Edit tour

Windows Analysis Report
c9toH15OT0.exe

Overview

General Information

Sample name:	c9toH15OT0.exe (renamed file extension from none to exe, renamed because original name is a hash value)
Original sample name:	1ce88179cf309cf721fbd5f924bbe02adf339971d4b7722facdae4b6dd8be42d
Analysis ID:	1578689
MD5:	6a5ec7f2c5ea9831b81c7e637c5ecd9f
SHA1:	56eb825c85698d459605aab6d375d8680ba22402
SHA256:	1ce88179cf309cf721fbd5f924bbe02adf339971d4b7722facdae4b6dd8be42d
Infos:

Detection

Score:	68
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Multi AV Scanner detection for submitted file

AI detected suspicious sample

Found direct / indirect Syscall (likely to bypass EDR)

Uses the Telegram API (likely for C&C communication)

Contains functionality to call native functions

Contains functionality to communicate with device drivers

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Detected potential crypto function

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

IP address seen in connection with other malware

May check the online IP address of the machine

PE file contains more sections than normal

PE file contains sections with non-standard names

Uses Microsoft's Enhanced Cryptographic Provider

Classification

Process Tree

System is w10x64

c9toH15OT0.exe (PID: 1368 cmdline: "C:\Users\user\Desktop\c9toH15OT0.exe" MD5: 6A5EC7F2C5EA9831B81C7E637C5ECD9F)

conhost.exe (PID: 4564 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cleanup

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: c9toH15OT0.exe

Avira: detected

Multi AV Scanner detection for submitted file

Source: c9toH15OT0.exe	Virustotal: Detection: 50%			Perma Link
Source: c9toH15OT0.exe	ReversingLabs: Detection: 66%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 98.3% probability

Source: C:\Users\user\Desktop\c9toH15OT0.exe

Code function: 0_2_00007FF65468A590 BCryptGenRandom,VirtualProtect,

0_2_00007FF65468A590

Source: c9toH15OT0.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT

Networking

Uses the Telegram API (likely for C&C communication)

Source: unknown

DNS query: name: api.telegram.org

Source: Joe Sandbox View	IP Address: 149.154.167.220 149.154.167.220
Source: Joe Sandbox View	IP Address: 104.26.12.205 104.26.12.205
Source: Joe Sandbox View	IP Address: 104.26.12.205 104.26.12.205

Source: unknown	DNS query: name: api.ipify.org
Source: unknown	DNS query: name: api.ipify.org

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: C:\Users\user\Desktop\c9toH15OT0.exe

Code function: 0_2_00007FF654521DC0 memcpy,closesocket,WakeByAddressSingle,WakeByAddressSingle,WSAIoctl,WSAGetLastError,WSAIoctl,WSAGetLastError,WSAIoctl,WSAGetLastError,WSAIoctl,WSAGetLastError,WakeByAddressSingle,recv,WSAGetLastError,send,WSAGetLastError,WSASend,WSAGetLastError,

0_2_00007FF654521DC0

Source: global traffic	DNS traffic detected: DNS query: api.ipify.org
Source: global traffic	DNS traffic detected: DNS query: api.telegram.org

Source: c9toH15OT0.exe, 00000000.00000002.1731923789.0000029B0D97F000.00000004.00000020.00020000.00000000.sdmp, c9toH15OT0.exe, 00000000.00000003.1731694200.0000029B0D97E000.00000004.00000020.00020000.00000000.sdmp, c9toH15OT0.exe, 00000000.00000002.1732037783.0000029B0D9AE000.00000004.00000020.00020000.00000000.sdmp, c9toH15OT0.exe, 00000000.00000003.1715780191.0000029B0D9A4000.00000004.00000020.00020000.00000000.sdmp, c9toH15OT0.exe, 00000000.00000003.1731638303.0000029B0D97E000.00000004.00000020.00020000.00000000.sdmp, c9toH15OT0.exe, 00000000.00000003.1731584762.0000029B0D9A7000.00000004.00000020.00020000.00000000.sdmp, c9toH15OT0.exe, 00000000.00000003.1731365365.0000029B0D9A4000.00000004.00000020.00020000.00000000.sdmp, c9toH15OT0.exe, 00000000.00000003.1731732450.0000029B0D9AB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.ipify.org/
Source: c9toH15OT0.exe	String found in binary or memory: https://api.ipify.orgsrc/main.rs%
Source: c9toH15OT0.exe	String found in binary or memory: https://api.telegram.org/bot7080012970:AAFY18TRX89Y_dAwP1Ulb_WhKvCNNODQ-w0/sendDocument985314977
Source: c9toH15OT0.exe, 00000000.00000002.1731923789.0000029B0D97F000.00000004.00000020.00020000.00000000.sdmp, c9toH15OT0.exe, 00000000.00000003.1731694200.0000029B0D97E000.00000004.00000020.00020000.00000000.sdmp, c9toH15OT0.exe, 00000000.00000003.1731638303.0000029B0D97E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.telegram.org/bot7080012970:AAFY18TRX89Y_dAwP1Ulb_WhKvCNNODQ-w0/sendMessage
Source: c9toH15OT0.exe, 00000000.00000002.1731923789.0000029B0D97F000.00000004.00000020.00020000.00000000.sdmp, c9toH15OT0.exe, 00000000.00000003.1731694200.0000029B0D97E000.00000004.00000020.00020000.00000000.sdmp, c9toH15OT0.exe, 00000000.00000003.1731638303.0000029B0D97E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.telegram.org/bot7080012970:AAFY18TRX89Y_dAwP1Ulb_WhKvCNNODQ-w0/sendMessageR
Source: c9toH15OT0.exe	String found in binary or memory: https://api.telegram.org/bot7080012970:AAFY18TRX89Y_dAwP1Ulb_WhKvCNNODQ-w0/sendMessagehttps://api.te
Source: c9toH15OT0.exe	String found in binary or memory: https://raw.githubusercontent.com/rosmoscos/keys/refs/heads/main/ur-mai.txt
Source: c9toH15OT0.exe	String found in binary or memory: https://raw.githubusercontent.com/rosmoscos/keys/refs/heads/main/ur-mai.txt%

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443

Source: C:\Users\user\Desktop\c9toH15OT0.exe	Code function: 0_2_00007FF654403640 memcpy,GetQueuedCompletionStatusEx,WakeByAddressSingle,GetLastError,WakeByAddressSingle,WakeByAddressSingle,NtDeviceIoControlFile,RtlNtStatusToDosError,WakeByAddressSingle,WakeByAddressSingle,		0_2_00007FF654403640
Source: C:\Users\user\Desktop\c9toH15OT0.exe	Code function: 0_2_00007FF654406970 NtCreateFile,RtlNtStatusToDosError,CreateIoCompletionPort,SetFileCompletionNotificationModes,GetLastError,CloseHandle,		0_2_00007FF654406970

Source: C:\Users\user\Desktop\c9toH15OT0.exe

Code function: 0_2_00007FF654403640: memcpy,GetQueuedCompletionStatusEx,WakeByAddressSingle,GetLastError,WakeByAddressSingle,WakeByAddressSingle,NtDeviceIoControlFile,RtlNtStatusToDosError,WakeByAddressSingle,WakeByAddressSingle,

0_2_00007FF654403640

Source: C:\Users\user\Desktop\c9toH15OT0.exe	Code function: 0_2_00007FF654403640	0_2_00007FF654403640
Source: C:\Users\user\Desktop\c9toH15OT0.exe	Code function: 0_2_00007FF6544F32C0	0_2_00007FF6544F32C0
Source: C:\Users\user\Desktop\c9toH15OT0.exe	Code function: 0_2_00007FF65452B460	0_2_00007FF65452B460
Source: C:\Users\user\Desktop\c9toH15OT0.exe	Code function: 0_2_00007FF654521DC0	0_2_00007FF654521DC0
Source: C:\Users\user\Desktop\c9toH15OT0.exe	Code function: 0_2_00007FF6543ACE85	0_2_00007FF6543ACE85
Source: C:\Users\user\Desktop\c9toH15OT0.exe	Code function: 0_2_00007FF65451DA00	0_2_00007FF65451DA00
Source: C:\Users\user\Desktop\c9toH15OT0.exe	Code function: 0_2_00007FF654519C80	0_2_00007FF654519C80
Source: C:\Users\user\Desktop\c9toH15OT0.exe	Code function: 0_2_00007FF654512560	0_2_00007FF654512560
Source: C:\Users\user\Desktop\c9toH15OT0.exe	Code function: 0_2_00007FF65439D560	0_2_00007FF65439D560
Source: C:\Users\user\Desktop\c9toH15OT0.exe	Code function: 0_2_00007FF6544B5600	0_2_00007FF6544B5600
Source: C:\Users\user\Desktop\c9toH15OT0.exe	Code function: 0_2_00007FF6545305C0	0_2_00007FF6545305C0
Source: C:\Users\user\Desktop\c9toH15OT0.exe	Code function: 0_2_00007FF65451D5D0	0_2_00007FF65451D5D0
Source: C:\Users\user\Desktop\c9toH15OT0.exe	Code function: 0_2_00007FF6545635D0	0_2_00007FF6545635D0
Source: C:\Users\user\Desktop\c9toH15OT0.exe	Code function: 0_2_00007FF6544F6780	0_2_00007FF6544F6780
Source: C:\Users\user\Desktop\c9toH15OT0.exe	Code function: 0_2_00007FF6543D07A0	0_2_00007FF6543D07A0
Source: C:\Users\user\Desktop\c9toH15OT0.exe	Code function: 0_2_00007FF6544107A0	0_2_00007FF6544107A0
Source: C:\Users\user\Desktop\c9toH15OT0.exe	Code function: 0_2_00007FF654562790	0_2_00007FF654562790
Source: C:\Users\user\Desktop\c9toH15OT0.exe	Code function: 0_2_00007FF6543AB7FD	0_2_00007FF6543AB7FD
Source: C:\Users\user\Desktop\c9toH15OT0.exe	Code function: 0_2_00007FF6544F8830	0_2_00007FF6544F8830
Source: C:\Users\user\Desktop\c9toH15OT0.exe	Code function: 0_2_00007FF654529920	0_2_00007FF654529920
Source: C:\Users\user\Desktop\c9toH15OT0.exe	Code function: 0_2_00007FF6543D7910	0_2_00007FF6543D7910
Source: C:\Users\user\Desktop\c9toH15OT0.exe	Code function: 0_2_00007FF6543A192F	0_2_00007FF6543A192F
Source: C:\Users\user\Desktop\c9toH15OT0.exe	Code function: 0_2_00007FF6543998D0	0_2_00007FF6543998D0
Source: C:\Users\user\Desktop\c9toH15OT0.exe	Code function: 0_2_00007FF6544B0140	0_2_00007FF6544B0140
Source: C:\Users\user\Desktop\c9toH15OT0.exe	Code function: 0_2_00007FF6543BE170	0_2_00007FF6543BE170
Source: C:\Users\user\Desktop\c9toH15OT0.exe	Code function: 0_2_00007FF6543AD213	0_2_00007FF6543AD213
Source: C:\Users\user\Desktop\c9toH15OT0.exe	Code function: 0_2_00007FF6543B7260	0_2_00007FF6543B7260
Source: C:\Users\user\Desktop\c9toH15OT0.exe	Code function: 0_2_00007FF6543B6310	0_2_00007FF6543B6310
Source: C:\Users\user\Desktop\c9toH15OT0.exe	Code function: 0_2_00007FF6543E73A0	0_2_00007FF6543E73A0
Source: C:\Users\user\Desktop\c9toH15OT0.exe	Code function: 0_2_00007FF6543A1350	0_2_00007FF6543A1350
Source: C:\Users\user\Desktop\c9toH15OT0.exe	Code function: 0_2_00007FF65451D410	0_2_00007FF65451D410
Source: C:\Users\user\Desktop\c9toH15OT0.exe	Code function: 0_2_00007FF654526490	0_2_00007FF654526490
Source: C:\Users\user\Desktop\c9toH15OT0.exe	Code function: 0_2_00007FF6544F4510	0_2_00007FF6544F4510
Source: C:\Users\user\Desktop\c9toH15OT0.exe	Code function: 0_2_00007FF6543B64F0	0_2_00007FF6543B64F0
Source: C:\Users\user\Desktop\c9toH15OT0.exe	Code function: 0_2_00007FF6545444D0	0_2_00007FF6545444D0
Source: C:\Users\user\Desktop\c9toH15OT0.exe	Code function: 0_2_00007FF6544874E0	0_2_00007FF6544874E0
Source: C:\Users\user\Desktop\c9toH15OT0.exe	Code function: 0_2_00007FF654571D40	0_2_00007FF654571D40
Source: C:\Users\user\Desktop\c9toH15OT0.exe	Code function: 0_2_00007FF654526D50	0_2_00007FF654526D50
Source: C:\Users\user\Desktop\c9toH15OT0.exe	Code function: 0_2_00007FF6543A7DFA	0_2_00007FF6543A7DFA
Source: C:\Users\user\Desktop\c9toH15OT0.exe	Code function: 0_2_00007FF6543B0DD1	0_2_00007FF6543B0DD1
Source: C:\Users\user\Desktop\c9toH15OT0.exe	Code function: 0_2_00007FF6543E4DD0	0_2_00007FF6543E4DD0
Source: C:\Users\user\Desktop\c9toH15OT0.exe	Code function: 0_2_00007FF6543ADE99	0_2_00007FF6543ADE99
Source: C:\Users\user\Desktop\c9toH15OT0.exe	Code function: 0_2_00007FF6543ACF27	0_2_00007FF6543ACF27
Source: C:\Users\user\Desktop\c9toH15OT0.exe	Code function: 0_2_00007FF6543ACEB9	0_2_00007FF6543ACEB9
Source: C:\Users\user\Desktop\c9toH15OT0.exe	Code function: 0_2_00007FF6543CEED0	0_2_00007FF6543CEED0
Source: C:\Users\user\Desktop\c9toH15OT0.exe	Code function: 0_2_00007FF6543A6FA0	0_2_00007FF6543A6FA0
Source: C:\Users\user\Desktop\c9toH15OT0.exe	Code function: 0_2_00007FF6544B0F70	0_2_00007FF6544B0F70
Source: C:\Users\user\Desktop\c9toH15OT0.exe	Code function: 0_2_00007FF6543BBFD0	0_2_00007FF6543BBFD0
Source: C:\Users\user\Desktop\c9toH15OT0.exe	Code function: 0_2_00007FF65439A090	0_2_00007FF65439A090
Source: C:\Users\user\Desktop\c9toH15OT0.exe	Code function: 0_2_00007FF6543A4107	0_2_00007FF6543A4107
Source: C:\Users\user\Desktop\c9toH15OT0.exe	Code function: 0_2_00007FF65439C95D	0_2_00007FF65439C95D
Source: C:\Users\user\Desktop\c9toH15OT0.exe	Code function: 0_2_00007FF6543BEA10	0_2_00007FF6543BEA10
Source: C:\Users\user\Desktop\c9toH15OT0.exe	Code function: 0_2_00007FF6543AAA08	0_2_00007FF6543AAA08
Source: C:\Users\user\Desktop\c9toH15OT0.exe	Code function: 0_2_00007FF65451EA30	0_2_00007FF65451EA30
Source: C:\Users\user\Desktop\c9toH15OT0.exe	Code function: 0_2_00007FF6543C19EE	0_2_00007FF6543C19EE
Source: C:\Users\user\Desktop\c9toH15OT0.exe	Code function: 0_2_00007FF6543CDA80	0_2_00007FF6543CDA80
Source: C:\Users\user\Desktop\c9toH15OT0.exe	Code function: 0_2_00007FF654544A40	0_2_00007FF654544A40
Source: C:\Users\user\Desktop\c9toH15OT0.exe	Code function: 0_2_00007FF654530B20	0_2_00007FF654530B20
Source: C:\Users\user\Desktop\c9toH15OT0.exe	Code function: 0_2_00007FF654571AC0	0_2_00007FF654571AC0
Source: C:\Users\user\Desktop\c9toH15OT0.exe	Code function: 0_2_00007FF6543B8B80	0_2_00007FF6543B8B80
Source: C:\Users\user\Desktop\c9toH15OT0.exe	Code function: 0_2_00007FF6543BBB90	0_2_00007FF6543BBB90
Source: C:\Users\user\Desktop\c9toH15OT0.exe	Code function: 0_2_00007FF65451EBB0	0_2_00007FF65451EBB0
Source: C:\Users\user\Desktop\c9toH15OT0.exe	Code function: 0_2_00007FF654410BA0	0_2_00007FF654410BA0
Source: C:\Users\user\Desktop\c9toH15OT0.exe	Code function: 0_2_00007FF65454EC00	0_2_00007FF65454EC00
Source: C:\Users\user\Desktop\c9toH15OT0.exe	Code function: 0_2_00007FF6543A0BF0	0_2_00007FF6543A0BF0
Source: C:\Users\user\Desktop\c9toH15OT0.exe	Code function: 0_2_00007FF65451ACA0	0_2_00007FF65451ACA0
Source: C:\Users\user\Desktop\c9toH15OT0.exe	Code function: 0_2_00007FF654499C80	0_2_00007FF654499C80
Source: C:\Users\user\Desktop\c9toH15OT0.exe	Code function: 0_2_00007FF6543C7CD0	0_2_00007FF6543C7CD0

Source: C:\Users\user\Desktop\c9toH15OT0.exe	Code function: String function: 00007FF6543B93D0 appears 120 times
Source: C:\Users\user\Desktop\c9toH15OT0.exe	Code function: String function: 00007FF6543BC8C0 appears 233 times
Source: C:\Users\user\Desktop\c9toH15OT0.exe	Code function: String function: 00007FF6543BC4C0 appears 44 times

Source: c9toH15OT0.exe

Static PE information: Number of sections : 11 > 10

Source: c9toH15OT0.exe	Binary string: C:\Users\User\.cargo\registry\src\index.crates.io-6f17d22bba15001f\mio-0.8.11\src\sys\windows\afd.rs\Device\Afd\Mio
Source: c9toH15OT0.exe	Binary string: Failed to open \Device\Afd\Mio:

Source: classification engine

Classification label: mal68.troj.evad.winEXE@2/0@2/2

Source: C:\Windows\System32\conhost.exe

Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4564:120:WilError_03

Source: c9toH15OT0.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\c9toH15OT0.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: c9toH15OT0.exe	Virustotal: Detection: 50%
Source: c9toH15OT0.exe	ReversingLabs: Detection: 66%

Source: unknown	Process created: C:\Users\user\Desktop\c9toH15OT0.exe "C:\Users\user\Desktop\c9toH15OT0.exe"
Source: C:\Users\user\Desktop\c9toH15OT0.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

Source: C:\Users\user\Desktop\c9toH15OT0.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\c9toH15OT0.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\c9toH15OT0.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\c9toH15OT0.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\c9toH15OT0.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\c9toH15OT0.exe	Section loaded: fwpuclnt.dll	Jump to behavior

Source: c9toH15OT0.exe

Static PE information: Virtual size of .text is bigger than: 0x100000

Source: c9toH15OT0.exe

Static PE information: Image base 0x140000000 > 0x60000000

Source: c9toH15OT0.exe

Static file information: File size 3121152 > 1048576

Source: c9toH15OT0.exe

Static PE information: Raw size of .text is bigger than: 0x100000 < 0x1f3400

Source: c9toH15OT0.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT

Source: c9toH15OT0.exe

Static PE information: section name: .xdata

Source: C:\Users\user\Desktop\c9toH15OT0.exe

API coverage: 2.9 %

Source: C:\Users\user\Desktop\c9toH15OT0.exe

Code function: 0_2_00007FF6543A8DEA GetSystemInfo,

0_2_00007FF6543A8DEA

Source: c9toH15OT0.exe, 00000000.00000003.1715780191.0000029B0D9A4000.00000004.00000020.00020000.00000000.sdmp, c9toH15OT0.exe, 00000000.00000003.1731584762.0000029B0D9A7000.00000004.00000020.00020000.00000000.sdmp, c9toH15OT0.exe, 00000000.00000003.1731365365.0000029B0D9A4000.00000004.00000020.00020000.00000000.sdmp, c9toH15OT0.exe, 00000000.00000003.1731732450.0000029B0D9AB000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Users\user\Desktop\c9toH15OT0.exe	Code function: 0_2_00007FF654391180 Sleep,Sleep,SetUnhandledExceptionFilter,malloc,strlen,malloc,memcpy,_initterm,GetStartupInfoA,		0_2_00007FF654391180
Source: C:\Users\user\Desktop\c9toH15OT0.exe	Code function: 0_2_00007FF65468A828 SetUnhandledExceptionFilter,		0_2_00007FF65468A828

Source: C:\Users\user\Desktop\c9toH15OT0.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Found direct / indirect Syscall (likely to bypass EDR)

Source: C:\Users\user\Desktop\c9toH15OT0.exe	NtDeviceIoControlFile: Indirect: 0x7FF6544044EA			Jump to behavior
Source: C:\Users\user\Desktop\c9toH15OT0.exe	NtCreateFile: Indirect: 0x7FF6544069F7			Jump to behavior

Source: C:\Users\user\Desktop\c9toH15OT0.exe

Code function: 0_2_00007FF65451A980 WSASocketW,WSAGetLastError,WSASocketW,SetHandleInformation,GetLastError,closesocket,bind,WSAGetLastError,WSAGetLastError,

0_2_00007FF65451A980

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 DLL Side-Loading	1 Process Injection	1 Disable or Modify Tools	OS Credential Dumping	1 Security Software Discovery	Remote Services	1 Archive Collected Data	1 Web Service	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Abuse Elevation Control Mechanism	1 Process Injection	LSASS Memory	1 System Network Configuration Discovery	Remote Desktop Protocol	Data from Removable Media	22 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 DLL Side-Loading	1 Deobfuscate/Decode Files or Information	Security Account Manager	2 System Information Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Ingress Tool Transfer	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 Abuse Elevation Control Mechanism	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Obfuscated Files or Information	LSA Secrets	Internet Connection Discovery	SSH	Keylogging	2 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 DLL Side-Loading	Cached Domain Credentials	Wi-Fi Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
c9toH15OT0.exe	51%	Virustotal		Browse
c9toH15OT0.exe	67%	ReversingLabs	Win64.Trojan.Generic
c9toH15OT0.exe	100%	Avira	TR/Agent_AGen.yhjcx

Name	IP	Active	Malicious	Antivirus Detection	Reputation
api.ipify.org	104.26.12.205	true	false		high
api.telegram.org	149.154.167.220	true	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Reputation
https://api.ipify.org/	c9toH15OT0.exe, 00000000.00000002.1731923789.0000029B0D97F000.00000004.00000020.00020000.00000000.sdmp, c9toH15OT0.exe, 00000000.00000003.1731694200.0000029B0D97E000.00000004.00000020.00020000.00000000.sdmp, c9toH15OT0.exe, 00000000.00000002.1732037783.0000029B0D9AE000.00000004.00000020.00020000.00000000.sdmp, c9toH15OT0.exe, 00000000.00000003.1715780191.0000029B0D9A4000.00000004.00000020.00020000.00000000.sdmp, c9toH15OT0.exe, 00000000.00000003.1731638303.0000029B0D97E000.00000004.00000020.00020000.00000000.sdmp, c9toH15OT0.exe, 00000000.00000003.1731584762.0000029B0D9A7000.00000004.00000020.00020000.00000000.sdmp, c9toH15OT0.exe, 00000000.00000003.1731365365.0000029B0D9A4000.00000004.00000020.00020000.00000000.sdmp, c9toH15OT0.exe, 00000000.00000003.1731732450.0000029B0D9AB000.00000004.00000020.00020000.00000000.sdmp	false	high
https://raw.githubusercontent.com/rosmoscos/keys/refs/heads/main/ur-mai.txt	c9toH15OT0.exe	false	high
https://api.telegram.org/bot7080012970:AAFY18TRX89Y_dAwP1Ulb_WhKvCNNODQ-w0/sendMessageR	c9toH15OT0.exe, 00000000.00000002.1731923789.0000029B0D97F000.00000004.00000020.00020000.00000000.sdmp, c9toH15OT0.exe, 00000000.00000003.1731694200.0000029B0D97E000.00000004.00000020.00020000.00000000.sdmp, c9toH15OT0.exe, 00000000.00000003.1731638303.0000029B0D97E000.00000004.00000020.00020000.00000000.sdmp	false	high
https://raw.githubusercontent.com/rosmoscos/keys/refs/heads/main/ur-mai.txt%	c9toH15OT0.exe	false	high
https://api.telegram.org/bot7080012970:AAFY18TRX89Y_dAwP1Ulb_WhKvCNNODQ-w0/sendMessagehttps://api.te	c9toH15OT0.exe	false	high
https://api.ipify.orgsrc/main.rs%	c9toH15OT0.exe	false	unknown
https://api.telegram.org/bot7080012970:AAFY18TRX89Y_dAwP1Ulb_WhKvCNNODQ-w0/sendMessage	c9toH15OT0.exe, 00000000.00000002.1731923789.0000029B0D97F000.00000004.00000020.00020000.00000000.sdmp, c9toH15OT0.exe, 00000000.00000003.1731694200.0000029B0D97E000.00000004.00000020.00020000.00000000.sdmp, c9toH15OT0.exe, 00000000.00000003.1731638303.0000029B0D97E000.00000004.00000020.00020000.00000000.sdmp	false	high
https://api.telegram.org/bot7080012970:AAFY18TRX89Y_dAwP1Ulb_WhKvCNNODQ-w0/sendDocument985314977	c9toH15OT0.exe	false	high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
149.154.167.220	api.telegram.org	United Kingdom		62041	TELEGRAMRU	false
104.26.12.205	api.ipify.org	United States		13335	CLOUDFLARENETUS	false

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1578689
Start date and time:	2024-12-20 04:19:40 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 2m 53s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	2
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	c9toH15OT0.exe (renamed file extension from none to exe, renamed because original name is a hash value)
Original Sample Name:	1ce88179cf309cf721fbd5f924bbe02adf339971d4b7722facdae4b6dd8be42d
Detection:	MAL
Classification:	mal68.troj.evad.winEXE@2/0@2/2
EGA Information:	Successful, ratio: 100%
HCA Information:	Failed
Cookbook Comments:	Stop behavior analysis, all processes terminated

Warnings

Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing disassembly code.

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
149.154.167.220	9KEZfGRjyK.exe	Get hash	malicious	Unknown	Browse
	9KEZfGRjyK.exe	Get hash	malicious	Unknown	Browse
	file.exe	Get hash	malicious	NetSupport RAT, LummaC, Amadey, Blank Grabber, LummaC Stealer, PureLog Stealer	Browse
	PURCHASE ORDER TRC-090971819130-24_pdf.exe	Get hash	malicious	GuLoader, MassLogger RAT	Browse
	PAYMENT ADVICE 750013-1012449943-81347-pdf.exe	Get hash	malicious	GuLoader, MassLogger RAT	Browse
	66776676676.exe	Get hash	malicious	GuLoader, Snake Keylogger, VIP Keylogger	Browse
	_Company.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse
	F.O Pump Istek,Docx.bat	Get hash	malicious	DBatLoader, PureLog Stealer, Snake Keylogger	Browse
	D.G Governor Istek,Docx.exe	Get hash	malicious	DBatLoader, PureLog Stealer, Snake Keylogger	Browse
	Nuevo pedido de cotizaci#U00f3n 663837 4899272.pdf.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse
104.26.12.205	jgbC220X2U.exe	Get hash	malicious	Unknown	Browse	api.ipify.org/?format=text
	xKvkNk9SXR.exe	Get hash	malicious	TrojanRansom	Browse	api.ipify.org/
	GD8c7ARn8q.exe	Get hash	malicious	TrojanRansom	Browse	api.ipify.org/
	8AbMCL2dxM.exe	Get hash	malicious	RCRU64, TrojanRansom	Browse	api.ipify.org/
	Simple2.exe	Get hash	malicious	Unknown	Browse	api.ipify.org/
	Ransomware Mallox.exe	Get hash	malicious	Targeted Ransomware	Browse	api.ipify.org/
	Yc9hcFC1ux.exe	Get hash	malicious	Unknown	Browse	api.ipify.org/
	6706e721f2c06.exe	Get hash	malicious	Remcos	Browse	api.ipify.org/
	perfcc.elf	Get hash	malicious	Xmrig	Browse	api.ipify.org/
	SecuriteInfo.com.Win32.MalwareX-gen.16395.23732.exe	Get hash	malicious	RDPWrap Tool	Browse	api.ipify.org/

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
api.ipify.org	https://www.canva.com/design/DAGZxEJMIA0/pFi0b1a1Y78oAGDuII8Hjg/view?utm_content=DAGZxEJMIA0&utm_campaign=designshare&utm_medium=link2&utm_source=uniquelinks&utlId=hdcdec8ed4a	Get hash	malicious	HTMLPhisher	Browse	172.67.74.152
	billys.exe	Get hash	malicious	Meduza Stealer	Browse	172.67.74.152
	ruppert.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	104.26.13.205
	DHL_231437894819.bat.exe	Get hash	malicious	AgentTesla	Browse	104.26.13.205
	4089137200.exe	Get hash	malicious	AgentTesla	Browse	172.67.74.152
	iviewers.dll	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	104.26.12.205
	script.ps1	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	104.26.12.205
	script.hta	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	104.26.12.205
	WdlA0C4PkO.exe	Get hash	malicious	Go Stealer, Skuld Stealer	Browse	104.26.12.205
	cali.exe	Get hash	malicious	AgentTesla	Browse	104.26.13.205
api.telegram.org	9KEZfGRjyK.exe	Get hash	malicious	Unknown	Browse	149.154.167.220
	9KEZfGRjyK.exe	Get hash	malicious	Unknown	Browse	149.154.167.220
	PURCHASE ORDER TRC-090971819130-24_pdf.exe	Get hash	malicious	GuLoader, MassLogger RAT	Browse	149.154.167.220
	PAYMENT ADVICE 750013-1012449943-81347-pdf.exe	Get hash	malicious	GuLoader, MassLogger RAT	Browse	149.154.167.220
	66776676676.exe	Get hash	malicious	GuLoader, Snake Keylogger, VIP Keylogger	Browse	149.154.167.220
	_Company.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	149.154.167.220
	F.O Pump Istek,Docx.bat	Get hash	malicious	DBatLoader, PureLog Stealer, Snake Keylogger	Browse	149.154.167.220
	D.G Governor Istek,Docx.exe	Get hash	malicious	DBatLoader, PureLog Stealer, Snake Keylogger	Browse	149.154.167.220
	Nuevo pedido de cotizaci#U00f3n 663837 4899272.pdf.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	149.154.167.220
	PAYMENT SWIFT AND SOA TT07180016-24_pdf.exe	Get hash	malicious	GuLoader, MassLogger RAT	Browse	149.154.167.220

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
TELEGRAMRU	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, PureLog Stealer, Stealc, Vidar	Browse	149.154.167.99
	9KEZfGRjyK.exe	Get hash	malicious	Unknown	Browse	149.154.167.220
	9KEZfGRjyK.exe	Get hash	malicious	Unknown	Browse	149.154.167.220
	file.exe	Get hash	malicious	NetSupport RAT, LummaC, Amadey, Blank Grabber, LummaC Stealer, PureLog Stealer	Browse	149.154.167.220
	file.exe	Get hash	malicious	ScreenConnect Tool, LummaC, Amadey, Cryptbot, LummaC Stealer, Vidar	Browse	149.154.167.99
	PURCHASE ORDER TRC-090971819130-24_pdf.exe	Get hash	malicious	GuLoader, MassLogger RAT	Browse	149.154.167.220
	PAYMENT ADVICE 750013-1012449943-81347-pdf.exe	Get hash	malicious	GuLoader, MassLogger RAT	Browse	149.154.167.220
	66776676676.exe	Get hash	malicious	GuLoader, Snake Keylogger, VIP Keylogger	Browse	149.154.167.220
	pM3fQBuTLy.exe	Get hash	malicious	Vidar	Browse	149.154.167.99
	QIo3SytSZA.exe	Get hash	malicious	Vidar	Browse	149.154.167.99
CLOUDFLARENETUS	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer	Browse	104.21.23.76
	Executed_Innocap-#81(Final.pdf	Get hash	malicious	Unknown	Browse	104.21.11.54
	https://pass-ga.com/	Get hash	malicious	Unknown	Browse	1.1.1.1
	http://supplytic.ca/chuu/wpia/posha/sf_rand_string_mixed(24)/terence.tinnelly@innocapglobal.com	Get hash	malicious	Unknown	Browse	172.67.215.242
	la.bot.m68k.elf	Get hash	malicious	Mirai	Browse	1.14.178.20
	https://workrubinnovations.com/wp-includes/kih/login.html?General=hLskkvfnVcqEPbdrK7sunT26PsAphHOxpizUKt2RC0aCijWkm4KdKAm8rk2qEAtO77hTNQ1F3KTfWtNkeEuTUzu5miygK9V9H06	Get hash	malicious	HTMLPhisher	Browse	104.17.25.14
	file.exe	Get hash	malicious	LummaC, Amadey, Cryptbot, LummaC Stealer	Browse	104.21.91.209
	la.bot.arm6.elf	Get hash	malicious	Mirai	Browse	104.22.149.172
	https://docs.google.com/presentation/d/e/2PACX-1vRbuxCSjoSTqnuwwycGfoopwUno5J5X0s9YIzYdS1Me8P6MAP3FFMvOzHT6E_SBRsWcXRtJqZiYhJR5/pub?start=false&loop=false&delayms=3000	Get hash	malicious	HTMLPhisher	Browse	104.21.12.7
	http://docusign.net	Get hash	malicious	Unknown	Browse	104.18.66.57

File type:	PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows
Entropy (8bit):	6.585333807132694
TrID:	Win64 Executable (generic) (12005/4) 74.95% Generic Win/DOS Executable (2004/3) 12.51% DOS Executable Generic (2002/1) 12.50% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.04%
File name:	c9toH15OT0.exe
File size:	3'121'152 bytes
MD5:	6a5ec7f2c5ea9831b81c7e637c5ecd9f
SHA1:	56eb825c85698d459605aab6d375d8680ba22402
SHA256:	1ce88179cf309cf721fbd5f924bbe02adf339971d4b7722facdae4b6dd8be42d
SHA512:	689ad53cbd71f59d27cbf15227cdb06392b74c705e7b7989fd7b8079f964edf1bf1a63c6489116624aef097dd115791909bff6eb9429f9422ffc02ee4ab269b0
SSDEEP:	49152:3Fw2+28ScwpSxEQMigjfP7fsf2T+VpIpJ2lEbfRwb1VItFwIU6is4Se:qNBgQTIH+s6iFP+sU
TLSH:	0DE57C53F29185EDC15AC0B8925BA232FA32BC8D4A35BB6B17E0C7313E65B405F1DB58
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d......f...............'.4..../................@.............................00......=0...`... ............................

File Icon


Icon Hash:	90cececece8e8eb0

Static PE Info

General

Entrypoint:	0x1400014d0
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x140000000
Subsystem:	windows cui
Image File Characteristics:	EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, DEBUG_STRIPPED
DLL Characteristics:	HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT
Time Stamp:	0x66FEBFE5 [Thu Oct 3 16:01:41 2024 UTC]
TLS Callbacks:	0x40164a00, 0x1, 0x401d16e0, 0x1, 0x401d16b0, 0x1
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	e0632d78a7e37de8cb6c80c1d5daa041

Entrypoint Preview

Instruction
dec eax
sub esp, 28h
dec eax
mov eax, dword ptr [0029F725h]
mov dword ptr [eax], 00000000h
call 00007F54E86F919Fh
nop
nop
dec eax
add esp, 28h
ret
nop dword ptr [eax]
dec eax
sub esp, 28h
call 00007F54E88C8A74h
dec eax
cmp eax, 01h
sbb eax, eax
dec eax
add esp, 28h
ret
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
dec eax
lea ecx, dword ptr [00000009h]
jmp 00007F54E86F94D9h
nop dword ptr [eax+00h]
ret
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
push esi
push edi
dec eax
sub esp, 28h
dec eax
mov esi, dword ptr [ecx+10h]
dec eax
cmp esi, FFFFFFFFh
je 00007F54E86F9598h
dec eax
lea edx, dword ptr [ecx+10h]
dec eax
mov eax, dword ptr [esi]
nop dword ptr [eax+eax+00h]
dec eax
test eax, eax
je 00007F54E86F9583h
js 00007F54E86F9585h
dec esp
lea eax, dword ptr [eax+01h]
dec esp
cmpxchg dword ptr [esi], eax
jne 00007F54E86F94E8h
mov byte ptr [ecx+41h], 00000001h
mov al, 01h
xchg byte ptr [ecx+40h], al
test al, al
jne 00007F54E86F954Dh
dec eax
mov dword ptr [ecx+38h], 00000000h
dec eax
mov eax, edx
dec eax
xchg dword ptr [esi+30h], eax
dec eax
mov dword ptr [eax+28h], edx
dec eax
mov eax, dword ptr [esi+28h]
nop
dec eax
mov ecx, eax
dec eax
or ecx, 02h

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x2fa000	0x14e4	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x2fe000	0x4e8	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x2ce000	0x8178	.pdata
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x2ff000	0x3374	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x2a0840	0x28	.rdata
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2fa528	0x460	.idata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x1f3268	0x1f3400	6a839fcfa006978d3bde4c1f1478ae94	False	0.48337643183525286	data	6.351726939246356	IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.data	0x1f5000	0x1f0	0x200	eef19075b09a65342278d3b54677d549	False	0.171875	data	1.1981934059433288	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rdata	0x1f6000	0xd7060	0xd7200	cfd8ae2e3803859717a78f8c84316922	False	0.5958256918216154	OpenPGP Secret Key	6.532228550617106	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.pdata	0x2ce000	0x8178	0x8200	4a727e2f8d24002ed4dff6e599c66e33	False	0.5485276442307693	data	6.157006052521429	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.xdata	0x2d7000	0x21ce4	0x21e00	b3ae6394a95b05da1b567fc7b6fd3d66	False	0.5	data	5.961647368196014	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.bss	0x2f9000	0x260	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x2fa000	0x14e4	0x1600	7f3d57ce95d6175667d28efaf10e7eac	False	0.2995383522727273	data	4.245058750710776	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.CRT	0x2fc000	0x68	0x200	24fe230c04219594e06564ec99573fa7	False	0.076171875	data	0.38490867468301426	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.tls	0x2fd000	0x10	0x200	bf619eac0cdf3f68d496ea9344137e8b	False	0.02734375	data	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x2fe000	0x4e8	0x600	3a5735f5d36189f0a22f033ecafe1fe8	False	0.333984375	data	4.781619206170931	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.reloc	0x2ff000	0x3374	0x3400	cc6ba58782f6aeeaf55b3af5c5efb624	False	0.4075270432692308	data	5.453890279263294	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_MANIFEST	0x2fe058	0x48f	XML 1.0 document, ASCII text			0.40102827763496146

Imports

DLL	Import
ADVAPI32.dll	RegCloseKey, RegOpenKeyExW, RegQueryValueExW, SystemFunction036
bcrypt.dll	BCryptGenRandom
KERNEL32.dll	DeleteCriticalSection, EnterCriticalSection, InitializeCriticalSection, LeaveCriticalSection, RaiseException, RtlUnwindEx, VirtualProtect, VirtualQuery, __C_specific_handler
msvcrt.dll	__getmainargs, __initenv, __iob_func, __set_app_type, __setusermatherr, _acmdln, _amsg_exit, _cexit, _commode, _errno, _fmode, _fpreset, _initterm, _onexit, abort, calloc, exit, fprintf, free, fwrite, malloc, memcmp, memcpy, memmove, memset, pow, signal, strlen, strncmp, vfprintf
kernel32.dll	AddVectoredExceptionHandler, CloseHandle, CreateFileMappingA, CreateFileW, CreateIoCompletionPort, CreateThread, CreateToolhelp32Snapshot, DuplicateHandle, ExitProcess, FormatMessageW, GetConsoleMode, GetCurrentDirectoryW, GetCurrentProcess, GetCurrentThread, GetEnvironmentVariableW, GetFileInformationByHandle, GetFileInformationByHandleEx, GetFinalPathNameByHandleW, GetFullPathNameW, GetLastError, GetModuleHandleA, GetModuleHandleW, GetProcAddress, GetProcessHeap, GetQueuedCompletionStatusEx, GetStartupInfoA, GetStdHandle, GetSystemInfo, GetSystemTimePreciseAsFileTime, HeapAlloc, HeapFree, HeapReAlloc, InitOnceBeginInitialize, InitOnceComplete, MapViewOfFile, Module32FirstW, Module32NextW, MultiByteToWideChar, PostQueuedCompletionStatus, QueryPerformanceCounter, QueryPerformanceFrequency, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, SetFileCompletionNotificationModes, SetHandleInformation, SetLastError, SetThreadStackGuarantee, SetUnhandledExceptionFilter, Sleep, SwitchToThread, TlsAlloc, TlsFree, TlsGetValue, TlsSetValue, UnmapViewOfFile, WaitForSingleObject, WriteConsoleW
ntdll.dll	NtCancelIoFileEx, NtCreateFile, NtDeviceIoControlFile, NtWriteFile, RtlNtStatusToDosError
ws2_32.dll	WSACleanup, WSAGetLastError, WSAIoctl, WSASend, WSASocketW, WSAStartup, bind, closesocket, connect, freeaddrinfo, getaddrinfo, getpeername, getsockname, getsockopt, ioctlsocket, recv, send, setsockopt, shutdown, socket
api-ms-win-core-synch-l1-2-0.dll	WaitOnAddress, WakeByAddressAll, WakeByAddressSingle
bcryptprimitives.dll	ProcessPrng

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 20, 2024 04:20:35.914315939 CET	49730	443	192.168.2.4	104.26.12.205
Dec 20, 2024 04:20:35.914402962 CET	443	49730	104.26.12.205	192.168.2.4
Dec 20, 2024 04:20:35.914494991 CET	49730	443	192.168.2.4	104.26.12.205
Dec 20, 2024 04:20:35.914861917 CET	49730	443	192.168.2.4	104.26.12.205
Dec 20, 2024 04:20:35.914900064 CET	443	49730	104.26.12.205	192.168.2.4
Dec 20, 2024 04:20:37.133346081 CET	443	49730	104.26.12.205	192.168.2.4
Dec 20, 2024 04:20:37.135482073 CET	49730	443	192.168.2.4	104.26.12.205
Dec 20, 2024 04:20:37.135508060 CET	443	49730	104.26.12.205	192.168.2.4
Dec 20, 2024 04:20:37.136862040 CET	443	49730	104.26.12.205	192.168.2.4
Dec 20, 2024 04:20:37.136979103 CET	49730	443	192.168.2.4	104.26.12.205
Dec 20, 2024 04:20:37.138408899 CET	49730	443	192.168.2.4	104.26.12.205
Dec 20, 2024 04:20:37.138464928 CET	49730	443	192.168.2.4	104.26.12.205
Dec 20, 2024 04:20:37.138590097 CET	443	49730	104.26.12.205	192.168.2.4
Dec 20, 2024 04:20:37.138644934 CET	49730	443	192.168.2.4	104.26.12.205
Dec 20, 2024 04:20:37.309341908 CET	49731	443	192.168.2.4	149.154.167.220
Dec 20, 2024 04:20:37.309406996 CET	443	49731	149.154.167.220	192.168.2.4
Dec 20, 2024 04:20:37.309518099 CET	49731	443	192.168.2.4	149.154.167.220
Dec 20, 2024 04:20:37.309704065 CET	49731	443	192.168.2.4	149.154.167.220
Dec 20, 2024 04:20:37.309724092 CET	443	49731	149.154.167.220	192.168.2.4
Dec 20, 2024 04:20:38.697577953 CET	443	49731	149.154.167.220	192.168.2.4
Dec 20, 2024 04:20:38.697968006 CET	49731	443	192.168.2.4	149.154.167.220
Dec 20, 2024 04:20:38.698008060 CET	443	49731	149.154.167.220	192.168.2.4
Dec 20, 2024 04:20:38.699062109 CET	443	49731	149.154.167.220	192.168.2.4
Dec 20, 2024 04:20:38.699157953 CET	49731	443	192.168.2.4	149.154.167.220
Dec 20, 2024 04:20:38.699390888 CET	49731	443	192.168.2.4	149.154.167.220
Dec 20, 2024 04:20:38.699421883 CET	49731	443	192.168.2.4	149.154.167.220
Dec 20, 2024 04:20:38.699582100 CET	443	49731	149.154.167.220	192.168.2.4
Dec 20, 2024 04:20:38.699650049 CET	49731	443	192.168.2.4	149.154.167.220

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 20, 2024 04:20:35.768138885 CET	54090	53	192.168.2.4	1.1.1.1
Dec 20, 2024 04:20:35.908447981 CET	53	54090	1.1.1.1	192.168.2.4
Dec 20, 2024 04:20:37.169575930 CET	49498	53	192.168.2.4	1.1.1.1
Dec 20, 2024 04:20:37.308079004 CET	53	49498	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Dec 20, 2024 04:20:35.768138885 CET	192.168.2.4	1.1.1.1	0x1360	Standard query (0)	api.ipify.org	A (IP address)	IN (0x0001)	false
Dec 20, 2024 04:20:37.169575930 CET	192.168.2.4	1.1.1.1	0xcf10	Standard query (0)	api.telegram.org	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Dec 20, 2024 04:20:35.908447981 CET	1.1.1.1	192.168.2.4	0x1360	No error (0)	api.ipify.org	104.26.12.205	A (IP address)	IN (0x0001)	false
Dec 20, 2024 04:20:35.908447981 CET	1.1.1.1	192.168.2.4	0x1360	No error (0)	api.ipify.org	172.67.74.152	A (IP address)	IN (0x0001)	false
Dec 20, 2024 04:20:35.908447981 CET	1.1.1.1	192.168.2.4	0x1360	No error (0)	api.ipify.org	104.26.13.205	A (IP address)	IN (0x0001)	false
Dec 20, 2024 04:20:37.308079004 CET	1.1.1.1	192.168.2.4	0xcf10	No error (0)	api.telegram.org	149.154.167.220	A (IP address)	IN (0x0001)	false

Target ID:	0
Start time:	22:20:34
Start date:	19/12/2024
Path:	C:\Users\user\Desktop\c9toH15OT0.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Desktop\c9toH15OT0.exe"
Imagebase:	0x7ff654390000
File size:	3'121'152 bytes
MD5 hash:	6A5EC7F2C5EA9831B81C7E637C5ECD9F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	1
Start time:	22:20:34
Start date:	19/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	2.8%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	48.6%
Total number of Nodes:	1609
Total number of Limit Nodes:	66

Executed Functions

Function 00007FF6543ACE85 Relevance: 118.7, APIs: 64, Strings: 14, Instructions: 1662COMMON

Download Yara Rule

Strings

size overflows MAX_SIZE, xrefs: 00007FF6543B2AFD
cannot access a Thread Local Storage value during or after destruction/rustc/129f3b9964af4d4a709d1383930ade12dfe7c081\library\std\src\thread\local.rs, xrefs: 00007FF6543B26DD
called `Result::unwrap()` on an `Err` value, xrefs: 00007FF6543B2C86
W, xrefs: 00007FF6543ADCAB
nown, xrefs: 00007FF6543AF216
https://api.telegram.org/bot7080012970:AAFY18TRX89Y_dAwP1Ulb_WhKvCNNODQ-w0/sendMessagehttps://api.telegram.org/bot7080012970:AAFY18TRX89Y_dAwP1Ulb_WhKvCNNODQ-w0/sendDocument985314977, xrefs: 00007FF6543AF3C3
V, xrefs: 00007FF6543AF3B3
https://raw.githubusercontent.com/rosmoscos/keys/refs/heads/main/ur-mai.txt, xrefs: 00007FF6543AF995
chat_iddocument, xrefs: 00007FF6543ADAA9
Client::new(), xrefs: 00007FF6543B286E
xi, xrefs: 00007FF6543AF463
tv, xrefs: 00007FF6543B5247
j, xrefs: 00007FF6543AF2F0
Pending error polled more than once, xrefs: 00007FF6543B2987

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID:
String ID: Client::new()$Pending error polled more than once$V$W$called `Result::unwrap()` on an `Err` value$cannot access a Thread Local Storage value during or after destruction/rustc/129f3b9964af4d4a709d1383930ade12dfe7c081\library\std\src\thread\local.rs$chat_iddocument$https://api.telegram.org/bot7080012970:AAFY18TRX89Y_dAwP1Ulb_WhKvCNNODQ-w0/sendMessagehttps://api.telegram.org/bot7080012970:AAFY18TRX89Y_dAwP1Ulb_WhKvCNNODQ-w0/sendDocument985314977$https://raw.githubusercontent.com/rosmoscos/keys/refs/heads/main/ur-mai.txt$nown$size overflows MAX_SIZE$tv$xi$j
API String ID: 0-1257920799
Opcode ID: cea77f800d10a777f30bdc393cede84b9eea5955593df3c88aca81e6a8665f9e
Instruction ID: 3d3f6e3f1956bc20350e832f71965f4e5510f7a820b2856edddb74028f3029d5
Opcode Fuzzy Hash: cea77f800d10a777f30bdc393cede84b9eea5955593df3c88aca81e6a8665f9e
Instruction Fuzzy Hash: 9C232932A0CBC681EB718B15E4953EAB3A5FB84784F484175DA8C63BA9DF7DD149CB00

Function 00007FF6543AD213 Relevance: 86.7, APIs: 47, Strings: 10, Instructions: 1225memoryCOMMON

Download Yara Rule

APIs

memcpy.MSVCRT ref: 00007FF6543AD555
HeapFree.KERNEL32 ref: 00007FF6543AD576
HeapFree.KERNEL32 ref: 00007FF6543AD5AE
memcpy.MSVCRT ref: 00007FF6543AD632
memcpy.MSVCRT ref: 00007FF6543AD6D4
memcpy.MSVCRT ref: 00007FF6543ADA42
memcpy.MSVCRT ref: 00007FF6543ADB00
memcpy.MSVCRT ref: 00007FF6543ADB92
memcpy.MSVCRT ref: 00007FF6543ADC00
memcpy.MSVCRT ref: 00007FF6543ADD3C
memcpy.MSVCRT ref: 00007FF6543ADE3A
HeapFree.KERNEL32 ref: 00007FF6543AE106
memcpy.MSVCRT ref: 00007FF6543AE2D2
memcpy.MSVCRT ref: 00007FF6543AE3B7
memcpy.MSVCRT ref: 00007FF6543AE3D2
memcpy.MSVCRT ref: 00007FF6543AE3F7
memcpy.MSVCRT ref: 00007FF6543AEAB1

Strings

size overflows MAX_SIZE, xrefs: 00007FF6543B2AA4
xi, xrefs: 00007FF6543AF463
tv, xrefs: 00007FF6543B5247
j, xrefs: 00007FF6543AF2F0
W, xrefs: 00007FF6543ADCAB
https://api.telegram.org/bot7080012970:AAFY18TRX89Y_dAwP1Ulb_WhKvCNNODQ-w0/sendMessagehttps://api.telegram.org/bot7080012970:AAFY18TRX89Y_dAwP1Ulb_WhKvCNNODQ-w0/sendDocument985314977, xrefs: 00007FF6543AF3C3
nown, xrefs: 00007FF6543AF216
https://raw.githubusercontent.com/rosmoscos/keys/refs/heads/main/ur-mai.txt, xrefs: 00007FF6543AF995
V, xrefs: 00007FF6543AF3B3
chat_iddocument, xrefs: 00007FF6543ADAA9

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: memcpy$FreeHeap
String ID: V$W$chat_iddocument$https://api.telegram.org/bot7080012970:AAFY18TRX89Y_dAwP1Ulb_WhKvCNNODQ-w0/sendMessagehttps://api.telegram.org/bot7080012970:AAFY18TRX89Y_dAwP1Ulb_WhKvCNNODQ-w0/sendDocument985314977$https://raw.githubusercontent.com/rosmoscos/keys/refs/heads/main/ur-mai.txt$nown$size overflows MAX_SIZE$tv$xi$j
API String ID: 4250714341-4120944697
Opcode ID: 746a26b679a7cebb0f44662a5ab6fa12e56d34dd68331c5f3b3120e9f26e602d
Instruction ID: 268e82ee7561170f0e8851bec12c7acac36bde5ee2fb3fdfcbcbbea12eeacb1e
Opcode Fuzzy Hash: 746a26b679a7cebb0f44662a5ab6fa12e56d34dd68331c5f3b3120e9f26e602d
Instruction Fuzzy Hash: 90F24A32A0CBC680EB718B15E4953EAB3A5FB84784F484175DA8C53BA9DF7DD189CB00

Function 00007FF6543ADE99 Relevance: 68.4, APIs: 38, Strings: 7, Instructions: 860memoryCOMMON

Download Yara Rule

APIs

memcpy.MSVCRT ref: 00007FF6543AE0F0
HeapFree.KERNEL32 ref: 00007FF6543AE106

Strings

xi, xrefs: 00007FF6543AF463
tv, xrefs: 00007FF6543B5247
j, xrefs: 00007FF6543AF2F0
https://api.telegram.org/bot7080012970:AAFY18TRX89Y_dAwP1Ulb_WhKvCNNODQ-w0/sendMessagehttps://api.telegram.org/bot7080012970:AAFY18TRX89Y_dAwP1Ulb_WhKvCNNODQ-w0/sendDocument985314977, xrefs: 00007FF6543AF3C3
nown, xrefs: 00007FF6543AF216
https://raw.githubusercontent.com/rosmoscos/keys/refs/heads/main/ur-mai.txt, xrefs: 00007FF6543AF995
V, xrefs: 00007FF6543AF3B3

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: FreeHeapmemcpy
String ID: V$https://api.telegram.org/bot7080012970:AAFY18TRX89Y_dAwP1Ulb_WhKvCNNODQ-w0/sendMessagehttps://api.telegram.org/bot7080012970:AAFY18TRX89Y_dAwP1Ulb_WhKvCNNODQ-w0/sendDocument985314977$https://raw.githubusercontent.com/rosmoscos/keys/refs/heads/main/ur-mai.txt$nown$tv$xi$j
API String ID: 673829100-3382795902
Opcode ID: 8aaf3b555338c0ee81e73ba18b056a506734bec5462bb3cbe409f90fcbda6893
Instruction ID: 0ffffa5c3dbfc67cf7bc14ac5edb2f2b78440f5d1c1028669c4c7b8a20ba48b5
Opcode Fuzzy Hash: 8aaf3b555338c0ee81e73ba18b056a506734bec5462bb3cbe409f90fcbda6893
Instruction Fuzzy Hash: BDA26D32A0CAC681EB71DB16E4943EE63A4FB84784F484175DA8DA3BA9DF3DD149C700

Function 00007FF6543ACF27 Relevance: 53.1, APIs: 29, Strings: 6, Instructions: 617
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

memcpy.MSVCRT ref: 00007FF6543AEB2F
HeapFree.KERNEL32 ref: 00007FF6543AEB62
HeapFree.KERNEL32 ref: 00007FF6543AECC1
HeapFree.KERNEL32 ref: 00007FF6543AECFC
memcpy.MSVCRT ref: 00007FF6543AEE18
HeapFree.KERNEL32 ref: 00007FF6543AEE3D
HeapFree.KERNEL32 ref: 00007FF6543AEE8C

Strings

xi, xrefs: 00007FF6543AF463
j, xrefs: 00007FF6543AF2F0
https://api.telegram.org/bot7080012970:AAFY18TRX89Y_dAwP1Ulb_WhKvCNNODQ-w0/sendMessagehttps://api.telegram.org/bot7080012970:AAFY18TRX89Y_dAwP1Ulb_WhKvCNNODQ-w0/sendDocument985314977, xrefs: 00007FF6543AF3C3
nown, xrefs: 00007FF6543AF216
https://raw.githubusercontent.com/rosmoscos/keys/refs/heads/main/ur-mai.txt, xrefs: 00007FF6543AF995
V, xrefs: 00007FF6543AF3B3

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: FreeHeap$memcpy
String ID: V$https://api.telegram.org/bot7080012970:AAFY18TRX89Y_dAwP1Ulb_WhKvCNNODQ-w0/sendMessagehttps://api.telegram.org/bot7080012970:AAFY18TRX89Y_dAwP1Ulb_WhKvCNNODQ-w0/sendDocument985314977$https://raw.githubusercontent.com/rosmoscos/keys/refs/heads/main/ur-mai.txt$nown$xi$j
API String ID: 1887603139-1714493280
Opcode ID: 25ce228b5f7c71a651ca52b569e52b9e943e110bdb2b10317cdd634e0fb961aa
Instruction ID: 0f7ef9ade489805a2ee6864ead32d95ac1127bfff4f60ffb68ba5908899debda
Opcode Fuzzy Hash: 25ce228b5f7c71a651ca52b569e52b9e943e110bdb2b10317cdd634e0fb961aa
Instruction Fuzzy Hash: 2F726A32A08BC681EB60DB12E4943EE77A4FB84784F484176DA8D93BA9DF7DD149C740

Function 00007FF654521DC0 Relevance: 39.6, APIs: 19, Strings: 3, Instructions: 1055networkCOMMON

Download Yara Rule

APIs

memcpy.MSVCRT ref: 00007FF654521F8E
closesocket.WS2_32 ref: 00007FF654522089
recv.WS2_32 ref: 00007FF654522C2D
WSAGetLastError.WS2_32 ref: 00007FF654522C3B

Strings

called `Result::unwrap()` on an `Err` value, xrefs: 00007FF65452252E, 00007FF65452296F
A Tokio 1.x context was found, but IO is disabled. Call `enable_io` on the runtime builder to enable IO.A Tokio 1.x context was found, but timers are disabled. Call `enable_time` on the runtime builder to enable timers.Oh no! We never placed the Core back, thi, xrefs: 00007FF6545227B5
A Tokio 1.x context was found, but it is being shutdown.C:\Users\User\.cargo\registry\src\index.crates.io-6f17d22bba15001f\tokio-1.36.0\src\runtime\io\scheduled_io.rs, xrefs: 00007FF654521E99

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: ErrorLastclosesocketmemcpyrecv
String ID: A Tokio 1.x context was found, but IO is disabled. Call `enable_io` on the runtime builder to enable IO.A Tokio 1.x context was found, but timers are disabled. Call `enable_time` on the runtime builder to enable timers.Oh no! We never placed the Core back, thi$A Tokio 1.x context was found, but it is being shutdown.C:\Users\User\.cargo\registry\src\index.crates.io-6f17d22bba15001f\tokio-1.36.0\src\runtime\io\scheduled_io.rs$called `Result::unwrap()` on an `Err` value
API String ID: 1438857626-1630406791
Opcode ID: 1a0429f8fd4b31fa50f4b56c8e3ca4f129a33fe84985245194d18726a27546b2
Instruction ID: ba26c03a1ac6b498adc49129e88e98dc16e8375aae1e042658275417b1c6dc82
Opcode Fuzzy Hash: 1a0429f8fd4b31fa50f4b56c8e3ca4f129a33fe84985245194d18726a27546b2
Instruction Fuzzy Hash: 3DA2E736A0C68181EA759B11E8A03FA63A0FF95794F484276EE9DA77D5DF3CE085C700

Function 00007FF6543B0DD1 Relevance: 33.6, APIs: 18, Strings: 4, Instructions: 623
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

size overflows MAX_SIZE, xrefs: 00007FF6543B2D75
cannot access a Thread Local Storage value during or after destruction/rustc/129f3b9964af4d4a709d1383930ade12dfe7c081\library\std\src\thread\local.rs, xrefs: 00007FF6543B2DA6
tv, xrefs: 00007FF6543B5247
https://raw.githubusercontent.com/rosmoscos/keys/refs/heads/main/ur-mai.txt, xrefs: 00007FF6543AF995

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID:
String ID: cannot access a Thread Local Storage value during or after destruction/rustc/129f3b9964af4d4a709d1383930ade12dfe7c081\library\std\src\thread\local.rs$https://raw.githubusercontent.com/rosmoscos/keys/refs/heads/main/ur-mai.txt$size overflows MAX_SIZE$tv
API String ID: 0-2024914694
Opcode ID: a53741bf72848248a9a1cebdee88dd65c200b32fa7490253039de3eb16c630c3
Instruction ID: 5b05dcdd49b2c1827b9261f35d605384439de1e551afde682d732b89f352c09c
Opcode Fuzzy Hash: a53741bf72848248a9a1cebdee88dd65c200b32fa7490253039de3eb16c630c3
Instruction Fuzzy Hash: 3A629272A0CBC681EB60CB16E4943EE67A4FB85B84F484175DA8DA3BA9DF3CD545C700

Function 00007FF654403640 Relevance: 27.5, APIs: 9, Strings: 6, Instructions: 1228COMMON

Download Yara Rule

Strings

, xrefs: 00007FF6544044C8
, xrefs: 00007FF6544044D0
called `Result::unwrap()` on an `Err` value, xrefs: 00007FF654404070, 00007FF654404105, 00007FF65440487B, 00007FF6544049BC
assertion failed: !self.is_polling.swap(true, Ordering::AcqRel), xrefs: 00007FF654404124
utf-8, xrefs: 00007FF654403644
*/*, xrefs: 00007FF654403779

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID:
String ID: $ $*/*$assertion failed: !self.is_polling.swap(true, Ordering::AcqRel)$called `Result::unwrap()` on an `Err` value$utf-8
API String ID: 0-3347965490
Opcode ID: cfb31178d679b3061b7eba24d1497f6521ee19885171b1c451629e495ace2c3c
Instruction ID: 21d5d3f6993885eba6fb5881b36659dacfea87d1bf24c806955c3c435db5edf2
Opcode Fuzzy Hash: cfb31178d679b3061b7eba24d1497f6521ee19885171b1c451629e495ace2c3c
Instruction Fuzzy Hash: C4B22722A4CB8281EB50DB25E4A03796BA0FF95B94F4842B1DE5DAB7D9DF3CE451D300

Function 00007FF65451DA00 Relevance: 19.8, APIs: 6, Strings: 5, Instructions: 575
memorythreadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateThread.KERNEL32 ref: 00007FF65451DF83
HeapFree.KERNEL32 ref: 00007FF65451E13E
HeapFree.KERNEL32 ref: 00007FF65451E14F
GetLastError.KERNEL32 ref: 00007FF65451E154
HeapFree.KERNEL32 ref: 00007FF65451E3DA

Strings

assertion failed: prev.ref_count() >= 1, xrefs: 00007FF65451E288
cannot access a Thread Local Storage value during or after destruction/rustc/129f3b9964af4d4a709d1383930ade12dfe7c081\library\std\src\thread\local.rs, xrefs: 00007FF65451E323, 00007FF65451E34E
thread name may not contain interior null bytes, xrefs: 00007FF65451E398
RUST_MIN_STACK()/rustc/129f3b9964af4d4a709d1383930ade12dfe7c081\library\core\src\num\mod.rs, xrefs: 00007FF65451DC36
assertion failed: shared.shutdown_tx.is_some(), xrefs: 00007FF65451E2A5

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: FreeHeap$CreateErrorLastThread
String ID: RUST_MIN_STACK()/rustc/129f3b9964af4d4a709d1383930ade12dfe7c081\library\core\src\num\mod.rs$assertion failed: prev.ref_count() >= 1$assertion failed: shared.shutdown_tx.is_some()$cannot access a Thread Local Storage value during or after destruction/rustc/129f3b9964af4d4a709d1383930ade12dfe7c081\library\std\src\thread\local.rs$thread name may not contain interior null bytes
API String ID: 1443094557-2080857320
Opcode ID: 0f0abef1e3911c9ca5922881495d0eecafd652bff9b28001ed8a27ed38dc702e
Instruction ID: f4ee56b84dfcbf590a1d9bb0c2e025157b8f5cca5a6fbf7380ff59e8fef02737
Opcode Fuzzy Hash: 0f0abef1e3911c9ca5922881495d0eecafd652bff9b28001ed8a27ed38dc702e
Instruction Fuzzy Hash: EF42D332A0DB8281EA659F25E4A03BA67A0FF85780F5855B5DECEA3795DF3CE055C300

Function 00007FF6544F32C0 Relevance: 17.9, APIs: 9, Strings: 1, Instructions: 376
synchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetLastError.KERNEL32 ref: 00007FF6544F32FB
WaitForSingleObject.KERNEL32 ref: 00007FF6544F3455
RtlNtStatusToDosError.NTDLL ref: 00007FF6544F34E0
CloseHandle.KERNEL32 ref: 00007FF6544F3655
MultiByteToWideChar.KERNEL32 ref: 00007FF6544F36FD
WriteConsoleW.KERNEL32 ref: 00007FF6544F373C
WriteConsoleW.KERNEL32 ref: 00007FF6544F37A3
GetLastError.KERNEL32 ref: 00007FF6544F37AC
GetLastError.KERNEL32 ref: 00007FF6544F383E

Strings

called `Result::unwrap()` on an `Err` value, xrefs: 00007FF6544F35F6

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: Error$Last$ConsoleWrite$ByteCharCloseHandleMultiObjectSingleStatusWaitWide
String ID: called `Result::unwrap()` on an `Err` value
API String ID: 1644806672-2333694755
Opcode ID: f74af3b99e2db63fd8153670236585d3f8eb6bcb015b97b8b09344f676863e12
Instruction ID: 3026a8915098663fa4031e7b42bb909f5e6b9356daf405dc1c24401f3c207a0d
Opcode Fuzzy Hash: f74af3b99e2db63fd8153670236585d3f8eb6bcb015b97b8b09344f676863e12
Instruction Fuzzy Hash: 40F1D162E49A9259FB20DB61D8A03FC27A1EB44798F4C4171EA4DA7BD9DF3CE185C300

Function 00007FF65452B460 Relevance: 12.4, APIs: 8, Instructions: 376
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateIoCompletionPort.KERNEL32 ref: 00007FF65452B495
GetLastError.KERNEL32 ref: 00007FF65452B762
memset.MSVCRT ref: 00007FF65452B914
memset.MSVCRT ref: 00007FF65452B933
memset.MSVCRT ref: 00007FF65452B952
memset.MSVCRT ref: 00007FF65452B971
memset.MSVCRT ref: 00007FF65452B993
HeapFree.KERNEL32 ref: 00007FF65452BB30

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: memset$CompletionCreateErrorFreeHeapLastPort
String ID:
API String ID: 3630304894-0
Opcode ID: a4213aa4a4f56e89231fbc641cd2a73d7bddc25c0c614568561bb8f82914d416
Instruction ID: becae1bc59ff69099e4978da70fc8794f6e49544637bc0f6223d9a545d6f3e0b
Opcode Fuzzy Hash: a4213aa4a4f56e89231fbc641cd2a73d7bddc25c0c614568561bb8f82914d416
Instruction Fuzzy Hash: 4312BE22D1CBC182F3618B25E8553BA67A0FB95348F189265DFCD626A6EF7CE1C5C700

Function 00007FF654391180 Relevance: 12.2, APIs: 8, Instructions: 201
sleepstringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32 ref: 00007FF6543911E6
SetUnhandledExceptionFilter.KERNEL32 ref: 00007FF654391258
malloc.MSVCRT ref: 00007FF654391322
strlen.MSVCRT ref: 00007FF654391344
malloc.MSVCRT ref: 00007FF654391350
memcpy.MSVCRT ref: 00007FF654391368
GetStartupInfoA.KERNEL32 ref: 00007FF654391453

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: malloc$ExceptionFilterInfoSleepStartupUnhandledmemcpystrlen
String ID:
API String ID: 649803965-0
Opcode ID: c6eee0f1610aa0ab9b516e8a260dc4f2d989ee27d4750ea3dbb5c154f773677c
Instruction ID: b39128c3382303a9d89dd3f401debf1a2fe17767e6db1b602cf6c01e839352cb
Opcode Fuzzy Hash: c6eee0f1610aa0ab9b516e8a260dc4f2d989ee27d4750ea3dbb5c154f773677c
Instruction Fuzzy Hash: 62815635A0964686FF64AF56E8F077923A1AF45B80F5C40B9CD4DF73A5CE2EE8449300

Function 00007FF65451A980 Relevance: 12.1, APIs: 8, Instructions: 108
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WSAGetLastError.WS2_32 ref: 00007FF65451AA1A
WSASocketW.WS2_32 ref: 00007FF65451AA50
SetHandleInformation.KERNEL32 ref: 00007FF65451AA6D
GetLastError.KERNEL32 ref: 00007FF65451AA7A
closesocket.WS2_32 ref: 00007FF65451AA84
bind.WS2_32 ref: 00007FF65451AAC0
WSAGetLastError.WS2_32 ref: 00007FF65451AAD1

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: ErrorLast$HandleInformationSocketbindclosesocket
String ID:
API String ID: 3498260714-0
Opcode ID: 340aa9f8c848fca64b64136624f04a4048f236b6e001f52065e30287af9c7376
Instruction ID: b46834354a9a25d1fcff253f8df92da2c570d04cf25f9de2df66427f28554078
Opcode Fuzzy Hash: 340aa9f8c848fca64b64136624f04a4048f236b6e001f52065e30287af9c7376
Instruction Fuzzy Hash: FF413861F0825147FB21DE3985A5B7D22909F44BA4F1C9271DE5CE77C6EEBCA8C28700

Function 00007FF654406970 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 181
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlNtStatusToDosError.NTDLL ref: 00007FF654406A01

Part of subcall function 00007FF65439A960: CloseHandle.KERNEL32(?,?,?,00007FF654404C6F), ref: 00007FF65439A96C

Strings

afd_group, xrefs: 00007FF654406C80
AfdGroupcp, xrefs: 00007FF654406C2D

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: CloseErrorHandleStatus
String ID: AfdGroupcp$afd_group
API String ID: 556443930-836908229
Opcode ID: b4cffa2d3a0519832b86c450cfc019da9a9beaefc96f2c78e13bef1385c8a2f1
Instruction ID: a8836c9546c1b1bd5a4df1dcd5e041a77e42afcbdcefd9935bea556f3887011f
Opcode Fuzzy Hash: b4cffa2d3a0519832b86c450cfc019da9a9beaefc96f2c78e13bef1385c8a2f1
Instruction Fuzzy Hash: 5881B47260CB9582EB209F15E4A03AA77B0FF84794F084175EA8D977A9DF3CE155CB00

Function 00007FF654519C80 Relevance: 7.5, APIs: 1, Strings: 3, Instructions: 473COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6544F56B0: TlsGetValue.KERNEL32(?,?,?,?,00007FF654519CCA), ref: 00007FF6544F56C7

WakeByAddressSingle.API-MS-WIN-CORE-SYNCH-L1-2-0 ref: 00007FF65451A11A

Strings

cannot access a Thread Local Storage value during or after destruction/rustc/129f3b9964af4d4a709d1383930ade12dfe7c081\library\std\src\thread\local.rs, xrefs: 00007FF654519CDB, 00007FF654519D96
Box<dyn Any><unnamed>, xrefs: 00007FF654519F45
main, xrefs: 00007FF65451A0B1

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: AddressSingleValueWake
String ID: Box<dyn Any><unnamed>$cannot access a Thread Local Storage value during or after destruction/rustc/129f3b9964af4d4a709d1383930ade12dfe7c081\library\std\src\thread\local.rs$main
API String ID: 741412973-3691618705
Opcode ID: 7023d673c98ff0e9a3bc7b44dcc13488e72f0958903a33798dbd54181d792539
Instruction ID: d00b705fb34fd40b4dfdf4d79d7c05582703cd64c763740490a67931beb874df
Opcode Fuzzy Hash: 7023d673c98ff0e9a3bc7b44dcc13488e72f0958903a33798dbd54181d792539
Instruction Fuzzy Hash: 43229F22A09B8289FB12CF60D8A03BC37A4FB45748F5C55B5DA8DA2795EF3CE544D340

Function 00007FF6543A8DEA Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 74COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32 ref: 00007FF6543A8E0C

Part of subcall function 00007FF65452B460: CreateIoCompletionPort.KERNEL32 ref: 00007FF65452B495

Strings

Failed building the Runtime, xrefs: 00007FF6543A8EA1

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: CompletionCreateInfoPortSystem
String ID: Failed building the Runtime
API String ID: 463844942-401006096
Opcode ID: dc7883cb7fb5deed0a96c581318db998b5aaedc2326bbe97ef11cd5ef6a84700
Instruction ID: ebcafda5d3e81deeb7d375b8cb2aba8e32149e2312182cebb1284024f45cde17
Opcode Fuzzy Hash: dc7883cb7fb5deed0a96c581318db998b5aaedc2326bbe97ef11cd5ef6a84700
Instruction Fuzzy Hash: 90316E3250CBC286EB758B11E4903EA7368FF85340F4841B6E69D53BA9EF2CD249C740

Function 00007FF6543ACE05 Relevance: 44.0, APIs: 22, Strings: 7, Instructions: 462
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

memcpy.MSVCRT ref: 00007FF6543AF08B
HeapFree.KERNEL32 ref: 00007FF6543AF24F
memcpy.MSVCRT ref: 00007FF6543AF35F

Part of subcall function 00007FF65439B750: HeapFree.KERNEL32 ref: 00007FF65439B779
Part of subcall function 00007FF65439B750: HeapFree.KERNEL32 ref: 00007FF65439B7DE

Strings

xi, xrefs: 00007FF6543AF463
tv, xrefs: 00007FF6543B5247
j, xrefs: 00007FF6543AF2F0
https://api.telegram.org/bot7080012970:AAFY18TRX89Y_dAwP1Ulb_WhKvCNNODQ-w0/sendMessagehttps://api.telegram.org/bot7080012970:AAFY18TRX89Y_dAwP1Ulb_WhKvCNNODQ-w0/sendDocument985314977, xrefs: 00007FF6543AF3C3
nown, xrefs: 00007FF6543AF216
https://raw.githubusercontent.com/rosmoscos/keys/refs/heads/main/ur-mai.txt, xrefs: 00007FF6543AF995
V, xrefs: 00007FF6543AF3B3

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: FreeHeap$memcpy
String ID: V$https://api.telegram.org/bot7080012970:AAFY18TRX89Y_dAwP1Ulb_WhKvCNNODQ-w0/sendMessagehttps://api.telegram.org/bot7080012970:AAFY18TRX89Y_dAwP1Ulb_WhKvCNNODQ-w0/sendDocument985314977$https://raw.githubusercontent.com/rosmoscos/keys/refs/heads/main/ur-mai.txt$nown$tv$xi$j
API String ID: 1887603139-3382795902
Opcode ID: c06a56636c1cd20b4eb67e17232519e4d2f2f2ad2c682ae2e3aa7c4a6274b8f7
Instruction ID: 242011a6d190142fea8f02af34e74c52a77b3371c36d72fc283d5fb0e30f7c01
Opcode Fuzzy Hash: c06a56636c1cd20b4eb67e17232519e4d2f2f2ad2c682ae2e3aa7c4a6274b8f7
Instruction Fuzzy Hash: F2427B32A08BC681EB60DB12E4943EE77A4FB85784F484175DA8DA3BA9DF3DD149C700

Function 00007FF6543AF4FF Relevance: 31.9, APIs: 18, Strings: 3, Instructions: 372
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

memcpy.MSVCRT ref: 00007FF6543AF551
memcpy.MSVCRT ref: 00007FF6543AF68B
memcpy.MSVCRT ref: 00007FF6543AF6B9
memcpy.MSVCRT ref: 00007FF6543AF6D3
memcpy.MSVCRT ref: 00007FF6543AF722
HeapFree.KERNEL32 ref: 00007FF6543AF97A
memcpy.MSVCRT ref: 00007FF6543AF9FE

Part of subcall function 00007FF6543E4DD0: memcpy.MSVCRT ref: 00007FF6543E5121

Strings

Content-Typeapplication/jsonsrc\tg.rs, xrefs: 00007FF6543AF564
tv, xrefs: 00007FF6543B5247
https://raw.githubusercontent.com/rosmoscos/keys/refs/heads/main/ur-mai.txt, xrefs: 00007FF6543AF995

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: memcpy$FreeHeap
String ID: Content-Typeapplication/jsonsrc\tg.rs$https://raw.githubusercontent.com/rosmoscos/keys/refs/heads/main/ur-mai.txt$tv
API String ID: 4250714341-1145926978
Opcode ID: c40a44a0881c54acee338dfd9f958b3d3c2c8895f490260e949a236aaecdac7f
Instruction ID: 5ed4e72ff43a674414fb386c5333e4132255da26a517f00be886ed1ac08975a6
Opcode Fuzzy Hash: c40a44a0881c54acee338dfd9f958b3d3c2c8895f490260e949a236aaecdac7f
Instruction Fuzzy Hash: 68126C22A0CBC681EB70DB16E0947EE67A4FB85784F484175DA8CA3BA9DF3DE545C700

Function 00007FF6543AF896 Relevance: 27.3, APIs: 15, Strings: 3, Instructions: 311
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

HeapFree.KERNEL32 ref: 00007FF6543AF8C9
HeapFree.KERNEL32 ref: 00007FF6543AF97A
memcpy.MSVCRT ref: 00007FF6543AF9FE
memcpy.MSVCRT ref: 00007FF6543AFA5E
memcpy.MSVCRT ref: 00007FF6543AFA9E
memcpy.MSVCRT ref: 00007FF6543AFAB3
HeapFree.KERNEL32 ref: 00007FF6543AFBE8
memcpy.MSVCRT ref: 00007FF6543AFF24
memcpy.MSVCRT ref: 00007FF6543AFF3F
memcpy.MSVCRT ref: 00007FF6543AFF6F
memcpy.MSVCRT ref: 00007FF6543AFF8D
HeapFree.KERNEL32 ref: 00007FF6543B199B

Strings

iled, xrefs: 00007FF6543AF8F7
{"ok":tr, xrefs: 00007FF6543AF896
https://raw.githubusercontent.com/rosmoscos/keys/refs/heads/main/ur-mai.txt, xrefs: 00007FF6543AF995

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: memcpy$FreeHeap
String ID: https://raw.githubusercontent.com/rosmoscos/keys/refs/heads/main/ur-mai.txt$iled${"ok":tr
API String ID: 4250714341-527331538
Opcode ID: 9714cc877ab62d098c09863793d3c5ebcf73ead4b0bcdf23ba67ef613c1a00d1
Instruction ID: 1a9f1de558e524c020048a2a71daa1cf1ea9978b1b50a4308eb9fa8410ee2b6a
Opcode Fuzzy Hash: 9714cc877ab62d098c09863793d3c5ebcf73ead4b0bcdf23ba67ef613c1a00d1
Instruction Fuzzy Hash: 99F1C132A08BC681EB60DB16E0A43EE77A4FB85B84F494176DA8CA37A5DF3DD545C700

Function 00007FF6543ACF77 Relevance: 24.3, APIs: 14, Strings: 2, Instructions: 298
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

memcpy.MSVCRT ref: 00007FF6543AF722
HeapFree.KERNEL32 ref: 00007FF6543AF97A
memcpy.MSVCRT ref: 00007FF6543AF9FE
memcpy.MSVCRT ref: 00007FF6543AFA5E
memcpy.MSVCRT ref: 00007FF6543AFA9E
memcpy.MSVCRT ref: 00007FF6543AFAB3

Strings

I', xrefs: 00007FF6543ACFBE
https://raw.githubusercontent.com/rosmoscos/keys/refs/heads/main/ur-mai.txt, xrefs: 00007FF6543AF995

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: memcpy$FreeHeap
String ID: https://raw.githubusercontent.com/rosmoscos/keys/refs/heads/main/ur-mai.txt$I'
API String ID: 4250714341-4047316877
Opcode ID: 53f49c2ea65eaf884d2645ad0999020e54b9fa1a15aa293e036cc34dd15dc288
Instruction ID: 293fade0b9eee7c46301eca9a00f56221730d114c5bce1119555c2ff875b8885
Opcode Fuzzy Hash: 53f49c2ea65eaf884d2645ad0999020e54b9fa1a15aa293e036cc34dd15dc288
Instruction Fuzzy Hash: C8F1AE32A08BC681EB60DB16E0947EE77A4FB85B84F484175DA8CA37A9DF3DD545C700

Function 00007FF6543ACFCD Relevance: 22.8, APIs: 13, Strings: 2, Instructions: 302
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

HeapFree.KERNEL32 ref: 00007FF6543AF97A
memcpy.MSVCRT ref: 00007FF6543AF9FE
memcpy.MSVCRT ref: 00007FF6543AFA5E
memcpy.MSVCRT ref: 00007FF6543AFA9E
memcpy.MSVCRT ref: 00007FF6543AFAB3

Part of subcall function 00007FF654397360: HeapFree.KERNEL32 ref: 00007FF654397391

Strings

tv, xrefs: 00007FF6543B5247
https://raw.githubusercontent.com/rosmoscos/keys/refs/heads/main/ur-mai.txt, xrefs: 00007FF6543AF995

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: memcpy$FreeHeap
String ID: https://raw.githubusercontent.com/rosmoscos/keys/refs/heads/main/ur-mai.txt$tv
API String ID: 4250714341-2277051985
Opcode ID: 62c489910928863f0fac2927a2a0b2535320d27985f1c39df8f4c8e1887a0d7d
Instruction ID: b7dc5ae499f983761bb5cda1c5352e5494794d7890ef9b0e7162a91c77fec333
Opcode Fuzzy Hash: 62c489910928863f0fac2927a2a0b2535320d27985f1c39df8f4c8e1887a0d7d
Instruction Fuzzy Hash: 58F1BE32A08BC681EB60DB16E0947EE77A4FB85B84F484175DA8CA37A9DF3DD545C700

Function 00007FF654515610 Relevance: 9.3, APIs: 6, Instructions: 324
networkmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

memcpy.MSVCRT ref: 00007FF65451566D
getaddrinfo.WS2_32 ref: 00007FF654515798
WSAGetLastError.WS2_32(?,?,?,?,?,?,?,?,?,?,00007FF6545150E8), ref: 00007FF6545157A1
HeapFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,00007FF6545150E8), ref: 00007FF65451581C
memset.MSVCRT ref: 00007FF654515893
WSAStartup.WS2_32 ref: 00007FF65451589F

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: ErrorFreeHeapLastStartupgetaddrinfomemcpymemset
String ID:
API String ID: 2191039773-0
Opcode ID: 7e0705985a1c32c2ca64dfc7bb405311d84d6b74bc2315f3b0120a51475fe30b
Instruction ID: d6e4e6013e7094dab4b0a9341b4ad4c502d6825778301d40554ccfaeedf8f643
Opcode Fuzzy Hash: 7e0705985a1c32c2ca64dfc7bb405311d84d6b74bc2315f3b0120a51475fe30b
Instruction Fuzzy Hash: 22D12722A09B8685FB118F61E8A13FC27A0EF45798F4C9572DE8DA6795EF3CD185C300

Function 00007FF654514AF0 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 228
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WakeByAddressSingle.API-MS-WIN-CORE-SYNCH-L1-2-0 ref: 00007FF654514C70

Part of subcall function 00007FF654514610: TlsGetValue.KERNEL32(?,?,?,?,?,?,00007FF65451A036), ref: 00007FF654514627

WakeByAddressSingle.API-MS-WIN-CORE-SYNCH-L1-2-0 ref: 00007FF654514D97

Strings

cannot access a Thread Local Storage value during or after destruction/rustc/129f3b9964af4d4a709d1383930ade12dfe7c081\library\std\src\thread\local.rs, xrefs: 00007FF654514CAF
lock count overflow in reentrant mutexlibrary\std\src\sync\reentrant_lock.rs, xrefs: 00007FF654514BB5
stdoutlibrary\std\src\io\mod.rs, xrefs: 00007FF654514B0C

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: AddressSingleWake$Value
String ID: cannot access a Thread Local Storage value during or after destruction/rustc/129f3b9964af4d4a709d1383930ade12dfe7c081\library\std\src\thread\local.rs$lock count overflow in reentrant mutexlibrary\std\src\sync\reentrant_lock.rs$stdoutlibrary\std\src\io\mod.rs
API String ID: 3905248491-2834928262
Opcode ID: 5e20c02580f3a8443d18d9c25abc818cdc1b098264708ad6f1d34690697057bf
Instruction ID: 7883d747bfd94d4aefefb2b2e299e9f13b843fc48c02d31fc41b4d9dd0cf27c1
Opcode Fuzzy Hash: 5e20c02580f3a8443d18d9c25abc818cdc1b098264708ad6f1d34690697057bf
Instruction Fuzzy Hash: D6A15E21E09A4294FE129B61E8A03BD23B0AF45748F4825B5DE8DA7796DF3CA505D350

Function 00007FF6544F3670 Relevance: 6.1, APIs: 4, Instructions: 91COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32 ref: 00007FF6544F36FD
WriteConsoleW.KERNEL32 ref: 00007FF6544F373C
WriteConsoleW.KERNEL32 ref: 00007FF6544F37A3
GetLastError.KERNEL32 ref: 00007FF6544F37AC
GetLastError.KERNEL32 ref: 00007FF6544F383E

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: ConsoleErrorLastWrite$ByteCharMultiWide
String ID:
API String ID: 1956605914-0
Opcode ID: 341d3ae9c23e6214a6610ddb97fe7137431df4205c5eb610c16af294e4c23b86
Instruction ID: d24b48a086406a4f304ad439875228965e1540bc97f92abd66253744da37a320
Opcode Fuzzy Hash: 341d3ae9c23e6214a6610ddb97fe7137431df4205c5eb610c16af294e4c23b86
Instruction Fuzzy Hash: 65311072A49A9256F7308A21D9A43FD6291FB04784F4C4175E94CEBBCDEF7CE2818340

Function 00007FF6544F2B90 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 179COMMON

Download Yara Rule

Strings

assertion failed: state_and_queue.addr() & STATE_MASK == RUNNINGlibrary\std\src\sys\sync\once\queue.rs, xrefs: 00007FF6544F2E12
use of std::thread::current() is not possible after the thread's local data has been destroyed, xrefs: 00007FF6544F2DB1, 00007FF6544F2DC9

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID:
String ID: assertion failed: state_and_queue.addr() & STATE_MASK == RUNNINGlibrary\std\src\sys\sync\once\queue.rs$use of std::thread::current() is not possible after the thread's local data has been destroyed
API String ID: 0-1229448639
Opcode ID: f3513aca6a340c1634ce570758c3a0b917af1f47cefeba1397e0e877420f0acc
Instruction ID: c98e9ef7fa16bbd2432bc8816fbe760444c9d3aec1ad8cda30edccf6f71da444
Opcode Fuzzy Hash: f3513aca6a340c1634ce570758c3a0b917af1f47cefeba1397e0e877420f0acc
Instruction Fuzzy Hash: 0F71C226A4AA4665FA599B5198B03BE2760FF44788F1C04B6DE0DA37D9DF3DA441C340

Function 00007FF65439B3C0 Relevance: 5.1, APIs: 4, Instructions: 88memoryCOMMON

Download Yara Rule

APIs

HeapFree.KERNEL32(?,?,?,00007FF654396339,?,?,00000000,?,00007FF654392E51), ref: 00007FF65439B3E5
HeapFree.KERNEL32(?,?,?,00007FF654396339,?,?,00000000), ref: 00007FF65439B3FE
HeapFree.KERNEL32(?,?,?,00007FF654396339,?,?,00000000), ref: 00007FF65439B43C
HeapFree.KERNEL32(?,?,?,00007FF654396339), ref: 00007FF65439B456

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: 5850e3975fdc597a48393d5ffbe148873d151516b35f87b5d54f1bf313554f74
Instruction ID: f2c210951c9aead031343b350b470fd20de7a8a24eb561b14acb08ca783bd044
Opcode Fuzzy Hash: 5850e3975fdc597a48393d5ffbe148873d151516b35f87b5d54f1bf313554f74
Instruction Fuzzy Hash: 78314F62A08A4280E715DF27D4E43BD2361FB85FA8F598172CE1CA72E9CF39D486D340

Function 00007FF6543A3A86 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 50COMMON

Download Yara Rule

APIs

memcpy.MSVCRT ref: 00007FF6543A3AFB
memcpy.MSVCRT ref: 00007FF6543A3B3E

Strings

Pending error polled more than once, xrefs: 00007FF6543A3A9D

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: memcpy
String ID: Pending error polled more than once
API String ID: 3510742995-3358888778
Opcode ID: 63903e3c645f990b4e0e5f610b1370f454bec7c72121ae7e5fc59235d02df441
Instruction ID: 076c9a4ce2e9f6916afc00542783ec5877788b26e02f77a1491612a68509e490
Opcode Fuzzy Hash: 63903e3c645f990b4e0e5f610b1370f454bec7c72121ae7e5fc59235d02df441
Instruction Fuzzy Hash: 8B11603261964292EB61DB12E0A03AF7361FB95790F884472CB8D57AE5DF3DE549C700

Function 00007FF6543C9A40 Relevance: 3.9, APIs: 3, Instructions: 103memoryCOMMON

Download Yara Rule

APIs

HeapReAlloc.KERNEL32(?,?,?,?,00007FF65439C773), ref: 00007FF6543C9A8B
memcpy.MSVCRT ref: 00007FF6543C9B2C
HeapFree.KERNEL32(?,?,?,?,00007FF65439C773), ref: 00007FF6543C9B3E

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: Heap$AllocFreememcpy
String ID:
API String ID: 3820354746-0
Opcode ID: a1f2ced0aa547c6beab918f0b289df581ea430733e2347db2bac092f762af13b
Instruction ID: 9a72333cbe60b44f9692cf3289f19130789cd840ebc7fbaf38aa3ba2e3d6db51
Opcode Fuzzy Hash: a1f2ced0aa547c6beab918f0b289df581ea430733e2347db2bac092f762af13b
Instruction Fuzzy Hash: 7C418262709B5292EE15CF26D8E07B963A0AF44B94F4984B5CA5E977A4FF3CE045C300

Function 00007FF6543A8EE4 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 193COMMON

Download Yara Rule

Strings

Failed building the Runtime, xrefs: 00007FF6543A8EA1

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID:
String ID: Failed building the Runtime
API String ID: 0-401006096
Opcode ID: f8ebad54fe9ee496ae57cfec6ae1b35791468d78de7f7112f4b093c6c3030ae7
Instruction ID: d3018a9ca29f29368ec27d22e86d28984ff48a560486019190677d0d2ee2226c
Opcode Fuzzy Hash: f8ebad54fe9ee496ae57cfec6ae1b35791468d78de7f7112f4b093c6c3030ae7
Instruction Fuzzy Hash: 69A15C31A09BC285EB358B12E4947EA73A9FF85340F484276D69C93BA8EF3CD655C740

Function 00007FF6543B52D0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 46threadCOMMON

Download Yara Rule

APIs

SetThreadDescription.KERNELBASE ref: 00007FF6543B5316

Strings

main, xrefs: 00007FF6543B530C

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: DescriptionThread
String ID: main
API String ID: 2285587249-3207122276
Opcode ID: 72394c1032ff661787b8c7273f195166838be915fd539d77eefa6a8b64e3ea83
Instruction ID: c121c58ebf8f9509035e7401bd3d89876e9380b0f8342cb55a55cc72d74969f9
Opcode Fuzzy Hash: 72394c1032ff661787b8c7273f195166838be915fd539d77eefa6a8b64e3ea83
Instruction Fuzzy Hash: 5D116022E09A46A9FB04DF71E8E12FD2760AF41348F880476D94CB77A9DE3DD249C380

Function 00007FF654514EC0 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 138COMMON

Download Yara Rule

APIs

memcpy.MSVCRT ref: 00007FF654514F21

Strings

127.0.0.1:0C:\Users\User\.cargo\registry\src\index.crates.io-6f17d22bba15001f\mio-0.8.11\src\sys\windows\mod.rs, xrefs: 00007FF654514EC2

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: memcpy
String ID: 127.0.0.1:0C:\Users\User\.cargo\registry\src\index.crates.io-6f17d22bba15001f\mio-0.8.11\src\sys\windows\mod.rs
API String ID: 3510742995-3689599868
Opcode ID: e364337f7810b4fa61548a026c2962d1e5e6b6b116777c00751e355bdad04709
Instruction ID: 307827386fa3bdc875175c430279d9e129238e887bd1b1569a31fe47ce97b20b
Opcode Fuzzy Hash: e364337f7810b4fa61548a026c2962d1e5e6b6b116777c00751e355bdad04709
Instruction Fuzzy Hash: 37510872A09BC685E7218F75D8903FC27A1EB46794F48A671CADDA67C5EF3CA184C340

Function 00007FF6543BB190 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 102COMMON

Download Yara Rule

APIs

memcpy.MSVCRT ref: 00007FF6543BB316

Strings

0x0X, xrefs: 00007FF6543BB2A2

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: memcpy
String ID: 0x0X
API String ID: 3510742995-830206304
Opcode ID: 505c21de923338595ee4801078ffd45dc2197573395dd073a1de22dfc5432d95
Instruction ID: 70449affb8af9b786511a78ab92ce5fcf3fe13af1a7a7d4ec4c01c2f13e1b0bf
Opcode Fuzzy Hash: 505c21de923338595ee4801078ffd45dc2197573395dd073a1de22dfc5432d95
Instruction Fuzzy Hash: 4B418B36B04B5489E7148BA1E8907EC3774FB58768F584635DA9DA3B94DF389156C300

Function 00007FF654522B80 Relevance: 3.1, APIs: 2, Instructions: 96networkCOMMON

Download Yara Rule

APIs

recv.WS2_32 ref: 00007FF654522C2D
WSAGetLastError.WS2_32 ref: 00007FF654522C3B
send.WS2_32 ref: 00007FF654522E4A
WSAGetLastError.WS2_32 ref: 00007FF654522E58

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: ErrorLast$recvsend
String ID:
API String ID: 1444173311-0
Opcode ID: c6c9b0e85feb04516d03b76c6651c8f3d755995235add29e82e9a84e1c3c9d7d
Instruction ID: b7ef91fd5626e93e94fa79505393dd773091f0935c55d26a62081c798f2b7c60
Opcode Fuzzy Hash: c6c9b0e85feb04516d03b76c6651c8f3d755995235add29e82e9a84e1c3c9d7d
Instruction Fuzzy Hash: 0F31AF75A0C68185EE285A269CE02BA5760FF457E0F5C0272FE6DAB7D5CE3CD042C300

Function 00007FF65439B6F4 Relevance: 2.6, APIs: 2, Instructions: 74memoryCOMMON

Download Yara Rule

APIs

HeapFree.KERNEL32 ref: 00007FF65439B779
HeapFree.KERNEL32 ref: 00007FF65439B7DE

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: 7aa1aba65db73a99e912b31755ab8e54c7ff2e561b638271afb233d0777c3e1e
Instruction ID: 28a459cb7322c3a78a17233b793937460194ff7020cb33d4ed28b0f1062d1930
Opcode Fuzzy Hash: 7aa1aba65db73a99e912b31755ab8e54c7ff2e561b638271afb233d0777c3e1e
Instruction Fuzzy Hash: 50313722A09A8281EA159F22D8E43FD2361FF85FE4F4D4176CE1DA72E5DE39E845C350

Function 00007FF65439B6EF Relevance: 2.6, APIs: 2, Instructions: 73memoryCOMMON

Download Yara Rule

APIs

HeapFree.KERNEL32 ref: 00007FF65439B779
HeapFree.KERNEL32 ref: 00007FF65439B7DE

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: e00172f01fb8d8ead8c016a656333ac0a207cdf826f95bbb1b49bf6946badb90
Instruction ID: 17089d2cd1546d819d905c40354883dadad31a605f36235d39f1f28113428ec1
Opcode Fuzzy Hash: e00172f01fb8d8ead8c016a656333ac0a207cdf826f95bbb1b49bf6946badb90
Instruction Fuzzy Hash: 81315822A09A8281EA159F22D4A43FD2361FF85FE4F4D4572CE1DA72E5CE39E445C350

Function 00007FF65439B715 Relevance: 2.6, APIs: 2, Instructions: 67memoryCOMMON

Download Yara Rule

APIs

HeapFree.KERNEL32 ref: 00007FF65439B779
HeapFree.KERNEL32 ref: 00007FF65439B7DE

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: b6d96907975d7a921be6e0d0036191bdbf651ea1565e0c035418e87081a048d7
Instruction ID: 32c0d3c10327ac9b13099eec956e7759cce20b1535a4096f2ed6f91bb83a45cd
Opcode Fuzzy Hash: b6d96907975d7a921be6e0d0036191bdbf651ea1565e0c035418e87081a048d7
Instruction Fuzzy Hash: 0B313A22A09A8280E715DF22D8A43FD2361EF85FE4F4D4576CE1DA72E6DF399445C350

Function 00007FF65439B750 Relevance: 2.6, APIs: 2, Instructions: 60memoryCOMMON

Download Yara Rule

APIs

HeapFree.KERNEL32 ref: 00007FF65439B779
HeapFree.KERNEL32 ref: 00007FF65439B7DE

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: d417f1b1bdc34fd3b8f8e5489fbc7a43f0d4d2cf1b94ac0d06fe342edd187ac4
Instruction ID: 2dc89b50b481ddddf356a8bde365e9a29a84d3451a0d11d8cf11b613ae684a4e
Opcode Fuzzy Hash: d417f1b1bdc34fd3b8f8e5489fbc7a43f0d4d2cf1b94ac0d06fe342edd187ac4
Instruction Fuzzy Hash: F5213E22A0994180E645DF26D8E43FD2361FF85BE4F8D4572CE1DA62E5DF399486C350

Function 00007FF65451CF60 Relevance: 2.5, APIs: 2, Instructions: 43memoryCOMMON

Download Yara Rule

APIs

HeapFree.KERNEL32(?,?,?,?,00007FF65451CF31,?,?,?,00007FF65439AB7E,?,?,?,00007FF6543992F5,?,?,?), ref: 00007FF65451CFAD
HeapFree.KERNEL32(?,?,?,?,00007FF65451CF31,?,?,?,00007FF65439AB7E,?,?,?,00007FF6543992F5,?,?,?), ref: 00007FF65451CFC4

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: f00b2f651c0a2ba18ee8b834bab30d6c5b58bce58e7c26c1a777969ba2e967d8
Instruction ID: 29f9b1677c5fd128505ee2d84e47321eebf408e95408b32bfeb62044918c1734
Opcode Fuzzy Hash: f00b2f651c0a2ba18ee8b834bab30d6c5b58bce58e7c26c1a777969ba2e967d8
Instruction Fuzzy Hash: C1017916E0560682F6229B27E4D03BD6370EF88B95F595872CF4EA7784DF2DE4D69300

Function 00007FF654519B90 Relevance: 1.3, APIs: 1, Instructions: 63memoryCOMMON

Download Yara Rule

APIs

HeapFree.KERNEL32(?,?,?,?,?,?,?,?,00000004,?,00007FF654519B8F,?,?,?,00007FF654519B78), ref: 00007FF654519C66

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: 6bb708161dd00cf3957cd540edbcd17a0ba48c03df0140382fab742cdffaf1a7
Instruction ID: 287bceaff4844c9c90d3c9e36bf488cf4c8953db0ce52a06ef511861dcc89079
Opcode Fuzzy Hash: 6bb708161dd00cf3957cd540edbcd17a0ba48c03df0140382fab742cdffaf1a7
Instruction Fuzzy Hash: 5521BDA6A09B8584EB14CB56D0A02FC3BB1FB89F88F0884B6DEDC63755DF28C104C740

Function 00007FF6543B5396 Relevance: 1.3, APIs: 1, Instructions: 38memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6544F2AA0: HeapFree.KERNEL32 ref: 00007FF6544F2AE3

HeapFree.KERNEL32 ref: 00007FF6543B53D1

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: d9cfd07b100c68657c9ec62c66bcab25a0663fc0d9a24f2c032fe4ef675673b2
Instruction ID: 0f546c1a0cc63ca8be5923c4c9340c3e64f9aa66bcbcd4d8b5bd499be7209496
Opcode Fuzzy Hash: d9cfd07b100c68657c9ec62c66bcab25a0663fc0d9a24f2c032fe4ef675673b2
Instruction Fuzzy Hash: 20018022A09B4294EB05DB26E4E03FD23A1AF45798F8C4476CE0DA77A5DF7CD188D340

Non-executed Functions

Function 00007FF6543A192F Relevance: 29.6, APIs: 15, Strings: 4, Instructions: 1149memoryCOMMON

Download Yara Rule

APIs

memcpy.MSVCRT ref: 00007FF6543A1942
memcpy.MSVCRT ref: 00007FF6543A19C6
memcmp.MSVCRT ref: 00007FF6543A1B54
HeapFree.KERNEL32 ref: 00007FF6543A37F8

Strings

char, xrefs: 00007FF6543A1F1C
rset, xrefs: 00007FF6543A1F29
utf-8, xrefs: 00007FF6543A1947, 00007FF6543A1E54
charset, xrefs: 00007FF6543A1E4D

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: memcpy$FreeHeapmemcmp
String ID: char$charset$rset$utf-8
API String ID: 3299494168-1306876737
Opcode ID: 117b2b7c9b3b240fd9b70e0c3bc29d78c1787a9d079e4e7f082269bd3be64faf
Instruction ID: 3403916ce096b6f0b1afab1c1fa153f0d50b86af50f24d87658686ba2c9e6645
Opcode Fuzzy Hash: 117b2b7c9b3b240fd9b70e0c3bc29d78c1787a9d079e4e7f082269bd3be64faf
Instruction Fuzzy Hash: 2BC20422A4DAC181EE668B17D0A47FA6764FF44B84F895072DE5DA37A1EF3CE585C300

Function 00007FF6543A4107 Relevance: 28.7, APIs: 15, Strings: 1, Instructions: 654memorynetworkCOMMON

Download Yara Rule

APIs

HeapFree.KERNEL32 ref: 00007FF6543A4250
memcpy.MSVCRT ref: 00007FF6543A44D3
socket.WS2_32 ref: 00007FF6543A4CC6
ioctlsocket.WS2_32 ref: 00007FF6543A4CEF
GetLastError.KERNEL32 ref: 00007FF6543A4CF8
closesocket.WS2_32 ref: 00007FF6543A4D0B
GetLastError.KERNEL32 ref: 00007FF6543A4D12
connect.WS2_32 ref: 00007FF6543A4DEC
GetLastError.KERNEL32 ref: 00007FF6543A4DF6
getsockopt.WS2_32 ref: 00007FF6543A4F50
WSAGetLastError.WS2_32 ref: 00007FF6543A4FA5
HeapFree.KERNEL32 ref: 00007FF6543A50C6
closesocket.WS2_32 ref: 00007FF6543A50ED
HeapFree.KERNEL32 ref: 00007FF6543A5111

Strings

task was cancelledtask panickedassertion failed: snapshot.is_complete()C:\Users\User\.cargo\registry\src\index.crates.io-6f17d22bba15001f\tokio-1.36.0\src\runtime\task\harness.rs, xrefs: 00007FF6543A4436

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: ErrorLast$FreeHeap$closesocket$connectgetsockoptioctlsocketmemcpysocket
String ID: task was cancelledtask panickedassertion failed: snapshot.is_complete()C:\Users\User\.cargo\registry\src\index.crates.io-6f17d22bba15001f\tokio-1.36.0\src\runtime\task\harness.rs
API String ID: 2018102388-2937751923
Opcode ID: 96183e28dfdf80e1c11f7646a9fd298f2a35e3609c26eb62da04edd943b2338f
Instruction ID: 9c77a99311a94275f089146fc0b350e094da5f027caee30355fc1d38666e6d37
Opcode Fuzzy Hash: 96183e28dfdf80e1c11f7646a9fd298f2a35e3609c26eb62da04edd943b2338f
Instruction Fuzzy Hash: 37727032508AC182EA768B26E4953EAB3A0FF98744F084175CBDD937A5EF7DE185D700

Function 00007FF654529920 Relevance: 25.2, APIs: 13, Strings: 3, Instructions: 1203memoryCOMMON

Download Yara Rule

APIs

HeapFree.KERNEL32 ref: 00007FF65452AEDF

Strings

cannot access a Thread Local Storage value during or after destruction/rustc/129f3b9964af4d4a709d1383930ade12dfe7c081\library\std\src\thread\local.rs, xrefs: 00007FF65452AC40
called `Result::unwrap()` on an `Err` value, xrefs: 00007FF65452ABA1
assertion failed: end >= start && end <= len, xrefs: 00007FF65452ABC3

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: FreeHeap
String ID: assertion failed: end >= start && end <= len$called `Result::unwrap()` on an `Err` value$cannot access a Thread Local Storage value during or after destruction/rustc/129f3b9964af4d4a709d1383930ade12dfe7c081\library\std\src\thread\local.rs
API String ID: 3298025750-2816111376
Opcode ID: e7a987c4a92a958c705c20c1a131de3f8d92fbee8da3f5041c289e5c2d09a1de
Instruction ID: 99457003df1aee296e9deebea5067d50242b24fa9ea591cf7adfa5c5cc97a7ae
Opcode Fuzzy Hash: e7a987c4a92a958c705c20c1a131de3f8d92fbee8da3f5041c289e5c2d09a1de
Instruction Fuzzy Hash: 4AB2F762A0DBC681EA61CB15E8A53BA63A0FF85794F484276DE9DA37D5DF3CE444C300

Function 00007FF6543A6FA0 Relevance: 24.6, APIs: 7, Strings: 9, Instructions: 550memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6543BE170: memcmp.MSVCRT ref: 00007FF6543BE1E3

memcpy.MSVCRT ref: 00007FF6543A7614
memcpy.MSVCRT ref: 00007FF6543A7629
memset.MSVCRT ref: 00007FF6543A7750

Part of subcall function 00007FF654391780: memcpy.MSVCRT ref: 00007FF6543917C0

HeapFree.KERNEL32 ref: 00007FF6543A79A5
HeapFree.KERNEL32 ref: 00007FF6543A79BE
HeapFree.KERNEL32 ref: 00007FF6543A7CE3

Strings

mail not found, xrefs: 00007FF6543A717F
ot found, xrefs: 00007FF6543A739D
ot found, xrefs: 00007FF6543A72B0
ot found, xrefs: 00007FF6543A71C3
sub not , xrefs: 00007FF6543A71D1
host not, xrefs: 00007FF6543A72BE
user not, xrefs: 00007FF6543A7A4C
port not, xrefs: 00007FF6543A73AB
ot found, xrefs: 00007FF6543A7A3E

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: FreeHeapmemcpy$memcmpmemset
String ID: host not$mail not found$ot found$ot found$ot found$ot found$port not$sub not $user not
API String ID: 4057583900-3981461617
Opcode ID: 2fbd45d806bb7b796409759265be766da3fbcbc5663b55b3bacee5f71b765385
Instruction ID: 064e4e3531b1c5f06498660d3ba6799eed2e7f73e170ff9a91d7c4d780eba67d
Opcode Fuzzy Hash: 2fbd45d806bb7b796409759265be766da3fbcbc5663b55b3bacee5f71b765385
Instruction Fuzzy Hash: 50524D22608BC185EB758B22E4A43EAB7A2FB45744F584175CBDE937A5DF3CE188C701

Function 00007FF6544F4510 Relevance: 23.0, APIs: 13, Strings: 2, Instructions: 511memoryCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?,?,?), ref: 00007FF6544F4A50
TlsSetValue.KERNEL32(?,?,?,?), ref: 00007FF6544F4A63
TlsGetValue.KERNEL32(?,?,?,?), ref: 00007FF6544F4AB0
TlsSetValue.KERNEL32(?,?,?,?), ref: 00007FF6544F4AC3
TlsGetValue.KERNEL32(?,?,?,?), ref: 00007FF6544F4B10
TlsSetValue.KERNEL32(?,?,?,?), ref: 00007FF6544F4B23
TlsGetValue.KERNEL32(?,?,?,?), ref: 00007FF6544F4B60
TlsSetValue.KERNEL32(?,?,?,?), ref: 00007FF6544F4B73
TlsGetValue.KERNEL32(?,?,?,?), ref: 00007FF6544F4BBC
TlsSetValue.KERNEL32(?,?,?,?), ref: 00007FF6544F4BCD
TlsSetValue.KERNEL32 ref: 00007FF6544F4C10
HeapFree.KERNEL32 ref: 00007FF6544F4C5D

Part of subcall function 00007FF6544F4330: TlsAlloc.KERNEL32(?,?,?,?,?,?,-00000008,00000000,00000001,?,00007FF65451AC3B), ref: 00007FF6544F437A
Part of subcall function 00007FF6544F4330: InitOnceComplete.KERNEL32(?,?,?,?,?,?,-00000008,00000000,00000001,?,00007FF65451AC3B), ref: 00007FF6544F43BE

TlsSetValue.KERNEL32 ref: 00007FF6544F4C2D

Part of subcall function 00007FF6544F4270: HeapFree.KERNEL32(?,?,-00000010,?,00007FF6544F416C,?,?,?,?,?,?,00007FF654519E7D), ref: 00007FF6544F429C

Strings

00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899C:\Users\User\.cargo\registry\src\index.crates.io-6f17d22bba, xrefs: 00007FF6544F4594, 00007FF6544F47DF
0x0X, xrefs: 00007FF6544F4721, 00007FF6544F4971

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: Value$FreeHeap$AllocCompleteInitOnce
String ID: 00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899C:\Users\User\.cargo\registry\src\index.crates.io-6f17d22bba$0x0X
API String ID: 471168871-3601239808
Opcode ID: 9387971a1972f53ebb30cb8d64137977b023e149ccb94fa899e3b0a7c1c84399
Instruction ID: e47cb17ee289ca80321cbf1bafe13fce07926a013ede769364f446152448747f
Opcode Fuzzy Hash: 9387971a1972f53ebb30cb8d64137977b023e149ccb94fa899e3b0a7c1c84399
Instruction Fuzzy Hash: 54125822F59A9156EB248B15D4A07BC2361FF65BA0F4C4275DE2EA3BD9DF3CA441D300

Function 00007FF6543ACEB9 Relevance: 18.8, APIs: 10, Strings: 2, Instructions: 756COMMON

Download Yara Rule

APIs

memcpy.MSVCRT ref: 00007FF6543B448F
memcpy.MSVCRT ref: 00007FF6543B4512
memcpy.MSVCRT ref: 00007FF6543B4540
memcpy.MSVCRT ref: 00007FF6543B4560
memcpy.MSVCRT ref: 00007FF6543B45E4

Strings

tv, xrefs: 00007FF6543B5247
assertion failed: prevC:\Users\User\.cargo\registry\src\index.crates.io-6f17d22bba15001f\futures-util-0.3.30\src\stream\futures_unordered\mod.rs, xrefs: 00007FF6543B4F9D

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: memcpy
String ID: assertion failed: prevC:\Users\User\.cargo\registry\src\index.crates.io-6f17d22bba15001f\futures-util-0.3.30\src\stream\futures_unordered\mod.rs$tv
API String ID: 3510742995-3351431354
Opcode ID: b83c8560f3bd27acb2118ce4452637645bae00caa221cc3496d92c427d67a1cb
Instruction ID: 24e0e2401a763e7e2717732a04d547e3c5c9759058b6444eb8338407135b831f
Opcode Fuzzy Hash: b83c8560f3bd27acb2118ce4452637645bae00caa221cc3496d92c427d67a1cb
Instruction Fuzzy Hash: D2829D32A09F8181EB60CB16E0A43BE73A0FB94B84F484575DA9DA77A9DF3DE045D344

Function 00007FF65439D560 Relevance: 16.9, APIs: 8, Strings: 3, Instructions: 410memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6544F6600: QueryPerformanceFrequency.KERNEL32(?,?,?,?,?,?,00007FF65439D404), ref: 00007FF6544F663E

Part of subcall function 00007FF6544F6600: GetLastError.KERNEL32(?,?,?,?,?,?,00007FF65439D404), ref: 00007FF6544F66DC

memcpy.MSVCRT ref: 00007FF65439D6DE
memcpy.MSVCRT ref: 00007FF65439D7DE
HeapFree.KERNEL32 ref: 00007FF65439D922

Strings

assertion failed: prev.ref_count() >= 1, xrefs: 00007FF65439D8FA, 00007FF65439D97A, 00007FF65439D9FA, 00007FF65439DA7A, 00007FF65439DB71
assertion failed: curr.is_join_interested(), xrefs: 00007FF65439DB59
overflow when adding duration to instantlibrary\std\src\time.rs, xrefs: 00007FF65439D658

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: memcpy$ErrorFreeFrequencyHeapLastPerformanceQuery
String ID: assertion failed: curr.is_join_interested()$assertion failed: prev.ref_count() >= 1$overflow when adding duration to instantlibrary\std\src\time.rs
API String ID: 3045614229-1047842113
Opcode ID: 4a7854a053cb1a321c8cfac1166c609c2e98a58abfd627d5b6095a204c9a98d1
Instruction ID: b3caaed7c30d5af3180b62e59fc45664b1ef362066fa63f7d9530c3beed7faef
Opcode Fuzzy Hash: 4a7854a053cb1a321c8cfac1166c609c2e98a58abfd627d5b6095a204c9a98d1
Instruction Fuzzy Hash: 6602E812E0CB8681E6119B25E4A13FD5350EF957A4F089371DEADA27E5EF2CE1C68740

Function 00007FF6543A7DFA Relevance: 16.9, APIs: 7, Strings: 4, Instructions: 406memoryCOMMON

Download Yara Rule

APIs

HeapFree.KERNEL32 ref: 00007FF6543A8770
HeapFree.KERNEL32 ref: 00007FF6543A8789
HeapFree.KERNEL32 ref: 00007FF6543A87A5

Strings

EHLO ADMINAUTH LOGINfailhttps://api.telegram.org/bot7080012970:AAFY18TRX89Y_dAwP1Ulb_WhKvCNNODQ-w0/sendMessagehttps://api.telegram.org/bot7080012970:AAFY18TRX89Y_dAwP1Ulb_WhKvCNNODQ-w0/sendDocument985314977, xrefs: 00007FF6543A8100
334, xrefs: 00007FF6543A822B
334, xrefs: 00007FF6543A82E8
235, xrefs: 00007FF6543A8374

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: FreeHeap
String ID: 235$334$334$EHLO ADMINAUTH LOGINfailhttps://api.telegram.org/bot7080012970:AAFY18TRX89Y_dAwP1Ulb_WhKvCNNODQ-w0/sendMessagehttps://api.telegram.org/bot7080012970:AAFY18TRX89Y_dAwP1Ulb_WhKvCNNODQ-w0/sendDocument985314977
API String ID: 3298025750-2630474875
Opcode ID: f44b81f71e3f38342acf14256a55e5a13814400b5e9365e6584d9671bde5fa5c
Instruction ID: e4f3a2d455cb23f5f3d01a7163bf7f192102ec292ab45f85e400db7a2c7a2389
Opcode Fuzzy Hash: f44b81f71e3f38342acf14256a55e5a13814400b5e9365e6584d9671bde5fa5c
Instruction Fuzzy Hash: 8712722664868282EB698B23E4A03FA77A0FF45784F484075DBDE937A1DF3DE549C301

Function 00007FF6543B7260 Relevance: 16.8, APIs: 10, Strings: 1, Instructions: 277COMMON

Download Yara Rule

Strings

called `Result::unwrap()` on an `Err` value, xrefs: 00007FF6543B728A, 00007FF6543B741A, 00007FF6543B7443

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID:
String ID: called `Result::unwrap()` on an `Err` value
API String ID: 0-2333694755
Opcode ID: cbe803f7ec6a18f9030b7c4cb54956ece02e370ea0a9b6f968dd8258901fc0b0
Instruction ID: a0a02e0ff54053b572a18e401d6fc75891605cbe0cccfca94c7dfd7df22ad4ed
Opcode Fuzzy Hash: cbe803f7ec6a18f9030b7c4cb54956ece02e370ea0a9b6f968dd8258901fc0b0
Instruction Fuzzy Hash: 48B1E261A08B5681FA10DB12E8E07BD2760EF85B84F5D80B6DE4DA77A5DF3CE582C340

Function 00007FF6544B5600 Relevance: 11.5, Strings: 8, Instructions: 1548COMMON

Download Yara Rule

Strings

.llvm./rust/deps\rustc-demangle-0.1.23\src\lib.rs, xrefs: 00007FF6544B562E
called `Result::unwrap()` on an `Err` value, xrefs: 00007FF6544B6CEE
__ZN, xrefs: 00007FF6544B5903
,(><&*@, xrefs: 00007FF6544B69E6
::_$, xrefs: 00007FF6544B65D5, 00007FF6544B6896
RUST_MIN_STACK()/rustc/129f3b9964af4d4a709d1383930ade12dfe7c081\library\core\src\num\mod.rs, xrefs: 00007FF6544B5603, 00007FF6544B61E3
SizeLimitExhausted, xrefs: 00007FF6544B6EA0
`fmt::Error`s should be impossible without a `fmt::Formatter`, xrefs: 00007FF6544B6160

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: memcmp
String ID: ,(><&*@$.llvm./rust/deps\rustc-demangle-0.1.23\src\lib.rs$::_$$RUST_MIN_STACK()/rustc/129f3b9964af4d4a709d1383930ade12dfe7c081\library\core\src\num\mod.rs$SizeLimitExhausted$__ZN$`fmt::Error`s should be impossible without a `fmt::Formatter`$called `Result::unwrap()` on an `Err` value
API String ID: 1475443563-4223493616
Opcode ID: 99c6d4ea137373bdbbacc61f600efb98647a8c51ea272c0afec2757e9b89d760
Instruction ID: 619d12278fb55392f03de5d6a347617051ad2198a4adb25ee10302d1a76463aa
Opcode Fuzzy Hash: 99c6d4ea137373bdbbacc61f600efb98647a8c51ea272c0afec2757e9b89d760
Instruction Fuzzy Hash: 73D26462E589A241FF258B14D4A46BC6B61EB05798F4C42B1DE9EA37DCDF3CE941C302

Function 00007FF6544874E0 Relevance: 9.2, APIs: 5, Strings: 1, Instructions: 204COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 00007FF65448751F
TlsGetValue.KERNEL32 ref: 00007FF654487548
TlsGetValue.KERNEL32 ref: 00007FF654487563
TlsSetValue.KERNEL32 ref: 00007FF6544875BE
TlsGetValue.KERNEL32 ref: 00007FF654487762

Strings

cannot access a Thread Local Storage value during or after destruction/rustc/129f3b9964af4d4a709d1383930ade12dfe7c081\library\std\src\thread\local.rs, xrefs: 00007FF6544877CF

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: Value
String ID: cannot access a Thread Local Storage value during or after destruction/rustc/129f3b9964af4d4a709d1383930ade12dfe7c081\library\std\src\thread\local.rs
API String ID: 3702945584-1759521695
Opcode ID: 19e9d1eacd155317eccecb38f6ea4d160c39881b3a330cf0dfd95c2e5b666cf8
Instruction ID: 8939c098f1b7f39b5d9322d3ea32dbd2d589fea9a0c9337c5f45099e2585f1a5
Opcode Fuzzy Hash: 19e9d1eacd155317eccecb38f6ea4d160c39881b3a330cf0dfd95c2e5b666cf8
Instruction Fuzzy Hash: 22812861B18B8581FE109B54A8B13BB6360FF84380F489576DE8EB6B9ADF3CE141C340

Function 00007FF65439A090 Relevance: 8.0, APIs: 6, Instructions: 460COMMON

Download Yara Rule

APIs

memcmp.MSVCRT ref: 00007FF65439A179
memcmp.MSVCRT ref: 00007FF65439A19E
memcpy.MSVCRT ref: 00007FF65439A5AA

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: memcmp$memcpy
String ID:
API String ID: 231171946-0
Opcode ID: 60013d09134a13cacb7750ef1a12d4fec63ccdcefa74daea2274ed5029be60e7
Instruction ID: ae593fbbb0ff13bb181ea51f3ef31a3cb7cf52afacdf24194faa004544325038
Opcode Fuzzy Hash: 60013d09134a13cacb7750ef1a12d4fec63ccdcefa74daea2274ed5029be60e7
Instruction Fuzzy Hash: 52021222B18BC181E6219B26A4517FAA360FF95BC4F485731EE8D62BA5EF3DD181C700

Function 00007FF6544F6780 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 168COMMON

Download Yara Rule

APIs

QueryPerformanceFrequency.KERNEL32 ref: 00007FF6544F67AD
GetLastError.KERNEL32 ref: 00007FF6544F6975

Strings

called `Result::unwrap()` on an `Err` value, xrefs: 00007FF6544F6992
overflow when subtracting durations, xrefs: 00007FF6544F692B

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: ErrorFrequencyLastPerformanceQuery
String ID: called `Result::unwrap()` on an `Err` value$overflow when subtracting durations
API String ID: 3362413890-1633623230
Opcode ID: e4c183483942a1d4c0c1312c4e0dcc0139cf888d8e79ed2ffeb445847da991db
Instruction ID: 3a2f0544c7bc1d834dd40a536d94f86640e1595c1d9211812bc4ca63577f31aa
Opcode Fuzzy Hash: e4c183483942a1d4c0c1312c4e0dcc0139cf888d8e79ed2ffeb445847da991db
Instruction Fuzzy Hash: CC516911F6AA5661EB15CB60D9A0BB913A0EF40784F5CC075DD0FA3B98DE2CA6428300

Function 00007FF6543E4DD0 Relevance: 6.5, APIs: 3, Strings: 1, Instructions: 473COMMON

Download Yara Rule

APIs

memcpy.MSVCRT ref: 00007FF6543E5121

Strings

Content-Typeapplication/jsonsrc\tg.rs, xrefs: 00007FF6543E5316

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: memcpy
String ID: Content-Typeapplication/jsonsrc\tg.rs
API String ID: 3510742995-3066620823
Opcode ID: 645710806b58f9ddbd9f73631e4cc0b3c1c177ae641ddad6094c8280aa47dafa
Instruction ID: dcb217958f5f73e36f661b6a0f83dd9d2e91643883a29069ef3c15c19e9f5291
Opcode Fuzzy Hash: 645710806b58f9ddbd9f73631e4cc0b3c1c177ae641ddad6094c8280aa47dafa
Instruction Fuzzy Hash: ED221922A0E78385EA218B51E4E03BDA791FB55380F5C46B5DACEA27E5DF3CD865C700

Function 00007FF6544107A0 Relevance: 6.2, APIs: 3, Strings: 1, Instructions: 250COMMON

Download Yara Rule

Strings

cannot access a Thread Local Storage value during or after destruction/rustc/129f3b9964af4d4a709d1383930ade12dfe7c081\library\std\src\thread\local.rs, xrefs: 00007FF654410B1F

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID:
String ID: cannot access a Thread Local Storage value during or after destruction/rustc/129f3b9964af4d4a709d1383930ade12dfe7c081\library\std\src\thread\local.rs
API String ID: 0-1759521695
Opcode ID: 8248316d322deaa6ba58f60b82040c7b5b4210781411cadd322589a26021943e
Instruction ID: 6fd96f84543eba28ad42de746204d19bfd92db06139d1c428508bda1915573e1
Opcode Fuzzy Hash: 8248316d322deaa6ba58f60b82040c7b5b4210781411cadd322589a26021943e
Instruction Fuzzy Hash: 76A14422A5964581FB158B22C5A07782761FF55BC8F0CA2B1DE4DA7BD9EF3CE456C300

Function 00007FF6543D7910 Relevance: 5.1, APIs: 2, Strings: 1, Instructions: 625COMMON

Download Yara Rule

APIs

memcmp.MSVCRT ref: 00007FF6543D7C41
memcmp.MSVCRT ref: 00007FF6543D803A

Strings

assertion failed: N::next(&stream).is_none(), xrefs: 00007FF6543D7ACB

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: memcmp
String ID: assertion failed: N::next(&stream).is_none()
API String ID: 1475443563-2991187163
Opcode ID: 1ab49cdb4b58c0c57bb72d54e07624dd674f3932c68a4d7b99ade0bb623d78ab
Instruction ID: d3f5fd4acd7eaf669be74c90cf25e5dcf3484dfdedf705cb9f26059e9aaa7bfa
Opcode Fuzzy Hash: 1ab49cdb4b58c0c57bb72d54e07624dd674f3932c68a4d7b99ade0bb623d78ab
Instruction Fuzzy Hash: 1F423C72A0C68186EB648B52E4A17BEBBA0FB457C4F485172EE8D937A4DF3CD541C740

Function 00007FF6543D07A0 Relevance: 5.1, Strings: 4, Instructions: 91COMMON

Download Yara Rule

Strings

modnarod, xrefs: 00007FF6543D07B1
uespemos, xrefs: 00007FF6543D07A4
setybdet, xrefs: 00007FF6543D07CB
arenegyl, xrefs: 00007FF6543D07BE

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID:
String ID: arenegyl$modnarod$setybdet$uespemos
API String ID: 0-66988881
Opcode ID: da9d6900f34642e66a07183256a9745014616205da488a57059c192c66cb204a
Instruction ID: 7ef7b481baf53d0c3cb23cab73a4575838201cda5dc5d534b1722f29bc863d80
Opcode Fuzzy Hash: da9d6900f34642e66a07183256a9745014616205da488a57059c192c66cb204a
Instruction Fuzzy Hash: 0E21B8E5B58F8042FE80DBE5787636BA262A3457C0F40E036EE4D9770ADF3DD1528644

Function 00007FF6543AB7FD Relevance: 5.0, APIs: 1, Strings: 2, Instructions: 453COMMON

Download Yara Rule

Strings

cannot access a Thread Local Storage value during or after destruction/rustc/129f3b9964af4d4a709d1383930ade12dfe7c081\library\std\src\thread\local.rs, xrefs: 00007FF6543AC246
core missing, xrefs: 00007FF6543AC125

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID:
String ID: cannot access a Thread Local Storage value during or after destruction/rustc/129f3b9964af4d4a709d1383930ade12dfe7c081\library\std\src\thread\local.rs$core missing
API String ID: 0-790241909
Opcode ID: 2088bf2f338c5d839e28c22e667815e636789edbe8dc7fbf7e7ab80c7a5e07ec
Instruction ID: cd64ff373111f6f0df88d4dbfc804eecd4af5f722dd7958d32910231fe8d63ab
Opcode Fuzzy Hash: 2088bf2f338c5d839e28c22e667815e636789edbe8dc7fbf7e7ab80c7a5e07ec
Instruction Fuzzy Hash: F5328C3294DAC280EA719B12E4A43FE7360FF94750F484672DA9DA26E9DF7CE185C740

Function 00007FF6545305C0 Relevance: 4.1, Strings: 3, Instructions: 336COMMON

Download Yara Rule

Strings

A Tokio 1.x context was found, but timers are disabled. Call `enable_time` on the runtime builder to enable timers.Oh no! We never placed the Core back, this is a bug!, xrefs: 00007FF654530954
Timer already fired, xrefs: 00007FF6545309BB
overflow when adding duration to instantlibrary\std\src\time.rs, xrefs: 00007FF65453096C, 00007FF654530AC8

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID:
String ID: A Tokio 1.x context was found, but timers are disabled. Call `enable_time` on the runtime builder to enable timers.Oh no! We never placed the Core back, this is a bug!$Timer already fired$overflow when adding duration to instantlibrary\std\src\time.rs
API String ID: 0-205797023
Opcode ID: 6982010f73a87ee8b6a29bc155f7fe788ae3ee72d5e05ae4e297d6ef0d7b8b6d
Instruction ID: 8e246d7036891de284810eb06405a15300a301ada797868c7ef6eab5a12a227f
Opcode Fuzzy Hash: 6982010f73a87ee8b6a29bc155f7fe788ae3ee72d5e05ae4e297d6ef0d7b8b6d
Instruction Fuzzy Hash: 58E10562B1978652EE54DF14E4A03B92390FB40BA4F584375DA6EA7BD8DF3CE452C340

Function 00007FF6544B0F70 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 598COMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 00007FF6544B118D

Strings

punycode{-0, xrefs: 00007FF6544B1708

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: memset
String ID: punycode{-0
API String ID: 2221118986-3751456247
Opcode ID: a3209c7f2b4eb40becf3acc722cdc418c2d243ee073d6fb77b24d3e163e7fdac
Instruction ID: f97072ab1443d45bc37c5749041564934ddff48f1f0920b929e2b43fe181badd
Opcode Fuzzy Hash: a3209c7f2b4eb40becf3acc722cdc418c2d243ee073d6fb77b24d3e163e7fdac
Instruction Fuzzy Hash: 1D220562B49BD586EF648B25D4A47FC2791EB19BD4F488171CE1DA7BC8DF3CA9428300

Function 00007FF654526D50 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 92COMMON

Download Yara Rule

APIs

WakeByAddressSingle.API-MS-WIN-CORE-SYNCH-L1-2-0 ref: 00007FF654526DE9

Strings

RNG seed generator is internally corruptC:\Users\User\.cargo\registry\src\index.crates.io-6f17d22bba15001f\tokio-1.36.0\src\util\rand\rt.rs, xrefs: 00007FF654526E4C

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: AddressSingleWake
String ID: RNG seed generator is internally corruptC:\Users\User\.cargo\registry\src\index.crates.io-6f17d22bba15001f\tokio-1.36.0\src\util\rand\rt.rs
API String ID: 3114109732-241763309
Opcode ID: d397667e4653154ccd3b985db46042a57eacdd728090394702b76fcd12573a52
Instruction ID: bfbd6671469fe6fb11904faa77f44e2c87840f0f396b95c6a33d866895a8bd7d
Opcode Fuzzy Hash: d397667e4653154ccd3b985db46042a57eacdd728090394702b76fcd12573a52
Instruction Fuzzy Hash: 8C315922B0D39241FB509B299CD016A67D29F85B94F5C81B2CD8C97795CD3EE40BC380

Function 00007FF6544F8830 Relevance: 3.4, APIs: 2, Instructions: 896memoryCOMMON

Download Yara Rule

APIs

memcpy.MSVCRT ref: 00007FF6544F88BB
HeapFree.KERNEL32 ref: 00007FF6544F8AEC

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: FreeHeapmemcpy
String ID:
API String ID: 673829100-0
Opcode ID: 87d3a5fbaf95b88c7cc1da5d28121b18c1a90711c5d1743f034c47ca3b9043d4
Instruction ID: 1f4c13694b62aed3098cde88f449cb663e1b1f5c56c44c381b470fe2ce9d126a
Opcode Fuzzy Hash: 87d3a5fbaf95b88c7cc1da5d28121b18c1a90711c5d1743f034c47ca3b9043d4
Instruction Fuzzy Hash: FE627A62E4E69268FB258B2184A07BD3B91EB11794F0C81B1DE5DAB7C9DF7C99C1D300

Function 00007FF6543BE170 Relevance: 3.4, APIs: 1, Strings: 1, Instructions: 351COMMON

Download Yara Rule

APIs

memcmp.MSVCRT ref: 00007FF6543BE1E3

Strings

127.0.0.1:0C:\Users\User\.cargo\registry\src\index.crates.io-6f17d22bba15001f\mio-0.8.11\src\sys\windows\mod.rs, xrefs: 00007FF6543BE17A

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: memcmp
String ID: 127.0.0.1:0C:\Users\User\.cargo\registry\src\index.crates.io-6f17d22bba15001f\mio-0.8.11\src\sys\windows\mod.rs
API String ID: 1475443563-3689599868
Opcode ID: 07952fd79116ecca751e5d654c92bc46085e05f30ca5aa899bf0bd00cd3460b9
Instruction ID: 8fd0d84c669c24a55b115d4f69b4fd7643c4320c142a0b0bef3b71f3a2b66ea7
Opcode Fuzzy Hash: 07952fd79116ecca751e5d654c92bc46085e05f30ca5aa899bf0bd00cd3460b9
Instruction Fuzzy Hash: 9DC15722B2CAA542FA15CB27D875BB92651B700B94F888971DD0EA7BD0DF3CE649D300

Function 00007FF654512560 Relevance: 2.7, APIs: 2, Instructions: 240memoryCOMMON

Download Yara Rule

APIs

HeapFree.KERNEL32 ref: 00007FF654512817

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: c8592c234868724ea0d6ab72033c9b0f0db9b73e0f3cbd3e65f20e1faf1876ef
Instruction ID: 4f8ab07d5bacce273abc188567ee5a1b98db5713b2bfb03f874b898ccd78216c
Opcode Fuzzy Hash: c8592c234868724ea0d6ab72033c9b0f0db9b73e0f3cbd3e65f20e1faf1876ef
Instruction Fuzzy Hash: 6F91F662F08A5285F7198F65D8A03BE66A0BB0079CF885571EE9DB3BD4DF7CA181C340

Function 00007FF654526490 Relevance: 2.7, Strings: 2, Instructions: 179COMMON

Download Yara Rule

Strings

00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899C:\Users\User\.cargo\registry\src\index.crates.io-6f17d22bba, xrefs: 00007FF6545264FA
0x0X, xrefs: 00007FF654526682

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID:
String ID: 00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899C:\Users\User\.cargo\registry\src\index.crates.io-6f17d22bba$0x0X
API String ID: 0-3601239808
Opcode ID: 0b9c8eccf69e4b0f99241e91ad9ae571ce14c11f991d2c8749c9b13dd00d451a
Instruction ID: 7bd4d40ccd55cf4d1bcc41b9571d30641538bc8fdb8ff3673200017a4a666742
Opcode Fuzzy Hash: 0b9c8eccf69e4b0f99241e91ad9ae571ce14c11f991d2c8749c9b13dd00d451a
Instruction Fuzzy Hash: 2061B9A3B1C79182EB208B19E4907A96761FF95BD0F885232CA9D63BD5DF3CD505C700

Function 00007FF6545635D0 Relevance: 2.6, Strings: 2, Instructions: 86COMMON

Download Yara Rule

Strings

33333333, xrefs: 00007FF654563650
UUUUUUUU, xrefs: 00007FF6545635D6

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID:
String ID: 33333333$UUUUUUUU
API String ID: 0-3483174168
Opcode ID: 46d1e7909281d7cf042a06f351370e6d834e51d05a2362783bb47f4e652c7561
Instruction ID: 807288d8650094fd6f3f3e9024149f519f1f87217900a48e6c7b55b144bc3b8e
Opcode Fuzzy Hash: 46d1e7909281d7cf042a06f351370e6d834e51d05a2362783bb47f4e652c7561
Instruction Fuzzy Hash: 9B212FE2340A5445FE44DBA69D28A8AAB67F749FE0B4DE161DE4C5B71CCA7CC840C240

Function 00007FF6543B6310 Relevance: 1.7, APIs: 1, Instructions: 490COMMON

Download Yara Rule

APIs

memcpy.MSVCRT ref: 00007FF6543B64BA

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: memcpy
String ID:
API String ID: 3510742995-0
Opcode ID: 1da6ae151778daedd7c7b9218ca4c3c77ecc91e2db1bdff4cf5fde8e83374c20
Instruction ID: f63fae3c93da2edc24bc27cf1f9c0b849261471eebf6d75ce536427be9659850
Opcode Fuzzy Hash: 1da6ae151778daedd7c7b9218ca4c3c77ecc91e2db1bdff4cf5fde8e83374c20
Instruction Fuzzy Hash: 73226A63E08BE156E7019B26C4A43AC7FA1E709740F888176CE8D67796EE3DC15BD311

Function 00007FF6543BBFD0 Relevance: 1.5, Strings: 1, Instructions: 287COMMON

Download Yara Rule

Strings

127.0.0.1:0C:\Users\User\.cargo\registry\src\index.crates.io-6f17d22bba15001f\mio-0.8.11\src\sys\windows\mod.rs, xrefs: 00007FF6543BBFDA

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID:
String ID: 127.0.0.1:0C:\Users\User\.cargo\registry\src\index.crates.io-6f17d22bba15001f\mio-0.8.11\src\sys\windows\mod.rs
API String ID: 0-3689599868
Opcode ID: dbf3c0edcd57c099042635fb5f965848839400dc20581c709f0d30bee9c85156
Instruction ID: 3f99778b70c868c211447a29537b9c0b22a811b9e7fc80fb2ed628a9dbe7d7af
Opcode Fuzzy Hash: dbf3c0edcd57c099042635fb5f965848839400dc20581c709f0d30bee9c85156
Instruction Fuzzy Hash: 37B1D522F08E5689FB75CA76D8A07BD26F0BB04398F584579CE5DA7BB4DE39D4408300

Function 00007FF6543E73A0 Relevance: 1.5, APIs: 1, Instructions: 221COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cbb6bae74620781e88587cc1b055856ce718967546a5aef534f0b3b68d212470
Instruction ID: 89cb7f312674f7fea160ffb35dd83d488600421eb7d54a4c47d4df64681639ff
Opcode Fuzzy Hash: cbb6bae74620781e88587cc1b055856ce718967546a5aef534f0b3b68d212470
Instruction Fuzzy Hash: 74815D12B1A656C1FA619F1690D05B82F90FB04B94F5855B2DE5EB37E0CF38EDA5C700

Function 00007FF6544B0140 Relevance: 1.5, APIs: 1, Instructions: 216COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 075ce8386e548d0d87dcb38c8b11a652959feea3137282699e91187b0e10603e
Instruction ID: 4cf44cc720ca372add0d4655b6f5f902a9b0ab738ba61c3ae67010bd789d9b1c
Opcode Fuzzy Hash: 075ce8386e548d0d87dcb38c8b11a652959feea3137282699e91187b0e10603e
Instruction Fuzzy Hash: 73810923F88A9586EF55CF60C4A42BD6790FB05B55F8915B2DE5DA3788CE38E989C300

Function 00007FF65451D410 Relevance: 1.4, Strings: 1, Instructions: 108COMMON

Download Yara Rule

Strings

cannot access a Thread Local Storage value during or after destruction/rustc/129f3b9964af4d4a709d1383930ade12dfe7c081\library\std\src\thread\local.rs, xrefs: 00007FF65451D5AB

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: Value$PrngProcess
String ID: cannot access a Thread Local Storage value during or after destruction/rustc/129f3b9964af4d4a709d1383930ade12dfe7c081\library\std\src\thread\local.rs
API String ID: 3259538350-1759521695
Opcode ID: b6b4a1df2c54b7b61eb8b513f39141ad561062687d7ee73ad0c0ba0c50d4a025
Instruction ID: 00563e223d05f6b681f2507072cbae485f552e54a42e926aeed18117ce1c22ff
Opcode Fuzzy Hash: b6b4a1df2c54b7b61eb8b513f39141ad561062687d7ee73ad0c0ba0c50d4a025
Instruction Fuzzy Hash: 2431FAE5F15F8142FF5097A8B4753BA9361EB853C0F44E136DE8EA6B0ADF2DD2418640

Function 00007FF654571D40 Relevance: 1.0, Instructions: 982COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7d55ea440807d9ee8a039aef967406ed58a16e4ef89170c157ee36da5b2493af
Instruction ID: 453e78feeeb26c9ab3fb1084e7068534546437da04e9ecaa385d93c12ee3804b
Opcode Fuzzy Hash: 7d55ea440807d9ee8a039aef967406ed58a16e4ef89170c157ee36da5b2493af
Instruction Fuzzy Hash: 28828162719BD486F620CBB1A9217DBA761F799BC4F04A226EE8C67B19DF3CD050D700

Function 00007FF654562790 Relevance: .9, Instructions: 910COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6b7227602b11927411cd065d517740ee44153c817da3a0affa74b9b34e6c5d9f
Instruction ID: 799e23dbd868fbd6b509c59ad3b3cc140881dd99a230a97120cd725553f75879
Opcode Fuzzy Hash: 6b7227602b11927411cd065d517740ee44153c817da3a0affa74b9b34e6c5d9f
Instruction Fuzzy Hash: 6F62E563728BA042F7118F766A15797A755FB99BC4F05E722EE8C27F0ACB38D441A204

Function 00007FF6543B64F0 Relevance: .3, Instructions: 286COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6342bcb2e2f0ba0dea41dc4209c78d44b59ac474370a5eff498c7eec226bb475
Instruction ID: 705046ecaab4f9b8b73caa1c8209bb0e45c7c268b1584f4f17a27c4cf2e4eb29
Opcode Fuzzy Hash: 6342bcb2e2f0ba0dea41dc4209c78d44b59ac474370a5eff498c7eec226bb475
Instruction Fuzzy Hash: 72B1D5A3E099F413D3532B3A41A412C7F529319751B8CC266CEDA17797E43AC56BE322

Function 00007FF6545444D0 Relevance: .2, Instructions: 179COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0762dff6bff2e7a5da116377b5dfcb2133924a52d11812a60db76ca6db1070bd
Instruction ID: 0e975b955b4f0e733617608d9c637ba41a24df6216bceca5696b833dbf11f5fd
Opcode Fuzzy Hash: 0762dff6bff2e7a5da116377b5dfcb2133924a52d11812a60db76ca6db1070bd
Instruction Fuzzy Hash: 0281C121C0DBC205F7073B7514A3265A2309FF32A4F54C772FDA9B99A7EF29B6586110

Function 00007FF6543CEED0 Relevance: .2, Instructions: 177COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 85a7998f95fd0aadbd97b33140aee6dc8cb6e0cd1e7244d270db933a9bde14f6
Instruction ID: fcdae9238ddf2f8f07b5eafea42290e92b2c1f14a9b24f205421bfb5e774d75e
Opcode Fuzzy Hash: 85a7998f95fd0aadbd97b33140aee6dc8cb6e0cd1e7244d270db933a9bde14f6
Instruction Fuzzy Hash: 78518EE2B19BD542FE5487A5B57267A97619F893D0F44E032DECDA7B99EF2CD2008300

Function 00007FF6543998D0 Relevance: .2, Instructions: 174COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 70328144969f5f52cb692032be50543fa5158f8f8b440d45892bd1bc854b07d2
Instruction ID: 1e135f38c855af651d43c5e9751bfe25121b62303cb3ed58d54cc3cf45335aa2
Opcode Fuzzy Hash: 70328144969f5f52cb692032be50543fa5158f8f8b440d45892bd1bc854b07d2
Instruction Fuzzy Hash: 45516DE2B19BC502FE5487A5B57267A93619F893C0F44E136DECE96B59EF2DD2408300

Function 00007FF65451D5D0 Relevance: .1, Instructions: 144COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b4330e56959ee462ed1205fda9ac7683176cd5f26063ffa8ef68a2c8a5f0f074
Instruction ID: b6f8d929b734c6e7812f6bb4547c37cfbc858b58fc07a5a2b44b98450d09ec25
Opcode Fuzzy Hash: b4330e56959ee462ed1205fda9ac7683176cd5f26063ffa8ef68a2c8a5f0f074
Instruction Fuzzy Hash: 1F411672B04A6542FA54CF55E2B4A787651E390FE0F09A132CD5BA3B84CE38E99AC340

Function 00007FF6543A1350 Relevance: .1, Instructions: 144COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b4330e56959ee462ed1205fda9ac7683176cd5f26063ffa8ef68a2c8a5f0f074
Instruction ID: 1db09c36f4f0f0835bf3f672bae9c8733eaa5c3e2b6580af18a19802579e6250
Opcode Fuzzy Hash: b4330e56959ee462ed1205fda9ac7683176cd5f26063ffa8ef68a2c8a5f0f074
Instruction Fuzzy Hash: 90413672B8466542FE54CF53E2B4A787621EB50BD0F45A032CD1BA3BD4CE38D856C340

Function 00007FF65468A828 Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 111b21ec5f7e9fe89f880ee9ac4213b8864fcd8f08edf6f79dc78a0803816fc1
Instruction ID: 70b5c5ae43b5a1029a1c52ab7d8d5885726637b6cb76b1e394ba678a50795f74
Opcode Fuzzy Hash: 111b21ec5f7e9fe89f880ee9ac4213b8864fcd8f08edf6f79dc78a0803816fc1
Instruction Fuzzy Hash: E8218FCBE5DBD54AF75346640CB52682FE09AA791075E80E7CE54972C3AC4D2C06A321

Function 00007FF65468A590 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 35e9cfd55fad44d67fc5b1c831561c77de6b5ecf399b73572e2a8deed26753c2
Instruction ID: 24d58c7984bad3e667918bcf079366c86fcc69f6f0ebb014c7b9da2cc9bd84c1
Opcode Fuzzy Hash: 35e9cfd55fad44d67fc5b1c831561c77de6b5ecf399b73572e2a8deed26753c2
Instruction Fuzzy Hash: 0AD0EC8BCAEED505F26786140CB92791FC09BA6905B0D41FACD58AA183BC092C816242

Function 00007FF65449AD50 Relevance: 27.5, APIs: 13, Strings: 5, Instructions: 460memoryCOMMON

Download Yara Rule

APIs

memcpy.MSVCRT ref: 00007FF65449AED3
HeapFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000002), ref: 00007FF65449AEF1
memcpy.MSVCRT ref: 00007FF65449AFA3
HeapFree.KERNEL32 ref: 00007FF65449B0F8

Part of subcall function 00007FF65440C440: memcpy.MSVCRT ref: 00007FF65440C4E0
Part of subcall function 00007FF65440C440: memcpy.MSVCRT ref: 00007FF65440C522
Part of subcall function 00007FF65440C440: memcpy.MSVCRT ref: 00007FF65440C564

HeapFree.KERNEL32 ref: 00007FF65449B111
HeapFree.KERNEL32 ref: 00007FF65449B12A
memcpy.MSVCRT ref: 00007FF65449B178
HeapFree.KERNEL32 ref: 00007FF65449B1CA
memcpy.MSVCRT ref: 00007FF65449B266
memcpy.MSVCRT ref: 00007FF65449B459

Strings

\, xrefs: 00007FF65449B0C4
name*=ut, xrefs: 00007FF65449AE8E
me=", xrefs: 00007FF65449B031
=utf-8'', xrefs: 00007FF65449AE7F
; filena, xrefs: 00007FF65449B023

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: memcpy$FreeHeap
String ID: ; filena$=utf-8''$\$me="$name*=ut
API String ID: 4250714341-264635638
Opcode ID: b85989d0aa7393741c012d2dedc65c6a970050f8376302ff7d6575fe1b5fe43a
Instruction ID: ce021c1cf84f8c2d02e3572413fc82a396b026db48944355505e7aa3486b908a
Opcode Fuzzy Hash: b85989d0aa7393741c012d2dedc65c6a970050f8376302ff7d6575fe1b5fe43a
Instruction Fuzzy Hash: 9222C032A1DBC282DA10CB02E6943AAB761FB95BC4F584075EE8EA3B59DF3DD045D700

Function 00007FF6545129A0 Relevance: 21.5, APIs: 10, Strings: 2, Instructions: 491memoryCOMMON

Download Yara Rule

APIs

SetLastError.KERNEL32 ref: 00007FF654512ACA
GetEnvironmentVariableW.KERNEL32 ref: 00007FF654512ADC
GetLastError.KERNEL32 ref: 00007FF654512AE8
GetLastError.KERNEL32 ref: 00007FF654512B01
HeapFree.KERNEL32 ref: 00007FF654512B92
HeapFree.KERNEL32 ref: 00007FF654512C2B

Strings

at ThreadId, xrefs: 00007FF654512D4C
<unknown>, xrefs: 00007FF654512FC0

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: ErrorLast$FreeHeap$EnvironmentVariable
String ID: at ThreadId$<unknown>
API String ID: 3745898529-2978829458
Opcode ID: c0a6135ba622bc8b74a35ba35bbe3113de816915c050ea76ab2813dbab21af33
Instruction ID: 9500cba1f50138c1896fbbf4c3b151f1603815ec2649c73ec0ef6410ad702b11
Opcode Fuzzy Hash: c0a6135ba622bc8b74a35ba35bbe3113de816915c050ea76ab2813dbab21af33
Instruction Fuzzy Hash: 45424C36A04B8599E721CF64E8A43E837B0FB4478CF544165EE8CA7B99DF79D289C340

Function 00007FF6543A5F4C Relevance: 18.2, APIs: 9, Strings: 3, Instructions: 182memoryCOMMON

Download Yara Rule

APIs

HeapFree.KERNEL32 ref: 00007FF6543A5F91
HeapFree.KERNEL32 ref: 00007FF6543A603F
memcpy.MSVCRT ref: 00007FF6543A60C1
HeapFree.KERNEL32 ref: 00007FF6543A615C
HeapFree.KERNEL32 ref: 00007FF6543A6184

Strings

%domain%%user%abc%user%abc123%domain%2016%domain%2015%domain%2014%domain%2013%domain%2012%domain%2011%domain%2010%domain%2009%domain%2008%domain%2007%domain%2006%domain%2005%domain%2004%domain%2003%domain%2002%domain%2001%domain%2000%user%2014%user%2013%user%2, xrefs: 00007FF6543A60C6, 00007FF6543A6134
_..., xrefs: 00007FF6543A6209
%user%roottnqwertyqwertyuiqwertyuiop%domain%2022%domain%2023%domain%2024%domain%2021%domain%2020%user%@2020%domain%@2021%domain%@20201020301234teste%user%123123%user%%user%321321%user%123%domain%%user%1234%domain%1234123456%domain%%user%abc%user%abc123%domain%, xrefs: 00007FF6543A618E, 00007FF6543A62A8

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: FreeHeap$memcpy
String ID: %domain%%user%abc%user%abc123%domain%2016%domain%2015%domain%2014%domain%2013%domain%2012%domain%2011%domain%2010%domain%2009%domain%2008%domain%2007%domain%2006%domain%2005%domain%2004%domain%2003%domain%2002%domain%2001%domain%2000%user%2014%user%2013%user%2$%user%roottnqwertyqwertyuiqwertyuiop%domain%2022%domain%2023%domain%2024%domain%2021%domain%2020%user%@2020%domain%@2021%domain%@20201020301234teste%user%123123%user%%user%321321%user%123%domain%%user%1234%domain%1234123456%domain%%user%abc%user%abc123%domain%$_...
API String ID: 1887603139-2523241062
Opcode ID: a8536d2da8715dc60e35740d55811387e9f5af5bbfce0404f94fb10b5dd66eb0
Instruction ID: 9a5a2411172dffc270e16785d4ae879e8a5b4f877f94045476877a2b3dd85d85
Opcode Fuzzy Hash: a8536d2da8715dc60e35740d55811387e9f5af5bbfce0404f94fb10b5dd66eb0
Instruction Fuzzy Hash: 6E91743150CA8281EA10DB53E4A43BAA7A0FF89BC4F584175EE8DA7BA9DF7DD145C700

Function 00007FF6543A5F50 Relevance: 18.2, APIs: 9, Strings: 3, Instructions: 177memoryCOMMON

Download Yara Rule

APIs

HeapFree.KERNEL32 ref: 00007FF6543A5F71
HeapFree.KERNEL32 ref: 00007FF6543A603F
memcpy.MSVCRT ref: 00007FF6543A60C1
HeapFree.KERNEL32 ref: 00007FF6543A615C
HeapFree.KERNEL32 ref: 00007FF6543A6184

Strings

%domain%%user%abc%user%abc123%domain%2016%domain%2015%domain%2014%domain%2013%domain%2012%domain%2011%domain%2010%domain%2009%domain%2008%domain%2007%domain%2006%domain%2005%domain%2004%domain%2003%domain%2002%domain%2001%domain%2000%user%2014%user%2013%user%2, xrefs: 00007FF6543A60C6, 00007FF6543A6134
_..., xrefs: 00007FF6543A6209
%user%roottnqwertyqwertyuiqwertyuiop%domain%2022%domain%2023%domain%2024%domain%2021%domain%2020%user%@2020%domain%@2021%domain%@20201020301234teste%user%123123%user%%user%321321%user%123%domain%%user%1234%domain%1234123456%domain%%user%abc%user%abc123%domain%, xrefs: 00007FF6543A618E, 00007FF6543A62A8

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: FreeHeap$memcpy
String ID: %domain%%user%abc%user%abc123%domain%2016%domain%2015%domain%2014%domain%2013%domain%2012%domain%2011%domain%2010%domain%2009%domain%2008%domain%2007%domain%2006%domain%2005%domain%2004%domain%2003%domain%2002%domain%2001%domain%2000%user%2014%user%2013%user%2$%user%roottnqwertyqwertyuiqwertyuiop%domain%2022%domain%2023%domain%2024%domain%2021%domain%2020%user%@2020%domain%@2021%domain%@20201020301234teste%user%123123%user%%user%321321%user%123%domain%%user%1234%domain%1234123456%domain%%user%abc%user%abc123%domain%$_...
API String ID: 1887603139-2523241062
Opcode ID: ab054a7b629e2ecba0b10f277ee43bc81f32064e6361292c17fea32afa35dbe8
Instruction ID: 9f4b51be4e147a705a7c8b8bf38b069d6ecbfe783b68493f7425c967dadd4e95
Opcode Fuzzy Hash: ab054a7b629e2ecba0b10f277ee43bc81f32064e6361292c17fea32afa35dbe8
Instruction Fuzzy Hash: 2A81753150CB8281EA10DB53E4A43AAA7A0FF85BC8F584175EE8DA7BA9DF7DD145C700

Function 00007FF6543A6060 Relevance: 18.2, APIs: 9, Strings: 3, Instructions: 175memoryCOMMON

Download Yara Rule

APIs

memcpy.MSVCRT ref: 00007FF6543A60C1
HeapFree.KERNEL32 ref: 00007FF6543A615C
HeapFree.KERNEL32 ref: 00007FF6543A6184
HeapFree.KERNEL32 ref: 00007FF6543A626A
HeapFree.KERNEL32 ref: 00007FF6543A6283
HeapFree.KERNEL32 ref: 00007FF6543A63A6

Part of subcall function 00007FF65439A5E0: memcpy.MSVCRT ref: 00007FF65439A6CF
Part of subcall function 00007FF65439A5E0: memcpy.MSVCRT ref: 00007FF65439A746

HeapFree.KERNEL32 ref: 00007FF6543A62D0
HeapFree.KERNEL32 ref: 00007FF6543A62F8

Strings

%domain%%user%abc%user%abc123%domain%2016%domain%2015%domain%2014%domain%2013%domain%2012%domain%2011%domain%2010%domain%2009%domain%2008%domain%2007%domain%2006%domain%2005%domain%2004%domain%2003%domain%2002%domain%2001%domain%2000%user%2014%user%2013%user%2, xrefs: 00007FF6543A60C6, 00007FF6543A6134
_..., xrefs: 00007FF6543A6209
%user%roottnqwertyqwertyuiqwertyuiop%domain%2022%domain%2023%domain%2024%domain%2021%domain%2020%user%@2020%domain%@2021%domain%@20201020301234teste%user%123123%user%%user%321321%user%123%domain%%user%1234%domain%1234123456%domain%%user%abc%user%abc123%domain%, xrefs: 00007FF6543A618E, 00007FF6543A62A8

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: FreeHeap$memcpy
String ID: %domain%%user%abc%user%abc123%domain%2016%domain%2015%domain%2014%domain%2013%domain%2012%domain%2011%domain%2010%domain%2009%domain%2008%domain%2007%domain%2006%domain%2005%domain%2004%domain%2003%domain%2002%domain%2001%domain%2000%user%2014%user%2013%user%2$%user%roottnqwertyqwertyuiqwertyuiop%domain%2022%domain%2023%domain%2024%domain%2021%domain%2020%user%@2020%domain%@2021%domain%@20201020301234teste%user%123123%user%%user%321321%user%123%domain%%user%1234%domain%1234123456%domain%%user%abc%user%abc123%domain%$_...
API String ID: 1887603139-2523241062
Opcode ID: 786c2f37b11df70c33051a52db6d414989f1dd90b003dbb811e497428c2119bc
Instruction ID: bc59eace54bde7df65731498305a3ad3bb199c85ed0be65099db7a2617c911f9
Opcode Fuzzy Hash: 786c2f37b11df70c33051a52db6d414989f1dd90b003dbb811e497428c2119bc
Instruction Fuzzy Hash: B481A73160CB8241E610DB13E4A03AAA7A1FF85BD8F584175EE8DA7BAADF7DD145C700

Function 00007FF6543A5F4E Relevance: 16.7, APIs: 8, Strings: 3, Instructions: 175memoryCOMMON

Download Yara Rule

APIs

HeapFree.KERNEL32 ref: 00007FF6543A603F
memcpy.MSVCRT ref: 00007FF6543A60C1
HeapFree.KERNEL32 ref: 00007FF6543A615C
HeapFree.KERNEL32 ref: 00007FF6543A6184
HeapFree.KERNEL32 ref: 00007FF6543A626A
HeapFree.KERNEL32 ref: 00007FF6543A6283
HeapFree.KERNEL32 ref: 00007FF6543A63A6

Strings

%domain%%user%abc%user%abc123%domain%2016%domain%2015%domain%2014%domain%2013%domain%2012%domain%2011%domain%2010%domain%2009%domain%2008%domain%2007%domain%2006%domain%2005%domain%2004%domain%2003%domain%2002%domain%2001%domain%2000%user%2014%user%2013%user%2, xrefs: 00007FF6543A60C6, 00007FF6543A6134
_..., xrefs: 00007FF6543A6209
%user%roottnqwertyqwertyuiqwertyuiop%domain%2022%domain%2023%domain%2024%domain%2021%domain%2020%user%@2020%domain%@2021%domain%@20201020301234teste%user%123123%user%%user%321321%user%123%domain%%user%1234%domain%1234123456%domain%%user%abc%user%abc123%domain%, xrefs: 00007FF6543A618E, 00007FF6543A62A8

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: FreeHeap$memcpy
String ID: %domain%%user%abc%user%abc123%domain%2016%domain%2015%domain%2014%domain%2013%domain%2012%domain%2011%domain%2010%domain%2009%domain%2008%domain%2007%domain%2006%domain%2005%domain%2004%domain%2003%domain%2002%domain%2001%domain%2000%user%2014%user%2013%user%2$%user%roottnqwertyqwertyuiqwertyuiop%domain%2022%domain%2023%domain%2024%domain%2021%domain%2020%user%@2020%domain%@2021%domain%@20201020301234teste%user%123123%user%%user%321321%user%123%domain%%user%1234%domain%1234123456%domain%%user%abc%user%abc123%domain%$_...
API String ID: 1887603139-2523241062
Opcode ID: cfc81fddac244cbc205c3b36ae2d026995658d999d4e8a6a23d195ca3b158689
Instruction ID: b7795df48eec2bfe1640329aa40182764bcb39c6f22542d03b05a2715e9e0593
Opcode Fuzzy Hash: cfc81fddac244cbc205c3b36ae2d026995658d999d4e8a6a23d195ca3b158689
Instruction Fuzzy Hash: AF81643160CA8281EA10DB53E4A43AAA7A0FF85BC4F584175EECDA7BA9DF7DD145C700

Function 00007FF6543A5FAB Relevance: 16.7, APIs: 8, Strings: 3, Instructions: 171memoryCOMMON

Download Yara Rule

APIs

HeapFree.KERNEL32 ref: 00007FF6543A603F
memcpy.MSVCRT ref: 00007FF6543A60C1
HeapFree.KERNEL32 ref: 00007FF6543A615C
HeapFree.KERNEL32 ref: 00007FF6543A6184
HeapFree.KERNEL32 ref: 00007FF6543A626A
HeapFree.KERNEL32 ref: 00007FF6543A6283
HeapFree.KERNEL32 ref: 00007FF6543A63A6

Strings

%domain%%user%abc%user%abc123%domain%2016%domain%2015%domain%2014%domain%2013%domain%2012%domain%2011%domain%2010%domain%2009%domain%2008%domain%2007%domain%2006%domain%2005%domain%2004%domain%2003%domain%2002%domain%2001%domain%2000%user%2014%user%2013%user%2, xrefs: 00007FF6543A60C6, 00007FF6543A6134
_..., xrefs: 00007FF6543A6209
%user%roottnqwertyqwertyuiqwertyuiop%domain%2022%domain%2023%domain%2024%domain%2021%domain%2020%user%@2020%domain%@2021%domain%@20201020301234teste%user%123123%user%%user%321321%user%123%domain%%user%1234%domain%1234123456%domain%%user%abc%user%abc123%domain%, xrefs: 00007FF6543A618E, 00007FF6543A62A8

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: FreeHeap$memcpy
String ID: %domain%%user%abc%user%abc123%domain%2016%domain%2015%domain%2014%domain%2013%domain%2012%domain%2011%domain%2010%domain%2009%domain%2008%domain%2007%domain%2006%domain%2005%domain%2004%domain%2003%domain%2002%domain%2001%domain%2000%user%2014%user%2013%user%2$%user%roottnqwertyqwertyuiqwertyuiop%domain%2022%domain%2023%domain%2024%domain%2021%domain%2020%user%@2020%domain%@2021%domain%@20201020301234teste%user%123123%user%%user%321321%user%123%domain%%user%1234%domain%1234123456%domain%%user%abc%user%abc123%domain%$_...
API String ID: 1887603139-2523241062
Opcode ID: 4c335b88360e9950bd81d9c53b8e60504c3f0023a94399746c5b84e1a1e08281
Instruction ID: 68dbd2bc03d29cd941fe239e1a282282ad8a5af06e74172ce27779a9ae87f526
Opcode Fuzzy Hash: 4c335b88360e9950bd81d9c53b8e60504c3f0023a94399746c5b84e1a1e08281
Instruction Fuzzy Hash: E981753150CA8281EA10DB53E4A43AAA7A0FF85BC4F584175EECDA7BA9DF7DD145C700

Function 00007FF6543A5FC0 Relevance: 16.7, APIs: 8, Strings: 3, Instructions: 171memoryCOMMON

Download Yara Rule

APIs

HeapFree.KERNEL32 ref: 00007FF6543A603F
memcpy.MSVCRT ref: 00007FF6543A60C1
HeapFree.KERNEL32 ref: 00007FF6543A615C
HeapFree.KERNEL32 ref: 00007FF6543A6184
HeapFree.KERNEL32 ref: 00007FF6543A626A
HeapFree.KERNEL32 ref: 00007FF6543A6283
HeapFree.KERNEL32 ref: 00007FF6543A63A6

Strings

%domain%%user%abc%user%abc123%domain%2016%domain%2015%domain%2014%domain%2013%domain%2012%domain%2011%domain%2010%domain%2009%domain%2008%domain%2007%domain%2006%domain%2005%domain%2004%domain%2003%domain%2002%domain%2001%domain%2000%user%2014%user%2013%user%2, xrefs: 00007FF6543A60C6, 00007FF6543A6134
_..., xrefs: 00007FF6543A6209
%user%roottnqwertyqwertyuiqwertyuiop%domain%2022%domain%2023%domain%2024%domain%2021%domain%2020%user%@2020%domain%@2021%domain%@20201020301234teste%user%123123%user%%user%321321%user%123%domain%%user%1234%domain%1234123456%domain%%user%abc%user%abc123%domain%, xrefs: 00007FF6543A618E, 00007FF6543A62A8

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: FreeHeap$memcpy
String ID: %domain%%user%abc%user%abc123%domain%2016%domain%2015%domain%2014%domain%2013%domain%2012%domain%2011%domain%2010%domain%2009%domain%2008%domain%2007%domain%2006%domain%2005%domain%2004%domain%2003%domain%2002%domain%2001%domain%2000%user%2014%user%2013%user%2$%user%roottnqwertyqwertyuiqwertyuiop%domain%2022%domain%2023%domain%2024%domain%2021%domain%2020%user%@2020%domain%@2021%domain%@20201020301234teste%user%123123%user%%user%321321%user%123%domain%%user%1234%domain%1234123456%domain%%user%abc%user%abc123%domain%$_...
API String ID: 1887603139-2523241062
Opcode ID: a4fa7fbc9ee72d0c16ba1558b673a430dbbba7253f82dd39d69eb376f278f1e3
Instruction ID: b7d932b13cf2d633dcf7d0c0d53c5dea9973718eb49686c51e35ff2217c56d9a
Opcode Fuzzy Hash: a4fa7fbc9ee72d0c16ba1558b673a430dbbba7253f82dd39d69eb376f278f1e3
Instruction Fuzzy Hash: 8881743150CA8281EA10DB53E4A43AAA7A0FF85BC4F584175EECDA7BA9DF7DD145C700

Function 00007FF6543A5FBB Relevance: 16.7, APIs: 8, Strings: 3, Instructions: 170memoryCOMMON

Download Yara Rule

APIs

HeapFree.KERNEL32 ref: 00007FF6543A603F
memcpy.MSVCRT ref: 00007FF6543A60C1
HeapFree.KERNEL32 ref: 00007FF6543A615C
HeapFree.KERNEL32 ref: 00007FF6543A6184
HeapFree.KERNEL32 ref: 00007FF6543A626A
HeapFree.KERNEL32 ref: 00007FF6543A6283
HeapFree.KERNEL32 ref: 00007FF6543A63A6

Strings

%domain%%user%abc%user%abc123%domain%2016%domain%2015%domain%2014%domain%2013%domain%2012%domain%2011%domain%2010%domain%2009%domain%2008%domain%2007%domain%2006%domain%2005%domain%2004%domain%2003%domain%2002%domain%2001%domain%2000%user%2014%user%2013%user%2, xrefs: 00007FF6543A60C6, 00007FF6543A6134
_..., xrefs: 00007FF6543A6209
%user%roottnqwertyqwertyuiqwertyuiop%domain%2022%domain%2023%domain%2024%domain%2021%domain%2020%user%@2020%domain%@2021%domain%@20201020301234teste%user%123123%user%%user%321321%user%123%domain%%user%1234%domain%1234123456%domain%%user%abc%user%abc123%domain%, xrefs: 00007FF6543A618E, 00007FF6543A62A8

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: FreeHeap$memcpy
String ID: %domain%%user%abc%user%abc123%domain%2016%domain%2015%domain%2014%domain%2013%domain%2012%domain%2011%domain%2010%domain%2009%domain%2008%domain%2007%domain%2006%domain%2005%domain%2004%domain%2003%domain%2002%domain%2001%domain%2000%user%2014%user%2013%user%2$%user%roottnqwertyqwertyuiqwertyuiop%domain%2022%domain%2023%domain%2024%domain%2021%domain%2020%user%@2020%domain%@2021%domain%@20201020301234teste%user%123123%user%%user%321321%user%123%domain%%user%1234%domain%1234123456%domain%%user%abc%user%abc123%domain%$_...
API String ID: 1887603139-2523241062
Opcode ID: 724cdf0fdece14a161a2e43e53ef38e1f33d038afb1f96a4147c9e7097756762
Instruction ID: df5c924d9c25e74642d4e4664b043102c90b342593305884dba55aed8ea92c49
Opcode Fuzzy Hash: 724cdf0fdece14a161a2e43e53ef38e1f33d038afb1f96a4147c9e7097756762
Instruction Fuzzy Hash: FF81743150CA8281EA10DB53E4A43AAA7A0FF85BC4F584175EECDA7BA9DF7DD145C700

Function 00007FF6543A6009 Relevance: 16.7, APIs: 8, Strings: 3, Instructions: 165memoryCOMMON

Download Yara Rule

APIs

HeapFree.KERNEL32 ref: 00007FF6543A603F
memcpy.MSVCRT ref: 00007FF6543A60C1
HeapFree.KERNEL32 ref: 00007FF6543A615C
HeapFree.KERNEL32 ref: 00007FF6543A6184
HeapFree.KERNEL32 ref: 00007FF6543A626A
HeapFree.KERNEL32 ref: 00007FF6543A6283
HeapFree.KERNEL32 ref: 00007FF6543A63A6

Strings

%domain%%user%abc%user%abc123%domain%2016%domain%2015%domain%2014%domain%2013%domain%2012%domain%2011%domain%2010%domain%2009%domain%2008%domain%2007%domain%2006%domain%2005%domain%2004%domain%2003%domain%2002%domain%2001%domain%2000%user%2014%user%2013%user%2, xrefs: 00007FF6543A60C6, 00007FF6543A6134
_..., xrefs: 00007FF6543A6209
%user%roottnqwertyqwertyuiqwertyuiop%domain%2022%domain%2023%domain%2024%domain%2021%domain%2020%user%@2020%domain%@2021%domain%@20201020301234teste%user%123123%user%%user%321321%user%123%domain%%user%1234%domain%1234123456%domain%%user%abc%user%abc123%domain%, xrefs: 00007FF6543A618E, 00007FF6543A62A8

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: FreeHeap$memcpy
String ID: %domain%%user%abc%user%abc123%domain%2016%domain%2015%domain%2014%domain%2013%domain%2012%domain%2011%domain%2010%domain%2009%domain%2008%domain%2007%domain%2006%domain%2005%domain%2004%domain%2003%domain%2002%domain%2001%domain%2000%user%2014%user%2013%user%2$%user%roottnqwertyqwertyuiqwertyuiop%domain%2022%domain%2023%domain%2024%domain%2021%domain%2020%user%@2020%domain%@2021%domain%@20201020301234teste%user%123123%user%%user%321321%user%123%domain%%user%1234%domain%1234123456%domain%%user%abc%user%abc123%domain%$_...
API String ID: 1887603139-2523241062
Opcode ID: 8dc34f87dd242f8a8b1dd32e13b9bd48eafeedda503d68c902e2aff717762975
Instruction ID: 2996a39efc36e00a60b6e30b35fcd16d317daee87fc1c383e4529796a744f3d5
Opcode Fuzzy Hash: 8dc34f87dd242f8a8b1dd32e13b9bd48eafeedda503d68c902e2aff717762975
Instruction Fuzzy Hash: B871822160CB8281E610DB53E4A43AAA7A0FF85BC8F584175EE8DA7BA9DF7DD145C700

Function 00007FF6543A6016 Relevance: 16.7, APIs: 8, Strings: 3, Instructions: 165memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF654392CF0: HeapFree.KERNEL32 ref: 00007FF654392D9C

HeapFree.KERNEL32 ref: 00007FF6543A603F
memcpy.MSVCRT ref: 00007FF6543A60C1
HeapFree.KERNEL32 ref: 00007FF6543A615C
HeapFree.KERNEL32 ref: 00007FF6543A6184
HeapFree.KERNEL32 ref: 00007FF6543A626A
HeapFree.KERNEL32 ref: 00007FF6543A6283
HeapFree.KERNEL32 ref: 00007FF6543A63A6

Strings

%domain%%user%abc%user%abc123%domain%2016%domain%2015%domain%2014%domain%2013%domain%2012%domain%2011%domain%2010%domain%2009%domain%2008%domain%2007%domain%2006%domain%2005%domain%2004%domain%2003%domain%2002%domain%2001%domain%2000%user%2014%user%2013%user%2, xrefs: 00007FF6543A60C6, 00007FF6543A6134
_..., xrefs: 00007FF6543A6209
%user%roottnqwertyqwertyuiqwertyuiop%domain%2022%domain%2023%domain%2024%domain%2021%domain%2020%user%@2020%domain%@2021%domain%@20201020301234teste%user%123123%user%%user%321321%user%123%domain%%user%1234%domain%1234123456%domain%%user%abc%user%abc123%domain%, xrefs: 00007FF6543A618E, 00007FF6543A62A8

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: FreeHeap$memcpy
String ID: %domain%%user%abc%user%abc123%domain%2016%domain%2015%domain%2014%domain%2013%domain%2012%domain%2011%domain%2010%domain%2009%domain%2008%domain%2007%domain%2006%domain%2005%domain%2004%domain%2003%domain%2002%domain%2001%domain%2000%user%2014%user%2013%user%2$%user%roottnqwertyqwertyuiqwertyuiop%domain%2022%domain%2023%domain%2024%domain%2021%domain%2020%user%@2020%domain%@2021%domain%@20201020301234teste%user%123123%user%%user%321321%user%123%domain%%user%1234%domain%1234123456%domain%%user%abc%user%abc123%domain%$_...
API String ID: 1887603139-2523241062
Opcode ID: aa8c49256f74dfbdf12c17acdeaabfe79dce15886d218bb17dcf4aece0496426
Instruction ID: d7e973c013756a30d0c6e1b333073e0bef02e24d5ee59b0652f8d24bc8594f89
Opcode Fuzzy Hash: aa8c49256f74dfbdf12c17acdeaabfe79dce15886d218bb17dcf4aece0496426
Instruction Fuzzy Hash: F471722160CB8281E610DB53E4A43AAA7A0FF85BC8F584175EE8DA7BA9DF7DD145C700

Function 00007FF6543A5FF2 Relevance: 16.7, APIs: 8, Strings: 3, Instructions: 165memoryCOMMON

Download Yara Rule

APIs

HeapFree.KERNEL32 ref: 00007FF6543A603F
memcpy.MSVCRT ref: 00007FF6543A60C1
HeapFree.KERNEL32 ref: 00007FF6543A615C
HeapFree.KERNEL32 ref: 00007FF6543A6184
HeapFree.KERNEL32 ref: 00007FF6543A626A
HeapFree.KERNEL32 ref: 00007FF6543A6283
HeapFree.KERNEL32 ref: 00007FF6543A63A6

Strings

%domain%%user%abc%user%abc123%domain%2016%domain%2015%domain%2014%domain%2013%domain%2012%domain%2011%domain%2010%domain%2009%domain%2008%domain%2007%domain%2006%domain%2005%domain%2004%domain%2003%domain%2002%domain%2001%domain%2000%user%2014%user%2013%user%2, xrefs: 00007FF6543A60C6, 00007FF6543A6134
_..., xrefs: 00007FF6543A6209
%user%roottnqwertyqwertyuiqwertyuiop%domain%2022%domain%2023%domain%2024%domain%2021%domain%2020%user%@2020%domain%@2021%domain%@20201020301234teste%user%123123%user%%user%321321%user%123%domain%%user%1234%domain%1234123456%domain%%user%abc%user%abc123%domain%, xrefs: 00007FF6543A618E, 00007FF6543A62A8

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: FreeHeap$memcpy
String ID: %domain%%user%abc%user%abc123%domain%2016%domain%2015%domain%2014%domain%2013%domain%2012%domain%2011%domain%2010%domain%2009%domain%2008%domain%2007%domain%2006%domain%2005%domain%2004%domain%2003%domain%2002%domain%2001%domain%2000%user%2014%user%2013%user%2$%user%roottnqwertyqwertyuiqwertyuiop%domain%2022%domain%2023%domain%2024%domain%2021%domain%2020%user%@2020%domain%@2021%domain%@20201020301234teste%user%123123%user%%user%321321%user%123%domain%%user%1234%domain%1234123456%domain%%user%abc%user%abc123%domain%$_...
API String ID: 1887603139-2523241062
Opcode ID: ff26d8f011d540d1bdb5dce56cd591f852c5d5750f7832a40876df0c8669a5e2
Instruction ID: 00fd68d5cb5baa8542f7e0f85c06ed85ddb1359bf42b8942b22a8581175d933d
Opcode Fuzzy Hash: ff26d8f011d540d1bdb5dce56cd591f852c5d5750f7832a40876df0c8669a5e2
Instruction Fuzzy Hash: 7B71722160CB8281E610DB53E4A43AAA7A0FF85BC8F584175EECDA7BA9DF7DD145C700

Function 00007FF6543A5812 Relevance: 16.7, APIs: 8, Strings: 3, Instructions: 164memoryCOMMON

Download Yara Rule

APIs

HeapFree.KERNEL32 ref: 00007FF6543A603F
memcpy.MSVCRT ref: 00007FF6543A60C1
HeapFree.KERNEL32 ref: 00007FF6543A615C
HeapFree.KERNEL32 ref: 00007FF6543A6184
HeapFree.KERNEL32 ref: 00007FF6543A626A
HeapFree.KERNEL32 ref: 00007FF6543A6283
HeapFree.KERNEL32 ref: 00007FF6543A63A6

Strings

%domain%%user%abc%user%abc123%domain%2016%domain%2015%domain%2014%domain%2013%domain%2012%domain%2011%domain%2010%domain%2009%domain%2008%domain%2007%domain%2006%domain%2005%domain%2004%domain%2003%domain%2002%domain%2001%domain%2000%user%2014%user%2013%user%2, xrefs: 00007FF6543A60C6, 00007FF6543A6134
_..., xrefs: 00007FF6543A6209
%user%roottnqwertyqwertyuiqwertyuiop%domain%2022%domain%2023%domain%2024%domain%2021%domain%2020%user%@2020%domain%@2021%domain%@20201020301234teste%user%123123%user%%user%321321%user%123%domain%%user%1234%domain%1234123456%domain%%user%abc%user%abc123%domain%, xrefs: 00007FF6543A618E, 00007FF6543A62A8

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: FreeHeap$memcpy
String ID: %domain%%user%abc%user%abc123%domain%2016%domain%2015%domain%2014%domain%2013%domain%2012%domain%2011%domain%2010%domain%2009%domain%2008%domain%2007%domain%2006%domain%2005%domain%2004%domain%2003%domain%2002%domain%2001%domain%2000%user%2014%user%2013%user%2$%user%roottnqwertyqwertyuiqwertyuiop%domain%2022%domain%2023%domain%2024%domain%2021%domain%2020%user%@2020%domain%@2021%domain%@20201020301234teste%user%123123%user%%user%321321%user%123%domain%%user%1234%domain%1234123456%domain%%user%abc%user%abc123%domain%$_...
API String ID: 1887603139-2523241062
Opcode ID: 0123cf3666a85509c0dc5070cfbe37b5c5ecf48e3de45491ed970d5e2ddbf894
Instruction ID: afa865c5f309dc21c3e9a22c53bdf1e7c3775750d33ce4c39ae0d8a9ca8bed79
Opcode Fuzzy Hash: 0123cf3666a85509c0dc5070cfbe37b5c5ecf48e3de45491ed970d5e2ddbf894
Instruction Fuzzy Hash: 9C71722150CB8281EA10DB53E4A43AAA7A0FF85BC8F584175EECDA7BA9DF7DD145C700

Function 00007FF6543A580D Relevance: 16.7, APIs: 8, Strings: 3, Instructions: 164memoryCOMMON

Download Yara Rule

APIs

HeapFree.KERNEL32 ref: 00007FF6543A603F
memcpy.MSVCRT ref: 00007FF6543A60C1
HeapFree.KERNEL32 ref: 00007FF6543A615C
HeapFree.KERNEL32 ref: 00007FF6543A6184
HeapFree.KERNEL32 ref: 00007FF6543A626A
HeapFree.KERNEL32 ref: 00007FF6543A6283
HeapFree.KERNEL32 ref: 00007FF6543A63A6

Strings

%domain%%user%abc%user%abc123%domain%2016%domain%2015%domain%2014%domain%2013%domain%2012%domain%2011%domain%2010%domain%2009%domain%2008%domain%2007%domain%2006%domain%2005%domain%2004%domain%2003%domain%2002%domain%2001%domain%2000%user%2014%user%2013%user%2, xrefs: 00007FF6543A60C6, 00007FF6543A6134
_..., xrefs: 00007FF6543A6209
%user%roottnqwertyqwertyuiqwertyuiop%domain%2022%domain%2023%domain%2024%domain%2021%domain%2020%user%@2020%domain%@2021%domain%@20201020301234teste%user%123123%user%%user%321321%user%123%domain%%user%1234%domain%1234123456%domain%%user%abc%user%abc123%domain%, xrefs: 00007FF6543A618E, 00007FF6543A62A8

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: FreeHeap$memcpy
String ID: %domain%%user%abc%user%abc123%domain%2016%domain%2015%domain%2014%domain%2013%domain%2012%domain%2011%domain%2010%domain%2009%domain%2008%domain%2007%domain%2006%domain%2005%domain%2004%domain%2003%domain%2002%domain%2001%domain%2000%user%2014%user%2013%user%2$%user%roottnqwertyqwertyuiqwertyuiop%domain%2022%domain%2023%domain%2024%domain%2021%domain%2020%user%@2020%domain%@2021%domain%@20201020301234teste%user%123123%user%%user%321321%user%123%domain%%user%1234%domain%1234123456%domain%%user%abc%user%abc123%domain%$_...
API String ID: 1887603139-2523241062
Opcode ID: 52137168f765a07b782b6cb4db5ebc901f23ffecb4fa919c6a6554fccbedd461
Instruction ID: afa865c5f309dc21c3e9a22c53bdf1e7c3775750d33ce4c39ae0d8a9ca8bed79
Opcode Fuzzy Hash: 52137168f765a07b782b6cb4db5ebc901f23ffecb4fa919c6a6554fccbedd461
Instruction Fuzzy Hash: 9C71722150CB8281EA10DB53E4A43AAA7A0FF85BC8F584175EECDA7BA9DF7DD145C700

Function 00007FF6543A5817 Relevance: 16.7, APIs: 8, Strings: 3, Instructions: 164memoryCOMMON

Download Yara Rule

APIs

HeapFree.KERNEL32 ref: 00007FF6543A603F
memcpy.MSVCRT ref: 00007FF6543A60C1
HeapFree.KERNEL32 ref: 00007FF6543A615C
HeapFree.KERNEL32 ref: 00007FF6543A6184
HeapFree.KERNEL32 ref: 00007FF6543A626A
HeapFree.KERNEL32 ref: 00007FF6543A6283
HeapFree.KERNEL32 ref: 00007FF6543A63A6

Strings

%domain%%user%abc%user%abc123%domain%2016%domain%2015%domain%2014%domain%2013%domain%2012%domain%2011%domain%2010%domain%2009%domain%2008%domain%2007%domain%2006%domain%2005%domain%2004%domain%2003%domain%2002%domain%2001%domain%2000%user%2014%user%2013%user%2, xrefs: 00007FF6543A60C6, 00007FF6543A6134
_..., xrefs: 00007FF6543A6209
%user%roottnqwertyqwertyuiqwertyuiop%domain%2022%domain%2023%domain%2024%domain%2021%domain%2020%user%@2020%domain%@2021%domain%@20201020301234teste%user%123123%user%%user%321321%user%123%domain%%user%1234%domain%1234123456%domain%%user%abc%user%abc123%domain%, xrefs: 00007FF6543A618E, 00007FF6543A62A8

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: FreeHeap$memcpy
String ID: %domain%%user%abc%user%abc123%domain%2016%domain%2015%domain%2014%domain%2013%domain%2012%domain%2011%domain%2010%domain%2009%domain%2008%domain%2007%domain%2006%domain%2005%domain%2004%domain%2003%domain%2002%domain%2001%domain%2000%user%2014%user%2013%user%2$%user%roottnqwertyqwertyuiqwertyuiop%domain%2022%domain%2023%domain%2024%domain%2021%domain%2020%user%@2020%domain%@2021%domain%@20201020301234teste%user%123123%user%%user%321321%user%123%domain%%user%1234%domain%1234123456%domain%%user%abc%user%abc123%domain%$_...
API String ID: 1887603139-2523241062
Opcode ID: 48b4ce9544e9a6bf0ff4a9d125c873f4d983e493782de10f0965295f8a061196
Instruction ID: afa865c5f309dc21c3e9a22c53bdf1e7c3775750d33ce4c39ae0d8a9ca8bed79
Opcode Fuzzy Hash: 48b4ce9544e9a6bf0ff4a9d125c873f4d983e493782de10f0965295f8a061196
Instruction Fuzzy Hash: 9C71722150CB8281EA10DB53E4A43AAA7A0FF85BC8F584175EECDA7BA9DF7DD145C700

Function 00007FF6543A5FA9 Relevance: 16.7, APIs: 8, Strings: 3, Instructions: 164memoryCOMMON

Download Yara Rule

APIs

HeapFree.KERNEL32 ref: 00007FF6543A603F
memcpy.MSVCRT ref: 00007FF6543A60C1
HeapFree.KERNEL32 ref: 00007FF6543A615C
HeapFree.KERNEL32 ref: 00007FF6543A6184
HeapFree.KERNEL32 ref: 00007FF6543A626A
HeapFree.KERNEL32 ref: 00007FF6543A6283
HeapFree.KERNEL32 ref: 00007FF6543A63A6

Strings

%domain%%user%abc%user%abc123%domain%2016%domain%2015%domain%2014%domain%2013%domain%2012%domain%2011%domain%2010%domain%2009%domain%2008%domain%2007%domain%2006%domain%2005%domain%2004%domain%2003%domain%2002%domain%2001%domain%2000%user%2014%user%2013%user%2, xrefs: 00007FF6543A60C6, 00007FF6543A6134
_..., xrefs: 00007FF6543A6209
%user%roottnqwertyqwertyuiqwertyuiop%domain%2022%domain%2023%domain%2024%domain%2021%domain%2020%user%@2020%domain%@2021%domain%@20201020301234teste%user%123123%user%%user%321321%user%123%domain%%user%1234%domain%1234123456%domain%%user%abc%user%abc123%domain%, xrefs: 00007FF6543A618E, 00007FF6543A62A8

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: FreeHeap$memcpy
String ID: %domain%%user%abc%user%abc123%domain%2016%domain%2015%domain%2014%domain%2013%domain%2012%domain%2011%domain%2010%domain%2009%domain%2008%domain%2007%domain%2006%domain%2005%domain%2004%domain%2003%domain%2002%domain%2001%domain%2000%user%2014%user%2013%user%2$%user%roottnqwertyqwertyuiqwertyuiop%domain%2022%domain%2023%domain%2024%domain%2021%domain%2020%user%@2020%domain%@2021%domain%@20201020301234teste%user%123123%user%%user%321321%user%123%domain%%user%1234%domain%1234123456%domain%%user%abc%user%abc123%domain%$_...
API String ID: 1887603139-2523241062
Opcode ID: 5e389ace47a9ebdde38a975fb46664b0472424e479eefb3a2771b49a04f27fa8
Instruction ID: afa865c5f309dc21c3e9a22c53bdf1e7c3775750d33ce4c39ae0d8a9ca8bed79
Opcode Fuzzy Hash: 5e389ace47a9ebdde38a975fb46664b0472424e479eefb3a2771b49a04f27fa8
Instruction Fuzzy Hash: 9C71722150CB8281EA10DB53E4A43AAA7A0FF85BC8F584175EECDA7BA9DF7DD145C700

Function 00007FF6543A5FFF Relevance: 16.7, APIs: 8, Strings: 3, Instructions: 164memoryCOMMON

Download Yara Rule

APIs

HeapFree.KERNEL32 ref: 00007FF6543A603F
memcpy.MSVCRT ref: 00007FF6543A60C1
HeapFree.KERNEL32 ref: 00007FF6543A615C
HeapFree.KERNEL32 ref: 00007FF6543A6184
HeapFree.KERNEL32 ref: 00007FF6543A626A
HeapFree.KERNEL32 ref: 00007FF6543A6283
HeapFree.KERNEL32 ref: 00007FF6543A63A6

Strings

%domain%%user%abc%user%abc123%domain%2016%domain%2015%domain%2014%domain%2013%domain%2012%domain%2011%domain%2010%domain%2009%domain%2008%domain%2007%domain%2006%domain%2005%domain%2004%domain%2003%domain%2002%domain%2001%domain%2000%user%2014%user%2013%user%2, xrefs: 00007FF6543A60C6, 00007FF6543A6134
_..., xrefs: 00007FF6543A6209
%user%roottnqwertyqwertyuiqwertyuiop%domain%2022%domain%2023%domain%2024%domain%2021%domain%2020%user%@2020%domain%@2021%domain%@20201020301234teste%user%123123%user%%user%321321%user%123%domain%%user%1234%domain%1234123456%domain%%user%abc%user%abc123%domain%, xrefs: 00007FF6543A618E, 00007FF6543A62A8

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: FreeHeap$memcpy
String ID: %domain%%user%abc%user%abc123%domain%2016%domain%2015%domain%2014%domain%2013%domain%2012%domain%2011%domain%2010%domain%2009%domain%2008%domain%2007%domain%2006%domain%2005%domain%2004%domain%2003%domain%2002%domain%2001%domain%2000%user%2014%user%2013%user%2$%user%roottnqwertyqwertyuiqwertyuiop%domain%2022%domain%2023%domain%2024%domain%2021%domain%2020%user%@2020%domain%@2021%domain%@20201020301234teste%user%123123%user%%user%321321%user%123%domain%%user%1234%domain%1234123456%domain%%user%abc%user%abc123%domain%$_...
API String ID: 1887603139-2523241062
Opcode ID: 5d292ef5683ca81b67c19f021b6a168cf1920a6a563ec025c22ed3ffd2a73588
Instruction ID: cd3fff2e38ea26f35b94ce4078a37d8c8c446923fb7f2310f36213892f8819c7
Opcode Fuzzy Hash: 5d292ef5683ca81b67c19f021b6a168cf1920a6a563ec025c22ed3ffd2a73588
Instruction Fuzzy Hash: FA71712160CB8281E610DB53E4A43AAA7A0FF85BC8F584175EECDA7BA9DF7DD145C700

Function 00007FF6543A5FEE Relevance: 16.7, APIs: 8, Strings: 3, Instructions: 164memoryCOMMON

Download Yara Rule

APIs

HeapFree.KERNEL32 ref: 00007FF6543A603F
memcpy.MSVCRT ref: 00007FF6543A60C1
HeapFree.KERNEL32 ref: 00007FF6543A615C
HeapFree.KERNEL32 ref: 00007FF6543A6184
HeapFree.KERNEL32 ref: 00007FF6543A626A
HeapFree.KERNEL32 ref: 00007FF6543A6283
HeapFree.KERNEL32 ref: 00007FF6543A63A6

Strings

%domain%%user%abc%user%abc123%domain%2016%domain%2015%domain%2014%domain%2013%domain%2012%domain%2011%domain%2010%domain%2009%domain%2008%domain%2007%domain%2006%domain%2005%domain%2004%domain%2003%domain%2002%domain%2001%domain%2000%user%2014%user%2013%user%2, xrefs: 00007FF6543A60C6, 00007FF6543A6134
_..., xrefs: 00007FF6543A6209
%user%roottnqwertyqwertyuiqwertyuiop%domain%2022%domain%2023%domain%2024%domain%2021%domain%2020%user%@2020%domain%@2021%domain%@20201020301234teste%user%123123%user%%user%321321%user%123%domain%%user%1234%domain%1234123456%domain%%user%abc%user%abc123%domain%, xrefs: 00007FF6543A618E, 00007FF6543A62A8

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: FreeHeap$memcpy
String ID: %domain%%user%abc%user%abc123%domain%2016%domain%2015%domain%2014%domain%2013%domain%2012%domain%2011%domain%2010%domain%2009%domain%2008%domain%2007%domain%2006%domain%2005%domain%2004%domain%2003%domain%2002%domain%2001%domain%2000%user%2014%user%2013%user%2$%user%roottnqwertyqwertyuiqwertyuiop%domain%2022%domain%2023%domain%2024%domain%2021%domain%2020%user%@2020%domain%@2021%domain%@20201020301234teste%user%123123%user%%user%321321%user%123%domain%%user%1234%domain%1234123456%domain%%user%abc%user%abc123%domain%$_...
API String ID: 1887603139-2523241062
Opcode ID: d2ddfd09bb72f94a6364481ca3f9fc6fe69e1de01b30ad2303f5a79f033678f6
Instruction ID: afa865c5f309dc21c3e9a22c53bdf1e7c3775750d33ce4c39ae0d8a9ca8bed79
Opcode Fuzzy Hash: d2ddfd09bb72f94a6364481ca3f9fc6fe69e1de01b30ad2303f5a79f033678f6
Instruction Fuzzy Hash: 9C71722150CB8281EA10DB53E4A43AAA7A0FF85BC8F584175EECDA7BA9DF7DD145C700

Function 00007FF6543A5FF0 Relevance: 16.7, APIs: 8, Strings: 3, Instructions: 164memoryCOMMON

Download Yara Rule

APIs

HeapFree.KERNEL32 ref: 00007FF6543A603F
memcpy.MSVCRT ref: 00007FF6543A60C1
HeapFree.KERNEL32 ref: 00007FF6543A615C
HeapFree.KERNEL32 ref: 00007FF6543A6184
HeapFree.KERNEL32 ref: 00007FF6543A626A
HeapFree.KERNEL32 ref: 00007FF6543A6283
HeapFree.KERNEL32 ref: 00007FF6543A63A6

Strings

%domain%%user%abc%user%abc123%domain%2016%domain%2015%domain%2014%domain%2013%domain%2012%domain%2011%domain%2010%domain%2009%domain%2008%domain%2007%domain%2006%domain%2005%domain%2004%domain%2003%domain%2002%domain%2001%domain%2000%user%2014%user%2013%user%2, xrefs: 00007FF6543A60C6, 00007FF6543A6134
_..., xrefs: 00007FF6543A6209
%user%roottnqwertyqwertyuiqwertyuiop%domain%2022%domain%2023%domain%2024%domain%2021%domain%2020%user%@2020%domain%@2021%domain%@20201020301234teste%user%123123%user%%user%321321%user%123%domain%%user%1234%domain%1234123456%domain%%user%abc%user%abc123%domain%, xrefs: 00007FF6543A618E, 00007FF6543A62A8

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: FreeHeap$memcpy
String ID: %domain%%user%abc%user%abc123%domain%2016%domain%2015%domain%2014%domain%2013%domain%2012%domain%2011%domain%2010%domain%2009%domain%2008%domain%2007%domain%2006%domain%2005%domain%2004%domain%2003%domain%2002%domain%2001%domain%2000%user%2014%user%2013%user%2$%user%roottnqwertyqwertyuiqwertyuiop%domain%2022%domain%2023%domain%2024%domain%2021%domain%2020%user%@2020%domain%@2021%domain%@20201020301234teste%user%123123%user%%user%321321%user%123%domain%%user%1234%domain%1234123456%domain%%user%abc%user%abc123%domain%$_...
API String ID: 1887603139-2523241062
Opcode ID: aa3bb10b885e3f4ee73ad7fdf2f3905d406da42fcc9c479ec55bd26fc7596714
Instruction ID: afa865c5f309dc21c3e9a22c53bdf1e7c3775750d33ce4c39ae0d8a9ca8bed79
Opcode Fuzzy Hash: aa3bb10b885e3f4ee73ad7fdf2f3905d406da42fcc9c479ec55bd26fc7596714
Instruction Fuzzy Hash: 9C71722150CB8281EA10DB53E4A43AAA7A0FF85BC8F584175EECDA7BA9DF7DD145C700

Function 00007FF6543ACE0F Relevance: 15.2, APIs: 12, Instructions: 235memoryCOMMON

Download Yara Rule

APIs

memcpy.MSVCRT ref: 00007FF6543AF9FE
memcpy.MSVCRT ref: 00007FF6543AFA5E
memcpy.MSVCRT ref: 00007FF6543AFA9E
memcpy.MSVCRT ref: 00007FF6543AFAB3
HeapFree.KERNEL32 ref: 00007FF6543AFBE8
memcpy.MSVCRT ref: 00007FF6543AFF24
memcpy.MSVCRT ref: 00007FF6543AFF3F
memcpy.MSVCRT ref: 00007FF6543AFF6F

Part of subcall function 00007FF65439B750: HeapFree.KERNEL32 ref: 00007FF65439B779
Part of subcall function 00007FF65439B750: HeapFree.KERNEL32 ref: 00007FF65439B7DE

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: memcpy$FreeHeap
String ID:
API String ID: 4250714341-0
Opcode ID: 070e3caf87f64f2a3c91a436f6b6ccd2b0e289e79cc6a2614e82e0a8743353d6
Instruction ID: 66d775dc8f74948e8a7cd11dcdb9050969988f3f445e66b33699241a37de01d5
Opcode Fuzzy Hash: 070e3caf87f64f2a3c91a436f6b6ccd2b0e289e79cc6a2614e82e0a8743353d6
Instruction Fuzzy Hash: ECD1BE72A08BC685EB60CB16E0947EE77A8FB85780F484175DA8C937A9DF3DD545C700

Function 00007FF6543ACEDB Relevance: 15.2, APIs: 8, Strings: 2, Instructions: 168COMMON

Download Yara Rule

APIs

memcpy.MSVCRT ref: 00007FF6543AFEDC
memcpy.MSVCRT ref: 00007FF6543AFF24
memcpy.MSVCRT ref: 00007FF6543AFF3F
memcpy.MSVCRT ref: 00007FF6543AFF6F
memcpy.MSVCRT ref: 00007FF6543AFF8D
memcpy.MSVCRT ref: 00007FF6543AFFC8
memcpy.MSVCRT ref: 00007FF6543AFFDD

Strings

tv, xrefs: 00007FF6543B5247
Pending error polled more than once, xrefs: 00007FF6543B29A9

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: memcpy
String ID: Pending error polled more than once$tv
API String ID: 3510742995-625553725
Opcode ID: 336ac07c414207f2772f25bff619ea6701e0f8c96156e50cb271b35bf5756e0f
Instruction ID: 9ad4780df2aa6ac790479842f8db04193e1d0e43bdc8ece0d9a289dde14bb19c
Opcode Fuzzy Hash: 336ac07c414207f2772f25bff619ea6701e0f8c96156e50cb271b35bf5756e0f
Instruction Fuzzy Hash: F8918C72A08BC285E760CB12E0947EE77A4FB85784F494176EA8CA379ADF3DE545C700

Function 00007FF65441D6C0 Relevance: 14.4, APIs: 5, Strings: 3, Instructions: 372COMMON

Download Yara Rule

APIs

WakeByAddressSingle.API-MS-WIN-CORE-SYNCH-L1-2-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00007FF65441D7AB

Strings

called `Result::unwrap()` on an `Err` value, xrefs: 00007FF65441DB3C, 00007FF65441DB9F
assertion failed: (*tail).value.is_none()C:\Users\User\.cargo\registry\src\index.crates.io-6f17d22bba15001f\futures-channel-0.3.30\src\mpsc\queue.rs, xrefs: 00007FF65441D80D
assertion failed: (*next).value.is_some(), xrefs: 00007FF65441DB5B

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: AddressSingleWake
String ID: assertion failed: (*next).value.is_some()$assertion failed: (*tail).value.is_none()C:\Users\User\.cargo\registry\src\index.crates.io-6f17d22bba15001f\futures-channel-0.3.30\src\mpsc\queue.rs$called `Result::unwrap()` on an `Err` value
API String ID: 3114109732-2716327383
Opcode ID: e4cd79852d18799fd38237284644d538e6bb5d31325ae9413fe5d87046187475
Instruction ID: f6d540608c6e5eaf862db2a2abb083193c6490bf7f6ed57c52fe651ebc02790d
Opcode Fuzzy Hash: e4cd79852d18799fd38237284644d538e6bb5d31325ae9413fe5d87046187475
Instruction Fuzzy Hash: DCF1C1A2A4DF8281EA529B15D4E037A27A0EF84B94F0C14B6DE9DA3399DF3CF455C340

Function 00007FF654392FD0 Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 330COMMON

Download Yara Rule

APIs

WakeByAddressSingle.API-MS-WIN-CORE-SYNCH-L1-2-0 ref: 00007FF6543930BB

Strings

called `Result::unwrap()` on an `Err` value, xrefs: 00007FF65439343E, 00007FF6543934A1
assertion failed: (*tail).value.is_none()C:\Users\User\.cargo\registry\src\index.crates.io-6f17d22bba15001f\futures-channel-0.3.30\src\mpsc\queue.rs, xrefs: 00007FF65439311D
assertion failed: (*next).value.is_some(), xrefs: 00007FF65439345D

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: AddressSingleWake
String ID: assertion failed: (*next).value.is_some()$assertion failed: (*tail).value.is_none()C:\Users\User\.cargo\registry\src\index.crates.io-6f17d22bba15001f\futures-channel-0.3.30\src\mpsc\queue.rs$called `Result::unwrap()` on an `Err` value
API String ID: 3114109732-2716327383
Opcode ID: 8b7284980b738f64f0932e3e6211d587ced7649af2fb4823e84164b72fad4491
Instruction ID: d95295bc2e043e9676915c43a21ce2f78a0e6159f5e97eecf96cbbe85d124eb8
Opcode Fuzzy Hash: 8b7284980b738f64f0932e3e6211d587ced7649af2fb4823e84164b72fad4491
Instruction Fuzzy Hash: 3CE18062A0DB4280EA619F16E4E437E67A0EF49F84F5D00B5DA9DA33A5DF3DE445C340

Function 00007FF6543B6EA0 Relevance: 13.7, APIs: 8, Strings: 1, Instructions: 203memoryCOMMON

Download Yara Rule

APIs

HeapFree.KERNEL32(?,?,?,?,?,?,00007FF6543B71A0,?,?,?,?,?,?,?,?,00007FF6543B730A), ref: 00007FF6543B6EE0
memcpy.MSVCRT ref: 00007FF6543B6EEE
memcpy.MSVCRT ref: 00007FF6543B6F22
HeapFree.KERNEL32(?,?,?,?,?,?,00007FF6543B71A0,?,?,?,?,?,?,?,?,00007FF6543B730A), ref: 00007FF6543B6F48
HeapFree.KERNEL32(?,?,?,?,?,?,00007FF6543B71A0,?,?,?,?,?,?,?,?,00007FF6543B730A), ref: 00007FF6543B6F59
HeapFree.KERNEL32(?,?,?,?,?,?,00007FF6543B71A0,?,?,?,?,?,?,?,?,00007FF6543B730A), ref: 00007FF6543B6FC6
HeapFree.KERNEL32(?,?,?,?,?,?,00007FF6543B71A0,?,?,?,?,?,?,?,?,00007FF6543B730A), ref: 00007FF6543B6FDC
HeapFree.KERNEL32(?,?,?,?,00007FF6543B6CC3), ref: 00007FF6543B710D

Strings

called `Result::unwrap()` on an `Err` value, xrefs: 00007FF6543B6F98

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: FreeHeap$memcpy
String ID: called `Result::unwrap()` on an `Err` value
API String ID: 1887603139-2333694755
Opcode ID: e9ffb224ae75c035f78797c8229804cd20542bb7f7850c6dc3ef8f153e9eeb81
Instruction ID: 9e1bc68a4484c7560577e1f3c361f30d7b857e7065a6c9c114a57b48dcdda61f
Opcode Fuzzy Hash: e9ffb224ae75c035f78797c8229804cd20542bb7f7850c6dc3ef8f153e9eeb81
Instruction Fuzzy Hash: A371C262A09B5281E605DB53E8A03B967A0EF49FD4F4C80B5DE4DA77A6DF3CE146C340

Function 00007FF6543A5503 Relevance: 12.4, APIs: 7, Strings: 1, Instructions: 449memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6543BE170: memcmp.MSVCRT ref: 00007FF6543BE1E3

memcpy.MSVCRT ref: 00007FF6543A5680
memcpy.MSVCRT ref: 00007FF6543A599F
memcpy.MSVCRT ref: 00007FF6543A5A24
memcpy.MSVCRT ref: 00007FF6543A5A39
memset.MSVCRT ref: 00007FF6543A5B4F

Part of subcall function 00007FF654514AF0: WakeByAddressSingle.API-MS-WIN-CORE-SYNCH-L1-2-0 ref: 00007FF654514D97

HeapFree.KERNEL32 ref: 00007FF6543A5E81
HeapFree.KERNEL32 ref: 00007FF6543A5EAF

Strings

overflow when adding duration to instantlibrary\std\src\time.rs, xrefs: 00007FF6543A5EDF

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: memcpy$FreeHeap$AddressSingleWakememcmpmemset
String ID: overflow when adding duration to instantlibrary\std\src\time.rs
API String ID: 1268825411-3002242212
Opcode ID: ad158985b5e62cc4662021a5fb6b568b514f56d05ba7cdb18a5016096f2e6fdc
Instruction ID: 45c41a34e6b1300852f7cfa7059f04d280fe6eece78582e23ae93eea09c326ca
Opcode Fuzzy Hash: ad158985b5e62cc4662021a5fb6b568b514f56d05ba7cdb18a5016096f2e6fdc
Instruction Fuzzy Hash: 36422D32618BC582EB718B16F4943EAB3A4FB85344F544165DBCDA2BA5DF3DE188CB00

Function 00007FF654561890 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 138COMMON

Download Yara Rule

APIs

VirtualQuery.KERNEL32 ref: 00007FF6545619AB

Strings

Mingw-w64 runtime failure:, xrefs: 00007FF6545618C7
VirtualProtect failed with code 0x%x, xrefs: 00007FF654561A1E
VirtualQuery failed for %d bytes at address %p, xrefs: 00007FF654561A41
Address %p has no image-section, xrefs: 00007FF654561902, 00007FF654561A55

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: QueryVirtual
String ID: VirtualProtect failed with code 0x%x$ VirtualQuery failed for %d bytes at address %p$Address %p has no image-section$Mingw-w64 runtime failure:
API String ID: 1804819252-1534286854
Opcode ID: 40a03011fe3292d90b47b0693047ca9dc91b358f706ccceebf14de5ba78093d5
Instruction ID: 32175dd9853c6507d3fcb9cac9531872e940969fa3b5217d198e0f65b5d53b9b
Opcode Fuzzy Hash: 40a03011fe3292d90b47b0693047ca9dc91b358f706ccceebf14de5ba78093d5
Instruction Fuzzy Hash: 3F51B172A09A4682EF109F11E8A07B977A0FB89B94F4C41B1DE4DA7795DE3CE446C740

Function 00007FF65439CED0 Relevance: 12.4, APIs: 7, Strings: 1, Instructions: 354COMMON

Download Yara Rule

APIs

memcpy.MSVCRT ref: 00007FF65439CF05
memcpy.MSVCRT ref: 00007FF65439CF4A
memcpy.MSVCRT ref: 00007FF65439D031

Part of subcall function 00007FF654395E60: HeapFree.KERNEL32 ref: 00007FF654395E7D

memcpy.MSVCRT ref: 00007FF65439D1B5
memcpy.MSVCRT ref: 00007FF65439D1DA

Strings

overflow when adding duration to instantlibrary\std\src\time.rs, xrefs: 00007FF65439D4E8

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: memcpy$FreeHeap
String ID: overflow when adding duration to instantlibrary\std\src\time.rs
API String ID: 4250714341-3002242212
Opcode ID: 92a894196e0e0d3570e88633aced9d60702ac8a049c34ec2f1914fbed3fe73d1
Instruction ID: e3a5fca9f4d1db98561c1f4451cc9c3c51a73be6c15488401bd949802c95fdaf
Opcode Fuzzy Hash: 92a894196e0e0d3570e88633aced9d60702ac8a049c34ec2f1914fbed3fe73d1
Instruction Fuzzy Hash: BEE1D622A19A4282FA759F16E4A13BD6360FF54BD0F488171DF8EA77A5DF3DE4858300

Function 00007FF6543D6750 Relevance: 12.3, APIs: 6, Strings: 2, Instructions: 333COMMON

Download Yara Rule

APIs

memcpy.MSVCRT ref: 00007FF6543D67B5
memcpy.MSVCRT ref: 00007FF6543D67EE
memcpy.MSVCRT ref: 00007FF6543D681E
memcpy.MSVCRT ref: 00007FF6543D687A
memcpy.MSVCRT ref: 00007FF6543D68BB

Strings

assertion failed: slot.next.is_none(), xrefs: 00007FF6543D68D8
invalid key, xrefs: 00007FF6543D68C0, 00007FF6543D6D78

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: memcpy
String ID: assertion failed: slot.next.is_none()$invalid key
API String ID: 3510742995-195781097
Opcode ID: b093409f358ab3d5b0f9528084e70fefce56b0ad249e8285b96956f69d94322f
Instruction ID: 9a5bc587796f61928d23f5cdfc0bebf7c2239ef130c394293e3582d1055d4e38
Opcode Fuzzy Hash: b093409f358ab3d5b0f9528084e70fefce56b0ad249e8285b96956f69d94322f
Instruction Fuzzy Hash: BBF1AF32A09B8296E761CF15E4903EAB3A4FB84784F488175DB8D53BA5DF3CE195C740

Function 00007FF6543C8EF0 Relevance: 11.6, APIs: 9, Instructions: 314memoryCOMMON

Download Yara Rule

APIs

memcpy.MSVCRT ref: 00007FF6543C8FF1
memcpy.MSVCRT ref: 00007FF6543C9004
HeapFree.KERNEL32 ref: 00007FF6543C90F2
HeapFree.KERNEL32 ref: 00007FF6543C9103
memcpy.MSVCRT ref: 00007FF6543C9234
memcpy.MSVCRT ref: 00007FF6543C9247
memcpy.MSVCRT ref: 00007FF6543C92C3
HeapFree.KERNEL32 ref: 00007FF6543C9419
HeapFree.KERNEL32 ref: 00007FF6543C942A

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: memcpy$FreeHeap
String ID:
API String ID: 4250714341-0
Opcode ID: 870078229a5efc3946b194157b289d09747e863c2fd6104a4aa69e0029f70b4c
Instruction ID: e8474191fe56d5af65daf42125cc1f98ab1668de50e2a9fc86210e78891fdd23
Opcode Fuzzy Hash: 870078229a5efc3946b194157b289d09747e863c2fd6104a4aa69e0029f70b4c
Instruction Fuzzy Hash: 66F1AF62A04F9585E7459F29E8913ED63B4FF48B88F089235DE8D63765EF38E195C300

Function 00007FF6543B2E80 Relevance: 11.4, APIs: 9, Instructions: 102memoryCOMMON

Download Yara Rule

APIs

HeapFree.KERNEL32 ref: 00007FF6543B2EA7
HeapFree.KERNEL32 ref: 00007FF6543B3D80
HeapFree.KERNEL32 ref: 00007FF6543B3DBC
HeapFree.KERNEL32 ref: 00007FF6543B3DEE
HeapFree.KERNEL32 ref: 00007FF6543B3E30
HeapFree.KERNEL32 ref: 00007FF6543B3E60
HeapFree.KERNEL32 ref: 00007FF6543B3FFF
HeapFree.KERNEL32 ref: 00007FF6543B4020
HeapFree.KERNEL32 ref: 00007FF6543B430F

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: d2c1012b0feea23002b76769a6207df10c51ee2a068945ed6eb6f3513e9cfd3f
Instruction ID: 601ca2353dbbd2c9467042c4697c9b405e7b1b853e4aeeb4b695edeb7fa8c564
Opcode Fuzzy Hash: d2c1012b0feea23002b76769a6207df10c51ee2a068945ed6eb6f3513e9cfd3f
Instruction Fuzzy Hash: 33513F22A08E5280E725DB16D4E43FD67A1EF89F94F4D40B6CA4DA77A9CF7CE5849300

Function 00007FF6543ACE48 Relevance: 10.2, APIs: 8, Instructions: 183memoryCOMMON

Download Yara Rule

APIs

HeapFree.KERNEL32 ref: 00007FF6543AFBE8
memcpy.MSVCRT ref: 00007FF6543AFF24
memcpy.MSVCRT ref: 00007FF6543AFF3F
memcpy.MSVCRT ref: 00007FF6543AFF6F
memcpy.MSVCRT ref: 00007FF6543AFF8D
memcpy.MSVCRT ref: 00007FF6543AFFC8
memcpy.MSVCRT ref: 00007FF6543AFFDD

Part of subcall function 00007FF654397360: HeapFree.KERNEL32 ref: 00007FF654397391

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: memcpy$FreeHeap
String ID:
API String ID: 4250714341-0
Opcode ID: 455ac78f758034b9fbebc9b87940ed1497fedecbd2b1642e21792d11e3ab40f7
Instruction ID: a876e325bef0895dfc2920fd2caf11a797cbdc1da95a311f7945a12a5f87e3b2
Opcode Fuzzy Hash: 455ac78f758034b9fbebc9b87940ed1497fedecbd2b1642e21792d11e3ab40f7
Instruction Fuzzy Hash: 20A19C72A08BC681EA60CB16E0947AE77A8FB89780F494175EE8CA3795DF3DD544C700

Function 00007FF6543CFF20 Relevance: 9.4, APIs: 4, Strings: 2, Instructions: 391COMMON

Download Yara Rule

APIs

memcpy.MSVCRT ref: 00007FF6543D045F

Strings

invalid key, xrefs: 00007FF6543D0525
index not found, xrefs: 00007FF6543D0351

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: memcpy
String ID: index not found$invalid key
API String ID: 3510742995-2380169476
Opcode ID: 0680f54011438f1cc2500a0b6b2576a573d216c753702931f0c093e283412767
Instruction ID: b7f22f8bfde5d355ba1cb39c31fd09e8c4b04e8b3f57887d0367d37d749380b7
Opcode Fuzzy Hash: 0680f54011438f1cc2500a0b6b2576a573d216c753702931f0c093e283412767
Instruction Fuzzy Hash: 39F1F822E19B4681EB118F26D4A13AC6360EF55FC4F9882B6DA4DB77A1EF3CD585C300

Function 00007FF6543B2F87 Relevance: 8.9, APIs: 7, Instructions: 131memoryCOMMON

Download Yara Rule

APIs

HeapFree.KERNEL32 ref: 00007FF6543B35D9
HeapFree.KERNEL32 ref: 00007FF6543B3F36
HeapFree.KERNEL32 ref: 00007FF6543B3F66
HeapFree.KERNEL32 ref: 00007FF6543B3FA1
HeapFree.KERNEL32 ref: 00007FF6543B430F

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: cdc6706c07a447a4923b1d57a10c110e0e1ff211f207feb3488963a7e6225039
Instruction ID: af264bd85127522163950a8ac29adaa6c3b2ece2c0932c9d93e3838e0619040b
Opcode Fuzzy Hash: cdc6706c07a447a4923b1d57a10c110e0e1ff211f207feb3488963a7e6225039
Instruction Fuzzy Hash: 3A71412290CA8281E771D716D4A43FA6BA0EB85B98F4C40B6DA8DA77F6CF7CD544C740

Function 00007FF6543B309E Relevance: 8.9, APIs: 7, Instructions: 128memoryCOMMON

Download Yara Rule

APIs

HeapFree.KERNEL32 ref: 00007FF6543B30C0
HeapFree.KERNEL32 ref: 00007FF6543B3F36
HeapFree.KERNEL32 ref: 00007FF6543B3F66
HeapFree.KERNEL32 ref: 00007FF6543B3FA1
HeapFree.KERNEL32 ref: 00007FF6543B430F

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: 5eb5f65c0d03ba857201c773d9ebed9a5bd44a4024c13e5f1db52ec356eaa7ed
Instruction ID: 50f4a480ff1848da3f16ea0b207ba1b086454096e893b959f91ca794cfd3245b
Opcode Fuzzy Hash: 5eb5f65c0d03ba857201c773d9ebed9a5bd44a4024c13e5f1db52ec356eaa7ed
Instruction Fuzzy Hash: 4A61402290CA8281E771D726D4A43FA6BA0EB85B98F4C40B6D68DA77F6CF7CD544C740

Function 00007FF6544076A0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 116memoryCOMMON

Download Yara Rule

APIs

HeapFree.KERNEL32(?,?,?,?,?,?,FFFFFFFF,?,?,?,?,?,00007FF654407696), ref: 00007FF654407785
HeapFree.KERNEL32(?,?,?,?,?,?,FFFFFFFF,?,?,?,?,?,00007FF654407696), ref: 00007FF6544077CD
closesocket.WS2_32 ref: 00007FF6544077E2

Part of subcall function 00007FF65451A980: bind.WS2_32 ref: 00007FF65451AAC0

HeapFree.KERNEL32(?,?,?,?,?,?,FFFFFFFF,?,?,?,?,?,00007FF654407696), ref: 00007FF654407811

Strings

127.0.0.1:0C:\Users\User\.cargo\registry\src\index.crates.io-6f17d22bba15001f\mio-0.8.11\src\sys\windows\mod.rs, xrefs: 00007FF6544076BF

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: FreeHeap$bindclosesocket
String ID: 127.0.0.1:0C:\Users\User\.cargo\registry\src\index.crates.io-6f17d22bba15001f\mio-0.8.11\src\sys\windows\mod.rs
API String ID: 2995523075-3689599868
Opcode ID: ad2d32f3e8c9361f16426e84d584cb893d1ecde264878ffcf79dfde696ea45ab
Instruction ID: 7666e8fc993e9fbe28cc2b465386fee2e6ea788f90ab7f8c98efd444d461190b
Opcode Fuzzy Hash: ad2d32f3e8c9361f16426e84d584cb893d1ecde264878ffcf79dfde696ea45ab
Instruction Fuzzy Hash: 1C412402E4D54241F6269B1695A42BB5360FF95BC4F4D81B0EE4DABA8EEF3CF582C301

Function 00007FF6543B420B Relevance: 8.8, APIs: 7, Instructions: 98memoryCOMMON

Download Yara Rule

APIs

HeapFree.KERNEL32 ref: 00007FF6543B3FFF
HeapFree.KERNEL32 ref: 00007FF6543B4020
HeapFree.KERNEL32 ref: 00007FF6543B4261
HeapFree.KERNEL32 ref: 00007FF6543B429D
HeapFree.KERNEL32 ref: 00007FF6543B430F
HeapFree.KERNEL32 ref: 00007FF6543B4340
HeapFree.KERNEL32 ref: 00007FF6543B4370

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: 06e4d80b54df5da8e4705d500cb2e989d020187ff7996088e17b3ee3ce73ff1c
Instruction ID: 7d9375600b2cbdd07fd50ccd29578636e9696e7001c2eca267063141eb156287
Opcode Fuzzy Hash: 06e4d80b54df5da8e4705d500cb2e989d020187ff7996088e17b3ee3ce73ff1c
Instruction Fuzzy Hash: 71516111A0CE8280E725DB13D0E43BD67A1EB95B98F4C40B6CA4DA7BA5CF3CE584E304

Function 00007FF654391850 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 93memorythreadCOMMON

Download Yara Rule

APIs

SwitchToThread.KERNEL32(00000001,?,?,00007FF654393028), ref: 00007FF6543918E8
HeapFree.KERNEL32(00000001,?,?,00007FF654393028), ref: 00007FF654391939

Strings

assertion failed: (*tail).value.is_none()C:\Users\User\.cargo\registry\src\index.crates.io-6f17d22bba15001f\futures-channel-0.3.30\src\mpsc\queue.rs, xrefs: 00007FF654391949
assertion failed: (*next).value.is_some(), xrefs: 00007FF654391961

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: FreeHeapSwitchThread
String ID: assertion failed: (*next).value.is_some()$assertion failed: (*tail).value.is_none()C:\Users\User\.cargo\registry\src\index.crates.io-6f17d22bba15001f\futures-channel-0.3.30\src\mpsc\queue.rs
API String ID: 3436096665-1756350486
Opcode ID: 84129f549843d409cbcb5b59c7b5f79c44aaa92dd529a9713b3949fa1da5a843
Instruction ID: 396af4933546f934500986147b236a0341153f7d504fac6ae4b0c8738d06c870
Opcode Fuzzy Hash: 84129f549843d409cbcb5b59c7b5f79c44aaa92dd529a9713b3949fa1da5a843
Instruction Fuzzy Hash: 99319321A0DA5241FB41AF12E4E03B967A0EF84B84F4C84B5DA5DB77E6DE3CE856C340

Function 00007FF6543B34B9 Relevance: 8.8, APIs: 7, Instructions: 91memoryCOMMON

Download Yara Rule

APIs

HeapFree.KERNEL32 ref: 00007FF6543B3528
HeapFree.KERNEL32 ref: 00007FF6543B355E
HeapFree.KERNEL32 ref: 00007FF6543B3FA1
HeapFree.KERNEL32 ref: 00007FF6543B3FFF
HeapFree.KERNEL32 ref: 00007FF6543B4020
HeapFree.KERNEL32 ref: 00007FF6543B34CD

Part of subcall function 00007FF654560750: RtlCaptureContext.KERNEL32 ref: 00007FF6545607CE
Part of subcall function 00007FF654560750: RtlUnwindEx.KERNEL32 ref: 00007FF6545607EC
Part of subcall function 00007FF654560750: abort.MSVCRT ref: 00007FF6545607F2
Part of subcall function 00007FF654560750: abort.MSVCRT ref: 00007FF654560810

HeapFree.KERNEL32 ref: 00007FF6543B430F

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: FreeHeap$abort$CaptureContextUnwind
String ID:
API String ID: 2601978900-0
Opcode ID: 72539d07733f5c89b2fe4ebd2f3d20a13ed7dca65a088b10d8dca6385d06fdcd
Instruction ID: b236f4bb54ca4048d0f6b99907ba30ec3bdcc86301f5cc1e7f9b045bc4c14ad3
Opcode Fuzzy Hash: 72539d07733f5c89b2fe4ebd2f3d20a13ed7dca65a088b10d8dca6385d06fdcd
Instruction Fuzzy Hash: 6A41405190CA9281E731D723D0A43BE6BA0EF85B94F4C40B5DA8DA7AE6CF7CE544D740

Function 00007FF6543B2EB1 Relevance: 8.8, APIs: 7, Instructions: 80memoryCOMMON

Download Yara Rule

APIs

HeapFree.KERNEL32 ref: 00007FF6543B2ED6
HeapFree.KERNEL32 ref: 00007FF6543B3D80
HeapFree.KERNEL32 ref: 00007FF6543B3DBC
HeapFree.KERNEL32 ref: 00007FF6543B3DEE
HeapFree.KERNEL32 ref: 00007FF6543B3FFF
HeapFree.KERNEL32 ref: 00007FF6543B4020
HeapFree.KERNEL32 ref: 00007FF6543B430F

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: 9afe85c9a5d2e368a3203b85afa8c73ab4a08f7d563702edfebc913d0ebc13c9
Instruction ID: f14b75a7b91db14ee241d66702df1a4ec455e2984cb164d74caaaa209672e14c
Opcode Fuzzy Hash: 9afe85c9a5d2e368a3203b85afa8c73ab4a08f7d563702edfebc913d0ebc13c9
Instruction Fuzzy Hash: 12414425908E9180E725DB17D0E43F967A1EB89F94F0D40B5DA4DA7BA5CF7CE184D304

Function 00007FF65440C350 Relevance: 7.7, APIs: 4, Strings: 1, Instructions: 238COMMON

Download Yara Rule

APIs

memcpy.MSVCRT ref: 00007FF65440C4E0
memcpy.MSVCRT ref: 00007FF65440C522

Strings

%00%01%02%03%04%05%06%07%08%09%0A%0B%0C%0D%0E%0F%10%11%12%13%14%15%16%17%18%19%1A%1B%1C%1D%1E%1F%20%21%22%23%24%25%26%27%28%29%2A%2B%2C%2D%2E%2F%30%31%32%33%34%35%36%37%38%39%3A%3B%3C%3D%3E%3F%40%41%42%43%44%45%46%47%48%49%4A%4B%4C%4D%4E%4F%50%51%52%53%54%55%5, xrefs: 00007FF65440C391, 00007FF65440C543

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: memcpy
String ID: %00%01%02%03%04%05%06%07%08%09%0A%0B%0C%0D%0E%0F%10%11%12%13%14%15%16%17%18%19%1A%1B%1C%1D%1E%1F%20%21%22%23%24%25%26%27%28%29%2A%2B%2C%2D%2E%2F%30%31%32%33%34%35%36%37%38%39%3A%3B%3C%3D%3E%3F%40%41%42%43%44%45%46%47%48%49%4A%4B%4C%4D%4E%4F%50%51%52%53%54%55%5
API String ID: 3510742995-2957816097
Opcode ID: 251ecf8ad7c06b0989250abcc91b7a3fd89079972ffa3d89b609e1948b408509
Instruction ID: 0ca58d62ba2b6945f0d4be939c0805f7fd34033e3becf9141f3073f4ec4048f2
Opcode Fuzzy Hash: 251ecf8ad7c06b0989250abcc91b7a3fd89079972ffa3d89b609e1948b408509
Instruction Fuzzy Hash: 9A911332A1DA52C2EA189B01E4A437D67B0FB54BC4F588475EE4EABB99DF3CE155C300

Function 00007FF65453C210 Relevance: 7.7, APIs: 3, Strings: 2, Instructions: 196COMMON

Download Yara Rule

APIs

memcmp.MSVCRT ref: 00007FF65453C2A6
memcmp.MSVCRT ref: 00007FF65453C300
memcpy.MSVCRT ref: 00007FF65453C3A7

Strings

assertion failed: self.is_char_boundary(end), xrefs: 00007FF65453C4B5
file://C:\Users\User\.cargo\registry\src\index.crates.io-6f17d22bba15001f\url-2.5.0\src\parser.rs, xrefs: 00007FF65453C2F0

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: memcmp$memcpy
String ID: assertion failed: self.is_char_boundary(end)$file://C:\Users\User\.cargo\registry\src\index.crates.io-6f17d22bba15001f\url-2.5.0\src\parser.rs
API String ID: 231171946-2841207823
Opcode ID: 692a6558f75060d96eeee566a0cf0f1a0391a1ba062319b6298986942206159f
Instruction ID: d20c89e07b497de494f01190143c55a45d8953e990a74594d4e510d231a9fb15
Opcode Fuzzy Hash: 692a6558f75060d96eeee566a0cf0f1a0391a1ba062319b6298986942206159f
Instruction Fuzzy Hash: 0671C122F0C64255FA61DF69D8E03B866A0AF45B80FAC01B2D95DF37E5DE7DE8468300

Function 00007FF65439C082 Relevance: 7.7, APIs: 6, Instructions: 157memoryCOMMON

Download Yara Rule

APIs

HeapFree.KERNEL32 ref: 00007FF65439C165

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: 092a846f0a0c8701708318f1c636a3b7a0eefc1861aca6ccf4ecabe96326bac8
Instruction ID: 88546864031dd70af5b5ce9d27c84d4dfa85534b7138814e6d1535d0af0399e6
Opcode Fuzzy Hash: 092a846f0a0c8701708318f1c636a3b7a0eefc1861aca6ccf4ecabe96326bac8
Instruction Fuzzy Hash: 7271D23260AB8184EA55DF16D4E43FA23A0FB44B94F894275DEAD973B1EF3DD5808340

Function 00007FF6543B2FFF Relevance: 7.6, APIs: 6, Instructions: 132memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF65440E180: HeapFree.KERNEL32(?,?,?,?,00007FF65439274A), ref: 00007FF65440E1BD

HeapFree.KERNEL32 ref: 00007FF6543B3F36
HeapFree.KERNEL32 ref: 00007FF6543B3F66
HeapFree.KERNEL32 ref: 00007FF6543B3FA1
HeapFree.KERNEL32 ref: 00007FF6543B430F

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: 1923fdf10d7db0afed9ffa56a446bd4e5cbe20942cf2d9fff9554977f15dd424
Instruction ID: 90178007faa6222f187994a843c849b425c4f2f5f285d8d04a289da3a9c7e934
Opcode Fuzzy Hash: 1923fdf10d7db0afed9ffa56a446bd4e5cbe20942cf2d9fff9554977f15dd424
Instruction Fuzzy Hash: F7712F2290CAC281E771DB16D4A43FA6BA0EB85B58F4C40B6DA8DA77F5CF6CD544C740

Function 00007FF6543B32A0 Relevance: 7.6, APIs: 6, Instructions: 130memoryCOMMON

Download Yara Rule

APIs

HeapFree.KERNEL32 ref: 00007FF6543B3F36
HeapFree.KERNEL32 ref: 00007FF6543B3F66
HeapFree.KERNEL32 ref: 00007FF6543B3FA1

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: 46f74798f18dc56f35ffc8ee96133c2d2a4ba4a68cd7e4ef8604d3010cb74dbe
Instruction ID: 123c799ab0c7c08907e5a09708ae600f6ff3f87cd5ae919040087da1b7d50973
Opcode Fuzzy Hash: 46f74798f18dc56f35ffc8ee96133c2d2a4ba4a68cd7e4ef8604d3010cb74dbe
Instruction Fuzzy Hash: F9713D2290CAC281E771DB16D4A43FA6BA0EB85B98F4C40B6DA8DA77F5CF6CD544C740

Function 00007FF6543B356B Relevance: 7.6, APIs: 6, Instructions: 129memoryCOMMON

Download Yara Rule

APIs

HeapFree.KERNEL32 ref: 00007FF6543B3F36
HeapFree.KERNEL32 ref: 00007FF6543B3F66
HeapFree.KERNEL32 ref: 00007FF6543B3FA1
HeapFree.KERNEL32 ref: 00007FF6543B430F

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: bdb0d351d98f454345e3126e11272f7bcb48a2147cf93a6cd937255902868b0a
Instruction ID: 68ffea15fd2e25063bcf88b4c6d3c5c56425919098c19865e37a27ac8de96e3b
Opcode Fuzzy Hash: bdb0d351d98f454345e3126e11272f7bcb48a2147cf93a6cd937255902868b0a
Instruction Fuzzy Hash: 87711E2290CAC281E771DB16D4A43FA6BA0EB85B98F4C40B6DA8DA77F5CF6CD544C740

Function 00007FF6543B347F Relevance: 7.6, APIs: 6, Instructions: 128memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF65449B5E0: HeapFree.KERNEL32 ref: 00007FF65449B5FF
Part of subcall function 00007FF65449B5E0: HeapFree.KERNEL32 ref: 00007FF65449B63C
Part of subcall function 00007FF65449B5E0: HeapFree.KERNEL32 ref: 00007FF65449B656

HeapFree.KERNEL32 ref: 00007FF6543B3F36
HeapFree.KERNEL32 ref: 00007FF6543B3F66
HeapFree.KERNEL32 ref: 00007FF6543B3FA1
HeapFree.KERNEL32 ref: 00007FF6543B3FFF
HeapFree.KERNEL32 ref: 00007FF6543B430F

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: d35844bfc544a77ca927d4d44393b44f72634dae5aad4fcb4e59225a89d5009c
Instruction ID: c70b36892b6b61db628e3a26469dfc79aa205b70fe7cb652b360b11c55b38aee
Opcode Fuzzy Hash: d35844bfc544a77ca927d4d44393b44f72634dae5aad4fcb4e59225a89d5009c
Instruction Fuzzy Hash: 5061502290CAC280E771D716D4A43FA6BA0EB85B98F4C40B6D68DA77F6CF6CD544C740

Function 00007FF6543B2F4C Relevance: 7.6, APIs: 6, Instructions: 128memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF65449B5E0: HeapFree.KERNEL32 ref: 00007FF65449B5FF
Part of subcall function 00007FF65449B5E0: HeapFree.KERNEL32 ref: 00007FF65449B63C
Part of subcall function 00007FF65449B5E0: HeapFree.KERNEL32 ref: 00007FF65449B656

HeapFree.KERNEL32 ref: 00007FF6543B3F36
HeapFree.KERNEL32 ref: 00007FF6543B3F66
HeapFree.KERNEL32 ref: 00007FF6543B3FA1
HeapFree.KERNEL32 ref: 00007FF6543B3FFF
HeapFree.KERNEL32 ref: 00007FF6543B430F

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: 369c5985ba3b6b0c6d1ef37012f9fd449c275b8bbb53eed174bd0ad686564197
Instruction ID: 8dc4137b27a31b6d57de211e6a1179eeb59918c3605086143958d399be755c00
Opcode Fuzzy Hash: 369c5985ba3b6b0c6d1ef37012f9fd449c275b8bbb53eed174bd0ad686564197
Instruction Fuzzy Hash: C961622290CAC680E771D716D4A43FA6BA0EB85B88F4C40B6D68DA77F6CF6CD544C740

Function 00007FF6543B342D Relevance: 7.6, APIs: 6, Instructions: 126memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF65449B5E0: HeapFree.KERNEL32 ref: 00007FF65449B5FF
Part of subcall function 00007FF65449B5E0: HeapFree.KERNEL32 ref: 00007FF65449B63C
Part of subcall function 00007FF65449B5E0: HeapFree.KERNEL32 ref: 00007FF65449B656

HeapFree.KERNEL32 ref: 00007FF6543B3F36
HeapFree.KERNEL32 ref: 00007FF6543B3F66
HeapFree.KERNEL32 ref: 00007FF6543B3FA1
HeapFree.KERNEL32 ref: 00007FF6543B3FFF
HeapFree.KERNEL32 ref: 00007FF6543B430F

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: 55d8ba2fff13933a2f0c5314db1d9457fc9fe8175cec99085dddeb6bb62dd62a
Instruction ID: 9249247f054763cc55ab04cc232ed83ddb43a3bc25ac9b1b3f0df6b3a063eaca
Opcode Fuzzy Hash: 55d8ba2fff13933a2f0c5314db1d9457fc9fe8175cec99085dddeb6bb62dd62a
Instruction Fuzzy Hash: 3761612290CA8281E771D726D4A43FA6BA0EB85B98F4C40B6D68DA77F6CF7CD544C740

Function 00007FF6543B3014 Relevance: 7.6, APIs: 6, Instructions: 126memoryCOMMON

Download Yara Rule

APIs

HeapFree.KERNEL32 ref: 00007FF6543B3F36
HeapFree.KERNEL32 ref: 00007FF6543B3F66
HeapFree.KERNEL32 ref: 00007FF6543B3FA1
HeapFree.KERNEL32 ref: 00007FF6543B430F

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: dbe53dfcfb494227f45fb03d11579ad898845c45d026d2147c01808d61359a34
Instruction ID: 2c630bc22cdd7650aa1c3c4516c0ae13dfaae0b47b247bde7b6b6f9458b04884
Opcode Fuzzy Hash: dbe53dfcfb494227f45fb03d11579ad898845c45d026d2147c01808d61359a34
Instruction Fuzzy Hash: 7C61302290CA8281E771D716D4A43FA6BA0EB85B58F4C40B6D68DA76F6CF7CD544C740

Function 00007FF6543B35ED Relevance: 7.6, APIs: 6, Instructions: 124memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF65449BA10: HeapFree.KERNEL32 ref: 00007FF65449BA53

Part of subcall function 00007FF65449B5E0: HeapFree.KERNEL32 ref: 00007FF65449B5FF
Part of subcall function 00007FF65449B5E0: HeapFree.KERNEL32 ref: 00007FF65449B63C
Part of subcall function 00007FF65449B5E0: HeapFree.KERNEL32 ref: 00007FF65449B656

HeapFree.KERNEL32 ref: 00007FF6543B3F36
HeapFree.KERNEL32 ref: 00007FF6543B3F66
HeapFree.KERNEL32 ref: 00007FF6543B3FA1
HeapFree.KERNEL32 ref: 00007FF6543B3FFF
HeapFree.KERNEL32 ref: 00007FF6543B430F

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: 6059ab7c4649b65237459d9965463771ca00c4865d4ae9a761b32c4f9aa350f4
Instruction ID: 657f4015b47c47a56d46f3a4e2de37ddce5dda6d5af6444fd597e46d0efad94c
Opcode Fuzzy Hash: 6059ab7c4649b65237459d9965463771ca00c4865d4ae9a761b32c4f9aa350f4
Instruction Fuzzy Hash: 28615F2290CAC681E771D726D4A43FA6BA0EB84B98F4C40B6D68DA76F6CF6CD544C740

Function 00007FF6543B3084 Relevance: 7.6, APIs: 6, Instructions: 124memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF65449BB30: HeapFree.KERNEL32 ref: 00007FF65449BB6D

Part of subcall function 00007FF65449B5E0: HeapFree.KERNEL32 ref: 00007FF65449B5FF
Part of subcall function 00007FF65449B5E0: HeapFree.KERNEL32 ref: 00007FF65449B63C
Part of subcall function 00007FF65449B5E0: HeapFree.KERNEL32 ref: 00007FF65449B656

HeapFree.KERNEL32 ref: 00007FF6543B3F36
HeapFree.KERNEL32 ref: 00007FF6543B3F66
HeapFree.KERNEL32 ref: 00007FF6543B3FA1
HeapFree.KERNEL32 ref: 00007FF6543B3FFF
HeapFree.KERNEL32 ref: 00007FF6543B430F

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: 86303d946d595ddc3af8173b47d1c16405f6980b084b3a9c8c1bc0c27abde617
Instruction ID: b5d56c1712023e0784928491e8507f74c09ce05e0e8a8f84038591fbaf48a5c6
Opcode Fuzzy Hash: 86303d946d595ddc3af8173b47d1c16405f6980b084b3a9c8c1bc0c27abde617
Instruction Fuzzy Hash: 0661612290CAC281E771D726D4A43FA6BA0EB84B98F4C40B6D68DA77F6CF6CD544C740

Function 00007FF6543B3477 Relevance: 7.6, APIs: 6, Instructions: 123memoryCOMMON

Download Yara Rule

APIs

HeapFree.KERNEL32 ref: 00007FF6543B3F36
HeapFree.KERNEL32 ref: 00007FF6543B3F66
HeapFree.KERNEL32 ref: 00007FF6543B3FA1
HeapFree.KERNEL32 ref: 00007FF6543B430F

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: bb3117efe324705a58d78c8ad69d28af57727d4a794689ce6926ae5e5bdeb736
Instruction ID: 1b9a9ae544e3341daad7f2725279aa004b4edb5c426b098418dce22283b63560
Opcode Fuzzy Hash: bb3117efe324705a58d78c8ad69d28af57727d4a794689ce6926ae5e5bdeb736
Instruction Fuzzy Hash: 8461402290CA8281E771D716D4A43FA6BA0EB85B98F4C40B6DA8DA77F6CF7CD544C740

Function 00007FF6543B306F Relevance: 7.6, APIs: 6, Instructions: 123memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF65449B5E0: HeapFree.KERNEL32 ref: 00007FF65449B5FF
Part of subcall function 00007FF65449B5E0: HeapFree.KERNEL32 ref: 00007FF65449B63C
Part of subcall function 00007FF65449B5E0: HeapFree.KERNEL32 ref: 00007FF65449B656

HeapFree.KERNEL32 ref: 00007FF6543B3F36
HeapFree.KERNEL32 ref: 00007FF6543B3F66
HeapFree.KERNEL32 ref: 00007FF6543B3FA1
HeapFree.KERNEL32 ref: 00007FF6543B3FFF
HeapFree.KERNEL32 ref: 00007FF6543B430F

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: 2d70b2f1f3b21aeed345c452193137e2d46acdf5806aba9baa8d8b32acaca3ba
Instruction ID: 4bdd7a85d034484b0b14cf3d7d9009fa1d1641d983c7e12266c175843bd1df6d
Opcode Fuzzy Hash: 2d70b2f1f3b21aeed345c452193137e2d46acdf5806aba9baa8d8b32acaca3ba
Instruction Fuzzy Hash: DD61602290CAC281E771D726D4A43FA6BA0EB85B98F4C40B6D68DA77F6CF6CD544C740

Function 00007FF6543B3624 Relevance: 7.6, APIs: 6, Instructions: 121memoryCOMMON

Download Yara Rule

APIs

HeapFree.KERNEL32 ref: 00007FF6543B3F36
HeapFree.KERNEL32 ref: 00007FF6543B3F66
HeapFree.KERNEL32 ref: 00007FF6543B3FA1
HeapFree.KERNEL32 ref: 00007FF6543B3FFF
HeapFree.KERNEL32 ref: 00007FF6543B430F

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: 1166104c0fc94708fecb172991bc9137d365110a4091f0591f81077afa6de081
Instruction ID: e6a13c556d87b62ec3a5daa87306765e94a9e225a3a99666bc40ccb012ae136a
Opcode Fuzzy Hash: 1166104c0fc94708fecb172991bc9137d365110a4091f0591f81077afa6de081
Instruction Fuzzy Hash: 59614F2290CAC280E771D726D4A43FA6BA0EB85B98F4C40B6D68DA77F6CF6CD544C740

Function 00007FF6543B3775 Relevance: 7.6, APIs: 6, Instructions: 121memoryCOMMON

Download Yara Rule

APIs

HeapFree.KERNEL32 ref: 00007FF6543B3F36
HeapFree.KERNEL32 ref: 00007FF6543B3F66
HeapFree.KERNEL32 ref: 00007FF6543B3FA1
HeapFree.KERNEL32 ref: 00007FF6543B3FFF
HeapFree.KERNEL32 ref: 00007FF6543B430F

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: 8ca3adf8d93b079895297df9f331ce839d29775258801f518810b3377bba4304
Instruction ID: 1260f4378ac0169c71bd0fc7e5002d8b536cbbaef500c7143b3685190e033322
Opcode Fuzzy Hash: 8ca3adf8d93b079895297df9f331ce839d29775258801f518810b3377bba4304
Instruction Fuzzy Hash: A3613F2290CAC280E771D716D4A43FA6BA0EB85B58F4C40B6D68D977F6CF6CD544C740

Function 00007FF6543B30CA Relevance: 7.6, APIs: 6, Instructions: 121memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF65449B5E0: HeapFree.KERNEL32 ref: 00007FF65449B5FF
Part of subcall function 00007FF65449B5E0: HeapFree.KERNEL32 ref: 00007FF65449B63C
Part of subcall function 00007FF65449B5E0: HeapFree.KERNEL32 ref: 00007FF65449B656

HeapFree.KERNEL32 ref: 00007FF6543B3F36
HeapFree.KERNEL32 ref: 00007FF6543B3F66
HeapFree.KERNEL32 ref: 00007FF6543B3FA1
HeapFree.KERNEL32 ref: 00007FF6543B3FFF
HeapFree.KERNEL32 ref: 00007FF6543B430F

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: 3d7a5dea2f9c689d5501d2693c1bf7e1971dfde882d33d97a169780d9de2071d
Instruction ID: 0adce68f3d35e5e27d4c8df3eb586d6bc25024ef99e9d25fe51617a91ad4d88e
Opcode Fuzzy Hash: 3d7a5dea2f9c689d5501d2693c1bf7e1971dfde882d33d97a169780d9de2071d
Instruction Fuzzy Hash: 51616F2290CAC281E771D726D4A43FA6BA0EB84B98F4C40B6D68DA77F6CF6CD544C740

Function 00007FF654394DCE Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 117COMMON

Download Yara Rule

APIs

memcpy.MSVCRT ref: 00007FF654394E91
memcpy.MSVCRT ref: 00007FF654394F2A
memcpy.MSVCRT ref: 00007FF654394F7C

Part of subcall function 00007FF654560750: RtlCaptureContext.KERNEL32 ref: 00007FF6545607CE
Part of subcall function 00007FF654560750: RtlUnwindEx.KERNEL32 ref: 00007FF6545607EC
Part of subcall function 00007FF654560750: abort.MSVCRT ref: 00007FF6545607F2
Part of subcall function 00007FF654560750: abort.MSVCRT ref: 00007FF654560810

Strings

assertion failed: prev.ref_count() >= 1, xrefs: 00007FF654394E11
connection closed, xrefs: 00007FF654394EFF

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: memcpy$abort$CaptureContextUnwind
String ID: assertion failed: prev.ref_count() >= 1$connection closed
API String ID: 1331445628-4068603165
Opcode ID: 92a4e5cf1fb8f4bbb7e55f98f64b8e6334d017857a14e3b63505ff43198f6936
Instruction ID: 731c4c7985e6d84c02892cd1edbbc5d24e1ddfb5bd02ccfa673c6790cf7564c8
Opcode Fuzzy Hash: 92a4e5cf1fb8f4bbb7e55f98f64b8e6334d017857a14e3b63505ff43198f6936
Instruction Fuzzy Hash: D7512722A0CA8281EA219F12E4943FD5360FB95794F5C4271DA9DA67F6CF3EE585C700

Function 00007FF6543B3122 Relevance: 7.6, APIs: 6, Instructions: 117memoryCOMMON

Download Yara Rule

APIs

HeapFree.KERNEL32 ref: 00007FF6543B35D9
HeapFree.KERNEL32 ref: 00007FF6543B3F36
HeapFree.KERNEL32 ref: 00007FF6543B3F66
HeapFree.KERNEL32 ref: 00007FF6543B3FA1
HeapFree.KERNEL32 ref: 00007FF6543B430F

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: c4061ca4cfcb7e56eb53b649da1f01f045b4769d54678b015dc3f42ad3214cb9
Instruction ID: 3236703349776bd730475ae92f46a7de3224ca1391e91e4fa4807d1af7bd788b
Opcode Fuzzy Hash: c4061ca4cfcb7e56eb53b649da1f01f045b4769d54678b015dc3f42ad3214cb9
Instruction Fuzzy Hash: C361522290CA8280E771D716D4A43FA6BA0EB85B98F4C40B6D68DA77F6CF7CD544C741

Function 00007FF6543B3E67 Relevance: 7.6, APIs: 6, Instructions: 116memoryCOMMON

Download Yara Rule

APIs

HeapFree.KERNEL32 ref: 00007FF6543B3F36
HeapFree.KERNEL32 ref: 00007FF6543B3F66
HeapFree.KERNEL32 ref: 00007FF6543B3FA1
HeapFree.KERNEL32 ref: 00007FF6543B3FFF
HeapFree.KERNEL32 ref: 00007FF6543B430F

Part of subcall function 00007FF65449B5E0: HeapFree.KERNEL32 ref: 00007FF65449B5FF
Part of subcall function 00007FF65449B5E0: HeapFree.KERNEL32 ref: 00007FF65449B63C
Part of subcall function 00007FF65449B5E0: HeapFree.KERNEL32 ref: 00007FF65449B656

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: a8aa2c29a919003b9bed360ea405e5ec415411fcd69dc171e9f5e10c8b564ec5
Instruction ID: 794467bf727a0438bd14b94fea92a74765f93dfd5d60183a1a79b2147ace5916
Opcode Fuzzy Hash: a8aa2c29a919003b9bed360ea405e5ec415411fcd69dc171e9f5e10c8b564ec5
Instruction Fuzzy Hash: 6F51302290CA8680E771D726D4A43FA6BA0EB85B58F4C40B6D68DA77F6CF6CD584C740

Function 00007FF6543B37CA Relevance: 7.6, APIs: 6, Instructions: 112memoryCOMMON

Download Yara Rule

APIs

HeapFree.KERNEL32 ref: 00007FF6543B3F36
HeapFree.KERNEL32 ref: 00007FF6543B3F66
HeapFree.KERNEL32 ref: 00007FF6543B3FA1
HeapFree.KERNEL32 ref: 00007FF6543B3FFF
HeapFree.KERNEL32 ref: 00007FF6543B4020
HeapFree.KERNEL32 ref: 00007FF6543B430F

Part of subcall function 00007FF65439B750: HeapFree.KERNEL32 ref: 00007FF65439B779
Part of subcall function 00007FF65439B750: HeapFree.KERNEL32 ref: 00007FF65439B7DE

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: 29805894633fcbe4ecb332373fcb3f997f1616679613ffd909060c1626f368d1
Instruction ID: 3682ef2a2b25fee6a398dc6314f1fd5bb260bac9a5fbe7e59347618cfff50a42
Opcode Fuzzy Hash: 29805894633fcbe4ecb332373fcb3f997f1616679613ffd909060c1626f368d1
Instruction Fuzzy Hash: A951422290CA8280E771D726D4A43FA6BA0EB85B98F4C40B6D68D977F6CF7CD584C741

Function 00007FF6543B3668 Relevance: 7.6, APIs: 6, Instructions: 111memoryCOMMON

Download Yara Rule

APIs

HeapFree.KERNEL32 ref: 00007FF6543B3F36
HeapFree.KERNEL32 ref: 00007FF6543B3F66
HeapFree.KERNEL32 ref: 00007FF6543B3FA1
HeapFree.KERNEL32 ref: 00007FF6543B3FFF
HeapFree.KERNEL32 ref: 00007FF6543B4020
HeapFree.KERNEL32 ref: 00007FF6543B430F

Part of subcall function 00007FF65439B750: HeapFree.KERNEL32 ref: 00007FF65439B779
Part of subcall function 00007FF65439B750: HeapFree.KERNEL32 ref: 00007FF65439B7DE

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: c07cfd1190693eda545a8fcc0d2f3b0458f1283811b67ecb1960423df53993cc
Instruction ID: e06a0a62f7b328c3ef238d751a0994c7fe44d6e67a17e7b6d97ddb1337119ade
Opcode Fuzzy Hash: c07cfd1190693eda545a8fcc0d2f3b0458f1283811b67ecb1960423df53993cc
Instruction Fuzzy Hash: 2251402290CA8280E771D726D4A43FA6BA0EB85B58F4C40B6DA8D977F6CF7CD584C741

Function 00007FF6543B3819 Relevance: 7.6, APIs: 6, Instructions: 111memoryCOMMON

Download Yara Rule

APIs

HeapFree.KERNEL32 ref: 00007FF6543B3F36
HeapFree.KERNEL32 ref: 00007FF6543B3F66
HeapFree.KERNEL32 ref: 00007FF6543B3FA1
HeapFree.KERNEL32 ref: 00007FF6543B3FFF
HeapFree.KERNEL32 ref: 00007FF6543B4020
HeapFree.KERNEL32 ref: 00007FF6543B430F

Part of subcall function 00007FF65439B750: HeapFree.KERNEL32 ref: 00007FF65439B779
Part of subcall function 00007FF65439B750: HeapFree.KERNEL32 ref: 00007FF65439B7DE

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: 9180cc2a56af7bf4e7ebf233cd0febef439032fc89df5f275e02a85cd00ddd92
Instruction ID: 39d13dab097a7ea4c1971a0f82e6e23fcd38f5eb9f4f783e324602a7a3fd42db
Opcode Fuzzy Hash: 9180cc2a56af7bf4e7ebf233cd0febef439032fc89df5f275e02a85cd00ddd92
Instruction Fuzzy Hash: CA51512290CA8680E771D726D0A43FA6BA0EB85B58F4C40B6D68DA77F6CF7CD584C740

Function 00007FF6543B3905 Relevance: 7.6, APIs: 6, Instructions: 111memoryCOMMON

Download Yara Rule

APIs

HeapFree.KERNEL32 ref: 00007FF6543B3F36
HeapFree.KERNEL32 ref: 00007FF6543B3F66
HeapFree.KERNEL32 ref: 00007FF6543B3FA1
HeapFree.KERNEL32 ref: 00007FF6543B3FFF
HeapFree.KERNEL32 ref: 00007FF6543B4020
HeapFree.KERNEL32 ref: 00007FF6543B430F

Part of subcall function 00007FF65439B750: HeapFree.KERNEL32 ref: 00007FF65439B779
Part of subcall function 00007FF65439B750: HeapFree.KERNEL32 ref: 00007FF65439B7DE

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: fbd30b175cd533cc3711b1c5d519a3542ddd5af857e7a4475864087407f0c155
Instruction ID: 0b2b2f5d2d82ccceeb177ca85f571669a3addfabc7a39d31d7e6a4c821511cd0
Opcode Fuzzy Hash: fbd30b175cd533cc3711b1c5d519a3542ddd5af857e7a4475864087407f0c155
Instruction Fuzzy Hash: A451522290CA8280E771D726D0A43FA6BA0EB85B58F4C40B6D68D977F6CF7CD584C740

Function 00007FF6543B32DF Relevance: 7.6, APIs: 6, Instructions: 111memoryCOMMON

Download Yara Rule

APIs

HeapFree.KERNEL32 ref: 00007FF6543B3F36
HeapFree.KERNEL32 ref: 00007FF6543B3F66
HeapFree.KERNEL32 ref: 00007FF6543B3FA1
HeapFree.KERNEL32 ref: 00007FF6543B3FFF
HeapFree.KERNEL32 ref: 00007FF6543B4020
HeapFree.KERNEL32 ref: 00007FF6543B430F

Part of subcall function 00007FF65439B750: HeapFree.KERNEL32 ref: 00007FF65439B779
Part of subcall function 00007FF65439B750: HeapFree.KERNEL32 ref: 00007FF65439B7DE

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: 2975d9107f67d17f8d64b2d7ac4bb384c29f8faa8c393d167b20e012b4767fa4
Instruction ID: 39d13dab097a7ea4c1971a0f82e6e23fcd38f5eb9f4f783e324602a7a3fd42db
Opcode Fuzzy Hash: 2975d9107f67d17f8d64b2d7ac4bb384c29f8faa8c393d167b20e012b4767fa4
Instruction Fuzzy Hash: CA51512290CA8680E771D726D0A43FA6BA0EB85B58F4C40B6D68DA77F6CF7CD584C740

Function 00007FF654396EA0 Relevance: 7.6, APIs: 6, Instructions: 108memoryCOMMON

Download Yara Rule

APIs

HeapFree.KERNEL32 ref: 00007FF654396EEE
HeapFree.KERNEL32 ref: 00007FF654396F0D
HeapFree.KERNEL32 ref: 00007FF654396F26
HeapFree.KERNEL32 ref: 00007FF654396F9C
HeapFree.KERNEL32 ref: 00007FF654396FB9
HeapFree.KERNEL32 ref: 00007FF654397009

Part of subcall function 00007FF65440E180: HeapFree.KERNEL32(?,?,?,?,00007FF65439274A), ref: 00007FF65440E1BD

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: dfbc674dd6781a5bb22e01e2438d3c988be0c7d2c4efc528e7574b1d65fc6b44
Instruction ID: dc1856cf1862e87a74929cb5b344f802bc6630b51703f9f8c750bb5406848c09
Opcode Fuzzy Hash: dfbc674dd6781a5bb22e01e2438d3c988be0c7d2c4efc528e7574b1d65fc6b44
Instruction Fuzzy Hash: B1414022A09A4281F629DF22D4E43FD6390EF45B84F4D44B6CB5EA76A1DF7DE485D300

Function 00007FF6543980C0 Relevance: 7.6, APIs: 6, Instructions: 108memoryCOMMON

Download Yara Rule

APIs

HeapFree.KERNEL32 ref: 00007FF654398130
HeapFree.KERNEL32 ref: 00007FF65439816C
HeapFree.KERNEL32 ref: 00007FF654398185
HeapFree.KERNEL32 ref: 00007FF6543981BC
HeapFree.KERNEL32 ref: 00007FF6543981F7
HeapFree.KERNEL32 ref: 00007FF65439822C

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: a127be290048e75319164969e65edf76ad37ed1f98f0271aa86e1e06a409d006
Instruction ID: 395b88ea4f3d9f8a3732adc1fe989fea3f85a1af14e7a0b395e4e8f9e211f3da
Opcode Fuzzy Hash: a127be290048e75319164969e65edf76ad37ed1f98f0271aa86e1e06a409d006
Instruction Fuzzy Hash: 60416012E1C98281FA28CF17D4E43B97390EF85B84F5D44B6CA5DE66A1DF7DF4859200

Function 00007FF6543B3717 Relevance: 7.6, APIs: 6, Instructions: 107memoryCOMMON

Download Yara Rule

APIs

HeapFree.KERNEL32 ref: 00007FF6543B3F36
HeapFree.KERNEL32 ref: 00007FF6543B3F66
HeapFree.KERNEL32 ref: 00007FF6543B3FA1
HeapFree.KERNEL32 ref: 00007FF6543B3FFF
HeapFree.KERNEL32 ref: 00007FF6543B4020
HeapFree.KERNEL32 ref: 00007FF6543B430F

Part of subcall function 00007FF654397130: HeapFree.KERNEL32 ref: 00007FF65439714F
Part of subcall function 00007FF654397130: HeapFree.KERNEL32 ref: 00007FF65439718C

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: 4b29cb0d857da003e61fe5368989c8248ec1a5677e28c54e955eebc2ac320d3e
Instruction ID: 422235499f25506408fdb7cba82cca2d59d6aebc185c63743125b041382d3fa3
Opcode Fuzzy Hash: 4b29cb0d857da003e61fe5368989c8248ec1a5677e28c54e955eebc2ac320d3e
Instruction Fuzzy Hash: 13513F2290CAC280E771D726D4A43FA6BA0EB85B48F4C40B6D68DA77F6CF6CD584C740

Function 00007FF6543B33FC Relevance: 7.6, APIs: 6, Instructions: 106memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF654399130: HeapFree.KERNEL32 ref: 00007FF654399153

Part of subcall function 00007FF654392170: HeapFree.KERNEL32 ref: 00007FF65439218F
Part of subcall function 00007FF654392170: HeapFree.KERNEL32 ref: 00007FF6543921CC
Part of subcall function 00007FF654392170: HeapFree.KERNEL32 ref: 00007FF6543921E6
Part of subcall function 00007FF654392170: HeapFree.KERNEL32 ref: 00007FF654392BE1

HeapFree.KERNEL32 ref: 00007FF6543B3F36
HeapFree.KERNEL32 ref: 00007FF6543B3F66
HeapFree.KERNEL32 ref: 00007FF6543B3FA1
HeapFree.KERNEL32 ref: 00007FF6543B3FFF
HeapFree.KERNEL32 ref: 00007FF6543B4020
HeapFree.KERNEL32 ref: 00007FF6543B430F

Part of subcall function 00007FF6543971C0: HeapFree.KERNEL32(?,?,?,?,00007FF654392BC3), ref: 00007FF6543971E9
Part of subcall function 00007FF6543971C0: HeapFree.KERNEL32(?,?,?,?,00007FF654392BC3), ref: 00007FF654397223
Part of subcall function 00007FF6543971C0: HeapFree.KERNEL32(?,?,?,?,00007FF654392BC3), ref: 00007FF654397253
Part of subcall function 00007FF6543971C0: HeapFree.KERNEL32 ref: 00007FF654397272

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: 40080c43c57aa7fb1bf8c7486d08a0061f60c7773b572f3078eaab9e88b25c13
Instruction ID: 62c8a2243325091ea7f9b95b4df4e86e823295df5a686f34f9f65514c020df37
Opcode Fuzzy Hash: 40080c43c57aa7fb1bf8c7486d08a0061f60c7773b572f3078eaab9e88b25c13
Instruction Fuzzy Hash: 5951301290CAC280E771D726D4A43FA6BA0EB85748F4C40B6D68DA77F6CF6CE544C741

Function 00007FF6543B33D0 Relevance: 7.6, APIs: 6, Instructions: 105memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF654399130: HeapFree.KERNEL32 ref: 00007FF654399153

Part of subcall function 00007FF654392170: HeapFree.KERNEL32 ref: 00007FF65439218F
Part of subcall function 00007FF654392170: HeapFree.KERNEL32 ref: 00007FF6543921CC
Part of subcall function 00007FF654392170: HeapFree.KERNEL32 ref: 00007FF6543921E6
Part of subcall function 00007FF654392170: HeapFree.KERNEL32 ref: 00007FF654392BE1

HeapFree.KERNEL32 ref: 00007FF6543B3F36
HeapFree.KERNEL32 ref: 00007FF6543B3F66
HeapFree.KERNEL32 ref: 00007FF6543B3FA1
HeapFree.KERNEL32 ref: 00007FF6543B3FFF
HeapFree.KERNEL32 ref: 00007FF6543B4020
HeapFree.KERNEL32 ref: 00007FF6543B430F

Part of subcall function 00007FF6543971C0: HeapFree.KERNEL32(?,?,?,?,00007FF654392BC3), ref: 00007FF6543971E9
Part of subcall function 00007FF6543971C0: HeapFree.KERNEL32(?,?,?,?,00007FF654392BC3), ref: 00007FF654397223
Part of subcall function 00007FF6543971C0: HeapFree.KERNEL32(?,?,?,?,00007FF654392BC3), ref: 00007FF654397253
Part of subcall function 00007FF6543971C0: HeapFree.KERNEL32 ref: 00007FF654397272

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: e6bd678c7bed30235cd16d0b905a436f501656e9f82aca00891f2a90fea4d8e5
Instruction ID: 00fdc7c137368d67a49b99030aadfd388e4963b6f9d798ffca0a5d2d5b51fe45
Opcode Fuzzy Hash: e6bd678c7bed30235cd16d0b905a436f501656e9f82aca00891f2a90fea4d8e5
Instruction Fuzzy Hash: 6B513F1290CAC280E771D726D4A43FA6BA0EB85B48F4C40B6D68DA77F6CF6CE584C741

Function 00007FF6543B3988 Relevance: 7.6, APIs: 6, Instructions: 104memoryCOMMON

Download Yara Rule

APIs

HeapFree.KERNEL32 ref: 00007FF6543B3F36
HeapFree.KERNEL32 ref: 00007FF6543B3F66
HeapFree.KERNEL32 ref: 00007FF6543B3FA1
HeapFree.KERNEL32 ref: 00007FF6543B3FFF
HeapFree.KERNEL32 ref: 00007FF6543B4020
HeapFree.KERNEL32 ref: 00007FF6543B430F

Part of subcall function 00007FF654397130: HeapFree.KERNEL32 ref: 00007FF65439714F
Part of subcall function 00007FF654397130: HeapFree.KERNEL32 ref: 00007FF65439718C

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: 95da64d48cd0c021f4db1dedb3ed016f386c976ec0ffed5b4ed9c5497422dbac
Instruction ID: 04e6fdd195b7329cca9f5480ec7dcbbd44f35c3be3515f4581262fb2ac2e8b37
Opcode Fuzzy Hash: 95da64d48cd0c021f4db1dedb3ed016f386c976ec0ffed5b4ed9c5497422dbac
Instruction Fuzzy Hash: 33513F1290CAC280E771D726D4A43FA6BA0EB85B48F4C40B6D68DA77F6CF6CD584C740

Function 00007FF6543B3899 Relevance: 7.6, APIs: 6, Instructions: 100memoryCOMMON

Download Yara Rule

APIs

HeapFree.KERNEL32 ref: 00007FF6543B3F36
HeapFree.KERNEL32 ref: 00007FF6543B3F66
HeapFree.KERNEL32 ref: 00007FF6543B3FA1
HeapFree.KERNEL32 ref: 00007FF6543B3FFF
HeapFree.KERNEL32 ref: 00007FF6543B4020
HeapFree.KERNEL32 ref: 00007FF6543B430F

Part of subcall function 00007FF6543971C0: HeapFree.KERNEL32(?,?,?,?,00007FF654392BC3), ref: 00007FF6543971E9
Part of subcall function 00007FF6543971C0: HeapFree.KERNEL32(?,?,?,?,00007FF654392BC3), ref: 00007FF654397223
Part of subcall function 00007FF6543971C0: HeapFree.KERNEL32(?,?,?,?,00007FF654392BC3), ref: 00007FF654397253
Part of subcall function 00007FF6543971C0: HeapFree.KERNEL32 ref: 00007FF654397272

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: 21adf36d68a70a48112eb1f9e08665789bb409efa999fbcbba99273b12ee72f0
Instruction ID: 2a4cbf88174e4787c999a10910102a6ac34516ecfdff21f6a4b4f1674bd2cfcb
Opcode Fuzzy Hash: 21adf36d68a70a48112eb1f9e08665789bb409efa999fbcbba99273b12ee72f0
Instruction Fuzzy Hash: 4851205290CA8280E771D726D0A43FA6BA0EB85788F4C40B6D68DA77F6CF6CE544D741

Function 00007FF6543B323A Relevance: 7.6, APIs: 6, Instructions: 99memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF65440E180: HeapFree.KERNEL32(?,?,?,?,00007FF65439274A), ref: 00007FF65440E1BD

HeapFree.KERNEL32 ref: 00007FF6543B3F36
HeapFree.KERNEL32 ref: 00007FF6543B3F66
HeapFree.KERNEL32 ref: 00007FF6543B3FA1
HeapFree.KERNEL32 ref: 00007FF6543B3FFF
HeapFree.KERNEL32 ref: 00007FF6543B4020
HeapFree.KERNEL32 ref: 00007FF6543B430F

Part of subcall function 00007FF6543971C0: HeapFree.KERNEL32(?,?,?,?,00007FF654392BC3), ref: 00007FF6543971E9
Part of subcall function 00007FF6543971C0: HeapFree.KERNEL32(?,?,?,?,00007FF654392BC3), ref: 00007FF654397223
Part of subcall function 00007FF6543971C0: HeapFree.KERNEL32(?,?,?,?,00007FF654392BC3), ref: 00007FF654397253
Part of subcall function 00007FF6543971C0: HeapFree.KERNEL32 ref: 00007FF654397272

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: fe1c741f1655fdf2429b2514e3257bd0dbbeb9b0c523711fb5cbc11bc9101571
Instruction ID: a7b69225a9cc09d3a7d6ba665d1fe9f9624fa5c4a2d4167e6f5916d5e97a5bca
Opcode Fuzzy Hash: fe1c741f1655fdf2429b2514e3257bd0dbbeb9b0c523711fb5cbc11bc9101571
Instruction Fuzzy Hash: 3B51215190CA8280E771D726D0A43FA6BA0EB85B48F4C40B6DA8DA77F6CF7CE584D741

Function 00007FF6543B3035 Relevance: 7.6, APIs: 6, Instructions: 97memoryCOMMON

Download Yara Rule

APIs

HeapFree.KERNEL32 ref: 00007FF6543B3F36
HeapFree.KERNEL32 ref: 00007FF6543B3F66
HeapFree.KERNEL32 ref: 00007FF6543B3FA1
HeapFree.KERNEL32 ref: 00007FF6543B3FFF
HeapFree.KERNEL32 ref: 00007FF6543B4020
HeapFree.KERNEL32 ref: 00007FF6543B430F

Part of subcall function 00007FF6543971C0: HeapFree.KERNEL32(?,?,?,?,00007FF654392BC3), ref: 00007FF6543971E9
Part of subcall function 00007FF6543971C0: HeapFree.KERNEL32(?,?,?,?,00007FF654392BC3), ref: 00007FF654397223
Part of subcall function 00007FF6543971C0: HeapFree.KERNEL32(?,?,?,?,00007FF654392BC3), ref: 00007FF654397253
Part of subcall function 00007FF6543971C0: HeapFree.KERNEL32 ref: 00007FF654397272

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: 21890b9d4a6b8654fb819f7b0972d12df4f99dd9a28518633b344baa8212f495
Instruction ID: d3fae15dc357a7dcd2b83cc473664ebbd923c0a708b52f2df900a894f7600cd2
Opcode Fuzzy Hash: 21890b9d4a6b8654fb819f7b0972d12df4f99dd9a28518633b344baa8212f495
Instruction Fuzzy Hash: 2B51305190CA8280E771D726D0A43FA6BA0EB85B48F4C40B6DA8DA77F6CF7CE584D741

Function 00007FF6543B2F75 Relevance: 7.6, APIs: 6, Instructions: 95memoryCOMMON

Download Yara Rule

APIs

HeapFree.KERNEL32 ref: 00007FF6543B3F36
HeapFree.KERNEL32 ref: 00007FF6543B3F66
HeapFree.KERNEL32 ref: 00007FF6543B3FA1
HeapFree.KERNEL32 ref: 00007FF6543B3FFF
HeapFree.KERNEL32 ref: 00007FF6543B4020
HeapFree.KERNEL32 ref: 00007FF6543B430F

Part of subcall function 00007FF6543971C0: HeapFree.KERNEL32(?,?,?,?,00007FF654392BC3), ref: 00007FF6543971E9
Part of subcall function 00007FF6543971C0: HeapFree.KERNEL32(?,?,?,?,00007FF654392BC3), ref: 00007FF654397223
Part of subcall function 00007FF6543971C0: HeapFree.KERNEL32(?,?,?,?,00007FF654392BC3), ref: 00007FF654397253
Part of subcall function 00007FF6543971C0: HeapFree.KERNEL32 ref: 00007FF654397272

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: be290b61f396834e0e4316d45b25a6ad824a30d565bbdf900ac68346f141619b
Instruction ID: d428c02a320817308c25e0df70da2bd1d7afbe64dc48cbec0dcb922454cba193
Opcode Fuzzy Hash: be290b61f396834e0e4316d45b25a6ad824a30d565bbdf900ac68346f141619b
Instruction Fuzzy Hash: FA51435190CA8280E771D726D0A43FA6BA0EB85B48F0C40B6DA8D977F6CF7CE584D741

Function 00007FF6543B33B3 Relevance: 7.6, APIs: 6, Instructions: 93memoryCOMMON

Download Yara Rule

APIs

HeapFree.KERNEL32 ref: 00007FF6543B3F36
HeapFree.KERNEL32 ref: 00007FF6543B3F66
HeapFree.KERNEL32 ref: 00007FF6543B3FA1
HeapFree.KERNEL32 ref: 00007FF6543B3FFF
HeapFree.KERNEL32 ref: 00007FF6543B4020
HeapFree.KERNEL32 ref: 00007FF6543B430F

Part of subcall function 00007FF6543971C0: HeapFree.KERNEL32(?,?,?,?,00007FF654392BC3), ref: 00007FF6543971E9
Part of subcall function 00007FF6543971C0: HeapFree.KERNEL32(?,?,?,?,00007FF654392BC3), ref: 00007FF654397223
Part of subcall function 00007FF6543971C0: HeapFree.KERNEL32(?,?,?,?,00007FF654392BC3), ref: 00007FF654397253
Part of subcall function 00007FF6543971C0: HeapFree.KERNEL32 ref: 00007FF654397272

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: c7c261addf2f576dc0fdb33e54d9ac23719414da4cd3cbef89bf0cf5238d1e5e
Instruction ID: 9a9f8d3e6be45188cd239bf79e965b934b4bfef0f96f3846bd2d185d19501d8b
Opcode Fuzzy Hash: c7c261addf2f576dc0fdb33e54d9ac23719414da4cd3cbef89bf0cf5238d1e5e
Instruction Fuzzy Hash: 0151325190CA8280E771D726D0A43FA6BA0EB85B58F0C40B6DA8D977F6CF7CE584D741

Function 00007FF6543B2F20 Relevance: 7.6, APIs: 6, Instructions: 77memoryCOMMON

Download Yara Rule

APIs

HeapFree.KERNEL32 ref: 00007FF6543B3D80
HeapFree.KERNEL32 ref: 00007FF6543B3DBC
HeapFree.KERNEL32 ref: 00007FF6543B3DEE
HeapFree.KERNEL32 ref: 00007FF6543B3FFF
HeapFree.KERNEL32 ref: 00007FF6543B4020
HeapFree.KERNEL32 ref: 00007FF6543B430F

Part of subcall function 00007FF65439B0C0: HeapFree.KERNEL32(?,00000000,?,00007FF65439162E), ref: 00007FF65439B0F6

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: c213be5052421592765c8b2da513232b14e1bfd3e943414d129abddeb035730f
Instruction ID: cec7d10c153e69aac3ec477e4cb06932e59541bc6cff4aa27dd230e7b204b6d7
Opcode Fuzzy Hash: c213be5052421592765c8b2da513232b14e1bfd3e943414d129abddeb035730f
Instruction Fuzzy Hash: 77414225908E9180E721DB16D0E03B967A1EB89B94F0D40B6DA8DA7BA5CF7CE584D740

Function 00007FF6543B2F9C Relevance: 7.6, APIs: 6, Instructions: 73memoryCOMMON

Download Yara Rule

APIs

HeapFree.KERNEL32 ref: 00007FF6543B3D80
HeapFree.KERNEL32 ref: 00007FF6543B3DBC
HeapFree.KERNEL32 ref: 00007FF6543B3DEE
HeapFree.KERNEL32 ref: 00007FF6543B3E30
HeapFree.KERNEL32 ref: 00007FF6543B3E60
HeapFree.KERNEL32 ref: 00007FF6543B3FFF
HeapFree.KERNEL32 ref: 00007FF6543B4020
HeapFree.KERNEL32 ref: 00007FF6543B430F

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: 164ce5dec6ebe9764fcf749cea871a66f8d48e5da602842791513bbe91ab9563
Instruction ID: d7bfd91e3294c49ada410268b023f30e1b41932173614608a656b4927f062c34
Opcode Fuzzy Hash: 164ce5dec6ebe9764fcf749cea871a66f8d48e5da602842791513bbe91ab9563
Instruction Fuzzy Hash: F6415325908E9180E721DB16D0D43B967A1EB89F94F0D40B5DA8DA7BA5CF7CE184D300

Function 00007FF6543B3D3C Relevance: 7.6, APIs: 6, Instructions: 71memoryCOMMON

Download Yara Rule

APIs

HeapFree.KERNEL32 ref: 00007FF6543B3D80
HeapFree.KERNEL32 ref: 00007FF6543B3DBC
HeapFree.KERNEL32 ref: 00007FF6543B3DEE
HeapFree.KERNEL32 ref: 00007FF6543B3E30
HeapFree.KERNEL32 ref: 00007FF6543B3E60
HeapFree.KERNEL32 ref: 00007FF6543B3FFF
HeapFree.KERNEL32 ref: 00007FF6543B4020
HeapFree.KERNEL32 ref: 00007FF6543B430F

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: 246c6a396cb9eeb43d2630f4e3eb5807ef4647f619f3b974c5b6ca81ac246385
Instruction ID: f5914111e703c2ea6adea6406418ddcd8fd87fc40aad4c0231bbb570a5490f0e
Opcode Fuzzy Hash: 246c6a396cb9eeb43d2630f4e3eb5807ef4647f619f3b974c5b6ca81ac246385
Instruction Fuzzy Hash: C0315525908E9180E721DB16D0D03F967A1EB89F94F0D40B5DE8DA7BA9CF7CE584D700

Function 00007FF6543B2EE0 Relevance: 7.6, APIs: 6, Instructions: 71memoryCOMMON

Download Yara Rule

APIs

HeapFree.KERNEL32 ref: 00007FF6543B3D80
HeapFree.KERNEL32 ref: 00007FF6543B3DBC
HeapFree.KERNEL32 ref: 00007FF6543B3DEE
HeapFree.KERNEL32 ref: 00007FF6543B3E30
HeapFree.KERNEL32 ref: 00007FF6543B3E60
HeapFree.KERNEL32 ref: 00007FF6543B3FFF
HeapFree.KERNEL32 ref: 00007FF6543B4020
HeapFree.KERNEL32 ref: 00007FF6543B430F

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: 23627a474f59db26a25543ed25a15f5087637e7a20bf52a4e0ea604a46e7a2c5
Instruction ID: 5ddaf6bf9d60cd6b8872e5db0c48637304c53fc73f847ced69c18e9b512e41bd
Opcode Fuzzy Hash: 23627a474f59db26a25543ed25a15f5087637e7a20bf52a4e0ea604a46e7a2c5
Instruction Fuzzy Hash: D2315325908E9180E721DB16D0E03F967A1EB89F94F0D40B6DE8DA7BA9CF7CE184D700

Function 00007FF6543B3990 Relevance: 7.6, APIs: 6, Instructions: 71memoryCOMMON

Download Yara Rule

APIs

HeapFree.KERNEL32 ref: 00007FF6543B3D80
HeapFree.KERNEL32 ref: 00007FF6543B3DBC
HeapFree.KERNEL32 ref: 00007FF6543B3DEE
HeapFree.KERNEL32 ref: 00007FF6543B3E30
HeapFree.KERNEL32 ref: 00007FF6543B3E60
HeapFree.KERNEL32 ref: 00007FF6543B3FFF
HeapFree.KERNEL32 ref: 00007FF6543B4020
HeapFree.KERNEL32 ref: 00007FF6543B430F

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: 77194b6b9a3792aa7393b0e36a812df2dcf69198d15d8b45799d2e2738b88a41
Instruction ID: 5ddaf6bf9d60cd6b8872e5db0c48637304c53fc73f847ced69c18e9b512e41bd
Opcode Fuzzy Hash: 77194b6b9a3792aa7393b0e36a812df2dcf69198d15d8b45799d2e2738b88a41
Instruction Fuzzy Hash: D2315325908E9180E721DB16D0E03F967A1EB89F94F0D40B6DE8DA7BA9CF7CE184D700

Function 00007FF654396930 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 118COMMON

Download Yara Rule

Strings

failed to wake I/O driver, xrefs: 00007FF654396A54
A Tokio 1.x context was found, but IO is disabled. Call `enable_io` on the runtime builder to enable IO.A Tokio 1.x context was found, but timers are disabled. Call `enable_time` on the runtime builder to enable timers.Oh no! We never placed the Core back, thi, xrefs: 00007FF654396AAC

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: AddressFreeHeapSingleWake
String ID: A Tokio 1.x context was found, but IO is disabled. Call `enable_io` on the runtime builder to enable IO.A Tokio 1.x context was found, but timers are disabled. Call `enable_time` on the runtime builder to enable timers.Oh no! We never placed the Core back, thi$failed to wake I/O driver
API String ID: 1757495356-3400405205
Opcode ID: fc30c2f13a113f76cf75717aca289d6f60c723888206ec3cd8a9d427e0866275
Instruction ID: 62fa33d9a7907fb65e8c820292291145f1de9cfc52ec90b87267ecb29c8e2f79
Opcode Fuzzy Hash: fc30c2f13a113f76cf75717aca289d6f60c723888206ec3cd8a9d427e0866275
Instruction Fuzzy Hash: C741E762909A0241EA64EF22E4A12B92360FF54774F584371EE7EA73E5DF3CE452C340

Function 00007FF6544F6600 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 95COMMON

Download Yara Rule

APIs

QueryPerformanceFrequency.KERNEL32(?,?,?,?,?,?,00007FF65439D404), ref: 00007FF6544F663E
GetLastError.KERNEL32(?,?,?,?,?,?,00007FF65439D404), ref: 00007FF6544F66DC
GetLastError.KERNEL32(?,?,?,?,?,?,00007FF65439D404), ref: 00007FF6544F6717

Strings

called `Result::unwrap()` on an `Err` value, xrefs: 00007FF6544F66F9, 00007FF6544F6734

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: ErrorLast$FrequencyPerformanceQuery
String ID: called `Result::unwrap()` on an `Err` value
API String ID: 1045536338-2333694755
Opcode ID: f59ce97d3ce8aad52cdee8abe74319df40171c186f530ef3623f502aa073c4ee
Instruction ID: 2d33690446749be3e4c1c4d0c13bc4b8c1b61af576eb3f0ebc9c578dc67b2dd4
Opcode Fuzzy Hash: f59ce97d3ce8aad52cdee8abe74319df40171c186f530ef3623f502aa073c4ee
Instruction Fuzzy Hash: 4131C761B09A4666FF04DB61D8A13F923A1EF84784F0C81B2DC4DA7799DE3CA502C340

Function 00007FF6543A2106 Relevance: 6.5, APIs: 5, Instructions: 226COMMON

Download Yara Rule

APIs

memcpy.MSVCRT ref: 00007FF6543A2226
memcpy.MSVCRT ref: 00007FF6543A223E
memcpy.MSVCRT ref: 00007FF6543A2262
memcpy.MSVCRT ref: 00007FF6543A227B

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: memcpy
String ID:
API String ID: 3510742995-0
Opcode ID: 044e0a7898cbe1a5b455308b53eb9a7407f1c6d58fc5aed5f72682bcaac4021c
Instruction ID: 7ce9a6ec203bae051694fb1f8f20f946a396d090f68e044ce2bb4c67fddd5ad3
Opcode Fuzzy Hash: 044e0a7898cbe1a5b455308b53eb9a7407f1c6d58fc5aed5f72682bcaac4021c
Instruction Fuzzy Hash: 33B11722A09BD182E7528B16D0947FE2764FB55B84F895072DF9DA37A2EF3DD285C300

Function 00007FF6544A05B0 Relevance: 6.4, APIs: 5, Instructions: 147COMMON

Download Yara Rule

APIs

memcpy.MSVCRT ref: 00007FF6544A06B9
memcpy.MSVCRT ref: 00007FF6544A080E
memcpy.MSVCRT ref: 00007FF6544A0829
memcpy.MSVCRT ref: 00007FF6544A083C
memcpy.MSVCRT ref: 00007FF6544A0859

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: memcpy
String ID:
API String ID: 3510742995-0
Opcode ID: 5df30a808fa8a17a1356d99ba95b1b12b9939c89a0d9ebdad498e0ab50447879
Instruction ID: 4a1b73a065a0f3339fe7d8ae838721a4a366a1bd6374bd1ca2c93d7a4fffe155
Opcode Fuzzy Hash: 5df30a808fa8a17a1356d99ba95b1b12b9939c89a0d9ebdad498e0ab50447879
Instruction Fuzzy Hash: AE71D22194CAC291F7368B09E0967F5A3B5EFD0399F145231EB8857694FF3AD2928B40

Function 00007FF6543A06F0 Relevance: 6.4, APIs: 5, Instructions: 136COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 00007FF6543A0708
TlsGetValue.KERNEL32 ref: 00007FF6543A072E
TlsSetValue.KERNEL32 ref: 00007FF6543A07C2
TlsGetValue.KERNEL32 ref: 00007FF6543A087F
TlsGetValue.KERNEL32 ref: 00007FF6543A08C4

Part of subcall function 00007FF654560750: RtlCaptureContext.KERNEL32 ref: 00007FF6545607CE
Part of subcall function 00007FF654560750: RtlUnwindEx.KERNEL32 ref: 00007FF6545607EC
Part of subcall function 00007FF654560750: abort.MSVCRT ref: 00007FF6545607F2
Part of subcall function 00007FF654560750: abort.MSVCRT ref: 00007FF654560810

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: Value$abort$CaptureContextUnwind
String ID:
API String ID: 529571357-0
Opcode ID: 1b5c558d4ac4e6e909cb3c1c0f1fb761eef3fc0c2e22eb240701dc7aaaa2d695
Instruction ID: 72dc95b151f3a1b9dc3d6821ec1dd89c2598ceda72fcf99379d2a7456969d31c
Opcode Fuzzy Hash: 1b5c558d4ac4e6e909cb3c1c0f1fb761eef3fc0c2e22eb240701dc7aaaa2d695
Instruction Fuzzy Hash: C0618111E1CB8682FA159B1AD4A13B96360FF94744F0D92B4DE8DA27A2EF3DF5C58300

Function 00007FF654523270 Relevance: 6.3, APIs: 5, Instructions: 97COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?,?,00007FF654529A9A), ref: 00007FF654523281
TlsGetValue.KERNEL32(?,?,?,00007FF654529A9A), ref: 00007FF6545232AB
TlsGetValue.KERNEL32(?,?,?,00007FF654529A9A), ref: 00007FF6545232C6
TlsSetValue.KERNEL32(?,?,?,00007FF654529A9A), ref: 00007FF654523321
TlsGetValue.KERNEL32(?,?,?,00007FF654529A9A), ref: 00007FF65452339E

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: 178f0199cff1a25b23d1b691cbd38892f4a732abd732d3ec3800ec6445693df3
Instruction ID: 1d2ab583bfa794da37b132b9913922156cc5b8d92a7c076dcc0279be5983ec3e
Opcode Fuzzy Hash: 178f0199cff1a25b23d1b691cbd38892f4a732abd732d3ec3800ec6445693df3
Instruction Fuzzy Hash: 3F318021F1D70242FE599735A8F53B92290AF90B00F9C88BAC54DE73D5DE2CE881C300

Function 00007FF654514610 Relevance: 6.3, APIs: 5, Instructions: 94COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?,?,?,?,?,00007FF65451A036), ref: 00007FF654514627
TlsGetValue.KERNEL32(?,?,?,?,?,?,00007FF65451A036), ref: 00007FF654514650
TlsGetValue.KERNEL32(?,?,?,?,?,?,00007FF65451A036), ref: 00007FF65451466B
TlsSetValue.KERNEL32(?,?,?,?,?,?,00007FF65451A036), ref: 00007FF6545146CF
TlsGetValue.KERNEL32(?,?,?,?,?,?,00007FF65451A036), ref: 00007FF65451471F

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: 075c69ad9553d33dd5667536920440fb63e1368f03fc0c9b4b3bad8e7aff9514
Instruction ID: 26269d76ff4aae832926b5df921ed917ccccaa3788a1349d52f16b6c5971116f
Opcode Fuzzy Hash: 075c69ad9553d33dd5667536920440fb63e1368f03fc0c9b4b3bad8e7aff9514
Instruction Fuzzy Hash: 1F41A620F1968681FE1A9F10D4B03BD1290AF42B44F9CA8B5C98DE77D5DE3CE486D340

Function 00007FF6544F4070 Relevance: 6.3, APIs: 5, Instructions: 94COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?,?,?,?,?,00007FF654519E7D), ref: 00007FF6544F4087
TlsGetValue.KERNEL32(?,?,?,?,?,?,00007FF654519E7D), ref: 00007FF6544F40B0
TlsGetValue.KERNEL32(?,?,?,?,?,?,00007FF654519E7D), ref: 00007FF6544F40CB
TlsSetValue.KERNEL32(?,?,?,?,?,?,00007FF654519E7D), ref: 00007FF6544F412F
TlsGetValue.KERNEL32(?,?,?,?,?,?,00007FF654519E7D), ref: 00007FF6544F417F

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: 723214d7442be1b5f19d087f79caafa1d076a44c06cfffcf53402e750af741c9
Instruction ID: 774ecd51738405707f37b724d9c222a284fd0f8a9172e0a32b354683d3f3097b
Opcode Fuzzy Hash: 723214d7442be1b5f19d087f79caafa1d076a44c06cfffcf53402e750af741c9
Instruction Fuzzy Hash: 7541C021F5A712A2FE149B64D4B43B912A0EF60B45F8C48B8C94DE37DADE3CE4819300

Function 00007FF6543B3501 Relevance: 6.3, APIs: 5, Instructions: 74memoryCOMMON

Download Yara Rule

APIs

HeapFree.KERNEL32 ref: 00007FF6543B3528
HeapFree.KERNEL32 ref: 00007FF6543B3FA1
HeapFree.KERNEL32 ref: 00007FF6543B3FFF
HeapFree.KERNEL32 ref: 00007FF6543B4020
HeapFree.KERNEL32 ref: 00007FF6543B430F

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: fb01c9216aed97a8e6dff743a867b9ea089fab6b51c2273a7fe5f9c46afad932
Instruction ID: 90feaf55ebf2a9734d528aee9194e8410f22ba9bcb886a5a5eb10aaa65004e5b
Opcode Fuzzy Hash: fb01c9216aed97a8e6dff743a867b9ea089fab6b51c2273a7fe5f9c46afad932
Instruction Fuzzy Hash: 0641545190CA8181F731DB22E0A43BE6BA0EB85754F4C00B6D78DA7AE5CF7DE484D740

Function 00007FF6543B3176 Relevance: 6.3, APIs: 5, Instructions: 73memoryCOMMON

Download Yara Rule

APIs

HeapFree.KERNEL32 ref: 00007FF6543B31BB
HeapFree.KERNEL32 ref: 00007FF6543B31E9
HeapFree.KERNEL32 ref: 00007FF6543B3FFF
HeapFree.KERNEL32 ref: 00007FF6543B4020
HeapFree.KERNEL32 ref: 00007FF6543B430F

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: 774f4946a29b8457d9a756cdbe112075d6af193c63c1c65b814184bc0bb01e8f
Instruction ID: 46713dd4095f5b9ea6340ba03eeeb51766ee514f3ec3c4bf46045230de9b36fd
Opcode Fuzzy Hash: 774f4946a29b8457d9a756cdbe112075d6af193c63c1c65b814184bc0bb01e8f
Instruction Fuzzy Hash: E841421190CA8280E731DB12E4A43FE6BA0EB85754F4C00B6DA8DA7BE6DF7DE184D740

Function 00007FF6543B421D Relevance: 6.3, APIs: 5, Instructions: 73memoryCOMMON

Download Yara Rule

APIs

HeapFree.KERNEL32 ref: 00007FF6543B3FFF
HeapFree.KERNEL32 ref: 00007FF6543B4020
HeapFree.KERNEL32 ref: 00007FF6543B4261
HeapFree.KERNEL32 ref: 00007FF6543B429D
HeapFree.KERNEL32 ref: 00007FF6543B430F
HeapFree.KERNEL32 ref: 00007FF6543B4340
HeapFree.KERNEL32 ref: 00007FF6543B4370

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: efa58a2dd1a3ed371b2a7e1caf76ccaefadfd44b0da612c5e053e9754b532584
Instruction ID: c5151a409936ab5e01da7424da23a1776037f65565c63bf095c1647b74179527
Opcode Fuzzy Hash: efa58a2dd1a3ed371b2a7e1caf76ccaefadfd44b0da612c5e053e9754b532584
Instruction Fuzzy Hash: 58414312A0CB8180E725DB17D0A43AE6BA1EB85B94F0C40B5DA8DA7BB6CF7CE544D704

Function 00007FF6543B319F Relevance: 6.3, APIs: 5, Instructions: 72memoryCOMMON

Download Yara Rule

APIs

HeapFree.KERNEL32 ref: 00007FF6543B31BB
HeapFree.KERNEL32 ref: 00007FF6543B31E9
HeapFree.KERNEL32 ref: 00007FF6543B3FFF
HeapFree.KERNEL32 ref: 00007FF6543B4020
HeapFree.KERNEL32 ref: 00007FF6543B430F

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: 7dc7f319520dcc7925c02ed6db71935fc630c1aeb33657fa4528b59a6ad22490
Instruction ID: cac4379da28ec06215a255452c5e82fe170c4024f89bb9cc8bf43ac49f5f0475
Opcode Fuzzy Hash: 7dc7f319520dcc7925c02ed6db71935fc630c1aeb33657fa4528b59a6ad22490
Instruction Fuzzy Hash: 2D41531190CA8280E771DB13E0A43BA6BA0EF85794F4C00B5DA8DA7BE6CF7DE184D744

Function 00007FF6544F5030 Relevance: 6.3, APIs: 5, Instructions: 71COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 00007FF6544F504B
TlsGetValue.KERNEL32 ref: 00007FF6544F506C
TlsSetValue.KERNEL32 ref: 00007FF6544F50BC
TlsGetValue.KERNEL32 ref: 00007FF6544F50DE
TlsGetValue.KERNEL32 ref: 00007FF6544F5100

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: feeb098349cb20a49582c69fe64de17a33766d07c4d9810276f1a030a9ca0d48
Instruction ID: 8bf323a49093ea6d1414d66aa6dcc1b0d72aaf772b092db3b0c1b5f52f9e75ca
Opcode Fuzzy Hash: feeb098349cb20a49582c69fe64de17a33766d07c4d9810276f1a030a9ca0d48
Instruction Fuzzy Hash: 5E213B30F6A286A6FE149B2094F53791290EF41701F9C88B9D84EE33D6DD3CB8859380

Function 00007FF6543B422C Relevance: 6.3, APIs: 5, Instructions: 70memoryCOMMON

Download Yara Rule

APIs

HeapFree.KERNEL32 ref: 00007FF6543B3FFF
HeapFree.KERNEL32 ref: 00007FF6543B4020
HeapFree.KERNEL32 ref: 00007FF6543B4261
HeapFree.KERNEL32 ref: 00007FF6543B429D
HeapFree.KERNEL32 ref: 00007FF6543B430F
HeapFree.KERNEL32 ref: 00007FF6543B4340
HeapFree.KERNEL32 ref: 00007FF6543B4370

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: 4b9c873e88a66f4c50e47538b116d18438f651c5d44723fca981da471c55b9d6
Instruction ID: f5a03a6fce4e18527eacf321e07ad62b5cb7af4179b8b35f3c2136f9166dc25b
Opcode Fuzzy Hash: 4b9c873e88a66f4c50e47538b116d18438f651c5d44723fca981da471c55b9d6
Instruction Fuzzy Hash: 4E314512A0CB8180E765DB17D0D43AD6BA1EB89B94F0C40B5DA8DA7BA5CF7CE544D704

Function 00007FF6543B2FC9 Relevance: 6.3, APIs: 5, Instructions: 70memoryCOMMON

Download Yara Rule

APIs

HeapFree.KERNEL32 ref: 00007FF6543B2FE8
HeapFree.KERNEL32 ref: 00007FF6543B3FA1
HeapFree.KERNEL32 ref: 00007FF6543B3FFF
HeapFree.KERNEL32 ref: 00007FF6543B4020
HeapFree.KERNEL32 ref: 00007FF6543B430F

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: 3c7827dbe699491df77c693d6ad17e206b008d3b0403a6458a32d7ec29a7162f
Instruction ID: b3e069d737e6e22ff1801f3ee9196a6d728708c89952ccaa771c934f4baae50f
Opcode Fuzzy Hash: 3c7827dbe699491df77c693d6ad17e206b008d3b0403a6458a32d7ec29a7162f
Instruction Fuzzy Hash: AF41335190CA8281E731D726E0A43BE6BA0EB85754F4C00B6D68DA76E6CF7DE584D740

Function 00007FF6543B36E5 Relevance: 6.3, APIs: 5, Instructions: 69memoryCOMMON

Download Yara Rule

APIs

HeapFree.KERNEL32 ref: 00007FF6543B3C13
HeapFree.KERNEL32 ref: 00007FF6543B3FA1
HeapFree.KERNEL32 ref: 00007FF6543B3FFF
HeapFree.KERNEL32 ref: 00007FF6543B4020
HeapFree.KERNEL32 ref: 00007FF6543B430F

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: 1d8e8b802d27584f551babdd45dac601fa5db762ec007d1bf3ac8fe67e14344f
Instruction ID: 9e389139fa8b25cc90feaf831a520065ff4a15f152b4e0a0148e20c3986f9225
Opcode Fuzzy Hash: 1d8e8b802d27584f551babdd45dac601fa5db762ec007d1bf3ac8fe67e14344f
Instruction Fuzzy Hash: 2D31425190CA8281E731D727E0E43BA6BA0EB85B54F4C40B5DA8EA76E6CF7CE584D740

Function 00007FF6543B344A Relevance: 6.3, APIs: 5, Instructions: 67memoryCOMMON

Download Yara Rule

APIs

HeapFree.KERNEL32 ref: 00007FF6543B3C13
HeapFree.KERNEL32 ref: 00007FF6543B3FA1
HeapFree.KERNEL32 ref: 00007FF6543B3FFF
HeapFree.KERNEL32 ref: 00007FF6543B4020
HeapFree.KERNEL32 ref: 00007FF6543B430F

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: 56285e7eeaef2889f1842c5a18cc1f96f9d48ce0d72b1570d1b31114b9a0ee7a
Instruction ID: de94a3423d069671eb6c54565a253fe3f9aced2a44edbd36f74e1885cba1daee
Opcode Fuzzy Hash: 56285e7eeaef2889f1842c5a18cc1f96f9d48ce0d72b1570d1b31114b9a0ee7a
Instruction Fuzzy Hash: F831455190CA8281E731D727E0A43BA6BA0EB85754F4C00B5DB8EA76F6CF7CE584D744

Function 00007FF654515100 Relevance: 6.2, APIs: 4, Instructions: 160COMMON

Download Yara Rule

APIs

freeaddrinfo.WS2_32 ref: 00007FF65451515B
freeaddrinfo.WS2_32 ref: 00007FF6545152D9

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: freeaddrinfo
String ID:
API String ID: 2731292433-0
Opcode ID: e053a0b947790abca42476269a3970b54efc9b7f45d092e2296d4aa8f5a16982
Instruction ID: e69cc0e07b446603ba751fd80ec0df1e352e492248e8e42737a78d05d96426e6
Opcode Fuzzy Hash: e053a0b947790abca42476269a3970b54efc9b7f45d092e2296d4aa8f5a16982
Instruction Fuzzy Hash: 10717822A04A948AE705CF75D4812ED77B0FB48B4CF189125EF8DA3B59EF38D5A5C350

Function 00007FF6543A7D7A Relevance: 6.2, APIs: 3, Strings: 1, Instructions: 154COMMON

Download Yara Rule

APIs

memcpy.MSVCRT ref: 00007FF6543A7F07
memcpy.MSVCRT ref: 00007FF6543A7F83
memcpy.MSVCRT ref: 00007FF6543A7F98

Strings

overflow when adding duration to instantlibrary\std\src\time.rs, xrefs: 00007FF6543A87EB

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: memcpy
String ID: overflow when adding duration to instantlibrary\std\src\time.rs
API String ID: 3510742995-3002242212
Opcode ID: ad48e3b7c6040afa8d5f9c8f5f9ec6de9241d13d6db071b1bbe300fe74734776
Instruction ID: aa1d26efaa541df34af8b21e399013cef3e85866d9637cfcfb2c38bfdab6b882
Opcode Fuzzy Hash: ad48e3b7c6040afa8d5f9c8f5f9ec6de9241d13d6db071b1bbe300fe74734776
Instruction Fuzzy Hash: 2771F522A0CAC290FB358B26D4A53F97764EF85344F488171DA8DA27E5EF3DE285C700

Function 00007FF6543A0250 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 126memoryCOMMON

Download Yara Rule

APIs

HeapFree.KERNEL32 ref: 00007FF6543A0439
HeapFree.KERNEL32 ref: 00007FF6543A047B

Strings

assertion failed: prev.is_running(), xrefs: 00007FF6543A033F
assertion failed: !prev.is_complete(), xrefs: 00007FF6543A0357

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: FreeHeap
String ID: assertion failed: !prev.is_complete()$assertion failed: prev.is_running()
API String ID: 3298025750-900065180
Opcode ID: 19b52e27b1cdd0054160564882a6f8ec03fd565d18e81a6fa6890875ba3cba97
Instruction ID: f937c070c0362abbacc0fa3fa963ae3f90246a905a1f225fe8380093d1be6bd8
Opcode Fuzzy Hash: 19b52e27b1cdd0054160564882a6f8ec03fd565d18e81a6fa6890875ba3cba97
Instruction Fuzzy Hash: F0517622A0DB8682EA60DF12E4E43ED63A0FF85794F4841B5DA8DA37A5DF7CE145C740

Function 00007FF6543A04A0 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 126memoryCOMMON

Download Yara Rule

APIs

HeapFree.KERNEL32 ref: 00007FF6543A0689
HeapFree.KERNEL32 ref: 00007FF6543A06CB

Strings

assertion failed: prev.is_running(), xrefs: 00007FF6543A058F
assertion failed: !prev.is_complete(), xrefs: 00007FF6543A05A7

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: FreeHeap
String ID: assertion failed: !prev.is_complete()$assertion failed: prev.is_running()
API String ID: 3298025750-900065180
Opcode ID: 623402402ab5c315f847e893afa5efeb5537a4d70d1a8f956519890eb864c6bd
Instruction ID: b2792f4f2075c646b011fc9ade1239b9b6834d0c0b03d3d3605f3795bccee7ff
Opcode Fuzzy Hash: 623402402ab5c315f847e893afa5efeb5537a4d70d1a8f956519890eb864c6bd
Instruction Fuzzy Hash: 42518022A0DB4281EA60DF12E4E43AE63A0FF89794F4841B5DA8DA37A5DF3CE145C740

Function 00007FF65439FDB0 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 126memoryCOMMON

Download Yara Rule

APIs

HeapFree.KERNEL32 ref: 00007FF65439FF99
HeapFree.KERNEL32 ref: 00007FF65439FFDB

Strings

assertion failed: prev.is_running(), xrefs: 00007FF65439FE9F
assertion failed: !prev.is_complete(), xrefs: 00007FF65439FEB7

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: FreeHeap
String ID: assertion failed: !prev.is_complete()$assertion failed: prev.is_running()
API String ID: 3298025750-900065180
Opcode ID: 30cc9eef521f05e8dfe9a0a3a2fcb64f78dba973d7452a78084f09098fdacd31
Instruction ID: 474c7bca64c189ad60421f64e1d2c5ac69ae76c7ae9cbc472ce957c6dbdc7f43
Opcode Fuzzy Hash: 30cc9eef521f05e8dfe9a0a3a2fcb64f78dba973d7452a78084f09098fdacd31
Instruction Fuzzy Hash: F9517522A0DB8281EB60DF12F4E43AA63A0FF85794F484175DA8DA37A9DF7CE145C740

Function 00007FF6543A0000 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 126memoryCOMMON

Download Yara Rule

APIs

HeapFree.KERNEL32 ref: 00007FF6543A01E9
HeapFree.KERNEL32 ref: 00007FF6543A022B

Strings

assertion failed: prev.is_running(), xrefs: 00007FF6543A00EF
assertion failed: !prev.is_complete(), xrefs: 00007FF6543A0107

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: FreeHeap
String ID: assertion failed: !prev.is_complete()$assertion failed: prev.is_running()
API String ID: 3298025750-900065180
Opcode ID: 6503c8d54dc6c6cb1f8990d35dc7d6414935bab3ff354f7d55c741cc4c0dd12c
Instruction ID: 585e3c98f36f6c88216f48d7369c9d358c27de4511e7fd571ba9036766b4f27d
Opcode Fuzzy Hash: 6503c8d54dc6c6cb1f8990d35dc7d6414935bab3ff354f7d55c741cc4c0dd12c
Instruction Fuzzy Hash: 13516232A4DB4281EA60DF12E4E43AA73A4FF84794F4841B5DA8DA37A5DF7CE149C740

Function 00007FF65441C310 Relevance: 6.1, APIs: 4, Instructions: 125memoryCOMMON

Download Yara Rule

APIs

CloseHandle.KERNEL32 ref: 00007FF65441C31D
HeapFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00007FF65441C537
WakeByAddressSingle.API-MS-WIN-CORE-SYNCH-L1-2-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00007FF65441C56D
HeapFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00007FF65441C5B6

Part of subcall function 00007FF65441C470: HeapFree.KERNEL32(?,?,?,00007FF65439B1AE,?,?,?,?,?,?,?,00007FF65439162E), ref: 00007FF65441C496

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: FreeHeap$AddressCloseHandleSingleWake
String ID:
API String ID: 2385449635-0
Opcode ID: d5dfbf9172ff7f6399792bc2c2a146c19040f9dab90192eaf603705630bbb998
Instruction ID: b459fc2824f8e08fd5787428b22a4765ddd12542e21beb26ec88b67d9836a94e
Opcode Fuzzy Hash: d5dfbf9172ff7f6399792bc2c2a146c19040f9dab90192eaf603705630bbb998
Instruction Fuzzy Hash: 3741C823B4991281EA569B06AC9477D2770EF45BA0F8991B2CE1DA73D4CF38D493C340

Function 00007FF65440C440 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 95COMMON

Download Yara Rule

Strings

%00%01%02%03%04%05%06%07%08%09%0A%0B%0C%0D%0E%0F%10%11%12%13%14%15%16%17%18%19%1A%1B%1C%1D%1E%1F%20%21%22%23%24%25%26%27%28%29%2A%2B%2C%2D%2E%2F%30%31%32%33%34%35%36%37%38%39%3A%3B%3C%3D%3E%3F%40%41%42%43%44%45%46%47%48%49%4A%4B%4C%4D%4E%4F%50%51%52%53%54%55%5, xrefs: 00007FF65440C391, 00007FF65440C543

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: memcpy
String ID: %00%01%02%03%04%05%06%07%08%09%0A%0B%0C%0D%0E%0F%10%11%12%13%14%15%16%17%18%19%1A%1B%1C%1D%1E%1F%20%21%22%23%24%25%26%27%28%29%2A%2B%2C%2D%2E%2F%30%31%32%33%34%35%36%37%38%39%3A%3B%3C%3D%3E%3F%40%41%42%43%44%45%46%47%48%49%4A%4B%4C%4D%4E%4F%50%51%52%53%54%55%5
API String ID: 3510742995-2957816097
Opcode ID: d59a1c47bce980c116953e649934fd8f0e20c9da715aa24557df8be09587b6c1
Instruction ID: 4c35128fb7054a77be9a74ba9dbdf319ae877dd9668c89393455add889c5f190
Opcode Fuzzy Hash: d59a1c47bce980c116953e649934fd8f0e20c9da715aa24557df8be09587b6c1
Instruction Fuzzy Hash: EF31E861B5DA5281EA18DB02A4A457A67F1FF55FC0F4C4474EE4EABB9DDE3CE1108300

Function 00007FF65439DD5E Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 86memoryCOMMON

Download Yara Rule

APIs

HeapFree.KERNEL32 ref: 00007FF65439DE5F
HeapFree.KERNEL32 ref: 00007FF65439DEA1

Strings

assertion failed: curr.is_join_interested(), xrefs: 00007FF65439DE19
assertion failed: prev.ref_count() >= 1, xrefs: 00007FF65439DE31

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: FreeHeap
String ID: assertion failed: curr.is_join_interested()$assertion failed: prev.ref_count() >= 1
API String ID: 3298025750-3253692217
Opcode ID: 4a14f0ea96ecc536990b7f83574289e2b87f19108fc65c21942f7b4280faa385
Instruction ID: cb4bb8f9bb23acb730ae2103c9ce4967ffd89b543c4da72fd1e602596d3b22b5
Opcode Fuzzy Hash: 4a14f0ea96ecc536990b7f83574289e2b87f19108fc65c21942f7b4280faa385
Instruction Fuzzy Hash: 7531B221E0CA4380EA11DF16E8A53FD1350AF86BB4F4C42B5DD2EA77E5DE2C95468340

Function 00007FF65439DEBE Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 86memoryCOMMON

Download Yara Rule

APIs

HeapFree.KERNEL32 ref: 00007FF65439DFBF
HeapFree.KERNEL32 ref: 00007FF65439E001

Strings

assertion failed: curr.is_join_interested(), xrefs: 00007FF65439DF79
assertion failed: prev.ref_count() >= 1, xrefs: 00007FF65439DF91

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: FreeHeap
String ID: assertion failed: curr.is_join_interested()$assertion failed: prev.ref_count() >= 1
API String ID: 3298025750-3253692217
Opcode ID: 009127c43afb1dd8ea712f60a9501b78c38ca39983c640b821d3bc396f71d756
Instruction ID: 68dfea4da3b74801c72c8dacf01b4a68a8c41b9ffffebc10df8d73c9e57db19a
Opcode Fuzzy Hash: 009127c43afb1dd8ea712f60a9501b78c38ca39983c640b821d3bc396f71d756
Instruction Fuzzy Hash: 9D31C511E09A4380EA11DF16E4A23FD1351AF86BB4F4C42B6DE2EE77E1DF2C90468340

Function 00007FF65439E4C3 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 85memoryCOMMON

Download Yara Rule

APIs

HeapFree.KERNEL32 ref: 00007FF65439E8D0

Strings

assertion failed: prev.ref_count() >= 1, xrefs: 00007FF65439E7EF
assertion failed: self.ref_count() > 0, xrefs: 00007FF65439E794
assertion failed: next.is_notified()C:\Users\User\.cargo\registry\src\index.crates.io-6f17d22bba15001f\tokio-1.36.0\src\runtime\task\state.rs, xrefs: 00007FF65439E77C

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: FreeHeap
String ID: assertion failed: next.is_notified()C:\Users\User\.cargo\registry\src\index.crates.io-6f17d22bba15001f\tokio-1.36.0\src\runtime\task\state.rs$assertion failed: prev.ref_count() >= 1$assertion failed: self.ref_count() > 0
API String ID: 3298025750-1647977596
Opcode ID: ea67ef326232b569d59456048409085f227d2517ba4cab4cf793556a21bb894c
Instruction ID: 8e11bd48aa85e46563fb51637aee79c2c4ae3ac3d3efbb3e6e750d0db3750c62
Opcode Fuzzy Hash: ea67ef326232b569d59456048409085f227d2517ba4cab4cf793556a21bb894c
Instruction Fuzzy Hash: F7319021A08A4290FA20DB16D8F13F96360EF88794F584176D95DE27F6EF3DE14AD341

Function 00007FF65439ED7C Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 85memoryCOMMON

Download Yara Rule

APIs

HeapFree.KERNEL32 ref: 00007FF65439F1DB

Strings

assertion failed: prev.ref_count() >= 1, xrefs: 00007FF65439F0E2
assertion failed: self.ref_count() > 0, xrefs: 00007FF65439F087
assertion failed: next.is_notified()C:\Users\User\.cargo\registry\src\index.crates.io-6f17d22bba15001f\tokio-1.36.0\src\runtime\task\state.rs, xrefs: 00007FF65439F06F

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: FreeHeap
String ID: assertion failed: next.is_notified()C:\Users\User\.cargo\registry\src\index.crates.io-6f17d22bba15001f\tokio-1.36.0\src\runtime\task\state.rs$assertion failed: prev.ref_count() >= 1$assertion failed: self.ref_count() > 0
API String ID: 3298025750-1647977596
Opcode ID: 755f61aa39b0a21a10969b33040af8253f716072d238e38458fb13e64dfe2741
Instruction ID: 6697eb4c1d78a94d4c8bb45dd3ccbb3026874f8b0413de9f6e6dda84469af72f
Opcode Fuzzy Hash: 755f61aa39b0a21a10969b33040af8253f716072d238e38458fb13e64dfe2741
Instruction Fuzzy Hash: C9319321A08A4294FA20DB12D4F13F96360EF89794F584176DA5DE27F6EF2DE146D340

Function 00007FF65439E91C Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 83memoryCOMMON

Download Yara Rule

APIs

HeapFree.KERNEL32 ref: 00007FF65439ED3B

Strings

assertion failed: prev.ref_count() >= 1, xrefs: 00007FF65439EC5A
assertion failed: self.ref_count() > 0, xrefs: 00007FF65439EBFF
assertion failed: next.is_notified()C:\Users\User\.cargo\registry\src\index.crates.io-6f17d22bba15001f\tokio-1.36.0\src\runtime\task\state.rs, xrefs: 00007FF65439EBE7

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: FreeHeap
String ID: assertion failed: next.is_notified()C:\Users\User\.cargo\registry\src\index.crates.io-6f17d22bba15001f\tokio-1.36.0\src\runtime\task\state.rs$assertion failed: prev.ref_count() >= 1$assertion failed: self.ref_count() > 0
API String ID: 3298025750-1647977596
Opcode ID: 1adaa37b7fdc2ead5cff95d917b04125f5cf644133f0b3857b831118a717beb9
Instruction ID: b9df74bbfda28c70e9973afc83517a2d237f6f6b1553cdd5e2a0a62bcad39153
Opcode Fuzzy Hash: 1adaa37b7fdc2ead5cff95d917b04125f5cf644133f0b3857b831118a717beb9
Instruction Fuzzy Hash: 29318121A0CA4290FA20DB12E8E13F96360EF89794F584176DA5DA77F6DF3DE14AD340

Function 00007FF65439E01E Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 82memoryCOMMON

Download Yara Rule

APIs

HeapFree.KERNEL32 ref: 00007FF65439E482

Strings

assertion failed: prev.ref_count() >= 1, xrefs: 00007FF65439E389
assertion failed: self.ref_count() > 0, xrefs: 00007FF65439E32E
assertion failed: next.is_notified()C:\Users\User\.cargo\registry\src\index.crates.io-6f17d22bba15001f\tokio-1.36.0\src\runtime\task\state.rs, xrefs: 00007FF65439E316

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: FreeHeap
String ID: assertion failed: next.is_notified()C:\Users\User\.cargo\registry\src\index.crates.io-6f17d22bba15001f\tokio-1.36.0\src\runtime\task\state.rs$assertion failed: prev.ref_count() >= 1$assertion failed: self.ref_count() > 0
API String ID: 3298025750-1647977596
Opcode ID: 97fe16b043d33879e533e4539828374afcf9bed49d2c2b3411a0ff5c69bd3b3e
Instruction ID: a5b08df8a5818e3dddecea7652da89869cf90e9dec4c49d7a0c16d1a97225058
Opcode Fuzzy Hash: 97fe16b043d33879e533e4539828374afcf9bed49d2c2b3411a0ff5c69bd3b3e
Instruction Fuzzy Hash: 1431A525A08A4290FA20DB12E8E13F96360EF89B94F584175DA5DE77F5DF3DE04AD300

Function 00007FF6543A4201 Relevance: 6.1, APIs: 4, Instructions: 69networkCOMMON

Download Yara Rule

APIs

socket.WS2_32 ref: 00007FF6543A4CC6
ioctlsocket.WS2_32 ref: 00007FF6543A4CEF
GetLastError.KERNEL32 ref: 00007FF6543A4CF8
closesocket.WS2_32 ref: 00007FF6543A4D0B

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: ErrorLastclosesocketioctlsocketsocket
String ID:
API String ID: 2271902195-0
Opcode ID: 4f49bb275c728f2888ffdb8b04dec3563471adb6226612edb4e678073411b85a
Instruction ID: f7303fecb2de5ba4cded54e7089f6d494df209ad3d4a1fd2631726eff00df4c0
Opcode Fuzzy Hash: 4f49bb275c728f2888ffdb8b04dec3563471adb6226612edb4e678073411b85a
Instruction Fuzzy Hash: 83315E31508AC286E6359B26E4913EAA3A0FF98744F084275DADEA37E6DF7CE444D700

Function 00007FF6543B6D80 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 69memoryCOMMON

Download Yara Rule

APIs

HeapFree.KERNEL32 ref: 00007FF6543B6DB1
HeapFree.KERNEL32 ref: 00007FF6543B6E65

Strings

called `Result::unwrap()` on an `Err` value, xrefs: 00007FF6543B6E0E, 00007FF6543B6E37
LayoutError, xrefs: 00007FF6543B6E8C

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: FreeHeap
String ID: LayoutError$called `Result::unwrap()` on an `Err` value
API String ID: 3298025750-1963632907
Opcode ID: cd8267aebcc3ee0c93ed57bd8e9c7875fb06b65865a4b064086ed7d32f4dba76
Instruction ID: 8dbc08bd18c054627c9c17a5afc58f833ac82a1ee470a9511410d26bf3f1aa5d
Opcode Fuzzy Hash: cd8267aebcc3ee0c93ed57bd8e9c7875fb06b65865a4b064086ed7d32f4dba76
Instruction Fuzzy Hash: 4231A265E08A5681FA10DB16E8E03F92360EF85B94F4842B6D95DA3BF5DF3CE586C340

Function 00007FF654560750 Relevance: 6.0, APIs: 4, Instructions: 46COMMON

Download Yara Rule

APIs

RtlCaptureContext.KERNEL32 ref: 00007FF6545607CE
RtlUnwindEx.KERNEL32 ref: 00007FF6545607EC
abort.MSVCRT ref: 00007FF6545607F2
abort.MSVCRT ref: 00007FF654560810

Part of subcall function 00007FF654560710: RaiseException.KERNEL32 ref: 00007FF65456073B

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: abort$CaptureContextExceptionRaiseUnwind
String ID:
API String ID: 4122134289-0
Opcode ID: 2bcff824be30459135a71c998de276fed3506b8ea1736bf103fc81263e5dcddb
Instruction ID: 9203bb364998eafd24128c8308fa93830ec8ef45cb43c414443c94a482e70c98
Opcode Fuzzy Hash: 2bcff824be30459135a71c998de276fed3506b8ea1736bf103fc81263e5dcddb
Instruction Fuzzy Hash: 53118E32918A8982EB20DF21D8503A9B3B1FB88BC4F185235EA8D63659CF78D195CB00

Function 00007FF6543DA490 Relevance: 5.7, APIs: 1, Strings: 2, Instructions: 452COMMON

Download Yara Rule

APIs

WakeByAddressSingle.API-MS-WIN-CORE-SYNCH-L1-2-0 ref: 00007FF6543DAA15

Part of subcall function 00007FF6543D6750: memcpy.MSVCRT ref: 00007FF6543D67B5
Part of subcall function 00007FF6543D6750: memcpy.MSVCRT ref: 00007FF6543D67EE
Part of subcall function 00007FF6543D6750: memcpy.MSVCRT ref: 00007FF6543D681E
Part of subcall function 00007FF6543D6750: memcpy.MSVCRT ref: 00007FF6543D687A

Strings

StreamRef::drop; mutex poisoned, xrefs: 00007FF6543DA51E
assertion failed: self.ref_count > 0, xrefs: 00007FF6543DAB6A

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: memcpy$AddressSingleWake
String ID: StreamRef::drop; mutex poisoned$assertion failed: self.ref_count > 0
API String ID: 974827444-2794084937
Opcode ID: 1dd01fffd9e395c80178e4c4c4337f76bd041f4ccd143692ad4efbc9e8c2ce2c
Instruction ID: cf7d110ddb0999fafe696d9c9ff2da842339fb8f3ffe3f6572518aac19e0bc23
Opcode Fuzzy Hash: 1dd01fffd9e395c80178e4c4c4337f76bd041f4ccd143692ad4efbc9e8c2ce2c
Instruction Fuzzy Hash: 8122D432A0978186EB64DF16E1A03AAB3A1FB84794F5C4175DB9E937A4DF3CE445CB00

Function 00007FF654407840 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95memoryCOMMON

Download Yara Rule

APIs

WakeByAddressSingle.API-MS-WIN-CORE-SYNCH-L1-2-0(?,?,?,FFFFFFFF,00000118,?,00007FF654396994), ref: 00007FF6544078EE
HeapFree.KERNEL32(?,?,?,FFFFFFFF,00000118,?,00007FF654396994), ref: 00007FF654407910

Strings

called `Result::unwrap()` on an `Err` value, xrefs: 00007FF654407970

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: AddressFreeHeapSingleWake
String ID: called `Result::unwrap()` on an `Err` value
API String ID: 1757495356-2333694755
Opcode ID: 1c3b814b99c8ec9b34404e54424a3b0498314a488ccc1988cd037b2de6510674
Instruction ID: 2996492af45c2d00de396e176548165358c0a3508fca3fb2bf52939369ca4ad5
Opcode Fuzzy Hash: 1c3b814b99c8ec9b34404e54424a3b0498314a488ccc1988cd037b2de6510674
Instruction Fuzzy Hash: 9131E112E8DA8240FA21DB2594A83BA27D1DF61790F0C00B5CE8CAB7DADE2CE455D341

Function 00007FF6545261F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 81COMMON

Download Yara Rule

APIs

PostQueuedCompletionStatus.KERNEL32(?,?,?,?,?,?,?,?,?,?,00007FF65453086E,?), ref: 00007FF65452620F
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00007FF65453086E,?), ref: 00007FF6545262D3

Strings

failed to wake I/O driver, xrefs: 00007FF6545262F1

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: CompletionErrorLastPostQueuedStatus
String ID: failed to wake I/O driver
API String ID: 1506555858-3515527018
Opcode ID: 72d4ad9103aa9891da85e29c63e4e4707a9a9d1a87b2c0e5e2f7338c0a931059
Instruction ID: 1dfd5bd04168191294b0cb96d02b98e4e6742b9359b780a55da38b94ac966e97
Opcode Fuzzy Hash: 72d4ad9103aa9891da85e29c63e4e4707a9a9d1a87b2c0e5e2f7338c0a931059
Instruction Fuzzy Hash: D0310322A1DA4242FA75DB24E4A03BE6360FF94740F1C40B6DA8EA3795DF2DE486C340

Function 00007FF6543B141B Relevance: 5.2, APIs: 4, Instructions: 182memoryCOMMON

Download Yara Rule

APIs

HeapFree.KERNEL32 ref: 00007FF6543B142B

Part of subcall function 00007FF654398380: HeapFree.KERNEL32 ref: 00007FF6543983DC
Part of subcall function 00007FF654398380: HeapFree.KERNEL32 ref: 00007FF6543983F9
Part of subcall function 00007FF654398380: HeapFree.KERNEL32 ref: 00007FF65439843C
Part of subcall function 00007FF654398380: HeapFree.KERNEL32 ref: 00007FF654398459

Part of subcall function 00007FF654514AF0: WakeByAddressSingle.API-MS-WIN-CORE-SYNCH-L1-2-0 ref: 00007FF654514D97

memcpy.MSVCRT ref: 00007FF6543B15DF
memcpy.MSVCRT ref: 00007FF6543B164D

Part of subcall function 00007FF6543980C0: HeapFree.KERNEL32 ref: 00007FF654398130
Part of subcall function 00007FF6543980C0: HeapFree.KERNEL32 ref: 00007FF65439816C
Part of subcall function 00007FF6543980C0: HeapFree.KERNEL32 ref: 00007FF654398185
Part of subcall function 00007FF6543980C0: HeapFree.KERNEL32 ref: 00007FF6543981BC

HeapFree.KERNEL32 ref: 00007FF6543B189C

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: FreeHeap$memcpy$AddressSingleWake
String ID:
API String ID: 3118255215-0
Opcode ID: 6ba06564b38de43e6d3aa022429341a3acf49774ec2963e1af7061926481f528
Instruction ID: 4fce8981c589ed7aca4fdfbdd2b742a71e33a3611f8b853876e391a0b0caba23
Opcode Fuzzy Hash: 6ba06564b38de43e6d3aa022429341a3acf49774ec2963e1af7061926481f528
Instruction Fuzzy Hash: 43B11532908BC580E7718B19E0453EEB3A8FBD9788F489225DBCC52769EF7AD195C700

Function 00007FF6543EA7A0 Relevance: 5.2, APIs: 4, Instructions: 156memoryCOMMON

Download Yara Rule

APIs

HeapFree.KERNEL32(?,?,?,?,00007FF65439B8E2), ref: 00007FF6543EA7EC
HeapFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF65439B8E2), ref: 00007FF6543EA983

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: 3975d76f91865bea17e0df8e92ca323f0cdb5810fe000e3031d8396124f0d834
Instruction ID: 6133cb9f8e5476eb9dfffa0bb8804810ebbe59083c4214514ad73e0c307d733c
Opcode Fuzzy Hash: 3975d76f91865bea17e0df8e92ca323f0cdb5810fe000e3031d8396124f0d834
Instruction Fuzzy Hash: 2051C212E0A60781F925EB17A4E03B91350AF85BA4F184071CF5EA77E1DE2CE8969300

Function 00007FF6543D3DC0 Relevance: 5.1, APIs: 4, Instructions: 121COMMON

Download Yara Rule

APIs

memcpy.MSVCRT ref: 00007FF6543D3DFB
memcpy.MSVCRT ref: 00007FF6543D3E23
memcpy.MSVCRT ref: 00007FF6543D3E62
memcpy.MSVCRT ref: 00007FF6543D3E73

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: memcpy
String ID:
API String ID: 3510742995-0
Opcode ID: 247397c41a25f20bd3d8646c70bd33473a48846be3217216a068da7615e987ab
Instruction ID: 8ed3c59c35e21e7ec08f2e164fb24a16f244475dbd4162b17885e4cdfa652eb6
Opcode Fuzzy Hash: 247397c41a25f20bd3d8646c70bd33473a48846be3217216a068da7615e987ab
Instruction Fuzzy Hash: 1B419F32B09A4681EF249B16E5A13B963A1FF84BC4F5C4071DA8D97BA6DF3CE9518700

Function 00007FF654392170 Relevance: 5.1, APIs: 4, Instructions: 92memoryCOMMON

Download Yara Rule

APIs

HeapFree.KERNEL32 ref: 00007FF65439218F
HeapFree.KERNEL32 ref: 00007FF6543921CC
HeapFree.KERNEL32 ref: 00007FF6543921E6
HeapFree.KERNEL32 ref: 00007FF654392BE1

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: 60a5a7ad2028c3a26c7edb62847754f5075f987999d7fd9ecb62b4f4ba85be4c
Instruction ID: 689e08efc2bbb71ddf253e71560e2f60f27bca7327e223fc32a7737a52a4e533
Opcode Fuzzy Hash: 60a5a7ad2028c3a26c7edb62847754f5075f987999d7fd9ecb62b4f4ba85be4c
Instruction Fuzzy Hash: 0C31B522E0994281F619CF17A8E07B86390AF84BA4F5C8871CF1DA62E4DE3CE4C6D300

Function 00007FF6543923C0 Relevance: 5.1, APIs: 4, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1f858eef6bf04d5383c7390467b105907ca3b274b0a8b706034c28d8c1df91b1
Instruction ID: b89f91a425ff490334709bb67dfa91613cf2cdc95b0b746abd32249541d84faf
Opcode Fuzzy Hash: 1f858eef6bf04d5383c7390467b105907ca3b274b0a8b706034c28d8c1df91b1
Instruction Fuzzy Hash: BD31BB22A08A8241FA6DDB2394E53FD6791EF85784F5C44B5DB5ED62A1CF2CE4849300

Function 00007FF654398380 Relevance: 5.1, APIs: 4, Instructions: 78memoryCOMMON

Download Yara Rule

APIs

HeapFree.KERNEL32 ref: 00007FF6543983DC
HeapFree.KERNEL32 ref: 00007FF6543983F9
HeapFree.KERNEL32 ref: 00007FF65439843C
HeapFree.KERNEL32 ref: 00007FF654398459

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: 3f00af25bc85356a49a0beef0e0023e0e237a84a0b49d766e7ebb8426d5a49d0
Instruction ID: 9c78d8965b01130a7f0b39352438a97d92a3ca073bf73cc75023e8a1c04c46b1
Opcode Fuzzy Hash: 3f00af25bc85356a49a0beef0e0023e0e237a84a0b49d766e7ebb8426d5a49d0
Instruction Fuzzy Hash: B6318D12E1868281FA68CF17E4E03BD6390EF84B84F5D84B6CA4DE66E0DF7DE4859300

Function 00007FF6544F56B0 Relevance: 5.1, APIs: 4, Instructions: 75COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?,?,?,00007FF654519CCA), ref: 00007FF6544F56C7
TlsGetValue.KERNEL32(?,?,?,?,00007FF654519CCA), ref: 00007FF6544F5707
TlsSetValue.KERNEL32(?,?,?,?,00007FF654519CCA), ref: 00007FF6544F575B
TlsGetValue.KERNEL32(?,?,?,?,00007FF654519CCA), ref: 00007FF6544F578E

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: 2e2fef97ec5104c39ca40f72d377c740b2df2a0a086d12378d862b40a709f0a4
Instruction ID: 9e5ac40bf486dc4f6a996fd742b450b25ec5fa66040515467d0d330754f8f55d
Opcode Fuzzy Hash: 2e2fef97ec5104c39ca40f72d377c740b2df2a0a086d12378d862b40a709f0a4
Instruction Fuzzy Hash: 03312A30F5A68696FE199B14A4F537912D0EF45740FAC44B8C84EE73DADE3CA8858340

Function 00007FF6543B2EE5 Relevance: 5.1, APIs: 4, Instructions: 64memoryCOMMON

Download Yara Rule

APIs

HeapFree.KERNEL32 ref: 00007FF6543B2F04
HeapFree.KERNEL32 ref: 00007FF6543B3FFF
HeapFree.KERNEL32 ref: 00007FF6543B4020
HeapFree.KERNEL32 ref: 00007FF6543B430F

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: aec8ce5ee1b864cb2d81576fe5c194f9655a392e589ab95cb604ae9d9899744a
Instruction ID: 7350c5dfe741641b2309ac4c7b0310add306fcbc3a232c253869ea81cdf5ad36
Opcode Fuzzy Hash: aec8ce5ee1b864cb2d81576fe5c194f9655a392e589ab95cb604ae9d9899744a
Instruction Fuzzy Hash: 5231335190CA8180E731DB13E0A43BE6BA0EB95754F4C00B6D68DA76E6CF7DE584D744

Function 00007FF6543AD0DF Relevance: 5.1, APIs: 4, Instructions: 64memoryCOMMON

Download Yara Rule

APIs

HeapFree.KERNEL32 ref: 00007FF6543B3FA1
HeapFree.KERNEL32 ref: 00007FF6543B3FFF
HeapFree.KERNEL32 ref: 00007FF6543B4020
HeapFree.KERNEL32 ref: 00007FF6543B430F

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: fda18d32bdc5e377bb9fb75dd9590f05885ed76542a3a73f0e0e36476072f1f4
Instruction ID: af70c755169798388e1cf1b4f15fb8de3961e2a7197c3defb930c13931a58a55
Opcode Fuzzy Hash: fda18d32bdc5e377bb9fb75dd9590f05885ed76542a3a73f0e0e36476072f1f4
Instruction Fuzzy Hash: 9F31521190CA8181E731DB27E0A43BA6BA0EB85744F4C00B6DB8EA76F6CF7CE584D740

Function 00007FF6543B36D3 Relevance: 5.1, APIs: 4, Instructions: 63memoryCOMMON

Download Yara Rule

APIs

HeapFree.KERNEL32 ref: 00007FF6543B3FA1
HeapFree.KERNEL32 ref: 00007FF6543B3FFF
HeapFree.KERNEL32 ref: 00007FF6543B4020
HeapFree.KERNEL32 ref: 00007FF6543B430F

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: 7a008573cbd3ecf19ca4b95024c6b506a8feb4b2658713a335764530e22586fa
Instruction ID: dbd0b92847415913ff19ba059be8e94877b3e324f08e6852772e4a58e0e61ab5
Opcode Fuzzy Hash: 7a008573cbd3ecf19ca4b95024c6b506a8feb4b2658713a335764530e22586fa
Instruction Fuzzy Hash: 1531335190CA8181E731D727D0A43BA6BA0EB85754F4C00B5D78DA76F6CF7CE584D744

Function 00007FF6543B334C Relevance: 5.1, APIs: 4, Instructions: 63memoryCOMMON

Download Yara Rule

APIs

HeapFree.KERNEL32 ref: 00007FF6543B3FA1
HeapFree.KERNEL32 ref: 00007FF6543B3FFF
HeapFree.KERNEL32 ref: 00007FF6543B4020
HeapFree.KERNEL32 ref: 00007FF6543B430F

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: c1353c936f25e7a3450bed193d6e898f40d87f8018a65e9169e18de25b61a8e9
Instruction ID: dbd0b92847415913ff19ba059be8e94877b3e324f08e6852772e4a58e0e61ab5
Opcode Fuzzy Hash: c1353c936f25e7a3450bed193d6e898f40d87f8018a65e9169e18de25b61a8e9
Instruction Fuzzy Hash: 1531335190CA8181E731D727D0A43BA6BA0EB85754F4C00B5D78DA76F6CF7CE584D744

Function 00007FF6543971C0 Relevance: 5.1, APIs: 4, Instructions: 55memoryCOMMON

Download Yara Rule

APIs

HeapFree.KERNEL32(?,?,?,?,00007FF654392BC3), ref: 00007FF6543971E9
HeapFree.KERNEL32(?,?,?,?,00007FF654392BC3), ref: 00007FF654397223
HeapFree.KERNEL32(?,?,?,?,00007FF654392BC3), ref: 00007FF654397253
HeapFree.KERNEL32 ref: 00007FF654397272

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: 55df8d90e026f627d5f3ddcca76df377a5ec2047348bcc8ef9deff3542f5e00b
Instruction ID: 75731c5f751633ac181562fe2f82b7dae92c111b8aa9da7465e321bbdeba9ef2
Opcode Fuzzy Hash: 55df8d90e026f627d5f3ddcca76df377a5ec2047348bcc8ef9deff3542f5e00b
Instruction Fuzzy Hash: C621C355E0874682FA2CDB22E4F03F96791AF85B84F1C8476CE5EA66E1CF6DE084D300

Function 00007FF654397057 Relevance: 5.1, APIs: 4, Instructions: 55memoryCOMMON

Download Yara Rule

APIs

HeapFree.KERNEL32 ref: 00007FF65439709A
HeapFree.KERNEL32 ref: 00007FF654397068

Part of subcall function 00007FF654560750: RtlCaptureContext.KERNEL32 ref: 00007FF6545607CE
Part of subcall function 00007FF654560750: RtlUnwindEx.KERNEL32 ref: 00007FF6545607EC
Part of subcall function 00007FF654560750: abort.MSVCRT ref: 00007FF6545607F2
Part of subcall function 00007FF654560750: abort.MSVCRT ref: 00007FF654560810

HeapFree.KERNEL32 ref: 00007FF65439714F
HeapFree.KERNEL32 ref: 00007FF65439718C
HeapFree.KERNEL32 ref: 00007FF6543971A6

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: FreeHeap$abort$CaptureContextUnwind
String ID:
API String ID: 2601978900-0
Opcode ID: c32561437c3a1ee8152d733d49ddd2a03bb942ef72cd4023ba967cbe8c7abc57
Instruction ID: 08128c70fcf41678f673a45aff4a021ba3cb4722ff7d8e493d30bb305b13b06a
Opcode Fuzzy Hash: c32561437c3a1ee8152d733d49ddd2a03bb942ef72cd4023ba967cbe8c7abc57
Instruction Fuzzy Hash: B0216D11A08A4681F624EB13D8E43FD1B91AF89F80F1D44B5CE2EE76E6DF2DE4419340

Function 00007FF65439759F Relevance: 5.1, APIs: 4, Instructions: 51memoryCOMMON

Download Yara Rule

APIs

HeapFree.KERNEL32 ref: 00007FF6543975BF
HeapFree.KERNEL32 ref: 00007FF6543975FC
HeapFree.KERNEL32 ref: 00007FF654397616
HeapFree.KERNEL32 ref: 00007FF654397640

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: e88cf3ae52b11ab5a12f1184fb0363beee6abffbd80dc26d6db5e2177bee3ff9
Instruction ID: 2e1084bd0eb7b133d005426d7ac7893b76202a865e2fbca25e0652dc1f095a37
Opcode Fuzzy Hash: e88cf3ae52b11ab5a12f1184fb0363beee6abffbd80dc26d6db5e2177bee3ff9
Instruction Fuzzy Hash: 1F217C22908A4282F664EB27D4E43BA6790EF84B44F0D447ACB4EA66E0DF7DE085D300

Function 00007FF6543B385C Relevance: 5.0, APIs: 4, Instructions: 47memoryCOMMON

Download Yara Rule

APIs

HeapFree.KERNEL32 ref: 00007FF6543B3DEE
HeapFree.KERNEL32 ref: 00007FF6543B3FFF
HeapFree.KERNEL32 ref: 00007FF6543B4020
HeapFree.KERNEL32 ref: 00007FF6543B430F

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: 62b07dad704196574e9eed14e7c25d34d38e653719c57334b845a6fea6853802
Instruction ID: 9a094185f4e222b1b654f1c962791a4d3df25bdcaf513abdb48c8498ea06ea21
Opcode Fuzzy Hash: 62b07dad704196574e9eed14e7c25d34d38e653719c57334b845a6fea6853802
Instruction Fuzzy Hash: 0521331590CA5181E724DB26D0E43BD67A0FB89B94F0C40B6DA8EA7BA5CF7CE184D744

Function 00007FF6543B384F Relevance: 5.0, APIs: 4, Instructions: 44memoryCOMMON

Download Yara Rule

APIs

HeapFree.KERNEL32 ref: 00007FF6543B3DEE
HeapFree.KERNEL32 ref: 00007FF6543B3FFF
HeapFree.KERNEL32 ref: 00007FF6543B4020
HeapFree.KERNEL32 ref: 00007FF6543B430F

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: 6dd0b0dabbf7f5e32c28944eb291f706c6de950cde95f464c99b891f1199d392
Instruction ID: c599cc8129d5f264d32f52e1bd5d6e9afb57111b376154ae5bec947dc4f442ad
Opcode Fuzzy Hash: 6dd0b0dabbf7f5e32c28944eb291f706c6de950cde95f464c99b891f1199d392
Instruction Fuzzy Hash: C021511590CB4281E724DB26D0E43B967A0FB89B94F0C40B6DA8EA7BA5CF7CE084D344

Function 00007FF6543B2FBC Relevance: 5.0, APIs: 4, Instructions: 44memoryCOMMON

Download Yara Rule

APIs

HeapFree.KERNEL32 ref: 00007FF6543B3DEE
HeapFree.KERNEL32 ref: 00007FF6543B3FFF
HeapFree.KERNEL32 ref: 00007FF6543B4020
HeapFree.KERNEL32 ref: 00007FF6543B430F

Memory Dump Source

Source File: 00000000.00000002.1732124557.00007FF654391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF654390000, based on PE: true

Associated: 00000000.00000002.1732109371.00007FF654390000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732276448.00007FF654585000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF654586000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732294941.00007FF65465E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732387290.00007FF654689000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732400609.00007FF65468E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732425934.00007FF65468F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff654390000_c9toH15OT0.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: b03cd847145791211c481527e7a32ee2cbf64813f2701fc5ff3e8c4b93c52ab6
Instruction ID: 96cff3df7636f4b2ca0cc3f4ed6871ba3c2c775621d8b5be7f596d63ea715190
Opcode Fuzzy Hash: b03cd847145791211c481527e7a32ee2cbf64813f2701fc5ff3e8c4b93c52ab6
Instruction Fuzzy Hash: E921541590CB4181E724DB26D0E43B967A0FB85B94F0C40B6DA8EA77A5CF7CE084D344

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may circumvent mechanisms designed to control elevate privileges to gain higher-level permissions. Most modern systems contain native elevation control mechanisms that are intended to limit privileges that a user can perform on a machine. Authorization has to be granted to specific users in order to perform tasks that can be considered of higher risk. An adversary can perform several methods to take advantage of built-in control mechanisms in order to escalate privileges on a system.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Modification, Windows Registry: Windows Registry Key Modification
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may look for details about the network configuration and settings, such as IP and/or MAC addresses, of systems they access or through information discovery of remote systems. Several operating system administration utilities exist that can be used to gather this information. Examples include Arp , ipconfig / ifconfig , nbtstat , and route .
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an existing, legitimate external Web service as a means for relaying data to/from a compromised system. Popular websites and social media acting as a mechanism for C2 may give a significant amount of cover due to the likelihood that hosts within a network are already communicating with them prior to a compromise. Using common services, such as those offered by Google or Twitter, makes it easier for adversaries to hide in expected noise. Web service providers commonly use SSL/TLS encryption, giving adversaries an added level of protection.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report c9toH15OT0.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Networking

System Summary

Data Obfuscation

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

Statistics

CPU Usage

Memory Usage

High Level Behavior Distribution

back

Behavior

System Behavior

Analysis Process: c9toH15OT0.exePID: 1368, Parent PID: 2580

General

Windows Analysis Report
c9toH15OT0.exe

Function 00007FF6543ACF27 Relevance: 53.1, APIs: 29, Strings: 6, Instructions: 617
memoryCOMMON

Function 00007FF6543B0DD1 Relevance: 33.6, APIs: 18, Strings: 4, Instructions: 623
COMMON

Function 00007FF65451DA00 Relevance: 19.8, APIs: 6, Strings: 5, Instructions: 575
memorythreadCOMMON

Function 00007FF6544F32C0 Relevance: 17.9, APIs: 9, Strings: 1, Instructions: 376
synchronizationCOMMON

Function 00007FF65452B460 Relevance: 12.4, APIs: 8, Instructions: 376
memoryCOMMON

Function 00007FF654391180 Relevance: 12.2, APIs: 8, Instructions: 201
sleepstringCOMMON

Function 00007FF65451A980 Relevance: 12.1, APIs: 8, Instructions: 108
networkCOMMON

Function 00007FF654406970 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 181
COMMON

Function 00007FF6543ACE05 Relevance: 44.0, APIs: 22, Strings: 7, Instructions: 462
memoryCOMMON

Function 00007FF6543AF4FF Relevance: 31.9, APIs: 18, Strings: 3, Instructions: 372
memoryCOMMON

Function 00007FF6543AF896 Relevance: 27.3, APIs: 15, Strings: 3, Instructions: 311
memoryCOMMON

Function 00007FF6543ACF77 Relevance: 24.3, APIs: 14, Strings: 2, Instructions: 298
memoryCOMMON

Function 00007FF6543ACFCD Relevance: 22.8, APIs: 13, Strings: 2, Instructions: 302
memoryCOMMON

Function 00007FF654515610 Relevance: 9.3, APIs: 6, Instructions: 324
networkmemoryCOMMON

Function 00007FF654514AF0 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 228
COMMON