe	Code function: 0_2_00007FF6840914D0	0_2_00007FF6840914D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe	Code function: 0_2_00007FF684082DB0	0_2_00007FF684082DB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe	Code function: 0_2_00007FF6840AEEB0	0_2_00007FF6840AEEB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe	Code function: 0_2_00007FF6840BDED4	0_2_00007FF6840BDED4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe	Code function: 0_2_00007FF6840AFEE0	0_2_00007FF6840AFEE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe	Code function: 0_2_00007FF684056EE0	0_2_00007FF684056EE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe	Code function: 0_2_00007FF684055F00	0_2_00007FF684055F00
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe	Code function: 0_2_00007FF684094020	0_2_00007FF684094020
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe	Code function: 0_2_00007FF68409B040	0_2_00007FF68409B040
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe	Code function: 0_2_00007FF684080080	0_2_00007FF684080080
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe	Code function: 0_2_00007FF6840890F0	0_2_00007FF6840890F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe	Code function: 0_2_00007FF68404F994	0_2_00007FF68404F994
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe	Code function: 0_2_00007FF684065A60	0_2_00007FF684065A60
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe	Code function: 0_2_00007FF684056BB0	0_2_00007FF684056BB0

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe	Code function: String function: 00007FF684085340 appears 146 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe	Code function: String function: 00007FF684070230 appears 49 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe	Code function: String function: 00007FF6840854C0 appears 127 times

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe

Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 3500 -s 840

Source: classification engine

Classification label: mal64.winEXE@18/1@1/2

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe

Code function: 0_2_00007FF68406ECB0 GetLastError,_errno,FormatMessageA,strchr,strncpy,_errno,_errno,GetLastError,SetLastError,

0_2_00007FF68406ECB0

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6044:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4304:120:WilError_03
Source: C:\Windows\System32\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6768:120:WilError_03

Source: C:\Windows\System32\WerFault.exe

File created: C:\ProgramData\Microsoft\Windows\WER\Temp\4873ecc0-53a5-4e36-8946-e9a11c50a0dd

Jump to behavior

Source: SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe

ReversingLabs: Detection: 65%

Source: SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe

String found in binary or memory: iphlpapi.dllif_nametoindexkernel32LoadLibraryExA\/AddDllDirectory n

Source: unknown	Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c certutil -hashfile "C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe" MD5 \| find /i /v "md5" \| find /i /v "certutil"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\certutil.exe certutil -hashfile "C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe" MD5
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\find.exe find /i /v "md5"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\find.exe find /i /v "certutil"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c start cmd /C "color b && title Error && echo SSL connect error && timeout /t 5"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cmd.exe cmd /C "color b && title Error && echo SSL connect error && timeout /t 5"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\timeout.exe timeout /t 5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe	Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 3500 -s 840
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c certutil -hashfile "C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe" MD5 \| find /i /v "md5" \| find /i /v "certutil"	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c start cmd /C "color b && title Error && echo SSL connect error && timeout /t 5"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\certutil.exe certutil -hashfile "C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe" MD5	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\find.exe find /i /v "md5"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\find.exe find /i /v "certutil"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cmd.exe cmd /C "color b && title Error && echo SSL connect error && timeout /t 5"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\timeout.exe timeout /t 5	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe	Section loaded: msvcp140.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe	Section loaded: vcruntime140_1.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe	Section loaded: vcruntime140_1.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Windows\System32\certutil.exe	Section loaded: certcli.dll	Jump to behavior
Source: C:\Windows\System32\certutil.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\Windows\System32\certutil.exe	Section loaded: cryptui.dll	Jump to behavior
Source: C:\Windows\System32\certutil.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\System32\certutil.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\System32\certutil.exe	Section loaded: ntdsapi.dll	Jump to behavior
Source: C:\Windows\System32\certutil.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\certutil.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\System32\certutil.exe	Section loaded: certca.dll	Jump to behavior
Source: C:\Windows\System32\certutil.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\certutil.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Windows\System32\certutil.exe	Section loaded: logoncli.dll	Jump to behavior
Source: C:\Windows\System32\certutil.exe	Section loaded: dsrole.dll	Jump to behavior
Source: C:\Windows\System32\certutil.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\certutil.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\certutil.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\System32\certutil.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\certutil.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\find.exe	Section loaded: ulib.dll	Jump to behavior
Source: C:\Windows\System32\find.exe	Section loaded: fsutilext.dll	Jump to behavior
Source: C:\Windows\System32\find.exe	Section loaded: ulib.dll	Jump to behavior
Source: C:\Windows\System32\find.exe	Section loaded: fsutilext.dll	Jump to behavior
Source: C:\Windows\System32\timeout.exe	Section loaded: version.dll	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe

Static PE information: Image base 0x140000000 > 0x60000000

Source: SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source: SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe

Code function: 0_2_00007FF6840882B0 WSAStartup,WSACleanup,GetModuleHandleA,GetProcAddress,strpbrk,LoadLibraryA,GetProcAddress,LoadLibraryExA,GetSystemDirectoryA,malloc,GetSystemDirectoryA,LoadLibraryA,free,GetProcAddress,if_nametoindex,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoA,QueryPerformanceFrequency,

0_2_00007FF6840882B0

Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe

Check user administrative privileges: GetTokenInformation,DecisionNodes

graph_0-36538

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe

API coverage: 6.2 %

Source: C:\Windows\System32\timeout.exe TID: 4164

Thread sleep count: 38 > 30

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe

0_2_00007FF6840BDED4

Source: SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe, 00000000.00000002.2086083684.00000158289BC000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll~~

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe

Code function: 0_2_00007FF6840BF348 memset,GetLastError,IsDebuggerPresent,OutputDebugStringW,

0_2_00007FF6840BF348

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe

Code function: 0_2_00007FF6840BF348 memset,GetLastError,IsDebuggerPresent,OutputDebugStringW,

0_2_00007FF6840BF348

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe

0_2_00007FF6840882B0

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe

Code function: 0_2_00007FF684072D90 GetProcessHeap,

0_2_00007FF684072D90

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe

Code function: 0_2_00007FF6840BEB10 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,

0_2_00007FF6840BEB10

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c certutil -hashfile "C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe" MD5 \| find /i /v "md5" \| find /i /v "certutil"	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c start cmd /C "color b && title Error && echo SSL connect error && timeout /t 5"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\certutil.exe certutil -hashfile "C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe" MD5	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\find.exe find /i /v "md5"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\find.exe find /i /v "certutil"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cmd.exe cmd /C "color b && title Error && echo SSL connect error && timeout /t 5"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\timeout.exe timeout /t 5	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe

Code function: GetLocaleInfoEx,FormatMessageA,

0_2_00007FF6840BDB20

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe

Code function: 0_2_00007FF6840BF1C4 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

0_2_00007FF6840BF1C4

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe	Code function: 0_2_00007FF6840936A0 socket,htonl,setsockopt,bind,getsockname,listen,socket,connect,accept,send,recv,memcmp,closesocket,closesocket,closesocket,closesocket,		0_2_00007FF6840936A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe	Code function: 0_2_00007FF684087000 memset,strncmp,strncmp,strchr,htons,atoi,htons,htons,bind,htons,bind,getsockname,WSAGetLastError,WSAGetLastError,		0_2_00007FF684087000

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	2 Command and Scripting Interpreter	1 DLL Side-Loading	11 Process Injection	1 Virtualization/Sandbox Evasion	OS Credential Dumping	1 System Time Discovery	Remote Services	11 Archive Collected Data	12 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	2 Native API	Boot or Logon Initialization Scripts	1 DLL Side-Loading	11 Process Injection	LSASS Memory	31 Security Software Discovery	Remote Desktop Protocol	Data from Removable Media	1 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 Deobfuscate/Decode Files or Information	Security Account Manager	1 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 Obfuscated Files or Information	NTDS	1 File and Directory Discovery	Distributed Component Object Model	Input Capture	2 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 DLL Side-Loading	LSA Secrets	12 System Information Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label
SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe	66%	ReversingLabs	Win64.Trojan.Dacic
SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe	100%	Avira	HEUR/AGEN.1315669
SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Label	Link
https://curl.haxx.se/docs/http-cookies.html	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
keyauth.win	104.26.0.5	true	false		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://keyauth.win/api/1.2/em	SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe, 00000000.00000002.2086083684.00000158289BC000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://keyauth.win/api/1.2/8n	SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe, 00000000.00000002.2086083684.00000158289BC000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://curl.haxx.se/docs/http-cookies.html	SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe	false	URL Reputation: safe	unknown
https://curl.haxx.se/docs/http-cookies.html#	SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe	false		unknown
https://keyauth.win/api/1.2/	SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe, 00000000.00000002.2086083684.00000158289BC000.00000004.00000020.00020000.00000000.sdmp	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
104.26.0.5	keyauth.win	United States		13335	CLOUDFLARENETUS	false

Private

IP
127.0.0.1

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1543362
Start date and time:	2024-10-27 18:38:14 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 47s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	16
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe
Detection:	MAL
Classification:	mal64.winEXE@18/1@1/2
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 90% Number of executed functions: 48 Number of non-executed functions: 191
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, d.4.1.9.1.6.7.1.0.0.0.0.0.0.0.0.1.0.0.9.0.0.1.f.1.1.1.0.1.0.a.2.ip6.arpa, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing disassembly code.
VT rate limit hit for: SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
104.26.0.5	SecuriteInfo.com.Variant.Tedy.627915.599.8749.exe	Get hash	malicious	Unknown	Browse
	SecuriteInfo.com.Variant.Tedy.627915.599.8749.exe	Get hash	malicious	Unknown	Browse
	lUAc7lqa56.exe	Get hash	malicious	Unknown	Browse
	xVmySfWfcW.exe	Get hash	malicious	Unknown	Browse
	LDlanZur0i.exe	Get hash	malicious	Unknown	Browse
	xxImTScxAq.exe	Get hash	malicious	Unknown	Browse
	4aOgNkVU5z.exe	Get hash	malicious	Unknown	Browse
	xVmySfWfcW.exe	Get hash	malicious	Unknown	Browse
	dGuXzI4UlT.exe	Get hash	malicious	Unknown	Browse
	vjlICWbvGT.exe	Get hash	malicious	Unknown	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
keyauth.win	SecuriteInfo.com.Variant.Tedy.627915.599.8749.exe	Get hash	malicious	Unknown	Browse	104.26.0.5
	SecuriteInfo.com.Variant.Tedy.627915.599.8749.exe	Get hash	malicious	Unknown	Browse	104.26.0.5
	lUAc7lqa56.exe	Get hash	malicious	Unknown	Browse	104.26.0.5
	xVmySfWfcW.exe	Get hash	malicious	Unknown	Browse	104.26.0.5
	LDlanZur0i.exe	Get hash	malicious	Unknown	Browse	104.26.0.5
	Fa1QSXjTZD.exe	Get hash	malicious	Unknown	Browse	104.26.1.5
	xxImTScxAq.exe	Get hash	malicious	Unknown	Browse	104.26.0.5
	4aOgNkVU5z.exe	Get hash	malicious	Unknown	Browse	104.26.0.5
	xVmySfWfcW.exe	Get hash	malicious	Unknown	Browse	104.26.0.5
	dGuXzI4UlT.exe	Get hash	malicious	Unknown	Browse	104.26.0.5

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	f6ffg1sZS2.exe	Get hash	malicious	Babuk, Djvu	Browse	188.114.96.3
	wo4POc0NG1.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc	Browse	172.67.170.64
	K3SRs78CAv.exe	Get hash	malicious	LummaC	Browse	188.114.97.3
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc	Browse	104.21.95.91
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	172.64.41.3
	file.exe	Get hash	malicious	LummaC	Browse	104.21.95.91
	file.exe	Get hash	malicious	LummaC	Browse	104.21.95.91
	SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe	Get hash	malicious	LummaC	Browse	104.21.64.165
	MilkaCheats.exe	Get hash	malicious	LummaC	Browse	172.67.170.64
	file.exe	Get hash	malicious	LummaC	Browse	172.67.170.64

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
ce5f3254611a8c095a3d821d44539877	SecuriteInfo.com.Variant.Tedy.627915.599.8749.exe	Get hash	malicious	Unknown	Browse	104.26.0.5
	SecuriteInfo.com.Variant.Tedy.627915.599.8749.exe	Get hash	malicious	Unknown	Browse	104.26.0.5
	lUAc7lqa56.exe	Get hash	malicious	Unknown	Browse	104.26.0.5
	SecuriteInfo.com.FileRepMalware.12632.12594.exe	Get hash	malicious	Unknown	Browse	104.26.0.5
	SecuriteInfo.com.FileRepMalware.8628.17723.exe	Get hash	malicious	Unknown	Browse	104.26.0.5
	SecuriteInfo.com.Win64.MalwareX-gen.29573.28124.exe	Get hash	malicious	Unknown	Browse	104.26.0.5
	Iyto7FYCJO.exe	Get hash	malicious	Unknown	Browse	104.26.0.5
	SecuriteInfo.com.Win64.Evo-gen.20301.32747.exe	Get hash	malicious	Unknown	Browse	104.26.0.5
	SecuriteInfo.com.Win64.MalwareX-gen.32411.29244.exe	Get hash	malicious	Unknown	Browse	104.26.0.5
	Frozen_Slotted.exe	Get hash	malicious	Unknown	Browse	104.26.0.5

Process:	C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	908
Entropy (8bit):	2.7140462697065146
Encrypted:	false
SSDEEP:	6:X6xARxNFz//7jNLjj0jxARxSBF623HZqkDeDFyF2eQj4tj9qC+tr+S4E+8n:jFz//V6BF/5qa4W2ep9qCq6Sd+G
MD5:	434878B0D3BEDE71DA70AE4FBD6174BA
SHA1:	ECAD00A6FCBA5B8BC49E3D41BC710FC3C12D3F92
SHA-256:	8B085B32AF84B8680DAAC73160856C0B8847F3903AD80C4F8FBCB6E6AB30F12B
SHA-512:	5B437CE3B1E2C885B2508EC35154708CB155C88DA7F6BEB00165203544855BF49F6A726CA3967F0D3461F2CE552FEBFBE2CC171B2DA0A3D9BD8F7F2F820E0C35
Malicious:	false
Preview:	.. ________ _______ __ ______ ______ _______ ________ _______ ..\| \\| \ \| \ / \ / \ \| \ \| \\| \ .. \$$$$$$$$\| $$$$$$$\ \| $$ \| $$$$$$\\| $$$$$$\\| $$$$$$$\\| $$$$$$$$\| $$$$$$$\.. \| $$ \| $$ \| $$ \| $$ \| $$ \| $$\| $$__\| $$\| $$ \| $$\| $$__ \| $$__\| $$.. \| $$ \| $$ \| $$ \| $$ \| $$ \| $$\| $$ $$\| $$ \| $$\| $$ \ \| $$ $$.. \| $$ \| $$ \| $$ \| $$ \| $$ \| $$\| $$$$$$$$\| $$ \| $$\| $$$$$ \| $$$$$$$\.. \| $$ \| $$__/ $$ \| $$_____ \| $$__/ $$\| $$ \| $$\| $$__/ $$\| $$_____ \| $$ \| $$.. \| $$ \| $$ $$ \| $$ \ \$$ $$\| $$ \| $$\| $$ $$\| $$ \\| $$ \| $$.. \$$ \$$$$$$$ \$$$$$$$$ \$$$$$$ \$$ \$$ \$$$$$$$ \$$$$$$$$ \$$ \$$.... Copyright: 2020-2024 Tyhlu Designs, 2023-2024 TD Cheats. All rights reserved..... .... Connecting...

Static File Info

General

File type:	PE32+ executable (console) x86-64, for MS Windows
Entropy (8bit):	6.448209019269355
TrID:	Win64 Executable Console (202006/5) 92.65% Win64 Executable (generic) (12005/4) 5.51% Generic Win/DOS Executable (2004/3) 0.92% DOS Executable Generic (2002/1) 0.92% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe
File size:	678'912 bytes
MD5:	8f8a0f2077cbfcd3629341d33bf37ce1
SHA1:	40a72524fbb37571df5d6aa2ca2b92084f07d17d
SHA256:	daf8cc294ba724439152137c2d028d6a54180d7f1ae98fec5a72c7bb11f9748a
SHA512:	ac26fcfc0f095e2bf5288775271b16e70b82af94e493a46bef90b08c485bf4a779d71e1f3887fbf56828b9f27ee398539c2fe218f42e9e182f17982a22c35181
SSDEEP:	12288:RPKyBIA3+tpT+DiDqTtWY7HCkLm387Qv3Iwmqy2:RnBI++bT4imd7HCIW8aYwmqy
TLSH:	3FE47C6663A805FDD1A7C13ED547C613E7B2B44A131197DB03E08A792F23AE56E3E720
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......;d..............v}..i...y.e.w...y...u...y...{...y...Z...y...y...4}..d............u......kz..}...kz..}.......}.....g.~.......~..

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0x14007e820
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x140000000
Subsystem:	windows cui
Image File Characteristics:	EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics:	HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:	0x65F0235F [Tue Mar 12 09:41:51 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	8fde999cb346822ba72bb22b1c8eea24

Entrypoint Preview

Instruction
dec eax
sub esp, 28h
call 00007FA931234650h
dec eax
add esp, 28h
jmp 00007FA931233B27h
int3
int3
inc eax
push ebx
dec eax
sub esp, 20h
dec eax
mov ebx, ecx
dec eax
lea ecx, dword ptr [00023604h]
call dword ptr [00003A56h]
mov eax, dword ptr [00022824h]
dec eax
lea ecx, dword ptr [000235F1h]
mov edx, dword ptr [000235F3h]
inc eax
mov dword ptr [0002280Fh], eax
mov dword ptr [ebx], eax
dec eax
mov eax, dword ptr [00000058h]
inc ecx
mov ecx, 00000004h
dec esp
mov eax, dword ptr [eax+edx*8]
mov eax, dword ptr [000227F4h]
inc ebx
mov dword ptr [ecx+eax], eax
call dword ptr [00003A1Eh]
dec eax
lea ecx, dword ptr [000235AFh]
dec eax
add esp, 20h
pop ebx
dec eax
jmp dword ptr [000039FBh]
int3
int3
int3
inc eax
push ebx
dec eax
sub esp, 20h
dec eax
mov ebx, ecx
dec eax
lea ecx, dword ptr [00023598h]
call dword ptr [000039EAh]
cmp dword ptr [ebx], 00000000h
jne 00007FA931233CD4h
or dword ptr [ebx], FFFFFFFFh
jmp 00007FA931233CF7h
inc ebp
xor ecx, ecx
dec eax
lea edx, dword ptr [0002357Eh]
inc ecx
or eax, FFFFFFFFh
dec eax
lea ecx, dword ptr [0002356Bh]
call dword ptr [000039B5h]
jmp 00007FA931233C8Bh
cmp dword ptr [ebx], FFFFFFFFh
je 00007FA931233C90h
dec eax
mov eax, dword ptr [00000058h]

Rich Headers

Programming Language:

[IMP] VS2008 SP1 build 30729

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x9cf40	0x21c	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0xa9000	0x1e8	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0xa3000	0x52ec	.pdata
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0xaa000	0x614	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x92b60	0x38	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x92c00	0x28	.rdata
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x92a20	0x140	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x82000	0xc40	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x809b0	0x80a00	48d3b891b4de7761bff0a3a9f255bbbd	False	0.5113277453838678	data	6.372398896627008	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x82000	0x1e2c6	0x1e400	b5d6422e18c473be8ba60a6c66ecf4a5	False	0.38821991219008267	data	5.675715594677276	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0xa1000	0x17f8	0xc00	8f6facb7d7af56a0506bcf1882509d8c	False	0.19986979166666666	data	4.142906755061736	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.pdata	0xa3000	0x52ec	0x5400	0f6c063fd8c7a30d976e3c4ee499be93	False	0.4853515625	data	5.808578835799168	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.rsrc	0xa9000	0x1e8	0x200	750412ba0246dedb4b9b41d91e308d32	False	0.541015625	data	4.762595083624659	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0xaa000	0x614	0x800	83536656970e1d8db73040fc9ceaff76	False	0.44384765625	data	4.623832176615856	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_MANIFEST	0xa9060	0x188	XML 1.0 document, ASCII text, with CRLF line terminators	English	United States	0.5892857142857143

Imports

DLL	Import
KERNEL32.dll	MoveFileExA, WaitForSingleObjectEx, MultiByteToWideChar, GetEnvironmentVariableA, GetFileType, ReadFile, PeekNamedPipe, WaitForMultipleObjects, CreateFileA, GetFileSizeEx, WideCharToMultiByte, OutputDebugStringW, InitializeSListHead, GetSystemTimeAsFileTime, GetCurrentThreadId, GetCurrentProcessId, EnterCriticalSection, LocalFree, FormatMessageA, SetLastError, QueryFullProcessImageNameW, GetModuleHandleW, GetModuleHandleA, GetModuleFileNameW, GetModuleFileNameA, UnmapViewOfFile, MapViewOfFile, CreateFileMappingW, VirtualProtect, CreateThread, GetCurrentProcess, DeleteCriticalSection, InitializeCriticalSectionEx, GetProcessHeap, HeapSize, HeapFree, QueryPerformanceCounter, IsDebuggerPresent, IsProcessorFeaturePresent, TerminateProcess, SetUnhandledExceptionFilter, UnhandledExceptionFilter, RtlVirtualUnwind, RtlLookupFunctionEntry, RtlCaptureContext, SleepConditionVariableSRW, WakeAllConditionVariable, AcquireSRWLockExclusive, ReleaseSRWLockExclusive, GetFileInformationByHandleEx, AreFileApisANSI, GetFileAttributesExW, FindFirstFileW, FindClose, CreateDirectoryW, GetCurrentDirectoryW, GetLocaleInfoEx, GetTickCount, VerifyVersionInfoA, LoadLibraryA, GetProcAddress, FreeLibrary, GetSystemDirectoryA, QueryPerformanceFrequency, SleepEx, VerSetConditionMask, HeapReAlloc, HeapAlloc, SetConsoleTextAttribute, HeapDestroy, GetLastError, CreateFileW, SetConsoleTitleA, CloseHandle, Sleep, SetFileAttributesW, GetFileAttributesW, GetStdHandle, LeaveCriticalSection
USER32.dll	MessageBoxA
ADVAPI32.dll	CryptAcquireContextA, AddAccessAllowedAce, GetLengthSid, GetTokenInformation, InitializeAcl, IsValidSid, SetSecurityInfo, CopySid, ConvertSidToStringSidA, CryptReleaseContext, CryptGetHashParam, CryptGenRandom, CryptCreateHash, CryptHashData, CryptDestroyHash, CryptEncrypt, CryptImportKey, CryptDestroyKey, OpenProcessToken
SHELL32.dll	ShellExecuteA
MSVCP140.dll	??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ, ?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z, ??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ, ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z, ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z, ?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z, ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ, ??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ, ??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAH@Z, ?getloc@ios_base@std@@QEBA?AVlocale@2@XZ, ?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z, ?always_noconv@codecvt_base@std@@QEBA_NXZ, ?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z, ?setf@ios_base@std@@QEAAHHH@Z, ?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ, ?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z, ?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z, ?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAADD@Z, ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z, ??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z, ??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ, ?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z, ?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z, ?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ, ?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z, ?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ, ?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ, ?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ, ??Bid@locale@std@@QEAA_KXZ, _Query_perf_frequency, ??1_Lockit@std@@QEAA@XZ, ??0_Lockit@std@@QEAA@H@Z, ?_Throw_Cpp_error@std@@YAXH@Z, ?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A, ?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ, ?uncaught_exception@std@@YA_NXZ, ?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A, ?_Xout_of_range@std@@YAXPEBD@Z, ?_Winerror_map@std@@YAHH@Z, ?_Xbad_function_call@std@@YAXXZ, ?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A, ?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z, ?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z, ?id@?$ctype@D@std@@2V0locale@2@A, ?_Xlength_error@std@@YAXPEBD@Z, ?_Syserror_map@std@@YAPEBDH@Z, _Cnd_do_broadcast_at_thread_exit, _Thrd_sleep, _Query_perf_counter, _Xtime_get_ticks, ?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z, ?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ, ?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ, ??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ, ??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z, ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ, ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z, ?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ, ?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ, ?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z, ?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ, ?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ, ?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z, ?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ, ?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ, ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z, ?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z, ?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z, ?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z, ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ, ?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ, ?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z, ?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ, ?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z, ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ, ??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z, ?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z, ?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z, ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z, ?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ, ?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
SHLWAPI.dll	PathFindFileNameW
Normaliz.dll	IdnToAscii
WLDAP32.dll
CRYPT32.dll	CertFreeCertificateChainEngine, CertCreateCertificateChainEngine, CryptQueryObject, CertGetNameStringA, CertGetCertificateChain, CertFindExtension, CertFreeCertificateChain, CryptDecodeObjectEx, PFXImportCertStore, CryptStringToBinaryA, CertFreeCertificateContext, CertFindCertificateInStore, CertEnumCertificatesInStore, CertCloseStore, CertAddCertificateContextToStore, CertOpenStore
WS2_32.dll	htonl, setsockopt, getaddrinfo, select, accept, WSACleanup, socket, WSASetLastError, WSAIoctl, WSAStartup, closesocket, recv, send, WSAGetLastError, bind, connect, getpeername, listen, getsockname, getsockopt, htons, ntohs, freeaddrinfo, recvfrom, sendto, gethostname, ioctlsocket, __WSAFDIsSet, ntohl
RPCRT4.dll	UuidToStringA, RpcStringFreeA, UuidCreate
PSAPI.DLL	GetModuleInformation
USERENV.dll	UnloadUserProfile
VCRUNTIME140_1.dll	__CxxFrameHandler4
VCRUNTIME140.dll	__C_specific_handler, strstr, strrchr, __current_exception, __current_exception_context, strchr, __std_exception_destroy, __std_exception_copy, __std_terminate, _CxxThrowException, memchr, memcmp, memcpy, memmove, memset
api-ms-win-crt-runtime-l1-1-0.dll	_initialize_narrow_environment, _initialize_onexit_table, _register_onexit_function, _crt_atexit, _cexit, _seh_filter_exe, _set_app_type, _configure_narrow_argv, _get_initial_narrow_environment, _initterm_e, _exit, _invalid_parameter_noinfo, __p___argc, __p___argv, _c_exit, _register_thread_local_exe_atexit_callback, strerror, _getpid, _resetstkoflw, terminate, abort, _errno, _invalid_parameter_noinfo_noreturn, _initterm, _beginthreadex, system, __sys_nerr, exit
api-ms-win-crt-stdio-l1-1-0.dll	_pclose, fclose, _popen, _close, fgets, fflush, fseek, feof, __acrt_iob_func, __stdio_common_vsscanf, fputs, fopen, _get_stream_buffer_pointers, _lseeki64, _fseeki64, fread, fsetpos, ungetc, setvbuf, fgetpos, fgetc, __stdio_common_vsprintf, _write, fwrite, _read, __p__commode, _set_fmode, fputc, _open, ftell
api-ms-win-crt-heap-l1-1-0.dll	calloc, malloc, free, _set_new_mode, realloc, _callnewh
api-ms-win-crt-math-l1-1-0.dll	_dsign, __setusermatherr, _dclass
api-ms-win-crt-string-l1-1-0.dll	strpbrk, tolower, strncpy, strcmp, _strdup, strcspn, strspn, strncmp, isupper
api-ms-win-crt-convert-l1-1-0.dll	strtoul, strtod, strtol, atoi, strtoll, strtoull
api-ms-win-crt-filesystem-l1-1-0.dll	_fstat64, _unlock_file, _access, _lock_file, remove, _stat64, _unlink
api-ms-win-crt-time-l1-1-0.dll	_localtime64, _time64, _gmtime64, strftime
api-ms-win-crt-locale-l1-1-0.dll	_configthreadlocale, localeconv, ___lc_codepage_func
api-ms-win-crt-utility-l1-1-0.dll	rand, qsort
api-ms-win-crt-environment-l1-1-0.dll	getenv

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 27, 2024 18:39:08.124013901 CET	49708	443	192.168.2.5	104.26.0.5
Oct 27, 2024 18:39:08.124051094 CET	443	49708	104.26.0.5	192.168.2.5
Oct 27, 2024 18:39:08.124385118 CET	49708	443	192.168.2.5	104.26.0.5
Oct 27, 2024 18:39:08.137099981 CET	49708	443	192.168.2.5	104.26.0.5
Oct 27, 2024 18:39:08.137114048 CET	443	49708	104.26.0.5	192.168.2.5
Oct 27, 2024 18:39:08.761173010 CET	443	49708	104.26.0.5	192.168.2.5
Oct 27, 2024 18:39:08.761249065 CET	49708	443	192.168.2.5	104.26.0.5
Oct 27, 2024 18:39:09.628288984 CET	49708	443	192.168.2.5	104.26.0.5
Oct 27, 2024 18:39:09.628305912 CET	443	49708	104.26.0.5	192.168.2.5
Oct 27, 2024 18:39:09.628336906 CET	49708	443	192.168.2.5	104.26.0.5
Oct 27, 2024 18:39:09.628597021 CET	443	49708	104.26.0.5	192.168.2.5
Oct 27, 2024 18:39:09.628662109 CET	49708	443	192.168.2.5	104.26.0.5

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 27, 2024 18:39:08.104480028 CET	53739	53	192.168.2.5	1.1.1.1
Oct 27, 2024 18:39:08.117630959 CET	53	53739	1.1.1.1	192.168.2.5
Oct 27, 2024 18:39:48.529230118 CET	53	50789	162.159.36.2	192.168.2.5
Oct 27, 2024 18:39:49.165055037 CET	53	59769	1.1.1.1	192.168.2.5

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 27, 2024 18:39:08.104480028 CET	192.168.2.5	1.1.1.1	0x891d	Standard query (0)	keyauth.win	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Oct 27, 2024 18:39:08.117630959 CET	1.1.1.1	192.168.2.5	0x891d	No error (0)	keyauth.win	104.26.0.5	A (IP address)	IN (0x0001)	false
Oct 27, 2024 18:39:08.117630959 CET	1.1.1.1	192.168.2.5	0x891d	No error (0)	keyauth.win	104.26.1.5	A (IP address)	IN (0x0001)	false
Oct 27, 2024 18:39:08.117630959 CET	1.1.1.1	192.168.2.5	0x891d	No error (0)	keyauth.win	172.67.72.57	A (IP address)	IN (0x0001)	false

Target ID:	0
Start time:	13:39:05
Start date:	27/10/2024
Path:	C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe"
Imagebase:	0x7ff684040000
File size:	678'912 bytes
MD5 hash:	8F8A0F2077CBFCD3629341D33BF37CE1
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	1
Start time:	13:39:05
Start date:	27/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	13:39:07
Start date:	27/10/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\cmd.exe /c certutil -hashfile "C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe" MD5 \| find /i /v "md5" \| find /i /v "certutil"
Imagebase:	0x7ff7067a0000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	13:39:07
Start date:	27/10/2024
Path:	C:\Windows\System32\certutil.exe
Wow64 process (32bit):	false
Commandline:	certutil -hashfile "C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe" MD5
Imagebase:	0x7ff6bc610000
File size:	1'651'712 bytes
MD5 hash:	F17616EC0522FC5633151F7CAA278CAA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	5
Start time:	13:39:07
Start date:	27/10/2024
Path:	C:\Windows\System32\find.exe
Wow64 process (32bit):	false
Commandline:	find /i /v "md5"
Imagebase:	0x7ff7f8150000
File size:	17'920 bytes
MD5 hash:	4BF76A28D31FC73AA9FC970B22D056AF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	13:39:07
Start date:	27/10/2024
Path:	C:\Windows\System32\find.exe
Wow64 process (32bit):	false
Commandline:	find /i /v "certutil"
Imagebase:	0x7ff7f8150000
File size:	17'920 bytes
MD5 hash:	4BF76A28D31FC73AA9FC970B22D056AF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	13:39:09
Start date:	27/10/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\cmd.exe /c start cmd /C "color b && title Error && echo SSL connect error && timeout /t 5"
Imagebase:	0x7ff7067a0000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	13:39:09
Start date:	27/10/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	cmd /C "color b && title Error && echo SSL connect error && timeout /t 5"
Imagebase:	0x7ff7067a0000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	9
Start time:	13:39:09
Start date:	27/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	12
Start time:	13:39:09
Start date:	27/10/2024
Path:	C:\Windows\System32\timeout.exe
Wow64 process (32bit):	false
Commandline:	timeout /t 5
Imagebase:	0x7ff6970a0000
File size:	32'768 bytes
MD5 hash:	100065E21CFBBDE57CBA2838921F84D6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	13
Start time:	13:39:09
Start date:	27/10/2024
Path:	C:\Windows\System32\WerFault.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\WerFault.exe -u -p 3500 -s 840
Imagebase:	0x7ff787c60000
File size:	570'736 bytes
MD5 hash:	FD27D9F6D02763BDE32511B5DF7FF7A0
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	5.2%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	29.7%
Total number of Nodes:	1991
Total number of Limit Nodes:	83

Executed Functions

Function 00007FF684045A3D Relevance: 129.5, APIs: 47, Strings: 26, Instructions: 1789
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF684045C66
GetStdHandle.KERNEL32 ref: 00007FF684045CBB
SetConsoleTextAttribute.KERNELBASE ref: 00007FF684045CCA
_beginthreadex.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF684045D04
GetStdHandle.KERNEL32 ref: 00007FF684045D8D
SetConsoleTextAttribute.KERNELBASE ref: 00007FF684045D9C
SetConsoleTextAttribute.KERNELBASE ref: 00007FF684045DA8
SleepEx.KERNELBASE ref: 00007FF684045F73
Sleep.KERNEL32 ref: 00007FF684045FEF
exit.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF684045FFA
__std_fs_code_page.MSVCPRT ref: 00007FF684046014
remove.API-MS-WIN-CRT-FILESYSTEM-L1-1-0 ref: 00007FF684046178
Sleep.KERNEL32 ref: 00007FF6840461DF
exit.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF6840461EA
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF6840463EE
remove.API-MS-WIN-CRT-FILESYSTEM-L1-1-0 ref: 00007FF6840464FE
Sleep.KERNEL32 ref: 00007FF684046565
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF684046762
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF6840467BD
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAH@Z.MSVCP140 ref: 00007FF6840469C2
Sleep.KERNEL32 ref: 00007FF684046B7F
exit.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF684046B8A
Sleep.KERNEL32 ref: 00007FF684046FB0
exit.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF684046FBB

Part of subcall function 00007FF6840451F0: memset.VCRUNTIME140 ref: 00007FF684045413
Part of subcall function 00007FF6840451F0: ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ.MSVCP140 ref: 00007FF684045434
Part of subcall function 00007FF6840451F0: ??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z.MSVCP140 ref: 00007FF684045450
Part of subcall function 00007FF6840451F0: ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ.MSVCP140 ref: 00007FF684045481
Part of subcall function 00007FF6840451F0: ?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ.MSVCP140 ref: 00007FF68404549E

exit.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF684046570

Part of subcall function 00007FF68404C3C0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FF68404119B), ref: 00007FF68404C46D
Part of subcall function 00007FF68404C3C0: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF68404C4B7

Part of subcall function 00007FF6840448C0: __std_fs_code_page.MSVCPRT ref: 00007FF68404491A
Part of subcall function 00007FF6840448C0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF684044982

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF684046075

Part of subcall function 00007FF68404C3C0: memcpy.VCRUNTIME140(?,?,?,?,00007FF68404119B), ref: 00007FF68404C3F8

Part of subcall function 00007FF68404C3C0: memcpy.VCRUNTIME140(?,?,?,?,00007FF68404119B), ref: 00007FF68404C499

Part of subcall function 00007FF684044E60: __std_fs_code_page.MSVCPRT ref: 00007FF684044EB3
Part of subcall function 00007FF684044E60: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF684044F1A

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF6840471D1
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF684047210
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68404724F
SetConsoleTextAttribute.KERNEL32 ref: 00007FF684047263

Strings

J, xrefs: 00007FF684046EF9
C:\Windows\System32\WindowIME.exe, xrefs: 00007FF6840478A5, 00007FF6840478B5
[, xrefs: 00007FF684047540
start C:\Windows\System32\WindowIME.exe, xrefs: 00007FF684047918
}", xrefs: 00007FF684046F2E
HD, xrefs: 00007FF684047593
________ _______ __ ______ ______ _______ ________ _______ | \| \ | \ / \ / \ | \ | \| \ \$$$$$$$$| $$$$$$$\ | $$ | $$$$$$\| $$$$$$\| $$$$$$$\| $$$$$$$$| $$$$$$$, xrefs: 00007FF684045DAE
C:\Windows\System32\WindowIME.exe, xrefs: 00007FF68404782A
,, xrefs: 00007FF6840464CA
=#$"wnO, xrefs: 00007FF6840467DC
bP, xrefs: 00007FF684046979
license, xrefs: 00007FF68404610B
VS, xrefs: 00007FF684047065
?_, xrefs: 00007FF68404647C
QK, xrefs: 00007FF68404786A
password, xrefs: 00007FF684046471, 00007FF684047011
S0, xrefs: 00007FF684046158
PV, xrefs: 00007FF68404655B
username, xrefs: 00007FF6840460A6, 00007FF68404640F, 00007FF68404705A
4S, xrefs: 00007FF684047087
$xcD, xrefs: 00007FF684046B9C
DJ, xrefs: 00007FF684046F97
296572, xrefs: 00007FF68404785F
.D, xrefs: 00007FF6840475AD
fN, xrefs: 00007FF684046B75
tdfree.json, xrefs: 00007FF684046001

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$SleepU?$char_traits@$D@std@@@std@@exit$AttributeConsoleText$__std_fs_code_page$Handlememcpyremove$??0?$basic_ios@??0?$basic_ostream@??0?$basic_streambuf@??5?$basic_istream@Concurrency::cancel_current_taskD@std@@@1@_Init@?$basic_streambuf@V01@V?$basic_streambuf@_beginthreadexmemset
String ID: [$ ________ _______ __ ______ ______ _______ ________ _______ | \| \ | \ / \ / \ | \ | \| \ \$$$$$$$$| $$$$$$$\ | $$ | $$$$$$\| $$$$$$\| $$$$$$$\| $$$$$$$$| $$$$$$$$$xcD$296572$=#$"wnO$C:\Windows\System32\WindowIME.exe$C:\Windows\System32\WindowIME.exe$license$password$start C:\Windows\System32\WindowIME.exe$tdfree.json$username$.D$4S$?_$DJ$HD$PV$QK$S0$VS$bP$fN$}"$,$J
API String ID: 1441623851-1490423919
Opcode ID: 4d6bdc2dc5362cbe3fb6ce311a14566474b3a9226f59912db94adf0c4ea2de8c
Instruction ID: 8b823fc38b016799cca180ba44e3bb431aafc7dc1650aa4bea77b6bd01d96da9
Opcode Fuzzy Hash: 4d6bdc2dc5362cbe3fb6ce311a14566474b3a9226f59912db94adf0c4ea2de8c
Instruction Fuzzy Hash: F203EB62D19B82C5F712DB35D8812A9A764FF627C4F40D33EE94D769A6EF2CA185C300

Function 00007FF684069C60 Relevance: 88.6, APIs: 41, Strings: 9, Instructions: 1078COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF68404C3C0: memcpy.VCRUNTIME140(?,?,?,?,00007FF68404119B), ref: 00007FF68404C3F8

Part of subcall function 00007FF684065800: memcpy.VCRUNTIME140 ref: 00007FF6840658C3
Part of subcall function 00007FF684065800: system.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68406593A
Part of subcall function 00007FF684065800: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF684065974
Part of subcall function 00007FF684065800: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF6840659CA

Part of subcall function 00007FF684059D40: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF684059E07

memcpy.VCRUNTIME140 ref: 00007FF68406A1F8
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68406A367
memset.VCRUNTIME140 ref: 00007FF68406A393
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ.MSVCP140 ref: 00007FF68406A3BB
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z.MSVCP140 ref: 00007FF68406A3DB
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ.MSVCP140 ref: 00007FF68406A41B

Part of subcall function 00007FF684073650: malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF684073768
Part of subcall function 00007FF684073650: memcpy.VCRUNTIME140 ref: 00007FF68407379A
Part of subcall function 00007FF684073650: free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6840737CC
Part of subcall function 00007FF684073650: malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6840737D7

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z.MSVCP140 ref: 00007FF68406A4E1
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAADD@Z.MSVCP140 ref: 00007FF68406A4F6
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z.MSVCP140 ref: 00007FF68406A506
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z.MSVCP140 ref: 00007FF68406A524
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68406A612
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68406A787
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68406A86F
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ.MSVCP140 ref: 00007FF68406A8FA
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ.MSVCP140 ref: 00007FF68406A907
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68406A946
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68406A94D
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68406A9A6
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68406AA04
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68406AA49

Part of subcall function 00007FF684060110: ?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ.MSVCP140 ref: 00007FF68406012D
Part of subcall function 00007FF684060110: ?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ.MSVCP140 ref: 00007FF68406013B
Part of subcall function 00007FF684060110: ?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ.MSVCP140 ref: 00007FF68406014F
Part of subcall function 00007FF684060110: ?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ.MSVCP140 ref: 00007FF68406015B
Part of subcall function 00007FF684060110: ?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z.MSVCP140 ref: 00007FF684060198
Part of subcall function 00007FF684060110: ?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z.MSVCP140 ref: 00007FF6840601A6

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68406AB2F
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68406AB36
GetCurrentProcess.KERNEL32 ref: 00007FF68406AC3C
OpenProcessToken.ADVAPI32 ref: 00007FF68406AC4E
GetTokenInformation.KERNELBASE ref: 00007FF68406AC73
malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF68406AC7C
GetTokenInformation.KERNELBASE ref: 00007FF68406ACA7
IsValidSid.ADVAPI32 ref: 00007FF68406ACB8
GetLengthSid.ADVAPI32 ref: 00007FF68406ACC9
malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF68406ACD4
InitializeAcl.ADVAPI32 ref: 00007FF68406ACED
AddAccessAllowedAce.ADVAPI32 ref: 00007FF68406AD08
GetCurrentProcess.KERNEL32 ref: 00007FF68406AD12
SetSecurityInfo.ADVAPI32 ref: 00007FF68406AD35
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF68406AD44
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF68406AD4D
CloseHandle.KERNELBASE ref: 00007FF68406AD5C
GetModuleHandleA.KERNEL32 ref: 00007FF68406ADE3
GetCurrentProcess.KERNEL32 ref: 00007FF68406ADEC
GetModuleInformation.PSAPI ref: 00007FF68406AE02
SleepEx.KERNELBASE ref: 00007FF68406AEB0

Strings

Pattern checksum failed, don't tamper with the program., xrefs: 00007FF68406AE8E
k, xrefs: 00007FF68406A661
LockMemAccess() failed, don't tamper with the program., xrefs: 00007FF68406AD78
tdfree.json, xrefs: 00007FF684069C6A
, xrefs: 00007FF68406A49F
Y, xrefs: 00007FF684069ED8
You need to run the KeyAuthApp.init(); function before any other KeyAuth functions, xrefs: 00007FF684069CCF
check_section_integrity() failed, don't tamper with the program., xrefs: 00007FF68406AC14
Signature checksum failed. Request was tampered with or session ended most likely. & echo: & echo Message: , xrefs: 00007FF68406A66A

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: U?$char_traits@$D@std@@@std@@_invalid_parameter_noinfo_noreturn$Processmallocmemcpy$CurrentInformationTokenfree$??6?$basic_ostream@?eback@?$basic_streambuf@HandleModuleV01@$??0?$basic_ios@??0?$basic_iostream@??0?$basic_streambuf@??1?$basic_ios@??1?$basic_iostream@?epptr@?$basic_streambuf@?fill@?$basic_ios@?pptr@?$basic_streambuf@?setg@?$basic_streambuf@?setp@?$basic_streambuf@?setw@std@@AccessAllowedCloseD00@D@std@@@1@@InfoInitializeJ@1@_LengthOpenSecuritySleepSmanip@_U?$_V21@@V?$basic_streambuf@ValidVios_base@1@memsetsystem
String ID: $LockMemAccess() failed, don't tamper with the program.$Pattern checksum failed, don't tamper with the program.$Signature checksum failed. Request was tampered with or session ended most likely. & echo: & echo Message: $You need to run the KeyAuthApp.init(); function before any other KeyAuth functions$Y$check_section_integrity() failed, don't tamper with the program.$k$tdfree.json
API String ID: 2558907110-2430986550
Opcode ID: f75ce75531f2d5d8765d753868528cb365777b28321de8710cba704020084b10
Instruction ID: 95d2feb29cd10e2ab7d44d94303df5c389d11379158ae334491d1f568c5740a3
Opcode Fuzzy Hash: f75ce75531f2d5d8765d753868528cb365777b28321de8710cba704020084b10
Instruction Fuzzy Hash: 9EB29E72A08B86C9EB10DF64D8843EE3761FF56788F40463ADA4E57A9ADF78D184C740

Function 00007FF684066B89 Relevance: 71.2, APIs: 33, Strings: 7, Instructions: 1194stringCOMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140 ref: 00007FF684066BD3
memcpy.VCRUNTIME140 ref: 00007FF684066C28
strtol.API-MS-WIN-CRT-CONVERT-L1-1-0 ref: 00007FF684066C53
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF684066CE2

Strings

Y, xrefs: 00007FF684066FD4
O{, xrefs: 00007FF684066FCC
k, xrefs: 00007FF684067698
-, xrefs: 00007FF684066EA3
|M, xrefs: 00007FF6840672AF
Signature checksum failed. Request was tampered with or session ended most likely. & echo: & echo Message: , xrefs: 00007FF6840676A1
Y, xrefs: 00007FF684066FE2

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: memcpy$_invalid_parameter_noinfo_noreturnstrtol
String ID: -$Signature checksum failed. Request was tampered with or session ended most likely. & echo: & echo Message: $Y$Y$k$O{$|M
API String ID: 2745139636-2599321255
Opcode ID: bf101efa4d96d7ca6df3b44cd4aee80c63358ae011bd4a00c614fdfae5477a3d
Instruction ID: 90382fdb934fa108ef6fc35538615aba954306f7ce11714e81d9a1ffe6475f1c
Opcode Fuzzy Hash: bf101efa4d96d7ca6df3b44cd4aee80c63358ae011bd4a00c614fdfae5477a3d
Instruction Fuzzy Hash: BEC29F62A187C6C9EB20DB74D8853EE2761FF85798F404639DA4D97A9ADF78D284C300

Function 00007FF6840882B0 Relevance: 45.7, APIs: 21, Strings: 5, Instructions: 191
libraryloadernetworkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WSAStartup.WS2_32 ref: 00007FF6840882D8
WSACleanup.WS2_32 ref: 00007FF6840882F3
GetModuleHandleA.KERNEL32 ref: 00007FF684088344
GetProcAddress.KERNEL32 ref: 00007FF684088370
strpbrk.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF68408838A
LoadLibraryA.KERNEL32 ref: 00007FF6840883AD
GetProcAddress.KERNEL32 ref: 00007FF6840883CA
LoadLibraryExA.KERNELBASE ref: 00007FF6840883E0
GetSystemDirectoryA.KERNEL32 ref: 00007FF6840883F6
malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF68408840E
GetSystemDirectoryA.KERNEL32 ref: 00007FF684088422
LoadLibraryA.KERNEL32 ref: 00007FF684088490
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF68408849C
GetProcAddress.KERNEL32 ref: 00007FF6840884C8
VerSetConditionMask.KERNEL32 ref: 00007FF684088551
VerSetConditionMask.KERNEL32 ref: 00007FF684088564
VerSetConditionMask.KERNEL32 ref: 00007FF684088573
VerSetConditionMask.KERNEL32 ref: 00007FF684088582
VerSetConditionMask.KERNEL32 ref: 00007FF684088592
VerifyVersionInfoA.KERNEL32 ref: 00007FF6840885A3
QueryPerformanceFrequency.KERNEL32 ref: 00007FF6840885BF

Strings

iphlpapi.dll, xrefs: 00007FF684088376
AddDllDirectory, xrefs: 00007FF6840883C0
kernel32, xrefs: 00007FF68408832B
if_nametoindex, xrefs: 00007FF6840884BE
LoadLibraryExA, xrefs: 00007FF68408835E

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: ConditionMask$AddressLibraryLoadProc$DirectorySystem$CleanupFrequencyHandleInfoModulePerformanceQueryStartupVerifyVersionfreemallocstrpbrk
String ID: AddDllDirectory$LoadLibraryExA$if_nametoindex$iphlpapi.dll$kernel32
API String ID: 2612373469-2794540096
Opcode ID: a2abb7c9c0f84450cc4eebcd7e5617dd69ff7cf3676c66eadbc4ed031804b4e4
Instruction ID: 894d2bb62a515d157f189eecc6349f4031cae80610ecf32e12f18e1b06ecae3a
Opcode Fuzzy Hash: a2abb7c9c0f84450cc4eebcd7e5617dd69ff7cf3676c66eadbc4ed031804b4e4
Instruction Fuzzy Hash: A5916D22E49B82C2EB64DB21A9943BB73A1FF88B80F44513DD94E86765EF3CE545C710

Function 00007FF684087690 Relevance: 38.9, APIs: 15, Strings: 7, Instructions: 357
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

memcpy.VCRUNTIME140 ref: 00007FF68408772C
socket.WS2_32 ref: 00007FF684087775
htons.WS2_32 ref: 00007FF684087801
setsockopt.WS2_32 ref: 00007FF684087863
WSAGetLastError.WS2_32 ref: 00007FF68408786D
getsockopt.WS2_32 ref: 00007FF68408790F
setsockopt.WS2_32 ref: 00007FF68408793E
setsockopt.WS2_32 ref: 00007FF68408797D
WSAIoctl.WS2_32 ref: 00007FF684087A0A
WSAGetLastError.WS2_32 ref: 00007FF684087A14

Part of subcall function 00007FF6840938D0: ioctlsocket.WS2_32 ref: 00007FF6840938E9

Part of subcall function 00007FF68408C3F0: QueryPerformanceCounter.KERNEL32(?,?,00000000,00007FF6840752CF), ref: 00007FF68408C407

connect.WS2_32 ref: 00007FF684087B3B
WSAGetLastError.WS2_32 ref: 00007FF684087B58

Part of subcall function 00007FF68406F4A0: GetLastError.KERNEL32 ref: 00007FF68406F4C2
Part of subcall function 00007FF68406F4A0: _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68406F4CA

Part of subcall function 00007FF6840854C0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF6840855E5
Part of subcall function 00007FF6840854C0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF684085600

Part of subcall function 00007FF684085FA0: closesocket.WS2_32 ref: 00007FF684085FE3

Strings

sa_addr inet_ntop() failed with errno %d: %s, xrefs: 00007FF684087BFE
Failed to set SO_KEEPALIVE on fd %d, xrefs: 00007FF68408798A
Failed to set SIO_KEEPALIVE_VALS on fd %d: %d, xrefs: 00007FF684087A1D
Could not set TCP_NODELAY: %s, xrefs: 00007FF68408788A
Trying %s:%ld..., xrefs: 00007FF68408780F
@, xrefs: 00007FF6840878A7
Immediate connect fail for %s: %s, xrefs: 00007FF684087B88

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: ErrorLast$setsockopt$fwrite$CounterIoctlPerformanceQuery_errnoclosesocketconnectgetsockopthtonsioctlsocketmemcpysocket
String ID: Trying %s:%ld...$ @$Could not set TCP_NODELAY: %s$Failed to set SIO_KEEPALIVE_VALS on fd %d: %d$Failed to set SO_KEEPALIVE on fd %d$Immediate connect fail for %s: %s$sa_addr inet_ntop() failed with errno %d: %s
API String ID: 3453287622-3868455274
Opcode ID: 7fbe668ccd14376b0f30da98c5fdf22b02a3ca90ae438779b0eb7243aaf3a137
Instruction ID: a57ce1a54410a85c67d7220dfe08ad59b08afe7a6899661da4c825591209afdf
Opcode Fuzzy Hash: 7fbe668ccd14376b0f30da98c5fdf22b02a3ca90ae438779b0eb7243aaf3a137
Instruction Fuzzy Hash: ACF19F72A18282C6E760DB2599846BF63A1FF84B58F40453DDA4DC7B9ADF3CE945CB00

Function 00007FF68406ECB0 Relevance: 28.1, APIs: 9, Strings: 7, Instructions: 134
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetLastError.KERNEL32 ref: 00007FF68406ECD8
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68406ECE0

Strings

%s (0x%08X), xrefs: 00007FF68406ED35
No error, xrefs: 00007FF68406F130
SEC_E_ILLEGAL_MESSAGE (0x%08X) - This error usually occurs when a fatal SSL/TLS alert is received (e.g. handshake failed). More detail may be available in the Windows System event log., xrefs: 00007FF68406F1E9
%s - %s, xrefs: 00007FF68406F239
SEC_I_CONTINUE_NEEDED, xrefs: 00007FF68406F13C
CRYPT_E_REVOKED, xrefs: 00007FF68406F112
Unknown error, xrefs: 00007FF68406F1D0

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: ErrorLast_errno
String ID: %s (0x%08X)$%s - %s$CRYPT_E_REVOKED$No error$SEC_E_ILLEGAL_MESSAGE (0x%08X) - This error usually occurs when a fatal SSL/TLS alert is received (e.g. handshake failed). More detail may be available in the Windows System event log.$SEC_I_CONTINUE_NEEDED$Unknown error
API String ID: 3939687465-1752685260
Opcode ID: 409e705d19cf3ed37423249426760e2677fe8dbf5abc856a0b22f0099a154147
Instruction ID: efe9b090174bd34ff628e1490565bbda42be1d46f20ca65e8c92483c67758e49
Opcode Fuzzy Hash: 409e705d19cf3ed37423249426760e2677fe8dbf5abc856a0b22f0099a154147
Instruction Fuzzy Hash: F3515D32A0C782C6F7218B64E4843BB76A4BF84B84F44443DDA4E86B99DF3CE585CB51

Function 00007FF684061B50 Relevance: 24.8, APIs: 12, Strings: 2, Instructions: 269
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleFileNameA.KERNEL32 ref: 00007FF684061BA0
memcpy.VCRUNTIME140 ref: 00007FF684061C35
memcpy.VCRUNTIME140 ref: 00007FF684061C90
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF684061D8E
_popen.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF684061DD6
fgets.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF684061E03
fgets.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF684061E42
_pclose.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF684061E50
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF684061E8B
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF684061EDD
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF684061F1E

Strings

>, xrefs: 00007FF684061DC3
certutil -hashfile ", xrefs: 00007FF684061C9F

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$fgetsmemcpy$FileModuleName_pclose_popen
String ID: >$certutil -hashfile "
API String ID: 367312288-631556956
Opcode ID: 0dbf5409d27c6dcffe2eafe7a7cda89ef92cdb9577a699b761cb508d62a58259
Instruction ID: 4e14e98c100a9796f7b0df80d41a638c46a2a6d4da7dd45d00fc2fa6105060c4
Opcode Fuzzy Hash: 0dbf5409d27c6dcffe2eafe7a7cda89ef92cdb9577a699b761cb508d62a58259
Instruction Fuzzy Hash: 0AC19122E18B82C5FB10CB64D8803AE6761FF957A4F505639EA9D96AE9DF7CD1C1C300

Function 00007FF6840936A0 Relevance: 24.1, APIs: 16, Instructions: 127
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

socket.WS2_32 ref: 00007FF6840936E1
htonl.WS2_32 ref: 00007FF68409370E
setsockopt.WS2_32 ref: 00007FF684093745
bind.WS2_32 ref: 00007FF684093760
getsockname.WS2_32 ref: 00007FF68409377C
listen.WS2_32 ref: 00007FF684093791
socket.WS2_32 ref: 00007FF6840937A8
connect.WS2_32 ref: 00007FF6840937C7
accept.WS2_32 ref: 00007FF6840937DE
send.WS2_32 ref: 00007FF68409382C
recv.WS2_32 ref: 00007FF68409384A
memcmp.VCRUNTIME140 ref: 00007FF684093865
closesocket.WS2_32 ref: 00007FF684093871

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: socket$acceptbindclosesocketconnectgetsocknamehtonllistenmemcmprecvsendsetsockopt
String ID:
API String ID: 3699910901-0
Opcode ID: 9068b7b5969a30259dfa5a671c75fab05a3ce7ceae1bafbacfeb7b1c289a5c62
Instruction ID: cd4da00aa78a88ab2aa24f77cff5f740007157c5c8ea64929fac5b6b74f5f9a7
Opcode Fuzzy Hash: 9068b7b5969a30259dfa5a671c75fab05a3ce7ceae1bafbacfeb7b1c289a5c62
Instruction Fuzzy Hash: C3514C31A18A42C2E7509B25E49416A77A1FF84BB4F504739EA7A87AE4DF3DD449CB00

Function 00007FF6840618A0 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 172
filememoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNEL32 ref: 00007FF6840618DA
GetCurrentProcess.KERNEL32 ref: 00007FF684061922
QueryFullProcessImageNameW.KERNELBASE ref: 00007FF684061937
CreateFileW.KERNELBASE ref: 00007FF684061965
CreateFileMappingW.KERNELBASE ref: 00007FF684061996
MapViewOfFile.KERNELBASE ref: 00007FF6840619B6
VirtualProtect.KERNEL32 ref: 00007FF684061AAB
VirtualProtect.KERNEL32 ref: 00007FF684061AD3
UnmapViewOfFile.KERNEL32 ref: 00007FF684061AEA
CloseHandle.KERNELBASE ref: 00007FF684061AF5
UnmapViewOfFile.KERNEL32 ref: 00007FF684061B04
CloseHandle.KERNEL32 ref: 00007FF684061B0D

Strings

@, xrefs: 00007FF684061A9A

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: File$HandleView$CloseCreateProcessProtectUnmapVirtual$CurrentFullImageMappingModuleNameQuery
String ID: @
API String ID: 1254450295-2766056989
Opcode ID: 2e316828ea7d98931a35c3d9e3bcc967a53c5dda6d29721783b1770a667eeeda
Instruction ID: 23ed04f36cc6d9aa88dd1f36783b41efbc7184b4ec6c20588fa5f4192924dcf1
Opcode Fuzzy Hash: 2e316828ea7d98931a35c3d9e3bcc967a53c5dda6d29721783b1770a667eeeda
Instruction Fuzzy Hash: DF71CF32A08742C6EB648B61E59067B77A1FF84B99F048139DB4A87B94EF3CE485C700

Function 00007FF684086350 Relevance: 21.3, APIs: 7, Strings: 5, Instructions: 337
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Connection time-out, xrefs: 00007FF684086439
connect to %s port %ld failed: %s, xrefs: 00007FF6840865CD
Connection failed, xrefs: 00007FF684086736
Failed to connect to %s port %ld: %s, xrefs: 00007FF68408687E
After %I64dms connect time, move on!, xrefs: 00007FF684086515

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: After %I64dms connect time, move on!$Connection failed$Connection time-out$Failed to connect to %s port %ld: %s$connect to %s port %ld failed: %s
API String ID: 0-3307081561
Opcode ID: 356228e0ad211aa04f201cdd57561f98ec870220b461ab274836ff6a918cd8f8
Instruction ID: 547b8ad7f17148503ed130454bfa2e3db23833e364eae3fef3f2295dab28f33b
Opcode Fuzzy Hash: 356228e0ad211aa04f201cdd57561f98ec870220b461ab274836ff6a918cd8f8
Instruction Fuzzy Hash: 7BE1DE22E48682C2EB648B259A847BE67A1FF847A4F050639DE6E877D5CF3CE455C700

Function 00007FF68407AD30 Relevance: 28.7, APIs: 19, Instructions: 165
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

calloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF68407AD62
malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF68407ADFD
InitializeCriticalSectionEx.KERNEL32 ref: 00007FF68407AE16

Part of subcall function 00007FF6840936A0: socket.WS2_32 ref: 00007FF6840936E1

DeleteCriticalSection.KERNEL32 ref: 00007FF68407AE50
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF68407AE5A
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF68407AE64
closesocket.WS2_32 ref: 00007FF68407AE82
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF68407AEB8
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68407AEBE
_strdup.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF68407AEED
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF68407AF07
_strdup.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF68407AF10
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68407AF45
EnterCriticalSection.KERNEL32 ref: 00007FF68407AF66
LeaveCriticalSection.KERNEL32 ref: 00007FF68407AF7A
CloseHandle.KERNEL32 ref: 00007FF68407AF87
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF68407AFB2
closesocket.WS2_32 ref: 00007FF68407AFCB
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF68407AFDF

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: free$CriticalSection$_errno_strdupclosesocket$CloseDeleteEnterHandleInitializeLeavecallocmallocsocket
String ID:
API String ID: 259767416-0
Opcode ID: 08bfdc0a616b5449b675fc3b6a71c19aeadc8a73c7ef888a8d41055f95840ca7
Instruction ID: ded8f7c36c7c7c55095bc18dc7958c970c33e3d95aa602f9aace6a1635bc6cba
Opcode Fuzzy Hash: 08bfdc0a616b5449b675fc3b6a71c19aeadc8a73c7ef888a8d41055f95840ca7
Instruction Fuzzy Hash: 38813C26E09B81C6E624DF21E49426A7370FF98B64F055239DB9E437A2DF79E4E4C700

Function 00007FF6840823A0 Relevance: 28.6, APIs: 6, Strings: 10, Instructions: 557COMMON

Download Yara Rule

Strings

NTLM picked AND auth done set, clear picked!, xrefs: 00007FF684082BF2
Re-using existing connection! (#%ld) with %s %s, xrefs: 00007FF684082A83
host, xrefs: 00007FF684082A70
No more connections allowed to host %s: %zu, xrefs: 00007FF684082B32
No connections available in cache, xrefs: 00007FF684082D9B
NTLM-proxy picked AND auth done set, clear picked!, xrefs: 00007FF684082C20
No connections available., xrefs: 00007FF684082B41
ftp@example.com, xrefs: 00007FF68408255F
anonymous, xrefs: 00007FF684082558
proxy, xrefs: 00007FF684082A62

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: NTLM picked AND auth done set, clear picked!$NTLM-proxy picked AND auth done set, clear picked!$No connections available in cache$No connections available.$No more connections allowed to host %s: %zu$Re-using existing connection! (#%ld) with %s %s$anonymous$ftp@example.com$host$proxy
API String ID: 0-760484938
Opcode ID: 3a728d22a84f41c31796f38ed04f280e8c2a7637d9a2b1b684973ba32ae2d105
Instruction ID: 0d3effe11dff501b5c727c6e366b4ba97fcfab5053decc3c6027af2e94b780da
Opcode Fuzzy Hash: 3a728d22a84f41c31796f38ed04f280e8c2a7637d9a2b1b684973ba32ae2d105
Instruction Fuzzy Hash: EF42AE22A49BC2D6EB599B259A903BA77A0FF45B85F08013DCE5D8B795DF3CE460C310

Function 00007FF684081330 Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 153
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

calloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF684070081,?,?,?,?,00007FF68406C077), ref: 00007FF684081348
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF684081391

Strings

<, xrefs: 00007FF6840815D8
v, xrefs: 00007FF68408163F
<, xrefs: 00007FF6840815CE
<, xrefs: 00007FF6840814A7
`, xrefs: 00007FF68408162A

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: callocfree
String ID: <$<$<$`$v
API String ID: 306872129-2056843887
Opcode ID: dc751d8e739463a4cac2bcd6922f5c44484b2fd448b9f01696e4a08d662ed99d
Instruction ID: 845215c09ee025341a9eabe82f4cd1534bd81f1993469fd686c1990687249cbd
Opcode Fuzzy Hash: dc751d8e739463a4cac2bcd6922f5c44484b2fd448b9f01696e4a08d662ed99d
Instruction Fuzzy Hash: 2E913932908BC1C6E340CF34D5443E937A4FB99B5CF085239CE995A79ADFBAA195C720

Function 00007FF684087F90 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 128
librarystringloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleA.KERNEL32(00000000,?,?,00007FF6840B0DEA,?,?,?,?,00007FF68408831B), ref: 00007FF684087FA4
GetProcAddress.KERNEL32(?,?,?,?,00007FF68408831B), ref: 00007FF684087FC9
strpbrk.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,00007FF68408831B), ref: 00007FF684087FDC

Strings

AddDllDirectory, xrefs: 00007FF684088023
kernel32, xrefs: 00007FF684087F9D
LoadLibraryExA, xrefs: 00007FF684087FBA

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: AddressHandleModuleProcstrpbrk
String ID: AddDllDirectory$LoadLibraryExA$kernel32
API String ID: 27745253-3327535076
Opcode ID: da57410d831077ab84e80e8930caad6ccb82770ef333fc78be7bb1eb9f493c4e
Instruction ID: 98cb774520ddb8557ba8f22fea7b21b73a0c779ffb42ac8bf8645cde29caf0e7
Opcode Fuzzy Hash: da57410d831077ab84e80e8930caad6ccb82770ef333fc78be7bb1eb9f493c4e
Instruction Fuzzy Hash: C041A216F49A42C6EB558F16AD9013A67A1FF85FE1F088138CE0D87794DE3DE486D720

Function 00007FF684086CD0 Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 161
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

getpeername.WS2_32 ref: 00007FF684086D3C
WSAGetLastError.WS2_32 ref: 00007FF684086D46

Part of subcall function 00007FF68406F4A0: GetLastError.KERNEL32 ref: 00007FF68406F4C2
Part of subcall function 00007FF68406F4A0: _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68406F4CA

getsockname.WS2_32 ref: 00007FF684086DC6
WSAGetLastError.WS2_32 ref: 00007FF684086DD0

Strings

getpeername() failed with errno %d: %s, xrefs: 00007FF684086D66
ssloc inet_ntop() failed with errno %d: %s, xrefs: 00007FF684086EEC
getsockname() failed with errno %d: %s, xrefs: 00007FF684086DF0
ssrem inet_ntop() failed with errno %d: %s, xrefs: 00007FF684086E56

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: ErrorLast$_errnogetpeernamegetsockname
String ID: getpeername() failed with errno %d: %s$getsockname() failed with errno %d: %s$ssloc inet_ntop() failed with errno %d: %s$ssrem inet_ntop() failed with errno %d: %s
API String ID: 2911674258-670633250
Opcode ID: 184ae445e22feafc04c64addd34149bd93a7c88f3ea86fb6aeec688e36e2be0c
Instruction ID: d594ac431e86b2db28db1eb7246682bc4953d257d3c8dfcb3e917ba7c7a2340d
Opcode Fuzzy Hash: 184ae445e22feafc04c64addd34149bd93a7c88f3ea86fb6aeec688e36e2be0c
Instruction Fuzzy Hash: 1F917E32E19BC5C6E710CF25D5902EA73A0FB99B88F44523ADE4C8765ADF39E185CB10

Function 00007FF684097310 Relevance: 19.6, APIs: 13, Instructions: 128
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

getaddrinfo.WS2_32 ref: 00007FF684097332
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF68407AC75), ref: 00007FF68409739E
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF68407AC75), ref: 00007FF6840973D8
memcpy.VCRUNTIME140(?,?,?,00007FF68407AC75), ref: 00007FF6840973F1
_strdup.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF68407AC75), ref: 00007FF6840973FF
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF68407AC75), ref: 00007FF68409743A
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF68407AC75), ref: 00007FF684097443
freeaddrinfo.WS2_32(?,?,?,00007FF68407AC75), ref: 00007FF684097471
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF68407AC75), ref: 00007FF684097485
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF68407AC75), ref: 00007FF68409748F
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF68407AC75), ref: 00007FF68409749C
WSASetLastError.WS2_32(?,?,?,00007FF68407AC75), ref: 00007FF6840974BD

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: free$malloc$ErrorLast_strdupfreeaddrinfogetaddrinfomemcpy
String ID:
API String ID: 2364279375-0
Opcode ID: 4c0d338e737eabbfbdf1e00b85082de4d90f558375e7ccd08fe8b57eaa60ce03
Instruction ID: 70c3fc268b4ad8c8f42096a90c22da3fb2f990e7117cf1e7fa4265cd92b72879
Opcode Fuzzy Hash: 4c0d338e737eabbfbdf1e00b85082de4d90f558375e7ccd08fe8b57eaa60ce03
Instruction Fuzzy Hash: F3515E36A09B52C2EB69DF51A58453A7BA0FF48B90F044039DE8E87B52DF3DE455C700

Function 00007FF684084010 Relevance: 17.8, APIs: 7, Strings: 3, Instructions: 280
stringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FF684084FF0: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FF684080AF3,?,?,00000000,00007FF684081075), ref: 00007FF684085004
Part of subcall function 00007FF684084FF0: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FF684080AF3,?,?,00000000,00007FF684081075), ref: 00007FF68408501A
Part of subcall function 00007FF684084FF0: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FF684080AF3,?,?,00000000,00007FF684081075), ref: 00007FF68408502E
Part of subcall function 00007FF684084FF0: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FF684080AF3,?,?,00000000,00007FF684081075), ref: 00007FF684085042
Part of subcall function 00007FF684084FF0: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FF684080AF3,?,?,00000000,00007FF684081075), ref: 00007FF684085056
Part of subcall function 00007FF684084FF0: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FF684080AF3,?,?,00000000,00007FF684081075), ref: 00007FF68408506A
Part of subcall function 00007FF684084FF0: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FF684080AF3,?,?,00000000,00007FF684081075), ref: 00007FF68408507E
Part of subcall function 00007FF684084FF0: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FF684080AF3,?,?,00000000,00007FF684081075), ref: 00007FF684085092

free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF684084092

Part of subcall function 00007FF6840ACFB0: calloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF684084035,?,?,?,?,?,00007FF68408243C), ref: 00007FF6840ACFC5
Part of subcall function 00007FF6840ACFB0: _strdup.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF684084035,?,?,?,?,?,00007FF68408243C), ref: 00007FF6840ACFDF
Part of subcall function 00007FF6840ACFB0: _strdup.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF684084035,?,?,?,?,?,00007FF68408243C), ref: 00007FF6840ACFFA
Part of subcall function 00007FF6840ACFB0: _strdup.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF684084035,?,?,?,?,?,00007FF68408243C), ref: 00007FF6840AD016
Part of subcall function 00007FF6840ACFB0: _strdup.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF684084035,?,?,?,?,?,00007FF68408243C), ref: 00007FF6840AD032
Part of subcall function 00007FF6840ACFB0: _strdup.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF684084035,?,?,?,?,?,00007FF68408243C), ref: 00007FF6840AD04A
Part of subcall function 00007FF6840ACFB0: _strdup.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF684084035,?,?,?,?,?,00007FF68408243C), ref: 00007FF6840AD062
Part of subcall function 00007FF6840ACFB0: _strdup.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF684084035,?,?,?,?,?,00007FF68408243C), ref: 00007FF6840AD07A
Part of subcall function 00007FF6840ACFB0: _strdup.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF684084035,?,?,?,?,?,00007FF68408243C), ref: 00007FF6840AD092
Part of subcall function 00007FF6840ACFB0: _strdup.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF684084035,?,?,?,?,?,00007FF68408243C), ref: 00007FF6840AD0AA
Part of subcall function 00007FF6840ACFB0: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF684084035,?,?,?,?,?,00007FF68408243C), ref: 00007FF6840AD0C4

_strdup.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF684084296
_strdup.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF6840842D9
strtoul.API-MS-WIN-CRT-CONVERT-L1-1-0 ref: 00007FF68408441E
_strdup.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF68408449B

Strings

%s://%s, xrefs: 00007FF68408409F
Protocol "%s" not supported or disabled in libcurl, xrefs: 00007FF6840841DF
file, xrefs: 00007FF684084383, 00007FF6840843FC

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: _strdup$free$callocstrtoul
String ID: %s://%s$Protocol "%s" not supported or disabled in libcurl$file
API String ID: 954404409-4150109901
Opcode ID: 100f3c4fd2e1d3918be066d528445cf2158213401efdaa9a14cd4f096b4fd8e5
Instruction ID: 074447c2d446b20dd4fb54495a1478aa260c36906da289e37e982c80b364f0fa
Opcode Fuzzy Hash: 100f3c4fd2e1d3918be066d528445cf2158213401efdaa9a14cd4f096b4fd8e5
Instruction Fuzzy Hash: 83C16C32A48A82D6EB688B25DE903BA6791FF94784F444139CB1DCB785EF3CE565C300

Function 00007FF684045A10 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 179
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

________ _______ __ ______ ______ _______ ________ _______ | \| \ | \ / \ / \ | \ | \| \ \$$$$$$$$| $$$$$$$\ | $$ | $$$$$$\| $$$$$$\| $$$$$$$\| $$$$$$$$| $$$$$$$, xrefs: 00007FF684045DAE

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: ________ _______ __ ______ ______ _______ ________ _______ | \| \ | \ / \ / \ | \ | \| \ \$$$$$$$$| $$$$$$$\ | $$ | $$$$$$\| $$$$$$\| $$$$$$$\| $$$$$$$$| $$$$$$$
API String ID: 0-363974284
Opcode ID: c6af9f65efbcbdd9046d5c8ecb3d4f9eedcf72c854c275ead3d2032e9c6cdf00
Instruction ID: 6a5daab61a6f923953e1c6580a4d5bb2362c1f493820757274c8306ec18fe8e4
Opcode Fuzzy Hash: c6af9f65efbcbdd9046d5c8ecb3d4f9eedcf72c854c275ead3d2032e9c6cdf00
Instruction Fuzzy Hash: BF918F72D08B82C6E714DF24E8C43AA73A1FF55B88F04523EDA8D86A65DF7CA594C350

Function 00007FF684094C20 Relevance: 16.7, APIs: 11, Instructions: 241sleepnetworkCOMMON

Download Yara Rule

APIs

WSASetLastError.WS2_32 ref: 00007FF684094C7D
Sleep.KERNEL32 ref: 00007FF684094C8E
WSASetLastError.WS2_32 ref: 00007FF684094DF8
Sleep.KERNEL32 ref: 00007FF684094E09
__WSAFDIsSet.WS2_32 ref: 00007FF684094EBC
__WSAFDIsSet.WS2_32 ref: 00007FF684094ED3
__WSAFDIsSet.WS2_32 ref: 00007FF684094EEE
__WSAFDIsSet.WS2_32 ref: 00007FF684094F02
__WSAFDIsSet.WS2_32 ref: 00007FF684094F1D
__WSAFDIsSet.WS2_32 ref: 00007FF684094F31

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: ErrorLastSleep
String ID:
API String ID: 1458359878-0
Opcode ID: 5707ff227d0ba686ce5bf451b6ff2de7c6055376ea5a1a6d48b776198613a107
Instruction ID: 2fc47f2ec1e7a983848a52a5956531d0ee815bf18b9bbc7292f6825d3bcdc3fc
Opcode Fuzzy Hash: 5707ff227d0ba686ce5bf451b6ff2de7c6055376ea5a1a6d48b776198613a107
Instruction Fuzzy Hash: 1B91D761B2C683CAEB754F29A9C02BB6695BF44754F54423CE91ACFBC4DE3EE941C600

Function 00007FF68406C109 Relevance: 16.0, APIs: 4, Strings: 5, Instructions: 227COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68406C366

Strings

"f, xrefs: 00007FF68406C1C9
3f, xrefs: 00007FF68406C1B8
lf, xrefs: 00007FF68406C17F
Xf, xrefs: 00007FF68406C193
Gf, xrefs: 00007FF68406C1A4

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID: "f$3f$Gf$Xf$lf
API String ID: 3668304517-1330087887
Opcode ID: e772a807277df711840948acb67e7543dcc21d5ca79b66999cf59648655c46b1
Instruction ID: 8ea37e42e04bbbb16054bc24b348178c8fa8420d974a67ea4aca332bf6b0994b
Opcode Fuzzy Hash: e772a807277df711840948acb67e7543dcc21d5ca79b66999cf59648655c46b1
Instruction Fuzzy Hash: ABA1CF62A08782C5EB00DB69E8843AE6761FF457A4F50423ADB6E56BDADF3CD0C5C341

Function 00007FF68406EDEE Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 70stringwindowCOMMON

Download Yara Rule

APIs

FormatMessageA.KERNELBASE ref: 00007FF68406ED89
strchr.VCRUNTIME140 ref: 00007FF68406EDB0
strncpy.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF68406F24F
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68406F25A
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68406F265
GetLastError.KERNEL32 ref: 00007FF68406F26E
SetLastError.KERNEL32 ref: 00007FF68406F27A

Strings

%s (0x%08X), xrefs: 00007FF68406ED35
%s - %s, xrefs: 00007FF68406F239
SEC_E_BAD_PKGID, xrefs: 00007FF68406EDEE

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: ErrorLast_errno$FormatMessagestrchrstrncpy
String ID: %s (0x%08X)$%s - %s$SEC_E_BAD_PKGID
API String ID: 600764987-1052566392
Opcode ID: 3370f0d4d2aa7507bbf2db9ebb513db5b64c8997b1dc538bf6bdab698d7d976f
Instruction ID: e69d337846f1e9023958615416a1243e26f78fc04ef93ccf4f37f636942f328a
Opcode Fuzzy Hash: 3370f0d4d2aa7507bbf2db9ebb513db5b64c8997b1dc538bf6bdab698d7d976f
Instruction Fuzzy Hash: E8313E76A0D7C2CAE6619B60E4943AB77A4FF84740F44053EDA8E82B99DF3CD544CB10

Function 00007FF68406EDE2 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 70stringwindowCOMMON

Download Yara Rule

APIs

FormatMessageA.KERNELBASE ref: 00007FF68406ED89
strchr.VCRUNTIME140 ref: 00007FF68406EDB0
strncpy.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF68406F24F
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68406F25A
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68406F265
GetLastError.KERNEL32 ref: 00007FF68406F26E
SetLastError.KERNEL32 ref: 00007FF68406F27A

Strings

%s (0x%08X), xrefs: 00007FF68406ED35
%s - %s, xrefs: 00007FF68406F239
SEC_E_BAD_BINDINGS, xrefs: 00007FF68406EDE2

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: ErrorLast_errno$FormatMessagestrchrstrncpy
String ID: %s (0x%08X)$%s - %s$SEC_E_BAD_BINDINGS
API String ID: 600764987-2710416593
Opcode ID: fdf2a7e96fe9982a924517a32f04445637de385a56ddbb0b086fc07af5bae323
Instruction ID: 186e95c9286bc7036e78b38c2b812b77bf7e58177ca1eee085f0a103ceb3056d
Opcode Fuzzy Hash: fdf2a7e96fe9982a924517a32f04445637de385a56ddbb0b086fc07af5bae323
Instruction Fuzzy Hash: BA313E36A0D7C2CAE6218B60E4943AB77A4FF84740F44053EDA8E82B99DF3CD584CB10

Function 00007FF68406EE06 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 70stringwindowCOMMON

Download Yara Rule

APIs

FormatMessageA.KERNELBASE ref: 00007FF68406ED89
strchr.VCRUNTIME140 ref: 00007FF68406EDB0
strncpy.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF68406F24F
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68406F25A
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68406F265
GetLastError.KERNEL32 ref: 00007FF68406F26E
SetLastError.KERNEL32 ref: 00007FF68406F27A

Strings

%s (0x%08X), xrefs: 00007FF68406ED35
%s - %s, xrefs: 00007FF68406F239
SEC_E_CANNOT_INSTALL, xrefs: 00007FF68406EE06

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: ErrorLast_errno$FormatMessagestrchrstrncpy
String ID: %s (0x%08X)$%s - %s$SEC_E_CANNOT_INSTALL
API String ID: 600764987-2628789574
Opcode ID: adaaf1e2e917a60331103416d7b1b1a0f5f0c00817c7466b612fe27ebdf9ca72
Instruction ID: c8934769515501027e0e226b241f78261ced5f5e3fc5a1509ae5ab899816cebc
Opcode Fuzzy Hash: adaaf1e2e917a60331103416d7b1b1a0f5f0c00817c7466b612fe27ebdf9ca72
Instruction Fuzzy Hash: 86313E36A0D7C2CAE6218B60E4943AB77A4FF84740F44053EDA8E82B99DF3CD584CB10

Function 00007FF68406EE12 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 70stringwindowCOMMON

Download Yara Rule

APIs

FormatMessageA.KERNELBASE ref: 00007FF68406ED89
strchr.VCRUNTIME140 ref: 00007FF68406EDB0
strncpy.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF68406F24F
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68406F25A
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68406F265
GetLastError.KERNEL32 ref: 00007FF68406F26E
SetLastError.KERNEL32 ref: 00007FF68406F27A

Strings

%s (0x%08X), xrefs: 00007FF68406ED35
%s - %s, xrefs: 00007FF68406F239
SEC_E_CANNOT_PACK, xrefs: 00007FF68406EE12

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: ErrorLast_errno$FormatMessagestrchrstrncpy
String ID: %s (0x%08X)$%s - %s$SEC_E_CANNOT_PACK
API String ID: 600764987-1502336670
Opcode ID: bcc970f06c1e5854a26d56e62276d014750dd97ff621c98faa850ec1adab4922
Instruction ID: 2a59777ee5e987fd7c73190a6b4745dd2294b214fa9c21b77e00cd7502503b42
Opcode Fuzzy Hash: bcc970f06c1e5854a26d56e62276d014750dd97ff621c98faa850ec1adab4922
Instruction Fuzzy Hash: 3B313E36A0D7C2CAE6619B60E4943AB77A4FF84740F44053EDA8E82B99DF3CD544CB10

Function 00007FF68406EDFA Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 70stringwindowCOMMON

Download Yara Rule

APIs

FormatMessageA.KERNELBASE ref: 00007FF68406ED89
strchr.VCRUNTIME140 ref: 00007FF68406EDB0
strncpy.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF68406F24F
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68406F25A
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68406F265
GetLastError.KERNEL32 ref: 00007FF68406F26E
SetLastError.KERNEL32 ref: 00007FF68406F27A

Strings

%s (0x%08X), xrefs: 00007FF68406ED35
%s - %s, xrefs: 00007FF68406F239
SEC_E_BUFFER_TOO_SMALL, xrefs: 00007FF68406EDFA

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: ErrorLast_errno$FormatMessagestrchrstrncpy
String ID: %s (0x%08X)$%s - %s$SEC_E_BUFFER_TOO_SMALL
API String ID: 600764987-1965992168
Opcode ID: aad53823e7f30aadb28a5ae8172fa135b3776d7c34a0be0e63836c14a854af14
Instruction ID: 82d2d7bf300a4eabd5d4cccaa66c83811e55fe25cd1dd64e8fb64fd7899c64aa
Opcode Fuzzy Hash: aad53823e7f30aadb28a5ae8172fa135b3776d7c34a0be0e63836c14a854af14
Instruction Fuzzy Hash: FA313E36A0D7C2CAE6619B60E4943AB77A4FF84740F44053EDA8E82B99DF3CD544CB10

Function 00007FF68406EE2A Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 70stringwindowCOMMON

Download Yara Rule

APIs

FormatMessageA.KERNELBASE ref: 00007FF68406ED89
strchr.VCRUNTIME140 ref: 00007FF68406EDB0
strncpy.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF68406F24F
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68406F25A
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68406F265
GetLastError.KERNEL32 ref: 00007FF68406F26E
SetLastError.KERNEL32 ref: 00007FF68406F27A

Strings

%s (0x%08X), xrefs: 00007FF68406ED35
SEC_E_CERT_UNKNOWN, xrefs: 00007FF68406EE2A
%s - %s, xrefs: 00007FF68406F239

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: ErrorLast_errno$FormatMessagestrchrstrncpy
String ID: %s (0x%08X)$%s - %s$SEC_E_CERT_UNKNOWN
API String ID: 600764987-1381340633
Opcode ID: ea841899545fd399affa9744b456ea3ea6401d1ea7e0514409a0120b405773f9
Instruction ID: 8d6234f4a0d3c266d9da77d1d1e2eb1b97495783f0978399503fdc16ce8eab95
Opcode Fuzzy Hash: ea841899545fd399affa9744b456ea3ea6401d1ea7e0514409a0120b405773f9
Instruction Fuzzy Hash: 2F313E36A0D7C2CAE6619B60E4943AB77A4FF84744F44053EDA8E82B99DF3CD544CB10

Function 00007FF68406EE1E Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 70stringwindowCOMMON

Download Yara Rule

APIs

FormatMessageA.KERNELBASE ref: 00007FF68406ED89
strchr.VCRUNTIME140 ref: 00007FF68406EDB0
strncpy.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF68406F24F
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68406F25A
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68406F265
GetLastError.KERNEL32 ref: 00007FF68406F26E
SetLastError.KERNEL32 ref: 00007FF68406F27A

Strings

%s (0x%08X), xrefs: 00007FF68406ED35
SEC_E_CERT_EXPIRED, xrefs: 00007FF68406EE1E
%s - %s, xrefs: 00007FF68406F239

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: ErrorLast_errno$FormatMessagestrchrstrncpy
String ID: %s (0x%08X)$%s - %s$SEC_E_CERT_EXPIRED
API String ID: 600764987-3862749013
Opcode ID: b56d452be06ee6577a23897c46b1b289600fa5d97eae2bb0e1e331187146d3fb
Instruction ID: 03ec289bb54611fdb5c102a1594673221858c0cdad97876527986e1787af72a9
Opcode Fuzzy Hash: b56d452be06ee6577a23897c46b1b289600fa5d97eae2bb0e1e331187146d3fb
Instruction Fuzzy Hash: D5312D36A0D7C2CAE6618B60E4943AB77A4FF84740F44053EDA8E82B99DF3CD584CB10

Function 00007FF68406ED2E Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 69stringwindowCOMMON

Download Yara Rule

APIs

FormatMessageA.KERNELBASE ref: 00007FF68406ED89
strchr.VCRUNTIME140 ref: 00007FF68406EDB0
strncpy.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF68406F24F
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68406F25A
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68406F265
GetLastError.KERNEL32 ref: 00007FF68406F26E
SetLastError.KERNEL32 ref: 00007FF68406F27A

Strings

%s (0x%08X), xrefs: 00007FF68406ED35
%s - %s, xrefs: 00007FF68406F239
SEC_E_ALGORITHM_MISMATCH, xrefs: 00007FF68406ED2E

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: ErrorLast_errno$FormatMessagestrchrstrncpy
String ID: %s (0x%08X)$%s - %s$SEC_E_ALGORITHM_MISMATCH
API String ID: 600764987-618797061
Opcode ID: dad13251e7271c0b690dfec7e36e94e1a569d7a8e4281699bef87c039d49dcf9
Instruction ID: 84c553ed1286d268a1a37dee8e4dfedd5bfdb153a8e3087688c5aa6f7d62c175
Opcode Fuzzy Hash: dad13251e7271c0b690dfec7e36e94e1a569d7a8e4281699bef87c039d49dcf9
Instruction Fuzzy Hash: 54311E36A0D7C2CAEA619B60E4953AB77A4FF84744F44053EDA8E82B99DF3CD544CB10

Function 00007FF684084970 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 153COMMON

Download Yara Rule

APIs

calloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6840849BF

Strings

Couldn't resolve proxy '%s', xrefs: 00007FF684084B9C
Unix socket path too long: '%s', xrefs: 00007FF684084A16
Couldn't resolve host '%s', xrefs: 00007FF684084AF1

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: calloc
String ID: Couldn't resolve host '%s'$Couldn't resolve proxy '%s'$Unix socket path too long: '%s'
API String ID: 2635317215-3812100122
Opcode ID: 57bbac0c6cdc04f49a14c89a6e5ed5c9ffe6c9106794b897048839a28dc347b0
Instruction ID: 37e4af8e161256294c1f8013ea252180d5a954d3828b34ffb3909db7f0b8bed9
Opcode Fuzzy Hash: 57bbac0c6cdc04f49a14c89a6e5ed5c9ffe6c9106794b897048839a28dc347b0
Instruction Fuzzy Hash: 29519122B4CB82C2F6598B259AD077A6790FF84790F14013ADB4D8B7A5EF3DE4A5D700

Function 00007FF684065800 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 149processCOMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140 ref: 00007FF6840658C3
system.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68406593A
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF684065974
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF6840659CA

Part of subcall function 00007FF68404CE90: memcpy.VCRUNTIME140(?,?,?,?,?,?,00007FF68404ACF8), ref: 00007FF68404CF84
Part of subcall function 00007FF68404CE90: memcpy.VCRUNTIME140(?,?,?,?,?,?,00007FF68404ACF8), ref: 00007FF68404CF92

Strings

&& timeout /t 5", xrefs: 00007FF6840658B9, 00007FF6840658DC
start cmd /C "color b && title Error && echo , xrefs: 00007FF684065865
-, xrefs: 00007FF68406585C

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: memcpy$_invalid_parameter_noinfo_noreturn$system
String ID: && timeout /t 5"$-$start cmd /C "color b && title Error && echo
API String ID: 4251911053-1881710036
Opcode ID: 0c1dc7aeaa2a15005bb3a36e6ba6defe4403b8f68c6e361f7196a29bccfd88b2
Instruction ID: 394925154bd006241203efd20df545e36289965cc20d64a9fd7d5a0b3dbd2b40
Opcode Fuzzy Hash: 0c1dc7aeaa2a15005bb3a36e6ba6defe4403b8f68c6e361f7196a29bccfd88b2
Instruction Fuzzy Hash: 80519072A18B85C1EB10CB29E49436EA361FF85794F504239E79D82AE6DF7CE0C4C740

Function 00007FF68407AC20 Relevance: 12.1, APIs: 8, Instructions: 67networkCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF684097310: getaddrinfo.WS2_32 ref: 00007FF684097332
Part of subcall function 00007FF684097310: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF68407AC75), ref: 00007FF68409739E
Part of subcall function 00007FF684097310: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF68407AC75), ref: 00007FF6840973D8
Part of subcall function 00007FF684097310: memcpy.VCRUNTIME140(?,?,?,00007FF68407AC75), ref: 00007FF6840973F1
Part of subcall function 00007FF684097310: _strdup.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF68407AC75), ref: 00007FF6840973FF
Part of subcall function 00007FF684097310: freeaddrinfo.WS2_32(?,?,?,00007FF68407AC75), ref: 00007FF684097471
Part of subcall function 00007FF684097310: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF68407AC75), ref: 00007FF684097485
Part of subcall function 00007FF684097310: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF68407AC75), ref: 00007FF68409748F
Part of subcall function 00007FF684097310: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF68407AC75), ref: 00007FF68409749C

WSAGetLastError.WS2_32 ref: 00007FF68407AC7B
WSAGetLastError.WS2_32 ref: 00007FF68407AC85
EnterCriticalSection.KERNEL32 ref: 00007FF68407ACA0
LeaveCriticalSection.KERNEL32 ref: 00007FF68407ACAF
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF68407ACC0
send.WS2_32 ref: 00007FF68407ACE3
WSAGetLastError.WS2_32 ref: 00007FF68407ACED
LeaveCriticalSection.KERNEL32 ref: 00007FF68407AD00

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: free$CriticalErrorLastSection$Leavemalloc$Enter_strdupfreeaddrinfogetaddrinfomemcpysend
String ID:
API String ID: 506363382-0
Opcode ID: fac5d855f5964205bcd62018e38e7505b9699b67dd3652cc28a4f65745554e67
Instruction ID: 6116c330f398a18bcbe96b751092e10e2fb138429f1d41b3b020cd9506fd745d
Opcode Fuzzy Hash: fac5d855f5964205bcd62018e38e7505b9699b67dd3652cc28a4f65745554e67
Instruction Fuzzy Hash: 46317232A0C642C6E7509F25E49026B37A0FF84BA8F444139DA4EC36A4DF7DE489CB51

Function 00007FF684094880 Relevance: 10.7, APIs: 7, Instructions: 242sleepnetworkCOMMON

Download Yara Rule

APIs

WSASetLastError.WS2_32 ref: 00007FF6840948E6
WSASetLastError.WS2_32 ref: 00007FF684094AA6
Sleep.KERNEL32 ref: 00007FF684094AB6
__WSAFDIsSet.WS2_32 ref: 00007FF684094BCA
__WSAFDIsSet.WS2_32 ref: 00007FF684094BE2
Sleep.KERNEL32 ref: 00007FF684094C0D

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: ErrorLastSleep
String ID:
API String ID: 1458359878-0
Opcode ID: d328db1f90c702946bb9f83a192993af17f25e3170299cbf6ea3d2290ea0bab3
Instruction ID: ea13d6cad4a117d43b0c3bdfbe764b3949d948e6d825837089fdfddcced38904
Opcode Fuzzy Hash: d328db1f90c702946bb9f83a192993af17f25e3170299cbf6ea3d2290ea0bab3
Instruction Fuzzy Hash: 07A1C921A2D692C6EB694F1598803BB6695FF44B54F14523CEA6ECABC4DF3ED501C340

Function 00007FF68404B9E0 Relevance: 10.6, APIs: 7, Instructions: 133COMMON

Download Yara Rule

APIs

?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ.MSVCP140(?,?,00000000,00000000,00000000,00007FF684045DC1), ref: 00007FF68404BA73
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z.MSVCP140(?,?,00000000,00000000,00000000,00007FF684045DC1), ref: 00007FF68404BAC7
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z.MSVCP140(?,?,00000000,00000000,00000000,00007FF684045DC1), ref: 00007FF68404BAEE
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z.MSVCP140(?,?,00000000,00000000,00000000,00007FF684045DC1), ref: 00007FF68404BB16
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z.MSVCP140(?,?,00000000,00000000,00000000,00007FF684045DC1), ref: 00007FF68404BB5C
?uncaught_exception@std@@YA_NXZ.MSVCP140(?,?,00000000,00000000,00000000,00007FF684045DC1), ref: 00007FF68404BB63
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ.MSVCP140(?,?,00000000,00000000,00000000,00007FF684045DC1), ref: 00007FF68404BB70

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: D@std@@@std@@U?$char_traits@$?sputc@?$basic_streambuf@$?flush@?$basic_ostream@?setstate@?$basic_ios@?sputn@?$basic_streambuf@?uncaught_exception@std@@Osfx@?$basic_ostream@V12@
String ID:
API String ID: 1492985063-0
Opcode ID: 5d7e731beace90e67b133e7d81531060f97b1cccd70cb41218fc4173e7c6edea
Instruction ID: 29478dd571cd4200a93f040586ccfb86b88894809ee52684239d9dba3e090950
Opcode Fuzzy Hash: 5d7e731beace90e67b133e7d81531060f97b1cccd70cb41218fc4173e7c6edea
Instruction Fuzzy Hash: 36514C22609A41C2EA208B19E5D423AA7B0FFA5FD9F158539CA5EC3BE0CF7DD556C340

Function 00007FF6840593B0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 113COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF68404C3C0: memcpy.VCRUNTIME140(?,?,?,?,00007FF68404119B), ref: 00007FF68404C3F8

rand.API-MS-WIN-CRT-UTILITY-L1-1-0 ref: 00007FF684059444
SetConsoleTitleA.KERNEL32 ref: 00007FF6840594E6
SleepEx.KERNELBASE ref: 00007FF6840594F1
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68405953D
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF684059544

Strings

0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz, xrefs: 00007FF684059405

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$ConsoleSleepTitlememcpyrand
String ID: 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz
API String ID: 1902447314-3592501980
Opcode ID: f94dadda6200bf8aa22c542acff864b2a3a6dda198d742b9247588f32b1c59e7
Instruction ID: ada5adec05ee9c403430793a7702543583ca6c7fa0a80d9acbfc4be40978aeae
Opcode Fuzzy Hash: f94dadda6200bf8aa22c542acff864b2a3a6dda198d742b9247588f32b1c59e7
Instruction Fuzzy Hash: 6A417C62F18B91C9FB10DBA5D8802AD3B71FF44BA8F55423ADE5D66A98DF789481C300

Function 00007FF6840767A0 Relevance: 9.2, APIs: 4, Strings: 2, Instructions: 193COMMON

Download Yara Rule

APIs

free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6840767EE
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF684076805
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF684076932
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF68407695E

Strings

Connection #%ld to host %s left intact, xrefs: 00007FF684076A1B
%s, xrefs: 00007FF684076A67

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: free
String ID: %s$Connection #%ld to host %s left intact
API String ID: 1294909896-118628944
Opcode ID: 39fe0149f91f9d1f50903ec7d216a81b5543df6614f9a4ebef1af22a131fd602
Instruction ID: 8d5de0e9ec83c1a65daf264095833f649142d1cd124606266d948342da901864
Opcode Fuzzy Hash: 39fe0149f91f9d1f50903ec7d216a81b5543df6614f9a4ebef1af22a131fd602
Instruction Fuzzy Hash: 2A914032F0C692D2EB589B2599903BB63A4FF84B94F044939DE4E8B695CF3DE460C741

Function 00007FF684080C10 Relevance: 9.1, APIs: 4, Strings: 2, Instructions: 147COMMON

Download Yara Rule

APIs

free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF684080C3B
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF684080C51

Part of subcall function 00007FF6840809F0: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FF684081075), ref: 00007FF684080A6D
Part of subcall function 00007FF6840809F0: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FF684081075), ref: 00007FF684080A8A
Part of subcall function 00007FF6840809F0: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FF684081075), ref: 00007FF684080A9E
Part of subcall function 00007FF6840809F0: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FF684081075), ref: 00007FF684080ABA
Part of subcall function 00007FF6840809F0: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FF684081075), ref: 00007FF684080AD7
Part of subcall function 00007FF6840809F0: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FF684081075), ref: 00007FF684080AFA
Part of subcall function 00007FF6840809F0: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FF684081075), ref: 00007FF684080B0E
Part of subcall function 00007FF6840809F0: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FF684081075), ref: 00007FF684080B22
Part of subcall function 00007FF6840809F0: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FF684081075), ref: 00007FF684080B48
Part of subcall function 00007FF6840809F0: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FF684081075), ref: 00007FF684080B5C
Part of subcall function 00007FF6840809F0: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FF684081075), ref: 00007FF684080B70
Part of subcall function 00007FF6840809F0: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FF684081075), ref: 00007FF684080BBF
Part of subcall function 00007FF6840809F0: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FF684081075), ref: 00007FF684080BCC

Part of subcall function 00007FF6840809F0: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FF684081075), ref: 00007FF684080BF5

memset.VCRUNTIME140 ref: 00007FF684080C85

Strings

User-Agent: %s, xrefs: 00007FF684080D1F
Connected to %s (%s) port %ld (#%ld), xrefs: 00007FF684080E61

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: free$memset
String ID: Connected to %s (%s) port %ld (#%ld)$User-Agent: %s
API String ID: 2717317152-3248832348
Opcode ID: 6774b005abd0c4f633f8e67e6caea4d51e92550bbca8448eb4d1f1d044ba83b3
Instruction ID: c042352ff3ff9cf5496a66515d7a4c7b7959f015d9d595ac3745a11109cadf78
Opcode Fuzzy Hash: 6774b005abd0c4f633f8e67e6caea4d51e92550bbca8448eb4d1f1d044ba83b3
Instruction Fuzzy Hash: 83716B22A4CBC2C1E751CF25D9902BF2760FF85B94F194139DA9D8B296EF39E491C710

Function 00007FF6840858A0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 112networkCOMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF684085966
recv.WS2_32 ref: 00007FF684085990
send.WS2_32 ref: 00007FF6840859B3
WSAGetLastError.WS2_32 ref: 00007FF6840859C5

Strings

Send failure: %s, xrefs: 00007FF6840859F5

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: ErrorLastmallocrecvsend
String ID: Send failure: %s
API String ID: 25851408-857917747
Opcode ID: 2aa8b678249f593e6c185d5ce1b31a4a4e2c964bbe74dd8f369a2ebdf7081e2e
Instruction ID: 64e4caea033a1258d4b52ed57494afcc5674e9372dc1d75e5b5a6eb8457b1f6e
Opcode Fuzzy Hash: 2aa8b678249f593e6c185d5ce1b31a4a4e2c964bbe74dd8f369a2ebdf7081e2e
Instruction Fuzzy Hash: 47417C32B09B81C5EB659F25E99077AA6A0BF48BA8F444239CEAD87794DE3CD454C700

Function 00007FF6840B0DB0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 31COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF684087F90: GetModuleHandleA.KERNEL32(00000000,?,?,00007FF6840B0DEA,?,?,?,?,00007FF68408831B), ref: 00007FF684087FA4

GetProcAddressForCaller.KERNELBASE(?,?,?,?,00007FF68408831B), ref: 00007FF6840B0E00

Strings

security.dll, xrefs: 00007FF6840B0DDA
InitSecurityInterfaceA, xrefs: 00007FF6840B0DF6
secur32.dll, xrefs: 00007FF6840B0DD3

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: AddressCallerHandleModuleProc
String ID: InitSecurityInterfaceA$secur32.dll$security.dll
API String ID: 2084706301-3788156360
Opcode ID: 00ac4551e4000e83dac8a08b12ed75b8677ed39992c15d302a4d884f5b2666ef
Instruction ID: 005a33ab8edc5b9b69bd7ad3c6dab3405cf556f2644539abf0978599040c17e7
Opcode Fuzzy Hash: 00ac4551e4000e83dac8a08b12ed75b8677ed39992c15d302a4d884f5b2666ef
Instruction Fuzzy Hash: C5F0CF60E0AB03C0EE599B16ADD177222A1BF94789F98483CC41C96292FE3CE5A9C750

Function 00007FF68408FF10 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 97COMMON

Download Yara Rule

APIs

calloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF684090010

Part of subcall function 00007FF6840905A0: free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6840905FA

Part of subcall function 00007FF684090350: free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6840903E8
Part of subcall function 00007FF684090350: free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6840903F1

Strings

TCP4, xrefs: 00007FF68408FFAA
TCP6, xrefs: 00007FF68408FF97
PROXY %s %s %s %li %li, xrefs: 00007FF68408FFE4

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: free$calloc
String ID: PROXY %s %s %s %li %li$TCP4$TCP6
API String ID: 3095843317-1242256665
Opcode ID: b3b0a9be8fe6ada87d4feccaea3f7c5bd9563551ce0aa026ee54c6bd36ba8a48
Instruction ID: 34d742a6a3084a45119b88b69920c6061b6df29e8248292178c9f319b7afd054
Opcode Fuzzy Hash: b3b0a9be8fe6ada87d4feccaea3f7c5bd9563551ce0aa026ee54c6bd36ba8a48
Instruction Fuzzy Hash: 30415731A0C682D6EB50DB25E4803BB6BA1BF85744F18403ADA4DC7687EE3ED545C701

Function 00007FF684075660 Relevance: 6.1, APIs: 4, Instructions: 95COMMON

Download Yara Rule

APIs

calloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,00000000,00007FF684070116), ref: 00007FF68407567D
closesocket.WS2_32 ref: 00007FF684075789
closesocket.WS2_32 ref: 00007FF684075796

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: closesocket$calloc
String ID:
API String ID: 2958813939-0
Opcode ID: 8825456cdb7d912e159980e5f21c913117ff77a2f7f3452ced2f045055737288
Instruction ID: 44be46b1ba8c4eabe344b246cc823f15741d50835f2e9599788561137ddec370
Opcode Fuzzy Hash: 8825456cdb7d912e159980e5f21c913117ff77a2f7f3452ced2f045055737288
Instruction Fuzzy Hash: 27413D35A0CA42C1E740EF34E8802EA6361FF88768F884639DE5D8A6DAEF39D545C311

Function 00007FF684075860 Relevance: 4.8, APIs: 3, Instructions: 309networkCOMMON

Download Yara Rule

APIs

recv.WS2_32 ref: 00007FF684075C56
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF684075C77

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: freerecv
String ID:
API String ID: 2032557106-0
Opcode ID: ee791b666369b3eb844aaa81bf8ecea06778c19a65393f0493bd20319140323d
Instruction ID: a2d9995cde4c61aa394507cd6992548e4fa477bee87ffb12eee29f0675be5637
Opcode Fuzzy Hash: ee791b666369b3eb844aaa81bf8ecea06778c19a65393f0493bd20319140323d
Instruction Fuzzy Hash: 88C1C62261D682C6E7658B2590803FBA6F0FF447A4F544239DE9E87BC5EE3EE941C701

Function 00007FF684081910 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 106COMMON

Download Yara Rule

APIs

free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF684081975

Strings

User-Agent: %s, xrefs: 00007FF684081986
Connected to %s (%s) port %ld (#%ld), xrefs: 00007FF684081AB4

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: free
String ID: Connected to %s (%s) port %ld (#%ld)$User-Agent: %s
API String ID: 1294909896-3248832348
Opcode ID: a93d15b710349f08d7b10515c0cb6859e7c076c98dddf9324f7f50b95f873d92
Instruction ID: 07dc689182d4b4bc13ba7332d440cdd8916aa31e39095be372ad8d46234778c7
Opcode Fuzzy Hash: a93d15b710349f08d7b10515c0cb6859e7c076c98dddf9324f7f50b95f873d92
Instruction Fuzzy Hash: 81515E62A18AC1C1E7518F29D5843AE67A0FF84B98F084239DE9C8B39ADF7DD491C710

Function 00007FF6840856C0 Relevance: 3.0, APIs: 2, Instructions: 23networkCOMMON

Download Yara Rule

APIs

recv.WS2_32 ref: 00007FF6840856CC
WSAGetLastError.WS2_32 ref: 00007FF6840856DB

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: ErrorLastrecv
String ID:
API String ID: 2514157807-0
Opcode ID: 0e05c7e473d21cdd1a7aa207f52f42c28ceb2d2dcb04e883cf6aa634ca7013be
Instruction ID: e888a6734666242e2ee2c9eefe3407b2596d1ff48a7448d7ea5cdce877907e85
Opcode Fuzzy Hash: 0e05c7e473d21cdd1a7aa207f52f42c28ceb2d2dcb04e883cf6aa634ca7013be
Instruction Fuzzy Hash: 0BE01A21F05905C2EF295771A8A577A2194DF54731F845738CA3A866D0DE6C44D68710

Function 00007FF684085FA0 Relevance: 1.5, APIs: 1, Instructions: 40COMMON

Download Yara Rule

APIs

closesocket.WS2_32 ref: 00007FF684085FE3

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: closesocket
String ID:
API String ID: 2781271927-0
Opcode ID: c87ed09db03c22d762ff2485e2d2817bff021edca5fa596c5bb8c8089d942758
Instruction ID: 3e3c2ca41171270b3a5cbbf3f390ee208470e4346bc91d21a8453ae85a90c44a
Opcode Fuzzy Hash: c87ed09db03c22d762ff2485e2d2817bff021edca5fa596c5bb8c8089d942758
Instruction Fuzzy Hash: 2401B912B19541C1EB54DB3AD5D83BEA3A0FF88B84F889035DB4D87697DF29D455C301

Function 00007FF68408CD30 Relevance: 1.5, APIs: 1, Instructions: 23networkCOMMON

Download Yara Rule

APIs

socket.WS2_32 ref: 00007FF68408CD59

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: socket
String ID:
API String ID: 98920635-0
Opcode ID: 39661acd4fbd1b204517babd56c72a8b76ae6c988ee4938594f2527c8951f682
Instruction ID: b66940ad70bec619f052a8ea33f36e0d15b93b7fb2c6fb6e851ec41cdc9e2564
Opcode Fuzzy Hash: 39661acd4fbd1b204517babd56c72a8b76ae6c988ee4938594f2527c8951f682
Instruction Fuzzy Hash: 5BE09236E06601C2DE18A72588D16BA3360BF94B34FC44779CA3D463D1CE2C925BEB00

Function 00007FF684097990 Relevance: 1.5, APIs: 1, Instructions: 17COMMON

Download Yara Rule

APIs

_beginthreadex.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF6840979AB

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: _beginthreadex
String ID:
API String ID: 3014514943-0
Opcode ID: 9175d838666ea8fda9a4c0d1dfd6d6478aba79b5e56d67f217baf21c8ade24f8
Instruction ID: 2a6aae5e7265ea23a44852a045f29ff49ca65cd5c21bd3186db751cae42e6bdf
Opcode Fuzzy Hash: 9175d838666ea8fda9a4c0d1dfd6d6478aba79b5e56d67f217baf21c8ade24f8
Instruction Fuzzy Hash: 8FD0C263B18A00839B209F62A840029E251BB887B0B48433CAE7D82BE0DF3CD1418600

Function 00007FF684054BB0 Relevance: 1.5, APIs: 1, Instructions: 12COMMON

Download Yara Rule

APIs

_Cnd_do_broadcast_at_thread_exit.MSVCP140 ref: 00007FF684054BBB

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: Cnd_do_broadcast_at_thread_exit
String ID:
API String ID: 2632783013-0
Opcode ID: 5b3921d6c1eb65cbf832431e3fd926aac6940574de6022ae18550d2d19124705
Instruction ID: 0a93a70971dd595a799f4645cdb8f4e1aaa6220a242cb96d87f8c729e3431f5c
Opcode Fuzzy Hash: 5b3921d6c1eb65cbf832431e3fd926aac6940574de6022ae18550d2d19124705
Instruction Fuzzy Hash: B9C08C40F20202C2FB2437B2A8892AF0250AF49B11F189038C9068A781DD3D84EA8750

Function 00007FF6840938D0 Relevance: 1.5, APIs: 1, Instructions: 10COMMON

Download Yara Rule

APIs

ioctlsocket.WS2_32 ref: 00007FF6840938E9

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: ioctlsocket
String ID:
API String ID: 3577187118-0
Opcode ID: ea14aa148b4fa89a11177c6fcb620e784d9f3e146eb80bf2e5ef9c16bd4b40db
Instruction ID: ccc5184da33eb53d0e0cd6eb13f8f7c74c95613f5bb6ae05cd65896d2089767a
Opcode Fuzzy Hash: ea14aa148b4fa89a11177c6fcb620e784d9f3e146eb80bf2e5ef9c16bd4b40db
Instruction Fuzzy Hash: 16C08056F155C1C3D3446F6158C508767B1BFC4204F95543DD50781524DD3CC2A9CB44

Non-executed Functions

Function 00007FF6840914D0 Relevance: 127.2, APIs: 25, Strings: 47, Instructions: 1228stringCOMMON

Download Yara Rule

APIs

_strdup.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF684092693

Part of subcall function 00007FF6840854C0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF6840855E5
Part of subcall function 00007FF6840854C0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF684085600

memchr.VCRUNTIME140 ref: 00007FF684092786
strncmp.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF68409289E
strchr.VCRUNTIME140 ref: 00007FF6840928B2
strchr.VCRUNTIME140 ref: 00007FF6840928DA
strchr.VCRUNTIME140 ref: 00007FF6840928F0

Strings

HTTP/1.1 proxy connection set close!, xrefs: 00007FF684091E7D
HTTP 1.0, assume close after body, xrefs: 00007FF684091937
Overflow Content-Length: value!, xrefs: 00007FF684091A6B
The requested URL returned error: %d, xrefs: 00007FF684092A63
HTTP/1.0 proxy connection set to keep alive!, xrefs: 00007FF684091E5C
Unsupported HTTP version in response, xrefs: 00007FF684092871
HTTP error before end of send, keep sending, xrefs: 00007FF6840926B9
RTSP/%1d.%1d%c%3d, xrefs: 00007FF68409185D
Content-Type:, xrefs: 00007FF684091A86
Last-Modified:, xrefs: 00007FF684092107
HTTP %3d, xrefs: 00007FF684091738
HTTP error before end of send, stop sending, xrefs: 00007FF6840926DD
Invalid Content-Length: value, xrefs: 00007FF684092948
Set-Cookie:, xrefs: 00007FF684092063
RTSP/, xrefs: 00007FF6840915C4
Content-Encoding:, xrefs: 00007FF684091ED1
Transfer-Encoding:, xrefs: 00007FF684091E1A
The requested URL returned error: %s, xrefs: 00007FF684092907
WWW-Authenticate:, xrefs: 00007FF684092166
, xrefs: 00007FF6840916BC
Got 417 while waiting for a 100, xrefs: 00007FF684092673
Connection closure while negotiating auth (HTTP 1.0?), xrefs: 00007FF6840924DC, 00007FF684092528
Maximum file size exceeded, xrefs: 00007FF68409292F
false, xrefs: 00007FF684092240
HTTP/1.0 connection set to keep alive!, xrefs: 00007FF684091E9B
no chunk, no close, no size. Assume close to signal end, xrefs: 00007FF684092486
, xrefs: 00007FF684091872
Negotiate: noauthpersist -> %d, header part: %s, xrefs: 00007FF68409225C
Lying server, not serving HTTP/2, xrefs: 00007FF6840916EC
Content-Range:, xrefs: 00007FF684091F9E
keep-alive, xrefs: 00007FF684091B96, 00007FF684091D26
Proxy-authenticate:, xrefs: 00007FF684092191
Persistent-Auth, xrefs: 00007FF684092202
HTTP/, xrefs: 00007FF6840917D9
Proxy-Connection:, xrefs: 00007FF684091B03, 00007FF684091BDC
Retry-After:, xrefs: 00007FF684091F13
Location:, xrefs: 00007FF68409229E
Connection:, xrefs: 00007FF684091C9B, 00007FF684091D50
Received 101, xrefs: 00007FF68409296B
HTTP, xrefs: 00007FF68409288E
Keep sending data to get tossed away!, xrefs: 00007FF68409272C
HTTP/%1d.%1d%c%3d, xrefs: 00007FF684091669
HTTP/%1[23] %d, xrefs: 00007FF684091694
Content-Length:, xrefs: 00007FF6840919DF
close, xrefs: 00007FF684091C63, 00007FF684091DE3
Mark bundle as not supporting multiuse, xrefs: 00007FF68409170F
Received HTTP/0.9 when not allowed, xrefs: 00007FF6840927FB

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: strchr$fwrite$_strdupmemchrstrncmp
String ID: $ $ HTTP %3d$ HTTP/%1[23] %d$ HTTP/%1d.%1d%c%3d$ RTSP/%1d.%1d%c%3d$Connection closure while negotiating auth (HTTP 1.0?)$Connection:$Content-Encoding:$Content-Length:$Content-Range:$Content-Type:$Got 417 while waiting for a 100$HTTP$HTTP 1.0, assume close after body$HTTP error before end of send, keep sending$HTTP error before end of send, stop sending$HTTP/$HTTP/1.0 connection set to keep alive!$HTTP/1.0 proxy connection set to keep alive!$HTTP/1.1 proxy connection set close!$Invalid Content-Length: value$Keep sending data to get tossed away!$Last-Modified:$Location:$Lying server, not serving HTTP/2$Mark bundle as not supporting multiuse$Maximum file size exceeded$Negotiate: noauthpersist -> %d, header part: %s$Overflow Content-Length: value!$Persistent-Auth$Proxy-Connection:$Proxy-authenticate:$RTSP/$Received 101$Received HTTP/0.9 when not allowed$Retry-After:$Set-Cookie:$The requested URL returned error: %d$The requested URL returned error: %s$Transfer-Encoding:$Unsupported HTTP version in response$WWW-Authenticate:$close$false$keep-alive$no chunk, no close, no size. Assume close to signal end
API String ID: 3939785054-690044944
Opcode ID: 1782f86dc8c6b33f3977ef8ffc11a7e61ef3a2d6b817ff129818f8e222c8e449
Instruction ID: c8a30dd374e836bc1478b0077ca888621be5c5631cded5e3ab9c62425781ce3c
Opcode Fuzzy Hash: 1782f86dc8c6b33f3977ef8ffc11a7e61ef3a2d6b817ff129818f8e222c8e449
Instruction Fuzzy Hash: 29C28A72A08682C5FB609B2599843FA6B91FF41B89F48453DCE4D8B7DADE3EE445C310

Function 00007FF684078420 Relevance: 105.7, APIs: 41, Strings: 19, Instructions: 728stringCOMMON

Download Yara Rule

APIs

_time64.API-MS-WIN-CRT-TIME-L1-1-0(00000000,?,00000000,?,00000000,?,?,00007FF684079C77), ref: 00007FF684078490
calloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6840784AB
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6840784E4
strchr.VCRUNTIME140 ref: 00007FF6840784F7
strncmp.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF684078677
strncmp.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF684078698
_strdup.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF6840786BB
_strdup.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF6840786C8
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF684078761
_strdup.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF68407876A
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF684078782
strchr.VCRUNTIME140 ref: 00007FF68407896F
strchr.VCRUNTIME140 ref: 00007FF684078989
_strdup.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF684078A7C
strchr.VCRUNTIME140 ref: 00007FF684078AA8
strrchr.VCRUNTIME140 ref: 00007FF684078ABA
malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF684078ADB
memcpy.VCRUNTIME140 ref: 00007FF684078AF4
strncmp.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF684078B68
strchr.VCRUNTIME140 ref: 00007FF684078B8B
strchr.VCRUNTIME140 ref: 00007FF684078BA0

Strings

path, xrefs: 00007FF68407874D
TRUE, xrefs: 00007FF684078BD7
httponly, xrefs: 00007FF684078726
domain, xrefs: 00007FF6840787A1
%s cookie %s="%s" for domain %s, path %s, expire %I64d, xrefs: 00007FF6840790A7
Added, xrefs: 00007FF68407909D
oversized cookie dropped, name/val %zu + %zu bytes, xrefs: 00007FF6840789FF
%4095[^;=] =%4095[^;], xrefs: 00007FF684078536
Replaced, xrefs: 00007FF684079091
__Host-, xrefs: 00007FF684078691
skipped cookie with bad tailmatch domain: %s, xrefs: 00007FF68407888E
__Secure-, xrefs: 00007FF684078670
FALSE, xrefs: 00007FF684078BDE, 00007FF684078DDB
max-age, xrefs: 00007FF6840788D8
localhost, xrefs: 00007FF6840787CF
secure, xrefs: 00007FF6840786EE
expires, xrefs: 00007FF684078905
#HttpOnly_, xrefs: 00007FF684078B5E
version, xrefs: 00007FF6840788AB

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: strchr$_strdup$freestrncmp$_time64callocmallocmemcpystrrchr
String ID: #HttpOnly_$%4095[^;=] =%4095[^;]$%s cookie %s="%s" for domain %s, path %s, expire %I64d$Added$FALSE$Replaced$TRUE$__Host-$__Secure-$domain$expires$httponly$localhost$max-age$oversized cookie dropped, name/val %zu + %zu bytes$path$secure$skipped cookie with bad tailmatch domain: %s$version
API String ID: 2059720140-3844637060
Opcode ID: e6739b7da320e9b38ba8d23b347ef48bec2e79d3882a771d1358fdf7c621a3b3
Instruction ID: 92f176b3c439c14702dd2e28234a510a528bca68c157b8235ad32aab55341024
Opcode Fuzzy Hash: e6739b7da320e9b38ba8d23b347ef48bec2e79d3882a771d1358fdf7c621a3b3
Instruction Fuzzy Hash: CF727C22A0C786C5FB618B25D4D43BB67B0FF55794F484139CA8E86696EF3DE484E302

Function 00007FF6840626E0 Relevance: 85.6, APIs: 37, Strings: 11, Instructions: 1585stringCOMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68406271C
GetModuleFileNameW.KERNEL32 ref: 00007FF6840627AE
PathFindFileNameW.SHLWAPI ref: 00007FF6840627BB
memcpy.VCRUNTIME140 ref: 00007FF68406292E
memcpy.VCRUNTIME140 ref: 00007FF6840629AB
memcpy.VCRUNTIME140 ref: 00007FF684062A05
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF684062AB9
memcpy.VCRUNTIME140 ref: 00007FF684062AE8
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF684062B65
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF684062BA6
__std_fs_code_page.MSVCPRT ref: 00007FF684062BD8
__std_fs_convert_narrow_to_wide.LIBCPMT ref: 00007FF684062C23
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF684062DC2
memcpy.VCRUNTIME140 ref: 00007FF684062EB1
__std_fs_code_page.MSVCPRT ref: 00007FF684063058
__std_fs_convert_narrow_to_wide.LIBCPMT ref: 00007FF684062C61

Part of subcall function 00007FF6840BDBE8: MultiByteToWideChar.KERNEL32 ref: 00007FF6840BDC04
Part of subcall function 00007FF6840BDBE8: GetLastError.KERNEL32 ref: 00007FF6840BDC12

__std_fs_convert_narrow_to_wide.LIBCPMT ref: 00007FF6840630A3
__std_fs_convert_narrow_to_wide.LIBCPMT ref: 00007FF6840630E1
memcpy.VCRUNTIME140 ref: 00007FF68406330D
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68406344D

Part of subcall function 00007FF6840BE310: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF6840BE340
Part of subcall function 00007FF6840BE310: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF6840BE346

_time64.API-MS-WIN-CRT-TIME-L1-1-0 ref: 00007FF68406370B
_localtime64.API-MS-WIN-CRT-TIME-L1-1-0 ref: 00007FF68406371F
strftime.API-MS-WIN-CRT-TIME-L1-1-0 ref: 00007FF68406373E
memset.VCRUNTIME140 ref: 00007FF684063753
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z.MSVCP140 ref: 00007FF684063D69
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF684063DA8
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF684063E05
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF684063E4A
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF684063E8F
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ.MSVCP140 ref: 00007FF684063EDA
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ.MSVCP140 ref: 00007FF684063EE7
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF684063F26
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF684063F83
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF684064082
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF684064094
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF6840640D1
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF68406410B

Part of subcall function 00007FF6840BE310: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,0000000100000000,00007FF68404C47E,?,?,?,?,00007FF68404119B), ref: 00007FF6840BE32A

Strings

@ , xrefs: 00007FF684063B9D
\Debug, xrefs: 00007FF684062EB6, 00007FF684063312, 00007FF6840634A4
\KeyAuth, xrefs: 00007FF684062933
Data sent : , xrefs: 00007FF684063BC0
\Debug\, xrefs: 00007FF684062AED
Response : , xrefs: 00007FF684063C27
%M-%d-%Y, xrefs: 00007FF68406372B
.txt, xrefs: 00007FF68406381B
exists, xrefs: 00007FF684064043, 00007FF684064059, 00007FF68406406F, 00007FF6840640BE
Sent to: , xrefs: 00007FF684063C7A
create_directory, xrefs: 00007FF6840640F8, 00007FF68406411D, 00007FF684064130

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_taskmemcpy$__std_fs_convert_narrow_to_wide$D@std@@@std@@U?$char_traits@$FileName__std_fs_code_page$??1?$basic_ios@??1?$basic_ostream@?setstate@?$basic_ios@ByteCharErrorFindLastModuleMultiPathWide_localtime64_time64mallocmemsetstrftime
String ID: @ $Data sent : $Response : $%M-%d-%Y$.txt$Sent to: $\Debug$\Debug\$\KeyAuth$create_directory$exists
API String ID: 74633477-3062033042
Opcode ID: 877af5aec50049eeb70dc1ccf71ca30e588d18c06adcb9891dca66d95e19e713
Instruction ID: cddb21d26f163235f0d2a1fb28287b362bb4f89268516ced6fe262c9bd8dbfc4
Opcode Fuzzy Hash: 877af5aec50049eeb70dc1ccf71ca30e588d18c06adcb9891dca66d95e19e713
Instruction Fuzzy Hash: 77F27F32A08B82C5EB20DF74D8803EE6361FF95398F50523ADA5D97A9ADF78D584C740

Function 00007FF684068560 Relevance: 62.2, APIs: 26, Strings: 9, Instructions: 972COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6840BE310: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,0000000100000000,00007FF68404C47E,?,?,?,?,00007FF68404119B), ref: 00007FF6840BE32A

?_Xbad_function_call@std@@YAXXZ.MSVCP140 ref: 00007FF6840686A9
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF684068877
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF6840688B6

Part of subcall function 00007FF684059F00: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF684059FC7

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF684068A8D
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF684068AE8
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF684068B2D
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF684068B88

Part of subcall function 00007FF68404B560: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68404B597

Strings

numUsers, xrefs: 00007FF684069589
tdfree.json, xrefs: 00007FF6840686BA
V, xrefs: 00007FF684068FC6
Y, xrefs: 00007FF6840689A8
You need to run the KeyAuthApp.init(); function before any other KeyAuth functions, xrefs: 00007FF68406870F
numOnlineUsers, xrefs: 00007FF6840695C5
k, xrefs: 00007FF6840690D1
, xrefs: 00007FF684068F0E
Signature checksum failed. Request was tampered with or session ended most likely. & echo: & echo Message: , xrefs: 00007FF6840690DA

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$Xbad_function_call@std@@malloc
String ID: $Signature checksum failed. Request was tampered with or session ended most likely. & echo: & echo Message: $You need to run the KeyAuthApp.init(); function before any other KeyAuth functions$Y$k$numOnlineUsers$numUsers$tdfree.json$V
API String ID: 2441929623-2822298944
Opcode ID: 692485d6d8ef30d4a1914b39f19517b8d55f6759fa7326ed9ca506e34564e983
Instruction ID: 072091c1afb50bc4db59435fb2a9eb7f9096228aa2e97d8a285068e7111ff020
Opcode Fuzzy Hash: 692485d6d8ef30d4a1914b39f19517b8d55f6759fa7326ed9ca506e34564e983
Instruction Fuzzy Hash: 09A2AD62A18BC6C9EB108F64D8843EE2761FF85798F50423ADB5D97A99EF7CD184C340

Function 00007FF68405E45E Relevance: 60.3, APIs: 29, Strings: 5, Instructions: 816COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68405E88F
__std_exception_destroy.VCRUNTIME140 ref: 00007FF68405E8BB
__std_exception_destroy.VCRUNTIME140 ref: 00007FF68405E8C8
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68405E902
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68405E961
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68405EA24
__std_exception_destroy.VCRUNTIME140 ref: 00007FF68405EA50
__std_exception_destroy.VCRUNTIME140 ref: 00007FF68405EA5D
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68405EA97
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68405EAF6
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68405F452
__std_exception_destroy.VCRUNTIME140 ref: 00007FF68405F47E
__std_exception_destroy.VCRUNTIME140 ref: 00007FF68405F48B
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68405F4C5
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68405F518

Strings

object, xrefs: 00007FF68405EEDC
object separator, xrefs: 00007FF68405EFFC
object key, xrefs: 00007FF68405F0FB
number overflow parsing ', xrefs: 00007FF68405EB11
array, xrefs: 00007FF68405ED4A

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$__std_exception_destroy
String ID: array$number overflow parsing '$object$object key$object separator
API String ID: 1346393832-85532522
Opcode ID: 599d52b84803c935deed4e87508098e1e8a9e13b433be7ecc4198a378c2fa7e6
Instruction ID: 1e8ee49b3e88f98499fade9571f726538a2d5ee8a1fd997f093e0f0aee1c9251
Opcode Fuzzy Hash: 599d52b84803c935deed4e87508098e1e8a9e13b433be7ecc4198a378c2fa7e6
Instruction Fuzzy Hash: E682A262E18B86C6FB00DB78D4813AE2321FF95794F504739DA9D92AD9EF6CE184C340

Function 00007FF68405D22C Relevance: 60.3, APIs: 29, Strings: 5, Instructions: 815COMMON

Download Yara Rule

APIs

__std_exception_destroy.VCRUNTIME140 ref: 00007FF68405DEAE
__std_exception_destroy.VCRUNTIME140 ref: 00007FF68405DEBB
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68405DFA5
__std_exception_destroy.VCRUNTIME140 ref: 00007FF68405DFD2
__std_exception_destroy.VCRUNTIME140 ref: 00007FF68405DFDF
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68405E376

Strings

object, xrefs: 00007FF68405DCE4
object separator, xrefs: 00007FF68405DE08
object key, xrefs: 00007FF68405DF0B
number overflow parsing ', xrefs: 00007FF68405D912
array, xrefs: 00007FF68405DB4F

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: __std_exception_destroy$_invalid_parameter_noinfo_noreturn
String ID: array$number overflow parsing '$object$object key$object separator
API String ID: 2506729964-85532522
Opcode ID: 0269ff5fb413a29482157794e4cf9d6c8a34bc23199345e73271373cbf0ac447
Instruction ID: b0d936f38c08b78245c7ae09f54d6f4d8770a35f2f7895bf27c09e815f79850b
Opcode Fuzzy Hash: 0269ff5fb413a29482157794e4cf9d6c8a34bc23199345e73271373cbf0ac447
Instruction Fuzzy Hash: 2C82A462E18B86C5FB00DB68D4843BE6321FF85794F50573ADA9D92AD9EF6CE085C340

Function 00007FF684082DB0 Relevance: 51.2, APIs: 21, Strings: 8, Instructions: 401stringCOMMON

Download Yara Rule

APIs

memset.VCRUNTIME140 ref: 00007FF684082E0A
memset.VCRUNTIME140 ref: 00007FF684082E1F
strncpy.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF684082E3B
strncpy.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF684082E62
_strdup.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF684082ED9
_strdup.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF684082F0C
strchr.VCRUNTIME140 ref: 00007FF684082FF6
strchr.VCRUNTIME140 ref: 00007FF68408303B
strchr.VCRUNTIME140 ref: 00007FF68408306B
tolower.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF684083113

Part of subcall function 00007FF68409AB80: realloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF68407FF39,?,?,?,?,00007FF68407F2DB), ref: 00007FF68409ABA8
Part of subcall function 00007FF68409AB80: GetEnvironmentVariableA.KERNEL32(?,?,?,00007FF68407FF39,?,?,?,?,00007FF68407F2DB), ref: 00007FF68409ABCE
Part of subcall function 00007FF68409AB80: realloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF68407FF39,?,?,?,?,00007FF68407F2DB), ref: 00007FF68409ABEF
Part of subcall function 00007FF68409AB80: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF68407FF39,?,?,?,?,00007FF68407F2DB), ref: 00007FF68409AC00

free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6840831E6
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF684083215
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF68408323B
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF684083267
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF684083275
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF684083287
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF68408342A
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF684083433

Strings

http_proxy, xrefs: 00007FF68408315D
all_proxy, xrefs: 00007FF684083199
memory shortage, xrefs: 00007FF684082EE7
no_proxy, xrefs: 00007FF684082F31
ALL_PROXY, xrefs: 00007FF6840831B0
NO_PROXY, xrefs: 00007FF684082F4D
_proxy, xrefs: 00007FF684083129
Uses proxy env variable %s == '%s', xrefs: 00007FF684082F6C, 00007FF6840831CA

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: free$strchr$_strdupmemsetreallocstrncpy$EnvironmentVariabletolower
String ID: ALL_PROXY$NO_PROXY$Uses proxy env variable %s == '%s'$_proxy$all_proxy$http_proxy$memory shortage$no_proxy
API String ID: 1339443121-1021110354
Opcode ID: 3aebd47a15dc7035c0c8c9ad58f4a333e2efa86d105fdb11264c6be866e695ff
Instruction ID: f2fd8d879d5aedf244fc5a2f218c60421abe84a3fd0ea9ef056a6185e9e4bd8f
Opcode Fuzzy Hash: 3aebd47a15dc7035c0c8c9ad58f4a333e2efa86d105fdb11264c6be866e695ff
Instruction Fuzzy Hash: F4029D22A4DBD2C5EB61CB15A9943AB6794BF99B98F08003EDE8D87795DF3DE044C700

Function 00007FF6840AFEE0 Relevance: 42.4, APIs: 21, Strings: 3, Instructions: 425COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6840AFF96
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6840B0051
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6840B005F
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6840B0071

Strings

WDigest, xrefs: 00007FF6840AFF21, 00007FF6840B0355
realm, xrefs: 00007FF6840B01F7
digest_sspi: MakeSignature failed, error 0x%08lx, xrefs: 00007FF6840B028B

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: free$malloc
String ID: WDigest$digest_sspi: MakeSignature failed, error 0x%08lx$realm
API String ID: 2190258309-2223379150
Opcode ID: e2a2354df34a3398ec4278dfa31dbae660cd915aba464796a3358d3e217f7e02
Instruction ID: 88ff3d39dbae9a534d680e6722510244444c7a5219b5e8298c710b7c1f82f9bc
Opcode Fuzzy Hash: e2a2354df34a3398ec4278dfa31dbae660cd915aba464796a3358d3e217f7e02
Instruction Fuzzy Hash: 64124C32A08B96C6EB50CF61E8942AE37A4FF48B88F14413ADA4D97B95EF3CD555C700

Function 00007FF684087000 Relevance: 38.8, APIs: 14, Strings: 8, Instructions: 317stringCOMMON

Download Yara Rule

APIs

memset.VCRUNTIME140 ref: 00007FF6840870D2
strncmp.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF6840870ED
strncmp.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF68408712C

Strings

Local Interface %s is ip %s using address family %i, xrefs: 00007FF6840871E7
Local port: %hu, xrefs: 00007FF6840874D5
bind failed with errno %d: %s, xrefs: 00007FF6840874B8
Bind to local port %hu failed, trying next, xrefs: 00007FF6840873E0
getsockname() failed with errno %d: %s, xrefs: 00007FF68408747C
Couldn't bind to interface '%s', xrefs: 00007FF684087270
Name '%s' family %i resolved to '%s' family %i, xrefs: 00007FF6840872F8
Couldn't bind to '%s', xrefs: 00007FF6840871C2

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: strncmp$memset
String ID: Bind to local port %hu failed, trying next$Couldn't bind to '%s'$Couldn't bind to interface '%s'$Local Interface %s is ip %s using address family %i$Local port: %hu$Name '%s' family %i resolved to '%s' family %i$bind failed with errno %d: %s$getsockname() failed with errno %d: %s
API String ID: 3268688168-2769131373
Opcode ID: c9b1b40dd1b8dcfc8ad69d0c6fbb7eaba0245a501e6d7e0ef8dcf8dd891aad0d
Instruction ID: faa8c817866be588cdee7b47d0847645961eb58e859d02d83e9b33722d44d329
Opcode Fuzzy Hash: c9b1b40dd1b8dcfc8ad69d0c6fbb7eaba0245a501e6d7e0ef8dcf8dd891aad0d
Instruction Fuzzy Hash: B0E19022E58692C6EB10CB25ED802BB6760FF95788F40513AEE4E87B5ADF7CD584C700

Function 00007FF6840BDED4 Relevance: 33.2, APIs: 22, Instructions: 224fileCOMMON

Download Yara Rule

APIs

GetFileAttributesExW.KERNEL32 ref: 00007FF6840BDF81
GetLastError.KERNEL32 ref: 00007FF6840BDF8B
FindFirstFileW.KERNEL32 ref: 00007FF6840BDFA2
GetLastError.KERNEL32 ref: 00007FF6840BDFAE
FindClose.KERNEL32 ref: 00007FF6840BDFBC
__std_fs_open_handle.LIBCPMT ref: 00007FF6840BE04F
CloseHandle.KERNEL32 ref: 00007FF6840BE065
CloseHandle.KERNEL32 ref: 00007FF6840BE1E2
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF6840BE1EC

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: Close$ErrorFileFindHandleLast$AttributesFirst__std_fs_open_handleabort
String ID:
API String ID: 4293554670-0
Opcode ID: fb0149a74117d966e3df4ed8251eb934c562f5356dafecc2b44ecf39f0adeba3
Instruction ID: d6356242cb1c775df60f6d442a7a4b3e5e14701574ee9e401b93e8d04c5713f4
Opcode Fuzzy Hash: fb0149a74117d966e3df4ed8251eb934c562f5356dafecc2b44ecf39f0adeba3
Instruction Fuzzy Hash: CE918231A08A42C6E7648B25A88467B63A1BF85BB4F14473CD96EC7BD4DF3CE845C784

Function 00007FF68406489E Relevance: 30.4, APIs: 16, Strings: 1, Instructions: 659COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF6840648B3

Part of subcall function 00007FF68404AC80: memcpy.VCRUNTIME140 ref: 00007FF68404ACC6

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF6840648F2
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF684064AB6
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF684064B05
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF684064B54
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF684064BA9
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF684064BEB
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF684064C43
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF684064C82

Strings

Y, xrefs: 00007FF684064993

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$memcpy
String ID: Y
API String ID: 3063020102-3822988203
Opcode ID: f21732dcbf19ff454e483d2d4238f810cee44098eff1fbc2c792ac9e4ab5eddb
Instruction ID: 2344f040b17018a7b73dd806985aafc93b563fab7e36fed4edcf6455e193c1d3
Opcode Fuzzy Hash: f21732dcbf19ff454e483d2d4238f810cee44098eff1fbc2c792ac9e4ab5eddb
Instruction Fuzzy Hash: 0B62AF62E18BC6C4EB108B64D8843EE2761FF55798F405229DBAE5BADADF78D1C4C340

Function 00007FF684065A60 Relevance: 30.3, APIs: 12, Strings: 5, Instructions: 509COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF68404C3C0: memcpy.VCRUNTIME140(?,?,?,?,00007FF68404119B), ref: 00007FF68404C3F8

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF684065C05
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF684065C45

Part of subcall function 00007FF68404CE90: memcpy.VCRUNTIME140(?,?,?,?,?,?,00007FF68404ACF8), ref: 00007FF68404CF84
Part of subcall function 00007FF68404CE90: memcpy.VCRUNTIME140(?,?,?,?,?,?,00007FF68404ACF8), ref: 00007FF68404CF92

memcpy.VCRUNTIME140 ref: 00007FF684065D34
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF684065E8A
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF684065ECA
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF684065F1B
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF684065F5A
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF684065FB5
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF684066097
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF6840660D7
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF6840661BF
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF6840661FF

Strings

; last read: ', xrefs: 00007FF684065D2A, 00007FF684065D4C
unexpected , xrefs: 00007FF684065FFE
syntax error , xrefs: 00007FF684065AA3
while parsing , xrefs: 00007FF684065B01
; expected , xrefs: 00007FF684066125

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$memcpy
String ID: ; expected $; last read: '$syntax error $unexpected $while parsing
API String ID: 3063020102-4239264347
Opcode ID: 0f89221983c0a486a3ed7ae411119f5ad8967a90bcd0a2b22a9b01b6361e7aa0
Instruction ID: 023edd3251bfccd4965908b6b63219b0821974a7aa6a7386c68b96269a55b219
Opcode Fuzzy Hash: 0f89221983c0a486a3ed7ae411119f5ad8967a90bcd0a2b22a9b01b6361e7aa0
Instruction Fuzzy Hash: 9D22BF62E18B8585FB14CB68E4803AE6361FF957A4F504739DAAE53AD9DF7CE0C4C200

Function 00007FF6840AEEB0 Relevance: 28.3, APIs: 11, Strings: 5, Instructions: 252fileCOMMON

Download Yara Rule

APIs

fopen.API-MS-WIN-CRT-STDIO-L1-1-0(00000468,00000470,00000000,?), ref: 00007FF6840AEF43
fgets.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF6840AEF6D
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6840AF032
_strdup.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF6840AF03E
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6840AF0A2
_strdup.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF6840AF0AE
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6840AF1B1
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6840AF1BF
fclose.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF6840AF1CA
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6840AF21F
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6840AF23E

Strings

, xrefs: 00007FF6840AEF81, 00007FF6840AF182
default, xrefs: 00007FF6840AF15D
login, xrefs: 00007FF6840AF0CE
password, xrefs: 00007FF6840AF0E9
machine, xrefs: 00007FF6840AF101, 00007FF6840AF142

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: free$_strdup$fclosefgetsfopen
String ID: $default$login$machine$password
API String ID: 431015889-155862542
Opcode ID: 046b9b77b73f85b4edbfb93ce3b712a3bc2181a242e3f613419bf5963a754d6e
Instruction ID: e7d43d79ff68c546535c8b3771df48bd87690f7b3436b55b4ccebd0cc4a72c3a
Opcode Fuzzy Hash: 046b9b77b73f85b4edbfb93ce3b712a3bc2181a242e3f613419bf5963a754d6e
Instruction Fuzzy Hash: 3CA1AE22A0C682C6FB65DB21E9D477B66A0BF84784F08453DDE8E967A4EF3CE445C710

Function 00007FF68405D31A Relevance: 26.6, APIs: 13, Strings: 2, Instructions: 348COMMON

Download Yara Rule

APIs

_dclass.API-MS-WIN-CRT-MATH-L1-1-0 ref: 00007FF68405D322
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68405DA1E
__std_exception_destroy.VCRUNTIME140 ref: 00007FF68405DA4C
__std_exception_destroy.VCRUNTIME140 ref: 00007FF68405DA59
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68405DA93
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68405E376

Strings

number overflow parsing ', xrefs: 00007FF68405D912
array, xrefs: 00007FF68405DB4F

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$__std_exception_destroy$_dclass
String ID: array$number overflow parsing '
API String ID: 1391767211-1723591761
Opcode ID: 78fc587c4c22a830443fae00fbe920849ea048cf752043ddecf9422e9d6edd7c
Instruction ID: 2ff8f0c122a96c5cbafa11d6feef8b52538c4bcf4df2a02b40bea42cc203ad4c
Opcode Fuzzy Hash: 78fc587c4c22a830443fae00fbe920849ea048cf752043ddecf9422e9d6edd7c
Instruction Fuzzy Hash: 54E1A662E18B86C5FB009B78D4843BE2362FF857A4F50573ADA5D96AD9DF6CE084C340

Function 00007FF68405E583 Relevance: 24.8, APIs: 12, Strings: 2, Instructions: 345COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68405EC1A
__std_exception_destroy.VCRUNTIME140 ref: 00007FF68405EC46
__std_exception_destroy.VCRUNTIME140 ref: 00007FF68405EC53
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68405EC8D
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68405F55C

Strings

number overflow parsing ', xrefs: 00007FF68405EB11
array, xrefs: 00007FF68405ED4A

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$__std_exception_destroy
String ID: array$number overflow parsing '
API String ID: 1346393832-1723591761
Opcode ID: 98ed254b04b90541bc701a8ddf6f2c472d2f71b191df90d8f3d1afd5f8f6e6a0
Instruction ID: b4087a309529ab9c5621d01c4381eb8313635d18e65783de6204957686908122
Opcode Fuzzy Hash: 98ed254b04b90541bc701a8ddf6f2c472d2f71b191df90d8f3d1afd5f8f6e6a0
Instruction Fuzzy Hash: 90E1B662E18B86C5FB00CB78D4853AE2321FF557A4F514739DAAD96BD9EF2CE081C240

Function 00007FF6840451F0 Relevance: 21.5, APIs: 14, Instructions: 475COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140 ref: 00007FF684045413
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ.MSVCP140 ref: 00007FF684045434
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z.MSVCP140 ref: 00007FF684045450
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ.MSVCP140 ref: 00007FF684045481
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ.MSVCP140 ref: 00007FF68404549E

Part of subcall function 00007FF68404B180: ?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z.MSVCP140 ref: 00007FF68404B1BA
Part of subcall function 00007FF68404B180: ?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ.MSVCP140 ref: 00007FF68404B1D7
Part of subcall function 00007FF68404B180: _get_stream_buffer_pointers.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF68404B200
Part of subcall function 00007FF68404B180: ?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ.MSVCP140 ref: 00007FF68404B24B
Part of subcall function 00007FF68404B180: ?always_noconv@codecvt_base@std@@QEBA_NXZ.MSVCP140 ref: 00007FF68404B260

?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z.MSVCP140 ref: 00007FF6840454E8
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z.MSVCP140 ref: 00007FF684045546
__std_fs_code_page.MSVCPRT ref: 00007FF68404555D
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF6840455C0
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF684045906
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68404590D
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF684045914
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68404591B
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF684045922

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: U?$char_traits@$D@std@@@std@@$_invalid_parameter_noinfo_noreturn$?setstate@?$basic_ios@Init@?$basic_streambuf@$??0?$basic_ios@??0?$basic_ostream@??0?$basic_streambuf@?always_noconv@codecvt_base@std@@?getloc@?$basic_streambuf@D@std@@@1@_Fiopen@std@@U_iobuf@@V?$basic_streambuf@Vlocale@2@__std_fs_code_page_get_stream_buffer_pointersmemset
String ID:
API String ID: 2101336812-0
Opcode ID: faf94fbdfb449ddda79333168d06dff32ce52791222c62b8753b6968723f27a6
Instruction ID: 4d2ec91bd82153722d5de8ad8db4fa3d1c8687d1bf30339f1e11a6c9406758ed
Opcode Fuzzy Hash: faf94fbdfb449ddda79333168d06dff32ce52791222c62b8753b6968723f27a6
Instruction Fuzzy Hash: B4226C62A08B81D5EB20DB25E4943AE7761FF55BC8F44803ADB8D87A99EF3CD584C740

Function 00007FF684096900 Relevance: 17.9, APIs: 6, Strings: 4, Instructions: 422stringCOMMON

Download Yara Rule

APIs

_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF684096B7E
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF684096B86
strtol.API-MS-WIN-CRT-CONVERT-L1-1-0 ref: 00007FF684096B9C
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF684096BA5
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF684096BAD
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF684096BB7

Strings

GMT, xrefs: 00007FF684096A77
%02d:%02d:%02d%n, xrefs: 00007FF684096B29
%31[ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz], xrefs: 00007FF6840969BE
%02d:%02d%n, xrefs: 00007FF684096B5D

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: _errno$strtol
String ID: %02d:%02d%n$%02d:%02d:%02d%n$%31[ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz]$GMT
API String ID: 3596500743-988243589
Opcode ID: 72400ff02ed9287da14a9992ffc26fcc463c6bd8c44a9ec4a3cdfe68a5293e8a
Instruction ID: 9f66f5aa6fdecada90f3723a287959dcb697532cc1219caf806aa33dbedd5812
Opcode Fuzzy Hash: 72400ff02ed9287da14a9992ffc26fcc463c6bd8c44a9ec4a3cdfe68a5293e8a
Instruction Fuzzy Hash: A7F1B272F18612CAEB248B6894901BE3BA1BF44758F50463EDE1E97BD4DE3DA815C740

Function 00007FF684069790 Relevance: 16.1, APIs: 1, Strings: 8, Instructions: 334COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6840599A0: memcmp.VCRUNTIME140(?,?,?,?,?,?,?,00000000,?,?,00000000,?,?,00007FF684069718), ref: 00007FF684059A6C
Part of subcall function 00007FF6840599A0: memcmp.VCRUNTIME140(?,?,?,?,?,?,?,00000000,?,?,00000000,?,?,00007FF684069718), ref: 00007FF684059AE3

Part of subcall function 00007FF6840599A0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,00000000,?), ref: 00007FF684059BC9

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF684069C1E

Strings

lastlogin, xrefs: 00007FF6840698D4
createdate, xrefs: 00007FF68406989A
expiry, xrefs: 00007FF684069B22
username, xrefs: 00007FF6840697C4
subscription, xrefs: 00007FF684069A3C
none, xrefs: 00007FF68406984D
hwid, xrefs: 00007FF68406983A, 00007FF68406985C
subscriptions, xrefs: 00007FF684069911, 00007FF68406998D, 00007FF684069A73

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturnmemcmp
String ID: createdate$expiry$hwid$lastlogin$none$subscription$subscriptions$username
API String ID: 2972922734-284943577
Opcode ID: 5c880aadb0b619f8d7de5b6c67153ca0cfa0b0a2073b7a5d697aff6e227cb252
Instruction ID: 3e025622d43b3220bd64731c9d7d5d0552f1a11fbd3ec8e29910bdc878e92bf7
Opcode Fuzzy Hash: 5c880aadb0b619f8d7de5b6c67153ca0cfa0b0a2073b7a5d697aff6e227cb252
Instruction Fuzzy Hash: F7E1AF62B08B86C5FB40DBA5D4942AE2761FF85B88F45903ADF0E97B95DE3CE584C340

Function 00007FF684062270 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 289COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF68406BD20: memcpy.VCRUNTIME140 ref: 00007FF68406BE84

memcpy.VCRUNTIME140 ref: 00007FF68406234B
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF6840624BD
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68406250F
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF684062560
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68406259F
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF6840625F0
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68406262F

Part of subcall function 00007FF684041ED0: __std_exception_copy.VCRUNTIME140 ref: 00007FF684041F0E

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF6840626AB

Strings

parse error, xrefs: 00007FF684062341, 00007FF684062361

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$memcpy$__std_exception_copy
String ID: parse error
API String ID: 2484256320-316136553
Opcode ID: b87fcc5483710aa69e514534341ea000fb09fc27b96a39b1a25eb92b4de4e57d
Instruction ID: 778a0c3acd6d947ed84a5c6ecca58f1c5810ce9f31136da6c08b0359e3ceefb1
Opcode Fuzzy Hash: b87fcc5483710aa69e514534341ea000fb09fc27b96a39b1a25eb92b4de4e57d
Instruction Fuzzy Hash: F9D1A362E18B86C5EB00DB29D48436E6721FF957A4F509239EB9D42AE5EF7CE1C4C340

Function 00007FF684080080 Relevance: 14.3, Strings: 11, Instructions: 540COMMON

Download Yara Rule

Strings

Connection #%ld is still name resolving, can't reuse, xrefs: 00007FF6840802C1
Multiplexed connection found!, xrefs: 00007FF6840808F1
can multiplex, xrefs: 00007FF684080182
Found bundle for host %s: %p [%s], xrefs: 00007FF684080199
Connection #%ld isn't open enough, can't reuse, xrefs: 00007FF6840802E6
Can not multiplex, even if we wanted to!, xrefs: 00007FF68408023A
Found pending candidate for reuse and CURLOPT_PIPEWAIT is set, xrefs: 00007FF68408094A
serially, xrefs: 00007FF68408018E
Could multiplex, but not asked to!, xrefs: 00007FF68408021C
Server doesn't support multiplex yet, wait, xrefs: 00007FF6840801CB
Server doesn't support multiplex (yet), xrefs: 00007FF6840801EF

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: Can not multiplex, even if we wanted to!$Connection #%ld is still name resolving, can't reuse$Connection #%ld isn't open enough, can't reuse$Could multiplex, but not asked to!$Found bundle for host %s: %p [%s]$Found pending candidate for reuse and CURLOPT_PIPEWAIT is set$Multiplexed connection found!$Server doesn't support multiplex (yet)$Server doesn't support multiplex yet, wait$can multiplex$serially
API String ID: 0-2774518510
Opcode ID: c3e3296d5bbfdbcce363272e0e00416d1a965117e0dcfd801782f59e1a2384d6
Instruction ID: 5623f718eba5ce56206437ed50b81440dfe3b38ae1bfde04f7465b1a1a00fab5
Opcode Fuzzy Hash: c3e3296d5bbfdbcce363272e0e00416d1a965117e0dcfd801782f59e1a2384d6
Instruction Fuzzy Hash: CB42A462A4D7C6C5FBA98B258A903BB37A1FF41748F29503DDE9C87285EF2CA454C710

Function 00007FF68409B040 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 223COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,0000021C,-00000008,00000000,?,?,00007FF68409B038,?,?,?,?,?,?,00007FF6840B213E), ref: 00007FF68409B0B6
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,0000021C,-00000008,00000000,?,?,00007FF68409B038,?,?,?,?,?,?,00007FF6840B213E), ref: 00007FF68409B21D
_strdup.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF68409B37C

Strings

%c%c%c%c, xrefs: 00007FF68409B173
%c%c==, xrefs: 00007FF68409B1E3
%c%c%c=, xrefs: 00007FF68409B1B1

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: _strdupfreemalloc
String ID: %c%c%c%c$%c%c%c=$%c%c==
API String ID: 3985033223-3943651191
Opcode ID: ce3e6775d5b30c4b997b990028edb384fe806bcb0970eaaeb858b6b548a362ba
Instruction ID: 18a7bdf2c6f98d6001ff734efd76b50e476b17bace079859639e128e85f47d4d
Opcode Fuzzy Hash: ce3e6775d5b30c4b997b990028edb384fe806bcb0970eaaeb858b6b548a362ba
Instruction Fuzzy Hash: 4091C032A08691C5E765CB25A4903BF6BA0FF95BA4F084239EAAD877D6DF3DD441C700

Function 00007FF684094020 Relevance: 10.1, Strings: 8, Instructions: 72COMMON

Download Yara Rule

Strings

%5I64d, xrefs: 00007FF684094035
%4I64dP, xrefs: 00007FF68409413D
%4I64dk, xrefs: 00007FF68409404E
%4I64dM, xrefs: 00007FF6840940BC
%2I64d.%0I64dM, xrefs: 00007FF684094069
%4I64dT, xrefs: 00007FF684094130
%2I64d.%0I64dG, xrefs: 00007FF6840940DA
%4I64dG, xrefs: 00007FF684094114

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: %2I64d.%0I64dG$%2I64d.%0I64dM$%4I64dG$%4I64dM$%4I64dP$%4I64dT$%4I64dk$%5I64d
API String ID: 0-2102732564
Opcode ID: 479d00788da9091a300ff4074d7bc50adc260afac58e1194ab39cc53ea9b2d64
Instruction ID: 61f0b88141291cb69b0cc335c3e0a43059e305eebc68c4da43f796ab85b0a6dd
Opcode Fuzzy Hash: 479d00788da9091a300ff4074d7bc50adc260afac58e1194ab39cc53ea9b2d64
Instruction Fuzzy Hash: 44210441E2EA5AD3FE18CB95A4807F60220BFD5780EC4053AEC0E8B3E2DF7E6181D245

Function 00007FF684064150 Relevance: 9.6, APIs: 3, Strings: 2, Instructions: 895COMMON

Download Yara Rule

Strings

Y, xrefs: 00007FF68406480F
Y, xrefs: 00007FF684064993

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: Y$Y
API String ID: 0-3924652902
Opcode ID: 1e785dc04570bf0f524e7cc1988650e733e425a59f59484664bccae77547b54b
Instruction ID: 5459d6434773a03ecee6ccf170bcfc3b1039426330ed6a9c55bc25e8823b2da7
Opcode Fuzzy Hash: 1e785dc04570bf0f524e7cc1988650e733e425a59f59484664bccae77547b54b
Instruction Fuzzy Hash: EE92B022A08B81C5EB10CF35E4802AE7BB1FB55B88F54412ADF9E5B79ADF38D594C340

Function 00007FF6840BF348 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 42COMMONLIBRARYCODE

Download Yara Rule

APIs

memset.VCRUNTIME140(?,?,?,00007FF684041C18), ref: 00007FF6840BF35E
GetLastError.KERNEL32 ref: 00007FF6840BF3A9
IsDebuggerPresent.KERNEL32 ref: 00007FF6840BF3C1
OutputDebugStringW.KERNEL32 ref: 00007FF6840BF3D2

Strings

ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00007FF6840BF3CB

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: DebugDebuggerErrorLastOutputPresentStringmemset
String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
API String ID: 1848478996-631824599
Opcode ID: c4720ea0faff2c3ad2b7a4248604e79ae81bd3bbb61e77a98d3bd963d610a5f2
Instruction ID: 40cae120e47105e9ab94211e6ed5cb4dee496ee01d1571cab9cf10ee66fd6b99
Opcode Fuzzy Hash: c4720ea0faff2c3ad2b7a4248604e79ae81bd3bbb61e77a98d3bd963d610a5f2
Instruction Fuzzy Hash: 3E113632A14B82E6E7449B22EA843BA32A4FF44745F504139CA4DC3A90EF7CE4B8C754

Function 00007FF684074690 Relevance: 8.2, Strings: 6, Instructions: 693COMMON

Download Yara Rule

Strings

0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ, xrefs: 00007FF684074BAB, 00007FF684074C16
%ld, xrefs: 00007FF6840749A0
(nil), xrefs: 00007FF684074EF6
.%ld, xrefs: 00007FF6840749F9
(nil), xrefs: 00007FF684074E74
0123456789abcdefghijklmnopqrstuvwxyz, xrefs: 00007FF6840746D3, 00007FF684074BA4, 00007FF684074C0B

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: %ld$(nil)$(nil)$.%ld$0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ$0123456789abcdefghijklmnopqrstuvwxyz
API String ID: 0-1379995092
Opcode ID: d742af27ee736937a59f9f7f0b8d35486ea45dd9e285fd028551c43c1d8f324f
Instruction ID: 9ad3f2d459438b6d395ced17ce6ccca1fe8e9bd539beccbed10cac16c4dfc53b
Opcode Fuzzy Hash: d742af27ee736937a59f9f7f0b8d35486ea45dd9e285fd028551c43c1d8f324f
Instruction Fuzzy Hash: 6F421632A1C982C5E7648B5894C47BBA7B1FF41794F504238DE9E8B6D4DF3EE841C602

Function 00007FF6840BF1C4 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON

Download Yara Rule

APIs

GetSystemTimeAsFileTime.KERNEL32 ref: 00007FF6840BF1F0
GetCurrentThreadId.KERNEL32 ref: 00007FF6840BF1FE
GetCurrentProcessId.KERNEL32 ref: 00007FF6840BF20A
QueryPerformanceCounter.KERNEL32 ref: 00007FF6840BF21A

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
String ID:
API String ID: 2933794660-0
Opcode ID: 8fdf3567c3d5f4e36f408bc1a7a4d0f17ceb052be99c59f04403868065454729
Instruction ID: d655e39e68d5ada122e3c5f2d90e2338a28ec7445cb6d0016db236497bff15b4
Opcode Fuzzy Hash: 8fdf3567c3d5f4e36f408bc1a7a4d0f17ceb052be99c59f04403868065454729
Instruction Fuzzy Hash: 8111FA26B14F01CAEB40DF60E8952B933A4FB59758F441E39DE6D86BA8DF78D1A4C340

Function 00007FF6840BDB20 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41windowCOMMON

Download Yara Rule

APIs

GetLocaleInfoEx.KERNEL32(?,?,?,?,?,?,00000000,00007FF684042505), ref: 00007FF6840BDB46
FormatMessageA.KERNEL32 ref: 00007FF6840BDB79

Strings

!x-sys-default-locale, xrefs: 00007FF6840BDB39

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: FormatInfoLocaleMessage
String ID: !x-sys-default-locale
API String ID: 4235545615-2729719199
Opcode ID: 3d98e95189f673a0f4cfba51fd942bb8a7f5240179ccda4a05be1dbd97be5bff
Instruction ID: 5dfe4f268bb50b54bc3a034c87414098aa960e867b7affff5f0289f3063225f1
Opcode Fuzzy Hash: 3d98e95189f673a0f4cfba51fd942bb8a7f5240179ccda4a05be1dbd97be5bff
Instruction Fuzzy Hash: 52018072F08786C2E7658B12B894BABA7A1FF98798F144139DA4D86A98DF3CD504C704

Function 00007FF68404F994 Relevance: 5.2, Strings: 4, Instructions: 199COMMON

Download Yara Rule

Strings

invalid string: surrogate U+D800..U+DBFF must be followed by U+DC00..U+DFFF, xrefs: 00007FF68404FDBF
invalid string: ill-formed UTF-8 byte, xrefs: 00007FF68404FD97
invalid string: surrogate U+DC00..U+DFFF must follow U+D800..U+DBFF, xrefs: 00007FF68404FDC8
invalid string: '\u' must be followed by 4 hex digits, xrefs: 00007FF68404FDD1

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: D@std@@@std@@U?$char_traits@$?clear@?$basic_ios@?sbumpc@?$basic_streambuf@memcpy
String ID: invalid string: '\u' must be followed by 4 hex digits$invalid string: ill-formed UTF-8 byte$invalid string: surrogate U+D800..U+DBFF must be followed by U+DC00..U+DFFF$invalid string: surrogate U+DC00..U+DFFF must follow U+D800..U+DBFF
API String ID: 1895014303-3376828882
Opcode ID: 8477db9e9f04761074366f4fe044181c110fd4d013afe77e0ce4cdafbb92da54
Instruction ID: 7aaf165095eae38d0295d0a0cd976c6442a692672551728d4d510759bf965686
Opcode Fuzzy Hash: 8477db9e9f04761074366f4fe044181c110fd4d013afe77e0ce4cdafbb92da54
Instruction Fuzzy Hash: 35918D72A08A42C5EB20AF28D0D0ABE2752FF65BC8F51463ACA1E877E5DF2DD545C341

Function 00007FF684055F00 Relevance: 1.7, APIs: 1, Instructions: 233COMMON

Download Yara Rule

APIs

?_Xbad_function_call@std@@YAXXZ.MSVCP140 ref: 00007FF684056015

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: Xbad_function_call@std@@
String ID:
API String ID: 1029415015-0
Opcode ID: ff578c628d6c5918acfe3adfe33df946ea465bd19c90e328365adf5575e1aa75
Instruction ID: 9c9ae62473432d70484bcb2497a3c0807c63407da3627ca1ba7151cfa544d43f
Opcode Fuzzy Hash: ff578c628d6c5918acfe3adfe33df946ea465bd19c90e328365adf5575e1aa75
Instruction Fuzzy Hash: 9DA19E22B19BA5C9EB00CB69E4947BE2770FB55B48F55442AEF8EA7796DF38D044C300

Function 00007FF684056240 Relevance: 1.7, APIs: 1, Instructions: 225COMMON

Download Yara Rule

APIs

?_Xbad_function_call@std@@YAXXZ.MSVCP140 ref: 00007FF68405633B

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: Xbad_function_call@std@@
String ID:
API String ID: 1029415015-0
Opcode ID: aa95cc53b22f7db583f3e91b2fb688bf43b7c318c2a12d89d9fefc0e8d688036
Instruction ID: 0f9a1dbead5262a50903b5f409cbe07b1345933cbe1983d95450d94dd3385c0f
Opcode Fuzzy Hash: aa95cc53b22f7db583f3e91b2fb688bf43b7c318c2a12d89d9fefc0e8d688036
Instruction Fuzzy Hash: 6EA19C22A19BA9C9FB00CB69E4C07AD2B70FB55B48F55442AEF8E97795DF39D085C300

Function 00007FF684056570 Relevance: 1.7, APIs: 1, Instructions: 223COMMON

Download Yara Rule

APIs

?_Xbad_function_call@std@@YAXXZ.MSVCP140 ref: 00007FF684056663

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: Xbad_function_call@std@@
String ID:
API String ID: 1029415015-0
Opcode ID: 1ad9aab9b37ec2c9346b61750dc4927d2929cc2d1fc319d0e9ca3f0d38392a61
Instruction ID: 30a4d95fb48b47128a0ecaa3df11590e51653449b47445cc8915883fde6fb4dd
Opcode Fuzzy Hash: 1ad9aab9b37ec2c9346b61750dc4927d2929cc2d1fc319d0e9ca3f0d38392a61
Instruction Fuzzy Hash: C3A19A22A19B99C9EB00CB69D4807BD2B70FB59B48F59842ACF8DA7796DE3DD045C310

Function 00007FF684056890 Relevance: 1.7, APIs: 1, Instructions: 223COMMON

Download Yara Rule

APIs

?_Xbad_function_call@std@@YAXXZ.MSVCP140 ref: 00007FF684056983

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: Xbad_function_call@std@@
String ID:
API String ID: 1029415015-0
Opcode ID: 8cee7ea539c4af0f90a49bd0d81de6d7617e23a05da544f02029c7118a9323bd
Instruction ID: e35f93c6b268584284a23fea7d536c93fa96cd5113656468e9b74c297e6aea2c
Opcode Fuzzy Hash: 8cee7ea539c4af0f90a49bd0d81de6d7617e23a05da544f02029c7118a9323bd
Instruction Fuzzy Hash: 4AA17922A19B99C9FB00CB69D4803AD3B74FB59B48F59842ACF8D97795DE3DD085C310

Function 00007FF684056EE0 Relevance: 1.7, APIs: 1, Instructions: 217COMMON

Download Yara Rule

APIs

?_Xbad_function_call@std@@YAXXZ.MSVCP140 ref: 00007FF684056FBC

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: Xbad_function_call@std@@
String ID:
API String ID: 1029415015-0
Opcode ID: 0fad15648e42e64922eee5b56e805382f0a86b100efd773e667f0b5fbdae740e
Instruction ID: 29f7bc764f80728c0ee3f33ec39e87ab5a243eb798acec6e1704eba045816dc3
Opcode Fuzzy Hash: 0fad15648e42e64922eee5b56e805382f0a86b100efd773e667f0b5fbdae740e
Instruction Fuzzy Hash: E8A1CE22B19B99C9EF01CB69D4803AD3B70FB59B88F59442ADF8D97796DE38D044C310

Function 00007FF684049619 Relevance: 1.5, Strings: 1, Instructions: 246COMMON

Download Yara Rule

Strings

": , xrefs: 00007FF6840496F0, 00007FF6840497DF

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: ":
API String ID: 0-3662656813
Opcode ID: 06b863bd7b43d78e57b9d31b22c1983f71e55e1190f2e4e7b57da1e835a019e1
Instruction ID: 08c4a2b73bbaea76e5d5b659f38af37c73feaa540b0337301d544c3bf9967a3c
Opcode Fuzzy Hash: 06b863bd7b43d78e57b9d31b22c1983f71e55e1190f2e4e7b57da1e835a019e1
Instruction Fuzzy Hash: F5B12876608A85C1EB249F2AD1843AE7BA1FB98FCCF45902ACB4E47764CF39D554C740

Function 00007FF684072D90 Relevance: 1.3, APIs: 1, Instructions: 57memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(?,?,?,00007FF684072843,?,?,?,00007FF684073295), ref: 00007FF684072E7D

Part of subcall function 00007FF6840BE8A0: AcquireSRWLockExclusive.KERNEL32(?,?,?,00007FF684041B83), ref: 00007FF6840BE8B0

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: AcquireExclusiveHeapLockProcess
String ID:
API String ID: 3110430671-0
Opcode ID: 187d17d919ed6098f5e7290977b4f1a4817fe07844f1982a8c29ae4b73324a10
Instruction ID: b85269cccc31875766597b88045f1fe122792b91999323070813441b1273aa1f
Opcode Fuzzy Hash: 187d17d919ed6098f5e7290977b4f1a4817fe07844f1982a8c29ae4b73324a10
Instruction Fuzzy Hash: 3F318264E0DA03C5EB90DB14ECD02BA33A5BF54392F88423DD45DCA2A1EF3CA5A5C751

Function 00007FF6840890F0 Relevance: .5, Instructions: 460COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 098b21ca905ffa259a3da28d89354682a55b82a8093438744bc50f75556066f0
Instruction ID: 560023399c59d6b755e364d96d8ad6413d4a0b8222c69e047d7a7f88fc15ceed
Opcode Fuzzy Hash: 098b21ca905ffa259a3da28d89354682a55b82a8093438744bc50f75556066f0
Instruction Fuzzy Hash: 52F170B2B181A04AD36C8B2EA4696397FE1F3C9B41B08812EE7A7C3785D93CC555DF10

Function 00007FF684041330 Relevance: .4, Instructions: 446COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5570c94ae87bdcfd9120603027afe33e14d56dc39bda16e30eadaf857b01573d
Instruction ID: 42cdb6c242819d886719f05179ab06cf912916dc35331c9dfb622d002503e2c7
Opcode Fuzzy Hash: 5570c94ae87bdcfd9120603027afe33e14d56dc39bda16e30eadaf857b01573d
Instruction Fuzzy Hash: 3C123B62D2EB928AF713973994411A5E714BFB37C5F40D33EED48B1962EF2DA285C204

Function 00007FF684054900 Relevance: .2, Instructions: 199COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: be502c8ead80bebfbfe77d043e568ca3a0a8ce4edc7be230b4086f3fd1946650
Instruction ID: 6f8c5bdc0700f6c5a38cadeed2fd2071194f8117f4b6618e8325481dffe2d2ad
Opcode Fuzzy Hash: be502c8ead80bebfbfe77d043e568ca3a0a8ce4edc7be230b4086f3fd1946650
Instruction Fuzzy Hash: 22610772B19B4482EB10CB29E4853BA6361FB597D4F169239DE5D9BB88EF3CE541C300

Function 00007FF684044480 Relevance: .2, Instructions: 156COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 411132b9b5f4139ac38d7da8d79306580da653bce6b27a9533105b3bb8729670
Instruction ID: 47880cebe94db6433b2de04ceaf96231a01dc69d3e1ec9ef4d93d43aba0157e8
Opcode Fuzzy Hash: 411132b9b5f4139ac38d7da8d79306580da653bce6b27a9533105b3bb8729670
Instruction Fuzzy Hash: A051E6A3B0568443DB248B49FC42796F7A5FB987C5F00A12AEE8D57B59EB3CD581C700

Function 00007FF6840844D0 Relevance: 52.7, APIs: 34, Strings: 1, Instructions: 215COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF68408C3F0: QueryPerformanceCounter.KERNEL32(?,?,00000000,00007FF6840752CF), ref: 00007FF68408C407

free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF68408465D
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF684084671
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF684084685
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF684084699
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6840846AD
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6840846C1
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6840846D5
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6840846E9
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6840846FD
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF684084711
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF684084725
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF684084739
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF68408474D
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF684084761
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF684084775
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF684084789

Part of subcall function 00007FF68408DB20: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FF684080EFF), ref: 00007FF68408DB5E

free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF68408479D
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6840847B1
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6840847C5
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6840847D9
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6840847ED
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF684084801
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF684084815
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF684084829
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF68408483D
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF684084851
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF684084865
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF684084879
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF68408488D
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6840848A1

Part of subcall function 00007FF684082320: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FF6840822A8,?,?,?,00007FF684080FEC), ref: 00007FF68408233B
Part of subcall function 00007FF684082320: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FF6840822A8,?,?,?,00007FF684080FEC), ref: 00007FF684082369

free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6840848CB

Part of subcall function 00007FF68407EAD0: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FF6840822D6,?,?,?,00007FF684080FEC), ref: 00007FF68407EAE1
Part of subcall function 00007FF68407EAD0: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FF6840822D6,?,?,?,00007FF684080FEC), ref: 00007FF68407EAF1
Part of subcall function 00007FF68407EAD0: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FF6840822D6,?,?,?,00007FF684080FEC), ref: 00007FF68407EAFF
Part of subcall function 00007FF68407EAD0: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FF6840822D6,?,?,?,00007FF684080FEC), ref: 00007FF68407EB0D
Part of subcall function 00007FF68407EAD0: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FF6840822D6,?,?,?,00007FF684080FEC), ref: 00007FF68407EB1B
Part of subcall function 00007FF68407EAD0: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FF6840822D6,?,?,?,00007FF684080FEC), ref: 00007FF68407EB29
Part of subcall function 00007FF68407EAD0: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FF6840822D6,?,?,?,00007FF684080FEC), ref: 00007FF68407EB37
Part of subcall function 00007FF68407EAD0: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FF6840822D6,?,?,?,00007FF684080FEC), ref: 00007FF68407EB45

free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6840848F7
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF68408490B
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF68408491B

Strings

Closing connection %ld, xrefs: 00007FF6840845C9

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: free$CounterPerformanceQuery
String ID: Closing connection %ld
API String ID: 3490100708-2599090834
Opcode ID: e80a5c45c2fbc61c03caec9667a15343ead06bc13587425625102b30d7791c5a
Instruction ID: bd4d2dfd5e8ccf00ca272ce3f100c57597d3109619a82ffb4b96f607f231864f
Opcode Fuzzy Hash: e80a5c45c2fbc61c03caec9667a15343ead06bc13587425625102b30d7791c5a
Instruction Fuzzy Hash: 81C1D935908B91C2E740DF21E4942AE33A4FF89FA9F08413ADE5D8B76ACF789195C711

Function 00007FF684082030 Relevance: 42.6, APIs: 34, Instructions: 121COMMON

Download Yara Rule

APIs

free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF684080FEC), ref: 00007FF68408204D
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF684080FEC), ref: 00007FF684082063
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF684080FEC), ref: 00007FF684082077
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF684080FEC), ref: 00007FF68408208B
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF684080FEC), ref: 00007FF68408209F
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF684080FEC), ref: 00007FF6840820B3
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF684080FEC), ref: 00007FF6840820C7
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF684080FEC), ref: 00007FF6840820DB
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF684080FEC), ref: 00007FF6840820EF
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF684080FEC), ref: 00007FF684082103
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF684080FEC), ref: 00007FF684082117
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF684080FEC), ref: 00007FF68408212B
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF684080FEC), ref: 00007FF68408213F
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF684080FEC), ref: 00007FF684082153
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF684080FEC), ref: 00007FF684082167
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF684080FEC), ref: 00007FF68408217B
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF684080FEC), ref: 00007FF68408218F
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF684080FEC), ref: 00007FF6840821A3
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF684080FEC), ref: 00007FF6840821B7
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF684080FEC), ref: 00007FF6840821CB
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF684080FEC), ref: 00007FF6840821DF
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF684080FEC), ref: 00007FF6840821F3
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF684080FEC), ref: 00007FF684082207
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF684080FEC), ref: 00007FF68408221B
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF684080FEC), ref: 00007FF68408222F
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF684080FEC), ref: 00007FF684082243
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF684080FEC), ref: 00007FF684082257
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF684080FEC), ref: 00007FF68408226B
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF684080FEC), ref: 00007FF68408227F
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF684080FEC), ref: 00007FF684082293

Part of subcall function 00007FF684082320: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FF6840822A8,?,?,?,00007FF684080FEC), ref: 00007FF68408233B
Part of subcall function 00007FF684082320: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FF6840822A8,?,?,?,00007FF684080FEC), ref: 00007FF684082369

free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF684080FEC), ref: 00007FF6840822BD

Part of subcall function 00007FF68407EAD0: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FF6840822D6,?,?,?,00007FF684080FEC), ref: 00007FF68407EAE1
Part of subcall function 00007FF68407EAD0: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FF6840822D6,?,?,?,00007FF684080FEC), ref: 00007FF68407EAF1
Part of subcall function 00007FF68407EAD0: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FF6840822D6,?,?,?,00007FF684080FEC), ref: 00007FF68407EAFF
Part of subcall function 00007FF68407EAD0: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FF6840822D6,?,?,?,00007FF684080FEC), ref: 00007FF68407EB0D
Part of subcall function 00007FF68407EAD0: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FF6840822D6,?,?,?,00007FF684080FEC), ref: 00007FF68407EB1B
Part of subcall function 00007FF68407EAD0: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FF6840822D6,?,?,?,00007FF684080FEC), ref: 00007FF68407EB29
Part of subcall function 00007FF68407EAD0: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FF6840822D6,?,?,?,00007FF684080FEC), ref: 00007FF68407EB37
Part of subcall function 00007FF68407EAD0: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FF6840822D6,?,?,?,00007FF684080FEC), ref: 00007FF68407EB45

free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF684080FEC), ref: 00007FF6840822E9
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF684080FEC), ref: 00007FF6840822FD
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF684080FEC), ref: 00007FF68408230D

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: free
String ID:
API String ID: 1294909896-0
Opcode ID: 612b7994febc0894b6a3b54fb1c2012ff0fd11eee57b91fa269ae5f3b08af1db
Instruction ID: 88567473c14a3fbbad2119e29c1f0026e8b93f9eb2c91f7e07692439fbd34786
Opcode Fuzzy Hash: 612b7994febc0894b6a3b54fb1c2012ff0fd11eee57b91fa269ae5f3b08af1db
Instruction Fuzzy Hash: B5712B39908B91C1D781DF61E5D42BD33E4FF89F6AF08013ADE4D8A625CF7891A9C621

Function 00007FF6840B14E0 Relevance: 37.1, APIs: 10, Strings: 11, Instructions: 312networkCOMMON

Download Yara Rule

APIs

memset.VCRUNTIME140 ref: 00007FF6840B15C9
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6840B1610
calloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6840B1866
_strdup.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF6840B187D
calloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6840B1898
htons.WS2_32 ref: 00007FF6840B18F7

Strings

DOH AAAA: , xrefs: 00007FF6840B1712
Could not DOH-resolve: %s, xrefs: 00007FF6840B1536
bad error code, xrefs: 00007FF6840B1628
TTL: %u seconds, xrefs: 00007FF6840B16A5
DOH: %s type %s for %s, xrefs: 00007FF6840B1644
AAAA, xrefs: 00007FF6840B1636
DOH A: %u.%u.%u.%u, xrefs: 00007FF6840B16DE
CNAME: %s, xrefs: 00007FF6840B17F3
%s, xrefs: 00007FF6840B17B3
DOH Host name: %s, xrefs: 00007FF6840B1691
%s%02x%02x, xrefs: 00007FF6840B175E

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: calloc$_strdupfreehtonsmemset
String ID: %s$%s%02x%02x$AAAA$CNAME: %s$Could not DOH-resolve: %s$DOH A: %u.%u.%u.%u$DOH AAAA: $DOH Host name: %s$DOH: %s type %s for %s$TTL: %u seconds$bad error code
API String ID: 130798683-4053692942
Opcode ID: 2376efacac7a7c13eed5fd21e3b9ea0609f8bc9267aa0cb42899edf89a9a6fb1
Instruction ID: d3e8b30532c378f88af49f83f49ec0d9f190ea8fea4e81e1c4836cb1c515ab41
Opcode Fuzzy Hash: 2376efacac7a7c13eed5fd21e3b9ea0609f8bc9267aa0cb42899edf89a9a6fb1
Instruction Fuzzy Hash: 8FE18F32A08696C6EB608F21D4843AF77A4FF49B89F44413ADA8D8B759DF3CE544C740

Function 00007FF68407B880 Relevance: 34.9, APIs: 6, Strings: 17, Instructions: 352COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6840751D0: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FF68407F7B0,?,?,?,?,?,?,?,?,?,?,?,00007FF684070081), ref: 00007FF6840751F7
Part of subcall function 00007FF6840751D0: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FF68407F7B0,?,?,?,?,?,?,?,?,?,?,?,00007FF684070081), ref: 00007FF684075203

free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF68407BB14
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF68407BB1C
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF68407BB43
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF68407BB4C
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF68407BBD0
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF68407BBD9

Strings

8bit, xrefs: 00007FF68407BD5A
multipart/, xrefs: 00007FF68407BAB7
; filename=", xrefs: 00007FF68407BB61
Content-Type: %s%s%s, xrefs: 00007FF68407BBFD
application/octet-stream, xrefs: 00007FF68407B9A6
; name=", xrefs: 00007FF68407BB6F
text/plain, xrefs: 00007FF68407B9EC
; boundary=, xrefs: 00007FF68407BBF3
form-data, xrefs: 00007FF68407BD86
Content-Type, xrefs: 00007FF68407B908
Content-Transfer-Encoding: %s, xrefs: 00007FF68407BD61
Content-Transfer-Encoding, xrefs: 00007FF68407BC41
multipart/mixed, xrefs: 00007FF68407B975
Content-Disposition, xrefs: 00007FF68407BA41
attachment, xrefs: 00007FF68407BACB, 00007FF68407BAD2
multipart/form-data, xrefs: 00007FF68407BCD7
Content-Disposition: %s%s%s%s%s%s%s, xrefs: 00007FF68407BB99

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: free
String ID: 8bit$; boundary=$; filename="$; name="$Content-Disposition$Content-Disposition: %s%s%s%s%s%s%s$Content-Transfer-Encoding$Content-Transfer-Encoding: %s$Content-Type$Content-Type: %s%s%s$application/octet-stream$attachment$form-data$multipart/$multipart/form-data$multipart/mixed$text/plain
API String ID: 1294909896-1595554923
Opcode ID: b682de3eece8feb867e7239ccd0f3352b4ab0f2defb2e658447cb5f826a01fe9
Instruction ID: ec96ed388bc5fd79302c7cab6190273d3108d5c27d77e8d70e4e0cf55e0872f8
Opcode Fuzzy Hash: b682de3eece8feb867e7239ccd0f3352b4ab0f2defb2e658447cb5f826a01fe9
Instruction Fuzzy Hash: 76E17E22A0C796D6EA659B1195802BB77F0FF64B88F484439CE4DC7691EF3DE954C302

Function 00007FF6840930C0 Relevance: 33.2, APIs: 6, Strings: 16, Instructions: 206COMMON

Download Yara Rule

APIs

free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF684093237

Strings

NTLM, xrefs: 00007FF68409311C
Negotiate, xrefs: 00007FF6840930FA
Proxy-, xrefs: 00007FF684093346
CONNECT, xrefs: 00007FF6840930CE
Authorization:, xrefs: 00007FF684093211
Authorization, xrefs: 00007FF68409327A
Proxy, xrefs: 00007FF6840933E4
Bearer, xrefs: 00007FF684093230
%sAuthorization: Basic %s, xrefs: 00007FF684093350
Server, xrefs: 00007FF6840933CC
Authorization: Bearer %s, xrefs: 00007FF684093240
Proxy-authorization, xrefs: 00007FF6840931A3
Basic, xrefs: 00007FF684093397
Digest, xrefs: 00007FF68409313E
%s:%s, xrefs: 00007FF6840932C9
%s auth using %s with user '%s', xrefs: 00007FF6840933D6

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: free
String ID: %s auth using %s with user '%s'$%s:%s$%sAuthorization: Basic %s$Authorization$Authorization:$Authorization: Bearer %s$Basic$Bearer$CONNECT$Digest$NTLM$Negotiate$Proxy$Proxy-$Proxy-authorization$Server
API String ID: 1294909896-115817326
Opcode ID: e29f94e91b14c516705d7abe3b68fd551f7be7e6036667c3f6e228bc5bd66962
Instruction ID: 72d7d1da522ded5761a6099f9cf97cb5b8d2cfb9493db2f46aa087a69501dab6
Opcode Fuzzy Hash: e29f94e91b14c516705d7abe3b68fd551f7be7e6036667c3f6e228bc5bd66962
Instruction Fuzzy Hash: 83916022E0CA92C1FA658B65988437B6BA0FF48794F15403BDA4D876A5DE3EE851CB10

Function 00007FF6840794B0 Relevance: 31.8, APIs: 21, Instructions: 269stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF68407A400: _time64.API-MS-WIN-CRT-TIME-L1-1-0(00000000,?,?,00007FF684079E7E,00000000,?,?,00000000,00000000,?,00000000,00007FF684079D7F,?,?,00000000,00007FF684080B39), ref: 00007FF68407A423
Part of subcall function 00007FF68407A400: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,00000000,00000000,?,00000000,00007FF684079D7F,?,?,00000000,00007FF684080B39,?,?,00000000,00007FF684081075), ref: 00007FF68407A479
Part of subcall function 00007FF68407A400: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,00000000,00000000,?,00000000,00007FF684079D7F,?,?,00000000,00007FF684080B39,?,?,00000000,00007FF684081075), ref: 00007FF68407A483
Part of subcall function 00007FF68407A400: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,00000000,00000000,?,00000000,00007FF684079D7F,?,?,00000000,00007FF684080B39,?,?,00000000,00007FF684081075), ref: 00007FF68407A48D
Part of subcall function 00007FF68407A400: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,00000000,00000000,?,00000000,00007FF684079D7F,?,?,00000000,00007FF684080B39,?,?,00000000,00007FF684081075), ref: 00007FF68407A497
Part of subcall function 00007FF68407A400: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,00000000,00000000,?,00000000,00007FF684079D7F,?,?,00000000,00007FF684080B39,?,?,00000000,00007FF684081075), ref: 00007FF68407A4A1
Part of subcall function 00007FF68407A400: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,00000000,00000000,?,00000000,00007FF684079D7F,?,?,00000000,00007FF684080B39,?,?,00000000,00007FF684081075), ref: 00007FF68407A4AB
Part of subcall function 00007FF68407A400: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,00000000,00000000,?,00000000,00007FF684079D7F,?,?,00000000,00007FF684080B39,?,?,00000000,00007FF684081075), ref: 00007FF68407A4B5
Part of subcall function 00007FF68407A400: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,00000000,00000000,?,00000000,00007FF684079D7F,?,?,00000000,00007FF684080B39,?,?,00000000,00007FF684081075), ref: 00007FF68407A4BF
Part of subcall function 00007FF68407A400: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,00000000,00000000,?,00000000,00007FF684079D7F,?,?,00000000,00007FF684080B39,?,?,00000000,00007FF684081075), ref: 00007FF68407A4C8

_strdup.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF6840795A7
strchr.VCRUNTIME140 ref: 00007FF6840795C1
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6840795EB
_strdup.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF6840795F8
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF684079622
strncmp.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF684079636
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF684079643
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF68407965C
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF68407966A
calloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF684079678
_strdup.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF684079693
_strdup.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF6840796AF
_strdup.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF6840796CB
_strdup.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF6840796E7
_strdup.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF684079703
_strdup.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF68407971F
_strdup.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF68407973B
_strdup.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF684079753
malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6840797EB
qsort.API-MS-WIN-CRT-UTILITY-L1-1-0 ref: 00007FF684079822
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF684079863

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: free$_strdup$_time64callocmallocqsortstrchrstrncmp
String ID:
API String ID: 1087521380-0
Opcode ID: 9b21f2effd09ba26ff34bf38ffa85f2f4d8dc2c75ae2ef68b790464c7baad98f
Instruction ID: b56fe2d6ebeccbbb13b499d66e89d0e3ce5648e165a195c213d53c3da843a7ba
Opcode Fuzzy Hash: 9b21f2effd09ba26ff34bf38ffa85f2f4d8dc2c75ae2ef68b790464c7baad98f
Instruction Fuzzy Hash: A0B1AC25A0EB92C1FB5A8FA595D067A27B0BF05BA8F080239CE5D87791DF3DE494C311

Function 00007FF68406B710 Relevance: 30.1, APIs: 16, Strings: 1, Instructions: 388COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140 ref: 00007FF68406B767
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68406B88D
__std_exception_destroy.VCRUNTIME140 ref: 00007FF68406B8BB
__std_exception_destroy.VCRUNTIME140 ref: 00007FF68406B8C8
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68406B901
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68406B953
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68406BAD7
__std_exception_destroy.VCRUNTIME140 ref: 00007FF68406BB04
__std_exception_destroy.VCRUNTIME140 ref: 00007FF68406BB11
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68406BB4B
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68406BB9E
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68406BC87
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ.MSVCP140 ref: 00007FF68406BCA4
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ.MSVCP140 ref: 00007FF68406BCB5
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z.MSVCP140 ref: 00007FF68406BCD8
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ.MSVCP140 ref: 00007FF68406BCE6

Part of subcall function 00007FF684065A60: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF684065C05

Part of subcall function 00007FF684062270: memcpy.VCRUNTIME140 ref: 00007FF68406234B

Part of subcall function 00007FF684066590: memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,00000000,?,00000001,00007FF684065CC1), ref: 00007FF68406666F

Strings

value, xrefs: 00007FF68406B7E6, 00007FF68406BA34

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$D@std@@@std@@U?$char_traits@__std_exception_destroy$?gptr@?$basic_streambuf@memcpy$?eback@?$basic_streambuf@?gbump@?$basic_streambuf@memset
String ID: value
API String ID: 1588778072-494360628
Opcode ID: 67147f57c6dc1e2c1145923f1f563ad28232d93d3e3abbaa53a1b4a983ca43a6
Instruction ID: 6f087846bce2d597e8abd298420d6f34df5092393da47d09e4d190b0d384d1c1
Opcode Fuzzy Hash: 67147f57c6dc1e2c1145923f1f563ad28232d93d3e3abbaa53a1b4a983ca43a6
Instruction Fuzzy Hash: 1E02A362A18781C5EB109B68E4803AE7760FF957A4F105339EBAD86ADADF6CD1C5C700

Function 00007FF68408D210 Relevance: 30.1, APIs: 7, Strings: 10, Instructions: 312stringCOMMON

Download Yara Rule

APIs

tolower.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF68408D305
strchr.VCRUNTIME140 ref: 00007FF68408D3A5
memcpy.VCRUNTIME140 ref: 00007FF68408D3D5
strtoul.API-MS-WIN-CRT-CONVERT-L1-1-0 ref: 00007FF68408D401
strchr.VCRUNTIME140 ref: 00007FF68408D44C
memcpy.VCRUNTIME140 ref: 00007FF68408D4AB

Part of subcall function 00007FF68407A5B0: __stdio_common_vsscanf.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF68407A5F4

tolower.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF68408D5C4

Strings

:%u, xrefs: 00007FF68408D319, 00007FF68408D5D8
Couldn't parse CURLOPT_RESOLVE removal entry '%s'!, xrefs: 00007FF68408D2A7
Added %s:%d:%s to DNS cache, xrefs: 00007FF68408D6BD
@, xrefs: 00007FF68408D496
Couldn't parse CURLOPT_RESOLVE entry '%s'!, xrefs: 00007FF68408D53A
%255[^:]:%d, xrefs: 00007FF68408D291
Resolve address '%s' found illegal!, xrefs: 00007FF68408D52B
RESOLVE %s:%d is - old addresses discarded!, xrefs: 00007FF68408D64B
RESOLVE %s:%d is wildcard, enabling wildcard checks, xrefs: 00007FF68408D6EE
], xrefs: 00007FF68408D485

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: memcpystrchrtolower$__stdio_common_vsscanfstrtoul
String ID: %255[^:]:%d$:%u$@$Added %s:%d:%s to DNS cache$Couldn't parse CURLOPT_RESOLVE entry '%s'!$Couldn't parse CURLOPT_RESOLVE removal entry '%s'!$RESOLVE %s:%d is - old addresses discarded!$RESOLVE %s:%d is wildcard, enabling wildcard checks$Resolve address '%s' found illegal!$]
API String ID: 1094891576-1753329177
Opcode ID: 7692ac17e6a48b90e756d37d904991859b81e12b7338eecaa5e9eeef7e4d781e
Instruction ID: 47abf3f73bd710bbb758c6204f8a7d2d92b7a486dbbcd42d6fb16811a24aab04
Opcode Fuzzy Hash: 7692ac17e6a48b90e756d37d904991859b81e12b7338eecaa5e9eeef7e4d781e
Instruction Fuzzy Hash: 97D1AE22A5968AC5FB219B21D9807FE6760FF41B98F44523ADA5D87AC6DF3CE505C300

Function 00007FF684079E30 Relevance: 28.2, APIs: 12, Strings: 4, Instructions: 154COMMON

Download Yara Rule

APIs

__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,00000000,00000000,?,00000000,00007FF684079D7F,?,?,00000000,00007FF684080B39,?,?,00000000,00007FF684081075), ref: 00007FF684079E93
fputs.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000000,00000000,?,00000000,00007FF684079D7F,?,?,00000000,00007FF684080B39,?,?,00000000,00007FF684081075), ref: 00007FF684079F0D
calloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,00000000,00000000,?,00000000,00007FF684079D7F,?,?,00000000,00007FF684080B39,?,?,00000000,00007FF684081075), ref: 00007FF684079F31
qsort.API-MS-WIN-CRT-UTILITY-L1-1-0(?,00000000,00000000,?,00000000,00007FF684079D7F,?,?,00000000,00007FF684080B39,?,?,00000000,00007FF684081075), ref: 00007FF684079F80
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,00000000,00000000,?,00000000,00007FF684079D7F,?,?,00000000,00007FF684080B39,?,?,00000000,00007FF684081075), ref: 00007FF684079FBA
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,00000000,00000000,?,00000000,00007FF684079D7F,?,?,00000000,00007FF684080B39,?,?,00000000,00007FF684081075), ref: 00007FF684079FCC
fclose.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000000,00000000,?,00000000,00007FF684079D7F,?,?,00000000,00007FF684080B39,?,?,00000000,00007FF684081075), ref: 00007FF684079FDF
_unlink.API-MS-WIN-CRT-FILESYSTEM-L1-1-0(?,00000000,00000000,?,00000000,00007FF684079D7F,?,?,00000000,00007FF684080B39,?,?,00000000,00007FF684081075), ref: 00007FF684079FFA
fclose.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000000,00000000,?,00000000,00007FF684079D7F,?,?,00000000,00007FF684080B39,?,?,00000000,00007FF684081075), ref: 00007FF68407A010
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,00000000,00000000,?,00000000,00007FF684079D7F,?,?,00000000,00007FF684080B39,?,?,00000000,00007FF684081075), ref: 00007FF68407A019

Strings

# Netscape HTTP Cookie File# https://curl.haxx.se/docs/http-cookies.html# This file was generated by libcurl! Edit at your own risk., xrefs: 00007FF684079F06
%s, xrefs: 00007FF684079FAB
%s.%s.tmp, xrefs: 00007FF684079ECA
## Fatal libcurl error, xrefs: 00007FF68407A047

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: free$fclose$__acrt_iob_func_unlinkcallocfputsqsort
String ID: ## Fatal libcurl error$# Netscape HTTP Cookie File# https://curl.haxx.se/docs/http-cookies.html# This file was generated by libcurl! Edit at your own risk.$%s$%s.%s.tmp
API String ID: 1368378007-4087121635
Opcode ID: e3b2afd92ea6f81b05b8ba3760086f1a6a76aaf88807d070b20613fb0673ce67
Instruction ID: bf9c3bbb0b7ab5bbd8211cb0d530b10f1026ba3e1787e030785034619a6f1308
Opcode Fuzzy Hash: e3b2afd92ea6f81b05b8ba3760086f1a6a76aaf88807d070b20613fb0673ce67
Instruction Fuzzy Hash: 0751BD25A0D742C2FE649B62A8942BB22B0BF48BC4F44843DDD4EC7790EE3EE445C752

Function 00007FF684095080 Relevance: 27.3, APIs: 1, Strings: 17, Instructions: 341COMMON

Download Yara Rule

Strings

Failed to resolve "%s" for SOCKS4 connect., xrefs: 00007FF68409536B
SOCKS4: too long host name, xrefs: 00007FF684095446
SOCKS4 reply has wrong version, version should be 0., xrefs: 00007FF684095521
Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d), request rejected or failed., xrefs: 00007FF684095624
Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d), request rejected because SOCKS server cannot connect to identd on the client., xrefs: 00007FF6840955ED
Failed to send SOCKS4 connect request., xrefs: 00007FF68409542D
SOCKS4%s request granted., xrefs: 00007FF684095646
SOCKS4 non-blocking resolve of %s, xrefs: 00007FF6840951EB
SOCKS4%s: connecting to HTTP proxy %s port %d, xrefs: 00007FF684095146
Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d), request rejected because the client program and identd report different user-ids., xrefs: 00007FF6840955B3
Too long SOCKS proxy name, can't use!, xrefs: 00007FF684095247
SOCKS4 connect to IPv4 %s (locally resolved), xrefs: 00007FF6840952EA
[, xrefs: 00007FF684095614
SOCKS4: Failed receiving connect request ack: %s, xrefs: 00007FF6840954DA
SOCKS4 connection to %s not supported, xrefs: 00007FF68409534C
SOCKS4 communication to %s:%d, xrefs: 00007FF68409515F
Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d), Unknown., xrefs: 00007FF684095586

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d), Unknown.$Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d), request rejected because SOCKS server cannot connect to identd on the client.$Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d), request rejected because the client program and identd report different user-ids.$Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d), request rejected or failed.$Failed to resolve "%s" for SOCKS4 connect.$Failed to send SOCKS4 connect request.$SOCKS4 communication to %s:%d$SOCKS4 connect to IPv4 %s (locally resolved)$SOCKS4 connection to %s not supported$SOCKS4 non-blocking resolve of %s$SOCKS4 reply has wrong version, version should be 0.$SOCKS4%s request granted.$SOCKS4%s: connecting to HTTP proxy %s port %d$SOCKS4: Failed receiving connect request ack: %s$SOCKS4: too long host name$Too long SOCKS proxy name, can't use!$[
API String ID: 0-3760664348
Opcode ID: 3f7cead770a38b83153c58d78604856fd57274a014a01c933667454c6ba67ce8
Instruction ID: f906df3d30e57120f14677c74f89f204f79ba15cf177dc4a2fdcf4a9801b3dd3
Opcode Fuzzy Hash: 3f7cead770a38b83153c58d78604856fd57274a014a01c933667454c6ba67ce8
Instruction Fuzzy Hash: 4BE19072A0C681C9EB548B26E59037EBBA0FF45788F48813ADA8D8B795DF7DE444C710

Function 00007FF68404D980 Relevance: 26.6, APIs: 14, Strings: 1, Instructions: 379COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68404DAF2
__std_exception_destroy.VCRUNTIME140 ref: 00007FF68404DB20
__std_exception_destroy.VCRUNTIME140 ref: 00007FF68404DB2E
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68404DB67
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68404DBB8
memset.VCRUNTIME140 ref: 00007FF68404D9D5

Part of subcall function 00007FF68404C3C0: memcpy.VCRUNTIME140(?,?,?,?,00007FF68404119B), ref: 00007FF68404C3F8

Part of subcall function 00007FF68404E3A0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?), ref: 00007FF68404E4E9

Part of subcall function 00007FF684052440: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68405252A
Part of subcall function 00007FF684052440: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF684052579

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68404DD57
__std_exception_destroy.VCRUNTIME140 ref: 00007FF68404DD83
__std_exception_destroy.VCRUNTIME140 ref: 00007FF68404DD91
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68404DDCB
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68404DE1E
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68404DEFB
_CxxThrowException.VCRUNTIME140 ref: 00007FF68404DF19
_CxxThrowException.VCRUNTIME140 ref: 00007FF68404DF36

Strings

value, xrefs: 00007FF68404DA4B, 00007FF68404DCB7

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$__std_exception_destroy$ExceptionThrow$memcpymemset
String ID: value
API String ID: 107301382-494360628
Opcode ID: a506774963bf0fd04d576fb5aadbf1131414a9e7a0cf612f8343dd910cfc4c36
Instruction ID: 6c24563edc8cb76be885a9ee30afbd2eed20f47b728275dc1263d031510977e3
Opcode Fuzzy Hash: a506774963bf0fd04d576fb5aadbf1131414a9e7a0cf612f8343dd910cfc4c36
Instruction Fuzzy Hash: 5D02A262E18B85C5EB20DB75D4803AE2761FF957E8F10523AEA5D87AD9DF2CD184C340

Function 00007FF6840731E0 Relevance: 26.5, APIs: 14, Strings: 1, Instructions: 280COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32 ref: 00007FF684073296
OpenProcessToken.ADVAPI32 ref: 00007FF6840732AB
GetTokenInformation.ADVAPI32 ref: 00007FF6840732EE
GetLastError.KERNEL32 ref: 00007FF6840732F4
malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF68407335D
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF684073396
UnloadUserProfile.USERENV ref: 00007FF68407347C
CloseHandle.KERNEL32 ref: 00007FF684073495
GetTokenInformation.ADVAPI32 ref: 00007FF684073505
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF684073526
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF684073556
calloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6840735B8
memcpy.VCRUNTIME140 ref: 00007FF6840735DB
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF684073617

Strings

none, xrefs: 00007FF6840733B9

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: free$Token$InformationProcess$CloseCurrentErrorHandleLastOpenProfileUnloadUsercallocmallocmemcpy
String ID: none
API String ID: 4155466088-2140143823
Opcode ID: 88748b59d470862b585a309cf1dc6f10a87e667c55d2e218f5134258565c475c
Instruction ID: 42450ebbbf9878ab4f00305f3b3edae9f66d09b9d3afa435f0ace4e88f437fac
Opcode Fuzzy Hash: 88748b59d470862b585a309cf1dc6f10a87e667c55d2e218f5134258565c475c
Instruction Fuzzy Hash: ABC14332A09BC1C6EB609F25D8803EA33A0FF55B64F44863ADA6D87B95DF39D594C301

Function 00007FF684090640 Relevance: 26.5, APIs: 6, Strings: 9, Instructions: 218stringCOMMON

Download Yara Rule

APIs

strchr.VCRUNTIME140 ref: 00007FF6840906F8
strchr.VCRUNTIME140 ref: 00007FF68409070F
_strdup.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF68409075B
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF684090927
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF684090976
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF68409097F

Strings

Transfer-Encoding:, xrefs: 00007FF684090898
Authorization:, xrefs: 00007FF6840908B1
Host:, xrefs: 00007FF6840907D9
1.1, xrefs: 00007FF68409065B
Content-Length:, xrefs: 00007FF68409084B
Connection:, xrefs: 00007FF684090871
Content-Type:, xrefs: 00007FF6840907FF, 00007FF684090825
Cookie:, xrefs: 00007FF6840908CB
%s, xrefs: 00007FF68409090C

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: free$strchr$_strdup
String ID: %s$1.1$Authorization:$Connection:$Content-Length:$Content-Type:$Cookie:$Host:$Transfer-Encoding:
API String ID: 1922034842-2519073162
Opcode ID: edf5fb029dcbae739827d8720a47ab500ed05b29ee59ba182a914ed7b177a24a
Instruction ID: 2fad23ceccf55a1965d925d926ea672bf89610ed6f0958546f0ce60983a1ac01
Opcode Fuzzy Hash: edf5fb029dcbae739827d8720a47ab500ed05b29ee59ba182a914ed7b177a24a
Instruction Fuzzy Hash: 77918F22E0D692C5FBA18B2698807BB6B90BF45B84F64403DCF8DC7695FE2EE545C710

Function 00007FF68407EF50 Relevance: 25.7, APIs: 17, Instructions: 236COMMON

Download Yara Rule

APIs

_strdup.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF68407EFB4
_strdup.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF68407EFE8
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF68407EFF9
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF68407F0CF
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF68407F0DC
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF68407F117
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF68407F121
_strdup.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF68407F19F
_strdup.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF68407F1C0
_strdup.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF68407F1E1
_strdup.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF68407F202
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF68407F299
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF68407F2A2

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: free$_strdup
String ID:
API String ID: 2653869212-0
Opcode ID: 0da613db8baf2f75be555bcb47abc665285e600db8ae2f3ad3041a993a025973
Instruction ID: 99838e999ded21c792a121d3378d9a6d39488ca6130b34470021c904df639a68
Opcode Fuzzy Hash: 0da613db8baf2f75be555bcb47abc665285e600db8ae2f3ad3041a993a025973
Instruction Fuzzy Hash: BBB13736A0AB85CAEB55CB65E58426A33B0FF48B54F140139CB8E87B50DF3DE4A5C341

Function 00007FF6840974F0 Relevance: 22.7, APIs: 15, Instructions: 160COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,00000000,00000000,?,00007FF6840977A6), ref: 00007FF68409750B
_strdup.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF68409752B
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF68409754C
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF684097555

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: free$_strdupmalloc
String ID:
API String ID: 111713529-0
Opcode ID: e7ccae6fa04aa127cef6ef6141946a0f93b71349dff57f909425b0b01f0fd207
Instruction ID: 49e2a47186a4fadffeaf91e0e85d48993db4cf5a3091559eab0a29c761caa909
Opcode Fuzzy Hash: e7ccae6fa04aa127cef6ef6141946a0f93b71349dff57f909425b0b01f0fd207
Instruction Fuzzy Hash: 61617866A05B92C2EB65DF16A48452A77A0FF48B91F05803ACF4E87B61EF7CE495C700

Function 00007FF68405E023 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 220COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF684065A60: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF684065C05

Part of subcall function 00007FF684062270: memcpy.VCRUNTIME140 ref: 00007FF68406234B

Part of subcall function 00007FF684066590: memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,00000000,?,00000001,00007FF684065CC1), ref: 00007FF68406666F

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68405E0D9
__std_exception_destroy.VCRUNTIME140 ref: 00007FF68405E107
__std_exception_destroy.VCRUNTIME140 ref: 00007FF68405E114
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68405E14D
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68405E1AB
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68405E26C
__std_exception_destroy.VCRUNTIME140 ref: 00007FF68405E29A
__std_exception_destroy.VCRUNTIME140 ref: 00007FF68405E2A7
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68405E2E0
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68405E332
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68405E376

Strings

value, xrefs: 00007FF68405E03C, 00007FF68405E1CC

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$__std_exception_destroy$memcpy
String ID: value
API String ID: 3212548336-494360628
Opcode ID: edb9a2db59c94ea912e99f678b649a56b4b8f30a90520118c6e5ce283cc8180b
Instruction ID: 409953e3c01bfb3612f7565ad390c5b0673840a32212890c8914086ec8000510
Opcode Fuzzy Hash: edb9a2db59c94ea912e99f678b649a56b4b8f30a90520118c6e5ce283cc8180b
Instruction Fuzzy Hash: 0DA1C562E18782C5FB00DB68E4853AE6361FF853A4F105739EAAD92AD9DF6CD084C740

Function 00007FF68405F20F Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 219COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF684065A60: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF684065C05

Part of subcall function 00007FF684062270: memcpy.VCRUNTIME140 ref: 00007FF68406234B

Part of subcall function 00007FF684066590: memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,00000000,?,00000001,00007FF684065CC1), ref: 00007FF68406666F

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68405F2C2
__std_exception_destroy.VCRUNTIME140 ref: 00007FF68405F2EE
__std_exception_destroy.VCRUNTIME140 ref: 00007FF68405F2FB
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68405F335
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68405F394
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68405F452
__std_exception_destroy.VCRUNTIME140 ref: 00007FF68405F47E
__std_exception_destroy.VCRUNTIME140 ref: 00007FF68405F48B
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68405F4C5
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68405F518
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68405F55C

Strings

value, xrefs: 00007FF68405F228, 00007FF68405F3B5

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$__std_exception_destroy$memcpy
String ID: value
API String ID: 3212548336-494360628
Opcode ID: 3b19abd6e09084c4d903c86aa92d96cc0f5d9f6c1526345be9fefb4141ed036e
Instruction ID: cbdc8422a41f173542634d780b93e59eb071b0ded5b27ebc2eb6c6f683132c9a
Opcode Fuzzy Hash: 3b19abd6e09084c4d903c86aa92d96cc0f5d9f6c1526345be9fefb4141ed036e
Instruction Fuzzy Hash: A8A1B762E18786C5FB00DB68D4843AE2361FF857A4F104739DBAD92AD9DF6CE485C304

Function 00007FF684079AA0 Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 161fileCOMMON

Download Yara Rule

APIs

calloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF684079B0D
_strdup.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF684079B2D
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF684079B61
fopen.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF684079B82
malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF684079BA5
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF684079BB6
fclose.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF684079BD8
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF684079C8F
fclose.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF684079CA4

Strings

Set-Cookie:, xrefs: 00007FF684079C16
ignoring failed cookie_init for %s, xrefs: 00007FF684079BE2
none, xrefs: 00007FF684079B22

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: fclosefree$__acrt_iob_func_strdupcallocfopenmalloc
String ID: Set-Cookie:$ignoring failed cookie_init for %s$none
API String ID: 4109794434-4095489131
Opcode ID: 8161a31dbd1b1eb81b9d9d9f5028a5bfdf29c55bfe295cc4d5a28cb1b5ae4093
Instruction ID: cd503de770736046499f6679546a261bc598a4442b4f638cce4f43c8f808d2bf
Opcode Fuzzy Hash: 8161a31dbd1b1eb81b9d9d9f5028a5bfdf29c55bfe295cc4d5a28cb1b5ae4093
Instruction Fuzzy Hash: 6561BC62A0DB82C1FB549B6195942BB2BE4BF45B88F48443CDE8D87B91DF3EE401D312

Function 00007FF684047A40 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 126COMMON

Download Yara Rule

APIs

??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ.MSVCP140 ref: 00007FF684047A82
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z.MSVCP140 ref: 00007FF684047AA1
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ.MSVCP140 ref: 00007FF684047AD3
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ.MSVCP140 ref: 00007FF684047AEE
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z.MSVCP140 ref: 00007FF684047B18
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ.MSVCP140 ref: 00007FF684047B35
_get_stream_buffer_pointers.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF684047B5C
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ.MSVCP140 ref: 00007FF684047BA7

Part of subcall function 00007FF68404BE00: ??0_Lockit@std@@QEAA@H@Z.MSVCP140(?,?,?,?,?,?,00000000,00007FF68404B25A), ref: 00007FF68404BE2D
Part of subcall function 00007FF68404BE00: ??Bid@locale@std@@QEAA_KXZ.MSVCP140(?,?,?,?,?,?,00000000,00007FF68404B25A), ref: 00007FF68404BE47
Part of subcall function 00007FF68404BE00: ?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ.MSVCP140(?,?,?,?,?,?,00000000,00007FF68404B25A), ref: 00007FF68404BE79
Part of subcall function 00007FF68404BE00: ?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z.MSVCP140(?,?,?,?,?,?,00000000,00007FF68404B25A), ref: 00007FF68404BEA4
Part of subcall function 00007FF68404BE00: std::_Facet_Register.LIBCPMT ref: 00007FF68404BEBD
Part of subcall function 00007FF68404BE00: ??1_Lockit@std@@QEAA@XZ.MSVCP140(?,?,?,?,?,?,00000000,00007FF68404B25A), ref: 00007FF68404BEDC

?always_noconv@codecvt_base@std@@QEBA_NXZ.MSVCP140 ref: 00007FF684047BBC
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ.MSVCP140 ref: 00007FF684047BD3
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z.MSVCP140 ref: 00007FF684047C14

Strings

C:\Windows\System32\WindowIME.exe, xrefs: 00007FF684047B11

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: U?$char_traits@$D@std@@@std@@$Init@?$basic_streambuf@$Lockit@std@@$??0?$basic_ios@??0?$basic_ostream@??0?$basic_streambuf@??0_??1_?always_noconv@codecvt_base@std@@?getloc@?$basic_streambuf@?setstate@?$basic_ios@Bid@locale@std@@D@std@@@1@_Facet_Fiopen@std@@Getcat@?$codecvt@Getgloballocale@locale@std@@Locimp@12@Mbstatet@@@std@@RegisterU_iobuf@@V42@@V?$basic_streambuf@Vfacet@locale@2@Vlocale@2@_get_stream_buffer_pointersstd::_
String ID: C:\Windows\System32\WindowIME.exe
API String ID: 3067465659-1868641194
Opcode ID: df807cdc90f79d9d27df7c2e24dfd6b891c1cafcf9c5c8bb51b4186830722420
Instruction ID: 0c4e2407a5ebae13ef9e2636b4ab255cbc2f8913a9618dc0b24073232463b471
Opcode Fuzzy Hash: df807cdc90f79d9d27df7c2e24dfd6b891c1cafcf9c5c8bb51b4186830722420
Instruction Fuzzy Hash: 09512832A09B86C6DB10DF25E89426A77A4FB89F88F544139DA8E83B28DF3CD155C740

Function 00007FF68406F4A0 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 88stringCOMMON

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 00007FF68406F4C2
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68406F4CA
__sys_nerr.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68406F4E9
strerror.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68406F4F5
strncpy.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF68406F504
strrchr.VCRUNTIME140 ref: 00007FF68406F555
strrchr.VCRUNTIME140 ref: 00007FF68406F576
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68406F58F
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68406F59A
GetLastError.KERNEL32 ref: 00007FF68406F5A3
SetLastError.KERNEL32 ref: 00007FF68406F5AF

Strings

Unknown error %d (%#x), xrefs: 00007FF68406F537

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: ErrorLast_errno$strrchr$__sys_nerrstrerrorstrncpy
String ID: Unknown error %d (%#x)
API String ID: 4262108436-2414550090
Opcode ID: e52d76b5e6cc75359235ad2bddd53c6ad9cd8ed833f49987e50af8e26ef4ff57
Instruction ID: 3bd1061cc287ecbe385b604d52706e7f669d376f3b470bccfe48998499eb0d6c
Opcode Fuzzy Hash: e52d76b5e6cc75359235ad2bddd53c6ad9cd8ed833f49987e50af8e26ef4ff57
Instruction Fuzzy Hash: 18314D21A08742C6FA156F22A89427B6692BF85F80F48443DDF4FC7B95DE3CE881C714

Function 00007FF6840B3260 Relevance: 19.8, APIs: 8, Strings: 5, Instructions: 266COMMON

Download Yara Rule

APIs

free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6840B32D5
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6840B32F6
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6840B3311
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6840B331F
malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6840B33A6
calloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6840B33F5
calloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6840B3456
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6840B35DC

Strings

CompleteAuthToken failed: %s, xrefs: 00007FF6840B3637
SPNEGO handshake failure (empty challenge message), xrefs: 00007FF6840B34A6
Negotiate, xrefs: 00007FF6840B3264, 00007FF6840B336C, 00007FF6840B3413
HTTP, xrefs: 00007FF6840B3260
InitializeSecurityContext failed: %s, xrefs: 00007FF6840B35FA

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: free$calloc$malloc
String ID: CompleteAuthToken failed: %s$HTTP$InitializeSecurityContext failed: %s$Negotiate$SPNEGO handshake failure (empty challenge message)
API String ID: 3103867982-1477229593
Opcode ID: a6e5d35169d29f51be9566600c421b602c32743840e1877c0d13cb3e89be58db
Instruction ID: 2567065d1738a83cceb7213fe815d8985250c9ebca390086e2936f79605d9cb4
Opcode Fuzzy Hash: a6e5d35169d29f51be9566600c421b602c32743840e1877c0d13cb3e89be58db
Instruction Fuzzy Hash: 97C14A72A08B56C6EB50CF65E8902AE77A4FF48B88F10413ADE4D87B58DF38E955C740

Function 00007FF684066710 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 273COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140 ref: 00007FF6840667DE
memcpy.VCRUNTIME140 ref: 00007FF68406683B
memcmp.VCRUNTIME140 ref: 00007FF684066861
memcpy.VCRUNTIME140 ref: 00007FF6840668D9
memcpy.VCRUNTIME140 ref: 00007FF68406693E
memcpy.VCRUNTIME140 ref: 00007FF684066999
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF6840669E4
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF684066A1C
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF684066A77

Strings

signature, xrefs: 00007FF68406685A

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: memcpy$_invalid_parameter_noinfo_noreturn$memcmp
String ID: signature
API String ID: 1674799469-2928148801
Opcode ID: e4b72c20b795460903aa7700c683ab11d6cae79eb9e2138e37db704ef0985484
Instruction ID: 59e1e29f4a8a6477e7352f124c462aeceeb017b9f937d24fd5a9bc338669859d
Opcode Fuzzy Hash: e4b72c20b795460903aa7700c683ab11d6cae79eb9e2138e37db704ef0985484
Instruction Fuzzy Hash: 02A19422F18B4189FB109B75D5803AE2262BF047E8F40463ADE6EA7BD9DE3CD095C344

Function 00007FF684083870 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 151stringCOMMON

Download Yara Rule

APIs

_strdup.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF6840838AD
strncmp.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF68408392F
strchr.VCRUNTIME140 ref: 00007FF6840839AE
strtol.API-MS-WIN-CRT-CONVERT-L1-1-0 ref: 00007FF6840839DC
_strdup.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF6840839FD
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF684083A0F

Strings

Please URL encode %% as %%25, see RFC 6874., xrefs: 00007FF684083939
%25, xrefs: 00007FF684083925
Invalid IPv6 address format, xrefs: 00007FF684083997
No valid port number in connect to host string (%s), xrefs: 00007FF684083A3B

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: _strdup$freestrchrstrncmpstrtol
String ID: %25$Invalid IPv6 address format$No valid port number in connect to host string (%s)$Please URL encode %% as %%25, see RFC 6874.
API String ID: 2070079882-2404041592
Opcode ID: c49bf3d2e74e294dd691b4e6442442a073627f1ac63041f82eaa3987aff2b077
Instruction ID: 6d24da010fcd41eb8398a7b73b42a240896787b946d204bc6dc90c90af42d108
Opcode Fuzzy Hash: c49bf3d2e74e294dd691b4e6442442a073627f1ac63041f82eaa3987aff2b077
Instruction Fuzzy Hash: 5151F321A4CA96C5FB618B2599E037B67D1BF89B94F48403ACECD86685DE3EE485C310

Function 00007FF684079890 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 143fileCOMMON

Download Yara Rule

APIs

calloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6840798CE
_strdup.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF6840798EE
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF684079920
fopen.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF68407993D
malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF68407995B
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF68407996C
fclose.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF68407998C
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF684071250), ref: 00007FF684079A3F
fclose.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF684071250), ref: 00007FF684079A55

Strings

Set-Cookie:, xrefs: 00007FF6840799C6
none, xrefs: 00007FF6840798E3

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: fclosefree$__acrt_iob_func_strdupcallocfopenmalloc
String ID: Set-Cookie:$none
API String ID: 4109794434-3629594122
Opcode ID: 6a072f90b8997f3e741f4e5ccd6cc9de7282e0c1e85ac19e3591e65d34f0775a
Instruction ID: 9652aee0bef8f86137059d23a720a87d4f6ff40a71aa737de47058fa5e6283eb
Opcode Fuzzy Hash: 6a072f90b8997f3e741f4e5ccd6cc9de7282e0c1e85ac19e3591e65d34f0775a
Instruction Fuzzy Hash: 0451C321A0D782D1FB558B6665D02BB67E0BF85B88F48443CDE8E86792DF3EE445C312

Function 00007FF68408A610 Relevance: 18.2, APIs: 2, Strings: 10, Instructions: 227COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140 ref: 00007FF68408A9A6

Strings

Signaling end of chunked upload via terminating chunk., xrefs: 00007FF68408A93A
read function returned funny value, xrefs: 00007FF68408A84B
Moving trailers state machine from initialized to sending., xrefs: 00007FF68408A651
Successfully compiled trailers., xrefs: 00007FF68408A6EA
Read callback asked for PAUSE when not supported!, xrefs: 00007FF68408A809
Unable to allocate trailing headers buffer !, xrefs: 00007FF68408A683
operation aborted by trailing headers callback, xrefs: 00007FF68408A79D
%zx%s, xrefs: 00007FF68408A8C7
Signaling end of chunked upload after trailers., xrefs: 00007FF68408A9F0
operation aborted by callback, xrefs: 00007FF68408A77D

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: memcpy
String ID: %zx%s$Moving trailers state machine from initialized to sending.$Read callback asked for PAUSE when not supported!$Signaling end of chunked upload after trailers.$Signaling end of chunked upload via terminating chunk.$Successfully compiled trailers.$Unable to allocate trailing headers buffer !$operation aborted by callback$operation aborted by trailing headers callback$read function returned funny value
API String ID: 3510742995-1652449680
Opcode ID: 3872a77681eae6a7efc78573aa0d725652e54cc419975f0e17e584d83e237168
Instruction ID: 08eb12d07d3809e02bf737c318063a7fceabba032e74a8062c906832e5d66fd6
Opcode Fuzzy Hash: 3872a77681eae6a7efc78573aa0d725652e54cc419975f0e17e584d83e237168
Instruction Fuzzy Hash: 09A17F32A4CB82C1E7509B2199803FB2760FF85B98F494139DE8E8B686EF7DE445C711

Function 00007FF68409C450 Relevance: 18.2, APIs: 4, Strings: 8, Instructions: 207COMMON

Download Yara Rule

APIs

free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF68409C580
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF68409C596
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF68409C5F9

Strings

APPEND %s (\Seen) {%I64d}, xrefs: 00007FF68409C72D
Mime-Version, xrefs: 00007FF68409C686
SELECT %s, xrefs: 00007FF68409C5E5
Cannot SELECT without a mailbox., xrefs: 00007FF68409C5AF
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_, xrefs: 00007FF68409C468
Cannot APPEND without a mailbox., xrefs: 00007FF68409C624
Mime-Version: 1.0, xrefs: 00007FF68409C6A1
Cannot APPEND with unknown input file size, xrefs: 00007FF68409C6F7

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: free
String ID: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_$APPEND %s (\Seen) {%I64d}$Cannot APPEND with unknown input file size$Cannot APPEND without a mailbox.$Cannot SELECT without a mailbox.$Mime-Version$Mime-Version: 1.0$SELECT %s
API String ID: 1294909896-3146291949
Opcode ID: c44b0adeffbf34a0a474f34b6fa48de3365fb117dc1ee4835c3dc13800846399
Instruction ID: ce828bd998891d48677ba7938326c2c6ab06db49530d6d9bd82e45e2e604064a
Opcode Fuzzy Hash: c44b0adeffbf34a0a474f34b6fa48de3365fb117dc1ee4835c3dc13800846399
Instruction Fuzzy Hash: 33915C21F0CB82C6EA649B2195D07BB6AA0FF55B84F04403DDA5EC7686DF7DE494C342

Function 00007FF6840448C0 Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 312COMMON

Download Yara Rule

APIs

__std_fs_code_page.MSVCPRT ref: 00007FF68404491A
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF684044982
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF684044BC7
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF684044BCE
memset.VCRUNTIME140 ref: 00007FF684044BE1
memcpy.VCRUNTIME140 ref: 00007FF684044C73

Part of subcall function 00007FF684059260: memcpy.VCRUNTIME140 ref: 00007FF684059327

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF684044D52
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF684044D59
_CxxThrowException.VCRUNTIME140 ref: 00007FF684044D93

Strings

&, xrefs: 00007FF684044C38

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$memcpy$ExceptionThrow__std_fs_code_pagememset
String ID: &
API String ID: 2428206523-1010288
Opcode ID: 75d1ed8466dbd504d92c8e58e05997f5808fc35bd7b228822ed4c822dcb99d7b
Instruction ID: 72f9bff231b9f67f9091c130fe21cb00f3dbd4efc794226fb95c7dcdecf6b8e0
Opcode Fuzzy Hash: 75d1ed8466dbd504d92c8e58e05997f5808fc35bd7b228822ed4c822dcb99d7b
Instruction Fuzzy Hash: E6D1D572E19682D5E7119B35E4803AAB361FF627C4F40933AEA5CA6A96DF3CD584C340

Function 00007FF68404E3A0 Relevance: 17.8, APIs: 5, Strings: 5, Instructions: 309COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF68404C3C0: memcpy.VCRUNTIME140(?,?,?,?,00007FF68404119B), ref: 00007FF68404C3F8

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?), ref: 00007FF68404E4E9
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68404E645
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68404E69F

Part of subcall function 00007FF68404AC80: memcpy.VCRUNTIME140 ref: 00007FF68404ACC6

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68404E768

Part of subcall function 00007FF68404CB90: memcpy.VCRUNTIME140(?,?,?,?,?,?,?,00000000,?,?,?,00007FF684049045), ref: 00007FF68404CC6F

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68404E845

Strings

; last read: ', xrefs: 00007FF68404E591
unexpected , xrefs: 00007FF68404E6F2
syntax error , xrefs: 00007FF68404E3DC
while parsing , xrefs: 00007FF68404E42F
; expected , xrefs: 00007FF68404E7CC

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$memcpy
String ID: ; expected $; last read: '$syntax error $unexpected $while parsing
API String ID: 3063020102-4239264347
Opcode ID: efadc1dd42412e2bac164294a01f2b5057f4eee50cfc200e13496a9cdd7ca0cb
Instruction ID: 90b551414712d705504e312778509113733e91bc0908eee06b9def9a985f5b69
Opcode Fuzzy Hash: efadc1dd42412e2bac164294a01f2b5057f4eee50cfc200e13496a9cdd7ca0cb
Instruction Fuzzy Hash: 52D14E62F14652C9FB10DBA5D8803AE2762BF607ECF514239DE1D5AAD9DF7C9484C340

Function 00007FF68408CDA0 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 178COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF68408CE31
malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF68408CE78
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF68408CF14
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF68408CF2A
calloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF68408CF4B
tolower.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF68408CF9A
_time64.API-MS-WIN-CRT-TIME-L1-1-0 ref: 00007FF68408CFEA
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF68408D01F

Strings

:%u, xrefs: 00007FF68408CFAE
Shuffling %i addresses, xrefs: 00007FF68408CE1A

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: free$malloc$_time64calloctolower
String ID: :%u$Shuffling %i addresses
API String ID: 133842801-338667637
Opcode ID: e4c168355f3d8feea1d2c9b22935771a5ddb96b77d7d80a8c5bcc37c88757fb0
Instruction ID: 6dc4a34c6b53fc6f46c99368f3e63ff414b8295c03c1219c68c79f7bd07280e2
Opcode Fuzzy Hash: e4c168355f3d8feea1d2c9b22935771a5ddb96b77d7d80a8c5bcc37c88757fb0
Instruction Fuzzy Hash: 8371F432A09A92C1EB548F15EA847BA73A1FF48B94F44413ADE4E87796DF3CD445C300

Function 00007FF68408AA10 Relevance: 17.7, APIs: 4, Strings: 6, Instructions: 162COMMON

Download Yara Rule

APIs

free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF68408AA8A
_strdup.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF68408AAA5
_strdup.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF68408AB22
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF68408ABAC

Strings

Switch from POST to GET, xrefs: 00007FF68408AC76
HEAD, xrefs: 00007FF68408AC17
Issue another request to this URL: '%s', xrefs: 00007FF68408ABB7
Switch to %s, xrefs: 00007FF68408AC37
Maximum (%ld) redirects followed, xrefs: 00007FF68408AB77
GET, xrefs: 00007FF68408AC1E

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: _strdupfree
String ID: GET$HEAD$Issue another request to this URL: '%s'$Maximum (%ld) redirects followed$Switch from POST to GET$Switch to %s
API String ID: 1865132094-1312055526
Opcode ID: 581be3addc2186a0b3a625a044c1d95f525359a6204171a2ad3bedd9d2db7927
Instruction ID: 0a06a3860a9fae10d2939e5908a71b2f866dc25bf282afc6725b26a5566baa13
Opcode Fuzzy Hash: 581be3addc2186a0b3a625a044c1d95f525359a6204171a2ad3bedd9d2db7927
Instruction Fuzzy Hash: A3719062A4C782C1E7608B2599803BF37A1FF85B94F180539DE4D8BA96DF3DE481CB10

Function 00007FF6840809F0 Relevance: 17.6, APIs: 14, Instructions: 106COMMON

Download Yara Rule

APIs

free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FF684081075), ref: 00007FF684080A6D
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FF684081075), ref: 00007FF684080A8A
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FF684081075), ref: 00007FF684080A9E
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FF684081075), ref: 00007FF684080ABA
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FF684081075), ref: 00007FF684080AD7
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FF684081075), ref: 00007FF684080AFA
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FF684081075), ref: 00007FF684080B0E
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FF684081075), ref: 00007FF684080B22
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FF684081075), ref: 00007FF684080B48
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FF684081075), ref: 00007FF684080B5C
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FF684081075), ref: 00007FF684080B70
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FF684081075), ref: 00007FF684080BBF
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FF684081075), ref: 00007FF684080BCC
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FF684081075), ref: 00007FF684080BF5

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: free
String ID:
API String ID: 1294909896-0
Opcode ID: 92faa97243cf25a4b29131afba3ee1ae76f79bc544f58ae04f9f377f2ba8741b
Instruction ID: 54f3cfed6b26b75aede764e069130bc6237a0d74ac98adbbc03101e222717c47
Opcode Fuzzy Hash: 92faa97243cf25a4b29131afba3ee1ae76f79bc544f58ae04f9f377f2ba8741b
Instruction Fuzzy Hash: BA51FC36A49A82C1EB44DF61D9D42FE23A0FF88F95F084039DE0E8B756CE799495C320

Function 00007FF68409C120 Relevance: 16.7, APIs: 5, Strings: 6, Instructions: 223COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF68406E9E0: malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF68406EA0E

free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF68409C3BE
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF68409C3C8
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF68409C423
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF68409C42D
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF68409C43A

Strings

MAILINDEX, xrefs: 00007FF68409C2F7
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_, xrefs: 00007FF68409C128
UID, xrefs: 00007FF68409C2B6
PARTIAL, xrefs: 00007FF68409C376
SECTION, xrefs: 00007FF68409C338
UIDVALIDITY, xrefs: 00007FF68409C275

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: free$malloc
String ID: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_$MAILINDEX$PARTIAL$SECTION$UID$UIDVALIDITY
API String ID: 2190258309-1670639106
Opcode ID: 1efa868b5462c200d09081fb29ee884b4892aca32957e5d129525548eb663066
Instruction ID: f64c22f256262d05773a83bca0ea1264933bccb459b942707cd3cf820d67fbef
Opcode Fuzzy Hash: 1efa868b5462c200d09081fb29ee884b4892aca32957e5d129525548eb663066
Instruction Fuzzy Hash: D6A15F22E0DA86C5EB65CF21D4803BA2BA0FF45B98F044039EB4E87A95DF3AD595C351

Function 00007FF68407C3B0 Relevance: 16.6, APIs: 11, Instructions: 119stringCOMMON

Download Yara Rule

APIs

_stat64.API-MS-WIN-CRT-FILESYSTEM-L1-1-0 ref: 00007FF68407C3F7
_access.API-MS-WIN-CRT-FILESYSTEM-L1-1-0 ref: 00007FF68407C407
_strdup.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF68407C41E
_strdup.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF68407C49A
strrchr.VCRUNTIME140 ref: 00007FF68407C4B7
strrchr.VCRUNTIME140 ref: 00007FF68407C4C7
_strdup.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF68407C4F7
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF68407C503
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF68407C512
_strdup.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF68407C523
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF68407C539

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: _strdup$free$strrchr$_access_stat64
String ID:
API String ID: 2557200964-0
Opcode ID: df5435a5cef8bf91394a0fd372ddef6b175cf16ed303a68cf195f371a0bc8ca1
Instruction ID: b7183b013673317172aeaef4f7977b1b46df081a2127abec6ae17ad742d0cb7a
Opcode Fuzzy Hash: df5435a5cef8bf91394a0fd372ddef6b175cf16ed303a68cf195f371a0bc8ca1
Instruction Fuzzy Hash: 28415F21B0DB42C6FB549B11A4D427A23A0FF49B90F480139DE5E87B95EF3DE595C202

Function 00007FF6840ACFB0 Relevance: 16.6, APIs: 11, Instructions: 89COMMON

Download Yara Rule

APIs

calloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF684084035,?,?,?,?,?,00007FF68408243C), ref: 00007FF6840ACFC5
_strdup.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF684084035,?,?,?,?,?,00007FF68408243C), ref: 00007FF6840ACFDF
_strdup.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF684084035,?,?,?,?,?,00007FF68408243C), ref: 00007FF6840ACFFA
_strdup.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF684084035,?,?,?,?,?,00007FF68408243C), ref: 00007FF6840AD016
_strdup.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF684084035,?,?,?,?,?,00007FF68408243C), ref: 00007FF6840AD032
_strdup.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF684084035,?,?,?,?,?,00007FF68408243C), ref: 00007FF6840AD04A
_strdup.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF684084035,?,?,?,?,?,00007FF68408243C), ref: 00007FF6840AD062
_strdup.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF684084035,?,?,?,?,?,00007FF68408243C), ref: 00007FF6840AD07A
_strdup.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF684084035,?,?,?,?,?,00007FF68408243C), ref: 00007FF6840AD092
_strdup.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF684084035,?,?,?,?,?,00007FF68408243C), ref: 00007FF6840AD0AA
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF684084035,?,?,?,?,?,00007FF68408243C), ref: 00007FF6840AD0C4

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: _strdup$callocfree
String ID:
API String ID: 1183638330-0
Opcode ID: 197c484ae14026e3044d3d1e06053f72212b74990030b463fd0feab530d5baf2
Instruction ID: 3b798b5a2e44e33243f4c3070e0e4a66301c389ee30a267147f6622a8313bd6d
Opcode Fuzzy Hash: 197c484ae14026e3044d3d1e06053f72212b74990030b463fd0feab530d5baf2
Instruction Fuzzy Hash: D231EC25A0BB46C6EF99CB55B0D063A33B1FF48B41B08053ECA5E96785EF3CE4A5C251

Function 00007FF6840816E0 Relevance: 16.4, APIs: 13, Instructions: 164stringCOMMON

Download Yara Rule

APIs

strchr.VCRUNTIME140 ref: 00007FF684081718
strchr.VCRUNTIME140 ref: 00007FF68408173F
malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6840817F4
malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF68408181A
malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF68408183B
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF68408184C
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF684081855
memcpy.VCRUNTIME140 ref: 00007FF684081873
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF684081887
memcpy.VCRUNTIME140 ref: 00007FF6840818A4
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6840818B9
memcpy.VCRUNTIME140 ref: 00007FF6840818D1
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6840818E6

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: free$mallocmemcpy$strchr
String ID:
API String ID: 1615377186-0
Opcode ID: 5ff26d22d78fe8902c9b44893557b1d8ac17fb0e1b520e5ea82e4aa316e7b38c
Instruction ID: b749ccd9de208b66947bcc6d4d0f814cb9627b4632d9f083a15ca18356c9d6ba
Opcode Fuzzy Hash: 5ff26d22d78fe8902c9b44893557b1d8ac17fb0e1b520e5ea82e4aa316e7b38c
Instruction Fuzzy Hash: 22518E25B19B85C5EA65CF15AA8467B62E1FF48BC5F084439DE8E8B748DF3CE445C300

Function 00007FF684083600 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 163COMMON

Download Yara Rule

APIs

free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF684083644
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF684083658
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF68408367C
_strdup.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF684083689
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6840836B2
_strdup.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF6840836BF
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6840836F0
_strdup.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF6840836FD

Strings

Couldn't find host %s in the .netrc file; using defaults, xrefs: 00007FF684083789

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: free$_strdup
String ID: Couldn't find host %s in the .netrc file; using defaults
API String ID: 2653869212-3983049644
Opcode ID: e05d1c515552f19627924009d350ebda3a1b17ef808468171835d53564a434c7
Instruction ID: e8e3cc273d4d090668f1002e01a53acc10dfebe438cf614e11259eb06f26c22c
Opcode Fuzzy Hash: e05d1c515552f19627924009d350ebda3a1b17ef808468171835d53564a434c7
Instruction Fuzzy Hash: FE717C26A08B82C6EB69CB259A9476B77A0FF88784F04413ADF5D87791DF3EE454C700

Function 00007FF684087DD0 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 112stringCOMMON

Download Yara Rule

APIs

free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,00000000,?,00000000,?,Digest,?,00007FF68409314A), ref: 00007FF684087E4F
strchr.VCRUNTIME140(?,?,?,?,?,00000000,?,00000000,?,Digest,?,00007FF68409314A), ref: 00007FF684087EA1
_strdup.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,00000000,?,00000000,?,Digest,?,00007FF68409314A), ref: 00007FF684087EC5
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,00000000,?,00000000,?,Digest,?,00007FF68409314A), ref: 00007FF684087F15
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,00000000,?,00000000,?,Digest,?,00007FF68409314A), ref: 00007FF684087F58

Strings

%sAuthorization: Digest %s, xrefs: 00007FF684087F35
Proxy-, xrefs: 00007FF684087F2B
%.*s, xrefs: 00007FF684087EAE
Digest, xrefs: 00007FF684087DDB

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: free$_strdupstrchr
String ID: %.*s$%sAuthorization: Digest %s$Digest$Proxy-
API String ID: 153040452-3976116069
Opcode ID: 6b2858b05afccb99d1fafdf82c3af446890752d1cc33cab3502580c249f60c8c
Instruction ID: 0820d340aa6a7ecb06065bd21bcdeffa93b18afabad8b32d6dd9028c2c54f91c
Opcode Fuzzy Hash: 6b2858b05afccb99d1fafdf82c3af446890752d1cc33cab3502580c249f60c8c
Instruction Fuzzy Hash: 1A416E26A08B86D2E625DF12E8843AB77A0FF85B84F540439EE8D87796DF3DD556C300

Function 00007FF68406F5E0 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 72stringwindowCOMMON

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 00007FF68406F5FC
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68406F604
FormatMessageA.KERNEL32 ref: 00007FF68406F63E
strchr.VCRUNTIME140 ref: 00007FF68406F653
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68406F69C
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68406F6A6
GetLastError.KERNEL32 ref: 00007FF68406F6AE
SetLastError.KERNEL32 ref: 00007FF68406F6BA

Strings

Unknown error %u (0x%08X), xrefs: 00007FF68406F68A

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: ErrorLast_errno$FormatMessagestrchr
String ID: Unknown error %u (0x%08X)
API String ID: 1897771742-1058733786
Opcode ID: d3d265ad11455a821d92ce5a028ceb9086d69f18f1f626cb40ca2a66129ebce5
Instruction ID: 7b567ac7661d8432064b8c3aaee8a357d34c04a7215fe4d57aefc59451aff723
Opcode Fuzzy Hash: d3d265ad11455a821d92ce5a028ceb9086d69f18f1f626cb40ca2a66129ebce5
Instruction Fuzzy Hash: FF214122A0C782C6E7215F35A48422B7A90BF99B94F09453DDE8A83B65CE3CD491C755

Function 00007FF684072F80 Relevance: 15.1, APIs: 10, Instructions: 130COMMON

Download Yara Rule

APIs

_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,00000010,?,00007FF684073114,?,?,?,?,?,?,00000000,00007FF68407356D), ref: 00007FF684073002
_invalid_parameter_noinfo.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,00000010,?,00007FF684073114,?,?,?,?,?,?,00000000,00007FF68407356D), ref: 00007FF68407306A

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: _errno_invalid_parameter_noinfo
String ID:
API String ID: 2959964966-0
Opcode ID: 979777dfe6e642dd387f63d658240e46867c5cb43d9353d50230877717a36a5e
Instruction ID: a6214f189f90962ab23946a767257a168e04cc84dbd004ae8260b30b954eb5be
Opcode Fuzzy Hash: 979777dfe6e642dd387f63d658240e46867c5cb43d9353d50230877717a36a5e
Instruction Fuzzy Hash: 7041BD66A0D642C6FA249B25D49427E63B0BF84B90F14843EDB0E87795CF3EE451C752

Function 00007FF68407A400 Relevance: 15.1, APIs: 10, Instructions: 67COMMON

Download Yara Rule

APIs

_time64.API-MS-WIN-CRT-TIME-L1-1-0(00000000,?,?,00007FF684079E7E,00000000,?,?,00000000,00000000,?,00000000,00007FF684079D7F,?,?,00000000,00007FF684080B39), ref: 00007FF68407A423
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,00000000,00000000,?,00000000,00007FF684079D7F,?,?,00000000,00007FF684080B39,?,?,00000000,00007FF684081075), ref: 00007FF68407A479
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,00000000,00000000,?,00000000,00007FF684079D7F,?,?,00000000,00007FF684080B39,?,?,00000000,00007FF684081075), ref: 00007FF68407A483
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,00000000,00000000,?,00000000,00007FF684079D7F,?,?,00000000,00007FF684080B39,?,?,00000000,00007FF684081075), ref: 00007FF68407A48D
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,00000000,00000000,?,00000000,00007FF684079D7F,?,?,00000000,00007FF684080B39,?,?,00000000,00007FF684081075), ref: 00007FF68407A497
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,00000000,00000000,?,00000000,00007FF684079D7F,?,?,00000000,00007FF684080B39,?,?,00000000,00007FF684081075), ref: 00007FF68407A4A1
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,00000000,00000000,?,00000000,00007FF684079D7F,?,?,00000000,00007FF684080B39,?,?,00000000,00007FF684081075), ref: 00007FF68407A4AB
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,00000000,00000000,?,00000000,00007FF684079D7F,?,?,00000000,00007FF684080B39,?,?,00000000,00007FF684081075), ref: 00007FF68407A4B5
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,00000000,00000000,?,00000000,00007FF684079D7F,?,?,00000000,00007FF684080B39,?,?,00000000,00007FF684081075), ref: 00007FF68407A4BF
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,00000000,00000000,?,00000000,00007FF684079D7F,?,?,00000000,00007FF684080B39,?,?,00000000,00007FF684081075), ref: 00007FF68407A4C8

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: free$_time64
String ID:
API String ID: 3087401894-0
Opcode ID: da83276a5ff9a3e3f79460aaedf5a239e8ab4e78e86da4fbc64eb4e0faf8dd0f
Instruction ID: acfc04718b199a853c29edd5db5ffad18146f66ce5e5f7eda4ddfd72364debf3
Opcode Fuzzy Hash: da83276a5ff9a3e3f79460aaedf5a239e8ab4e78e86da4fbc64eb4e0faf8dd0f
Instruction Fuzzy Hash: 6021FA3AA48A51C1DB50DF61E88812A63B0FF88FA5F044036DE4E87B25DE7DD495C740

Function 00007FF6840910F0 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 181COMMON

Download Yara Rule

APIs

_strdup.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF6840911BC

Strings

NTLM, xrefs: 00007FF6840911EC
Negotiate, xrefs: 00007FF684091166
Bearer, xrefs: 00007FF6840912D8
Authentication problem. Ignoring this., xrefs: 00007FF6840912FD
Ignoring duplicate digest auth header., xrefs: 00007FF68409126D
Basic, xrefs: 00007FF6840912B1
Digest, xrefs: 00007FF684091254

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: _strdup
String ID: Authentication problem. Ignoring this.$Basic$Bearer$Digest$Ignoring duplicate digest auth header.$NTLM$Negotiate
API String ID: 1169197092-907567932
Opcode ID: 6b9b772c88feea62f66b81e050b445242f84a26114786bf1c30213ddbd46f529
Instruction ID: ba272eaa3b2020d6cf14f2e6124a47dea9a3c9d85a40c2d3e75d5abd536573da
Opcode Fuzzy Hash: 6b9b772c88feea62f66b81e050b445242f84a26114786bf1c30213ddbd46f529
Instruction Fuzzy Hash: 08718161B0C292D6F7289B22998127B7BE1BF45785F448039DA9ACB7C2DF3EE515C310

Function 00007FF684078D53 Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 169COMMON

Download Yara Rule

APIs

_strdup.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF684078D56
_strdup.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF684078E01

Strings

__Secure-, xrefs: 00007FF684078D70
FALSE, xrefs: 00007FF684078DDB
%s cookie %s="%s" for domain %s, path %s, expire %I64d, xrefs: 00007FF6840790A7
Added, xrefs: 00007FF68407909D
Replaced, xrefs: 00007FF684079091
__Host-, xrefs: 00007FF684078D8D

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: _strdup
String ID: %s cookie %s="%s" for domain %s, path %s, expire %I64d$Added$FALSE$Replaced$__Host-$__Secure-
API String ID: 1169197092-978722393
Opcode ID: e89d265a69367e9fb7c34e38e43304d511000fdf3773d4a6e3fcd46a4d4c2d38
Instruction ID: 45051df6f52bc6577482c0b6fa80ca0fbf4c9dc8d30c5f4de5ab43cef61b0645
Opcode Fuzzy Hash: e89d265a69367e9fb7c34e38e43304d511000fdf3773d4a6e3fcd46a4d4c2d38
Instruction Fuzzy Hash: 39714C62A0D786C5FB718B21A4C437B67B1BF54794F08403EDB8E86691EF2DE484E312

Function 00007FF68404F040 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 153COMMON

Download Yara Rule

Strings

invalid number; expected '+', '-', or digit after exponent, xrefs: 00007FF68404F466
invalid number; expected digit after '.', xrefs: 00007FF68404F2FF

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: invalid number; expected '+', '-', or digit after exponent$invalid number; expected digit after '.'
API String ID: 0-808606891
Opcode ID: 07070e74a38b1066fca4947df0a40e7fdc471d53dac74dc5c5d85d0a3db8fb05
Instruction ID: c9f806b2e395502e8fa567eeb4e9e00ee3010737438b3a47009f82c9ce45163c
Opcode Fuzzy Hash: 07070e74a38b1066fca4947df0a40e7fdc471d53dac74dc5c5d85d0a3db8fb05
Instruction Fuzzy Hash: C5614C72A08A41C5EB24DF28D48036E6761FF65B8CF944539CA1D877A5DF3DE885D340

Function 00007FF68406CDAA Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 142stringCOMMON

Download Yara Rule

APIs

_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68406D49F
strtoull.API-MS-WIN-CRT-CONVERT-L1-1-0 ref: 00007FF68406D4C9
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68406D4D2

Strings

invalid number; expected '+', '-', or digit after exponent, xrefs: 00007FF68406D2D4
invalid number; expected digit after '.', xrefs: 00007FF68406D1FE

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: _errno$strtoull
String ID: invalid number; expected '+', '-', or digit after exponent$invalid number; expected digit after '.'
API String ID: 642117244-808606891
Opcode ID: 98d42f262c17dd816a3d5d76244878c8a6e2570df487fdb33b40205c7b89c5ed
Instruction ID: e1ed2368c94229a8338bce89ee87b36f323b7af423d634dbff5cd4e7dd4189e8
Opcode Fuzzy Hash: 98d42f262c17dd816a3d5d76244878c8a6e2570df487fdb33b40205c7b89c5ed
Instruction Fuzzy Hash: D3611432A0CB0AC6EB649F24E48433A2761FF54B88F50453ACB4E87698DF3CE884C351

Function 00007FF684083A70 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 142stringCOMMON

Download Yara Rule

APIs

free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF684083B4C
strchr.VCRUNTIME140 ref: 00007FF684083B80
strtol.API-MS-WIN-CRT-CONVERT-L1-1-0 ref: 00007FF684083BA0
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF684083C24

Strings

Connecting to port: %d, xrefs: 00007FF684083C40
%s%s%s, xrefs: 00007FF684083B0F
Connecting to hostname: %s, xrefs: 00007FF684083BFB
anonymous, xrefs: 00007FF684083A80

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: free$strchrstrtol
String ID: %s%s%s$Connecting to hostname: %s$Connecting to port: %d$anonymous
API String ID: 137861075-1224060940
Opcode ID: 8d4a233b44dbc48a6a179b13297119cbb41492f9f71017406b7dfd01ab76d869
Instruction ID: 9d3d1701d293e2662164032914cc38e8a2794d34317e245eedad505ddd3dc25f
Opcode Fuzzy Hash: 8d4a233b44dbc48a6a179b13297119cbb41492f9f71017406b7dfd01ab76d869
Instruction Fuzzy Hash: DF51BF62A08BD2C5EB318F25A9803AB6790FF89B98F44453ADE8D87795CF3ED555C300

Function 00007FF684079130 Relevance: 13.8, APIs: 11, Instructions: 52COMMON

Download Yara Rule

APIs

free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF684079DF9,?,?,00000000,00007FF684080B39,?,?,00000000,00007FF684081075), ref: 00007FF68407915D
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF684079DF9,?,?,00000000,00007FF684080B39,?,?,00000000,00007FF684081075), ref: 00007FF684079187
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF684079DF9,?,?,00000000,00007FF684080B39,?,?,00000000,00007FF684081075), ref: 00007FF684079191
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF684079DF9,?,?,00000000,00007FF684080B39,?,?,00000000,00007FF684081075), ref: 00007FF68407919B
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF684079DF9,?,?,00000000,00007FF684080B39,?,?,00000000,00007FF684081075), ref: 00007FF6840791A5
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF684079DF9,?,?,00000000,00007FF684080B39,?,?,00000000,00007FF684081075), ref: 00007FF6840791AF
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF684079DF9,?,?,00000000,00007FF684080B39,?,?,00000000,00007FF684081075), ref: 00007FF6840791B9
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF684079DF9,?,?,00000000,00007FF684080B39,?,?,00000000,00007FF684081075), ref: 00007FF6840791C3
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF684079DF9,?,?,00000000,00007FF684080B39,?,?,00000000,00007FF684081075), ref: 00007FF6840791CD
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF684079DF9,?,?,00000000,00007FF684080B39,?,?,00000000,00007FF684081075), ref: 00007FF6840791D6
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF684079DF9,?,?,00000000,00007FF684080B39,?,?,00000000,00007FF684081075), ref: 00007FF6840791F1

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: free
String ID:
API String ID: 1294909896-0
Opcode ID: 236577dbf7bb203ca069bfa7b472e215313e47da6346e6954d20d22b83e46b93
Instruction ID: 2c3f8fa04bda6082a4d89d088d30b434d27e1a62cabca37f6068440194c0fc96
Opcode Fuzzy Hash: 236577dbf7bb203ca069bfa7b472e215313e47da6346e6954d20d22b83e46b93
Instruction Fuzzy Hash: 9221AB3AA18A91C2D750DF61E8D816A63B0FF88FA5F141036DE4E87725CE79D899C700

Function 00007FF6840ADF60 Relevance: 13.8, APIs: 11, Instructions: 29COMMON

Download Yara Rule

APIs

free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF6840ACF92,?,?,00000000,00007FF6840850AB,?,?,00000000,00007FF684080AF3,?,?,00000000,00007FF684081075), ref: 00007FF6840ADF6C
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF6840ACF92,?,?,00000000,00007FF6840850AB,?,?,00000000,00007FF684080AF3,?,?,00000000,00007FF684081075), ref: 00007FF6840ADF76
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF6840ACF92,?,?,00000000,00007FF6840850AB,?,?,00000000,00007FF684080AF3,?,?,00000000,00007FF684081075), ref: 00007FF6840ADF80
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF6840ACF92,?,?,00000000,00007FF6840850AB,?,?,00000000,00007FF684080AF3,?,?,00000000,00007FF684081075), ref: 00007FF6840ADF8A
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF6840ACF92,?,?,00000000,00007FF6840850AB,?,?,00000000,00007FF684080AF3,?,?,00000000,00007FF684081075), ref: 00007FF6840ADF94
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF6840ACF92,?,?,00000000,00007FF6840850AB,?,?,00000000,00007FF684080AF3,?,?,00000000,00007FF684081075), ref: 00007FF6840ADF9E
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF6840ACF92,?,?,00000000,00007FF6840850AB,?,?,00000000,00007FF684080AF3,?,?,00000000,00007FF684081075), ref: 00007FF6840ADFA8
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF6840ACF92,?,?,00000000,00007FF6840850AB,?,?,00000000,00007FF684080AF3,?,?,00000000,00007FF684081075), ref: 00007FF6840ADFB2
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF6840ACF92,?,?,00000000,00007FF6840850AB,?,?,00000000,00007FF684080AF3,?,?,00000000,00007FF684081075), ref: 00007FF6840ADFBC
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF6840ACF92,?,?,00000000,00007FF6840850AB,?,?,00000000,00007FF684080AF3,?,?,00000000,00007FF684081075), ref: 00007FF6840ADFC6
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF6840ACF92,?,?,00000000,00007FF6840850AB,?,?,00000000,00007FF684080AF3,?,?,00000000,00007FF684081075), ref: 00007FF6840ADFD0

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: free
String ID:
API String ID: 1294909896-0
Opcode ID: 1d84c8a59a3a33b28bf0f57a82db746be9173bac72c5cb000d001eb6440a98a1
Instruction ID: 73f9cbec46a1e270495065940d0dd5e894ecdcb996a1961746072d3a5299c800
Opcode Fuzzy Hash: 1d84c8a59a3a33b28bf0f57a82db746be9173bac72c5cb000d001eb6440a98a1
Instruction Fuzzy Hash: AF01B92AE14951C2D754DF65D8D803923B0FF8CF66B141036CE0E8A235DE78D8E9C740

Function 00007FF6840AF7B0 Relevance: 13.6, APIs: 5, Strings: 4, Instructions: 148COMMON

Download Yara Rule

APIs

free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,00000000,?,00000000,?,NTLM,?,00007FF684093128), ref: 00007FF6840AF940
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,00000000,?,00000000,?,NTLM,?,00007FF684093128), ref: 00007FF6840AF977
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,00000000,?,00000000,?,NTLM,?,00007FF684093128), ref: 00007FF6840AF99E

Strings

NTLM, xrefs: 00007FF6840AF7B6
HTTP, xrefs: 00007FF6840AF7C6
Proxy-, xrefs: 00007FF6840AF94E, 00007FF6840AF9FA
%sAuthorization: NTLM %s, xrefs: 00007FF6840AF958, 00007FF6840AFA04

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: free
String ID: %sAuthorization: NTLM %s$HTTP$NTLM$Proxy-
API String ID: 1294909896-3948863929
Opcode ID: cb1008db4b75b855c02e0c10aa1f22642e3ed388845649f09924b78b9fa0f944
Instruction ID: 9a225cec4410353700ed80d7f0976d65b1ddf071f71185189b785df2ed192bca
Opcode Fuzzy Hash: cb1008db4b75b855c02e0c10aa1f22642e3ed388845649f09924b78b9fa0f944
Instruction Fuzzy Hash: EC612536A08B82C6EBA0CB15E8883AB77A5FF84B84F00403ADA8D87764DF7CD555C701

Function 00007FF68406B580 Relevance: 13.6, APIs: 9, Instructions: 124COMMON

Download Yara Rule

APIs

?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ.MSVCP140 ref: 00007FF68406B5B7
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ.MSVCP140 ref: 00007FF68406B5C3
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ.MSVCP140 ref: 00007FF68406B5D9

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: D@std@@@std@@U?$char_traits@$?epptr@?$basic_streambuf@?pptr@?$basic_streambuf@Pninc@?$basic_streambuf@
String ID:
API String ID: 4060314879-0
Opcode ID: 01de81444fe7f2bab53abf222cd956e2c2f37a125a5ac1acc463110a705fbed3
Instruction ID: 175e0efd25f6c3c2c6f94f8c81f2e26dcb8477ced9d202d9f927ead57185e2aa
Opcode Fuzzy Hash: 01de81444fe7f2bab53abf222cd956e2c2f37a125a5ac1acc463110a705fbed3
Instruction Fuzzy Hash: 9741C322F08751C2EA029B76A5842BA63A0BF58BE4F080139DF1DC7BD1DE3CD496C310

Function 00007FF6840A6580 Relevance: 13.6, APIs: 3, Strings: 6, Instructions: 111stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF68407A5B0: __stdio_common_vsscanf.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF68407A5F4

strncmp.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF6840A669D
malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6840A66F5
memcpy.VCRUNTIME140 ref: 00007FF6840A671A

Strings

Unable to read the CSeq header: [%s], xrefs: 00007FF6840A65F2
: %ld, xrefs: 00007FF6840A65C1
Session:, xrefs: 00007FF6840A660E
CSeq:, xrefs: 00007FF6840A659D
Got a blank Session ID, xrefs: 00007FF6840A6647
Got RTSP Session ID Line [%s], but wanted ID [%s], xrefs: 00007FF6840A66AE

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: __stdio_common_vsscanfmallocmemcpystrncmp
String ID: : %ld$CSeq:$Got RTSP Session ID Line [%s], but wanted ID [%s]$Got a blank Session ID$Session:$Unable to read the CSeq header: [%s]
API String ID: 1392894463-1168109407
Opcode ID: 2353849a177cbcbba9085eaa15c96ce531cc083882f181b8cf4098a73a329d43
Instruction ID: 17694c63c3cfee58fe70c0733a0e3cc372daf66a1e65ad586a7bf427ad303646
Opcode Fuzzy Hash: 2353849a177cbcbba9085eaa15c96ce531cc083882f181b8cf4098a73a329d43
Instruction Fuzzy Hash: AB41A161E0CA82C2EB50DB25A9C02BB67A0BF45B84F4C4539EA9EDB7D5DF2DE501C710

Function 00007FF68408BFB0 Relevance: 12.5, APIs: 5, Strings: 2, Instructions: 227networkCOMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF68408C00A
malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF68408C10E
WSAIoctl.WS2_32 ref: 00007FF68408C267
setsockopt.WS2_32 ref: 00007FF68408C28F
malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF68408C386

Strings

We are completely uploaded and fine, xrefs: 00007FF68408C2FA
Failed to alloc scratch buffer!, xrefs: 00007FF68408C120

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: malloc$Ioctlsetsockopt
String ID: Failed to alloc scratch buffer!$We are completely uploaded and fine
API String ID: 3352517165-607151321
Opcode ID: aec9e1daadfd6b2eba953f43d8328ccf9e7019431e9ea4a1bf8904c1e73d87cc
Instruction ID: 980fc166fc40ffc217ffcda53bfac466c3ecd3d3eca457d64d9a0f472ea815d9
Opcode Fuzzy Hash: aec9e1daadfd6b2eba953f43d8328ccf9e7019431e9ea4a1bf8904c1e73d87cc
Instruction Fuzzy Hash: C9B18F32A4DB86C5EB658F2499843EA27A0FF45B98F084139CF4D8A789DF789495C311

Function 00007FF684042710 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 176COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6840491B0: memcpy.VCRUNTIME140(?,?,?,00007FF684042779,?,?,?,?,?,?,?,0000006E00000006,00000000,?,0000000100000000,00007FF684041A7E), ref: 00007FF6840492A3

Part of subcall function 00007FF6840491B0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,00007FF684042779,?,?,?,?,?,?,?,0000006E00000006,00000000,?,0000000100000000,00007FF684041A7E), ref: 00007FF68404927D
Part of subcall function 00007FF6840491B0: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF6840492BF

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,0000006E00000006,00000000,?,0000000100000000,00007FF684041A7E), ref: 00007FF684042997
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,0000006E00000006,00000000,?,0000000100000000,00007FF684041A7E), ref: 00007FF68404299E
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,0000006E00000006,00000000,?,0000000100000000,00007FF684041A7E), ref: 00007FF6840429A5
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,0000006E00000006,00000000,?,0000000100000000,00007FF684041A7E), ref: 00007FF6840429AC
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,0000006E00000006,00000000,?,0000000100000000,00007FF684041A7E), ref: 00007FF6840429B3

Strings

Y4fXNocay3, xrefs: 00007FF68404277D
2.8, xrefs: 00007FF68404279D

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_taskmemcpy
String ID: 2.8$Y4fXNocay3
API String ID: 2318677668-3372409175
Opcode ID: 41eda736f416a27eb45952499296369ebdf0309d209fd55224c7b5bd7cec7263
Instruction ID: 1c751f00318977fbec5d641cdec867b2444f6dcf9cd1143726a26c84952ff537
Opcode Fuzzy Hash: 41eda736f416a27eb45952499296369ebdf0309d209fd55224c7b5bd7cec7263
Instruction Fuzzy Hash: C4715A62A08B86C1EA20DB25E8D837E3361BF51BC4F41403DCA8D87AA6DF7DE494C340

Function 00007FF684052440 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 174COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF68404C3C0: memcpy.VCRUNTIME140(?,?,?,?,00007FF68404119B), ref: 00007FF68404C3F8

Part of subcall function 00007FF68404C3C0: memcpy.VCRUNTIME140(?,?,?,?,00007FF68404119B), ref: 00007FF68404C499

Part of subcall function 00007FF684043CB0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF684043E73

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68405252A
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF684052579
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF6840525B8
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF684052607
__std_exception_copy.VCRUNTIME140 ref: 00007FF68405265A
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF6840526AB

Strings

parse_error, xrefs: 00007FF6840524B5

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$memcpy$__std_exception_copy
String ID: parse_error
API String ID: 2484256320-3903021949
Opcode ID: 1ce5e2a91f1b759885d8fb5230b26e6ab9208db82c65edec517d5cdce130265e
Instruction ID: aed3dc8f82ab288a1391433aaeaa6488689708128d92242e4c536d62d3fd64cc
Opcode Fuzzy Hash: 1ce5e2a91f1b759885d8fb5230b26e6ab9208db82c65edec517d5cdce130265e
Instruction Fuzzy Hash: 12719162F14A42C9EB10DB75E4803BE2361FF547A8F105339DA6DA6AD9EE3CE084C340

Function 00007FF68405D1B0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 157COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68405E26C
__std_exception_destroy.VCRUNTIME140 ref: 00007FF68405E29A
__std_exception_destroy.VCRUNTIME140 ref: 00007FF68405E2A7
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68405E2E0
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68405E332

Strings

value, xrefs: 00007FF68405E1CC

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$__std_exception_destroy
String ID: value
API String ID: 1346393832-494360628
Opcode ID: 05d1fe4779a3e33b3737455aa13704ef5ac668f39179eaeacce6db6384c569e9
Instruction ID: 0441d5d8685ac2b0ddfbe788500818bc411b1589c1d46caa2ffbbca237d48e36
Opcode Fuzzy Hash: 05d1fe4779a3e33b3737455aa13704ef5ac668f39179eaeacce6db6384c569e9
Instruction Fuzzy Hash: B361B562E18B81C5FB00CB78E4853AE6361FF857A4F105739EA9D92AD9DF6CE085C740

Function 00007FF68405E3F0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 155COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68405F452
__std_exception_destroy.VCRUNTIME140 ref: 00007FF68405F47E
__std_exception_destroy.VCRUNTIME140 ref: 00007FF68405F48B
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68405F4C5
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68405F518

Strings

value, xrefs: 00007FF68405F3B5

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$__std_exception_destroy
String ID: value
API String ID: 1346393832-494360628
Opcode ID: 8231dd6ac417d0defb5af280270a6b63a6a64430f9b2b457d54b74d689c4d495
Instruction ID: 82691b0dde385c7757b400dba8ec0a88b6ce5d0712920fbd5b42eea877e299ef
Opcode Fuzzy Hash: 8231dd6ac417d0defb5af280270a6b63a6a64430f9b2b457d54b74d689c4d495
Instruction Fuzzy Hash: 17618462E18B86C5EB00DB79D4843AE6361FF457A8F104739EA6D92AD9DF7CE081C704

Function 00007FF6840662B0 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 116COMMON

Download Yara Rule

APIs

getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(?,?,?,?,?,?,?,?,?,00000000,00000000,00007FF68406279E), ref: 00007FF6840662D7
__std_fs_code_page.MSVCPRT ref: 00007FF68406635B
__std_fs_convert_wide_to_narrow.LIBCPMT ref: 00007FF6840663A1
__std_fs_convert_wide_to_narrow.LIBCPMT ref: 00007FF6840663D9

Strings

ALLUSERSPROFILE, xrefs: 00007FF6840662D0
current_path(), xrefs: 00007FF684066412
", xrefs: 00007FF684066378

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: __std_fs_convert_wide_to_narrow$__std_fs_code_pagegetenv
String ID: "$ALLUSERSPROFILE$current_path()
API String ID: 1312788774-2599894315
Opcode ID: 9d9fc603f0128d483cded6c753f2aadf6d5920afa59710756b7859b5dbc4015b
Instruction ID: ff8ea39fb2c67a00635bacfb775c0f9c5560e24b5f49a561d9e46b6c620de58a
Opcode Fuzzy Hash: 9d9fc603f0128d483cded6c753f2aadf6d5920afa59710756b7859b5dbc4015b
Instruction Fuzzy Hash: DB41E222E2C782C2E7509F21A5902BBA661FF947D4F145639EB5E83A86DF7CE0D1C740

Function 00007FF68405B690 Relevance: 12.1, APIs: 8, Instructions: 133COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140 ref: 00007FF68405B79E
memcpy.VCRUNTIME140 ref: 00007FF68405B7AE
memcpy.VCRUNTIME140 ref: 00007FF68405B7BE
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68405B7F2
memcpy.VCRUNTIME140 ref: 00007FF68405B7FC
memcpy.VCRUNTIME140 ref: 00007FF68405B80C
memcpy.VCRUNTIME140 ref: 00007FF68405B81B
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF68405B848

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: memcpy$Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
String ID:
API String ID: 1775671525-0
Opcode ID: bd0270364365b950f00053c234b6ea5eddfc34cb00b369f2b9fea811336a0384
Instruction ID: e3543d91a2de1a22c8f425c56d81003f3b11537b5566cdc5698df990be77aedb
Opcode Fuzzy Hash: bd0270364365b950f00053c234b6ea5eddfc34cb00b369f2b9fea811336a0384
Instruction Fuzzy Hash: 7D41B162708A85C1EE20DF16A5846AAA361FF44BD4F444639EFAE97BC9DF3CE140C304

Function 00007FF68407E920 Relevance: 12.1, APIs: 8, Instructions: 129COMMON

Download Yara Rule

APIs

_strdup.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF68407E966
_strdup.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF68407E992
_strdup.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF68407E9BE

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: _strdup
String ID:
API String ID: 1169197092-0
Opcode ID: 0d0dc56d1a14ed3c47d37207053793dc72b803be03eb677f01c24dc3b000db43
Instruction ID: 09a3078f82d21bf2eeb8af4ec28323baa2dc9ecdf6509b7ba105533e4d043353
Opcode Fuzzy Hash: 0d0dc56d1a14ed3c47d37207053793dc72b803be03eb677f01c24dc3b000db43
Instruction Fuzzy Hash: BB510D2661AB91C2EB95CF55A08012977B4FF48B84B08117AEF9D43B45EF2DE4E1C740

Function 00007FF684060110 Relevance: 12.1, APIs: 8, Instructions: 64COMMON

Download Yara Rule

APIs

?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ.MSVCP140 ref: 00007FF68406012D
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ.MSVCP140 ref: 00007FF68406013B
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ.MSVCP140 ref: 00007FF684060143
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ.MSVCP140 ref: 00007FF68406014F
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ.MSVCP140 ref: 00007FF68406015B
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z.MSVCP140 ref: 00007FF684060198
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z.MSVCP140 ref: 00007FF6840601A6
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF6840601CC

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: D@std@@@std@@U?$char_traits@$?eback@?$basic_streambuf@$?egptr@?$basic_streambuf@?epptr@?$basic_streambuf@?pptr@?$basic_streambuf@?setg@?$basic_streambuf@?setp@?$basic_streambuf@D00@_invalid_parameter_noinfo_noreturn
String ID:
API String ID: 3548242540-0
Opcode ID: 78ce68a4615c2ea9c355b4ab6d7337ad2983796efdf07f051f3995579ea083d4
Instruction ID: 3c2c044ede0f691352e2310f4597908bfe48ae8b6c648554e426d7b84110bdf3
Opcode Fuzzy Hash: 78ce68a4615c2ea9c355b4ab6d7337ad2983796efdf07f051f3995579ea083d4
Instruction Fuzzy Hash: 94116621F55B42C2FA14DF75A8A833A22A1BF89BE5F14013CDA5E86BE4EF3C9445C610

Function 00007FF684079300 Relevance: 11.3, APIs: 9, Instructions: 68COMMON

Download Yara Rule

APIs

free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF68407937A
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF684079384
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF68407938E
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF684079398
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6840793A2
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6840793AC
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6840793B6
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6840793C0
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6840793C9

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: free
String ID:
API String ID: 1294909896-0
Opcode ID: e11dcf402101bbd2ab2fb51d68396bc55f6db62fd9203dd325ee244a60494153
Instruction ID: 171014e82df95b72c6d5d2784c7a6c75b160df5b3aa28b6585a1e5d2fcc5b16e
Opcode Fuzzy Hash: e11dcf402101bbd2ab2fb51d68396bc55f6db62fd9203dd325ee244a60494153
Instruction Fuzzy Hash: A831E736A08A91C2E7509F51E89412A67B4FF88FE5F084036DE8D87B69CF7DD895C700

Function 00007FF684079220 Relevance: 11.3, APIs: 9, Instructions: 52COMMON

Download Yara Rule

APIs

free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF684079267
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF684079271
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF68407927B
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF684079285
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF68407928F
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF684079299
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6840792A3
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6840792AD
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6840792B6

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: free
String ID:
API String ID: 1294909896-0
Opcode ID: 724426f40b970118e676b92283394d933f38cccffd79957ab4d68307f84e61de
Instruction ID: c40c6605ea22a05829fc4eeea2d1314a3686493a5c2700eb74fd29094ee91c42
Opcode Fuzzy Hash: 724426f40b970118e676b92283394d933f38cccffd79957ab4d68307f84e61de
Instruction Fuzzy Hash: D321763AA08A91C2E750DF61E89402A73B4FF88BA5F140536DE8D87769CF7DD499CB40

Function 00007FF684079420 Relevance: 11.3, APIs: 9, Instructions: 32COMMON

Download Yara Rule

APIs

free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF684079439
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF684079443
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF68407944D
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF684079457
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF684079461
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF68407946B
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF684079475
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF68407947F
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF684079488

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: free
String ID:
API String ID: 1294909896-0
Opcode ID: 24aad61765fb371559719b25e44a52fbd0b755cf9a324cd1c795ed68a70edf68
Instruction ID: 5b78e8156e55aef776cc68438cb5ac0a11b0dda4d7b5faf94c2893f7d1e08b14
Opcode Fuzzy Hash: 24aad61765fb371559719b25e44a52fbd0b755cf9a324cd1c795ed68a70edf68
Instruction Fuzzy Hash: 81017929A18A51C2EB44DF61E9D842963B0FF8CFA6B041036CD4E87635CE7CD8E9C740

Function 00007FF6840B1FD0 Relevance: 10.9, APIs: 5, Strings: 2, Instructions: 424stringCOMMON

Download Yara Rule

APIs

strchr.VCRUNTIME140(?,?,?,?,?,?,?,?,00000000,?,00007FF6840B13E3), ref: 00007FF6840B2078
memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,00000000,?,00007FF6840B13E3), ref: 00007FF6840B20BA
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,00000000,?,00007FF6840B13E3), ref: 00007FF6840B215F
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,00000000,?,00007FF6840B13E3), ref: 00007FF6840B2172
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6840B2657

Strings

Failed to encode DOH packet [%d], xrefs: 00007FF6840B21B1
%s?dns=%s, xrefs: 00007FF6840B2148

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: free$memcpystrchr
String ID: %s?dns=%s$Failed to encode DOH packet [%d]
API String ID: 1438451818-3030351490
Opcode ID: 36fec14e1bbd67fccae0dda245758d614816c572b2a40c3942353d4171865a80
Instruction ID: b7eedb50983269d58aee642517bf2126e4083b1644028923f3f4c6feb7bf28fe
Opcode Fuzzy Hash: 36fec14e1bbd67fccae0dda245758d614816c572b2a40c3942353d4171865a80
Instruction Fuzzy Hash: BC029B61B087C386E711DBA689887BB2796FF95B88F44443DDE0DC7B8ADE68D841C305

Function 00007FF684064D3C Relevance: 10.9, APIs: 7, Instructions: 365COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140 ref: 00007FF684064D85
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF684064EF4

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturnmemcpy
String ID:
API String ID: 931391446-0
Opcode ID: 2562d930ac40b19a94c735b89cf790d78e249dd8e07283ee6e0bd7dea48cefed
Instruction ID: bae4e957ceed27196d12846eddddd0211c005df5641620397e4d2e7a604fec7a
Opcode Fuzzy Hash: 2562d930ac40b19a94c735b89cf790d78e249dd8e07283ee6e0bd7dea48cefed
Instruction Fuzzy Hash: D9029B62A087C6C8EB218B64D8843EE6761FF55798F404239DB9E5BADADF78D1C4C340

Function 00007FF684044E60 Relevance: 10.7, APIs: 7, Instructions: 247COMMON

Download Yara Rule

APIs

__std_fs_code_page.MSVCPRT ref: 00007FF684044EB3
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF684044F1A
memset.VCRUNTIME140 ref: 00007FF684044FC9

Part of subcall function 00007FF6840488C0: ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ.MSVCP140 ref: 00007FF6840488FB
Part of subcall function 00007FF6840488C0: ??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z.MSVCP140 ref: 00007FF68404891A
Part of subcall function 00007FF6840488C0: ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ.MSVCP140 ref: 00007FF68404894C
Part of subcall function 00007FF6840488C0: ?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ.MSVCP140 ref: 00007FF684048967
Part of subcall function 00007FF6840488C0: ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z.MSVCP140 ref: 00007FF6840489B6

memcmp.VCRUNTIME140 ref: 00007FF684045058
memcmp.VCRUNTIME140 ref: 00007FF6840450CD
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF6840451D8
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF6840451DF

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: U?$char_traits@$D@std@@@std@@$_invalid_parameter_noinfo_noreturn$memcmp$??0?$basic_ios@??0?$basic_istream@??0?$basic_streambuf@?setstate@?$basic_ios@D@std@@@1@_Init@?$basic_streambuf@V?$basic_streambuf@__std_fs_code_pagememset
String ID:
API String ID: 2198800852-0
Opcode ID: 96e04a60a0dea7c5fbb7d0be3f201897ce63114416915f333ca16fbb785a6cff
Instruction ID: 6de3e6251715596b6ddb2adcbb11f62d5f0a5f0245e3ad9eb823e49bbc22be39
Opcode Fuzzy Hash: 96e04a60a0dea7c5fbb7d0be3f201897ce63114416915f333ca16fbb785a6cff
Instruction Fuzzy Hash: 20A1D162B08685D1EA20DB15D0843BE6361FF65BC8F50403ADB9D8BA96DF7DE885D380

Function 00007FF684073E30 Relevance: 10.7, APIs: 4, Strings: 3, Instructions: 217stringCOMMON

Download Yara Rule

APIs

strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,00007FF684073DF8), ref: 00007FF684073F45
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,00007FF684073DF8), ref: 00007FF684073F5F

Strings

I64, xrefs: 00007FF684073F55, 00007FF684073FBF
Internal error removing splay node = %d, xrefs: 00007FF684073E42
I32, xrefs: 00007FF684073F35, 00007FF684073F95

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: strncmp
String ID: I32$I64$Internal error removing splay node = %d
API String ID: 1114863663-13178787
Opcode ID: c612636b00941bb0d968f6a997d5425309f41637d4633a51da22dce9a178c224
Instruction ID: 0c7aaa6b1876cae1d3b2ab3f021c3091e2a9f699f4ccd00df4477573a6c07c39
Opcode Fuzzy Hash: c612636b00941bb0d968f6a997d5425309f41637d4633a51da22dce9a178c224
Instruction Fuzzy Hash: 50A19032A0CA52C6E7218B14E48477E7BB4FB59B8CF46813ADA9D86255DF3DD208C741

Function 00007FF684048200 Relevance: 10.7, APIs: 7, Instructions: 183COMMON

Download Yara Rule

APIs

fgetc.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF6840482B2

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: fgetc
String ID:
API String ID: 2807381905-0
Opcode ID: 15340b8e76f80d9301a0cdae3e2f7caaf9d294c23945ee6541366021856f8643
Instruction ID: a850099755c15cdb0c1cea74f605f41b3701d3323a30c2e622541d80c70c6447
Opcode Fuzzy Hash: 15340b8e76f80d9301a0cdae3e2f7caaf9d294c23945ee6541366021856f8643
Instruction Fuzzy Hash: 35917937B18A41C9EB108F65D4802AD37B0FB987A8F545A3ADA5D93B98DF38D494D310

Function 00007FF684096540 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 165stringCOMMON

Download Yara Rule

APIs

_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FF68407A3BA,?,?,?,?,?,?,?,00007FF68407A187), ref: 00007FF684096551
strchr.VCRUNTIME140(?,?,?,00000000,TRUE,?,00000000,00000000,00000000,?), ref: 00007FF6840966F3
strchr.VCRUNTIME140(?,?,?,00000000,TRUE,?,00000000,00000000,00000000,?), ref: 00007FF684096710

Strings

TRUE, xrefs: 00007FF68409667C
0123456789abcdef, xrefs: 00007FF6840966E2, 00007FF6840966EC
0123456789ABCDEF, xrefs: 00007FF684096702, 00007FF684096709

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: strchr$_errno
String ID: 0123456789ABCDEF$0123456789abcdef$TRUE
API String ID: 2644425738-1191287149
Opcode ID: 19e0d8a6545280a39074cb474d7240d372549f18391b478acce31439f1a51c10
Instruction ID: 612513612bbc51eca558f5144df36fea5e0699294eff2cc71151f2d9cacbb50d
Opcode Fuzzy Hash: 19e0d8a6545280a39074cb474d7240d372549f18391b478acce31439f1a51c10
Instruction Fuzzy Hash: BC510562F0C786C1EE618B2594D057BAB90BF95B88F944939DE8D87789EE3DE541C300

Function 00007FF684078DA9 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 153COMMON

Download Yara Rule

APIs

_strdup.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF684078DAC

Part of subcall function 00007FF684096330: strchr.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF684079D59), ref: 00007FF684096366

_strdup.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF684078E01

Strings

FALSE, xrefs: 00007FF684078DDB
%s cookie %s="%s" for domain %s, path %s, expire %I64d, xrefs: 00007FF6840790A7
Added, xrefs: 00007FF68407909D
Replaced, xrefs: 00007FF684079091

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: _strdup$strchr
String ID: %s cookie %s="%s" for domain %s, path %s, expire %I64d$Added$FALSE$Replaced
API String ID: 3404610657-2292467869
Opcode ID: 7d7d9bdf5c698196913900de261d88f93add4d8f50983a08f8cd2f90cc65448f
Instruction ID: 8c74a65e6ef73145ca075bd5aa28430bfdd8de33231a1f79e779ceae90f59e0b
Opcode Fuzzy Hash: 7d7d9bdf5c698196913900de261d88f93add4d8f50983a08f8cd2f90cc65448f
Instruction Fuzzy Hash: 9B614C62A0D786C5FB718B25A5D437B67B1BF44794F08003ADB8E86791DF2EE484E312

Function 00007FF6840571F0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 144COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF68404C3C0: memcpy.VCRUNTIME140(?,?,?,?,00007FF68404119B), ref: 00007FF68404C3F8

Part of subcall function 00007FF68404C3C0: memcpy.VCRUNTIME140(?,?,?,?,00007FF68404119B), ref: 00007FF68404C499

Part of subcall function 00007FF684043CB0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF684043E73

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF6840572BE
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68405730D
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68405734C
__std_exception_copy.VCRUNTIME140 ref: 00007FF684057398
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF6840573E5

Strings

invalid_iterator, xrefs: 00007FF684057256

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$memcpy$__std_exception_copy
String ID: invalid_iterator
API String ID: 2484256320-2508626007
Opcode ID: 5ed6dbc9a48e8f8dd430e8fab2fb15630dfbfd7bcb5350e8d440697e21c01665
Instruction ID: 11ebb69817c63e99a9c0109171968b64c5b462e245bd6071ed3c43c4fec79bb9
Opcode Fuzzy Hash: 5ed6dbc9a48e8f8dd430e8fab2fb15630dfbfd7bcb5350e8d440697e21c01665
Instruction Fuzzy Hash: E351A362F18B42D5EB00DB75D4803AE2361FF557A8F105339EA6D93AD9EE2CE195D300

Function 00007FF684087D50 Relevance: 10.6, APIs: 4, Strings: 3, Instructions: 144COMMON

Download Yara Rule

APIs

free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6840B0A74
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6840B0A9A
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6840B0AA8

Strings

stale, xrefs: 00007FF6840B09FF
true, xrefs: 00007FF6840B0A14
Digest, xrefs: 00007FF684087D78

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: free
String ID: Digest$stale$true
API String ID: 1294909896-2487968700
Opcode ID: 856f2025eab7895e7ca4470ecb7e355778202c4ac5b276e812be7926a17a38d0
Instruction ID: 29dd4a4a9bdb710f211402affea7b070dd9a27c670951693f5616119d9b43ded
Opcode Fuzzy Hash: 856f2025eab7895e7ca4470ecb7e355778202c4ac5b276e812be7926a17a38d0
Instruction Fuzzy Hash: 60515F22A08A82D1FB608B25E9D03BA73E0FF84B94F544139DA9DD76C6EF2CE555C704

Function 00007FF68404C040 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 144COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF68404C3C0: memcpy.VCRUNTIME140(?,?,?,?,00007FF68404119B), ref: 00007FF68404C3F8

Part of subcall function 00007FF68404C3C0: memcpy.VCRUNTIME140(?,?,?,?,00007FF68404119B), ref: 00007FF68404C499

Part of subcall function 00007FF684043CB0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF684043E73

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68404C10E
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68404C15D
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68404C19C
__std_exception_copy.VCRUNTIME140 ref: 00007FF68404C1E8
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68404C235

Strings

type_error, xrefs: 00007FF68404C0A6

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$memcpy$__std_exception_copy
String ID: type_error
API String ID: 2484256320-1406221190
Opcode ID: 733d880df8a4bbcf6e852e2bc2a124678c135d29bcf1648add04835b104a964c
Instruction ID: 47959bcac70eae8870976a8d12aac9a3ad08ccea1a2a1bd9950f7e8cef6ff2be
Opcode Fuzzy Hash: 733d880df8a4bbcf6e852e2bc2a124678c135d29bcf1648add04835b104a964c
Instruction Fuzzy Hash: 5C51A362F18B42D5FB10DB75D4803AE2361FF597A8F10533ADA6D92AD9EE2CE195C300

Function 00007FF68404D3B0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 142COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF68404C3C0: memcpy.VCRUNTIME140(?,?,?,?,00007FF68404119B), ref: 00007FF68404C3F8

Part of subcall function 00007FF68404C3C0: memcpy.VCRUNTIME140(?,?,?,?,00007FF68404119B), ref: 00007FF68404C499

Part of subcall function 00007FF684043CB0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF684043E73

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68404D482
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68404D4D1
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68404D510
__std_exception_copy.VCRUNTIME140 ref: 00007FF68404D560
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68404D5AD

Strings

other_error, xrefs: 00007FF68404D417

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$memcpy$__std_exception_copy
String ID: other_error
API String ID: 2484256320-896093151
Opcode ID: 01b70a6a201622379a0fcf26651f76e5499b20ac347b88902697740af46eeb2c
Instruction ID: caa128b7d4ea0a541529ff56ef3cadf32e1feb18f4d9192c8b822992349ae7a5
Opcode Fuzzy Hash: 01b70a6a201622379a0fcf26651f76e5499b20ac347b88902697740af46eeb2c
Instruction Fuzzy Hash: F5519362E04B46D5EB10DB75D4803AE2361FF597A8F50533AEA6C96AD9DF2CE194C300

Function 00007FF684054EA0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 142COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF68404C3C0: memcpy.VCRUNTIME140(?,?,?,?,00007FF68404119B), ref: 00007FF68404C3F8

Part of subcall function 00007FF68404C3C0: memcpy.VCRUNTIME140(?,?,?,?,00007FF68404119B), ref: 00007FF68404C499

Part of subcall function 00007FF684043CB0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF684043E73

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF684054F72
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF684054FC1
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF684055000
__std_exception_copy.VCRUNTIME140 ref: 00007FF684055050
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68405509D

Strings

out_of_range, xrefs: 00007FF684054F07

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$memcpy$__std_exception_copy
String ID: out_of_range
API String ID: 2484256320-3053435996
Opcode ID: 0e683bc9670512e3906f4092e2b2d6e70aae8aaad1e645ad342e01c57568f849
Instruction ID: 0f718ee9bf46ff43014967a5a06ce566314b0de132e1fd4069e3320cee60b4a3
Opcode Fuzzy Hash: 0e683bc9670512e3906f4092e2b2d6e70aae8aaad1e645ad342e01c57568f849
Instruction Fuzzy Hash: 3A518162E18B82D5EB10DB65D4803AE2361FF597A8F405339EA6C56AD9DF2CE194C340

Function 00007FF684058F50 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 142COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF68404C3C0: memcpy.VCRUNTIME140(?,?,?,?,00007FF68404119B), ref: 00007FF68404C3F8

Part of subcall function 00007FF68404C3C0: memcpy.VCRUNTIME140(?,?,?,?,00007FF68404119B), ref: 00007FF68404C499

Part of subcall function 00007FF684043CB0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF684043E73

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF684059022
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF684059071
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF6840590B0
__std_exception_copy.VCRUNTIME140 ref: 00007FF684059100
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68405914D

Strings

type_error, xrefs: 00007FF684058FB7

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$memcpy$__std_exception_copy
String ID: type_error
API String ID: 2484256320-1406221190
Opcode ID: 7dfaca2aff1c52614702f73080e9c1088288ea855c7f1a8901f22eb568eb260a
Instruction ID: 0bdbb05122dc560af298f5010e0c9e6d10fb3e7744e8e2be57da499ba4f4bda9
Opcode Fuzzy Hash: 7dfaca2aff1c52614702f73080e9c1088288ea855c7f1a8901f22eb568eb260a
Instruction Fuzzy Hash: C851A262E04B82D8EB10DB75D4803AE2361FF587A8F405739EA6C96AD9DF2CE194C300

Function 00007FF68404D0F0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 142COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF68404C3C0: memcpy.VCRUNTIME140(?,?,?,?,00007FF68404119B), ref: 00007FF68404C3F8

Part of subcall function 00007FF68404C3C0: memcpy.VCRUNTIME140(?,?,?,?,00007FF68404119B), ref: 00007FF68404C499

Part of subcall function 00007FF684043CB0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF684043E73

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68404D1C2
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68404D211
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68404D250
__std_exception_copy.VCRUNTIME140 ref: 00007FF68404D2A0
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68404D2ED

Strings

type_error, xrefs: 00007FF68404D157

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$memcpy$__std_exception_copy
String ID: type_error
API String ID: 2484256320-1406221190
Opcode ID: 68c66c01c25f2a8babfe7f9ed8184e27cb858112e4e6280c39d203db4d86206e
Instruction ID: ec65bc0256dedee8bd9e8e1302e412bc4323ceb8d7e37e452df773683e67565b
Opcode Fuzzy Hash: 68c66c01c25f2a8babfe7f9ed8184e27cb858112e4e6280c39d203db4d86206e
Instruction Fuzzy Hash: 7E519172E14B86D4EB10CB65D4803AE2360FF597A8F009339EA5C52AD9EF6CE194C340

Function 00007FF684050AE0 Relevance: 10.6, APIs: 7, Instructions: 131COMMON

Download Yara Rule

APIs

?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ.MSVCP140(0000006E00000006,?,00000000,00000000,0000000F,00007FF684046FAB), ref: 00007FF684050B5F
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z.MSVCP140(0000006E00000006,?,00000000,00000000,0000000F,00007FF684046FAB), ref: 00007FF684050BB6
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z.MSVCP140(0000006E00000006,?,00000000,00000000,0000000F,00007FF684046FAB), ref: 00007FF684050BE3
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z.MSVCP140(?,00000000,00000000,0000000F,00007FF684046FAB), ref: 00007FF684050C06
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z.MSVCP140(?,00000000,00000000,0000000F,00007FF684046FAB), ref: 00007FF684050C4C
?uncaught_exception@std@@YA_NXZ.MSVCP140(?,00000000,00000000,0000000F,00007FF684046FAB), ref: 00007FF684050C53
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ.MSVCP140(?,00000000,00000000,0000000F,00007FF684046FAB), ref: 00007FF684050C60

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: D@std@@@std@@U?$char_traits@$?sputc@?$basic_streambuf@$?flush@?$basic_ostream@?setstate@?$basic_ios@?sputn@?$basic_streambuf@?uncaught_exception@std@@Osfx@?$basic_ostream@V12@
String ID:
API String ID: 1492985063-0
Opcode ID: d33b8abf8af6216a2d3c7c327e7b4ec8a8c139db3470449fdc41a0ad0e4ea6ee
Instruction ID: 69ed1bed1301a0c0d5a59d2b7d7f70e90a8445d5929465e97e1cdde95dad63dc
Opcode Fuzzy Hash: d33b8abf8af6216a2d3c7c327e7b4ec8a8c139db3470449fdc41a0ad0e4ea6ee
Instruction Fuzzy Hash: 2A511022619A41C2EA208F19D5D423EABA0FF85F95F668539CE5E937A0DF39D446C300

Function 00007FF6840AF460 Relevance: 10.6, APIs: 3, Strings: 4, Instructions: 129COMMON

Download Yara Rule

APIs

free.API-MS-WIN-CRT-HEAP-L1-1-0(?,Negotiate,?,00007FF684093106), ref: 00007FF6840AF5BD
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,Negotiate,?,00007FF684093106), ref: 00007FF6840AF5D3
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6840AF5E5

Strings

Negotiate, xrefs: 00007FF6840AF466, 00007FF6840AF542
Curl_output_negotiate, no persistent authentication: cleanup existing context, xrefs: 00007FF6840AF511
%sAuthorization: Negotiate %s, xrefs: 00007FF6840AF59E
Proxy-, xrefs: 00007FF6840AF58D

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: free
String ID: %sAuthorization: Negotiate %s$Curl_output_negotiate, no persistent authentication: cleanup existing context$Negotiate$Proxy-
API String ID: 1294909896-1255959952
Opcode ID: b4ae401fda2d6b3550a5e6fe799174b36d49b281ee9c742f0ba86cee9c0150ca
Instruction ID: 4b915b417a2284424752637fbf6564d3b1479a22ce2d41e5f81937a4c4023e39
Opcode Fuzzy Hash: b4ae401fda2d6b3550a5e6fe799174b36d49b281ee9c742f0ba86cee9c0150ca
Instruction Fuzzy Hash: 5D51BD22E08682D6FB21CB65E4C02BA2790FF40B94F48403ADA8CD7791EF3DE465C750

Function 00007FF68408AFA0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 106COMMON

Download Yara Rule

APIs

fseek.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF68408B0EA

Strings

seek callback returned error %d, xrefs: 00007FF68408B03E
necessary data rewind wasn't possible, xrefs: 00007FF68408B0F5
Cannot rewind mime/post data, xrefs: 00007FF68408B120
the ioctl callback returned %d, xrefs: 00007FF68408B095
ioctl callback returned error %d, xrefs: 00007FF68408B0AF

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: fseek
String ID: Cannot rewind mime/post data$ioctl callback returned error %d$necessary data rewind wasn't possible$seek callback returned error %d$the ioctl callback returned %d
API String ID: 623662203-959247533
Opcode ID: 5de02ce979b79a16e9d1e982747456c0288ae879287f64a714ccbac509e18158
Instruction ID: be043f0612089befab954d4f9dbbe5affb02d17dd621975e45520eb1122bc7e5
Opcode Fuzzy Hash: 5de02ce979b79a16e9d1e982747456c0288ae879287f64a714ccbac509e18158
Instruction Fuzzy Hash: 8E417761B58642C1EB54DF2699843BA23A1FF89B94F881039DE0DCF78ADE7DE481C710

Function 00007FF6840AED60 Relevance: 10.6, APIs: 4, Strings: 3, Instructions: 83COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF68409AB80: realloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF68407FF39,?,?,?,?,00007FF68407F2DB), ref: 00007FF68409ABA8
Part of subcall function 00007FF68409AB80: GetEnvironmentVariableA.KERNEL32(?,?,?,00007FF68407FF39,?,?,?,?,00007FF68407F2DB), ref: 00007FF68409ABCE
Part of subcall function 00007FF68409AB80: realloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF68407FF39,?,?,?,?,00007FF68407F2DB), ref: 00007FF68409ABEF
Part of subcall function 00007FF68409AB80: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF68407FF39,?,?,?,?,00007FF68407F2DB), ref: 00007FF68409AC00

free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6840AEDFF
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6840AEE48
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6840AEE51

Strings

%s%s.netrc, xrefs: 00007FF6840AEDBF
%s%s_netrc, xrefs: 00007FF6840AEE14
HOME, xrefs: 00007FF6840AED99

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: free$realloc$EnvironmentVariable
String ID: %s%s.netrc$%s%s_netrc$HOME
API String ID: 4174189579-3384076093
Opcode ID: cc6066385937efad528a1198f2ce5c2d90bd52225e61cc8a90b3d90624d8da05
Instruction ID: d336478c3c2cd8701d355155c73d4a88e9e05e05ba87af62d4d8675738b58317
Opcode Fuzzy Hash: cc6066385937efad528a1198f2ce5c2d90bd52225e61cc8a90b3d90624d8da05
Instruction Fuzzy Hash: 7831A731A0CB52C1EA10DB16B8841AB63A0FF48BD4F48453AED8C97765EF3CE545C780

Function 00007FF68404B5F0 Relevance: 10.6, APIs: 7, Instructions: 71COMMON

Download Yara Rule

APIs

??0_Lockit@std@@QEAA@H@Z.MSVCP140 ref: 00007FF68404B61D
??Bid@locale@std@@QEAA_KXZ.MSVCP140 ref: 00007FF68404B637
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ.MSVCP140 ref: 00007FF68404B669
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z.MSVCP140 ref: 00007FF68404B694
std::_Facet_Register.LIBCPMT ref: 00007FF68404B6AD
??1_Lockit@std@@QEAA@XZ.MSVCP140 ref: 00007FF68404B6CC
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF68404B6F7

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: Lockit@std@@$??0_??1_Bid@locale@std@@Concurrency::cancel_current_taskD@std@@Facet_Getcat@?$ctype@Getgloballocale@locale@std@@Locimp@12@RegisterV42@@Vfacet@locale@2@std::_
String ID:
API String ID: 3790006010-0
Opcode ID: f08aa6f66354e4c5da6f9b99104fb983d8cc56c51dd2f8a086d6a38ea95eb317
Instruction ID: d9be7a1bb6b6bf38051e4572d39810a8d97a65933ed7a2c37d22ae9dfa02e611
Opcode Fuzzy Hash: f08aa6f66354e4c5da6f9b99104fb983d8cc56c51dd2f8a086d6a38ea95eb317
Instruction Fuzzy Hash: 2C314F22A08B45C1EB649F25E49016B7770FFA8BD8F480639DA9E87BA5DF3CE454C700

Function 00007FF68404BE00 Relevance: 10.6, APIs: 7, Instructions: 71COMMON

Download Yara Rule

APIs

??0_Lockit@std@@QEAA@H@Z.MSVCP140(?,?,?,?,?,?,00000000,00007FF68404B25A), ref: 00007FF68404BE2D
??Bid@locale@std@@QEAA_KXZ.MSVCP140(?,?,?,?,?,?,00000000,00007FF68404B25A), ref: 00007FF68404BE47
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ.MSVCP140(?,?,?,?,?,?,00000000,00007FF68404B25A), ref: 00007FF68404BE79
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z.MSVCP140(?,?,?,?,?,?,00000000,00007FF68404B25A), ref: 00007FF68404BEA4
std::_Facet_Register.LIBCPMT ref: 00007FF68404BEBD
??1_Lockit@std@@QEAA@XZ.MSVCP140(?,?,?,?,?,?,00000000,00007FF68404B25A), ref: 00007FF68404BEDC
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF68404BF07

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: Lockit@std@@$??0_??1_Bid@locale@std@@Concurrency::cancel_current_taskFacet_Getcat@?$codecvt@Getgloballocale@locale@std@@Locimp@12@Mbstatet@@@std@@RegisterV42@@Vfacet@locale@2@std::_
String ID:
API String ID: 762505753-0
Opcode ID: 5e01878f125e7231926093e7bdf42e0a635cc13540f0a5d970c766dc126fd259
Instruction ID: 503a75af8ced951c82746d2b04c4cc55580e452ad50ee8626b0f5acc0742fc71
Opcode Fuzzy Hash: 5e01878f125e7231926093e7bdf42e0a635cc13540f0a5d970c766dc126fd259
Instruction Fuzzy Hash: FB313C22A08B46C1EA249F12E48016A7370FFA8BD8F480639DB9E87B65DF3CE555C700

Function 00007FF68406E6B0 Relevance: 10.6, APIs: 7, Instructions: 70COMMON

Download Yara Rule

APIs

?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ.MSVCP140 ref: 00007FF68406E6FC
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ.MSVCP140 ref: 00007FF68406E70A
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ.MSVCP140 ref: 00007FF68406E716
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ.MSVCP140 ref: 00007FF68406E73A
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ.MSVCP140 ref: 00007FF68406E74B
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ.MSVCP140 ref: 00007FF68406E759
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ.MSVCP140 ref: 00007FF68406E765

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: D@std@@@std@@U?$char_traits@$?pptr@?$basic_streambuf@$?eback@?$basic_streambuf@?egptr@?$basic_streambuf@?epptr@?$basic_streambuf@?gptr@?$basic_streambuf@?pbase@?$basic_streambuf@
String ID:
API String ID: 2869409680-0
Opcode ID: 3e417acb1497fbfbe7a2ef8c0f4dfddc95c0233a6d927cde783718bd2aa23060
Instruction ID: 5efd67845dcc82cad5eea1f68428ab51225d8db84807ec05387e76d6bee98802
Opcode Fuzzy Hash: 3e417acb1497fbfbe7a2ef8c0f4dfddc95c0233a6d927cde783718bd2aa23060
Instruction Fuzzy Hash: 0A21BF62E18B82C1EB159F21A88466A67A0FF95FC4F084139DE8E83B64DF3CD4D5C740

Function 00007FF68406E850 Relevance: 10.6, APIs: 7, Instructions: 55COMMON

Download Yara Rule

APIs

?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ.MSVCP140 ref: 00007FF68406E862
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ.MSVCP140 ref: 00007FF68406E877
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ.MSVCP140 ref: 00007FF68406E898
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ.MSVCP140 ref: 00007FF68406E8C0
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ.MSVCP140 ref: 00007FF68406E8CC
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z.MSVCP140 ref: 00007FF68406E8DE
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ.MSVCP140 ref: 00007FF68406E8E7

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: D@std@@@std@@U?$char_traits@$?gptr@?$basic_streambuf@$?eback@?$basic_streambuf@?egptr@?$basic_streambuf@?pptr@?$basic_streambuf@?setg@?$basic_streambuf@D00@
String ID:
API String ID: 1210260451-0
Opcode ID: c177bac2188691ff1d4d917977eb0d29e4dfd1277919924ec515a437e75aeb35
Instruction ID: cad3abae13d62016e674efd03ef814968636dafd72ac45d9c72b648cfffe2c45
Opcode Fuzzy Hash: c177bac2188691ff1d4d917977eb0d29e4dfd1277919924ec515a437e75aeb35
Instruction Fuzzy Hash: 1C116D21E09B95C2EA419B26B68413A67A0BF49FD0F48043CDF5E57F95DF2CD492C760

Function 00007FF6840850C0 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 46stringCOMMON

Download Yara Rule

APIs

strtoul.API-MS-WIN-CRT-CONVERT-L1-1-0(?,?,?,?,?,?,?,?,?,00007FF68408243C), ref: 00007FF6840850F5
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,00007FF68408243C), ref: 00007FF684085121
strerror.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,00007FF68408243C), ref: 00007FF684085129
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,00007FF68408243C), ref: 00007FF68408514B
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,00007FF68408243C), ref: 00007FF684085162

Strings

Invalid zoneid: %s; %s, xrefs: 00007FF684085134

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: free$_errnostrerrorstrtoul
String ID: Invalid zoneid: %s; %s
API String ID: 439826447-2159854051
Opcode ID: 9756b61cddbcdcd4deeea024d3a40c443a7b283f7a550faef10e1ddb4154df75
Instruction ID: 42c13033f3c2271d459754241a84f7b92baa96f227eff05cffebd8798007974c
Opcode Fuzzy Hash: 9756b61cddbcdcd4deeea024d3a40c443a7b283f7a550faef10e1ddb4154df75
Instruction Fuzzy Hash: BB113022A09A42C2EF50DB65E8C417A63A0FFC9B59F540039DA5D87BA4DE3CD889C700

Function 00007FF684084FF0 Relevance: 10.0, APIs: 8, Instructions: 36COMMON

Download Yara Rule

APIs

free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FF684080AF3,?,?,00000000,00007FF684081075), ref: 00007FF684085004
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FF684080AF3,?,?,00000000,00007FF684081075), ref: 00007FF68408501A
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FF684080AF3,?,?,00000000,00007FF684081075), ref: 00007FF68408502E
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FF684080AF3,?,?,00000000,00007FF684081075), ref: 00007FF684085042
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FF684080AF3,?,?,00000000,00007FF684081075), ref: 00007FF684085056
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FF684080AF3,?,?,00000000,00007FF684081075), ref: 00007FF68408506A
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FF684080AF3,?,?,00000000,00007FF684081075), ref: 00007FF68408507E
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FF684080AF3,?,?,00000000,00007FF684081075), ref: 00007FF684085092

Part of subcall function 00007FF6840ACF80: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FF6840850AB,?,?,00000000,00007FF684080AF3,?,?,00000000,00007FF684081075), ref: 00007FF6840ACF95

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: free
String ID:
API String ID: 1294909896-0
Opcode ID: 5003987b014b47f24ed155500f404a42e8ec8e749dd90c37285b786f354bfd7c
Instruction ID: 20c75aa70625decf528e323936fdda9307341c973ace8ee5b37620f43dd7e262
Opcode Fuzzy Hash: 5003987b014b47f24ed155500f404a42e8ec8e749dd90c37285b786f354bfd7c
Instruction Fuzzy Hash: 4911543A908E81C1D740DF61E9D40E923E4FBC9BAAB180136DE4E8E669DF7490A5C610

Function 00007FF68407EAD0 Relevance: 10.0, APIs: 8, Instructions: 33COMMON

Download Yara Rule

APIs

free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FF6840822D6,?,?,?,00007FF684080FEC), ref: 00007FF68407EAE1
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FF6840822D6,?,?,?,00007FF684080FEC), ref: 00007FF68407EAF1
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FF6840822D6,?,?,?,00007FF684080FEC), ref: 00007FF68407EAFF
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FF6840822D6,?,?,?,00007FF684080FEC), ref: 00007FF68407EB0D
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FF6840822D6,?,?,?,00007FF684080FEC), ref: 00007FF68407EB1B
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FF6840822D6,?,?,?,00007FF684080FEC), ref: 00007FF68407EB29
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FF6840822D6,?,?,?,00007FF684080FEC), ref: 00007FF68407EB37
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FF6840822D6,?,?,?,00007FF684080FEC), ref: 00007FF68407EB45

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: free
String ID:
API String ID: 1294909896-0
Opcode ID: e883815722c5bbc57823aa3e768bf2f5cd21de75d423c11894fd6dfea7572e31
Instruction ID: 4445f4c3603a538bc6639cbc9530df72239e5f3f8ff80b83f5ecccf7ba653329
Opcode Fuzzy Hash: e883815722c5bbc57823aa3e768bf2f5cd21de75d423c11894fd6dfea7572e31
Instruction Fuzzy Hash: 7201493A908A51C2D7449F61E5D812973E8FB88FAAB10112ACE4E86629CF78D4A9C640

Function 00007FF68407A240 Relevance: 10.0, APIs: 8, Instructions: 23COMMON

Download Yara Rule

APIs

free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF684079D59), ref: 00007FF68407A24D
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF684079D59), ref: 00007FF68407A257
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF684079D59), ref: 00007FF68407A261
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF684079D59), ref: 00007FF68407A26B
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF684079D59), ref: 00007FF68407A275
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF684079D59), ref: 00007FF68407A27F
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF684079D59), ref: 00007FF68407A289
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF684079D59), ref: 00007FF68407A293

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: free
String ID:
API String ID: 1294909896-0
Opcode ID: 122ba8865d073139b219c9cbe59c17a0b87aa5a145bf6f966e267ae82bce3926
Instruction ID: 0f44bd2b6f969ed9394dd7383b054a14371bd02941910544c6c76a12842950f4
Opcode Fuzzy Hash: 122ba8865d073139b219c9cbe59c17a0b87aa5a145bf6f966e267ae82bce3926
Instruction Fuzzy Hash: D4F0E42AA14951C2D754DFA2E8D802923B0FF8CF66B141036CD0E8A235CE78D8E9C640

Function 00007FF68406E177 Relevance: 9.2, APIs: 6, Instructions: 159COMMON

Download Yara Rule

APIs

?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ.MSVCP140 ref: 00007FF68406E1F8
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ.MSVCP140 ref: 00007FF68406E20E
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ.MSVCP140 ref: 00007FF68406E229
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z.MSVCP140 ref: 00007FF68406E2DC
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ.MSVCP140 ref: 00007FF68406E2F0
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z.MSVCP140 ref: 00007FF68406E302

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: D@std@@@std@@U?$char_traits@$D00@$?eback@?$basic_streambuf@?epptr@?$basic_streambuf@?gptr@?$basic_streambuf@?pptr@?$basic_streambuf@?setg@?$basic_streambuf@?setp@?$basic_streambuf@
String ID:
API String ID: 2849800682-0
Opcode ID: 8fe1b38005505addbf593d4c580ddc8b5a908bec17e285d33585f04ce8b251ee
Instruction ID: 673ceaad2d515fcc2b5f30dbd73b396af527b394336f082a9d8ebddd9a4c405c
Opcode Fuzzy Hash: 8fe1b38005505addbf593d4c580ddc8b5a908bec17e285d33585f04ce8b251ee
Instruction Fuzzy Hash: 42418132A0A752C6EFAA4F3A958933B7691BF04B94F144138CF5F82794DF3CA482C640

Function 00007FF684090350 Relevance: 9.1, APIs: 5, Strings: 1, Instructions: 137COMMON

Download Yara Rule

APIs

free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6840903E8
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6840903F1
memcpy.VCRUNTIME140 ref: 00007FF68409040C
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF68409056C
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF684090575

Strings

1.1, xrefs: 00007FF68409035F

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: free$memcpy
String ID: 1.1
API String ID: 4107583993-2150719395
Opcode ID: e8dd6914026635c5d2ef617e904371cdeee4448ba79735c15029e630777cf029
Instruction ID: 8fae995380bf8b20f5ff7bfa43be1c8578fdc55c2faa194c3ceadcf636f3643e
Opcode Fuzzy Hash: e8dd6914026635c5d2ef617e904371cdeee4448ba79735c15029e630777cf029
Instruction Fuzzy Hash: D7515B72608B85C6D6A48F26E9803AB77A4FB49B84F148039DF9E87755DF3DE0A5C700

Function 00007FF68404CE90 Relevance: 9.1, APIs: 6, Instructions: 112COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,?,?,?,?,00007FF68404ACF8), ref: 00007FF68404CF84
memcpy.VCRUNTIME140(?,?,?,?,?,?,00007FF68404ACF8), ref: 00007FF68404CF92
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,00007FF68404ACF8), ref: 00007FF68404CFCB
memcpy.VCRUNTIME140(?,?,?,?,?,?,00007FF68404ACF8), ref: 00007FF68404CFD5
memcpy.VCRUNTIME140(?,?,?,?,?,?,00007FF68404ACF8), ref: 00007FF68404CFE3
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF68404D018

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: memcpy$Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
String ID:
API String ID: 1775671525-0
Opcode ID: bba463771a00061b01fdc418636a7e0c1e9d679ed3ff795c268c3de7682a9f49
Instruction ID: c5ed2adf7311e4f93482496662e66a8d76b02244fe95bfd2dd4202ac7527138a
Opcode Fuzzy Hash: bba463771a00061b01fdc418636a7e0c1e9d679ed3ff795c268c3de7682a9f49
Instruction Fuzzy Hash: 3541C162B08646C1EA309B12A58436FA351BF14BD8F444639DF9E8BBC6DF3CE140D315

Function 00007FF684088130 Relevance: 9.1, APIs: 6, Instructions: 99COMMON

Download Yara Rule

APIs

VerSetConditionMask.KERNEL32 ref: 00007FF684088215
VerSetConditionMask.KERNEL32 ref: 00007FF684088224
VerSetConditionMask.KERNEL32 ref: 00007FF684088236
VerSetConditionMask.KERNEL32 ref: 00007FF684088248
VerSetConditionMask.KERNEL32 ref: 00007FF68408825E
VerifyVersionInfoA.KERNEL32 ref: 00007FF684088271

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: ConditionMask$InfoVerifyVersion
String ID:
API String ID: 2793162063-0
Opcode ID: 8f408ca3503e87afcc84a6c6398a3bc1b5520e4c765e81d1078e0296109e99a6
Instruction ID: 17854acc376bf55dbc128a1f117bad6fb12ee305ebe0ee8c134779bd707077af
Opcode Fuzzy Hash: 8f408ca3503e87afcc84a6c6398a3bc1b5520e4c765e81d1078e0296109e99a6
Instruction Fuzzy Hash: C041B033E5CA92C6E6708B11A9647BBA7A0FFE5300F05523DE9C942A55DE3DE581EB00

Function 00007FF68404B180 Relevance: 9.1, APIs: 6, Instructions: 85COMMON

Download Yara Rule

APIs

?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z.MSVCP140 ref: 00007FF68404B1BA
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ.MSVCP140 ref: 00007FF68404B1D7
_get_stream_buffer_pointers.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF68404B200
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ.MSVCP140 ref: 00007FF68404B24B

Part of subcall function 00007FF68404BE00: ??0_Lockit@std@@QEAA@H@Z.MSVCP140(?,?,?,?,?,?,00000000,00007FF68404B25A), ref: 00007FF68404BE2D
Part of subcall function 00007FF68404BE00: ??Bid@locale@std@@QEAA_KXZ.MSVCP140(?,?,?,?,?,?,00000000,00007FF68404B25A), ref: 00007FF68404BE47
Part of subcall function 00007FF68404BE00: ?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ.MSVCP140(?,?,?,?,?,?,00000000,00007FF68404B25A), ref: 00007FF68404BE79
Part of subcall function 00007FF68404BE00: ?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z.MSVCP140(?,?,?,?,?,?,00000000,00007FF68404B25A), ref: 00007FF68404BEA4
Part of subcall function 00007FF68404BE00: std::_Facet_Register.LIBCPMT ref: 00007FF68404BEBD
Part of subcall function 00007FF68404BE00: ??1_Lockit@std@@QEAA@XZ.MSVCP140(?,?,?,?,?,?,00000000,00007FF68404B25A), ref: 00007FF68404BEDC

?always_noconv@codecvt_base@std@@QEBA_NXZ.MSVCP140 ref: 00007FF68404B260
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ.MSVCP140 ref: 00007FF68404B277

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: D@std@@@std@@U?$char_traits@$Init@?$basic_streambuf@Lockit@std@@$??0_??1_?always_noconv@codecvt_base@std@@?getloc@?$basic_streambuf@Bid@locale@std@@Facet_Fiopen@std@@Getcat@?$codecvt@Getgloballocale@locale@std@@Locimp@12@Mbstatet@@@std@@RegisterU_iobuf@@V42@@Vfacet@locale@2@Vlocale@2@_get_stream_buffer_pointersstd::_
String ID:
API String ID: 3911317180-0
Opcode ID: 6d11de9bccbcca062ff2073877efb767d97b081e9a1167cba498922b59b8f0c4
Instruction ID: 1a954e272c88faa21d933a1286ebb89b155f27b9a2c6692eed945ba46384b9fa
Opcode Fuzzy Hash: 6d11de9bccbcca062ff2073877efb767d97b081e9a1167cba498922b59b8f0c4
Instruction Fuzzy Hash: CF315732A19B46C2EB609F25A98466A73A4FF98FC8F040039DA8E87B58DF3CD054C740

Function 00007FF68406E350 Relevance: 9.1, APIs: 6, Instructions: 83COMMON

Download Yara Rule

APIs

?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ.MSVCP140 ref: 00007FF68406E376
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ.MSVCP140 ref: 00007FF68406E38C
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ.MSVCP140 ref: 00007FF68406E3A7
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z.MSVCP140 ref: 00007FF68406E3F7
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ.MSVCP140 ref: 00007FF68406E40B
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z.MSVCP140 ref: 00007FF68406E41D

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: D@std@@@std@@U?$char_traits@$D00@$?eback@?$basic_streambuf@?epptr@?$basic_streambuf@?gptr@?$basic_streambuf@?pptr@?$basic_streambuf@?setg@?$basic_streambuf@?setp@?$basic_streambuf@
String ID:
API String ID: 2849800682-0
Opcode ID: eb5163eb5fd1b2dd38a8edd1230076511407c43b0b8afc35f401cdfc8d185aae
Instruction ID: fe8e0b50e4a11d0e89f82130b2b0134215135d47c3ebe6eaa605f3af9f243502
Opcode Fuzzy Hash: eb5163eb5fd1b2dd38a8edd1230076511407c43b0b8afc35f401cdfc8d185aae
Instruction Fuzzy Hash: 90315021A09B51C5EA559F26AA8837B6690BF48FE4F08053CDF5E87B90DF7CE4D2C640

Function 00007FF68407AAF0 Relevance: 9.1, APIs: 6, Instructions: 52COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?,?,?,00000000), ref: 00007FF68407AB23
LeaveCriticalSection.KERNEL32(?,?,?,00000000), ref: 00007FF68407AB37
CloseHandle.KERNEL32 ref: 00007FF68407AB44
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00000000), ref: 00007FF68407AB66
closesocket.WS2_32 ref: 00007FF68407AB84
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00000000), ref: 00007FF68407AB9D

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: CriticalSectionfree$CloseEnterHandleLeaveclosesocket
String ID:
API String ID: 469868127-0
Opcode ID: 9d77cf97d3dd94289c113b3f5874c1fe4c36f853213a7426328a02fcde803e66
Instruction ID: e006aa801cb259c0109ea48b42035e65fa3a04bac75be818dccc1c43a19816c0
Opcode Fuzzy Hash: 9d77cf97d3dd94289c113b3f5874c1fe4c36f853213a7426328a02fcde803e66
Instruction Fuzzy Hash: 3821E526A08B41C6E6209F52E58426A6370FF89B90F044139DF8E83B52DF7AE4A5C701

Function 00007FF68406AEC0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 196COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,00000010), ref: 00007FF68406B084
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,00000010), ref: 00007FF68406B0D3

Part of subcall function 00007FF68404CE90: memcpy.VCRUNTIME140(?,?,?,?,?,?,00007FF68404ACF8), ref: 00007FF68404CF84
Part of subcall function 00007FF68404CE90: memcpy.VCRUNTIME140(?,?,?,?,?,?,00007FF68404ACF8), ref: 00007FF68404CF92

Part of subcall function 00007FF68404CE90: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,00007FF68404ACF8), ref: 00007FF68404CFCB
Part of subcall function 00007FF68404CE90: memcpy.VCRUNTIME140(?,?,?,?,?,?,00007FF68404ACF8), ref: 00007FF68404CFD5
Part of subcall function 00007FF68404CE90: memcpy.VCRUNTIME140(?,?,?,?,?,?,00007FF68404ACF8), ref: 00007FF68404CFE3
Part of subcall function 00007FF68404CE90: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF68404D018

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,00000010), ref: 00007FF68406B112
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,00000010), ref: 00007FF68406B161

Strings

[json.exception., xrefs: 00007FF68406AF2A

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$memcpy$Concurrency::cancel_current_task
String ID: [json.exception.
API String ID: 73660495-791563284
Opcode ID: 50a169a9b886d07dbfc40a9b8f693939edf98e1ee38dbadfe7e7240148894614
Instruction ID: 44e8d5d033ccbf4d8ba2b8c14d3884ac31f1ca058f21f494f9f5aae77dca31d7
Opcode Fuzzy Hash: 50a169a9b886d07dbfc40a9b8f693939edf98e1ee38dbadfe7e7240148894614
Instruction Fuzzy Hash: 29817F62B18B46C5FB00CB64D4843AE2331FF957A8F504639DA6D96BD9DF7CE185C240

Function 00007FF684043590 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 162COMMON

Download Yara Rule

APIs

__std_fs_code_page.MSVCPRT ref: 00007FF6840435EF

Part of subcall function 00007FF6840BDBC0: ___lc_codepage_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,?,00007FF6840435F4), ref: 00007FF6840BDBC4
Part of subcall function 00007FF6840BDBC0: AreFileApisANSI.KERNEL32(?,?,?,?,00007FF6840435F4), ref: 00007FF6840BDBD3

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF684043769

Part of subcall function 00007FF68404CB90: memcpy.VCRUNTIME140(?,?,?,?,?,?,?,00000000,?,?,?,00007FF684049045), ref: 00007FF68404CC6F

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF6840437B7

Strings

: ", xrefs: 00007FF68404369F
", ", xrefs: 00007FF6840436D2

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$ApisFile___lc_codepage_func__std_fs_code_pagememcpy
String ID: ", "$: "
API String ID: 2077005984-747220369
Opcode ID: c27543c3e5653693d9eb150a5c4ab83a7efb3fda78952b32471401d245e52635
Instruction ID: 58956f22aa0f8a9958825f5884232952f59863bf2e3b1bb98d9ce13919bdd803
Opcode Fuzzy Hash: c27543c3e5653693d9eb150a5c4ab83a7efb3fda78952b32471401d245e52635
Instruction Fuzzy Hash: 2A616762B14B418AEB20DF65E4807AE2371FB58B9CF00953ADE5D97B89DE38D055C384

Function 00007FF684078D38 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 155COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6840963E0: _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF684079D59), ref: 00007FF684096401

_strdup.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF684078E01

Strings

FALSE, xrefs: 00007FF684078DDB
%s cookie %s="%s" for domain %s, path %s, expire %I64d, xrefs: 00007FF6840790A7
Added, xrefs: 00007FF68407909D
Replaced, xrefs: 00007FF684079091

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: _errno_strdup
String ID: %s cookie %s="%s" for domain %s, path %s, expire %I64d$Added$FALSE$Replaced
API String ID: 2151398962-2292467869
Opcode ID: 32ee72b3bad2a6ab19b4697144a170ca4b94b334b729e1da7f01ca7a978cd6c7
Instruction ID: c8301d144708e6f915b52bc1dc6b9f7eb979049659ffe06742308f1173cfc4fb
Opcode Fuzzy Hash: 32ee72b3bad2a6ab19b4697144a170ca4b94b334b729e1da7f01ca7a978cd6c7
Instruction Fuzzy Hash: 5F615F62A0D786C5FB718B2194C43BB67B1BF44794F08003ADB8D86691DF2DE844E312

Function 00007FF684073650 Relevance: 8.9, APIs: 7, Instructions: 141COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140 ref: 00007FF68407371C
malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF684073768
memcpy.VCRUNTIME140 ref: 00007FF68407379A
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6840737CC
malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6840737D7
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF684073855
memcpy.VCRUNTIME140 ref: 00007FF684073878

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: memcpy$freemalloc
String ID:
API String ID: 3313557100-0
Opcode ID: 91e7a434831de679f0de08126bbf2b097460883ab83f5ca03a87c3906e6f2e2c
Instruction ID: f2ae52f4798dbfb64efc3aec9fd6b1cbe487f4fb70471870d5694a4833e8b201
Opcode Fuzzy Hash: 91e7a434831de679f0de08126bbf2b097460883ab83f5ca03a87c3906e6f2e2c
Instruction Fuzzy Hash: 7661FC13E18BC5C6E7119B35D9412F96320FBA9788F41A325EE8D56A5BEF68E2D4C300

Function 00007FF684043F50 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 141COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF684044112
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF684044153

Strings

>, xrefs: 00007FF68404405B
, column , xrefs: 00007FF6840440B0
at line , xrefs: 00007FF68404407F

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID: at line $, column $>
API String ID: 3668304517-1466611262
Opcode ID: 00882d304056da878f86d5817e14e2589f32648ab85675b3a87b9845aecc3a4c
Instruction ID: c3c333c049829b549b6e98d7583f69a2dfdec976764fefe01f43b8a05589d2b5
Opcode Fuzzy Hash: 00882d304056da878f86d5817e14e2589f32648ab85675b3a87b9845aecc3a4c
Instruction Fuzzy Hash: 6A51C472A18B85C2EA20DB25E0803AEB761FB99BD4F404236DB9D47B99DF3CD145CB40

Function 00007FF684090DE0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 134COMMON

Download Yara Rule

APIs

free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF684090FED
_strdup.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF684091005

Strings

Forcing HTTP/1.1 for NTLM, xrefs: 00007FF684090EA9
The requested URL returned error: %d, xrefs: 00007FF684090F8E

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: _strdupfree
String ID: Forcing HTTP/1.1 for NTLM$The requested URL returned error: %d
API String ID: 1865132094-1204028548
Opcode ID: 29d0968c2b84b10ca83d8a6f300e2813c472982773e8d41990bc2775817a843d
Instruction ID: aaaf7439576cf1f6908879ea921c243b8ff7b00d397ad075ac174b75f4630b07
Opcode Fuzzy Hash: 29d0968c2b84b10ca83d8a6f300e2813c472982773e8d41990bc2775817a843d
Instruction Fuzzy Hash: 7C518532A0C682C1FB648B2495D03BB2B91FF45794F68413DDA4DCBA96EF2EE950C711

Function 00007FF68408B450 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 92COMMON

Download Yara Rule

APIs

_strdup.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF68408B545
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF68408B5A4

Strings

Connection died, retrying a fresh connect, xrefs: 00007FF68408B52F
Connection died, tried %d times before giving up, xrefs: 00007FF68408B508
REFUSED_STREAM, retrying a fresh connect, xrefs: 00007FF68408B4DB

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: _strdupfree
String ID: Connection died, retrying a fresh connect$Connection died, tried %d times before giving up$REFUSED_STREAM, retrying a fresh connect
API String ID: 1865132094-195851662
Opcode ID: de18f5c6648f63eb59fa09185a57bbec85e0afbe45011833a6c5bab62526b43f
Instruction ID: 6a7ec5cfc78f3e41ce3c2b98a962c3f1d37da5706849d2df28d9c9f8c3a3c4f6
Opcode Fuzzy Hash: de18f5c6648f63eb59fa09185a57bbec85e0afbe45011833a6c5bab62526b43f
Instruction Fuzzy Hash: 5341C522B49A86C1EB55DB25E9903AE27A0FF84B88F485035EB4DC7796CF7CD490C700

Function 00007FF684077898 Relevance: 7.8, APIs: 4, Strings: 1, Instructions: 297COMMON

Download Yara Rule

APIs

free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6840779E8
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF684077A2F
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF684077A5A

Part of subcall function 00007FF6840767A0: free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6840767EE
Part of subcall function 00007FF6840767A0: free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF684076805

free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF684077A8F

Strings

Resolving timed out after %I64d milliseconds, xrefs: 00007FF684076DD6

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: free
String ID: Resolving timed out after %I64d milliseconds
API String ID: 1294909896-3343404259
Opcode ID: d474b412fa9f6bc6b68beee52d9ac1ea6dcd8c6f932fb5a16a01f9dd1a97b0db
Instruction ID: b0f5b8342a422d17666a5565ae25d061aa834ea0ce296ca484e1500d6d466ef5
Opcode Fuzzy Hash: d474b412fa9f6bc6b68beee52d9ac1ea6dcd8c6f932fb5a16a01f9dd1a97b0db
Instruction Fuzzy Hash: A4D19F61A0D686C5FB249F6994803BE23B1FF44B8CF04553ACE0E9769ADF3AE541C352

Function 00007FF6840489F0 Relevance: 7.7, APIs: 5, Instructions: 186COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140 ref: 00007FF684048A54

Part of subcall function 00007FF6840BE310: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,0000000100000000,00007FF68404C47E,?,?,?,?,00007FF68404119B), ref: 00007FF6840BE32A

localeconv.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FF684048AE5
memset.VCRUNTIME140 ref: 00007FF684048B20
memset.VCRUNTIME140 ref: 00007FF684048B7D
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF684048C4D

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: memset$_invalid_parameter_noinfo_noreturnlocaleconvmalloc
String ID:
API String ID: 4120556116-0
Opcode ID: aca268ce0600bd6c87c05b4e6e99bd65ef1b8c08c786ea833555ed0de7ed6575
Instruction ID: fb0184b26d8f4f9ca8fa89c588b4b001597912e11a870938dd873a866c898577
Opcode Fuzzy Hash: aca268ce0600bd6c87c05b4e6e99bd65ef1b8c08c786ea833555ed0de7ed6575
Instruction Fuzzy Hash: 66818E33A04B8186E720DF25D8903AE77A0FB98B98F188639DA8D87755DF3CD485C740

Function 00007FF68408A310 Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 127COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140 ref: 00007FF68408A3B8
calloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF68408A438
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF68408A4E2

Strings

allocate connect buffer!, xrefs: 00007FF68408A45F
CONNECT phase completed!, xrefs: 00007FF68408A523

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: callocfreememset
String ID: CONNECT phase completed!$allocate connect buffer!
API String ID: 3505321882-591125384
Opcode ID: 5df088f42047ef61d671fa01b3da81d69a118745e8c236a2928cb02cd7f18850
Instruction ID: 51facced75924793de34d5bdc5846cfeaec8dac94ac4c958ce14decb38f5ed93
Opcode Fuzzy Hash: 5df088f42047ef61d671fa01b3da81d69a118745e8c236a2928cb02cd7f18850
Instruction Fuzzy Hash: E4519232A08BC2C6EB589B25DA883BA7390FF84748F045039CF5C87A91CF79E5A5C704

Function 00007FF6840488C0 Relevance: 7.6, APIs: 5, Instructions: 74COMMON

Download Yara Rule

APIs

??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ.MSVCP140 ref: 00007FF6840488FB
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z.MSVCP140 ref: 00007FF68404891A
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ.MSVCP140 ref: 00007FF68404894C
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ.MSVCP140 ref: 00007FF684048967
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z.MSVCP140 ref: 00007FF6840489B6

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: U?$char_traits@$D@std@@@std@@$??0?$basic_ios@??0?$basic_istream@??0?$basic_streambuf@?setstate@?$basic_ios@D@std@@@1@_Init@?$basic_streambuf@V?$basic_streambuf@
String ID:
API String ID: 1184074665-0
Opcode ID: 36efe0cf8498bdce60566f789f773af8637e017f9e3e2cacbbd19cf0e6178b84
Instruction ID: b9eef3a6b686d8c81c5a29a7bb240d7e3c5900534074ca0517293cfd166a977e
Opcode Fuzzy Hash: 36efe0cf8498bdce60566f789f773af8637e017f9e3e2cacbbd19cf0e6178b84
Instruction Fuzzy Hash: F9313A72A05B81C5EB10DF25EA9472A77A1FB45B89F048139CA4D83B24CF3DD56AC740

Function 00007FF68404A069 Relevance: 7.6, APIs: 5, Instructions: 71COMMON

Download Yara Rule

APIs

??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ.MSVCP140 ref: 00007FF68404A0AF
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z.MSVCP140 ref: 00007FF68404A0CE
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ.MSVCP140 ref: 00007FF68404A100
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ.MSVCP140 ref: 00007FF68404A11B
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z.MSVCP140 ref: 00007FF68404A168

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: U?$char_traits@$D@std@@@std@@$??0?$basic_ios@??0?$basic_ostream@??0?$basic_streambuf@?setstate@?$basic_ios@D@std@@@1@_Init@?$basic_streambuf@V?$basic_streambuf@
String ID:
API String ID: 1830095303-0
Opcode ID: 66a719390e75bdd5aafbe7d01f3baa3d29bfbf40bed87e6b0437d88fcaa2e848
Instruction ID: 4e5844f34ae4dbaf3d6de22697d3cf17621fa4798173555f684c3ea82cd0b542
Opcode Fuzzy Hash: 66a719390e75bdd5aafbe7d01f3baa3d29bfbf40bed87e6b0437d88fcaa2e848
Instruction Fuzzy Hash: 64316D32B09B81C5EB109F29E99476A77A0FF89B99F048039CA4D83B64DF3CD055C750

Function 00007FF68404A070 Relevance: 7.6, APIs: 5, Instructions: 71COMMON

Download Yara Rule

APIs

??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ.MSVCP140 ref: 00007FF68404A0AF
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z.MSVCP140 ref: 00007FF68404A0CE
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ.MSVCP140 ref: 00007FF68404A100
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ.MSVCP140 ref: 00007FF68404A11B
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z.MSVCP140 ref: 00007FF68404A168

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: U?$char_traits@$D@std@@@std@@$??0?$basic_ios@??0?$basic_ostream@??0?$basic_streambuf@?setstate@?$basic_ios@D@std@@@1@_Init@?$basic_streambuf@V?$basic_streambuf@
String ID:
API String ID: 1830095303-0
Opcode ID: da6b95756efa0e59ce8e1a150cf64de23a0fc9648f3a8dedb06ee2e264fe522f
Instruction ID: 22fbcf1e04551d18c1cf76862f6fbc263af38df6f2accc73a77331f2af36321c
Opcode Fuzzy Hash: da6b95756efa0e59ce8e1a150cf64de23a0fc9648f3a8dedb06ee2e264fe522f
Instruction Fuzzy Hash: C5315932B05B81C9EB209F29E99476A77A0FF89B99F048039CA4D83B64DF3CD059C750

Function 00007FF684055DFA Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 69COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6840571F0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF6840572BE
Part of subcall function 00007FF6840571F0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68405730D
Part of subcall function 00007FF6840571F0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68405734C

_CxxThrowException.VCRUNTIME140 ref: 00007FF684055E2C

Part of subcall function 00007FF68404C040: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68404C10E
Part of subcall function 00007FF68404C040: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68404C15D
Part of subcall function 00007FF68404C040: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68404C19C

_CxxThrowException.VCRUNTIME140 ref: 00007FF684055E6D

Part of subcall function 00007FF6840571F0: __std_exception_copy.VCRUNTIME140 ref: 00007FF684057398
Part of subcall function 00007FF6840571F0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF6840573E5

_CxxThrowException.VCRUNTIME140 ref: 00007FF684055EA5

Strings

iterator does not fit current value, xrefs: 00007FF684055E73
iterator out of range, xrefs: 00007FF684055DFA

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$ExceptionThrow$__std_exception_copy
String ID: iterator does not fit current value$iterator out of range
API String ID: 3586130244-1046077056
Opcode ID: a256f99d3c86dbaec2a8df62834edc97bd27fc1d66b5a4d5107c364ebdf20331
Instruction ID: 8bdb5244ec1e0cb358cc6073fe65c6af93020f5765bb97e68ac957c1c0dbc362
Opcode Fuzzy Hash: a256f99d3c86dbaec2a8df62834edc97bd27fc1d66b5a4d5107c364ebdf20331
Instruction Fuzzy Hash: D721622254DA8293E710DB64D4901FFA761FF95348F94813AD78D83566DE2DDA0ACB04

Function 00007FF6840977D0 Relevance: 7.6, APIs: 6, Instructions: 64COMMON

Download Yara Rule

APIs

calloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF6840849F0), ref: 00007FF684097805
calloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF6840849F0), ref: 00007FF68409781A
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF6840849F0), ref: 00007FF68409782F
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF6840849F0), ref: 00007FF68409785C
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF6840849F0), ref: 00007FF684097865
memcpy.VCRUNTIME140(?,?,?,00007FF6840849F0), ref: 00007FF684097899

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: free$calloc$memcpy
String ID:
API String ID: 3478730034-0
Opcode ID: e9c57da48b3bdcd8d7ccb71cf866c7ca6fbbd9c6e089ec251f1c606e016a0428
Instruction ID: 80b6ed633208fecc46ce686412621f55bcc164bea5e7227238b56351107aa250
Opcode Fuzzy Hash: e9c57da48b3bdcd8d7ccb71cf866c7ca6fbbd9c6e089ec251f1c606e016a0428
Instruction Fuzzy Hash: CA218E62E08B82C6E714CF25949023B6AA0FF48BE0F544239DE9E9B79ADF7DD451C700

Function 00007FF68407A690 Relevance: 7.5, APIs: 5, Instructions: 46COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?,?,?,00000000), ref: 00007FF68407AB23
LeaveCriticalSection.KERNEL32(?,?,?,00000000), ref: 00007FF68407AB37
CloseHandle.KERNEL32 ref: 00007FF68407AB44
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00000000), ref: 00007FF68407AB66
closesocket.WS2_32 ref: 00007FF68407AB84
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00000000), ref: 00007FF68407AB9D

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: CriticalSectionfree$CloseEnterHandleLeaveclosesocket
String ID:
API String ID: 469868127-0
Opcode ID: 1da22c7366462aba51bca6a144647d043b9fd18cdd1de1f2463061639beb365e
Instruction ID: dd3322fa49f468d2a112c463c55b72c5adc0d2d5f4d92487962ffff1d5ee145e
Opcode Fuzzy Hash: 1da22c7366462aba51bca6a144647d043b9fd18cdd1de1f2463061639beb365e
Instruction Fuzzy Hash: 8511E336A09B41D6E6209F52E18022AB770FF89B90F144139DF8E83B55DF7AE4A5CB11

Function 00007FF6840943D0 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 206COMMON

Download Yara Rule

APIs

fflush.API-MS-WIN-CRT-STDIO-L1-1-0(?), ref: 00007FF684094722

Strings

** Resuming transfer from byte position %I64d, xrefs: 00007FF684094458
%% Total %% Received %% Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed, xrefs: 00007FF68409446B
%3I64d %s %3I64d %s %3I64d %s %s %s %s %s %s %s, xrefs: 00007FF6840946B5

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: fflush
String ID: %3I64d %s %3I64d %s %3I64d %s %s %s %s %s %s %s$ %% Total %% Received %% Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed$** Resuming transfer from byte position %I64d
API String ID: 497872470-664487449
Opcode ID: 546769f59e4992199159a10680f9d4ef048ef89c0d5b739e9b99cb3db6efc00f
Instruction ID: d8c79f4b0df347cb4244302c4267b8eb7d98dde8b7047de07808a0ca8a050a90
Opcode Fuzzy Hash: 546769f59e4992199159a10680f9d4ef048ef89c0d5b739e9b99cb3db6efc00f
Instruction Fuzzy Hash: 3591B02261AB86C5DA60DB15E584BABB764FB84BC4F82103ADE5D8BB95FF3DD001D700

Function 00007FF684062090 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 121COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68406217C
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF6840621CB
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68406223E

Strings

ange, xrefs: 00007FF6840620E2

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID: ange
API String ID: 3668304517-4159947239
Opcode ID: 5a821b9034ccd780b6e65f0daaa75ae135f764b8c14232be609300797b9fd468
Instruction ID: 639ec88153f7b539cfb8bd0450edac24387625ce1730d68545f1b78226fba04b
Opcode Fuzzy Hash: 5a821b9034ccd780b6e65f0daaa75ae135f764b8c14232be609300797b9fd468
Instruction Fuzzy Hash: B3517C62E18B46C5FB00DF69D4803AE2361FF99798F009639EB6D56AD9DE6CE0D4C340

Function 00007FF6840854C0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 77fileCOMMON

Download Yara Rule

APIs

fwrite.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF6840855E5
fwrite.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF684085600

Strings

..., xrefs: 00007FF684085552
..., xrefs: 00007FF684085568

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: fwrite
String ID: ...$...
API String ID: 3559309478-2253869979
Opcode ID: e6a949566048ff31d7bbba707800bc1fbc69c524edc41005eb075d9e3c42d6ed
Instruction ID: 2d96eb9d67e17962a58574c3014b51b28f86e51d9fb69faa43c2956352b2219c
Opcode Fuzzy Hash: e6a949566048ff31d7bbba707800bc1fbc69c524edc41005eb075d9e3c42d6ed
Instruction Fuzzy Hash: 3C31D521A1CA81D1EB64DB21D5947FAA3A1FF84B80F808239CA9D837D4CF3DD559C781

Function 00007FF684092D70 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 64COMMON

Download Yara Rule

APIs

realloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF6840927A9), ref: 00007FF684092DFD

Strings

Rejected %zu bytes header (max is %d)!, xrefs: 00007FF684092D9B
Failed to alloc memory for big header!, xrefs: 00007FF684092E08

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: realloc
String ID: Failed to alloc memory for big header!$Rejected %zu bytes header (max is %d)!
API String ID: 471065373-1365219457
Opcode ID: b1927de0a4823707454b68872d7ef51465a834518fa426e036663695675c6494
Instruction ID: 766d9bb9b83a3063268b7a5554648f6521465d832e6715698e55e3c5f17074be
Opcode Fuzzy Hash: b1927de0a4823707454b68872d7ef51465a834518fa426e036663695675c6494
Instruction Fuzzy Hash: 57212C32B19A85C6DB04DB15E5802AEA761FB49FC4F44403AEB9D47B59CF3CD4A2C744

Function 00007FF684071513 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 59COMMON

Download Yara Rule

APIs

_strdup.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF6840715A2
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6840715BE
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6840715DB

Strings

:, xrefs: 00007FF684071596

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: free$_strdup
String ID: :
API String ID: 2653869212-336475711
Opcode ID: 03b32bf35b58e1952b9fb5c8d94eb12ec4b70198ca38e5ce222575a15a310553
Instruction ID: b111bc9aec558293365b2a1211393d299f65bf0ea4a5ff20438539741f2d6144
Opcode Fuzzy Hash: 03b32bf35b58e1952b9fb5c8d94eb12ec4b70198ca38e5ce222575a15a310553
Instruction Fuzzy Hash: E3217C2270DB86C5EB659F14A5803AA73B0BF44BA4F484239CA9D86399EF3DD494C750

Function 00007FF684071698 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 52COMMON

Download Yara Rule

APIs

_strdup.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF6840715A2
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6840715BE
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6840715DB

Strings

:, xrefs: 00007FF684071596

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: free$_strdup
String ID: :
API String ID: 2653869212-336475711
Opcode ID: 39daee4d1075e9e8954fd0d72e8de271ad016377caa0a5609e8f389a47ecc7fe
Instruction ID: 362ebfa51ff8a97aadd29c91e97d91d96f71b07f637c2c024cc89b8669911c8c
Opcode Fuzzy Hash: 39daee4d1075e9e8954fd0d72e8de271ad016377caa0a5609e8f389a47ecc7fe
Instruction Fuzzy Hash: 46116D22A0DB85C5EB659F14A5803AA73B0BF44BA5F48423ACF9D863D5EF3ED494C710

Function 00007FF68409C950 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 52COMMON

Download Yara Rule

Strings

%s%s, xrefs: 00007FF68409C983
LIST "%s" *, xrefs: 00007FF68409C9D7

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: %s%s$LIST "%s" *
API String ID: 0-1744359683
Opcode ID: d327a4d32715310628d43346b16bf389924de49833de915ff0ad22a07eac9b47
Instruction ID: d5710ea62edcfd3dd6a95ec1b73ef8bd867752048847706e80af2bae9ba17fd0
Opcode Fuzzy Hash: d327a4d32715310628d43346b16bf389924de49833de915ff0ad22a07eac9b47
Instruction Fuzzy Hash: 71115921E0D682C1EA148F55E4C42BA27A0BF48BC4F48413EEE8E87755DF6DE985C341

Function 00007FF68405F8E0 Relevance: 6.4, APIs: 5, Instructions: 133COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140 ref: 00007FF68405F96C
memcpy.VCRUNTIME140 ref: 00007FF68405F9AF
memcpy.VCRUNTIME140 ref: 00007FF68405F9C7
memcpy.VCRUNTIME140 ref: 00007FF68405FA49
memcpy.VCRUNTIME140 ref: 00007FF68405FA63

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: memcpy
String ID:
API String ID: 3510742995-0
Opcode ID: 9b57819bd4982c99ac53aea23cdb682c3689279d1eed93cbe84ec02240c3fa36
Instruction ID: 0067db664c85609b112f819578c379db3dc27afd92cd92730424bfa4e0e444cf
Opcode Fuzzy Hash: 9b57819bd4982c99ac53aea23cdb682c3689279d1eed93cbe84ec02240c3fa36
Instruction Fuzzy Hash: 6E41E322A04B81D2EB109F2AE6442AA6361FB25BD4F154735DFAC97796CF3CE1D0C341

Function 00007FF6840446D0 Relevance: 6.4, APIs: 5, Instructions: 130COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140 ref: 00007FF684044704
memcpy.VCRUNTIME140 ref: 00007FF68404474D
memcpy.VCRUNTIME140 ref: 00007FF68404477B
memset.VCRUNTIME140 ref: 00007FF684044792

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: memcpymemset
String ID:
API String ID: 1297977491-0
Opcode ID: 4d4ef1a97561200f8a793bdd5abd71fbcd4be22461a2c3be5614d988191f06ca
Instruction ID: 4d16b1d69f678df79518a622b8785193df4f293a3e6c4c3c1d006bbd30c4dcbc
Opcode Fuzzy Hash: 4d4ef1a97561200f8a793bdd5abd71fbcd4be22461a2c3be5614d988191f06ca
Instruction Fuzzy Hash: 80412726B286D1C3EB24CB2881816AE6795FF617C0F458139CB5D8BB86DF3DE51AC300

Function 00007FF6840901E0 Relevance: 6.3, APIs: 5, Instructions: 77COMMON

Download Yara Rule

APIs

free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FF6840905F5), ref: 00007FF684090218
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FF6840905F5), ref: 00007FF684090221
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FF6840905F5), ref: 00007FF68409029A
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FF6840905F5), ref: 00007FF6840902AB
memcpy.VCRUNTIME140(?,?,00000000,00007FF6840905F5), ref: 00007FF6840902D4

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: free$mallocmemcpy
String ID:
API String ID: 3401966785-0
Opcode ID: faf6754aaa2460d381419aa19d295673b7e6b1cc65fae786d9f94e910edb12ac
Instruction ID: f742f4ebdceca1369a61d833303fdbb7a106768d00aad2a3abeb4ce2c1d040b3
Opcode Fuzzy Hash: faf6754aaa2460d381419aa19d295673b7e6b1cc65fae786d9f94e910edb12ac
Instruction Fuzzy Hash: 8E315A32A09B85C1EB589F51E58026A67A0BF49BE4F14423ADE6E877D5EF3DE490C300

Function 00007FF6840773CB Relevance: 6.2, APIs: 3, Strings: 1, Instructions: 246COMMON

Download Yara Rule

Strings

Resolving timed out after %I64d milliseconds, xrefs: 00007FF684076DD6

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: Resolving timed out after %I64d milliseconds
API String ID: 0-3343404259
Opcode ID: cbd7e8e3272cff41d466281ff36a6333442e63177f243a0ad45836c1d5c7ce89
Instruction ID: e7c4883ba886d909771dcf9b417a9730620ca4c6ac7d96e3b6b55928f5dd36d0
Opcode Fuzzy Hash: cbd7e8e3272cff41d466281ff36a6333442e63177f243a0ad45836c1d5c7ce89
Instruction Fuzzy Hash: 07B19F71E1D642C5EB249B2994D027E26B1FF45B98F54583ECA0EC7286DE7AF880C342

Function 00007FF6840437F0 Relevance: 6.2, APIs: 4, Instructions: 208COMMON

Download Yara Rule

APIs

__std_exception_destroy.VCRUNTIME140 ref: 00007FF684043901
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF68404392D
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF684043A5B
__std_exception_copy.VCRUNTIME140 ref: 00007FF684043A9D

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$__std_exception_copy__std_exception_destroy
String ID:
API String ID: 2138705365-0
Opcode ID: 7fe9b36c23d692cfa151b80dabf1faa9589a531f1f66605188228b2883409076
Instruction ID: 76a90a5c8dc08c0425cf7a2fc199107c7cf21a43d87611e0482ebf7636f9d09e
Opcode Fuzzy Hash: 7fe9b36c23d692cfa151b80dabf1faa9589a531f1f66605188228b2883409076
Instruction Fuzzy Hash: 20817AB2B04A81D1EB149F29E48436E6361FF54BC8F54903ADA4D47AA9EF7DD894C380

Function 00007FF684088B40 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 135COMMON

Download Yara Rule

APIs

calloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF684088C60
calloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF684088CA6
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF684088D08

Strings

chunked, xrefs: 00007FF684088BBE

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: calloc$free
String ID: chunked
API String ID: 171065143-1066005980
Opcode ID: a8eaee4497cbc6ca652fd406c0d2f7b42814a1174c19701cd2bcb36804364914
Instruction ID: faaa037a8393d6f635ab5d4e65c87f55c161ed854161101c21742006e0e3e5e0
Opcode Fuzzy Hash: a8eaee4497cbc6ca652fd406c0d2f7b42814a1174c19701cd2bcb36804364914
Instruction Fuzzy Hash: 0E51D432A49A92C5FB658B129E803BB6791BF54BC4F484039DE5D83789EF3CE456D300

Function 00007FF68404C9C0 Relevance: 6.1, APIs: 4, Instructions: 127COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,00000000,?,?,?,00007FF684049045), ref: 00007FF68404CAD9
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,00000000,?,?,?,00007FF684049045), ref: 00007FF68404CB2D
memcpy.VCRUNTIME140(?,?,00000000,?,?,?,00007FF684049045), ref: 00007FF68404CB37

Part of subcall function 00007FF6840BE310: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,0000000100000000,00007FF68404C47E,?,?,?,?,00007FF68404119B), ref: 00007FF6840BE32A

Concurrency::cancel_current_task.LIBCPMT ref: 00007FF68404CB84

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: memcpy$Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturnmalloc
String ID:
API String ID: 1155477157-0
Opcode ID: e1f1fe3be785b13f71ad7f347590f7a0a98f61f9bf7a51e4dccb99fd98f01535
Instruction ID: 8b25f24f546f359083e1e5e868bcbc777f492be9f54a21c5f206875afde61dcd
Opcode Fuzzy Hash: e1f1fe3be785b13f71ad7f347590f7a0a98f61f9bf7a51e4dccb99fd98f01535
Instruction Fuzzy Hash: B141FE61B08A41D1EA20DB15E08427E62A0BF58BE8F910739DE7D87BD4EE3CE052C301

Function 00007FF684055240 Relevance: 6.1, APIs: 4, Instructions: 117COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(?,?,?,?,?,?,?,?,?,00007FF684050213,?,?,?,00007FF68404EA9C), ref: 00007FF68405531E
memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,00007FF684050213,?,?,?,00007FF68404EA9C), ref: 00007FF68405534C
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,00007FF684050213,?,?,?,00007FF68404EA9C), ref: 00007FF6840553B5

Part of subcall function 00007FF6840BE310: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,0000000100000000,00007FF68404C47E,?,?,?,?,00007FF68404119B), ref: 00007FF6840BE32A

Concurrency::cancel_current_task.LIBCPMT ref: 00007FF6840553C2

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturnmallocmemcpymemset
String ID:
API String ID: 2942768764-0
Opcode ID: a9b606400e0ea1629a13ad569f25f31fc2223cb43e4af202120b53c3fe94b378
Instruction ID: 3d39232071b8963a394504d7d2ce7ef7ca620c094d645f899bd41729836be9fa
Opcode Fuzzy Hash: a9b606400e0ea1629a13ad569f25f31fc2223cb43e4af202120b53c3fe94b378
Instruction Fuzzy Hash: D9419D72B05B86C6EB148F65D08427EA361FF44BA0F958A39DAAD977D8DF6CE051C300

Function 00007FF684057920 Relevance: 6.1, APIs: 4, Instructions: 112COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140 ref: 00007FF684057A2F

Part of subcall function 00007FF6840BE310: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,0000000100000000,00007FF68404C47E,?,?,?,?,00007FF68404119B), ref: 00007FF6840BE32A

memcpy.VCRUNTIME140 ref: 00007FF684057A1C
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF684057A9D
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF684057AAA

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: memcpy$Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturnmalloc
String ID:
API String ID: 1155477157-0
Opcode ID: a43a2258c746172ac1796535bba661411df8a48737158f9de7ca4662200e5949
Instruction ID: d9da12faec190e36e36ab08e01713be82e918b487f2cba46bdac1cd44c43d2de
Opcode Fuzzy Hash: a43a2258c746172ac1796535bba661411df8a48737158f9de7ca4662200e5949
Instruction Fuzzy Hash: 0541C066B14A86C5EE04CB26D4842BE6350FF48BE0F444639CA6D97BC6DF2CE191C300

Function 00007FF684048650 Relevance: 6.1, APIs: 4, Instructions: 110COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ed7b6d7da68a1d1e43c304b2689d7fec68aa19245766a7a4a421bd83ab8bc21a
Instruction ID: f23b94830eaf35a057345cef394aa8d9cf5c491b80aa3fa1d5509762389b9aca
Opcode Fuzzy Hash: ed7b6d7da68a1d1e43c304b2689d7fec68aa19245766a7a4a421bd83ab8bc21a
Instruction Fuzzy Hash: EB513E37608A81C6DB648F29E49036E77A1FF94BD8F54463ADA9D877A8DF38D444C700

Function 00007FF6840550D0 Relevance: 6.1, APIs: 4, Instructions: 108COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(7FFFFFFFFFFFFFFF,00000000,?,00007FF684050213,?,?,?,00007FF68404EA9C,?,?,?,?,?,00007FF684050A57), ref: 00007FF6840551B3
memcpy.VCRUNTIME140(7FFFFFFFFFFFFFFF,00000000,?,00007FF684050213,?,?,?,00007FF68404EA9C,?,?,?,?,?,00007FF684050A57), ref: 00007FF6840551C6
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(7FFFFFFFFFFFFFFF,00000000,?,00007FF684050213,?,?,?,00007FF68404EA9C,?,?,?,?,?,00007FF684050A57), ref: 00007FF68405522C

Part of subcall function 00007FF6840BE310: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,0000000100000000,00007FF68404C47E,?,?,?,?,00007FF68404119B), ref: 00007FF6840BE32A

Concurrency::cancel_current_task.LIBCPMT ref: 00007FF684055239

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: memcpy$Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturnmalloc
String ID:
API String ID: 1155477157-0
Opcode ID: 58acd8f46fa08c665f0531892ae20c5cfeac97a1f67f207f38a682d4cf6ad5ea
Instruction ID: 88adbd794b777ac63a87c05c282a7b05cce8935ce0d2651a8cb84e8feb681b08
Opcode Fuzzy Hash: 58acd8f46fa08c665f0531892ae20c5cfeac97a1f67f207f38a682d4cf6ad5ea
Instruction Fuzzy Hash: A5410122709B85C5EA24DF66E4842BAA760FF45BD0F144A39DBAD97BD5DE3CE040C300

Function 00007FF6840B95A0 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 103COMMON

Download Yara Rule

APIs

free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,00000000,?,00007FF68409CC90,?,?,?,?,?,?,ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_,?), ref: 00007FF6840B95F3
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6840B967C

Strings

%s, xrefs: 00007FF6840B95C5

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: free
String ID: %s
API String ID: 1294909896-3043279178
Opcode ID: 2903f218c8b265c425e9c652228ce8d6f59ced1a85f5e80c9bab286c59e96dfc
Instruction ID: 9f222f0922c99004e311b207c79a054c8f08283bab233c2a8bf7bdcd515288e1
Opcode Fuzzy Hash: 2903f218c8b265c425e9c652228ce8d6f59ced1a85f5e80c9bab286c59e96dfc
Instruction Fuzzy Hash: 5D417432A18B85C2EA51DB65B58016BB3A0FF45B94F144139DF8D87BA1DF3CE091C304

Function 00007FF68404C270 Relevance: 6.1, APIs: 4, Instructions: 101COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,?,00000000,?,00007FF684049080), ref: 00007FF68404C34B
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,00000000,?,00007FF684049080), ref: 00007FF68404C37F
memcpy.VCRUNTIME140(?,?,?,00000000,?,00007FF684049080), ref: 00007FF68404C389
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF68404C3B2

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: memcpy$Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
String ID:
API String ID: 1775671525-0
Opcode ID: f2299fbde33537dfc263cdf526cb1c84cda6cd61a8f1022f3c2ff0890eb02e87
Instruction ID: 48b85bfe347bc6e7ab9ddace8f04427c88b30dde1db327b04a164e024b38e532
Opcode Fuzzy Hash: f2299fbde33537dfc263cdf526cb1c84cda6cd61a8f1022f3c2ff0890eb02e87
Instruction Fuzzy Hash: EF31D271B0D742C1EE309B12A5842AEA392FF18BE5F484639DE5D8BBD5DE7CE141C205

Function 00007FF6840507B0 Relevance: 6.1, APIs: 4, Instructions: 99COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,?,00007FF684042FAF), ref: 00007FF68405081E

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: memcpy
String ID:
API String ID: 3510742995-0
Opcode ID: 07fa50e3be99eb7fe95ea155dc8bf215f98a5944493ade8d73604e6a89d6997e
Instruction ID: bc5e038434e626b333bee733a1232bbb63d8062d098fd827e4ebefed771aabb5
Opcode Fuzzy Hash: 07fa50e3be99eb7fe95ea155dc8bf215f98a5944493ade8d73604e6a89d6997e
Instruction Fuzzy Hash: B531D222B09782C5FA269B25A58437E2250EF10BF5F250638CE6C67BD1EE3864C3D340

Function 00007FF68405FA90 Relevance: 6.1, APIs: 4, Instructions: 90COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,7FFFFFFFFFFFFFFF), ref: 00007FF68405FB46

Part of subcall function 00007FF6840BE310: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,0000000100000000,00007FF68404C47E,?,?,?,?,00007FF68404119B), ref: 00007FF6840BE32A

memcpy.VCRUNTIME140(?,?,?,7FFFFFFFFFFFFFFF), ref: 00007FF68405FB73
memcpy.VCRUNTIME140(?,?,?,7FFFFFFFFFFFFFFF), ref: 00007FF68405FB82
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF68405FBA3

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: memcpy$Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturnmalloc
String ID:
API String ID: 1155477157-0
Opcode ID: dc625c4bf227a810765d776d1fd9bbe7f2b11b1ce597af149af722d38ff5c26d
Instruction ID: 79bf0935cb4755e6f063906b61f86a8b8284c950b742dab41fc1d9d798d3d3a7
Opcode Fuzzy Hash: dc625c4bf227a810765d776d1fd9bbe7f2b11b1ce597af149af722d38ff5c26d
Instruction Fuzzy Hash: 5E218422A05A85C0EE25DB12A9942AAA255FF44BF4F194B39DE7D97BD5DE3CD081C300

Function 00007FF684061660 Relevance: 6.1, APIs: 4, Instructions: 87COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FF68405B0FB), ref: 00007FF6840616AE
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF6840616CA
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF684061717

Part of subcall function 00007FF6840BE310: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,0000000100000000,00007FF68404C47E,?,?,?,?,00007FF68404119B), ref: 00007FF6840BE32A

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_taskmalloc
String ID:
API String ID: 4234954712-0
Opcode ID: 0b04c2f650ea99c06479401e37785c68164c9641ce9b22fe6e1f6520c65b6db3
Instruction ID: bd2a86bb73af2b83fc539f3e1d8e672297637051288dda7e117ab83a80f3ebcd
Opcode Fuzzy Hash: 0b04c2f650ea99c06479401e37785c68164c9641ce9b22fe6e1f6520c65b6db3
Instruction Fuzzy Hash: 3631E166E0A742C1EE28936184C623E22A1BF557B1F940B3DD37E4A7D0EE6C9591C700

Function 00007FF68404C3C0 Relevance: 6.1, APIs: 4, Instructions: 79COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,?,?,00007FF68404119B), ref: 00007FF68404C3F8
memcpy.VCRUNTIME140(?,?,?,?,00007FF68404119B), ref: 00007FF68404C499
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF68404C4B7

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: memcpy$Concurrency::cancel_current_task
String ID:
API String ID: 326894585-0
Opcode ID: 5f2df91895d34574547742d8ad66c826e47f3838bc8a57f0ba28a8925784d77d
Instruction ID: beeebee2cd98f268e4cd630d85b311b41ab8617ec924eff8ed48ae77876f3668
Opcode Fuzzy Hash: 5f2df91895d34574547742d8ad66c826e47f3838bc8a57f0ba28a8925784d77d
Instruction Fuzzy Hash: 9B210B22B0E756C5FA359B51A68437A2240BF54BE8F550B38DE6D47BCADF3CA491C301

Function 00007FF68407412D Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 55stringCOMMON

Download Yara Rule

APIs

strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,00007FF684073DF8), ref: 00007FF684073F45
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,00007FF684073DF8), ref: 00007FF684073F5F

Strings

I64, xrefs: 00007FF684073F55
I32, xrefs: 00007FF684073F35

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: strncmp
String ID: I32$I64
API String ID: 1114863663-3980630743
Opcode ID: 690dfba8f5c3aa5ef38dbafbb669d497a95976d88d1ad140b47f3d28d9d7ee22
Instruction ID: d9e057b2799fa9cfa5accbd255d87446b0263e3ecb87175020c5573d234f4b1e
Opcode Fuzzy Hash: 690dfba8f5c3aa5ef38dbafbb669d497a95976d88d1ad140b47f3d28d9d7ee22
Instruction Fuzzy Hash: F721D532E0C563C5EB215B60D4D03BA7BF8BF55F88F0A8139CA4AC6285DE2DE604C752

Function 00007FF6840B1A60 Relevance: 6.1, APIs: 4, Instructions: 55COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF6840B27C9,00000000,?,?,00007FF6840B1D86), ref: 00007FF6840B1A89
realloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF6840B27C9,00000000,?,?,00007FF6840B1D86), ref: 00007FF6840B1AC0
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF6840B27C9,00000000,?,?,00007FF6840B1D86), ref: 00007FF6840B1AD2
memcpy.VCRUNTIME140(?,?,?,00007FF6840B27C9,00000000,?,?,00007FF6840B1D86), ref: 00007FF6840B1AFA

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: freemallocmemcpyrealloc
String ID:
API String ID: 3881842442-0
Opcode ID: 4e31179edb012fc3068fe3a1aa07e365098b9f57db527d239cde6aa1a290680b
Instruction ID: 44eb48f8aef2b56eeecf61fb08ab09d5bef7e6b5bfb761477e5f06b21fa6017b
Opcode Fuzzy Hash: 4e31179edb012fc3068fe3a1aa07e365098b9f57db527d239cde6aa1a290680b
Instruction Fuzzy Hash: E8214D26A1AB81C2DB44CF56E49022A63A0FB48FC8B488135EE5E87759DF3CD592C700

Function 00007FF6840BDD54 Relevance: 6.1, APIs: 4, Instructions: 53COMMON

Download Yara Rule

APIs

WideCharToMultiByte.KERNEL32 ref: 00007FF6840BDD9D
GetLastError.KERNEL32 ref: 00007FF6840BDDAB
WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,00007FF68404B769), ref: 00007FF6840BDDE0
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,00007FF68404B769), ref: 00007FF6840BDDEE

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: ByteCharErrorLastMultiWide
String ID:
API String ID: 203985260-0
Opcode ID: af8163f06192995d998680606efb5d7c8a04c53febd0cfa1b9df8af7b8dd437e
Instruction ID: dba9f9429d99d8d533e9e56b22895f5e7a7ff7640e756cfe464bc49ebbc57366
Opcode Fuzzy Hash: af8163f06192995d998680606efb5d7c8a04c53febd0cfa1b9df8af7b8dd437e
Instruction Fuzzy Hash: 0221E876A18B95C7E3108F21A48432EBAB4FB99F94F140139DB8997B58DF38D445CB44

Function 00007FF6840905A0 Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 48COMMON

Download Yara Rule

APIs

free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6840905FA
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF68409061A
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF684090623

Strings

Proxy-Connection: Keep-Alive, xrefs: 00007FF6840905B0

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: free
String ID: Proxy-Connection: Keep-Alive
API String ID: 1294909896-2835282938
Opcode ID: cc35ecba79e70a9bc6cb3ea24a3edfdf6970ce08f53f74da24f7ef8e875cc6ed
Instruction ID: 8bf5ea2ed33429eaf205ab7bf4e6a8a3444bf8fc3454a02f767c373803a4b0fe
Opcode Fuzzy Hash: cc35ecba79e70a9bc6cb3ea24a3edfdf6970ce08f53f74da24f7ef8e875cc6ed
Instruction Fuzzy Hash: ED01C422F04641C2FB159B55F4803AA6690AF88BF1F044238DE6D8B3D0EF7C98D5C340

Function 00007FF68407401A Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 24stringCOMMON

Download Yara Rule

APIs

strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,00007FF684073DF8), ref: 00007FF684073F45
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,00007FF684073DF8), ref: 00007FF684073F5F
strncmp.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF684073FA2

Strings

I64, xrefs: 00007FF684073F55
I32, xrefs: 00007FF684073F35

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: strncmp
String ID: I32$I64
API String ID: 1114863663-3980630743
Opcode ID: 1a23a1c8f3207d80e665eb28a0440c9501873568427f8f909d50fa7ef9c5ee02
Instruction ID: 5c85ed4dd45a4d44b65cd7f69754a32bfc46b4815d56e1b3b709c38ddb2a4844
Opcode Fuzzy Hash: 1a23a1c8f3207d80e665eb28a0440c9501873568427f8f909d50fa7ef9c5ee02
Instruction Fuzzy Hash: D3F08235B1C953C1FB154B21A8D477627B87F55BC4F0A513EC95ACA694CE2DE200D322

Function 00007FF684074022 Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 24stringCOMMON

Download Yara Rule

APIs

strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,00007FF684073DF8), ref: 00007FF684073F45
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,00007FF684073DF8), ref: 00007FF684073F5F
strncmp.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF684073FA2

Strings

I64, xrefs: 00007FF684073F55
I32, xrefs: 00007FF684073F35

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: strncmp
String ID: I32$I64
API String ID: 1114863663-3980630743
Opcode ID: becde2ecbcb4abba6d902d87fc19e3fabf59d894aa72799254ccc749e9a7db61
Instruction ID: fcde83cb627b4c5f34b9cb15d08686287456dc8bdb97c2454e4b12a29d798003
Opcode Fuzzy Hash: becde2ecbcb4abba6d902d87fc19e3fabf59d894aa72799254ccc749e9a7db61
Instruction Fuzzy Hash: 85F08225B1C953C1FB154B21A8D477727B8BF55BC4F0A513EC95ACA694CE2DE200D322

Function 00007FF6840AFAF0 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 227COMMON

Download Yara Rule

APIs

_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FF684085F46), ref: 00007FF6840AFB04

Strings

%lx, xrefs: 00007FF6840AFDEA

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: _errno
String ID: %lx
API String ID: 2918714741-1448181948
Opcode ID: f5d2032c4728092e21dc87321e433a489388819b9718c86401f3a2fa3b628327
Instruction ID: 25cac8efa7c4880fad959ac69dc08f3c17dfc37160de62962cd00c1a2a03ebb3
Opcode Fuzzy Hash: f5d2032c4728092e21dc87321e433a489388819b9718c86401f3a2fa3b628327
Instruction Fuzzy Hash: C1812622A1C1D1C6E769CB25949427B7AD1FF85794F14823EEA9EE67C1DE3CD841CB00

Function 00007FF684043140 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121COMMON

Download Yara Rule

APIs

__std_fs_convert_narrow_to_wide.LIBCPMT ref: 00007FF6840431B8

Part of subcall function 00007FF6840BDBE8: MultiByteToWideChar.KERNEL32 ref: 00007FF6840BDC04
Part of subcall function 00007FF6840BDBE8: GetLastError.KERNEL32 ref: 00007FF6840BDC12

__std_fs_convert_narrow_to_wide.LIBCPMT ref: 00007FF684043264

Part of subcall function 00007FF68404C9C0: memcpy.VCRUNTIME140(?,?,00000000,?,?,?,00007FF684049045), ref: 00007FF68404CAD9

Strings

Unknown exception, xrefs: 00007FF6840434D9

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: __std_fs_convert_narrow_to_wide$ByteCharErrorLastMultiWidememcpy
String ID: Unknown exception
API String ID: 3269794198-410509341
Opcode ID: 20826a4a13eb8551ff8e744c1e06abc889af632be6793b07ef5414edb56623ab
Instruction ID: ec015aa514c5ecc70e396408bdb09700f8f67d99bae0e4ca8007394e1314f9f5
Opcode Fuzzy Hash: 20826a4a13eb8551ff8e744c1e06abc889af632be6793b07ef5414edb56623ab
Instruction Fuzzy Hash: 2541DE72B1874582EB288F629554A6E7294FFA4FCCF14613AEE4D83B44DF3DE451C280

Function 00007FF68409B950 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 104COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_,?,00000000,00007FF68409B333), ref: 00007FF68409BA22
_strdup.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_,?,00000000,00007FF68409B333), ref: 00007FF68409BA73

Strings

(){ %*], xrefs: 00007FF68409B96D

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: _strdupmalloc
String ID: (){ %*]
API String ID: 3515966317-731572209
Opcode ID: ead2ff6340fc06aeed3a66c306d213061de8f722bccf28ed03eadb82498dc3ad
Instruction ID: 2cd857a64a72e2263eab698cbb942a4e4c075e22791159004fc572593627bf4e
Opcode Fuzzy Hash: ead2ff6340fc06aeed3a66c306d213061de8f722bccf28ed03eadb82498dc3ad
Instruction Fuzzy Hash: FC31D51190D69AC4FE624B1560D037A2FE1BF66BB4F98413DDA9EC72D7CE2EA905C210

Function 00007FF684088A10 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 77COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF684088A89
_strdup.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF684088B22

Strings

identity, xrefs: 00007FF684088A44, 00007FF684088AB3, 00007FF684088B1B

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: _strdupmalloc
String ID: identity
API String ID: 3515966317-1788209604
Opcode ID: 6aed3678c7b39903fd45e71fbf86153a1c4f051a402b1ad76210efd2657cbff1
Instruction ID: 6acf5cfc143c5bba3ed57feb973e5af2c57a8565ddafd238dc3e5ef3d4a8f78d
Opcode Fuzzy Hash: 6aed3678c7b39903fd45e71fbf86153a1c4f051a402b1ad76210efd2657cbff1
Instruction Fuzzy Hash: A8318E62E49A86C1EB118B15DAC037A67A1BF94BE4F094639CE2D877D9EF6CE411C300

Function 00007FF684049ECF Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 74COMMON

Download Yara Rule

APIs

_dsign.API-MS-WIN-CRT-MATH-L1-1-0 ref: 00007FF684049F57

Part of subcall function 00007FF6840446D0: memset.VCRUNTIME140 ref: 00007FF684044704

Strings

null, xrefs: 00007FF684049EF8
0, xrefs: 00007FF684049F83

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: _dsignmemset
String ID: 0$null
API String ID: 210716287-2239106201
Opcode ID: 8565fcecba9d6086032a1b8e3780475e9d78d3e60eaf0654684494e326ebc3a9
Instruction ID: fdc71e3b27054ccd5ff05e91a1ebd85d31d89844383812a6a7679e9ff315df4f
Opcode Fuzzy Hash: 8565fcecba9d6086032a1b8e3780475e9d78d3e60eaf0654684494e326ebc3a9
Instruction Fuzzy Hash: 20316D22A18AC5C5D6618F29E0812EBB364FF94B88F449236EB8D53A55EF3CE585C710

Function 00007FF684073B40 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 51COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF684073B60
realloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF684073BBB

Strings

, xrefs: 00007FF684073B73

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: mallocrealloc
String ID:
API String ID: 948496778-3916222277
Opcode ID: 3e64a6d1cf71b294bb3c8629c112c03f3c728d13f071cfbe4ba9339ff907718b
Instruction ID: bd96b1924c645836ef1f7c27884d6fb921e4ab7d1cc83324e03f69dc0058f6ab
Opcode Fuzzy Hash: 3e64a6d1cf71b294bb3c8629c112c03f3c728d13f071cfbe4ba9339ff907718b
Instruction Fuzzy Hash: F3117C7260AF81C2EB448F15E18022A73A0FB48BD4F44813ADB5E47798EF79D9A0C340

Function 00007FF684084F40 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON

Download Yara Rule

APIs

free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF684084F85
_strdup.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF684084FAC

Strings

%I64d-, xrefs: 00007FF684084F97

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: _strdupfree
String ID: %I64d-
API String ID: 1865132094-19666937
Opcode ID: c21ab5f7aa5f3c0a48473f0e636ee9e19cf949b7d4d23f0c8de1c84f835ba419
Instruction ID: 16d0c495ae464ddcf53d0c894fa83906f8da6384e2bfdce0307114271c1c9a05
Opcode Fuzzy Hash: c21ab5f7aa5f3c0a48473f0e636ee9e19cf949b7d4d23f0c8de1c84f835ba419
Instruction Fuzzy Hash: 2D118272A0A682C1FB158B6488853FA27E1FF54B49F18543DC90C8E367EF2DA4D6D311

Function 00007FF684077FB0 Relevance: 5.3, APIs: 4, Instructions: 287COMMON

Download Yara Rule

APIs

free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF68407827A
memcpy.VCRUNTIME140 ref: 00007FF6840783AC
memcpy.VCRUNTIME140 ref: 00007FF6840783C8

Part of subcall function 00007FF68408CA10: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FF684076193,?,?,00000000,00007FF684080A42,?,?,00000000,00007FF684081075), ref: 00007FF68408CA4C

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: freememcpy
String ID:
API String ID: 3223336191-0
Opcode ID: 8f4038719b5ab9af2b443d7a1587076df06882b9b98dcb21ac2aad8ed78968df
Instruction ID: 939f236f73b9139effe524e0ab43de09486e35776903a6f0ca38660573080ef8
Opcode Fuzzy Hash: 8f4038719b5ab9af2b443d7a1587076df06882b9b98dcb21ac2aad8ed78968df
Instruction Fuzzy Hash: 88C15D32B08A02CAEB548B69D4807AE33B5BF45BA8F044639CE2D977D8DF39D446D741

Function 00007FF68407B680 Relevance: 5.0, APIs: 4, Instructions: 45COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6840751D0: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FF68407F7B0,?,?,?,?,?,?,?,?,?,?,?,00007FF684070081), ref: 00007FF6840751F7
Part of subcall function 00007FF6840751D0: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FF68407F7B0,?,?,?,?,?,?,?,?,?,?,?,00007FF684070081), ref: 00007FF684075203

free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF68407B6B6
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF68407B6C6
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF68407B6D4
memset.VCRUNTIME140 ref: 00007FF68407B70F

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: free$memset
String ID:
API String ID: 2717317152-0
Opcode ID: 2a9bef5cc960539725e56acd80ee0917e3aa3e8f4b00392ea9bc446efc1007e6
Instruction ID: cb6820a1b4b072bc76356aa2980ff74d434e5c6e74180bcab10148520adbf62b
Opcode Fuzzy Hash: 2a9bef5cc960539725e56acd80ee0917e3aa3e8f4b00392ea9bc446efc1007e6
Instruction Fuzzy Hash: B4210C32E18B91D3E304DB22D6942A963B0FBA9744F11922AEB8C83A11DF74F1F5C300

Function 00007FF6840B3170 Relevance: 5.0, APIs: 4, Instructions: 37COMMON

Download Yara Rule

APIs

free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FF6840AF26E,?,?,?,00007FF684080F22), ref: 00007FF6840B3196
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FF6840AF26E,?,?,?,00007FF684080F22), ref: 00007FF6840B31B7
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FF6840AF26E,?,?,?,00007FF684080F22), ref: 00007FF6840B31D2
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FF6840AF26E,?,?,?,00007FF684080F22), ref: 00007FF6840B31E0

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: free
String ID:
API String ID: 1294909896-0
Opcode ID: 0b9d77558f6272cd9c8681e4e2914bccac0962b864b0b769413d0feb90ad9545
Instruction ID: 1c12e271a0b4716acb8364bc8c07bc6203ceb4b6f44215fa49e9c652ce31a18d
Opcode Fuzzy Hash: 0b9d77558f6272cd9c8681e4e2914bccac0962b864b0b769413d0feb90ad9545
Instruction Fuzzy Hash: AF11A536A18B41C2EB44DF66E8D402D73A8FF98F99714052ACA4D87769CF38D8A5C780

Function 00007FF6840B0B10 Relevance: 5.0, APIs: 4, Instructions: 27COMMON

Download Yara Rule

APIs

free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FF684087D35,?,?,00000000,00007FF684080B41,?,?,00000000,00007FF684081075), ref: 00007FF6840B0B20
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FF684087D35,?,?,00000000,00007FF684080B41,?,?,00000000,00007FF684081075), ref: 00007FF6840B0B46
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FF684087D35,?,?,00000000,00007FF684080B41,?,?,00000000,00007FF684081075), ref: 00007FF6840B0B54
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FF684087D35,?,?,00000000,00007FF684080B41,?,?,00000000,00007FF684081075), ref: 00007FF6840B0B62

Memory Dump Source

Source File: 00000000.00000002.2086648316.00007FF684041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684040000, based on PE: true

Associated: 00000000.00000002.2086612743.00007FF684040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086720171.00007FF6840C2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086770421.00007FF6840E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2086808425.00007FF6840E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff684040000_SecuriteInfo.jbxd

Similarity

API ID: free
String ID:
API String ID: 1294909896-0
Opcode ID: 11a7c4e0c8cd0aec6bfa656a786d95a47c048f4229927679e41d232e9eb2b00f
Instruction ID: 78895f828c13a5b3fc570615ea5a7696ed997f4ecf858a779e33aa4bf9e73ac9
Opcode Fuzzy Hash: 11a7c4e0c8cd0aec6bfa656a786d95a47c048f4229927679e41d232e9eb2b00f
Instruction Fuzzy Hash: 1FF0B236A08B41C2DB44CF62E9D402973E4FF98F99B154126CA5E8B769CF38C8A4C740

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

\Device\ConDrv

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Rich Headers

Data Directories

Sections

Resources

Imports

Possible Origin

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

Statistics

CPU Usage

Windows Analysis Report
SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exe

Function 00007FF684045A3D Relevance: 129.5, APIs: 47, Strings: 26, Instructions: 1789
sleepCOMMON

Function 00007FF6840882B0 Relevance: 45.7, APIs: 21, Strings: 5, Instructions: 191
libraryloadernetworkCOMMON

Function 00007FF684087690 Relevance: 38.9, APIs: 15, Strings: 7, Instructions: 357
networkCOMMON

Function 00007FF68406ECB0 Relevance: 28.1, APIs: 9, Strings: 7, Instructions: 134
COMMON

Function 00007FF684061B50 Relevance: 24.8, APIs: 12, Strings: 2, Instructions: 269
COMMON

Function 00007FF6840936A0 Relevance: 24.1, APIs: 16, Instructions: 127
networkCOMMON

Function 00007FF6840618A0 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 172
filememoryCOMMON

Function 00007FF684086350 Relevance: 21.3, APIs: 7, Strings: 5, Instructions: 337
COMMON

Function 00007FF68407AD30 Relevance: 28.7, APIs: 19, Instructions: 165
COMMON

Function 00007FF684081330 Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 153
COMMON

Function 00007FF684087F90 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 128
librarystringloaderCOMMON

Function 00007FF684086CD0 Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 161
networkCOMMON