Edit tour

Windows Analysis Report
https://cgigroup.blob.core.windows.net/cgi-protective-monitoring-service/tools/get-stinger.html

Overview

General Information

Sample URL:	https://cgigroup.blob.core.windows.net/cgi-protective-monitoring-service/tools/get-stinger.html
Analysis ID:	1432276
Infos:

Detection

Score:	52
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Snort IDS alert for network traffic

Blob-based file download detected

Contains functionality to call native functions

Contains functionality to communicate with device drivers

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Drops PE files

Found potential string decryption / allocating functions

Queries the volume information (name, serial number etc) of a device

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64native

chrome.exe (PID: 3176 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 464953824E644F10FFDC9E093FD18F94)

chrome.exe (PID: 4852 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1688,16494396912243797666,5406229403683992866,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2008 /prefetch:8 MD5: 464953824E644F10FFDC9E093FD18F94)

chrome.exe (PID: 3220 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1688,16494396912243797666,5406229403683992866,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6108 /prefetch:8 MD5: 464953824E644F10FFDC9E093FD18F94)

chrome.exe (PID: 452 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1688,16494396912243797666,5406229403683992866,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3884 /prefetch:8 MD5: 464953824E644F10FFDC9E093FD18F94)

chrome.exe (PID: 608 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1688,16494396912243797666,5406229403683992866,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3784 /prefetch:8 MD5: 464953824E644F10FFDC9E093FD18F94)

chrome.exe (PID: 1712 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1688,16494396912243797666,5406229403683992866,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4080 /prefetch:8 MD5: 464953824E644F10FFDC9E093FD18F94)

chrome.exe (PID: 7044 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://cgigroup.blob.core.windows.net/cgi-protective-monitoring-service/tools/get-stinger.html" MD5: 464953824E644F10FFDC9E093FD18F94)

McAfeeStinger.exe (PID: 5584 cmdline: "C:\Users\user\Downloads\McAfeeStinger.exe" MD5: 288187598BA5069F4211E8253C177011)

McAfeeStinger.exe (PID: 3472 cmdline: "C:\Users\user\Downloads\McAfeeStinger.exe" --update MD5: 288187598BA5069F4211E8253C177011)

cleanup

Snort Signatures

ET TROJAN Windows executable base64 encoded - Source IP: 52.239.247.100 - Destination IP: 192.168.11.20

Timestamp:	04/26/24-19:13:32.153245
SID:	2018856
Source Port:	443
Destination Port:	61410
Protocol:	TCP
Classtype:	A Network Trojan was detected

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Source: C:\Users\user\Downloads\McAfeeStinger.exe	Code function: 11_2_00007FF6ACC36D60 BCryptGenRandom,	11_2_00007FF6ACC36D60
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Code function: 11_2_00007FF6ACBD9DC6 EncryptMessage,	11_2_00007FF6ACBD9DC6
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Code function: 11_2_00007FF6ACBDA278 EncryptMessage,	11_2_00007FF6ACBDA278
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Code function: 11_2_00007FF6ACBDC38E DecryptMessage,	11_2_00007FF6ACBDC38E
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Code function: 11_2_00007FF6ACB8D99A BCryptGenRandom,SystemFunction036,BCryptGenRandom,	11_2_00007FF6ACB8D99A
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Code function: 11_2_00007FF6ACBDB299 FreeContextBuffer,DecryptMessage,	11_2_00007FF6ACBDB299
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Code function: 11_2_00007FF6ACC2F480 BCryptGenRandom,GetCurrentProcessId,BCryptGenRandom,CreateNamedPipeW,GetLastError,BCryptGenRandom,BCryptGenRandom,CloseHandle,	11_2_00007FF6ACC2F480

Source: https://cgigroup.blob.core.windows.net/cgi-protective-monitoring-service/tools/get-stinger.html	HTTP Parser: No favicon
Source: https://cgigroup.blob.core.windows.net/cgi-protective-monitoring-service/tools/get-stinger.html	HTTP Parser: No favicon

Source:	Binary string: d45bc07722646519ed8e2be5e9bd2f9e scmdat.pdb source: avvdat.ini.12.dr
Source:	Binary string: FileName=scmdat.pdb source: avvdat.ini.12.dr

Source: C:\Users\user\Downloads\McAfeeStinger.exe

Code function: 11_2_00007FF6ACC24930 memset,FindFirstFileW,FindClose,FindCloseChangeNotification,

11_2_00007FF6ACC24930

Networking

Snort IDS alert for network traffic

Source: Traffic

Snort IDS: 2018856 ET TROJAN Windows executable base64 encoded 52.239.247.100:443 -> 192.168.11.20:61410

Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.227.46
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.227.46
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.227.46
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.227.46
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.227.46
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.227.46
Source: unknown	UDP traffic detected without corresponding DNS query: 239.255.255.250
Source: unknown	UDP traffic detected without corresponding DNS query: 239.255.255.250
Source: unknown	UDP traffic detected without corresponding DNS query: 239.255.255.250
Source: unknown	UDP traffic detected without corresponding DNS query: 239.255.255.250
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: C:\Users\user\Downloads\McAfeeStinger.exe

Code function: 11_2_00007FF6ACC3A124 recv,WSAGetLastError,

11_2_00007FF6ACC3A124

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: www.mcafee.com
Source: global traffic	DNS traffic detected: DNS query: download.nai.com
Source: global traffic	DNS traffic detected: DNS query: downloadcenter.trellix.com

Source: global traffic	TCP traffic: 192.168.11.20:58553 -> 239.255.255.250:1900
Source: global traffic	TCP traffic: 192.168.11.20:58553 -> 239.255.255.250:1900
Source: global traffic	TCP traffic: 192.168.11.20:58553 -> 239.255.255.250:1900
Source: global traffic	TCP traffic: 192.168.11.20:58553 -> 239.255.255.250:1900

Source: McAfeeStinger.exe, 0000000B.00000003.16251601434.00000297140D8000.00000004.00000020.00020000.00000000.sdmp, McAfeeStinger.exe, 0000000B.00000002.16253412965.00000297140D8000.00000004.00000020.00020000.00000000.sdmp, McAfeeStinger.exe, 0000000C.00000002.16336001123.0000017CF0154000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: McAfeeStinger.exe, 0000000B.00000003.16251601434.00000297140D8000.00000004.00000020.00020000.00000000.sdmp, McAfeeStinger.exe, 0000000B.00000002.16253412965.00000297140D8000.00000004.00000020.00020000.00000000.sdmp, McAfeeStinger.exe, 0000000C.00000002.16336001123.0000017CF0154000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: McAfeeStinger.exe, 0000000B.00000003.16251601434.00000297140D8000.00000004.00000020.00020000.00000000.sdmp, McAfeeStinger.exe, 0000000B.00000002.16253412965.00000297140D8000.00000004.00000020.00020000.00000000.sdmp, McAfeeStinger.exe, 0000000B.00000002.16253412965.000002971406D000.00000004.00000020.00020000.00000000.sdmp, McAfeeStinger.exe, 0000000C.00000002.16336001123.0000017CF00FB000.00000004.00000020.00020000.00000000.sdmp, McAfeeStinger.exe, 0000000C.00000002.16336001123.0000017CF0154000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.quovadis.bm0
Source: McAfeeStinger.exe, 0000000B.00000000.16243909873.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmp, McAfeeStinger.exe, 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmp, McAfeeStinger.exe, 0000000C.00000002.16346981265.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmp, McAfeeStinger.exe, 0000000C.00000000.16252299512.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmp, bedb9404-1434-4489-b3f3-9a06b7c9028e.tmp.0.dr	String found in binary or memory: https://docs.rs/getrandom#nodejs-es-module-supportC:
Source: bedb9404-1434-4489-b3f3-9a06b7c9028e.tmp.0.dr	String found in binary or memory: https://download.nai.com/products/commonupdater/avvdat.ini
Source: bedb9404-1434-4489-b3f3-9a06b7c9028e.tmp.0.dr	String found in binary or memory: https://downloadcenter.trellix.com/products/mcafee-avert/Stinger/stinger64.exe
Source: McAfeeStinger.exe, 0000000C.00000002.16336001123.0000017CF00E6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://downloadcenter.trellix.com/products/mcafee-avert/Stinger/stinger64.exei
Source: McAfeeStinger.exe, 0000000B.00000003.16251601434.00000297140D8000.00000004.00000020.00020000.00000000.sdmp, McAfeeStinger.exe, 0000000B.00000002.16253412965.00000297140D8000.00000004.00000020.00020000.00000000.sdmp, McAfeeStinger.exe, 0000000B.00000002.16253412965.000002971406D000.00000004.00000020.00020000.00000000.sdmp, McAfeeStinger.exe, 0000000C.00000002.16336001123.0000017CF00FB000.00000004.00000020.00020000.00000000.sdmp, McAfeeStinger.exe, 0000000C.00000002.16336001123.0000017CF0154000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ocsp.quovadisoffshore.com0
Source: McAfeeStinger.exe, 0000000B.00000003.16251429129.0000029714117000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pam.mcafee.com
Source: McAfeeStinger.exe, 0000000B.00000002.16253412965.000002971409C000.00000004.00000020.00020000.00000000.sdmp, McAfeeStinger.exe, 0000000B.00000002.16253412965.00000297140C4000.00000004.00000020.00020000.00000000.sdmp, McAfeeStinger.exe, 0000000B.00000003.16251601434.00000297140C4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mcafee.com/favicon.ico
Source: McAfeeStinger.exe, 0000000B.00000002.16253412965.000002971409C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mcafee.com/favicon.ico3
Source: McAfeeStinger.exe, 0000000B.00000002.16253412965.000002971409C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mcafee.com/favicon.ico32
Source: McAfeeStinger.exe, 0000000B.00000002.16253412965.000002971409C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mcafee.com/favicon.icoB_;
Source: bedb9404-1434-4489-b3f3-9a06b7c9028e.tmp.0.dr	String found in binary or memory: https://www.mcafee.com/favicon.icositexml

Source: unknown	Network traffic detected: HTTP traffic on port 55989 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61204 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55989
Source: unknown	Network traffic detected: HTTP traffic on port 58042 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61204
Source: unknown	Network traffic detected: HTTP traffic on port 56351 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58042
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56351

System Summary

Blob-based file download detected

Source: C:\Users\user\Downloads\McAfeeStinger.exe

File download: blob:https://cgigroup.blob.core.windows.net/f15c1ee9-9ccd-46e1-a333-e8a31d16a077

Source: C:\Users\user\Downloads\McAfeeStinger.exe	Code function: 11_2_00007FF6ACBBEB35 NtDeviceIoControlFile,RtlNtStatusToDosError,	11_2_00007FF6ACBBEB35
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Code function: 11_2_00007FF6ACC1BEF0 NtWriteFile,WaitForSingleObject,RtlNtStatusToDosError,	11_2_00007FF6ACC1BEF0
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Code function: 11_2_00007FF6ACBBF264 NtCreateFile,RtlNtStatusToDosError,CreateIoCompletionPort,SetFileCompletionNotificationModes,GetLastError,CloseHandle,	11_2_00007FF6ACBBF264
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Code function: 11_2_00007FF6ACBBE77D NtCancelIoFileEx,RtlNtStatusToDosError,	11_2_00007FF6ACBBE77D
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Code function: 11_2_00007FF6ACC22390 NtReadFile,WaitForSingleObject,RtlNtStatusToDosError,	11_2_00007FF6ACC22390

Source: C:\Users\user\Downloads\McAfeeStinger.exe

Code function: 11_2_00007FF6ACBBEB35: NtDeviceIoControlFile,RtlNtStatusToDosError,

11_2_00007FF6ACBBEB35

Source: C:\Users\user\Downloads\McAfeeStinger.exe	Code function: 11_2_00007FF6ACC3EDD4	11_2_00007FF6ACC3EDD4
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Code function: 11_2_00007FF6ACBB2AA0	11_2_00007FF6ACBB2AA0
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Code function: 11_2_00007FF6ACBBAC44	11_2_00007FF6ACBBAC44
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Code function: 11_2_00007FF6ACC3E5F6	11_2_00007FF6ACC3E5F6
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Code function: 11_2_00007FF6ACBE22D1	11_2_00007FF6ACBE22D1
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Code function: 11_2_00007FF6ACBDE39B	11_2_00007FF6ACBDE39B
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Code function: 11_2_00007FF6ACC3A374	11_2_00007FF6ACC3A374
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Code function: 11_2_00007FF6ACBD24D8	11_2_00007FF6ACBD24D8
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Code function: 11_2_00007FF6ACC37DA9	11_2_00007FF6ACC37DA9
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Code function: 11_2_00007FF6ACBA80DB	11_2_00007FF6ACBA80DB
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Code function: 11_2_00007FF6ACC27B20	11_2_00007FF6ACC27B20
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Code function: 11_2_00007FF6ACC0BA80	11_2_00007FF6ACC0BA80
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Code function: 11_2_00007FF6ACBB1AAA	11_2_00007FF6ACBB1AAA
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Code function: 11_2_00007FF6ACBEDBBE	11_2_00007FF6ACBEDBBE
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Code function: 11_2_00007FF6ACC198DB	11_2_00007FF6ACC198DB
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Code function: 11_2_00007FF6ACC078B1	11_2_00007FF6ACC078B1
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Code function: 11_2_00007FF6ACBC550A	11_2_00007FF6ACBC550A
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Code function: 11_2_00007FF6ACC14E30	11_2_00007FF6ACC14E30
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Code function: 11_2_00007FF6ACC04DA0	11_2_00007FF6ACC04DA0
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Code function: 11_2_00007FF6ACC18DB1	11_2_00007FF6ACC18DB1
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Code function: 11_2_00007FF6ACC42F20	11_2_00007FF6ACC42F20
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Code function: 11_2_00007FF6ACC21000	11_2_00007FF6ACC21000
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Code function: 11_2_00007FF6ACBE8FB9	11_2_00007FF6ACBE8FB9
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Code function: 11_2_00007FF6ACC47054	11_2_00007FF6ACC47054
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Code function: 11_2_00007FF6ACC1EA00	11_2_00007FF6ACC1EA00
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Code function: 11_2_00007FF6ACB82B10	11_2_00007FF6ACB82B10
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Code function: 11_2_00007FF6ACC4AA73	11_2_00007FF6ACC4AA73
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Code function: 11_2_00007FF6ACC12D10	11_2_00007FF6ACC12D10
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Code function: 11_2_00007FF6ACC18CB9	11_2_00007FF6ACC18CB9
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Code function: 11_2_00007FF6ACC32C50	11_2_00007FF6ACC32C50
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Code function: 11_2_00007FF6ACB88630	11_2_00007FF6ACB88630
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Code function: 11_2_00007FF6ACC4A5E0	11_2_00007FF6ACC4A5E0
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Code function: 11_2_00007FF6ACC4C655	11_2_00007FF6ACC4C655
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Code function: 11_2_00007FF6ACBB0666	11_2_00007FF6ACBB0666
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Code function: 11_2_00007FF6ACBF0761	11_2_00007FF6ACBF0761
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Code function: 11_2_00007FF6ACBA6230	11_2_00007FF6ACBA6230
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Code function: 11_2_00007FF6ACC2E310	11_2_00007FF6ACC2E310
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Code function: 11_2_00007FF6ACC4C2EC	11_2_00007FF6ACC4C2EC
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Code function: 11_2_00007FF6ACC2E3E0	11_2_00007FF6ACC2E3E0
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Code function: 11_2_00007FF6ACC224A0	11_2_00007FF6ACC224A0
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Code function: 11_2_00007FF6ACBB3E26	11_2_00007FF6ACBB3E26
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Code function: 11_2_00007FF6ACB99D82	11_2_00007FF6ACB99D82
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Code function: 11_2_00007FF6ACC41D94	11_2_00007FF6ACC41D94
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Code function: 11_2_00007FF6ACBAFD37	11_2_00007FF6ACBAFD37
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Code function: 11_2_00007FF6ACB87D50	11_2_00007FF6ACB87D50
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Code function: 11_2_00007FF6ACBB7EBB	11_2_00007FF6ACBB7EBB
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Code function: 11_2_00007FF6ACBFFFDB	11_2_00007FF6ACBFFFDB
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Code function: 11_2_00007FF6ACC4BF83	11_2_00007FF6ACC4BF83
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Code function: 11_2_00007FF6ACC1E0C0	11_2_00007FF6ACC1E0C0
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Code function: 11_2_00007FF6ACB859A0	11_2_00007FF6ACB859A0
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Code function: 11_2_00007FF6ACC299A3	11_2_00007FF6ACC299A3
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Code function: 11_2_00007FF6ACC43B1E	11_2_00007FF6ACC43B1E
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Code function: 11_2_00007FF6ACC3DB1E	11_2_00007FF6ACC3DB1E
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Code function: 11_2_00007FF6ACC4BC1A	11_2_00007FF6ACC4BC1A
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Code function: 11_2_00007FF6ACC13BC0	11_2_00007FF6ACC13BC0
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Code function: 11_2_00007FF6ACBC1BB5	11_2_00007FF6ACBC1BB5
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Code function: 11_2_00007FF6ACB8BC80	11_2_00007FF6ACB8BC80
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Code function: 11_2_00007FF6ACC4DC83	11_2_00007FF6ACC4DC83
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Code function: 11_2_00007FF6ACBC3622	11_2_00007FF6ACBC3622
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Code function: 11_2_00007FF6ACB836F0	11_2_00007FF6ACB836F0
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Code function: 11_2_00007FF6ACBC17DB	11_2_00007FF6ACBC17DB
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Code function: 11_2_00007FF6ACB83748	11_2_00007FF6ACB83748
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Code function: 11_2_00007FF6ACB81755	11_2_00007FF6ACB81755
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Code function: 11_2_00007FF6ACB9574A	11_2_00007FF6ACB9574A
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Code function: 11_2_00007FF6ACC4D860	11_2_00007FF6ACC4D860
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Code function: 11_2_00007FF6ACC11200	11_2_00007FF6ACC11200
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Code function: 11_2_00007FF6ACC0D2D7	11_2_00007FF6ACC0D2D7
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Code function: 11_2_00007FF6ACBA13F7	11_2_00007FF6ACBA13F7
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Code function: 11_2_00007FF6ACB8B3D0	11_2_00007FF6ACB8B3D0
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Code function: 11_2_00007FF6ACBD73D7	11_2_00007FF6ACBD73D7
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Code function: 11_2_00007FF6ACBA93F3	11_2_00007FF6ACBA93F3
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Code function: 11_2_00007FF6ACC2F480	11_2_00007FF6ACC2F480

Source: C:\Users\user\Downloads\McAfeeStinger.exe	Code function: String function: 00007FF6ACC4A3A0 appears 50 times
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Code function: String function: 00007FF6ACC3B83A appears 36 times
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Code function: String function: 00007FF6ACC4A0C0 appears 188 times
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Code function: String function: 00007FF6ACC48A80 appears 48 times

Source: bedb9404-1434-4489-b3f3-9a06b7c9028e.tmp.0.dr	Binary string: \Device\Afd\Mio
Source: bedb9404-1434-4489-b3f3-9a06b7c9028e.tmp.0.dr	Binary string: Failed to open \Device\Afd\Mio: x

Source: classification engine

Classification label: mal52.win@37/7@6/3

Source: C:\Users\user\Downloads\McAfeeStinger.exe

Code function: 11_2_00007FF6ACBB1AAA LoadImageW,GetLastError,FormatMessageW,LoadImageW,GetModuleHandleW,CreateWindowExW,memset,memset,memcpy,memcpy,memcpy,Shell_NotifyIconW,memcpy,EnumChildWindows,EnumChildWindows,SetWindowSubclass,RtlAddVectoredExceptionHandler,SetThreadStackGuarantee,GetLastError,

11_2_00007FF6ACBB1AAA

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\Downloads\bedb9404-1434-4489-b3f3-9a06b7c9028e.tmp

Jump to behavior

Source: C:\Users\user\Downloads\McAfeeStinger.exe

File created: C:\Users\user\AppData\Local\Temp\nwg5202.tmp

Jump to behavior

Source: C:\Users\user\Downloads\McAfeeStinger.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1688,16494396912243797666,5406229403683992866,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2008 /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://cgigroup.blob.core.windows.net/cgi-protective-monitoring-service/tools/get-stinger.html"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1688,16494396912243797666,5406229403683992866,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6108 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1688,16494396912243797666,5406229403683992866,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3884 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1688,16494396912243797666,5406229403683992866,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3784 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1688,16494396912243797666,5406229403683992866,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4080 /prefetch:8
Source: unknown	Process created: C:\Users\user\Downloads\McAfeeStinger.exe "C:\Users\user\Downloads\McAfeeStinger.exe"
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Process created: C:\Users\user\Downloads\McAfeeStinger.exe "C:\Users\user\Downloads\McAfeeStinger.exe" --update
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1688,16494396912243797666,5406229403683992866,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2008 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1688,16494396912243797666,5406229403683992866,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6108 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1688,16494396912243797666,5406229403683992866,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3884 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1688,16494396912243797666,5406229403683992866,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3784 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1688,16494396912243797666,5406229403683992866,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4080 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Process created: C:\Users\user\Downloads\McAfeeStinger.exe "C:\Users\user\Downloads\McAfeeStinger.exe" --update	Jump to behavior

Source: C:\Users\user\Downloads\McAfeeStinger.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Section loaded: edgegdi.dll	Jump to behavior
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Section loaded: msftedit.dll	Jump to behavior
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Section loaded: cryptnet.dll	Jump to behavior
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Section loaded: edgegdi.dll	Jump to behavior
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Section loaded: msftedit.dll	Jump to behavior
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Section loaded: cryptnet.dll	Jump to behavior

Source: C:\Users\user\Downloads\McAfeeStinger.exe

File written: C:\Users\user\AppData\Local\mcafee-stinger\avvdat.ini

Jump to behavior

Source: C:\Users\user\Downloads\McAfeeStinger.exe

File opened: C:\Windows\SYSTEM32\Msftedit.dll

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source:	Binary string: d45bc07722646519ed8e2be5e9bd2f9e scmdat.pdb source: avvdat.ini.12.dr
Source:	Binary string: FileName=scmdat.pdb source: avvdat.ini.12.dr

Source: C:\Users\user\Downloads\McAfeeStinger.exe	Code function: 11_2_00007FF6ACC19332 push 380F0003h; retf	11_2_00007FF6ACC19337
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Code function: 11_2_00007FF6ACC192BC push 380F0003h; retf	11_2_00007FF6ACC192C1
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Code function: 11_2_00007FF6ACC19245 push 380F0003h; retf	11_2_00007FF6ACC1924B

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\Downloads\bedb9404-1434-4489-b3f3-9a06b7c9028e.tmp	Jump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\Downloads\Unconfirmed 115533.crdownload (copy)	Jump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\Downloads\McAfeeStinger.exe (copy)	Jump to dropped file

Source: C:\Users\user\Downloads\McAfeeStinger.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior

Source: C:\Users\user\Downloads\McAfeeStinger.exe

Code function: 11_2_00007FF6ACC24930 memset,FindFirstFileW,FindClose,FindCloseChangeNotification,

11_2_00007FF6ACC24930

Source: C:\Users\user\Downloads\McAfeeStinger.exe

Code function: 11_2_00007FF6ACBB2AA0 GetSystemInfo,memcpy,memcpy,memcpy,memcpy,memcpy,memcpy,memcpy,memcpy,memcpy,

11_2_00007FF6ACBB2AA0

Source: McAfeeStinger.exe, 0000000B.00000002.16253412965.000002971409C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll@@"CP
Source: McAfeeStinger.exe, 0000000C.00000002.16336001123.0000017CF011B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll0

Source: C:\Users\user\Downloads\McAfeeStinger.exe

Code function: 11_2_00007FF6ACC489F0 HeapAlloc,GetProcessHeap,RtlAllocateHeap,

11_2_00007FF6ACC489F0

Source: C:\Users\user\Downloads\McAfeeStinger.exe

11_2_00007FF6ACBB1AAA

Source: C:\Users\user\Downloads\McAfeeStinger.exe

Memory allocated: page read and write | page guard

Jump to behavior

Source: C:\Users\user\Downloads\McAfeeStinger.exe

Process created: C:\Users\user\Downloads\McAfeeStinger.exe "C:\Users\user\Downloads\McAfeeStinger.exe" --update

Jump to behavior

Source: C:\Users\user\Downloads\McAfeeStinger.exe	Queries volume information: C:\ProgramData VolumeInformation	Jump to behavior
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Queries volume information: C:\ProgramData\mcafee.ico VolumeInformation	Jump to behavior
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Queries volume information: C:\Users\user\AppData\Local\mcafee-stinger VolumeInformation	Jump to behavior

Source: C:\Users\user\Downloads\McAfeeStinger.exe

Code function: 11_2_00007FF6ACC2F480 BCryptGenRandom,GetCurrentProcessId,BCryptGenRandom,CreateNamedPipeW,GetLastError,BCryptGenRandom,BCryptGenRandom,CloseHandle,

11_2_00007FF6ACC2F480

Source: C:\Users\user\Downloads\McAfeeStinger.exe

Code function: 11_2_00007FF6ACC4942C GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

11_2_00007FF6ACC4942C

Source: C:\Users\user\Downloads\McAfeeStinger.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: C:\Users\user\Downloads\McAfeeStinger.exe	Code function: 11_2_00007FF6ACC19E56 bind,		11_2_00007FF6ACC19E56
Source: C:\Users\user\Downloads\McAfeeStinger.exe	Code function: 11_2_00007FF6ACC198DB WSASocketW,WSAGetLastError,WSASocketW,SetHandleInformation,GetLastError,bind,WSAGetLastError,closesocket,WSAGetLastError,closesocket,		11_2_00007FF6ACC198DB

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 DLL Side-Loading	12 Process Injection	1 Masquerading	OS Credential Dumping	1 System Time Discovery	Remote Services	1 Archive Collected Data	22 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 DLL Side-Loading	1 Disable or Modify Tools	LSASS Memory	11 Security Software Discovery	Remote Desktop Protocol	Data from Removable Media	1 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	12 Process Injection	Security Account Manager	1 Network Service Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 Deobfuscate/Decode Files or Information	NTDS	2 File and Directory Discovery	Distributed Component Object Model	Input Capture	2 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	2 Obfuscated Files or Information	LSA Secrets	14 System Information Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 DLL Side-Loading	Cached Domain Credentials	Wi-Fi Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://cgigroup.blob.core.windows.net/cgi-protective-monitoring-service/tools/get-stinger.html	0%	Avira URL Cloud	safe
https://cgigroup.blob.core.windows.net/cgi-protective-monitoring-service/tools/get-stinger.html	0%	Virustotal		Browse

Source	Detection	Scanner	Label	Link
downloadcenter.trellix.com	0%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label	Link
http://www.quovadis.bm0	0%	Avira URL Cloud	safe
https://ocsp.quovadisoffshore.com0	0%	Avira URL Cloud	safe
https://downloadcenter.trellix.com/products/mcafee-avert/Stinger/stinger64.exe	0%	Avira URL Cloud	safe
https://downloadcenter.trellix.com/products/mcafee-avert/Stinger/stinger64.exei	0%	Avira URL Cloud	safe
https://downloadcenter.trellix.com/products/mcafee-avert/Stinger/stinger64.exe	0%	Virustotal		Browse

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
www.google.com	172.253.122.106	true	false		high
www.mcafee.com	unknown	unknown	false		high
downloadcenter.trellix.com	unknown	unknown	false	0%, Virustotal, Browse	unknown
download.nai.com	unknown	unknown	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://downloadcenter.trellix.com/products/mcafee-avert/Stinger/stinger64.exe	bedb9404-1434-4489-b3f3-9a06b7c9028e.tmp.0.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://www.mcafee.com/favicon.ico32	McAfeeStinger.exe, 0000000B.00000002.16253412965.000002971409C000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.mcafee.com/favicon.icoB_;	McAfeeStinger.exe, 0000000B.00000002.16253412965.000002971409C000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.quovadis.bm0	McAfeeStinger.exe, 0000000B.00000003.16251601434.00000297140D8000.00000004.00000020.00020000.00000000.sdmp, McAfeeStinger.exe, 0000000B.00000002.16253412965.00000297140D8000.00000004.00000020.00020000.00000000.sdmp, McAfeeStinger.exe, 0000000B.00000002.16253412965.000002971406D000.00000004.00000020.00020000.00000000.sdmp, McAfeeStinger.exe, 0000000C.00000002.16336001123.0000017CF00FB000.00000004.00000020.00020000.00000000.sdmp, McAfeeStinger.exe, 0000000C.00000002.16336001123.0000017CF0154000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://docs.rs/getrandom#nodejs-es-module-supportC:	McAfeeStinger.exe, 0000000B.00000000.16243909873.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmp, McAfeeStinger.exe, 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmp, McAfeeStinger.exe, 0000000C.00000002.16346981265.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmp, McAfeeStinger.exe, 0000000C.00000000.16252299512.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmp, bedb9404-1434-4489-b3f3-9a06b7c9028e.tmp.0.dr	false		high
https://pam.mcafee.com	McAfeeStinger.exe, 0000000B.00000003.16251429129.0000029714117000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.mcafee.com/favicon.icositexml	bedb9404-1434-4489-b3f3-9a06b7c9028e.tmp.0.dr	false		high
https://ocsp.quovadisoffshore.com0	McAfeeStinger.exe, 0000000B.00000003.16251601434.00000297140D8000.00000004.00000020.00020000.00000000.sdmp, McAfeeStinger.exe, 0000000B.00000002.16253412965.00000297140D8000.00000004.00000020.00020000.00000000.sdmp, McAfeeStinger.exe, 0000000B.00000002.16253412965.000002971406D000.00000004.00000020.00020000.00000000.sdmp, McAfeeStinger.exe, 0000000C.00000002.16336001123.0000017CF00FB000.00000004.00000020.00020000.00000000.sdmp, McAfeeStinger.exe, 0000000C.00000002.16336001123.0000017CF0154000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.mcafee.com/favicon.ico	McAfeeStinger.exe, 0000000B.00000002.16253412965.000002971409C000.00000004.00000020.00020000.00000000.sdmp, McAfeeStinger.exe, 0000000B.00000002.16253412965.00000297140C4000.00000004.00000020.00020000.00000000.sdmp, McAfeeStinger.exe, 0000000B.00000003.16251601434.00000297140C4000.00000004.00000020.00020000.00000000.sdmp	false		high
https://downloadcenter.trellix.com/products/mcafee-avert/Stinger/stinger64.exei	McAfeeStinger.exe, 0000000C.00000002.16336001123.0000017CF00E6000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.mcafee.com/favicon.ico3	McAfeeStinger.exe, 0000000B.00000002.16253412965.000002971409C000.00000004.00000020.00020000.00000000.sdmp	false		high
https://download.nai.com/products/commonupdater/avvdat.ini	bedb9404-1434-4489-b3f3-9a06b7c9028e.tmp.0.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
172.253.122.106	www.google.com	United States		15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved		unknown	unknown	false

Private

IP
192.168.11.20

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1432276
Start date and time:	2024-04-26 19:11:02 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 7m 23s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://cgigroup.blob.core.windows.net/cgi-protective-monitoring-service/tools/get-stinger.html
Analysis system description:	Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
Number of analysed new started processes analysed:	14
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal52.win@37/7@6/3
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 94% Number of executed functions: 104 Number of non-executed functions: 63

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, audiodg.exe, CompPkgSrv.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 172.253.115.94, 172.253.122.84, 142.251.163.102, 142.251.163.113, 142.251.163.139, 142.251.163.100, 142.251.163.101, 142.251.163.138, 34.104.35.123, 52.239.247.100, 142.251.111.94, 172.253.122.94, 23.50.77.182, 184.87.58.98, 23.48.203.202, 23.48.203.210
Excluded domains from analysis (whitelisted): www.mcafee.com.edgekey.net, accounts.google.com, e19211.a.akamaiedge.net, clientservices.googleapis.com, cgigroup.blob.core.windows.net, e2388.dscd.akamaiedge.net, e72061.dscd.akamaiedge.net, download.nai.com.edgekey.net, clients2.google.com, edgedl.me.gvt1.com, update.googleapis.com, downloadcenter.trellix.com.edgekey.net, clients.l.google.com, www.gstatic.com, blob.mnz20prdstr05a.store.core.windows.net
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing disassembly code.
Report size getting too big, too many NtQueryValueKey calls found.

Process:	C:\Users\user\Downloads\McAfeeStinger.exe
File Type:	MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel
Category:	dropped
Size (bytes):	15086
Entropy (8bit):	2.6096148425883
Encrypted:	false
SSDEEP:	384:j20aGRBXXnHnnnnnnnnHE0qXHkXXG6UGe:Ha+BXXnHnnnnnnnnHE0qXHkXXG6je
MD5:	EBB7784F41E283B042AF365DC54E9A0D
SHA1:	099BD47831572B8C90CACF67E20940B72C8F4FD4
SHA-256:	D38DB89D5E998B9F21899A985F3B1366A3610DC13213A93CF4E96620BBC64B0E
SHA-512:	522A147B1F67F8EB54D824573D1003FEC7A32E630E39FDAFACEED50FF64C3BFC8F6C54F43FF4CE9C68CF58AD45D3F74542E1BF65386F7D0875F71EBA9EB6978F
Malicious:	false
Reputation:	low
Preview:	......00.... ..%..6... .... ......%........ .h....6..(...0...`..... ......$.............................................................................................................c...........c...........................................................................................................................................................................e...........................e.......................................................................................................................................................!...v...........................................v..."...................................................................................................................................,...................................................................,...................................................................................................................8..................................................................................

C:\Users\user\AppData\Local\Temp\nwg5202.tmp

Download File

Process:	C:\Users\user\Downloads\McAfeeStinger.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	484
Entropy (8bit):	4.971142487590111
Encrypted:	false
SSDEEP:	12:ZFMHdtFwAaAlFoQ53SNK+bJmgVNsJ0Ctt/6:udtFwUgoiNK+bIgMywt/6
MD5:	90FEB8EDF41C48A02D0320766AFE6A4B
SHA1:	2D1616FA27FB8B48521F7F362509B97741E2439A
SHA-256:	70C7A70EEDD5B93E686AA0BC81BBA03D2E35228FF05BCDB3CC1EB3756E569B5C
SHA-512:	F8553076CB490454A2E04E8AA467840B8AC345FA1D594144DBB005C4891EE555E6AE425600E97E493890621DDBE569701D2BF16C89DF4D3564AC02BC3609C06B
Malicious:	false
Reputation:	low
Preview:	.<?xml version="1.0" encoding="UTF-8" standalone="yes"?> .<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">. <description>native-windows-gui comctl32 manifest</description> . <dependency>. <dependentAssembly>. <assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="" publicKeyToken="6595b64144ccf1df" language="" /> . </dependentAssembly>. </dependency>.</assembly>.

C:\Users\user\AppData\Local\Temp\nwg553E.tmp

Download File

Process:	C:\Users\user\Downloads\McAfeeStinger.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	484
Entropy (8bit):	4.971142487590111
Encrypted:	false
SSDEEP:	12:ZFMHdtFwAaAlFoQ53SNK+bJmgVNsJ0Ctt/6:udtFwUgoiNK+bIgMywt/6
MD5:	90FEB8EDF41C48A02D0320766AFE6A4B
SHA1:	2D1616FA27FB8B48521F7F362509B97741E2439A
SHA-256:	70C7A70EEDD5B93E686AA0BC81BBA03D2E35228FF05BCDB3CC1EB3756E569B5C
SHA-512:	F8553076CB490454A2E04E8AA467840B8AC345FA1D594144DBB005C4891EE555E6AE425600E97E493890621DDBE569701D2BF16C89DF4D3564AC02BC3609C06B
Malicious:	false
Reputation:	low
Preview:	.<?xml version="1.0" encoding="UTF-8" standalone="yes"?> .<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">. <description>native-windows-gui comctl32 manifest</description> . <dependency>. <dependentAssembly>. <assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="" publicKeyToken="6595b64144ccf1df" language="" /> . </dependentAssembly>. </dependency>.</assembly>.

C:\Users\user\AppData\Local\mcafee-stinger\avvdat.ini

Download File

Process:	C:\Users\user\Downloads\McAfeeStinger.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	3894
Entropy (8bit):	5.145549365556472
Encrypted:	false
SSDEEP:	96:OOAVq7VdFNAxS91S0UZMSUzZVwJ3mcT9Xb:aERmm1FQczZSYuNb
MD5:	AAB02FE1701F2564CE0C6E833F8CCD7F
SHA1:	3C715A61241567AD852095CA391AB44190E0CCAC
SHA-256:	A5FFCB077CD35B78C8695A98A6F7362B0D5587E76CDC836A9828A3A9813DD3E5
SHA-512:	E8ADB4968E8048BD4DC96F3C744A7186F11E99250DD1EFB93501B6D3D7FB044CAD8AF5D6E6F962BAF384C9D2CEF827DA5D3D51176AC10D535B231E82B8E3CBB3
Malicious:	false
Reputation:	low
Preview:	[AVV-ZIP]..DATVersion=11056..FileName=avvdat-11056.zip..FilePath=/current/VSCANDAT1000/DAT/0000/..FileSize=199900767..MD5=f2a7b6c7447aecf1510e46df4ce6a7f6....[AVV-MD5]..31c3000f404355106d5edc4ea109f063 avvclean.dat..2dc5e262ca5367d67bfdad79ac3bfdab avvnames.dat..e92c4cdc628ed5797d8e62c21e00a88f avvscan.dat......[AVV-TAR]..DATVersion=11056..FileName=avvdat-11056.tar..FilePath=/products/datfiles/4.x/..FileSize=199833600..MD5=ecf36499a07392401fed008003a40754....[SCM-PDB]..DATVersion=11056..FileName=scmdat.pdb..FilePath=/current/VSCANDAT1000/DAT/0000/..FileSize=467704..MD5=d45bc07722646519ed8e2be5e9bd2f9e....[SCM-MD5]..d45bc07722646519ed8e2be5e9bd2f9e scmdat.pdb....[AVV-Incremental]..DATVersion=11056..FileName=gdeltaavv.ini..FileSize=2333..MD5=8d0063b9e4ca937b851a9e50034cbbe6....[ENGINE-LV2]..EngineVersion=6700..FileName=avengine.zip..FilePath=/current/LV2SNENG1000/Engine/0000/..FileSize=3844076..MD5=367a2faced26d646e4e0c840b2b2bafd....[LV2-MD5]..ae30f5e7b0e19f6d5ce7decdc001dd1b config.da

C:\Users\user\Downloads\McAfeeStinger.exe (copy)

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	1406464
Entropy (8bit):	6.04270904996347
Encrypted:	false
SSDEEP:	24576:F3gVPDISuVwVlWo9R6msK1snHwK8A7USlQn6524O5hG:F3MPMSuVwVwIUdrQKb7USgGu
MD5:	288187598BA5069F4211E8253C177011
SHA1:	727638AC8B242C79501BCA1DCD88BC4B3DF0B544
SHA-256:	352E0DD5F80E03C0C5641F8E06C7D90611F74D420B0C4B9B2E289B363D176874
SHA-512:	B4EFD6E6E11929ABEF05178A78641F7969E95380F6E39C02E0274344BF3A0EDB1FB12DC87769BC7000AA026CDC2B0699818F0C483514BC45758799BE7C1A8772
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......N..0...c...c...c...c...cX..b...cX..b...cX..b...cX..b...c...b...c...c...c...c...c..c...c..b...cRich...c........PE..d.....)f..........".................8..........@..........................................`.................................................d...h...............Hx...................f.......................h..(....f..8............................................text...w........................... ..`.rdata..x...........................@..@.data...X...........................@....pdata..Hx.......z..................@..@.rsrc................L..............@..@.reloc...............Z..............@..B................................................................................................................................................................................................................................................................

C:\Users\user\Downloads\Unconfirmed 115533.crdownload (copy)

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	1406464
Entropy (8bit):	6.04270904996347
Encrypted:	false
SSDEEP:	24576:F3gVPDISuVwVlWo9R6msK1snHwK8A7USlQn6524O5hG:F3MPMSuVwVwIUdrQKb7USgGu
MD5:	288187598BA5069F4211E8253C177011
SHA1:	727638AC8B242C79501BCA1DCD88BC4B3DF0B544
SHA-256:	352E0DD5F80E03C0C5641F8E06C7D90611F74D420B0C4B9B2E289B363D176874
SHA-512:	B4EFD6E6E11929ABEF05178A78641F7969E95380F6E39C02E0274344BF3A0EDB1FB12DC87769BC7000AA026CDC2B0699818F0C483514BC45758799BE7C1A8772
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......N..0...c...c...c...c...cX..b...cX..b...cX..b...cX..b...c...b...c...c...c...c...c..c...c..b...cRich...c........PE..d.....)f..........".................8..........@..........................................`.................................................d...h...............Hx...................f.......................h..(....f..8............................................text...w........................... ..`.rdata..x...........................@..@.data...X...........................@....pdata..Hx.......z..................@..@.rsrc................L..............@..@.reloc...............Z..............@..B................................................................................................................................................................................................................................................................

C:\Users\user\Downloads\bedb9404-1434-4489-b3f3-9a06b7c9028e.tmp

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	1406464
Entropy (8bit):	6.04270904996347
Encrypted:	false
SSDEEP:	24576:F3gVPDISuVwVlWo9R6msK1snHwK8A7USlQn6524O5hG:F3MPMSuVwVwIUdrQKb7USgGu
MD5:	288187598BA5069F4211E8253C177011
SHA1:	727638AC8B242C79501BCA1DCD88BC4B3DF0B544
SHA-256:	352E0DD5F80E03C0C5641F8E06C7D90611F74D420B0C4B9B2E289B363D176874
SHA-512:	B4EFD6E6E11929ABEF05178A78641F7969E95380F6E39C02E0274344BF3A0EDB1FB12DC87769BC7000AA026CDC2B0699818F0C483514BC45758799BE7C1A8772
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......N..0...c...c...c...c...cX..b...cX..b...cX..b...cX..b...c...b...c...c...c...c...c..c...c..b...cRich...c........PE..d.....)f..........".................8..........@..........................................`.................................................d...h...............Hx...................f.......................h..(....f..8............................................text...w........................... ..`.rdata..x...........................@..@.data...X...........................@....pdata..Hx.......z..................@..@.rsrc................L..............@..@.reloc...............Z..............@..B................................................................................................................................................................................................................................................................

Static File Info

⊘No static file info

File Icon


Icon Hash:	b29a8a8e86868381

Network Behavior

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source Port	Dest Port	Source IP	Dest IP
04/26/24-19:13:32.153245	TCP	2018856	ET TROJAN Windows executable base64 encoded	443	61410	52.239.247.100	192.168.11.20

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 26, 2024 19:12:56.319217920 CEST	49677	80	192.168.11.20	23.221.227.46
Apr 26, 2024 19:12:56.319219112 CEST	49676	80	192.168.11.20	23.221.227.46
Apr 26, 2024 19:12:56.319219112 CEST	49675	80	192.168.11.20	23.221.227.46
Apr 26, 2024 19:13:05.924432993 CEST	49675	80	192.168.11.20	23.221.227.46
Apr 26, 2024 19:13:05.924432993 CEST	49677	80	192.168.11.20	23.221.227.46
Apr 26, 2024 19:13:05.924449921 CEST	49676	80	192.168.11.20	23.221.227.46
Apr 26, 2024 19:13:09.425679922 CEST	55989	443	192.168.11.20	172.253.122.106
Apr 26, 2024 19:13:09.425736904 CEST	443	55989	172.253.122.106	192.168.11.20
Apr 26, 2024 19:13:09.425841093 CEST	56351	443	192.168.11.20	172.253.122.106
Apr 26, 2024 19:13:09.425889015 CEST	443	56351	172.253.122.106	192.168.11.20
Apr 26, 2024 19:13:09.425911903 CEST	55989	443	192.168.11.20	172.253.122.106
Apr 26, 2024 19:13:09.426039934 CEST	56351	443	192.168.11.20	172.253.122.106
Apr 26, 2024 19:13:09.426094055 CEST	55989	443	192.168.11.20	172.253.122.106
Apr 26, 2024 19:13:09.426120043 CEST	443	55989	172.253.122.106	192.168.11.20
Apr 26, 2024 19:13:09.426136017 CEST	56351	443	192.168.11.20	172.253.122.106
Apr 26, 2024 19:13:09.426151037 CEST	443	56351	172.253.122.106	192.168.11.20
Apr 26, 2024 19:13:09.720840931 CEST	443	56351	172.253.122.106	192.168.11.20
Apr 26, 2024 19:13:09.721194983 CEST	56351	443	192.168.11.20	172.253.122.106
Apr 26, 2024 19:13:09.721251965 CEST	443	56351	172.253.122.106	192.168.11.20
Apr 26, 2024 19:13:09.724348068 CEST	443	56351	172.253.122.106	192.168.11.20
Apr 26, 2024 19:13:09.724627018 CEST	56351	443	192.168.11.20	172.253.122.106
Apr 26, 2024 19:13:09.725682020 CEST	56351	443	192.168.11.20	172.253.122.106
Apr 26, 2024 19:13:09.725925922 CEST	443	56351	172.253.122.106	192.168.11.20
Apr 26, 2024 19:13:09.729640961 CEST	443	55989	172.253.122.106	192.168.11.20
Apr 26, 2024 19:13:09.729990005 CEST	55989	443	192.168.11.20	172.253.122.106
Apr 26, 2024 19:13:09.730015993 CEST	443	55989	172.253.122.106	192.168.11.20
Apr 26, 2024 19:13:09.732497931 CEST	443	55989	172.253.122.106	192.168.11.20
Apr 26, 2024 19:13:09.732721090 CEST	55989	443	192.168.11.20	172.253.122.106
Apr 26, 2024 19:13:09.733699083 CEST	55989	443	192.168.11.20	172.253.122.106
Apr 26, 2024 19:13:09.734034061 CEST	443	55989	172.253.122.106	192.168.11.20
Apr 26, 2024 19:13:09.776866913 CEST	55989	443	192.168.11.20	172.253.122.106
Apr 26, 2024 19:13:09.776866913 CEST	56351	443	192.168.11.20	172.253.122.106
Apr 26, 2024 19:13:09.776895046 CEST	443	55989	172.253.122.106	192.168.11.20
Apr 26, 2024 19:13:09.776906967 CEST	443	56351	172.253.122.106	192.168.11.20
Apr 26, 2024 19:13:09.823765993 CEST	55989	443	192.168.11.20	172.253.122.106
Apr 26, 2024 19:13:09.823766947 CEST	56351	443	192.168.11.20	172.253.122.106
Apr 26, 2024 19:13:19.696911097 CEST	443	56351	172.253.122.106	192.168.11.20
Apr 26, 2024 19:13:19.697017908 CEST	443	56351	172.253.122.106	192.168.11.20
Apr 26, 2024 19:13:19.697192907 CEST	56351	443	192.168.11.20	172.253.122.106
Apr 26, 2024 19:13:19.723443985 CEST	443	55989	172.253.122.106	192.168.11.20
Apr 26, 2024 19:13:19.723506927 CEST	443	55989	172.253.122.106	192.168.11.20
Apr 26, 2024 19:13:19.723661900 CEST	55989	443	192.168.11.20	172.253.122.106
Apr 26, 2024 19:13:20.856833935 CEST	55989	443	192.168.11.20	172.253.122.106
Apr 26, 2024 19:13:20.856833935 CEST	56351	443	192.168.11.20	172.253.122.106
Apr 26, 2024 19:13:20.856853008 CEST	443	55989	172.253.122.106	192.168.11.20
Apr 26, 2024 19:13:20.856857061 CEST	443	56351	172.253.122.106	192.168.11.20
Apr 26, 2024 19:14:09.380182981 CEST	58042	443	192.168.11.20	172.253.122.106
Apr 26, 2024 19:14:09.380203009 CEST	443	58042	172.253.122.106	192.168.11.20
Apr 26, 2024 19:14:09.380376101 CEST	61204	443	192.168.11.20	172.253.122.106
Apr 26, 2024 19:14:09.380376101 CEST	58042	443	192.168.11.20	172.253.122.106
Apr 26, 2024 19:14:09.380383968 CEST	443	61204	172.253.122.106	192.168.11.20
Apr 26, 2024 19:14:09.380572081 CEST	61204	443	192.168.11.20	172.253.122.106
Apr 26, 2024 19:14:09.380670071 CEST	58042	443	192.168.11.20	172.253.122.106
Apr 26, 2024 19:14:09.380676985 CEST	443	58042	172.253.122.106	192.168.11.20
Apr 26, 2024 19:14:09.380723000 CEST	61204	443	192.168.11.20	172.253.122.106
Apr 26, 2024 19:14:09.380726099 CEST	443	61204	172.253.122.106	192.168.11.20
Apr 26, 2024 19:14:09.648981094 CEST	443	61204	172.253.122.106	192.168.11.20
Apr 26, 2024 19:14:09.649332047 CEST	61204	443	192.168.11.20	172.253.122.106
Apr 26, 2024 19:14:09.649341106 CEST	443	61204	172.253.122.106	192.168.11.20
Apr 26, 2024 19:14:09.649709940 CEST	443	61204	172.253.122.106	192.168.11.20
Apr 26, 2024 19:14:09.650103092 CEST	61204	443	192.168.11.20	172.253.122.106
Apr 26, 2024 19:14:09.650206089 CEST	443	61204	172.253.122.106	192.168.11.20
Apr 26, 2024 19:14:09.665780067 CEST	443	58042	172.253.122.106	192.168.11.20
Apr 26, 2024 19:14:09.666129112 CEST	58042	443	192.168.11.20	172.253.122.106
Apr 26, 2024 19:14:09.666136980 CEST	443	58042	172.253.122.106	192.168.11.20
Apr 26, 2024 19:14:09.666547060 CEST	443	58042	172.253.122.106	192.168.11.20
Apr 26, 2024 19:14:09.666939020 CEST	58042	443	192.168.11.20	172.253.122.106
Apr 26, 2024 19:14:09.667037964 CEST	443	58042	172.253.122.106	192.168.11.20
Apr 26, 2024 19:14:09.691811085 CEST	61204	443	192.168.11.20	172.253.122.106
Apr 26, 2024 19:14:09.707437992 CEST	58042	443	192.168.11.20	172.253.122.106
Apr 26, 2024 19:14:19.651562929 CEST	443	61204	172.253.122.106	192.168.11.20
Apr 26, 2024 19:14:19.651648045 CEST	443	61204	172.253.122.106	192.168.11.20
Apr 26, 2024 19:14:19.651781082 CEST	61204	443	192.168.11.20	172.253.122.106
Apr 26, 2024 19:14:19.694477081 CEST	443	58042	172.253.122.106	192.168.11.20
Apr 26, 2024 19:14:19.694533110 CEST	443	58042	172.253.122.106	192.168.11.20
Apr 26, 2024 19:14:19.694668055 CEST	58042	443	192.168.11.20	172.253.122.106
Apr 26, 2024 19:14:22.156572104 CEST	58042	443	192.168.11.20	172.253.122.106
Apr 26, 2024 19:14:22.156586885 CEST	443	58042	172.253.122.106	192.168.11.20
Apr 26, 2024 19:14:22.156621933 CEST	61204	443	192.168.11.20	172.253.122.106
Apr 26, 2024 19:14:22.156630039 CEST	443	61204	172.253.122.106	192.168.11.20

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 26, 2024 19:13:04.758086920 CEST	58553	1900	192.168.11.20	239.255.255.250
Apr 26, 2024 19:13:05.769562960 CEST	58553	1900	192.168.11.20	239.255.255.250
Apr 26, 2024 19:13:06.769603014 CEST	58553	1900	192.168.11.20	239.255.255.250
Apr 26, 2024 19:13:07.779503107 CEST	58553	1900	192.168.11.20	239.255.255.250
Apr 26, 2024 19:13:09.324703932 CEST	49588	53	192.168.11.20	1.1.1.1
Apr 26, 2024 19:13:09.424624920 CEST	53	49588	1.1.1.1	192.168.11.20
Apr 26, 2024 19:13:31.341454029 CEST	53277	53	192.168.11.20	1.1.1.1
Apr 26, 2024 19:13:31.441395044 CEST	53	53277	1.1.1.1	192.168.11.20
Apr 26, 2024 19:13:47.198474884 CEST	63207	53	192.168.11.20	1.1.1.1
Apr 26, 2024 19:13:47.298721075 CEST	53	63207	1.1.1.1	192.168.11.20
Apr 26, 2024 19:14:23.698230982 CEST	62282	53	192.168.11.20	1.1.1.1
Apr 26, 2024 19:14:24.528075933 CEST	56066	53	192.168.11.20	1.1.1.1
Apr 26, 2024 19:14:24.755023956 CEST	138	138	192.168.11.20	192.168.11.255
Apr 26, 2024 19:14:25.964354992 CEST	59315	53	192.168.11.20	1.1.1.1

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Apr 26, 2024 19:13:09.324703932 CEST	192.168.11.20	1.1.1.1	0x9e28	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Apr 26, 2024 19:13:31.341454029 CEST	192.168.11.20	1.1.1.1	0xcff	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Apr 26, 2024 19:13:47.198474884 CEST	192.168.11.20	1.1.1.1	0xdf9a	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Apr 26, 2024 19:14:23.698230982 CEST	192.168.11.20	1.1.1.1	0x852e	Standard query (0)	www.mcafee.com	A (IP address)	IN (0x0001)	false
Apr 26, 2024 19:14:24.528075933 CEST	192.168.11.20	1.1.1.1	0x378b	Standard query (0)	download.nai.com	A (IP address)	IN (0x0001)	false
Apr 26, 2024 19:14:25.964354992 CEST	192.168.11.20	1.1.1.1	0x1419	Standard query (0)	downloadcenter.trellix.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Apr 26, 2024 19:13:09.424624920 CEST	1.1.1.1	192.168.11.20	0x9e28	No error (0)	www.google.com		172.253.122.106	A (IP address)	IN (0x0001)	false
Apr 26, 2024 19:13:09.424624920 CEST	1.1.1.1	192.168.11.20	0x9e28	No error (0)	www.google.com		172.253.122.103	A (IP address)	IN (0x0001)	false
Apr 26, 2024 19:13:09.424624920 CEST	1.1.1.1	192.168.11.20	0x9e28	No error (0)	www.google.com		172.253.122.104	A (IP address)	IN (0x0001)	false
Apr 26, 2024 19:13:09.424624920 CEST	1.1.1.1	192.168.11.20	0x9e28	No error (0)	www.google.com		172.253.122.105	A (IP address)	IN (0x0001)	false
Apr 26, 2024 19:13:09.424624920 CEST	1.1.1.1	192.168.11.20	0x9e28	No error (0)	www.google.com		172.253.122.147	A (IP address)	IN (0x0001)	false
Apr 26, 2024 19:13:09.424624920 CEST	1.1.1.1	192.168.11.20	0x9e28	No error (0)	www.google.com		172.253.122.99	A (IP address)	IN (0x0001)	false
Apr 26, 2024 19:13:31.441395044 CEST	1.1.1.1	192.168.11.20	0xcff	No error (0)	www.google.com		142.251.111.105	A (IP address)	IN (0x0001)	false
Apr 26, 2024 19:13:31.441395044 CEST	1.1.1.1	192.168.11.20	0xcff	No error (0)	www.google.com		142.251.111.147	A (IP address)	IN (0x0001)	false
Apr 26, 2024 19:13:31.441395044 CEST	1.1.1.1	192.168.11.20	0xcff	No error (0)	www.google.com		142.251.111.106	A (IP address)	IN (0x0001)	false
Apr 26, 2024 19:13:31.441395044 CEST	1.1.1.1	192.168.11.20	0xcff	No error (0)	www.google.com		142.251.111.99	A (IP address)	IN (0x0001)	false
Apr 26, 2024 19:13:31.441395044 CEST	1.1.1.1	192.168.11.20	0xcff	No error (0)	www.google.com		142.251.111.103	A (IP address)	IN (0x0001)	false
Apr 26, 2024 19:13:31.441395044 CEST	1.1.1.1	192.168.11.20	0xcff	No error (0)	www.google.com		142.251.111.104	A (IP address)	IN (0x0001)	false
Apr 26, 2024 19:13:47.298721075 CEST	1.1.1.1	192.168.11.20	0xdf9a	No error (0)	www.google.com		172.253.115.103	A (IP address)	IN (0x0001)	false
Apr 26, 2024 19:13:47.298721075 CEST	1.1.1.1	192.168.11.20	0xdf9a	No error (0)	www.google.com		172.253.115.147	A (IP address)	IN (0x0001)	false
Apr 26, 2024 19:13:47.298721075 CEST	1.1.1.1	192.168.11.20	0xdf9a	No error (0)	www.google.com		172.253.115.104	A (IP address)	IN (0x0001)	false
Apr 26, 2024 19:13:47.298721075 CEST	1.1.1.1	192.168.11.20	0xdf9a	No error (0)	www.google.com		172.253.115.106	A (IP address)	IN (0x0001)	false
Apr 26, 2024 19:13:47.298721075 CEST	1.1.1.1	192.168.11.20	0xdf9a	No error (0)	www.google.com		172.253.115.105	A (IP address)	IN (0x0001)	false
Apr 26, 2024 19:13:47.298721075 CEST	1.1.1.1	192.168.11.20	0xdf9a	No error (0)	www.google.com		172.253.115.99	A (IP address)	IN (0x0001)	false
Apr 26, 2024 19:14:23.801891088 CEST	1.1.1.1	192.168.11.20	0x852e	No error (0)	www.mcafee.com	www-mcafeee-r53.awsconsumer.mcafee.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 26, 2024 19:14:23.801891088 CEST	1.1.1.1	192.168.11.20	0x852e	No error (0)	www-mcafeee-r53.awsconsumer.mcafee.com	www.mcafee.com.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 26, 2024 19:14:24.644062996 CEST	1.1.1.1	192.168.11.20	0x378b	No error (0)	download.nai.com	download.nai.com.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 26, 2024 19:14:26.082303047 CEST	1.1.1.1	192.168.11.20	0x1419	No error (0)	downloadcenter.trellix.com	downloadcenter.trellix.com.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false

Target ID:	0
Start time:	19:13:02
Start date:	26/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff6b8080000
File size:	2'509'656 bytes
MD5 hash:	464953824E644F10FFDC9E093FD18F94
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	1
Start time:	19:13:03
Start date:	26/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1688,16494396912243797666,5406229403683992866,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2008 /prefetch:8
Imagebase:	0x7ff6b8080000
File size:	2'509'656 bytes
MD5 hash:	464953824E644F10FFDC9E093FD18F94
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	3
Start time:	19:13:05
Start date:	26/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://cgigroup.blob.core.windows.net/cgi-protective-monitoring-service/tools/get-stinger.html"
Imagebase:	0x7ff6b8080000
File size:	2'509'656 bytes
MD5 hash:	464953824E644F10FFDC9E093FD18F94
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	5
Start time:	19:13:32
Start date:	26/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1688,16494396912243797666,5406229403683992866,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6108 /prefetch:8
Imagebase:	0x7ff6b8080000
File size:	2'509'656 bytes
MD5 hash:	464953824E644F10FFDC9E093FD18F94
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	19:13:32
Start date:	26/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1688,16494396912243797666,5406229403683992866,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3884 /prefetch:8
Imagebase:	0x7ff6b8080000
File size:	2'509'656 bytes
MD5 hash:	464953824E644F10FFDC9E093FD18F94
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	19:13:37
Start date:	26/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1688,16494396912243797666,5406229403683992866,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3784 /prefetch:8
Imagebase:	0x7ff6b8080000
File size:	2'509'656 bytes
MD5 hash:	464953824E644F10FFDC9E093FD18F94
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	9
Start time:	19:13:37
Start date:	26/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1688,16494396912243797666,5406229403683992866,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4080 /prefetch:8
Imagebase:	0x7ff6b8080000
File size:	2'509'656 bytes
MD5 hash:	464953824E644F10FFDC9E093FD18F94
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	11
Start time:	19:14:22
Start date:	26/04/2024
Path:	C:\Users\user\Downloads\McAfeeStinger.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Downloads\McAfeeStinger.exe"
Imagebase:	0x7ff6acb80000
File size:	1'406'464 bytes
MD5 hash:	288187598BA5069F4211E8253C177011
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	12
Start time:	19:14:23
Start date:	26/04/2024
Path:	C:\Users\user\Downloads\McAfeeStinger.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Downloads\McAfeeStinger.exe" --update
Imagebase:	0x7ff6acb80000
File size:	1'406'464 bytes
MD5 hash:	288187598BA5069F4211E8253C177011
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Execution Graph

Execution Coverage:	5.9%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	17.7%
Total number of Nodes:	2000
Total number of Limit Nodes:	189

Executed Functions

Function 00007FF6ACBDE39B Relevance: 120.9, APIs: 70, Strings: 9, Instructions: 2363COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140 ref: 00007FF6ACBDE429
memcpy.VCRUNTIME140 ref: 00007FF6ACBDE442
memcpy.VCRUNTIME140 ref: 00007FF6ACBDE589
memcpy.VCRUNTIME140 ref: 00007FF6ACBDE5B6
memcpy.VCRUNTIME140 ref: 00007FF6ACBDE5CE
memcpy.VCRUNTIME140 ref: 00007FF6ACBDE60D
memcpy.VCRUNTIME140 ref: 00007FF6ACBDE833
memcpy.VCRUNTIME140 ref: 00007FF6ACBDE8E4
memcpy.VCRUNTIME140 ref: 00007FF6ACBDE928

Strings

Flatten polled after completionC:\Users\rt-dev\.cargo\registry\src\index.crates.io-6f17d22bba15001f\futures-util-0.3.30\src\future\future\flatten.rs, xrefs: 00007FF6ACBE127B
uri host is valid header value, xrefs: 00007FF6ACBE135B
httphttpswswssftpfileC:\Users\rt-dev\.cargo\registry\src\index.crates.io-6f17d22bba15001f\url-2.5.0\src\parser.rs, xrefs: 00007FF6ACBDFA73
domain is valid Uri, xrefs: 00007FF6ACBE130A
authority implies host, xrefs: 00007FF6ACBE1337
`async fn` resumed after completion, xrefs: 00007FF6ACBDE512
Map must not be polled after it returned `Poll::Ready`, xrefs: 00007FF6ACBE1263
internal error: entered unreachable codeC:\Users\rt-dev\.cargo\registry\src\index.crates.io-6f17d22bba15001f\tokio-1.37.0\src\sync\notify.rs, xrefs: 00007FF6ACBE12A4, 00007FF6ACBE1324, 00007FF6ACBE13C8
size overflows MAX_SIZE, xrefs: 00007FF6ACBE1384

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: memcpy
String ID: Flatten polled after completionC:\Users\rt-dev\.cargo\registry\src\index.crates.io-6f17d22bba15001f\futures-util-0.3.30\src\future\future\flatten.rs$Map must not be polled after it returned `Poll::Ready`$`async fn` resumed after completion$authority implies host$domain is valid Uri$httphttpswswssftpfileC:\Users\rt-dev\.cargo\registry\src\index.crates.io-6f17d22bba15001f\url-2.5.0\src\parser.rs$internal error: entered unreachable codeC:\Users\rt-dev\.cargo\registry\src\index.crates.io-6f17d22bba15001f\tokio-1.37.0\src\sync\notify.rs$size overflows MAX_SIZE$uri host is valid header value
API String ID: 3510742995-3696672329
Opcode ID: b5c8e7de0e529c65a65050f406985e22fb92483df1ea008c1a0036ab425cbf60
Instruction ID: 160abeb3e3aba4251a9c9e4f4a38ad2e4a833a88ad047f2c4788a15ae5e840c4
Opcode Fuzzy Hash: b5c8e7de0e529c65a65050f406985e22fb92483df1ea008c1a0036ab425cbf60
Instruction Fuzzy Hash: 1643B062A0EAD281EB61DB11E4043EE63A4FB96B88F844035DF8D87796DF3DE185C740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACC27B20 Relevance: 72.4, APIs: 33, Strings: 7, Instructions: 2393COMMON

Download Yara Rule

APIs

GetEnvironmentStringsW.KERNEL32 ref: 00007FF6ACC27BA8
memcpy.VCRUNTIME140 ref: 00007FF6ACC28B15
AcquireSRWLockExclusive.KERNEL32 ref: 00007FF6ACC2A28D
CloseHandle.KERNEL32 ref: 00007FF6ACC2A455
CloseHandle.KERNEL32 ref: 00007FF6ACC2A46C
CloseHandle.KERNEL32 ref: 00007FF6ACC2A483
ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF6ACC2A4B2

Strings

called `Option::unwrap()` on a `None` value, xrefs: 00007FF6ACC2ADAE, 00007FF6ACC2AED6
\?\\, xrefs: 00007FF6ACC28826
]?\\, xrefs: 00007FF6ACC2882E
PATHRUST_MIN_STACKlibrary\std\src\sys_common\thread_info.rs, xrefs: 00007FF6ACC29408
.exeprogram not found, xrefs: 00007FF6ACC28B7F
assertion failed: self.height > 0, xrefs: 00007FF6ACC2AF9E
internal error: entered unreachable codeC:\Users\rt-dev\.cargo\registry\src\index.crates.io-6f17d22bba15001f\tokio-1.37.0\src\sync\notify.rs, xrefs: 00007FF6ACC2AFD6, 00007FF6ACC2AFF3

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: CloseHandle$ExclusiveLock$AcquireEnvironmentReleaseStringsmemcpy
String ID: .exeprogram not found$PATHRUST_MIN_STACKlibrary\std\src\sys_common\thread_info.rs$\?\\$]?\\$assertion failed: self.height > 0$called `Option::unwrap()` on a `None` value$internal error: entered unreachable codeC:\Users\rt-dev\.cargo\registry\src\index.crates.io-6f17d22bba15001f\tokio-1.37.0\src\sync\notify.rs
API String ID: 3634038301-790672576
Opcode ID: 4e018a533909c9da72bc33cd9556125480166552817f8bb3ac79e36f085bd439
Instruction ID: 6cb6fd32cb1ac837d5cf02d41f198bec0dffca1ab74ccbea9fa4c49ed6770a03
Opcode Fuzzy Hash: 4e018a533909c9da72bc33cd9556125480166552817f8bb3ac79e36f085bd439
Instruction Fuzzy Hash: E1437E62A0ABD188EB719F25D8543FD23B0FB44B88F446175DA5E9BB89DF78D281C310

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACBB1AAA Relevance: 49.9, APIs: 17, Strings: 11, Instructions: 859windowthreadCOMMON

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 00007FF6ACBB1B3C
LoadImageW.USER32 ref: 00007FF6ACBB1C83
GetModuleHandleW.KERNEL32 ref: 00007FF6ACBB1DA6
CreateWindowExW.USER32 ref: 00007FF6ACBB1DFA
memset.VCRUNTIME140 ref: 00007FF6ACBB1FFA
memset.VCRUNTIME140 ref: 00007FF6ACBB20D5
memcpy.VCRUNTIME140 ref: 00007FF6ACBB2119
memcpy.VCRUNTIME140 ref: 00007FF6ACBB2132
memcpy.VCRUNTIME140 ref: 00007FF6ACBB2153
Shell_NotifyIconW.SHELL32 ref: 00007FF6ACBB21AF

Part of subcall function 00007FF6ACBC3591: memcpy.VCRUNTIME140 ref: 00007FF6ACBC35C3

memcpy.VCRUNTIME140 ref: 00007FF6ACBB24BF
EnumChildWindows.USER32 ref: 00007FF6ACBB25CF
EnumChildWindows.USER32 ref: 00007FF6ACBB25E1
SetWindowSubclass.COMCTL32 ref: 00007FF6ACBB25F2
RtlAddVectoredExceptionHandler.NTDLL ref: 00007FF6ACBB2892
SetThreadStackGuarantee.KERNELBASE ref: 00007FF6ACBB28AC
GetLastError.KERNEL32 ref: 00007FF6ACBB28B6

Strings

mainfatal runtime error: unwrap failed: CString::new("main") = , xrefs: 00007FF6ACBB28D5
About McAfee StingerScanning ...ExitFailed building the Runtime, xrefs: 00007FF6ACBB23BD
MenuINTERNAL ERROR: Menu/MenuItem handle is not HMENU!lib\native-windows-gui\src\controls\menu.rsMenu/MenuItem is not yet bound to a winapi object, xrefs: 00007FF6ACBB21E0, 00007FF6ACBB2248
Cannot bind control with an handle of typeZ:\SHARED\mcafee-stinger\ARSENALREPO\fake-av-exe\lib\native-windows-gui\src\win32\window.rs, xrefs: 00007FF6ACBB284C
NativeWindowsGuiWindowNWG_FRAMEMessage only window creation failed, xrefs: 00007FF6ACBB1D65
C:\ProgramData\mcafee.icoDownloading AV updatesMcAfee StingerZeroAccess.ea virus successfully cleaned in C:\Windows\Prefetch\MSEDGE.EXE-37D25F9AThreat has been removedMcAfee UpdateDownload error - Check your internet connection and try againError while downloa, xrefs: 00007FF6ACBB1ACB
main, xrefs: 00007FF6ACBB28C4
iled, xrefs: 00007FF6ACBB1ECD
/rustc/cc66ad468955717ab92600c770da8c1601a4ff33\library\core\src\sync\atomic.rsthere is no such thing as an acquire store, xrefs: 00007FF6ACBB2979, 00007FF6ACBB2A1E
W failed, xrefs: 00007FF6ACBB1E5F
ButtonTrayNotification must be window-like control., xrefs: 00007FF6ACBB1F2C

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: memcpy$ChildEnumErrorLastWindowWindowsmemset$CreateExceptionGuaranteeHandleHandlerIconImageLoadModuleNotifyShell_StackSubclassThreadVectored
String ID: /rustc/cc66ad468955717ab92600c770da8c1601a4ff33\library\core\src\sync\atomic.rsthere is no such thing as an acquire store$About McAfee StingerScanning ...ExitFailed building the Runtime$ButtonTrayNotification must be window-like control.$C:\ProgramData\mcafee.icoDownloading AV updatesMcAfee StingerZeroAccess.ea virus successfully cleaned in C:\Windows\Prefetch\MSEDGE.EXE-37D25F9AThreat has been removedMcAfee UpdateDownload error - Check your internet connection and try againError while downloa$Cannot bind control with an handle of typeZ:\SHARED\mcafee-stinger\ARSENALREPO\fake-av-exe\lib\native-windows-gui\src\win32\window.rs$MenuINTERNAL ERROR: Menu/MenuItem handle is not HMENU!lib\native-windows-gui\src\controls\menu.rsMenu/MenuItem is not yet bound to a winapi object$NativeWindowsGuiWindowNWG_FRAMEMessage only window creation failed$W failed$iled$main$mainfatal runtime error: unwrap failed: CString::new("main") =
API String ID: 4078138967-728542636
Opcode ID: 1a5e74d14249bed9d9a5d8c50ad62c4e7089ee196cab07167ac322593d30325e
Instruction ID: fe8f60622e0453023a2f693ccdf0b63e78240e7584c79a0c6d5521b34da73ee3
Opcode Fuzzy Hash: 1a5e74d14249bed9d9a5d8c50ad62c4e7089ee196cab07167ac322593d30325e
Instruction Fuzzy Hash: 5B929B72A0AB9285E7209F24E4853EA73B4FB99748F408235DB8D83796DF3DE195C740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACBE22D1 Relevance: 41.4, APIs: 18, Strings: 8, Instructions: 2363COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,?,?,?,?,00000000,?,00007FF6ACBF4871), ref: 00007FF6ACBE2471
memcpy.VCRUNTIME140 ref: 00007FF6ACBE2539
memcpy.VCRUNTIME140 ref: 00007FF6ACBE2552
memcpy.VCRUNTIME140 ref: 00007FF6ACBE258A
memcpy.VCRUNTIME140(?), ref: 00007FF6ACBE2C0E
memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00007FF6ACBE348F
memcpy.VCRUNTIME140(?,?,?,?,?,?,00000000,?,00007FF6ACBF4871), ref: 00007FF6ACBE4E17
memcpy.VCRUNTIME140(?,?,?,?,?,?,00000000,?,00007FF6ACBF4871), ref: 00007FF6ACBE4E32
memcpy.VCRUNTIME140(?,?,?,?,?,?,00000000,?,00007FF6ACBF4871), ref: 00007FF6ACBE4E50

Strings

called `Option::unwrap()` on a `None` value, xrefs: 00007FF6ACBE53E2
just sent Ok, xrefs: 00007FF6ACBE5475
keep-aliveHTTP/1.1 100 Continueinternal error: entered unreachable code: poll_read_body invalid state: , xrefs: 00007FF6ACBE25A1
called `Result::unwrap()` on an `Err` value, xrefs: 00007FF6ACBE54A5
00authority implies host, xrefs: 00007FF6ACBE4A46
/rustc/cc66ad468955717ab92600c770da8c1601a4ff33\library\core\src\sync\atomic.rsthere is no such thing as an acquire store, xrefs: 00007FF6ACBE3593, 00007FF6ACBE3618
internal error: entered unreachable codeC:\Users\rt-dev\.cargo\registry\src\index.crates.io-6f17d22bba15001f\tokio-1.37.0\src\sync\notify.rs, xrefs: 00007FF6ACBE5449
connection error, xrefs: 00007FF6ACBE5235

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: memcpy
String ID: 00authority implies host$/rustc/cc66ad468955717ab92600c770da8c1601a4ff33\library\core\src\sync\atomic.rsthere is no such thing as an acquire store$called `Option::unwrap()` on a `None` value$called `Result::unwrap()` on an `Err` value$connection error$internal error: entered unreachable codeC:\Users\rt-dev\.cargo\registry\src\index.crates.io-6f17d22bba15001f\tokio-1.37.0\src\sync\notify.rs$just sent Ok$keep-aliveHTTP/1.1 100 Continueinternal error: entered unreachable code: poll_read_body invalid state:
API String ID: 3510742995-1447519356
Opcode ID: 5932a77ec447c4e9cb29465239857917e74c170340de3fd01e0d2c2f981ccbc1
Instruction ID: ceb5e7cacd5cdcd693a5ca9aa4fa7150a4305c3bfd505fae7858fae749675bbc
Opcode Fuzzy Hash: 5932a77ec447c4e9cb29465239857917e74c170340de3fd01e0d2c2f981ccbc1
Instruction Fuzzy Hash: A2537132A0EAD185EA719B15E4413EEB3A0FB96B84F444131DACD87B9ADF7DD185CB00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACBBAC44 Relevance: 37.3, APIs: 13, Strings: 11, Instructions: 1330COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6ACBC4404: memset.VCRUNTIME140 ref: 00007FF6ACBC443F
Part of subcall function 00007FF6ACBC4404: GetTempPathW.KERNEL32 ref: 00007FF6ACBC444C

Part of subcall function 00007FF6ACBB1AAA: GetModuleHandleW.KERNEL32 ref: 00007FF6ACBB1DA6
Part of subcall function 00007FF6ACBB1AAA: CreateWindowExW.USER32 ref: 00007FF6ACBB1DFA

memcpy.VCRUNTIME140 ref: 00007FF6ACBBAECC
memcpy.VCRUNTIME140 ref: 00007FF6ACBBAF02
memcpy.VCRUNTIME140 ref: 00007FF6ACBBAF1D
memcpy.VCRUNTIME140 ref: 00007FF6ACBBB0B3
memcpy.VCRUNTIME140 ref: 00007FF6ACBBB27E
memcpy.VCRUNTIME140 ref: 00007FF6ACBBB2B4
memcpy.VCRUNTIME140 ref: 00007FF6ACBBB2DD
memcpy.VCRUNTIME140 ref: 00007FF6ACBBB2F3
memcpy.VCRUNTIME140 ref: 00007FF6ACBBB0CE

Part of subcall function 00007FF6ACC266E0: AcquireSRWLockExclusive.KERNEL32 ref: 00007FF6ACC2677F
Part of subcall function 00007FF6ACC266E0: ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF6ACC26866

Part of subcall function 00007FF6ACB81635: memcpy.VCRUNTIME140 ref: 00007FF6ACB8169F

Strings

N, xrefs: 00007FF6ACBBB319
, xrefs: 00007FF6ACBBB92D
AUTHORIZATIONError: only be applied to a base class, xrefs: 00007FF6ACBBC29E
https://downloadcenter.trellix.com/products/mcafee-avert/Stinger/stinger64.exe\avenginev6.exe, xrefs: 00007FF6ACBBB277
called `Result::unwrap()` on an `Err` value, xrefs: 00007FF6ACBBC7EA, 00007FF6ACBBCA1C, 00007FF6ACBBCA61
TMPo/mspn/amcr.up.cifeete.duritenngetprconsttilgithwol/ex.ebuseom///raw.daais:nisht\ma-stinger64.exe, xrefs: 00007FF6ACBBB9F9
/rustc/cc66ad468955717ab92600c770da8c1601a4ff33\library\core\src\sync\atomic.rsthere is no such thing as an acquire store, xrefs: 00007FF6ACBBAD12, 00007FF6ACBBAFF5, 00007FF6ACBBB175, 00007FF6ACBBB3C0, 00007FF6ACBBB679, 00007FF6ACBBBD3B, 00007FF6ACBBC18E, 00007FF6ACBBC558, 00007FF6ACBBC5B4, 00007FF6ACBBC6CC, 00007FF6ACBBC817, 00007FF6ACBBC9D8
ura\Prsoftomsws\\Mi\SStaquickscan.lnk, xrefs: 00007FF6ACBBBAA8
FijHhLnYaenubA2H6OcQK_wKRWECKTNt_1QOph3_paftok9MeH4FsNdSVQsVEFFvySfFUgK0Yz1BIXaRTWCnYYTWThWIp giapplication/vnd.github.v3.rawACCEPT, xrefs: 00007FF6ACBBC05D
localappdata, xrefs: 00007FF6ACBBAD42
failed to park thread, xrefs: 00007FF6ACBBC51C

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: memcpy$ExclusiveLock$AcquireCreateHandleModulePathReleaseTempWindowmemset
String ID: $/rustc/cc66ad468955717ab92600c770da8c1601a4ff33\library\core\src\sync\atomic.rsthere is no such thing as an acquire store$AUTHORIZATIONError: only be applied to a base class$FijHhLnYaenubA2H6OcQK_wKRWECKTNt_1QOph3_paftok9MeH4FsNdSVQsVEFFvySfFUgK0Yz1BIXaRTWCnYYTWThWIp giapplication/vnd.github.v3.rawACCEPT$N$TMPo/mspn/amcr.up.cifeete.duritenngetprconsttilgithwol/ex.ebuseom///raw.daais:nisht\ma-stinger64.exe$called `Result::unwrap()` on an `Err` value$failed to park thread$https://downloadcenter.trellix.com/products/mcafee-avert/Stinger/stinger64.exe\avenginev6.exe$localappdata$ura\Prsoftomsws\\Mi\SStaquickscan.lnk
API String ID: 3712276061-3879684308
Opcode ID: d3375ddc9d007fdc9a105deb8f1a8466a6d4db2dbe54357e3f32f34b178387fa
Instruction ID: c1a1585d1b502edeca9aaa5bb2aff9b8892d5fa5626049e54b710b5d242b8728
Opcode Fuzzy Hash: d3375ddc9d007fdc9a105deb8f1a8466a6d4db2dbe54357e3f32f34b178387fa
Instruction Fuzzy Hash: 1DF21A36A0ABC285E6619B15F4807EAB3B4FB89784F404136DACE93B56EF3DE155C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACBB2AA0 Relevance: 31.0, APIs: 9, Strings: 10, Instructions: 2533COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140 ref: 00007FF6ACBB2D7C
memcpy.VCRUNTIME140 ref: 00007FF6ACBB2DBE
memcpy.VCRUNTIME140 ref: 00007FF6ACBB362C
memcpy.VCRUNTIME140 ref: 00007FF6ACBB3A94

Strings

called `Option::unwrap()` on a `None` value, xrefs: 00007FF6ACBB7261, 00007FF6ACBB7440, 00007FF6ACBB748C, 00007FF6ACBB749F
=, xrefs: 00007FF6ACBB2C3A
cannot access a Thread Local Storage value during or after destruction/rustc/cc66ad468955717ab92600c770da8c1601a4ff33\library\std\src\thread\local.rs, xrefs: 00007FF6ACBB746C
Failed building the Runtime, xrefs: 00007FF6ACBB71F5
Failed to `Enter::block_on`, xrefs: 00007FF6ACBB70FB
TOKIO_WORKER_THREADS"" cannot be set to 0, xrefs: 00007FF6ACBB2C64
assertion failed: end >= start && end <= len, xrefs: 00007FF6ACBB7195
assertion failed: sharded_size.is_power_of_two()C:\Users\rt-dev\.cargo\registry\src\index.crates.io-6f17d22bba15001f\tokio-1.37.0\src\util\sharded_list.rs, xrefs: 00007FF6ACBB71C6
/rustc/cc66ad468955717ab92600c770da8c1601a4ff33\library\core\src\sync\atomic.rsthere is no such thing as an acquire store, xrefs: 00007FF6ACBB3947, 00007FF6ACBB5A18, 00007FF6ACBB6AB9, 00007FF6ACBB6B35, 00007FF6ACBB6DA9, 00007FF6ACBB6F79, 00007FF6ACBB7135, 00007FF6ACBB7171, 00007FF6ACBB7241, 00007FF6ACBB7293, 00007FF6ACBB7420
internal error: entered unreachable codeC:\Users\rt-dev\.cargo\registry\src\index.crates.io-6f17d22bba15001f\tokio-1.37.0\src\sync\notify.rs, xrefs: 00007FF6ACBB6A13

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: memcpy
String ID: /rustc/cc66ad468955717ab92600c770da8c1601a4ff33\library\core\src\sync\atomic.rsthere is no such thing as an acquire store$=$Failed building the Runtime$Failed to `Enter::block_on`$TOKIO_WORKER_THREADS"" cannot be set to 0$assertion failed: end >= start && end <= len$assertion failed: sharded_size.is_power_of_two()C:\Users\rt-dev\.cargo\registry\src\index.crates.io-6f17d22bba15001f\tokio-1.37.0\src\util\sharded_list.rs$called `Option::unwrap()` on a `None` value$cannot access a Thread Local Storage value during or after destruction/rustc/cc66ad468955717ab92600c770da8c1601a4ff33\library\std\src\thread\local.rs$internal error: entered unreachable codeC:\Users\rt-dev\.cargo\registry\src\index.crates.io-6f17d22bba15001f\tokio-1.37.0\src\sync\notify.rs
API String ID: 3510742995-2270116314
Opcode ID: 9eb1746e86a3d87ea2051f1ccb2c010ad4aa6a6ef1cadcca7f9b20d0735afa50
Instruction ID: 978d0c6a72e686ee170f0f7203672dc00b94dc48c491cd6356e40a97c2a0dbe8
Opcode Fuzzy Hash: 9eb1746e86a3d87ea2051f1ccb2c010ad4aa6a6ef1cadcca7f9b20d0735afa50
Instruction Fuzzy Hash: 57439132A0ABD681EA64DB15E4803FEB360FB85784F404136DA9E87B9ADF3DE545C740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACC198DB Relevance: 19.6, APIs: 9, Strings: 2, Instructions: 316networkCOMMON

Download Yara Rule

APIs

WSASocketW.WS2_32 ref: 00007FF6ACC19B34
WSAGetLastError.WS2_32 ref: 00007FF6ACC19B59
WSASocketW.WS2_32 ref: 00007FF6ACC19B8E
SetHandleInformation.KERNEL32 ref: 00007FF6ACC19BAC
GetLastError.KERNEL32 ref: 00007FF6ACC19BB6
bind.WS2_32 ref: 00007FF6ACC19BFC
WSAGetLastError.WS2_32 ref: 00007FF6ACC19C0B
closesocket.WS2_32 ref: 00007FF6ACC19C17
WSAGetLastError.WS2_32 ref: 00007FF6ACC19C37

Part of subcall function 00007FF6ACC26E90: freeaddrinfo.WS2_32(?,?,?,?,?,00007FF6ACBA7D9D), ref: 00007FF6ACC26EFE

Strings

called `Option::unwrap()` on a `None` value, xrefs: 00007FF6ACC19DF3
127.0.0.1:34254could not resolve to any addresses, xrefs: 00007FF6ACC198FD

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: ErrorLast$Socket$HandleInformationbindclosesocketfreeaddrinfo
String ID: 127.0.0.1:34254could not resolve to any addresses$called `Option::unwrap()` on a `None` value
API String ID: 1822934947-1408131827
Opcode ID: ca80d364db5948c425546a372f89c33d42fcc6cd9ac59757044b3152fb65209c
Instruction ID: 8a129d090d628e133670c091a59ded00bf91600f16c790b2847e2469581339e8
Opcode Fuzzy Hash: ca80d364db5948c425546a372f89c33d42fcc6cd9ac59757044b3152fb65209c
Instruction Fuzzy Hash: 32D19232A1EA8282E7609B19E55437AB7B1FB85790F508131EA9F83BD5DF3CD485C710

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACBD24D8 Relevance: 12.8, APIs: 3, Strings: 4, Instructions: 2279COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140 ref: 00007FF6ACBD4478
memcpy.VCRUNTIME140 ref: 00007FF6ACBD45CE
memcpy.VCRUNTIME140 ref: 00007FF6ACBD47CD

Strings

close, xrefs: 00007FF6ACBD37C1
PRI * HTTP/2.0SM, xrefs: 00007FF6ACBD49AE
/rustc/cc66ad468955717ab92600c770da8c1601a4ff33\library\core\src\sync\atomic.rsthere is no such thing as an acquire store, xrefs: 00007FF6ACBD29F6, 00007FF6ACBD418E
size overflows MAX_SIZE, xrefs: 00007FF6ACBD4E66

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: memcpy
String ID: /rustc/cc66ad468955717ab92600c770da8c1601a4ff33\library\core\src\sync\atomic.rsthere is no such thing as an acquire store$PRI * HTTP/2.0SM$close$size overflows MAX_SIZE
API String ID: 3510742995-4108103052
Opcode ID: 3f2dc98ce87133ccd65c1c0a20c723921dce30623acf4515d8e72e1228e72100
Instruction ID: aebc864a1eb979c2fbed0845948f9f8f9b5d86702caf901518eb3b7a5f4e6f40
Opcode Fuzzy Hash: 3f2dc98ce87133ccd65c1c0a20c723921dce30623acf4515d8e72e1228e72100
Instruction Fuzzy Hash: 2633B032A0EBD181EA768B15E4403FEA7A0FB96794F444131DA8D87B99DF3ED585CB00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACBEDBBE Relevance: 9.6, APIs: 3, Strings: 3, Instructions: 634COMMON

Download Yara Rule

Strings

dns error, xrefs: 00007FF6ACBEE044
`async fn` resumed after completion, xrefs: 00007FF6ACBEEC97
invalid URL, scheme is not httpinvalid URL, scheme is missinginvalid URL, host is missingConnectError, xrefs: 00007FF6ACBEDCA1

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID:
String ID: `async fn` resumed after completion$dns error$invalid URL, scheme is not httpinvalid URL, scheme is missinginvalid URL, host is missingConnectError
API String ID: 0-466681755
Opcode ID: efb87236d5d5461adb574cbf512bc5116a641e3381cc8163804b1e2fdde4ae19
Instruction ID: 39c38ccec9aade75995a86ae465e9980fa8c2b0d84996441bb5dd50265bba41f
Opcode Fuzzy Hash: efb87236d5d5461adb574cbf512bc5116a641e3381cc8163804b1e2fdde4ae19
Instruction Fuzzy Hash: A862DF72A09BE181E721CB11E4447EA73A8FB9AB88F458122DF8D47786DF7ED185C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACC0BA80 Relevance: 9.3, APIs: 2, Strings: 3, Instructions: 545COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140 ref: 00007FF6ACC0C053

Strings

Client::new(), xrefs: 00007FF6ACC0D135
cannot access a Thread Local Storage value during or after destruction/rustc/cc66ad468955717ab92600c770da8c1601a4ff33\library\std\src\thread\local.rs, xrefs: 00007FF6ACC0D15F
NO_PROXYno_proxy, xrefs: 00007FF6ACC0BC86

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: memcpy
String ID: Client::new()$NO_PROXYno_proxy$cannot access a Thread Local Storage value during or after destruction/rustc/cc66ad468955717ab92600c770da8c1601a4ff33\library\std\src\thread\local.rs
API String ID: 3510742995-1238331129
Opcode ID: 92e717cc9da35f0210936745e85f6a2959acc8e7c5d101c564f3afc648363ab2
Instruction ID: 9a63755b04a2652525a215f0f26bbd9c323de2c6313c748469e88117c01b43aa
Opcode Fuzzy Hash: 92e717cc9da35f0210936745e85f6a2959acc8e7c5d101c564f3afc648363ab2
Instruction Fuzzy Hash: 4A5269B2A09BC181E761CB14E4443EAB7B4FB99784F448126DB8E97B9ADF3DD185C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACBBF264 Relevance: 9.1, APIs: 6, Instructions: 102filenativeCOMMON

Download Yara Rule

APIs

NtCreateFile.NTDLL ref: 00007FF6ACBBF2CA
RtlNtStatusToDosError.NTDLL ref: 00007FF6ACBBF2DA
CreateIoCompletionPort.KERNELBASE ref: 00007FF6ACBBF37A
SetFileCompletionNotificationModes.KERNEL32 ref: 00007FF6ACBBF390

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: CompletionCreateFile$ErrorModesNotificationPortStatus
String ID:
API String ID: 986160054-0
Opcode ID: 0bfe4a47b018f1d5ec3e3ae196636840362291f2348ad4f1b24c8be361e47675
Instruction ID: 790f3c090d391259f8a5b1498b8859162b42c5393c5d1bc795b6460fe482d5a9
Opcode Fuzzy Hash: 0bfe4a47b018f1d5ec3e3ae196636840362291f2348ad4f1b24c8be361e47675
Instruction Fuzzy Hash: 7141D072A0AB5583EB208F55E4813A9B3B4FB89B94F048135DA9EC7B85CF3DE455C740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACBA80DB Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 258networkCOMMON

Download Yara Rule

APIs

WSASocketW.WS2_32 ref: 00007FF6ACBA8139
ioctlsocket.WS2_32 ref: 00007FF6ACBA8160
WSAIoctl.WS2_32 ref: 00007FF6ACBA830B
closesocket.WS2_32 ref: 00007FF6ACBA83FE

Part of subcall function 00007FF6ACC19E1E: setsockopt.WS2_32 ref: 00007FF6ACC19E3C

Strings

tcp open errortcp set_nonblocking errortcp bind local error, xrefs: 00007FF6ACBA8174

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: IoctlSocketclosesocketioctlsocketsetsockopt
String ID: tcp open errortcp set_nonblocking errortcp bind local error
API String ID: 3044603800-1475804424
Opcode ID: 380c53a097cfbc1bb14d19d2596465b61839b882e0cb82fd0b8649572747511a
Instruction ID: 8339460f7ed01e9a7fd0eebd08733538fdc05ec9f993bfc841e20a5495be064e
Opcode Fuzzy Hash: 380c53a097cfbc1bb14d19d2596465b61839b882e0cb82fd0b8649572747511a
Instruction Fuzzy Hash: 12B1A162A0A79587E724CB65E4147BA73A0FB86754F008235EE8D87B92DF7EE584C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACC078B1 Relevance: 7.7, APIs: 2, Strings: 2, Instructions: 727registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNELBASE ref: 00007FF6ACC07905

Part of subcall function 00007FF6ACBDA585: RegQueryValueExW.KERNELBASE ref: 00007FF6ACBDA60B

Part of subcall function 00007FF6ACC488AD: memcpy.VCRUNTIME140 ref: 00007FF6ACC488D7

Strings

httphttpswswssftpfileC:\Users\rt-dev\.cargo\registry\src\index.crates.io-6f17d22bba15001f\url-2.5.0\src\parser.rs, xrefs: 00007FF6ACC07A39, 00007FF6ACC07A64, 00007FF6ACC07AF4, 00007FF6ACC07B4C, 00007FF6ACC07F7B
HTTP_PROXYhttp_proxyHTTPS_PROXYhttps_proxyALL_PROXYall_proxyREQUEST_METHODSoftware\Microsoft\Windows\CurrentVersion\Internet SettingsProxyEnableProxyServer=;, xrefs: 00007FF6ACC07A40

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: OpenQueryValuememcpy
String ID: HTTP_PROXYhttp_proxyHTTPS_PROXYhttps_proxyALL_PROXYall_proxyREQUEST_METHODSoftware\Microsoft\Windows\CurrentVersion\Internet SettingsProxyEnableProxyServer=;$httphttpswswssftpfileC:\Users\rt-dev\.cargo\registry\src\index.crates.io-6f17d22bba15001f\url-2.5.0\src\parser.rs
API String ID: 2123872960-4062961525
Opcode ID: ecac42d4b8da446df7977320728314f3dc4343d6da3c4703ba36b13703cfe02e
Instruction ID: 33c1139d07c817de5d81ebc4755f55a4194573c56c9f193f53be54df8bbbbb22
Opcode Fuzzy Hash: ecac42d4b8da446df7977320728314f3dc4343d6da3c4703ba36b13703cfe02e
Instruction Fuzzy Hash: 6962B2A1A1EB9681EA209B15E4003FA63B1FB957C4F448135DE8E87BDADF7DE245C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACC3A124 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 159networkCOMMON

Download Yara Rule

APIs

recv.WS2_32 ref: 00007FF6ACC3A203
WSAGetLastError.WS2_32 ref: 00007FF6ACC3A212

Strings

filled overflowfilled must not become larger than initialized, xrefs: 00007FF6ACC3A323
/rustc/cc66ad468955717ab92600c770da8c1601a4ff33\library\core\src\sync\atomic.rsthere is no such thing as an acquire store, xrefs: 00007FF6ACC3A354

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: ErrorLastrecv
String ID: /rustc/cc66ad468955717ab92600c770da8c1601a4ff33\library\core\src\sync\atomic.rsthere is no such thing as an acquire store$filled overflowfilled must not become larger than initialized
API String ID: 2514157807-2994785229
Opcode ID: 424dd0a06453bd16258f554d8c2e9e0ad6a6061ed7fda2cd6421d0226cf486ee
Instruction ID: 988ef75900fa820b8cd0aa1e48a5dd7ca82365f2666072d3a59485a0358a9463
Opcode Fuzzy Hash: 424dd0a06453bd16258f554d8c2e9e0ad6a6061ed7fda2cd6421d0226cf486ee
Instruction Fuzzy Hash: 36510A22A0AA9281EA14DB55F4402BAB771FF85F94F108132DE9FC77A5DE3DD492C300

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACC24930 Relevance: 6.1, APIs: 4, Instructions: 130fileCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6ACC21E00: CreateFileW.KERNELBASE ref: 00007FF6ACC21FAB

memset.VCRUNTIME140 ref: 00007FF6ACC24A62
FindFirstFileW.KERNEL32 ref: 00007FF6ACC24A6D
FindClose.KERNEL32 ref: 00007FF6ACC24A80
FindCloseChangeNotification.KERNELBASE ref: 00007FF6ACC24AF3

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: Find$CloseFile$ChangeCreateFirstNotificationmemset
String ID:
API String ID: 154620898-0
Opcode ID: f3e2c84344db771630c806b85881f95a6985cfc019c2887b75478b69245785b7
Instruction ID: 921a119557a274201cee1aa61d441bcde36f47f0c968ae0a3298e5a69f988c62
Opcode Fuzzy Hash: f3e2c84344db771630c806b85881f95a6985cfc019c2887b75478b69245785b7
Instruction Fuzzy Hash: C3518032A05B4286E730DBA1E8583AD63B1FB45794F149235CE6E9BB85DF3CE581C340

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACC3A374 Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 310networkCOMMON

Download Yara Rule

APIs

send.WS2_32 ref: 00007FF6ACC3A42D
WSAGetLastError.WS2_32(?,?,?,00000000,?,?,?,00000000,?,?,00007FF6ACBDB6A5,?,?,?,00000000), ref: 00007FF6ACC3A43C

Strings

attempt to calculate the remainder with a divisor of zero, xrefs: 00007FF6ACC3A86C

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: ErrorLastsend
String ID: attempt to calculate the remainder with a divisor of zero
API String ID: 1802528911-471163579
Opcode ID: 89cbcc6eecd5d246f4af638a6b110155815f62c90cdab462dd125715005bdb59
Instruction ID: 9576998417aa8baddb42989e8646e520ef3ac0fb48e52e3b99377d3dedae045f
Opcode Fuzzy Hash: 89cbcc6eecd5d246f4af638a6b110155815f62c90cdab462dd125715005bdb59
Instruction Fuzzy Hash: 6DC1C222A0AB8581EA20DF52E4407A9F771FB89BD4F448136EE9E97B95DF3CD491C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACBBEB35 Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 307filenativeCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6ACC03C8E: AcquireSRWLockExclusive.KERNEL32(?,?,?,?,00007FF6ACBBF5F0,?,?,?,?,?,?,00007FF6ACC3CEEF,?,0000001C,0000000C,00007FF6ACC3D039), ref: 00007FF6ACC03C9D

NtDeviceIoControlFile.NTDLL ref: 00007FF6ACBBECE6
RtlNtStatusToDosError.NTDLL ref: 00007FF6ACBBECF9

Strings

Out of bounds access, xrefs: 00007FF6ACBBEF14, 00007FF6ACBBEF24

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: AcquireControlDeviceErrorExclusiveFileLockStatus
String ID: Out of bounds access
API String ID: 2532488911-3656037976
Opcode ID: 10fee128d78fed50ce6986df3271c56040763d2f1e0eafa731eb0f10cc46f504
Instruction ID: 3f26d3ca4bcecc7883e1f6e9fca33dcca741f3f748f5ebf63123bbb900d24bc6
Opcode Fuzzy Hash: 10fee128d78fed50ce6986df3271c56040763d2f1e0eafa731eb0f10cc46f504
Instruction Fuzzy Hash: FBD1B172A0ABA682EB60DF15E4847A973A5FB45B84F404036DE9EC77A6DF3DE045C340

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACC3E5F6 Relevance: 5.1, Strings: 4, Instructions: 85COMMON

Download Yara Rule

Strings

setybdet, xrefs: 00007FF6ACC3E649
modnarod, xrefs: 00007FF6ACC3E61D
uespemos, xrefs: 00007FF6ACC3E610
arenegyl, xrefs: 00007FF6ACC3E62A

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID:
String ID: arenegyl$modnarod$setybdet$uespemos
API String ID: 0-66988881
Opcode ID: 5a346279de19071ee8a23393dc0611ef2d8f1da71398524b0a2ca6aec134ab45
Instruction ID: 28be801fc0bc9e3efacc61d3723dc3372c461db100d6907739e45faec0ba0a27
Opcode Fuzzy Hash: 5a346279de19071ee8a23393dc0611ef2d8f1da71398524b0a2ca6aec134ab45
Instruction Fuzzy Hash: 95214CD5F48A8403FE98F6E5397AAFA816747177C0D80F432DD1AEB24AED0D83534186

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACC1BEF0 Relevance: 4.6, APIs: 3, Instructions: 66filenativesynchronizationCOMMON

Download Yara Rule

APIs

NtWriteFile.NTDLL ref: 00007FF6ACC1BF3D
WaitForSingleObject.KERNEL32 ref: 00007FF6ACC1BF52
RtlNtStatusToDosError.NTDLL ref: 00007FF6ACC1BF76

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: ErrorFileObjectSingleStatusWaitWrite
String ID:
API String ID: 3447438843-0
Opcode ID: 6c5e59cabe75561348175900ecfaa91fdc5d4130a6f6ad005daec9eac80b1cd3
Instruction ID: 77d0232fe412090a106c985bfd07b85d343105deb7bc630c3c0e00eca2c217e7
Opcode Fuzzy Hash: 6c5e59cabe75561348175900ecfaa91fdc5d4130a6f6ad005daec9eac80b1cd3
Instruction Fuzzy Hash: 6921DB32B1978282E724CB69F45476A6771EB85794F108130FA9E87BA5DF7CE1858B00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACC37DA9 Relevance: 4.1, Strings: 3, Instructions: 353COMMON

Download Yara Rule

Strings

assertion failed: shared.shutdown_tx.is_some()C:\Users\rt-dev\.cargo\registry\src\index.crates.io-6f17d22bba15001f\tokio-1.37.0\src\runtime\blocking\pool.rs, xrefs: 00007FF6ACC38380
thread name may not contain interior null bytes, xrefs: 00007FF6ACC383BA
/rustc/cc66ad468955717ab92600c770da8c1601a4ff33\library\core\src\sync\atomic.rsthere is no such thing as an acquire store, xrefs: 00007FF6ACC383F6

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID:
String ID: /rustc/cc66ad468955717ab92600c770da8c1601a4ff33\library\core\src\sync\atomic.rsthere is no such thing as an acquire store$assertion failed: shared.shutdown_tx.is_some()C:\Users\rt-dev\.cargo\registry\src\index.crates.io-6f17d22bba15001f\tokio-1.37.0\src\runtime\blocking\pool.rs$thread name may not contain interior null bytes
API String ID: 0-1457462141
Opcode ID: 8b75705f42ef428ef7740187d64fec783eb16217e97dd2a4f6e3c779b96f0728
Instruction ID: 774dafba7d9d7f72e956f1387c4675307614a27723f2a5f0a6d222caa74da301
Opcode Fuzzy Hash: 8b75705f42ef428ef7740187d64fec783eb16217e97dd2a4f6e3c779b96f0728
Instruction Fuzzy Hash: 84F19036A0AB8281EA559B25E9443BEF3B4FB85780F504636EB8E87795DF3CE155C300

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACBD9DC6 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 183windowCOMMON

Download Yara Rule

APIs

EncryptMessage.SECUR32 ref: 00007FF6ACBD9FA1

Strings

assertion failed: buf.len() <= sizes.cbMaximumMessage as usize, xrefs: 00007FF6ACBDA066

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: EncryptMessage
String ID: assertion failed: buf.len() <= sizes.cbMaximumMessage as usize
API String ID: 801064719-4253526853
Opcode ID: 70b319850fac19975762e536613812145ad4038fb8f7198ab49891cfa7baf4f5
Instruction ID: c76304e8d2e6577ffdb73b5043b6373aff8e7b4a492ee6fe94e884feebee3787
Opcode Fuzzy Hash: 70b319850fac19975762e536613812145ad4038fb8f7198ab49891cfa7baf4f5
Instruction Fuzzy Hash: 0B718262A0AB8686EB55DB16E4407AAB3A1FB49BC4F408035EF9E87745DF3DE444C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACC3EDD4 Relevance: 3.3, APIs: 2, Instructions: 251COMMON

Download Yara Rule

APIs

CreateIoCompletionPort.KERNEL32(?,?,?,?,?,?,?,?,?), ref: 00007FF6ACC3EE06
memset.VCRUNTIME140(?,?,?,?,?,?,?,?,?), ref: 00007FF6ACC3F07A

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: CompletionCreatePortmemset
String ID:
API String ID: 1198102284-0
Opcode ID: f3b64434cf0cf40c7b3810a22a5be016c56bcb39899fac2618d8103489526be8
Instruction ID: c9a7fb220ff05d52abcb7464131685164163320b5f7ef513126f2e8a9cc37b5d
Opcode Fuzzy Hash: f3b64434cf0cf40c7b3810a22a5be016c56bcb39899fac2618d8103489526be8
Instruction Fuzzy Hash: B1B1A022A1AB8582E7648B11F50037AF6A1FB99784F149538EBCE87791DF7CE485C340

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACC489F0 Relevance: 3.0, APIs: 2, Instructions: 46memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,?,00000008,00007FF6ACB82154), ref: 00007FF6ACC48A22
RtlAllocateHeap.NTDLL ref: 00007FF6ACC48A47

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: Heap$AllocateProcess
String ID:
API String ID: 1357844191-0
Opcode ID: 88ff5268206892feff0bc92d44ef2bf5a816f7b5f0f35e2a439204aa35c187fd
Instruction ID: b84de4b1cafa9cc7c9b5363fe3c570326062f3a4ec243e41dfbc611295e76fb6
Opcode Fuzzy Hash: 88ff5268206892feff0bc92d44ef2bf5a816f7b5f0f35e2a439204aa35c187fd
Instruction Fuzzy Hash: 06014F26F4BB1145FA299B967A881B592E16F48BD0E08C534CD2FD27A8EDACE5C74210

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACBC550A Relevance: 1.6, Strings: 1, Instructions: 352COMMON

Download Yara Rule

Strings

attempted to use a condition variable with more than one mutexC:\Users\rt-dev\.cargo\registry\src\index.crates.io-6f17d22bba15001f\parking_lot-0.12.1\src\condvar.rs, xrefs: 00007FF6ACBC59FA

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID:
String ID: attempted to use a condition variable with more than one mutexC:\Users\rt-dev\.cargo\registry\src\index.crates.io-6f17d22bba15001f\parking_lot-0.12.1\src\condvar.rs
API String ID: 0-3516859319
Opcode ID: 348146a413fe3ef5bb55d0d369d93d6a0ea6ea9d5c98ff77f8e8e0fa09435aae
Instruction ID: 04e25d1118800b2b9de7e0a06caa5f29517568c740912fb53bba6d85a12085b8
Opcode Fuzzy Hash: 348146a413fe3ef5bb55d0d369d93d6a0ea6ea9d5c98ff77f8e8e0fa09435aae
Instruction Fuzzy Hash: 61D1E522B1F66282EE64CB16E4507796390EF8ABD5F444131DE4E87B91DF3EF449A300

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACC36D60 Relevance: 1.5, APIs: 1, Instructions: 17COMMON

Download Yara Rule

APIs

BCryptGenRandom.BCRYPT ref: 00007FF6ACC36D7F

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: CryptRandom
String ID:
API String ID: 2662593985-0
Opcode ID: 01c805e765af5cbe17286486b2160a22ee017fd870adcd11c347ba94d8328d28
Instruction ID: 6d5f26d43d3ac7c5eac3aaf9ac1474f2d2d7bdc907451db9e0b314e6c535bcaa
Opcode Fuzzy Hash: 01c805e765af5cbe17286486b2160a22ee017fd870adcd11c347ba94d8328d28
Instruction Fuzzy Hash: 6CE08C25B0D58692EA315B25F0066AAD7B0BF98788F509236EA8F86754DE1DE3818A00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACC19E56 Relevance: 1.5, APIs: 1, Instructions: 10networkCOMMON

Download Yara Rule

APIs

bind.WS2_32 ref: 00007FF6ACC19E61

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: bind
String ID:
API String ID: 1187836755-0
Opcode ID: 87496158c1c272b8bfe599182abe3ba6d9dd90e4421f35ab5e8133f88b8d9538
Instruction ID: af622dd620bb3a60c59e5c0db242bf1e0417c54a2e84ce27a51718a3c6a6679a
Opcode Fuzzy Hash: 87496158c1c272b8bfe599182abe3ba6d9dd90e4421f35ab5e8133f88b8d9538
Instruction Fuzzy Hash: 0BC08C10F2F002C2E3581B239C4176821A0BF0AB40F804134C20EC2260ED0CE8E64B01

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACBF5CF4 Relevance: 58.5, APIs: 30, Strings: 3, Instructions: 710COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140 ref: 00007FF6ACBF6C0C

Strings

future polled after completion, xrefs: 00007FF6ACBF6CAC, 00007FF6ACBF6CCC
/rustc/cc66ad468955717ab92600c770da8c1601a4ff33\library\core\src\sync\atomic.rsthere is no such thing as an acquire store, xrefs: 00007FF6ACBF631D
`async fn` resumed after completionFlatten polled after completionC:\Users\rt-dev\.cargo\registry\src\index.crates.io-6f17d22bba15001f\futures-util-0.3.30\src\future\future\flatten.rs, xrefs: 00007FF6ACBF6CE6

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: memcpy
String ID: /rustc/cc66ad468955717ab92600c770da8c1601a4ff33\library\core\src\sync\atomic.rsthere is no such thing as an acquire store$`async fn` resumed after completionFlatten polled after completionC:\Users\rt-dev\.cargo\registry\src\index.crates.io-6f17d22bba15001f\futures-util-0.3.30\src\future\future\flatten.rs$future polled after completion
API String ID: 3510742995-1732257591
Opcode ID: b1db55a234c3f29e709e80eff53fcb954e27f212c6b071118fc337fdbdfaa680
Instruction ID: e4148600933e831163fc54b2fd1797281a457f622a7f0623534beb9ce72b6089
Opcode Fuzzy Hash: b1db55a234c3f29e709e80eff53fcb954e27f212c6b071118fc337fdbdfaa680
Instruction Fuzzy Hash: 19929A26609BC195E7768B29E0453EEB3A4FB99744F009125DFCC43756EF3AE2A5CB00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACBDA72C Relevance: 40.8, APIs: 17, Strings: 6, Instructions: 597encryptionCOMMON

Download Yara Rule

APIs

AcceptSecurityContext.SECUR32 ref: 00007FF6ACBDAA56
InitializeSecurityContextW.SECUR32 ref: 00007FF6ACBDAAE8
FreeContextBuffer.SECUR32 ref: 00007FF6ACBDAB0D
FreeContextBuffer.SECUR32 ref: 00007FF6ACBDABC5
FreeContextBuffer.SECUR32 ref: 00007FF6ACBDAC90
CertFreeCertificateContext.CRYPT32 ref: 00007FF6ACBDAD8F
CertFreeCertificateContext.CRYPT32 ref: 00007FF6ACBDAD95

Part of subcall function 00007FF6ACBDB299: DecryptMessage.SECUR32 ref: 00007FF6ACBDB313

CertGetCertificateChain.CRYPT32 ref: 00007FF6ACBDAEE7
CertFreeCertificateContext.CRYPT32 ref: 00007FF6ACBDAFC2
CertFreeCertificateContext.CRYPT32 ref: 00007FF6ACBDAFF1
CertFreeCertificateChain.CRYPT32 ref: 00007FF6ACBDB027
CertVerifyCertificateChainPolicy.CRYPT32 ref: 00007FF6ACBDB0C2
CertFreeCertificateChain.CRYPT32 ref: 00007FF6ACBDB155
CertFreeCertificateContext.CRYPT32 ref: 00007FF6ACBDB160
CertFreeCertificateContext.CRYPT32 ref: 00007FF6ACBDB1F5
CertFreeCertificateChain.CRYPT32 ref: 00007FF6ACBDB286

Strings

1.3.6.1.4.1.311.10.3.3, xrefs: 00007FF6ACBDAE7D
, xrefs: 00007FF6ACBDAE5E
2.16.840.1.113730.4.1, xrefs: 00007FF6ACBDAE8C
unexpected EOF during handshakeassertion failed: size >= nread, xrefs: 00007FF6ACBDB1A9
1.3.6.1.5.5.7.3.1, xrefs: 00007FF6ACBDAE6E
/rustc/cc66ad468955717ab92600c770da8c1601a4ff33\library\core\src\sync\atomic.rsthere is no such thing as an acquire store, xrefs: 00007FF6ACBDABA7, 00007FF6ACBDAC72

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: Free$CertCertificateContext$Chain$Buffer$Security$AcceptDecryptInitializeMessagePolicyVerify
String ID: $/rustc/cc66ad468955717ab92600c770da8c1601a4ff33\library\core\src\sync\atomic.rsthere is no such thing as an acquire store$1.3.6.1.4.1.311.10.3.3$1.3.6.1.5.5.7.3.1$2.16.840.1.113730.4.1$unexpected EOF during handshakeassertion failed: size >= nread
API String ID: 190272638-1155498995
Opcode ID: 7a965c38785c281127276195afe777c423a5f77a5a3a1e7081bd130ba1a2190b
Instruction ID: ef8fd1db56d88aaf745c04260d94292dc78e031e015dc0097512ee2d6a364a97
Opcode Fuzzy Hash: 7a965c38785c281127276195afe777c423a5f77a5a3a1e7081bd130ba1a2190b
Instruction Fuzzy Hash: B2528C32A0EBD2C6EA658B15E4403AAB7E0FB86B84F044135DE8D97B95DF3DE455CB00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACBDE503 Relevance: 25.5, APIs: 20, Instructions: 530COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140 ref: 00007FF6ACBDF2B5
memcpy.VCRUNTIME140 ref: 00007FF6ACBE08FA
memcpy.VCRUNTIME140 ref: 00007FF6ACBE093F

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: memcpy
String ID:
API String ID: 3510742995-0
Opcode ID: 96c007148fc846d39dea0b5aba5fa7f6085e6d626dfbdba3648b40840d23dd89
Instruction ID: f4ebef91c93553e57ae56bcd173026317559d9d110c428a2dc1a40cf46c588b6
Opcode Fuzzy Hash: 96c007148fc846d39dea0b5aba5fa7f6085e6d626dfbdba3648b40840d23dd89
Instruction Fuzzy Hash: 5D52CD62A0DAE581E722DB14E0047EE77A4FB9A788F449121DF8D53A5ADF3DE285C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACBF5D06 Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 285encryptionCOMMON

Download Yara Rule

APIs

CertDuplicateCertificateContext.CRYPT32 ref: 00007FF6ACBF600F
memcpy.VCRUNTIME140 ref: 00007FF6ACBF667C

Strings

`async fn` resumed after completionFlatten polled after completionC:\Users\rt-dev\.cargo\registry\src\index.crates.io-6f17d22bba15001f\futures-util-0.3.30\src\future\future\flatten.rs, xrefs: 00007FF6ACBF6CE6

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: CertCertificateContextDuplicatememcpy
String ID: `async fn` resumed after completionFlatten polled after completionC:\Users\rt-dev\.cargo\registry\src\index.crates.io-6f17d22bba15001f\futures-util-0.3.30\src\future\future\flatten.rs
API String ID: 837807836-3426615846
Opcode ID: 587f244127caac4289a83c0802cd8ff767b00fffbeec0a7ac3a3594db3bda3c9
Instruction ID: 6d6961ccf4702cfdec0dcc93eec6c7c49065cf3df656b127d8cb85c8bd5df284
Opcode Fuzzy Hash: 587f244127caac4289a83c0802cd8ff767b00fffbeec0a7ac3a3594db3bda3c9
Instruction Fuzzy Hash: FBF1AF26A09BC191E6698B29E1453EEB374FF95344F009225DFDC43766EF3AE2A5C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACBC4649 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 165libraryCOMMON

Download Yara Rule

APIs

FindCloseChangeNotification.KERNELBASE ref: 00007FF6ACBC483D
CreateActCtxW.KERNEL32 ref: 00007FF6ACBC4880
ActivateActCtx.KERNEL32 ref: 00007FF6ACBC488B
LoadLibraryW.KERNEL32 ref: 00007FF6ACBC48D2
InitCommonControlsEx.COMCTL32 ref: 00007FF6ACBC48F7
GetModuleHandleW.KERNEL32 ref: 00007FF6ACBC48FE
GetModuleHandleW.KERNEL32 ref: 00007FF6ACBC4946
GetModuleHandleW.KERNEL32 ref: 00007FF6ACBC499A
GetModuleHandleW.KERNEL32 ref: 00007FF6ACBC49EA
CoInitialize.OLE32 ref: 00007FF6ACBC4A23

Strings

Msftedit.dllCoInitialize failedMenuINTERNAL ERROR: Menu/MenuItem handle is not HMENU!lib\native-windows-gui\src\controls\menu.rsMenu/MenuItem is not yet bound to a winapi object, xrefs: 00007FF6ACBC48B2
NativeWindowsGuiWindowNWG_FRAMEMessage only window creation failed, xrefs: 00007FF6ACBC4923
NWG_TABGetModuleHandleW failedNWG_EXTERN_CANVASUnknownInitializationErrorControlCreationErrorMenuCreationErrorResourceCreationErrorLayoutCreationErrorEventsBindingFileDialogErrorImageDecoderError, xrefs: 00007FF6ACBC4977

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: HandleModule$ActivateChangeCloseCommonControlsCreateFindInitInitializeLibraryLoadNotification
String ID: Msftedit.dllCoInitialize failedMenuINTERNAL ERROR: Menu/MenuItem handle is not HMENU!lib\native-windows-gui\src\controls\menu.rsMenu/MenuItem is not yet bound to a winapi object$NWG_TABGetModuleHandleW failedNWG_EXTERN_CANVASUnknownInitializationErrorControlCreationErrorMenuCreationErrorResourceCreationErrorLayoutCreationErrorEventsBindingFileDialogErrorImageDecoderError$NativeWindowsGuiWindowNWG_FRAMEMessage only window creation failed
API String ID: 285539361-437301158
Opcode ID: c994fe8adf7308123fba3cbf3ef166a434661bfebabd2fb1fcad007baa5e9485
Instruction ID: efd77b7dbffa4adb4e236dd7c1e9073c1fab3b054629e5d93b349fd13aacaf18
Opcode Fuzzy Hash: c994fe8adf7308123fba3cbf3ef166a434661bfebabd2fb1fcad007baa5e9485
Instruction Fuzzy Hash: 8571AF32A0E74285EB24DB20E5553FD23A1EB89798F404035EA4E8B7D5CF7EE291C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACBC4616 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 164libraryCOMMON

Download Yara Rule

APIs

FindCloseChangeNotification.KERNELBASE ref: 00007FF6ACBC483D
CreateActCtxW.KERNEL32 ref: 00007FF6ACBC4880
ActivateActCtx.KERNEL32 ref: 00007FF6ACBC488B
LoadLibraryW.KERNEL32 ref: 00007FF6ACBC48D2
InitCommonControlsEx.COMCTL32 ref: 00007FF6ACBC48F7
GetModuleHandleW.KERNEL32 ref: 00007FF6ACBC48FE
GetModuleHandleW.KERNEL32 ref: 00007FF6ACBC4946
GetModuleHandleW.KERNEL32 ref: 00007FF6ACBC499A
GetModuleHandleW.KERNEL32 ref: 00007FF6ACBC49EA
CoInitialize.OLE32 ref: 00007FF6ACBC4A23

Strings

Msftedit.dllCoInitialize failedMenuINTERNAL ERROR: Menu/MenuItem handle is not HMENU!lib\native-windows-gui\src\controls\menu.rsMenu/MenuItem is not yet bound to a winapi object, xrefs: 00007FF6ACBC48B2
NativeWindowsGuiWindowNWG_FRAMEMessage only window creation failed, xrefs: 00007FF6ACBC4923
NWG_TABGetModuleHandleW failedNWG_EXTERN_CANVASUnknownInitializationErrorControlCreationErrorMenuCreationErrorResourceCreationErrorLayoutCreationErrorEventsBindingFileDialogErrorImageDecoderError, xrefs: 00007FF6ACBC4977

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: HandleModule$ActivateChangeCloseCommonControlsCreateFindInitInitializeLibraryLoadNotification
String ID: Msftedit.dllCoInitialize failedMenuINTERNAL ERROR: Menu/MenuItem handle is not HMENU!lib\native-windows-gui\src\controls\menu.rsMenu/MenuItem is not yet bound to a winapi object$NWG_TABGetModuleHandleW failedNWG_EXTERN_CANVASUnknownInitializationErrorControlCreationErrorMenuCreationErrorResourceCreationErrorLayoutCreationErrorEventsBindingFileDialogErrorImageDecoderError$NativeWindowsGuiWindowNWG_FRAMEMessage only window creation failed
API String ID: 285539361-437301158
Opcode ID: bff7e657ba632a2a703e0ec0da8b4da2b1fbd705f1674274f82a27b8369215bc
Instruction ID: ad46c2758c130678e901c5b953b1daf6d5609a0f8b6fb4ec8f7df55674f06432
Opcode Fuzzy Hash: bff7e657ba632a2a703e0ec0da8b4da2b1fbd705f1674274f82a27b8369215bc
Instruction Fuzzy Hash: 8871AF32A0E74285EB24DB20E5553FE23A1EB89798F404135EA4E8B7D5CF7EE291C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACBC46FE Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 163libraryCOMMON

Download Yara Rule

APIs

FindCloseChangeNotification.KERNELBASE ref: 00007FF6ACBC483D
CreateActCtxW.KERNEL32 ref: 00007FF6ACBC4880
ActivateActCtx.KERNEL32 ref: 00007FF6ACBC488B
LoadLibraryW.KERNEL32 ref: 00007FF6ACBC48D2
InitCommonControlsEx.COMCTL32 ref: 00007FF6ACBC48F7
GetModuleHandleW.KERNEL32 ref: 00007FF6ACBC48FE
GetModuleHandleW.KERNEL32 ref: 00007FF6ACBC4946
GetModuleHandleW.KERNEL32 ref: 00007FF6ACBC499A
GetModuleHandleW.KERNEL32 ref: 00007FF6ACBC49EA
CoInitialize.OLE32 ref: 00007FF6ACBC4A23

Strings

Msftedit.dllCoInitialize failedMenuINTERNAL ERROR: Menu/MenuItem handle is not HMENU!lib\native-windows-gui\src\controls\menu.rsMenu/MenuItem is not yet bound to a winapi object, xrefs: 00007FF6ACBC48B2
NativeWindowsGuiWindowNWG_FRAMEMessage only window creation failed, xrefs: 00007FF6ACBC4923
NWG_TABGetModuleHandleW failedNWG_EXTERN_CANVASUnknownInitializationErrorControlCreationErrorMenuCreationErrorResourceCreationErrorLayoutCreationErrorEventsBindingFileDialogErrorImageDecoderError, xrefs: 00007FF6ACBC4977

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: HandleModule$ActivateChangeCloseCommonControlsCreateFindInitInitializeLibraryLoadNotification
String ID: Msftedit.dllCoInitialize failedMenuINTERNAL ERROR: Menu/MenuItem handle is not HMENU!lib\native-windows-gui\src\controls\menu.rsMenu/MenuItem is not yet bound to a winapi object$NWG_TABGetModuleHandleW failedNWG_EXTERN_CANVASUnknownInitializationErrorControlCreationErrorMenuCreationErrorResourceCreationErrorLayoutCreationErrorEventsBindingFileDialogErrorImageDecoderError$NativeWindowsGuiWindowNWG_FRAMEMessage only window creation failed
API String ID: 285539361-437301158
Opcode ID: 8d729ac05a983e893cd952078601247b28b045adcb38de7cb19ab524cab2a16b
Instruction ID: 253c71789f7ca12da2b3c522310eff43a2a7b1bfeb22ebf393a684af2644a4e1
Opcode Fuzzy Hash: 8d729ac05a983e893cd952078601247b28b045adcb38de7cb19ab524cab2a16b
Instruction Fuzzy Hash: 3371B032A0E74285EB24DB20E5953FD23A1EB89798F404035EA4E8B7D5DF7EE291C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACBC4705 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 163libraryCOMMON

Download Yara Rule

APIs

FindCloseChangeNotification.KERNELBASE ref: 00007FF6ACBC483D
CreateActCtxW.KERNEL32 ref: 00007FF6ACBC4880
ActivateActCtx.KERNEL32 ref: 00007FF6ACBC488B
LoadLibraryW.KERNEL32 ref: 00007FF6ACBC48D2
InitCommonControlsEx.COMCTL32 ref: 00007FF6ACBC48F7
GetModuleHandleW.KERNEL32 ref: 00007FF6ACBC48FE
GetModuleHandleW.KERNEL32 ref: 00007FF6ACBC4946
GetModuleHandleW.KERNEL32 ref: 00007FF6ACBC499A
GetModuleHandleW.KERNEL32 ref: 00007FF6ACBC49EA
CoInitialize.OLE32 ref: 00007FF6ACBC4A23

Strings

Msftedit.dllCoInitialize failedMenuINTERNAL ERROR: Menu/MenuItem handle is not HMENU!lib\native-windows-gui\src\controls\menu.rsMenu/MenuItem is not yet bound to a winapi object, xrefs: 00007FF6ACBC48B2
NativeWindowsGuiWindowNWG_FRAMEMessage only window creation failed, xrefs: 00007FF6ACBC4923
NWG_TABGetModuleHandleW failedNWG_EXTERN_CANVASUnknownInitializationErrorControlCreationErrorMenuCreationErrorResourceCreationErrorLayoutCreationErrorEventsBindingFileDialogErrorImageDecoderError, xrefs: 00007FF6ACBC4977

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: HandleModule$ActivateChangeCloseCommonControlsCreateFindInitInitializeLibraryLoadNotification
String ID: Msftedit.dllCoInitialize failedMenuINTERNAL ERROR: Menu/MenuItem handle is not HMENU!lib\native-windows-gui\src\controls\menu.rsMenu/MenuItem is not yet bound to a winapi object$NWG_TABGetModuleHandleW failedNWG_EXTERN_CANVASUnknownInitializationErrorControlCreationErrorMenuCreationErrorResourceCreationErrorLayoutCreationErrorEventsBindingFileDialogErrorImageDecoderError$NativeWindowsGuiWindowNWG_FRAMEMessage only window creation failed
API String ID: 285539361-437301158
Opcode ID: 2950c6b9bbe9b9f7abfa4e9fe658a621fc2412e2d510d1be1297b3dadf33a65f
Instruction ID: e6cba0fbe007125192c945aff65887b5e52b2fca62a4ca86ea5352c1027bba6e
Opcode Fuzzy Hash: 2950c6b9bbe9b9f7abfa4e9fe658a621fc2412e2d510d1be1297b3dadf33a65f
Instruction Fuzzy Hash: 02719F32A0E75285EB24DB20E5953FD23A1EB89798F504035EA4E8B7D5DF7EE291C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACBC46FA Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 163libraryCOMMON

Download Yara Rule

APIs

FindCloseChangeNotification.KERNELBASE ref: 00007FF6ACBC483D
CreateActCtxW.KERNEL32 ref: 00007FF6ACBC4880
ActivateActCtx.KERNEL32 ref: 00007FF6ACBC488B
LoadLibraryW.KERNEL32 ref: 00007FF6ACBC48D2
InitCommonControlsEx.COMCTL32 ref: 00007FF6ACBC48F7
GetModuleHandleW.KERNEL32 ref: 00007FF6ACBC48FE
GetModuleHandleW.KERNEL32 ref: 00007FF6ACBC4946
GetModuleHandleW.KERNEL32 ref: 00007FF6ACBC499A
GetModuleHandleW.KERNEL32 ref: 00007FF6ACBC49EA
CoInitialize.OLE32 ref: 00007FF6ACBC4A23

Strings

Msftedit.dllCoInitialize failedMenuINTERNAL ERROR: Menu/MenuItem handle is not HMENU!lib\native-windows-gui\src\controls\menu.rsMenu/MenuItem is not yet bound to a winapi object, xrefs: 00007FF6ACBC48B2
NativeWindowsGuiWindowNWG_FRAMEMessage only window creation failed, xrefs: 00007FF6ACBC4923
NWG_TABGetModuleHandleW failedNWG_EXTERN_CANVASUnknownInitializationErrorControlCreationErrorMenuCreationErrorResourceCreationErrorLayoutCreationErrorEventsBindingFileDialogErrorImageDecoderError, xrefs: 00007FF6ACBC4977

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: HandleModule$ActivateChangeCloseCommonControlsCreateFindInitInitializeLibraryLoadNotification
String ID: Msftedit.dllCoInitialize failedMenuINTERNAL ERROR: Menu/MenuItem handle is not HMENU!lib\native-windows-gui\src\controls\menu.rsMenu/MenuItem is not yet bound to a winapi object$NWG_TABGetModuleHandleW failedNWG_EXTERN_CANVASUnknownInitializationErrorControlCreationErrorMenuCreationErrorResourceCreationErrorLayoutCreationErrorEventsBindingFileDialogErrorImageDecoderError$NativeWindowsGuiWindowNWG_FRAMEMessage only window creation failed
API String ID: 285539361-437301158
Opcode ID: 865bf3c3058f2bbbc9e4a77fa33cc181823aceb39c7bd8faa2b5cf6876590630
Instruction ID: 68610db7e16518a64fd107b1ca4a49437c45278ff5759e3367180fa686e73eab
Opcode Fuzzy Hash: 865bf3c3058f2bbbc9e4a77fa33cc181823aceb39c7bd8faa2b5cf6876590630
Instruction Fuzzy Hash: DC71A032A0E75285EB24DB20E5953FD23A1EB89798F504035EA4E8B7D5DF7EE291C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACBC4713 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 163libraryCOMMON

Download Yara Rule

APIs

FindCloseChangeNotification.KERNELBASE ref: 00007FF6ACBC483D
CreateActCtxW.KERNEL32 ref: 00007FF6ACBC4880
ActivateActCtx.KERNEL32 ref: 00007FF6ACBC488B
LoadLibraryW.KERNEL32 ref: 00007FF6ACBC48D2
InitCommonControlsEx.COMCTL32 ref: 00007FF6ACBC48F7
GetModuleHandleW.KERNEL32 ref: 00007FF6ACBC48FE
GetModuleHandleW.KERNEL32 ref: 00007FF6ACBC4946
GetModuleHandleW.KERNEL32 ref: 00007FF6ACBC499A
GetModuleHandleW.KERNEL32 ref: 00007FF6ACBC49EA
CoInitialize.OLE32 ref: 00007FF6ACBC4A23

Strings

Msftedit.dllCoInitialize failedMenuINTERNAL ERROR: Menu/MenuItem handle is not HMENU!lib\native-windows-gui\src\controls\menu.rsMenu/MenuItem is not yet bound to a winapi object, xrefs: 00007FF6ACBC48B2
NativeWindowsGuiWindowNWG_FRAMEMessage only window creation failed, xrefs: 00007FF6ACBC4923
NWG_TABGetModuleHandleW failedNWG_EXTERN_CANVASUnknownInitializationErrorControlCreationErrorMenuCreationErrorResourceCreationErrorLayoutCreationErrorEventsBindingFileDialogErrorImageDecoderError, xrefs: 00007FF6ACBC4977

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: HandleModule$ActivateChangeCloseCommonControlsCreateFindInitInitializeLibraryLoadNotification
String ID: Msftedit.dllCoInitialize failedMenuINTERNAL ERROR: Menu/MenuItem handle is not HMENU!lib\native-windows-gui\src\controls\menu.rsMenu/MenuItem is not yet bound to a winapi object$NWG_TABGetModuleHandleW failedNWG_EXTERN_CANVASUnknownInitializationErrorControlCreationErrorMenuCreationErrorResourceCreationErrorLayoutCreationErrorEventsBindingFileDialogErrorImageDecoderError$NativeWindowsGuiWindowNWG_FRAMEMessage only window creation failed
API String ID: 285539361-437301158
Opcode ID: 2a428e8d4b8ade68f0d91487b1747ac812dbaa640cccdca5ea23e5a15771abed
Instruction ID: b607fd19a60f12bc5d6c993ca574123b1e9daa4cb090f15277438cab6587eb6d
Opcode Fuzzy Hash: 2a428e8d4b8ade68f0d91487b1747ac812dbaa640cccdca5ea23e5a15771abed
Instruction Fuzzy Hash: F371A132A0E75285EB24DB10E5553FD23A1EB89798F504035EA4E8B7D5DF7EE291C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACBC470C Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 163libraryCOMMON

Download Yara Rule

APIs

FindCloseChangeNotification.KERNELBASE ref: 00007FF6ACBC483D
CreateActCtxW.KERNEL32 ref: 00007FF6ACBC4880
ActivateActCtx.KERNEL32 ref: 00007FF6ACBC488B
LoadLibraryW.KERNEL32 ref: 00007FF6ACBC48D2
InitCommonControlsEx.COMCTL32 ref: 00007FF6ACBC48F7
GetModuleHandleW.KERNEL32 ref: 00007FF6ACBC48FE
GetModuleHandleW.KERNEL32 ref: 00007FF6ACBC4946
GetModuleHandleW.KERNEL32 ref: 00007FF6ACBC499A
GetModuleHandleW.KERNEL32 ref: 00007FF6ACBC49EA
CoInitialize.OLE32 ref: 00007FF6ACBC4A23

Strings

Msftedit.dllCoInitialize failedMenuINTERNAL ERROR: Menu/MenuItem handle is not HMENU!lib\native-windows-gui\src\controls\menu.rsMenu/MenuItem is not yet bound to a winapi object, xrefs: 00007FF6ACBC48B2
NativeWindowsGuiWindowNWG_FRAMEMessage only window creation failed, xrefs: 00007FF6ACBC4923
NWG_TABGetModuleHandleW failedNWG_EXTERN_CANVASUnknownInitializationErrorControlCreationErrorMenuCreationErrorResourceCreationErrorLayoutCreationErrorEventsBindingFileDialogErrorImageDecoderError, xrefs: 00007FF6ACBC4977

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: HandleModule$ActivateChangeCloseCommonControlsCreateFindInitInitializeLibraryLoadNotification
String ID: Msftedit.dllCoInitialize failedMenuINTERNAL ERROR: Menu/MenuItem handle is not HMENU!lib\native-windows-gui\src\controls\menu.rsMenu/MenuItem is not yet bound to a winapi object$NWG_TABGetModuleHandleW failedNWG_EXTERN_CANVASUnknownInitializationErrorControlCreationErrorMenuCreationErrorResourceCreationErrorLayoutCreationErrorEventsBindingFileDialogErrorImageDecoderError$NativeWindowsGuiWindowNWG_FRAMEMessage only window creation failed
API String ID: 285539361-437301158
Opcode ID: a67a20b3b2b83566d7ee2aac80ecd6f284c50dcec43cbdac08ff9a75db699ef1
Instruction ID: 270028ea03b5b9e8b19a7e240e6a59c8177a257941acb3b5c62bdc8393456a20
Opcode Fuzzy Hash: a67a20b3b2b83566d7ee2aac80ecd6f284c50dcec43cbdac08ff9a75db699ef1
Instruction Fuzzy Hash: 19719F32A0E75285EB24DB20E5553FD23A1EB89798F504035EA4E8B7D5DF7EE291C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACBC4721 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 163libraryCOMMON

Download Yara Rule

APIs

FindCloseChangeNotification.KERNELBASE ref: 00007FF6ACBC483D
CreateActCtxW.KERNEL32 ref: 00007FF6ACBC4880
ActivateActCtx.KERNEL32 ref: 00007FF6ACBC488B
LoadLibraryW.KERNEL32 ref: 00007FF6ACBC48D2
InitCommonControlsEx.COMCTL32 ref: 00007FF6ACBC48F7
GetModuleHandleW.KERNEL32 ref: 00007FF6ACBC48FE
GetModuleHandleW.KERNEL32 ref: 00007FF6ACBC4946
GetModuleHandleW.KERNEL32 ref: 00007FF6ACBC499A
GetModuleHandleW.KERNEL32 ref: 00007FF6ACBC49EA
CoInitialize.OLE32 ref: 00007FF6ACBC4A23

Strings

Msftedit.dllCoInitialize failedMenuINTERNAL ERROR: Menu/MenuItem handle is not HMENU!lib\native-windows-gui\src\controls\menu.rsMenu/MenuItem is not yet bound to a winapi object, xrefs: 00007FF6ACBC48B2
NativeWindowsGuiWindowNWG_FRAMEMessage only window creation failed, xrefs: 00007FF6ACBC4923
NWG_TABGetModuleHandleW failedNWG_EXTERN_CANVASUnknownInitializationErrorControlCreationErrorMenuCreationErrorResourceCreationErrorLayoutCreationErrorEventsBindingFileDialogErrorImageDecoderError, xrefs: 00007FF6ACBC4977

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: HandleModule$ActivateChangeCloseCommonControlsCreateFindInitInitializeLibraryLoadNotification
String ID: Msftedit.dllCoInitialize failedMenuINTERNAL ERROR: Menu/MenuItem handle is not HMENU!lib\native-windows-gui\src\controls\menu.rsMenu/MenuItem is not yet bound to a winapi object$NWG_TABGetModuleHandleW failedNWG_EXTERN_CANVASUnknownInitializationErrorControlCreationErrorMenuCreationErrorResourceCreationErrorLayoutCreationErrorEventsBindingFileDialogErrorImageDecoderError$NativeWindowsGuiWindowNWG_FRAMEMessage only window creation failed
API String ID: 285539361-437301158
Opcode ID: 0bd55fce90d9948a93c9b0a51b65c98c72cefb0e0b7e71f2945a300f8c5d7a47
Instruction ID: 37aceda1ff77e52f1a40766d800fccfbf5d2acf6312a8282894ce31df93260d8
Opcode Fuzzy Hash: 0bd55fce90d9948a93c9b0a51b65c98c72cefb0e0b7e71f2945a300f8c5d7a47
Instruction Fuzzy Hash: 0C71A032A0E75285EB24DB20E5553FD23A1EB89798F504035EA4E8B7D5DF7EE291C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACBC471A Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 163libraryCOMMON

Download Yara Rule

APIs

FindCloseChangeNotification.KERNELBASE ref: 00007FF6ACBC483D
CreateActCtxW.KERNEL32 ref: 00007FF6ACBC4880
ActivateActCtx.KERNEL32 ref: 00007FF6ACBC488B
LoadLibraryW.KERNEL32 ref: 00007FF6ACBC48D2
InitCommonControlsEx.COMCTL32 ref: 00007FF6ACBC48F7
GetModuleHandleW.KERNEL32 ref: 00007FF6ACBC48FE
GetModuleHandleW.KERNEL32 ref: 00007FF6ACBC4946
GetModuleHandleW.KERNEL32 ref: 00007FF6ACBC499A
GetModuleHandleW.KERNEL32 ref: 00007FF6ACBC49EA
CoInitialize.OLE32 ref: 00007FF6ACBC4A23

Strings

Msftedit.dllCoInitialize failedMenuINTERNAL ERROR: Menu/MenuItem handle is not HMENU!lib\native-windows-gui\src\controls\menu.rsMenu/MenuItem is not yet bound to a winapi object, xrefs: 00007FF6ACBC48B2
NativeWindowsGuiWindowNWG_FRAMEMessage only window creation failed, xrefs: 00007FF6ACBC4923
NWG_TABGetModuleHandleW failedNWG_EXTERN_CANVASUnknownInitializationErrorControlCreationErrorMenuCreationErrorResourceCreationErrorLayoutCreationErrorEventsBindingFileDialogErrorImageDecoderError, xrefs: 00007FF6ACBC4977

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: HandleModule$ActivateChangeCloseCommonControlsCreateFindInitInitializeLibraryLoadNotification
String ID: Msftedit.dllCoInitialize failedMenuINTERNAL ERROR: Menu/MenuItem handle is not HMENU!lib\native-windows-gui\src\controls\menu.rsMenu/MenuItem is not yet bound to a winapi object$NWG_TABGetModuleHandleW failedNWG_EXTERN_CANVASUnknownInitializationErrorControlCreationErrorMenuCreationErrorResourceCreationErrorLayoutCreationErrorEventsBindingFileDialogErrorImageDecoderError$NativeWindowsGuiWindowNWG_FRAMEMessage only window creation failed
API String ID: 285539361-437301158
Opcode ID: 8d9b69276b67e9fba1b27c6f4b345f8e691196a6831f7ebaea5a631c0bb17942
Instruction ID: 75066c11c33c182e3646ae0a72d776168b4588b2deb88333bedbf8ebd653f558
Opcode Fuzzy Hash: 8d9b69276b67e9fba1b27c6f4b345f8e691196a6831f7ebaea5a631c0bb17942
Instruction Fuzzy Hash: 99719F32A0E75285EB24DB20E5553FD23A1EB89798F504035EA4E8B7D5DF7EE291C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACBC472F Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 163libraryCOMMON

Download Yara Rule

APIs

FindCloseChangeNotification.KERNELBASE ref: 00007FF6ACBC483D
CreateActCtxW.KERNEL32 ref: 00007FF6ACBC4880
ActivateActCtx.KERNEL32 ref: 00007FF6ACBC488B
LoadLibraryW.KERNEL32 ref: 00007FF6ACBC48D2
InitCommonControlsEx.COMCTL32 ref: 00007FF6ACBC48F7
GetModuleHandleW.KERNEL32 ref: 00007FF6ACBC48FE
GetModuleHandleW.KERNEL32 ref: 00007FF6ACBC4946
GetModuleHandleW.KERNEL32 ref: 00007FF6ACBC499A
GetModuleHandleW.KERNEL32 ref: 00007FF6ACBC49EA
CoInitialize.OLE32 ref: 00007FF6ACBC4A23

Strings

Msftedit.dllCoInitialize failedMenuINTERNAL ERROR: Menu/MenuItem handle is not HMENU!lib\native-windows-gui\src\controls\menu.rsMenu/MenuItem is not yet bound to a winapi object, xrefs: 00007FF6ACBC48B2
NativeWindowsGuiWindowNWG_FRAMEMessage only window creation failed, xrefs: 00007FF6ACBC4923
NWG_TABGetModuleHandleW failedNWG_EXTERN_CANVASUnknownInitializationErrorControlCreationErrorMenuCreationErrorResourceCreationErrorLayoutCreationErrorEventsBindingFileDialogErrorImageDecoderError, xrefs: 00007FF6ACBC4977

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: HandleModule$ActivateChangeCloseCommonControlsCreateFindInitInitializeLibraryLoadNotification
String ID: Msftedit.dllCoInitialize failedMenuINTERNAL ERROR: Menu/MenuItem handle is not HMENU!lib\native-windows-gui\src\controls\menu.rsMenu/MenuItem is not yet bound to a winapi object$NWG_TABGetModuleHandleW failedNWG_EXTERN_CANVASUnknownInitializationErrorControlCreationErrorMenuCreationErrorResourceCreationErrorLayoutCreationErrorEventsBindingFileDialogErrorImageDecoderError$NativeWindowsGuiWindowNWG_FRAMEMessage only window creation failed
API String ID: 285539361-437301158
Opcode ID: 7ea3e1e3a26804d50730875c60930a2ad9262f9e83d3c659d7907eabc23e532f
Instruction ID: 7f1e4de0f0490b1a21d4b61e8158e3dde715ea1519ab99846f9c15788e0004f8
Opcode Fuzzy Hash: 7ea3e1e3a26804d50730875c60930a2ad9262f9e83d3c659d7907eabc23e532f
Instruction Fuzzy Hash: 7D71A032A0E75285EB24DB20E5553FD23A1EB89798F504035EA4E8B7D5DF7EE291C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACBC4728 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 163libraryCOMMON

Download Yara Rule

APIs

FindCloseChangeNotification.KERNELBASE ref: 00007FF6ACBC483D
CreateActCtxW.KERNEL32 ref: 00007FF6ACBC4880
ActivateActCtx.KERNEL32 ref: 00007FF6ACBC488B
LoadLibraryW.KERNEL32 ref: 00007FF6ACBC48D2
InitCommonControlsEx.COMCTL32 ref: 00007FF6ACBC48F7
GetModuleHandleW.KERNEL32 ref: 00007FF6ACBC48FE
GetModuleHandleW.KERNEL32 ref: 00007FF6ACBC4946
GetModuleHandleW.KERNEL32 ref: 00007FF6ACBC499A
GetModuleHandleW.KERNEL32 ref: 00007FF6ACBC49EA
CoInitialize.OLE32 ref: 00007FF6ACBC4A23

Strings

Msftedit.dllCoInitialize failedMenuINTERNAL ERROR: Menu/MenuItem handle is not HMENU!lib\native-windows-gui\src\controls\menu.rsMenu/MenuItem is not yet bound to a winapi object, xrefs: 00007FF6ACBC48B2
NativeWindowsGuiWindowNWG_FRAMEMessage only window creation failed, xrefs: 00007FF6ACBC4923
NWG_TABGetModuleHandleW failedNWG_EXTERN_CANVASUnknownInitializationErrorControlCreationErrorMenuCreationErrorResourceCreationErrorLayoutCreationErrorEventsBindingFileDialogErrorImageDecoderError, xrefs: 00007FF6ACBC4977

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: HandleModule$ActivateChangeCloseCommonControlsCreateFindInitInitializeLibraryLoadNotification
String ID: Msftedit.dllCoInitialize failedMenuINTERNAL ERROR: Menu/MenuItem handle is not HMENU!lib\native-windows-gui\src\controls\menu.rsMenu/MenuItem is not yet bound to a winapi object$NWG_TABGetModuleHandleW failedNWG_EXTERN_CANVASUnknownInitializationErrorControlCreationErrorMenuCreationErrorResourceCreationErrorLayoutCreationErrorEventsBindingFileDialogErrorImageDecoderError$NativeWindowsGuiWindowNWG_FRAMEMessage only window creation failed
API String ID: 285539361-437301158
Opcode ID: bc4a38bfb552b160e08576bcba7f5d3ae97b0e9937456c49de6c27f272f1cb2b
Instruction ID: 49a6d97ad191fe4e12d89d0d4f9c099b9104b4fd8f1e252bc1e1ecde0e11a566
Opcode Fuzzy Hash: bc4a38bfb552b160e08576bcba7f5d3ae97b0e9937456c49de6c27f272f1cb2b
Instruction Fuzzy Hash: 6671A032A0E75285EB24DB20E5953FD23A1EB89798F504035EA4E8B7D5DF7EE291C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACBC4677 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 163libraryCOMMON

Download Yara Rule

APIs

FindCloseChangeNotification.KERNELBASE ref: 00007FF6ACBC483D
CreateActCtxW.KERNEL32 ref: 00007FF6ACBC4880
ActivateActCtx.KERNEL32 ref: 00007FF6ACBC488B
LoadLibraryW.KERNEL32 ref: 00007FF6ACBC48D2
InitCommonControlsEx.COMCTL32 ref: 00007FF6ACBC48F7
GetModuleHandleW.KERNEL32 ref: 00007FF6ACBC48FE
GetModuleHandleW.KERNEL32 ref: 00007FF6ACBC4946
GetModuleHandleW.KERNEL32 ref: 00007FF6ACBC499A
GetModuleHandleW.KERNEL32 ref: 00007FF6ACBC49EA
CoInitialize.OLE32 ref: 00007FF6ACBC4A23

Strings

Msftedit.dllCoInitialize failedMenuINTERNAL ERROR: Menu/MenuItem handle is not HMENU!lib\native-windows-gui\src\controls\menu.rsMenu/MenuItem is not yet bound to a winapi object, xrefs: 00007FF6ACBC48B2
NativeWindowsGuiWindowNWG_FRAMEMessage only window creation failed, xrefs: 00007FF6ACBC4923
NWG_TABGetModuleHandleW failedNWG_EXTERN_CANVASUnknownInitializationErrorControlCreationErrorMenuCreationErrorResourceCreationErrorLayoutCreationErrorEventsBindingFileDialogErrorImageDecoderError, xrefs: 00007FF6ACBC4977

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: HandleModule$ActivateChangeCloseCommonControlsCreateFindInitInitializeLibraryLoadNotification
String ID: Msftedit.dllCoInitialize failedMenuINTERNAL ERROR: Menu/MenuItem handle is not HMENU!lib\native-windows-gui\src\controls\menu.rsMenu/MenuItem is not yet bound to a winapi object$NWG_TABGetModuleHandleW failedNWG_EXTERN_CANVASUnknownInitializationErrorControlCreationErrorMenuCreationErrorResourceCreationErrorLayoutCreationErrorEventsBindingFileDialogErrorImageDecoderError$NativeWindowsGuiWindowNWG_FRAMEMessage only window creation failed
API String ID: 285539361-437301158
Opcode ID: b1835de2751fc5771f05073bd5d5c3818a3c5078f9e0c99513f8306eacecf291
Instruction ID: 0978d18a2f12ddb648a24541471ff6a02713ed10f7ffa5bf52207721d996200b
Opcode Fuzzy Hash: b1835de2751fc5771f05073bd5d5c3818a3c5078f9e0c99513f8306eacecf291
Instruction Fuzzy Hash: D4719F32A0E75285EB24DB20E5553FE23A1EB89798F404135EA4E8B7D5DF7EE291C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACBC477C Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 163libraryCOMMON

Download Yara Rule

APIs

FindCloseChangeNotification.KERNELBASE ref: 00007FF6ACBC483D
CreateActCtxW.KERNEL32 ref: 00007FF6ACBC4880
ActivateActCtx.KERNEL32 ref: 00007FF6ACBC488B
LoadLibraryW.KERNEL32 ref: 00007FF6ACBC48D2
InitCommonControlsEx.COMCTL32 ref: 00007FF6ACBC48F7
GetModuleHandleW.KERNEL32 ref: 00007FF6ACBC48FE
GetModuleHandleW.KERNEL32 ref: 00007FF6ACBC4946
GetModuleHandleW.KERNEL32 ref: 00007FF6ACBC499A
GetModuleHandleW.KERNEL32 ref: 00007FF6ACBC49EA
CoInitialize.OLE32 ref: 00007FF6ACBC4A23

Strings

Msftedit.dllCoInitialize failedMenuINTERNAL ERROR: Menu/MenuItem handle is not HMENU!lib\native-windows-gui\src\controls\menu.rsMenu/MenuItem is not yet bound to a winapi object, xrefs: 00007FF6ACBC48B2
NativeWindowsGuiWindowNWG_FRAMEMessage only window creation failed, xrefs: 00007FF6ACBC4923
NWG_TABGetModuleHandleW failedNWG_EXTERN_CANVASUnknownInitializationErrorControlCreationErrorMenuCreationErrorResourceCreationErrorLayoutCreationErrorEventsBindingFileDialogErrorImageDecoderError, xrefs: 00007FF6ACBC4977

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: HandleModule$ActivateChangeCloseCommonControlsCreateFindInitInitializeLibraryLoadNotification
String ID: Msftedit.dllCoInitialize failedMenuINTERNAL ERROR: Menu/MenuItem handle is not HMENU!lib\native-windows-gui\src\controls\menu.rsMenu/MenuItem is not yet bound to a winapi object$NWG_TABGetModuleHandleW failedNWG_EXTERN_CANVASUnknownInitializationErrorControlCreationErrorMenuCreationErrorResourceCreationErrorLayoutCreationErrorEventsBindingFileDialogErrorImageDecoderError$NativeWindowsGuiWindowNWG_FRAMEMessage only window creation failed
API String ID: 285539361-437301158
Opcode ID: 334d7740472687a831c3ad2a12136959208e79f9284a7eef95cc953e63211802
Instruction ID: f0c9d4f52047b0c25adf463cec2f6956983c3d2fdd138dedbc4dc76644c8eb5a
Opcode Fuzzy Hash: 334d7740472687a831c3ad2a12136959208e79f9284a7eef95cc953e63211802
Instruction Fuzzy Hash: 5171A032A0E75285EB24DB20E5553FD23A1EB89798F504035EA4E8B7D5DF7EE291C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACBC4744 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 163libraryCOMMON

Download Yara Rule

APIs

FindCloseChangeNotification.KERNELBASE ref: 00007FF6ACBC483D
CreateActCtxW.KERNEL32 ref: 00007FF6ACBC4880
ActivateActCtx.KERNEL32 ref: 00007FF6ACBC488B
LoadLibraryW.KERNEL32 ref: 00007FF6ACBC48D2
InitCommonControlsEx.COMCTL32 ref: 00007FF6ACBC48F7
GetModuleHandleW.KERNEL32 ref: 00007FF6ACBC48FE
GetModuleHandleW.KERNEL32 ref: 00007FF6ACBC4946
GetModuleHandleW.KERNEL32 ref: 00007FF6ACBC499A
GetModuleHandleW.KERNEL32 ref: 00007FF6ACBC49EA
CoInitialize.OLE32 ref: 00007FF6ACBC4A23

Strings

Msftedit.dllCoInitialize failedMenuINTERNAL ERROR: Menu/MenuItem handle is not HMENU!lib\native-windows-gui\src\controls\menu.rsMenu/MenuItem is not yet bound to a winapi object, xrefs: 00007FF6ACBC48B2
NativeWindowsGuiWindowNWG_FRAMEMessage only window creation failed, xrefs: 00007FF6ACBC4923
NWG_TABGetModuleHandleW failedNWG_EXTERN_CANVASUnknownInitializationErrorControlCreationErrorMenuCreationErrorResourceCreationErrorLayoutCreationErrorEventsBindingFileDialogErrorImageDecoderError, xrefs: 00007FF6ACBC4977

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: HandleModule$ActivateChangeCloseCommonControlsCreateFindInitInitializeLibraryLoadNotification
String ID: Msftedit.dllCoInitialize failedMenuINTERNAL ERROR: Menu/MenuItem handle is not HMENU!lib\native-windows-gui\src\controls\menu.rsMenu/MenuItem is not yet bound to a winapi object$NWG_TABGetModuleHandleW failedNWG_EXTERN_CANVASUnknownInitializationErrorControlCreationErrorMenuCreationErrorResourceCreationErrorLayoutCreationErrorEventsBindingFileDialogErrorImageDecoderError$NativeWindowsGuiWindowNWG_FRAMEMessage only window creation failed
API String ID: 285539361-437301158
Opcode ID: 8fa52f27219d653848f0cf48939f0cfa5727f58033f839352a7797e698e419a1
Instruction ID: 6b91545c4c7ec856a423a75195093e6f880469433365d0c1f4df2d7438f68f58
Opcode Fuzzy Hash: 8fa52f27219d653848f0cf48939f0cfa5727f58033f839352a7797e698e419a1
Instruction Fuzzy Hash: 1F71B032A0E74285EB24DB20E5553FD23A1EB89798F404035EA4E8B7D5DF7EE291C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACBC4736 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 163libraryCOMMON

Download Yara Rule

APIs

FindCloseChangeNotification.KERNELBASE ref: 00007FF6ACBC483D
CreateActCtxW.KERNEL32 ref: 00007FF6ACBC4880
ActivateActCtx.KERNEL32 ref: 00007FF6ACBC488B
LoadLibraryW.KERNEL32 ref: 00007FF6ACBC48D2
InitCommonControlsEx.COMCTL32 ref: 00007FF6ACBC48F7
GetModuleHandleW.KERNEL32 ref: 00007FF6ACBC48FE
GetModuleHandleW.KERNEL32 ref: 00007FF6ACBC4946
GetModuleHandleW.KERNEL32 ref: 00007FF6ACBC499A
GetModuleHandleW.KERNEL32 ref: 00007FF6ACBC49EA
CoInitialize.OLE32 ref: 00007FF6ACBC4A23

Strings

Msftedit.dllCoInitialize failedMenuINTERNAL ERROR: Menu/MenuItem handle is not HMENU!lib\native-windows-gui\src\controls\menu.rsMenu/MenuItem is not yet bound to a winapi object, xrefs: 00007FF6ACBC48B2
NativeWindowsGuiWindowNWG_FRAMEMessage only window creation failed, xrefs: 00007FF6ACBC4923
NWG_TABGetModuleHandleW failedNWG_EXTERN_CANVASUnknownInitializationErrorControlCreationErrorMenuCreationErrorResourceCreationErrorLayoutCreationErrorEventsBindingFileDialogErrorImageDecoderError, xrefs: 00007FF6ACBC4977

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: HandleModule$ActivateChangeCloseCommonControlsCreateFindInitInitializeLibraryLoadNotification
String ID: Msftedit.dllCoInitialize failedMenuINTERNAL ERROR: Menu/MenuItem handle is not HMENU!lib\native-windows-gui\src\controls\menu.rsMenu/MenuItem is not yet bound to a winapi object$NWG_TABGetModuleHandleW failedNWG_EXTERN_CANVASUnknownInitializationErrorControlCreationErrorMenuCreationErrorResourceCreationErrorLayoutCreationErrorEventsBindingFileDialogErrorImageDecoderError$NativeWindowsGuiWindowNWG_FRAMEMessage only window creation failed
API String ID: 285539361-437301158
Opcode ID: b7ccca94acafdf23147541467cfb9bb378c21f4eae3a8bb49cdbcca5c6f4eb18
Instruction ID: cad3bbc83a1483dd43701cda65be59e16525fbdcc46a5b5747780419dfcff0aa
Opcode Fuzzy Hash: b7ccca94acafdf23147541467cfb9bb378c21f4eae3a8bb49cdbcca5c6f4eb18
Instruction Fuzzy Hash: F4719F32A0E75285EB24DB20E5553FD23A1EB89798F504035EA4E8B7D5DF7EE291C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACBC473D Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 163libraryCOMMON

Download Yara Rule

APIs

FindCloseChangeNotification.KERNELBASE ref: 00007FF6ACBC483D
CreateActCtxW.KERNEL32 ref: 00007FF6ACBC4880
ActivateActCtx.KERNEL32 ref: 00007FF6ACBC488B
LoadLibraryW.KERNEL32 ref: 00007FF6ACBC48D2
InitCommonControlsEx.COMCTL32 ref: 00007FF6ACBC48F7
GetModuleHandleW.KERNEL32 ref: 00007FF6ACBC48FE
GetModuleHandleW.KERNEL32 ref: 00007FF6ACBC4946
GetModuleHandleW.KERNEL32 ref: 00007FF6ACBC499A
GetModuleHandleW.KERNEL32 ref: 00007FF6ACBC49EA
CoInitialize.OLE32 ref: 00007FF6ACBC4A23

Strings

Msftedit.dllCoInitialize failedMenuINTERNAL ERROR: Menu/MenuItem handle is not HMENU!lib\native-windows-gui\src\controls\menu.rsMenu/MenuItem is not yet bound to a winapi object, xrefs: 00007FF6ACBC48B2
NativeWindowsGuiWindowNWG_FRAMEMessage only window creation failed, xrefs: 00007FF6ACBC4923
NWG_TABGetModuleHandleW failedNWG_EXTERN_CANVASUnknownInitializationErrorControlCreationErrorMenuCreationErrorResourceCreationErrorLayoutCreationErrorEventsBindingFileDialogErrorImageDecoderError, xrefs: 00007FF6ACBC4977

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: HandleModule$ActivateChangeCloseCommonControlsCreateFindInitInitializeLibraryLoadNotification
String ID: Msftedit.dllCoInitialize failedMenuINTERNAL ERROR: Menu/MenuItem handle is not HMENU!lib\native-windows-gui\src\controls\menu.rsMenu/MenuItem is not yet bound to a winapi object$NWG_TABGetModuleHandleW failedNWG_EXTERN_CANVASUnknownInitializationErrorControlCreationErrorMenuCreationErrorResourceCreationErrorLayoutCreationErrorEventsBindingFileDialogErrorImageDecoderError$NativeWindowsGuiWindowNWG_FRAMEMessage only window creation failed
API String ID: 285539361-437301158
Opcode ID: e98b2246926db4e25b92c7a48fced1b60be3255b7e2fa0e1c24194301c1276a0
Instruction ID: 7814afdd94c24192b7d4712b801e3bc2ecbf103aaa7f33f4bb7932c7a2b5c191
Opcode Fuzzy Hash: e98b2246926db4e25b92c7a48fced1b60be3255b7e2fa0e1c24194301c1276a0
Instruction Fuzzy Hash: 9671B032A0E74285EB24DB20E5953FD23A1EB89798F404035EA4E8B7D5DF7EE291C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACBC4752 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 163libraryCOMMON

Download Yara Rule

APIs

FindCloseChangeNotification.KERNELBASE ref: 00007FF6ACBC483D
CreateActCtxW.KERNEL32 ref: 00007FF6ACBC4880
ActivateActCtx.KERNEL32 ref: 00007FF6ACBC488B
LoadLibraryW.KERNEL32 ref: 00007FF6ACBC48D2
InitCommonControlsEx.COMCTL32 ref: 00007FF6ACBC48F7
GetModuleHandleW.KERNEL32 ref: 00007FF6ACBC48FE
GetModuleHandleW.KERNEL32 ref: 00007FF6ACBC4946
GetModuleHandleW.KERNEL32 ref: 00007FF6ACBC499A
GetModuleHandleW.KERNEL32 ref: 00007FF6ACBC49EA
CoInitialize.OLE32 ref: 00007FF6ACBC4A23

Strings

Msftedit.dllCoInitialize failedMenuINTERNAL ERROR: Menu/MenuItem handle is not HMENU!lib\native-windows-gui\src\controls\menu.rsMenu/MenuItem is not yet bound to a winapi object, xrefs: 00007FF6ACBC48B2
NativeWindowsGuiWindowNWG_FRAMEMessage only window creation failed, xrefs: 00007FF6ACBC4923
NWG_TABGetModuleHandleW failedNWG_EXTERN_CANVASUnknownInitializationErrorControlCreationErrorMenuCreationErrorResourceCreationErrorLayoutCreationErrorEventsBindingFileDialogErrorImageDecoderError, xrefs: 00007FF6ACBC4977

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: HandleModule$ActivateChangeCloseCommonControlsCreateFindInitInitializeLibraryLoadNotification
String ID: Msftedit.dllCoInitialize failedMenuINTERNAL ERROR: Menu/MenuItem handle is not HMENU!lib\native-windows-gui\src\controls\menu.rsMenu/MenuItem is not yet bound to a winapi object$NWG_TABGetModuleHandleW failedNWG_EXTERN_CANVASUnknownInitializationErrorControlCreationErrorMenuCreationErrorResourceCreationErrorLayoutCreationErrorEventsBindingFileDialogErrorImageDecoderError$NativeWindowsGuiWindowNWG_FRAMEMessage only window creation failed
API String ID: 285539361-437301158
Opcode ID: 27cb551cb6e4073f758bdcad2d6bdcafb847166fbadab88446c697a7e7674c97
Instruction ID: 8bf8cd20da280282d0f6de76759288b77aed836301f898c8277aee0b0340040e
Opcode Fuzzy Hash: 27cb551cb6e4073f758bdcad2d6bdcafb847166fbadab88446c697a7e7674c97
Instruction Fuzzy Hash: 2371AF32A0E74285EB24DB20E5553FD23A1EB89798F404035EA4E8B7D5DF7EE291C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACBC474B Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 163libraryCOMMON

Download Yara Rule

APIs

FindCloseChangeNotification.KERNELBASE ref: 00007FF6ACBC483D
CreateActCtxW.KERNEL32 ref: 00007FF6ACBC4880
ActivateActCtx.KERNEL32 ref: 00007FF6ACBC488B
LoadLibraryW.KERNEL32 ref: 00007FF6ACBC48D2
InitCommonControlsEx.COMCTL32 ref: 00007FF6ACBC48F7
GetModuleHandleW.KERNEL32 ref: 00007FF6ACBC48FE
GetModuleHandleW.KERNEL32 ref: 00007FF6ACBC4946
GetModuleHandleW.KERNEL32 ref: 00007FF6ACBC499A
GetModuleHandleW.KERNEL32 ref: 00007FF6ACBC49EA
CoInitialize.OLE32 ref: 00007FF6ACBC4A23

Strings

Msftedit.dllCoInitialize failedMenuINTERNAL ERROR: Menu/MenuItem handle is not HMENU!lib\native-windows-gui\src\controls\menu.rsMenu/MenuItem is not yet bound to a winapi object, xrefs: 00007FF6ACBC48B2
NativeWindowsGuiWindowNWG_FRAMEMessage only window creation failed, xrefs: 00007FF6ACBC4923
NWG_TABGetModuleHandleW failedNWG_EXTERN_CANVASUnknownInitializationErrorControlCreationErrorMenuCreationErrorResourceCreationErrorLayoutCreationErrorEventsBindingFileDialogErrorImageDecoderError, xrefs: 00007FF6ACBC4977

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: HandleModule$ActivateChangeCloseCommonControlsCreateFindInitInitializeLibraryLoadNotification
String ID: Msftedit.dllCoInitialize failedMenuINTERNAL ERROR: Menu/MenuItem handle is not HMENU!lib\native-windows-gui\src\controls\menu.rsMenu/MenuItem is not yet bound to a winapi object$NWG_TABGetModuleHandleW failedNWG_EXTERN_CANVASUnknownInitializationErrorControlCreationErrorMenuCreationErrorResourceCreationErrorLayoutCreationErrorEventsBindingFileDialogErrorImageDecoderError$NativeWindowsGuiWindowNWG_FRAMEMessage only window creation failed
API String ID: 285539361-437301158
Opcode ID: b4284e0ede54ecbe23f6d1b32287129ec2b4fbac0b89cacb122f3c4e2a1d6f42
Instruction ID: 1d79fe8c6ccb3ab32c5c46ea6f22447b9d9c6e8674dc6639cac8921e970b3634
Opcode Fuzzy Hash: b4284e0ede54ecbe23f6d1b32287129ec2b4fbac0b89cacb122f3c4e2a1d6f42
Instruction Fuzzy Hash: D071B032A0E74285EB24DB20E5553FD23A1EB89798F404035EA4E8B7D5DF7EE291C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACBC4760 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 163libraryCOMMON

Download Yara Rule

APIs

FindCloseChangeNotification.KERNELBASE ref: 00007FF6ACBC483D
CreateActCtxW.KERNEL32 ref: 00007FF6ACBC4880
ActivateActCtx.KERNEL32 ref: 00007FF6ACBC488B
LoadLibraryW.KERNEL32 ref: 00007FF6ACBC48D2
InitCommonControlsEx.COMCTL32 ref: 00007FF6ACBC48F7
GetModuleHandleW.KERNEL32 ref: 00007FF6ACBC48FE
GetModuleHandleW.KERNEL32 ref: 00007FF6ACBC4946
GetModuleHandleW.KERNEL32 ref: 00007FF6ACBC499A
GetModuleHandleW.KERNEL32 ref: 00007FF6ACBC49EA
CoInitialize.OLE32 ref: 00007FF6ACBC4A23

Strings

Msftedit.dllCoInitialize failedMenuINTERNAL ERROR: Menu/MenuItem handle is not HMENU!lib\native-windows-gui\src\controls\menu.rsMenu/MenuItem is not yet bound to a winapi object, xrefs: 00007FF6ACBC48B2
NativeWindowsGuiWindowNWG_FRAMEMessage only window creation failed, xrefs: 00007FF6ACBC4923
NWG_TABGetModuleHandleW failedNWG_EXTERN_CANVASUnknownInitializationErrorControlCreationErrorMenuCreationErrorResourceCreationErrorLayoutCreationErrorEventsBindingFileDialogErrorImageDecoderError, xrefs: 00007FF6ACBC4977

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: HandleModule$ActivateChangeCloseCommonControlsCreateFindInitInitializeLibraryLoadNotification
String ID: Msftedit.dllCoInitialize failedMenuINTERNAL ERROR: Menu/MenuItem handle is not HMENU!lib\native-windows-gui\src\controls\menu.rsMenu/MenuItem is not yet bound to a winapi object$NWG_TABGetModuleHandleW failedNWG_EXTERN_CANVASUnknownInitializationErrorControlCreationErrorMenuCreationErrorResourceCreationErrorLayoutCreationErrorEventsBindingFileDialogErrorImageDecoderError$NativeWindowsGuiWindowNWG_FRAMEMessage only window creation failed
API String ID: 285539361-437301158
Opcode ID: 65327b30a51fc6e77c063dc5d2a23e144ff6152dde8b306baeb79ae30fb8fee7
Instruction ID: 1752c757dcd00cae158f595771f50a1d84d366ec0e41d0c90ce46032e8b12f1d
Opcode Fuzzy Hash: 65327b30a51fc6e77c063dc5d2a23e144ff6152dde8b306baeb79ae30fb8fee7
Instruction Fuzzy Hash: 6571A032A0E75285EB24DB20E5553FE23A1EB89798F504035EA4E8B7D5DF7EE291C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACBC4759 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 163libraryCOMMON

Download Yara Rule

APIs

FindCloseChangeNotification.KERNELBASE ref: 00007FF6ACBC483D
CreateActCtxW.KERNEL32 ref: 00007FF6ACBC4880
ActivateActCtx.KERNEL32 ref: 00007FF6ACBC488B
LoadLibraryW.KERNEL32 ref: 00007FF6ACBC48D2
InitCommonControlsEx.COMCTL32 ref: 00007FF6ACBC48F7
GetModuleHandleW.KERNEL32 ref: 00007FF6ACBC48FE
GetModuleHandleW.KERNEL32 ref: 00007FF6ACBC4946
GetModuleHandleW.KERNEL32 ref: 00007FF6ACBC499A
GetModuleHandleW.KERNEL32 ref: 00007FF6ACBC49EA
CoInitialize.OLE32 ref: 00007FF6ACBC4A23

Strings

Msftedit.dllCoInitialize failedMenuINTERNAL ERROR: Menu/MenuItem handle is not HMENU!lib\native-windows-gui\src\controls\menu.rsMenu/MenuItem is not yet bound to a winapi object, xrefs: 00007FF6ACBC48B2
NativeWindowsGuiWindowNWG_FRAMEMessage only window creation failed, xrefs: 00007FF6ACBC4923
NWG_TABGetModuleHandleW failedNWG_EXTERN_CANVASUnknownInitializationErrorControlCreationErrorMenuCreationErrorResourceCreationErrorLayoutCreationErrorEventsBindingFileDialogErrorImageDecoderError, xrefs: 00007FF6ACBC4977

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: HandleModule$ActivateChangeCloseCommonControlsCreateFindInitInitializeLibraryLoadNotification
String ID: Msftedit.dllCoInitialize failedMenuINTERNAL ERROR: Menu/MenuItem handle is not HMENU!lib\native-windows-gui\src\controls\menu.rsMenu/MenuItem is not yet bound to a winapi object$NWG_TABGetModuleHandleW failedNWG_EXTERN_CANVASUnknownInitializationErrorControlCreationErrorMenuCreationErrorResourceCreationErrorLayoutCreationErrorEventsBindingFileDialogErrorImageDecoderError$NativeWindowsGuiWindowNWG_FRAMEMessage only window creation failed
API String ID: 285539361-437301158
Opcode ID: 60418ac9682ca8a9ff5a9041562a6dd0004877c550293c33488714cd54a2bb95
Instruction ID: 8319b28aaab9a1d8f9a240f302fd2d8f4267e585b11ef7c0e5939844d904779e
Opcode Fuzzy Hash: 60418ac9682ca8a9ff5a9041562a6dd0004877c550293c33488714cd54a2bb95
Instruction Fuzzy Hash: E671AF32A0E74285EB24DB20E5553FD23A1EB89798F404035EA4E8B7D5DF7EE291C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACBC476E Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 163libraryCOMMON

Download Yara Rule

APIs

FindCloseChangeNotification.KERNELBASE ref: 00007FF6ACBC483D
CreateActCtxW.KERNEL32 ref: 00007FF6ACBC4880
ActivateActCtx.KERNEL32 ref: 00007FF6ACBC488B
LoadLibraryW.KERNEL32 ref: 00007FF6ACBC48D2
InitCommonControlsEx.COMCTL32 ref: 00007FF6ACBC48F7
GetModuleHandleW.KERNEL32 ref: 00007FF6ACBC48FE
GetModuleHandleW.KERNEL32 ref: 00007FF6ACBC4946
GetModuleHandleW.KERNEL32 ref: 00007FF6ACBC499A
GetModuleHandleW.KERNEL32 ref: 00007FF6ACBC49EA
CoInitialize.OLE32 ref: 00007FF6ACBC4A23

Strings

Msftedit.dllCoInitialize failedMenuINTERNAL ERROR: Menu/MenuItem handle is not HMENU!lib\native-windows-gui\src\controls\menu.rsMenu/MenuItem is not yet bound to a winapi object, xrefs: 00007FF6ACBC48B2
NativeWindowsGuiWindowNWG_FRAMEMessage only window creation failed, xrefs: 00007FF6ACBC4923
NWG_TABGetModuleHandleW failedNWG_EXTERN_CANVASUnknownInitializationErrorControlCreationErrorMenuCreationErrorResourceCreationErrorLayoutCreationErrorEventsBindingFileDialogErrorImageDecoderError, xrefs: 00007FF6ACBC4977

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: HandleModule$ActivateChangeCloseCommonControlsCreateFindInitInitializeLibraryLoadNotification
String ID: Msftedit.dllCoInitialize failedMenuINTERNAL ERROR: Menu/MenuItem handle is not HMENU!lib\native-windows-gui\src\controls\menu.rsMenu/MenuItem is not yet bound to a winapi object$NWG_TABGetModuleHandleW failedNWG_EXTERN_CANVASUnknownInitializationErrorControlCreationErrorMenuCreationErrorResourceCreationErrorLayoutCreationErrorEventsBindingFileDialogErrorImageDecoderError$NativeWindowsGuiWindowNWG_FRAMEMessage only window creation failed
API String ID: 285539361-437301158
Opcode ID: 4796498d0b381d32dac80f3527b6c0d4afea8fb8a66514d89ac4acb6e257658e
Instruction ID: 5c8423c0d74205e899e78e4301161aa90493d32cca129fb9843154fb4d48e6ac
Opcode Fuzzy Hash: 4796498d0b381d32dac80f3527b6c0d4afea8fb8a66514d89ac4acb6e257658e
Instruction Fuzzy Hash: 3B71B032A0E74285EB24DB20E5553FD23A1EB89798F404035EA4E8B7D5DF7EE291C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACBC4775 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 163libraryCOMMON

Download Yara Rule

APIs

FindCloseChangeNotification.KERNELBASE ref: 00007FF6ACBC483D
CreateActCtxW.KERNEL32 ref: 00007FF6ACBC4880
ActivateActCtx.KERNEL32 ref: 00007FF6ACBC488B
LoadLibraryW.KERNEL32 ref: 00007FF6ACBC48D2
InitCommonControlsEx.COMCTL32 ref: 00007FF6ACBC48F7
GetModuleHandleW.KERNEL32 ref: 00007FF6ACBC48FE
GetModuleHandleW.KERNEL32 ref: 00007FF6ACBC4946
GetModuleHandleW.KERNEL32 ref: 00007FF6ACBC499A
GetModuleHandleW.KERNEL32 ref: 00007FF6ACBC49EA
CoInitialize.OLE32 ref: 00007FF6ACBC4A23

Strings

Msftedit.dllCoInitialize failedMenuINTERNAL ERROR: Menu/MenuItem handle is not HMENU!lib\native-windows-gui\src\controls\menu.rsMenu/MenuItem is not yet bound to a winapi object, xrefs: 00007FF6ACBC48B2
NativeWindowsGuiWindowNWG_FRAMEMessage only window creation failed, xrefs: 00007FF6ACBC4923
NWG_TABGetModuleHandleW failedNWG_EXTERN_CANVASUnknownInitializationErrorControlCreationErrorMenuCreationErrorResourceCreationErrorLayoutCreationErrorEventsBindingFileDialogErrorImageDecoderError, xrefs: 00007FF6ACBC4977

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: HandleModule$ActivateChangeCloseCommonControlsCreateFindInitInitializeLibraryLoadNotification
String ID: Msftedit.dllCoInitialize failedMenuINTERNAL ERROR: Menu/MenuItem handle is not HMENU!lib\native-windows-gui\src\controls\menu.rsMenu/MenuItem is not yet bound to a winapi object$NWG_TABGetModuleHandleW failedNWG_EXTERN_CANVASUnknownInitializationErrorControlCreationErrorMenuCreationErrorResourceCreationErrorLayoutCreationErrorEventsBindingFileDialogErrorImageDecoderError$NativeWindowsGuiWindowNWG_FRAMEMessage only window creation failed
API String ID: 285539361-437301158
Opcode ID: 0db840f282a8a42117daaad8ed492382ab8650aecf2d38697e123e558af5acbc
Instruction ID: 366fb1be81a4b532782a207c493e38e5423ef7286f3d15741f554f227717fd50
Opcode Fuzzy Hash: 0db840f282a8a42117daaad8ed492382ab8650aecf2d38697e123e558af5acbc
Instruction Fuzzy Hash: 0B71A032A0E75285EB24DB20E5553FD23A1EB89798F504035EA4E8B7D5DF7EE291C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACBC4767 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 163libraryCOMMON

Download Yara Rule

APIs

FindCloseChangeNotification.KERNELBASE ref: 00007FF6ACBC483D
CreateActCtxW.KERNEL32 ref: 00007FF6ACBC4880
ActivateActCtx.KERNEL32 ref: 00007FF6ACBC488B
LoadLibraryW.KERNEL32 ref: 00007FF6ACBC48D2
InitCommonControlsEx.COMCTL32 ref: 00007FF6ACBC48F7
GetModuleHandleW.KERNEL32 ref: 00007FF6ACBC48FE
GetModuleHandleW.KERNEL32 ref: 00007FF6ACBC4946
GetModuleHandleW.KERNEL32 ref: 00007FF6ACBC499A
GetModuleHandleW.KERNEL32 ref: 00007FF6ACBC49EA
CoInitialize.OLE32 ref: 00007FF6ACBC4A23

Strings

Msftedit.dllCoInitialize failedMenuINTERNAL ERROR: Menu/MenuItem handle is not HMENU!lib\native-windows-gui\src\controls\menu.rsMenu/MenuItem is not yet bound to a winapi object, xrefs: 00007FF6ACBC48B2
NativeWindowsGuiWindowNWG_FRAMEMessage only window creation failed, xrefs: 00007FF6ACBC4923
NWG_TABGetModuleHandleW failedNWG_EXTERN_CANVASUnknownInitializationErrorControlCreationErrorMenuCreationErrorResourceCreationErrorLayoutCreationErrorEventsBindingFileDialogErrorImageDecoderError, xrefs: 00007FF6ACBC4977

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: HandleModule$ActivateChangeCloseCommonControlsCreateFindInitInitializeLibraryLoadNotification
String ID: Msftedit.dllCoInitialize failedMenuINTERNAL ERROR: Menu/MenuItem handle is not HMENU!lib\native-windows-gui\src\controls\menu.rsMenu/MenuItem is not yet bound to a winapi object$NWG_TABGetModuleHandleW failedNWG_EXTERN_CANVASUnknownInitializationErrorControlCreationErrorMenuCreationErrorResourceCreationErrorLayoutCreationErrorEventsBindingFileDialogErrorImageDecoderError$NativeWindowsGuiWindowNWG_FRAMEMessage only window creation failed
API String ID: 285539361-437301158
Opcode ID: dc20905e0b60a179bd1fa0c8e26fda86fed758cfc53e52a3db5aa231047ba3a4
Instruction ID: 7ba6234fe3678a4956c8c3aa89be2e915117af3f9d419bacacb4efac0d9b54ff
Opcode Fuzzy Hash: dc20905e0b60a179bd1fa0c8e26fda86fed758cfc53e52a3db5aa231047ba3a4
Instruction Fuzzy Hash: A271A032A0E75285EB24DB20E5553FD23A1EB89798F504035EA4E8B7D5DF7EE291C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACBC467B Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 162libraryCOMMON

Download Yara Rule

APIs

FindCloseChangeNotification.KERNELBASE ref: 00007FF6ACBC483D
CreateActCtxW.KERNEL32 ref: 00007FF6ACBC4880
ActivateActCtx.KERNEL32 ref: 00007FF6ACBC488B
LoadLibraryW.KERNEL32 ref: 00007FF6ACBC48D2
InitCommonControlsEx.COMCTL32 ref: 00007FF6ACBC48F7
GetModuleHandleW.KERNEL32 ref: 00007FF6ACBC48FE
GetModuleHandleW.KERNEL32 ref: 00007FF6ACBC4946
GetModuleHandleW.KERNEL32 ref: 00007FF6ACBC499A
GetModuleHandleW.KERNEL32 ref: 00007FF6ACBC49EA
CoInitialize.OLE32 ref: 00007FF6ACBC4A23

Strings

Msftedit.dllCoInitialize failedMenuINTERNAL ERROR: Menu/MenuItem handle is not HMENU!lib\native-windows-gui\src\controls\menu.rsMenu/MenuItem is not yet bound to a winapi object, xrefs: 00007FF6ACBC48B2
NativeWindowsGuiWindowNWG_FRAMEMessage only window creation failed, xrefs: 00007FF6ACBC4923
NWG_TABGetModuleHandleW failedNWG_EXTERN_CANVASUnknownInitializationErrorControlCreationErrorMenuCreationErrorResourceCreationErrorLayoutCreationErrorEventsBindingFileDialogErrorImageDecoderError, xrefs: 00007FF6ACBC4977

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: HandleModule$ActivateChangeCloseCommonControlsCreateFindInitInitializeLibraryLoadNotification
String ID: Msftedit.dllCoInitialize failedMenuINTERNAL ERROR: Menu/MenuItem handle is not HMENU!lib\native-windows-gui\src\controls\menu.rsMenu/MenuItem is not yet bound to a winapi object$NWG_TABGetModuleHandleW failedNWG_EXTERN_CANVASUnknownInitializationErrorControlCreationErrorMenuCreationErrorResourceCreationErrorLayoutCreationErrorEventsBindingFileDialogErrorImageDecoderError$NativeWindowsGuiWindowNWG_FRAMEMessage only window creation failed
API String ID: 285539361-437301158
Opcode ID: 21e39cb50996736d55643f2ed5f2ba18c3c9c19a9d821b13fa44019fdcfe93c5
Instruction ID: b5a28ce14dc66b6a5382b65ab257c7bc5f8324574ff1dfb031a439178e84a9d9
Opcode Fuzzy Hash: 21e39cb50996736d55643f2ed5f2ba18c3c9c19a9d821b13fa44019fdcfe93c5
Instruction Fuzzy Hash: 1E719032A0E74285EB24DB20E5553FD63A1EB89798F444035EA4E8B7D5DF7EE291C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACBDE522 Relevance: 22.9, APIs: 14, Strings: 1, Instructions: 387COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140 ref: 00007FF6ACBDE589
memcpy.VCRUNTIME140 ref: 00007FF6ACBDE5B6
memcpy.VCRUNTIME140 ref: 00007FF6ACBDE5CE
memcpy.VCRUNTIME140 ref: 00007FF6ACBDE60D
memcpy.VCRUNTIME140 ref: 00007FF6ACBDE833
memcpy.VCRUNTIME140 ref: 00007FF6ACBDE8E4
memcpy.VCRUNTIME140 ref: 00007FF6ACBDE928
memcpy.VCRUNTIME140 ref: 00007FF6ACBDE9B9
memcpy.VCRUNTIME140 ref: 00007FF6ACBDE9F2
memcpy.VCRUNTIME140 ref: 00007FF6ACBDEA95
memcpy.VCRUNTIME140 ref: 00007FF6ACBDEB50
memcpy.VCRUNTIME140 ref: 00007FF6ACBDEBA6
memcpy.VCRUNTIME140 ref: 00007FF6ACBDEC20
memcpy.VCRUNTIME140 ref: 00007FF6ACBDEC36
memcpy.VCRUNTIME140 ref: 00007FF6ACBDEC51
memcpy.VCRUNTIME140 ref: 00007FF6ACBDECFD
memcpy.VCRUNTIME140 ref: 00007FF6ACBDED17
memcpy.VCRUNTIME140 ref: 00007FF6ACBDEF4C
memcpy.VCRUNTIME140 ref: 00007FF6ACBDF2B5
memcpy.VCRUNTIME140 ref: 00007FF6ACBE08FA
memcpy.VCRUNTIME140 ref: 00007FF6ACBE093F
memcpy.VCRUNTIME140 ref: 00007FF6ACBE099A
memcpy.VCRUNTIME140 ref: 00007FF6ACBE0A1D
memcpy.VCRUNTIME140 ref: 00007FF6ACBE0A3A
memcpy.VCRUNTIME140 ref: 00007FF6ACBE0E03

Strings

`async fn` resumed after completion, xrefs: 00007FF6ACBDE522

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: memcpy
String ID: `async fn` resumed after completion
API String ID: 3510742995-507674517
Opcode ID: 205dc11e28de3383cf028a48cb411b4612c71dde83c0ac698bdad901f2ddb28d
Instruction ID: c2d391cb0591a30354d1f52d60313621e3ced34f98cbbf566e41bf80e296bf32
Opcode Fuzzy Hash: 205dc11e28de3383cf028a48cb411b4612c71dde83c0ac698bdad901f2ddb28d
Instruction Fuzzy Hash: 0822BC62A0DBE581E722DB28E1047EE63A4FB9A788F449121DFCD13656DF3DE285C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACBDE532 Relevance: 22.9, APIs: 14, Strings: 1, Instructions: 386COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140 ref: 00007FF6ACBDE589
memcpy.VCRUNTIME140 ref: 00007FF6ACBDE5B6
memcpy.VCRUNTIME140 ref: 00007FF6ACBDE5CE
memcpy.VCRUNTIME140 ref: 00007FF6ACBDE60D
memcpy.VCRUNTIME140 ref: 00007FF6ACBDE833
memcpy.VCRUNTIME140 ref: 00007FF6ACBDE8E4
memcpy.VCRUNTIME140 ref: 00007FF6ACBDE928
memcpy.VCRUNTIME140 ref: 00007FF6ACBDE9B9
memcpy.VCRUNTIME140 ref: 00007FF6ACBDE9F2
memcpy.VCRUNTIME140 ref: 00007FF6ACBDEA95
memcpy.VCRUNTIME140 ref: 00007FF6ACBDEB50
memcpy.VCRUNTIME140 ref: 00007FF6ACBDEBA6
memcpy.VCRUNTIME140 ref: 00007FF6ACBDEC20
memcpy.VCRUNTIME140 ref: 00007FF6ACBDEC36
memcpy.VCRUNTIME140 ref: 00007FF6ACBDEC51
memcpy.VCRUNTIME140 ref: 00007FF6ACBDECFD
memcpy.VCRUNTIME140 ref: 00007FF6ACBDED17
memcpy.VCRUNTIME140 ref: 00007FF6ACBDEF4C
memcpy.VCRUNTIME140 ref: 00007FF6ACBDF2B5
memcpy.VCRUNTIME140 ref: 00007FF6ACBE08FA
memcpy.VCRUNTIME140 ref: 00007FF6ACBE093F
memcpy.VCRUNTIME140 ref: 00007FF6ACBE099A
memcpy.VCRUNTIME140 ref: 00007FF6ACBE0A1D
memcpy.VCRUNTIME140 ref: 00007FF6ACBE0A3A
memcpy.VCRUNTIME140 ref: 00007FF6ACBE0E03

Strings

`async fn` resumed after completion, xrefs: 00007FF6ACBDE532

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: memcpy
String ID: `async fn` resumed after completion
API String ID: 3510742995-507674517
Opcode ID: 2f00dc95feff4ae7a0925ffed3759cb8814cbdc723f9a8028d4581b9f6c38b2b
Instruction ID: a970425f8b92429f0acfa4db006974189cb8834db0bbcc31abf95df051461ef6
Opcode Fuzzy Hash: 2f00dc95feff4ae7a0925ffed3759cb8814cbdc723f9a8028d4581b9f6c38b2b
Instruction Fuzzy Hash: 1122BC62A0DBE581E722DB28E1047EE63A4FB9A788F449121DFCD13656DF3DE285C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACBF70F2 Relevance: 20.2, APIs: 9, Strings: 4, Instructions: 742COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140 ref: 00007FF6ACBF724E
memcpy.VCRUNTIME140 ref: 00007FF6ACBF78DF
memcpy.VCRUNTIME140 ref: 00007FF6ACBF78FD
memcpy.VCRUNTIME140 ref: 00007FF6ACBF7AB3
memcpy.VCRUNTIME140 ref: 00007FF6ACBF7B6C
memcpy.VCRUNTIME140 ref: 00007FF6ACBF7B92
memcpy.VCRUNTIME140 ref: 00007FF6ACBF7BB0
memcpy.VCRUNTIME140 ref: 00007FF6ACBF7BD7

Strings

TryFlatten polled after completionC:\Users\rt-dev\.cargo\registry\src\index.crates.io-6f17d22bba15001f\futures-util-0.3.30\src\future\try_future\try_flatten.rs, xrefs: 00007FF6ACBFEC46
ALPN upgraded to HTTP/2, xrefs: 00007FF6ACBF7D82
Map must not be polled after it returned `Poll::Ready`, xrefs: 00007FF6ACBFEC31
internal error: entered unreachable codeC:\Users\rt-dev\.cargo\registry\src\index.crates.io-6f17d22bba15001f\tokio-1.37.0\src\sync\notify.rs, xrefs: 00007FF6ACBFEC07, 00007FF6ACBFEC17, 00007FF6ACBFEC6C

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: memcpy
String ID: ALPN upgraded to HTTP/2$Map must not be polled after it returned `Poll::Ready`$TryFlatten polled after completionC:\Users\rt-dev\.cargo\registry\src\index.crates.io-6f17d22bba15001f\futures-util-0.3.30\src\future\try_future\try_flatten.rs$internal error: entered unreachable codeC:\Users\rt-dev\.cargo\registry\src\index.crates.io-6f17d22bba15001f\tokio-1.37.0\src\sync\notify.rs
API String ID: 3510742995-2870936166
Opcode ID: 6645325b2d63bf326e75ca79a3d4f4e6536d566998c15bf16b73b2010af4858e
Instruction ID: fef8d1f9cf6be09beec2b0fc75864ac6c804788c082cd942f26f3b4c99539e19
Opcode Fuzzy Hash: 6645325b2d63bf326e75ca79a3d4f4e6536d566998c15bf16b73b2010af4858e
Instruction Fuzzy Hash: FB82B226A0DBD185EA70CB15E4503EAB3A0FB86780F444136DE9D93B99DF3EE545CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACBDE4DC Relevance: 17.9, APIs: 14, Instructions: 391COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140 ref: 00007FF6ACBDE589
memcpy.VCRUNTIME140 ref: 00007FF6ACBDE5B6
memcpy.VCRUNTIME140 ref: 00007FF6ACBDE5CE
memcpy.VCRUNTIME140 ref: 00007FF6ACBDE60D
memcpy.VCRUNTIME140 ref: 00007FF6ACBDE833
memcpy.VCRUNTIME140 ref: 00007FF6ACBDEB50
memcpy.VCRUNTIME140 ref: 00007FF6ACBDEBA6
memcpy.VCRUNTIME140 ref: 00007FF6ACBDEC20
memcpy.VCRUNTIME140 ref: 00007FF6ACBDEC36
memcpy.VCRUNTIME140 ref: 00007FF6ACBDEC51
memcpy.VCRUNTIME140 ref: 00007FF6ACBDECFD
memcpy.VCRUNTIME140 ref: 00007FF6ACBDED17
memcpy.VCRUNTIME140 ref: 00007FF6ACBDEF4C
memcpy.VCRUNTIME140 ref: 00007FF6ACBDEF90
memcpy.VCRUNTIME140 ref: 00007FF6ACBDF2B5
memcpy.VCRUNTIME140 ref: 00007FF6ACBDF55C
memcpy.VCRUNTIME140 ref: 00007FF6ACBDF5A7
memcpy.VCRUNTIME140 ref: 00007FF6ACBE08FA
memcpy.VCRUNTIME140 ref: 00007FF6ACBE093F
memcpy.VCRUNTIME140 ref: 00007FF6ACBE099A
memcpy.VCRUNTIME140 ref: 00007FF6ACBE0A1D
memcpy.VCRUNTIME140 ref: 00007FF6ACBE0A3A
memcpy.VCRUNTIME140 ref: 00007FF6ACBE0E03

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: memcpy
String ID:
API String ID: 3510742995-0
Opcode ID: 69062a724063c67cf22c1d9af9311de6bd0e1adf5a655a0c09afee065b774d7d
Instruction ID: 34444ea9da2441c4cf0ace5c6d58c9d4f46d408511859d93dc7f91c667648b4a
Opcode Fuzzy Hash: 69062a724063c67cf22c1d9af9311de6bd0e1adf5a655a0c09afee065b774d7d
Instruction Fuzzy Hash: 7322AC62A0DBE581E722DB28E1047EE63A4FB9A788F449121DFCD13656DF3DE285C701

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACBD081C Relevance: 15.2, APIs: 8, Strings: 2, Instructions: 194COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140 ref: 00007FF6ACBD089A
memcpy.VCRUNTIME140 ref: 00007FF6ACBD08CF
memcpy.VCRUNTIME140 ref: 00007FF6ACBD0A70
memcpy.VCRUNTIME140 ref: 00007FF6ACBD0A8E
memcpy.VCRUNTIME140 ref: 00007FF6ACBD0AC8
memcpy.VCRUNTIME140 ref: 00007FF6ACBD0B0C

Strings

internal error: entered unreachable codeC:\Users\rt-dev\.cargo\registry\src\index.crates.io-6f17d22bba15001f\tokio-1.37.0\src\sync\notify.rs, xrefs: 00007FF6ACBD0B5F
HTTP/2 connection in progressC:\Users\rt-dev\.cargo\registry\src\index.crates.io-6f17d22bba15001f\hyper-0.14.28\src\common\exec.rs, xrefs: 00007FF6ACBD0912

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: memcpy
String ID: HTTP/2 connection in progressC:\Users\rt-dev\.cargo\registry\src\index.crates.io-6f17d22bba15001f\hyper-0.14.28\src\common\exec.rs$internal error: entered unreachable codeC:\Users\rt-dev\.cargo\registry\src\index.crates.io-6f17d22bba15001f\tokio-1.37.0\src\sync\notify.rs
API String ID: 3510742995-2642962797
Opcode ID: 3aec121a8cd854ce47973e7c6640a8811ac187d279da85857f7ba1ce9814b5d6
Instruction ID: fd89518a80ae32dca38b25d1fe07764270580d018a19e7fe69107bdde378e4c1
Opcode Fuzzy Hash: 3aec121a8cd854ce47973e7c6640a8811ac187d279da85857f7ba1ce9814b5d6
Instruction Fuzzy Hash: 1681F232B0EBD584EA60DB15E4447EEA764FB8AB94F408132DE8D47B99DE3DD185C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACBDE408 Relevance: 14.1, APIs: 11, Instructions: 359COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140 ref: 00007FF6ACBDE589
memcpy.VCRUNTIME140 ref: 00007FF6ACBDE5B6
memcpy.VCRUNTIME140 ref: 00007FF6ACBDE5CE
memcpy.VCRUNTIME140 ref: 00007FF6ACBDE60D
memcpy.VCRUNTIME140 ref: 00007FF6ACBDE833
memcpy.VCRUNTIME140 ref: 00007FF6ACBDE8E4
memcpy.VCRUNTIME140 ref: 00007FF6ACBDE928
memcpy.VCRUNTIME140 ref: 00007FF6ACBDE9B9
memcpy.VCRUNTIME140 ref: 00007FF6ACBDE9F2
memcpy.VCRUNTIME140 ref: 00007FF6ACBDEA95
memcpy.VCRUNTIME140 ref: 00007FF6ACBDEB50
memcpy.VCRUNTIME140 ref: 00007FF6ACBDEBA6
memcpy.VCRUNTIME140 ref: 00007FF6ACBDEC20
memcpy.VCRUNTIME140 ref: 00007FF6ACBDEC36
memcpy.VCRUNTIME140 ref: 00007FF6ACBDEC51
memcpy.VCRUNTIME140 ref: 00007FF6ACBDECFD
memcpy.VCRUNTIME140 ref: 00007FF6ACBDED17
memcpy.VCRUNTIME140 ref: 00007FF6ACBDF2B5
memcpy.VCRUNTIME140 ref: 00007FF6ACBDF55C
memcpy.VCRUNTIME140 ref: 00007FF6ACBDF5A7
memcpy.VCRUNTIME140 ref: 00007FF6ACBE08FA
memcpy.VCRUNTIME140 ref: 00007FF6ACBE093F
memcpy.VCRUNTIME140 ref: 00007FF6ACBE099A
memcpy.VCRUNTIME140 ref: 00007FF6ACBE0A1D
memcpy.VCRUNTIME140 ref: 00007FF6ACBE0A3A
memcpy.VCRUNTIME140 ref: 00007FF6ACBE0AC3
memcpy.VCRUNTIME140 ref: 00007FF6ACBE0E03

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: memcpy
String ID:
API String ID: 3510742995-0
Opcode ID: 41afaee8dab47db8acca354828c34a6e8cb7a1f50df99ec0bf3e66d3e9ac30ca
Instruction ID: 25bfede0267f11ef798c11716ba4d045cef07c4382330f09e990945b7bc62c51
Opcode Fuzzy Hash: 41afaee8dab47db8acca354828c34a6e8cb7a1f50df99ec0bf3e66d3e9ac30ca
Instruction Fuzzy Hash: 6C12AE62A0DBE581E722DB28E1057EE73A4FB9A788F449121DFCD13656DF39E285C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACC0DDCD Relevance: 12.9, APIs: 4, Strings: 4, Instructions: 949COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140 ref: 00007FF6ACC0DEF6

Strings

httphttpswswssftpfileC:\Users\rt-dev\.cargo\registry\src\index.crates.io-6f17d22bba15001f\url-2.5.0\src\parser.rs, xrefs: 00007FF6ACC0E1E5, 00007FF6ACC0E6E7
Pending error polled more than once, xrefs: 00007FF6ACC0EFE0
cookie2, xrefs: 00007FF6ACC0E8C0
/rustc/cc66ad468955717ab92600c770da8c1601a4ff33\library\core\src\sync\atomic.rsthere is no such thing as an acquire store, xrefs: 00007FF6ACC0E37D, 00007FF6ACC0E9EF

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: memcpy
String ID: /rustc/cc66ad468955717ab92600c770da8c1601a4ff33\library\core\src\sync\atomic.rsthere is no such thing as an acquire store$Pending error polled more than once$cookie2$httphttpswswssftpfileC:\Users\rt-dev\.cargo\registry\src\index.crates.io-6f17d22bba15001f\url-2.5.0\src\parser.rs
API String ID: 3510742995-3329009164
Opcode ID: bf3188eecc5835511c7f143a55c64794d950a30a45ce7caf55ed6077d77d6786
Instruction ID: d2ed97d3370a20dea969cb5af47fd6d4fdf553647dadb6d09c65ddee528c314d
Opcode Fuzzy Hash: bf3188eecc5835511c7f143a55c64794d950a30a45ce7caf55ed6077d77d6786
Instruction Fuzzy Hash: 2BA2D2A2A0EAD280EA35DB15E4057FA6370FB85B84F448135DE9E87B96DF3DE581C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACBDE4C6 Relevance: 12.8, APIs: 10, Instructions: 341COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140 ref: 00007FF6ACBDE589
memcpy.VCRUNTIME140 ref: 00007FF6ACBDE5B6
memcpy.VCRUNTIME140 ref: 00007FF6ACBDE5CE
memcpy.VCRUNTIME140 ref: 00007FF6ACBDE60D
memcpy.VCRUNTIME140 ref: 00007FF6ACBDE833
memcpy.VCRUNTIME140 ref: 00007FF6ACBDE8E4
memcpy.VCRUNTIME140 ref: 00007FF6ACBDE928
memcpy.VCRUNTIME140 ref: 00007FF6ACBDE9B9
memcpy.VCRUNTIME140 ref: 00007FF6ACBDE9F2
memcpy.VCRUNTIME140 ref: 00007FF6ACBDEA95
memcpy.VCRUNTIME140 ref: 00007FF6ACBDEB50
memcpy.VCRUNTIME140 ref: 00007FF6ACBDEBA6
memcpy.VCRUNTIME140 ref: 00007FF6ACBDEC20
memcpy.VCRUNTIME140 ref: 00007FF6ACBDEC36
memcpy.VCRUNTIME140 ref: 00007FF6ACBDEC51
memcpy.VCRUNTIME140 ref: 00007FF6ACBDECFD
memcpy.VCRUNTIME140 ref: 00007FF6ACBDED17
memcpy.VCRUNTIME140 ref: 00007FF6ACBDEF4C
memcpy.VCRUNTIME140 ref: 00007FF6ACBDEF90
memcpy.VCRUNTIME140 ref: 00007FF6ACBDF2B5
memcpy.VCRUNTIME140 ref: 00007FF6ACBDF55C
memcpy.VCRUNTIME140 ref: 00007FF6ACBDF5A7
memcpy.VCRUNTIME140 ref: 00007FF6ACBE08FA
memcpy.VCRUNTIME140 ref: 00007FF6ACBE093F
memcpy.VCRUNTIME140 ref: 00007FF6ACBE099A
memcpy.VCRUNTIME140 ref: 00007FF6ACBE0A1D
memcpy.VCRUNTIME140 ref: 00007FF6ACBE0A3A
memcpy.VCRUNTIME140 ref: 00007FF6ACBE0E03

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: memcpy
String ID:
API String ID: 3510742995-0
Opcode ID: 3a3d625d846857ffd2dfa116172a21a6a86e273a15ad4605ff2b2b700a458137
Instruction ID: e109304cc8562de412a851fb93f8390d7c6ec8f8df5f3bfe64676b5a881be65a
Opcode Fuzzy Hash: 3a3d625d846857ffd2dfa116172a21a6a86e273a15ad4605ff2b2b700a458137
Instruction Fuzzy Hash: A312AD62A0DBD581E722DB28E1057EE73A4FB9A788F449121DFCD13A56DF39E285C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACC0F4F2 Relevance: 12.8, APIs: 4, Strings: 3, Instructions: 567COMMON

Download Yara Rule

Strings

httphttpswswssftpfileC:\Users\rt-dev\.cargo\registry\src\index.crates.io-6f17d22bba15001f\url-2.5.0\src\parser.rs, xrefs: 00007FF6ACC0F5F6
/rustc/cc66ad468955717ab92600c770da8c1601a4ff33\library\core\src\sync\atomic.rsthere is no such thing as an acquire store, xrefs: 00007FF6ACC0FA2B
size overflows MAX_SIZE, xrefs: 00007FF6ACC10222

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID:
String ID: /rustc/cc66ad468955717ab92600c770da8c1601a4ff33\library\core\src\sync\atomic.rsthere is no such thing as an acquire store$httphttpswswssftpfileC:\Users\rt-dev\.cargo\registry\src\index.crates.io-6f17d22bba15001f\url-2.5.0\src\parser.rs$size overflows MAX_SIZE
API String ID: 0-3281621967
Opcode ID: 4fd1d49e630a517e64bc07ddcafe42e043ac456b211929d9a73d10e1c5ac5aca
Instruction ID: 3d39bc84d0b7f4d7ea1624b7b579fbec58a617fd55ac902929db0ae1c3ef760a
Opcode Fuzzy Hash: 4fd1d49e630a517e64bc07ddcafe42e043ac456b211929d9a73d10e1c5ac5aca
Instruction Fuzzy Hash: 84525C72A0AAC591EA65CB15E4413EAA370FB99784F448132DFCE93B55DF3CE586C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACBA5182 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 181networkCOMMON

Download Yara Rule

APIs

getpeername.WS2_32 ref: 00007FF6ACBA51F5
WSAGetLastError.WS2_32 ref: 00007FF6ACBA5254
getsockname.WS2_32 ref: 00007FF6ACBA52E7
WSAGetLastError.WS2_32 ref: 00007FF6ACBA5346

Strings

assertion failed: len as usize >= mem::size_of::<c::sockaddr_in>()library\std\src\sys_common\net.rs, xrefs: 00007FF6ACBA5472
assertion failed: len as usize >= mem::size_of::<c::sockaddr_in6>(), xrefs: 00007FF6ACBA545D

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: ErrorLast$getpeernamegetsockname
String ID: assertion failed: len as usize >= mem::size_of::<c::sockaddr_in6>()$assertion failed: len as usize >= mem::size_of::<c::sockaddr_in>()library\std\src\sys_common\net.rs
API String ID: 1444953621-3350695673
Opcode ID: f82b887af3e42f63fdea76595632fda848dbc04749d40b69e15f40ed4625a3f8
Instruction ID: 599451f7c54bd2fa04f74439750a971032c8e893044e9f93eb2e596467cffeb7
Opcode Fuzzy Hash: f82b887af3e42f63fdea76595632fda848dbc04749d40b69e15f40ed4625a3f8
Instruction Fuzzy Hash: 7191A46291DA9186E7258F18E0452FAB3B0FFD5354F109225EBC983A65EF3ED2D5CB00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACBC4404 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 47libraryCOMMON

Download Yara Rule

APIs

memset.VCRUNTIME140 ref: 00007FF6ACBC443F
GetTempPathW.KERNEL32 ref: 00007FF6ACBC444C
LoadLibraryW.KERNEL32 ref: 00007FF6ACBC48D2
InitCommonControlsEx.COMCTL32 ref: 00007FF6ACBC48F7
GetModuleHandleW.KERNEL32 ref: 00007FF6ACBC48FE

Strings

Msftedit.dllCoInitialize failedMenuINTERNAL ERROR: Menu/MenuItem handle is not HMENU!lib\native-windows-gui\src\controls\menu.rsMenu/MenuItem is not yet bound to a winapi object, xrefs: 00007FF6ACBC48B2

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: CommonControlsHandleInitLibraryLoadModulePathTempmemset
String ID: Msftedit.dllCoInitialize failedMenuINTERNAL ERROR: Menu/MenuItem handle is not HMENU!lib\native-windows-gui\src\controls\menu.rsMenu/MenuItem is not yet bound to a winapi object
API String ID: 1087137763-3018657253
Opcode ID: dbd5a38d20c39a6438632547efd84616f7f19d48ff4274b91f295ca3007b9596
Instruction ID: e91bd2a8ddfe5a778e00b6c778ce9b7431eb8c5f62b09d8fb6f62787428b9c73
Opcode Fuzzy Hash: dbd5a38d20c39a6438632547efd84616f7f19d48ff4274b91f295ca3007b9596
Instruction Fuzzy Hash: 8B018C2170975254FB64AB229E457F91261AF45BE0F448131EE2E9B7C5DE6DF2518300

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACBEE7A7 Relevance: 9.3, APIs: 4, Strings: 2, Instructions: 349COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140 ref: 00007FF6ACBEE7BB
memcpy.VCRUNTIME140 ref: 00007FF6ACBEE8C5

Part of subcall function 00007FF6ACBA80DB: WSASocketW.WS2_32 ref: 00007FF6ACBA8139
Part of subcall function 00007FF6ACBA80DB: ioctlsocket.WS2_32 ref: 00007FF6ACBA8160
Part of subcall function 00007FF6ACBA80DB: closesocket.WS2_32 ref: 00007FF6ACBA83FE

memcpy.VCRUNTIME140 ref: 00007FF6ACBEEDE0
memcpy.VCRUNTIME140 ref: 00007FF6ACBEEE09

Strings

Network unreachabletcp connect error, xrefs: 00007FF6ACBEF139
internal error: entered unreachable codeC:\Users\rt-dev\.cargo\registry\src\index.crates.io-6f17d22bba15001f\tokio-1.37.0\src\sync\notify.rs, xrefs: 00007FF6ACBEECC4

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: memcpy$Socketclosesocketioctlsocket
String ID: Network unreachabletcp connect error$internal error: entered unreachable codeC:\Users\rt-dev\.cargo\registry\src\index.crates.io-6f17d22bba15001f\tokio-1.37.0\src\sync\notify.rs
API String ID: 429738851-3880233569
Opcode ID: 8bb98f9df8b59d946ac7e54df812a52a40cbb72fdca6a8ac90fd73f384fb30d6
Instruction ID: 5a864dd42c128dd336a45497d064ec2da0c9017dae4b9b666fc58170679a7ea0
Opcode Fuzzy Hash: 8bb98f9df8b59d946ac7e54df812a52a40cbb72fdca6a8ac90fd73f384fb30d6
Instruction Fuzzy Hash: 9D128AB6A09BE180E721DB14E4587E97368FB9AB8CF414122DF8D53356DF3AE285C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACB818CF Relevance: 9.3, APIs: 4, Strings: 2, Instructions: 311COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140 ref: 00007FF6ACB819D9
memcpy.VCRUNTIME140 ref: 00007FF6ACB819F2
CloseHandle.KERNEL32 ref: 00007FF6ACB81FF7

Strings

`async fn` resumed after completion, xrefs: 00007FF6ACB81D52
/rustc/cc66ad468955717ab92600c770da8c1601a4ff33\library\core\src\sync\atomic.rsthere is no such thing as an acquire store, xrefs: 00007FF6ACB81B85

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: memcpy$CloseHandle
String ID: /rustc/cc66ad468955717ab92600c770da8c1601a4ff33\library\core\src\sync\atomic.rsthere is no such thing as an acquire store$`async fn` resumed after completion
API String ID: 2153058950-3219878230
Opcode ID: d6620f9872ae15028afd7509970dde6fcd045808935c8f1fd43f3a8645fc85d1
Instruction ID: 395a79512cfd754365b61dc234a2ae33bd495e1b046f2c790c535b45460f1e51
Opcode Fuzzy Hash: d6620f9872ae15028afd7509970dde6fcd045808935c8f1fd43f3a8645fc85d1
Instruction Fuzzy Hash: 40F1A322A0AAD280EB51CF24D0447FC6364FB56B48F485132DF8D9B6AAEF39E595C350

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACBF0232 Relevance: 9.2, APIs: 5, Strings: 1, Instructions: 184COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140 ref: 00007FF6ACBF03E5
memcpy.VCRUNTIME140 ref: 00007FF6ACBF043D

Strings

`async fn` resumed after completion, xrefs: 00007FF6ACBF0262

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: memcpy
String ID: `async fn` resumed after completion
API String ID: 3510742995-507674517
Opcode ID: 9ba8ba763ac8225b64e4831f945bf38ed8598ee5a0095e4e825ec2e090ae9eb5
Instruction ID: 6c5479f3d6b83473c28bcec92da1642b7da96e62caa00c6d16f6b96f4a1369c9
Opcode Fuzzy Hash: 9ba8ba763ac8225b64e4831f945bf38ed8598ee5a0095e4e825ec2e090ae9eb5
Instruction Fuzzy Hash: 4181C026A0ABD184EB11DF21D4543FD2760FB9AB88F488131DE8D8B7AADF79D585C310

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACC4CA70 Relevance: 9.1, APIs: 3, Strings: 2, Instructions: 326COMMON

Download Yara Rule

Strings

use of std::thread::current() is not possible after the thread's local data has been destroyed, xrefs: 00007FF6ACC4CEE8, 00007FF6ACC4CF02
/rustc/cc66ad468955717ab92600c770da8c1601a4ff33\library\core\src\sync\atomic.rsthere is no such thing as an acquire store, xrefs: 00007FF6ACC4CF9C

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID:
String ID: /rustc/cc66ad468955717ab92600c770da8c1601a4ff33\library\core\src\sync\atomic.rsthere is no such thing as an acquire store$use of std::thread::current() is not possible after the thread's local data has been destroyed
API String ID: 0-1681656157
Opcode ID: 086a057d25c123e6e906b60cb2c3ce381c00a933b1d6efc55c477bb1cbbbeb81
Instruction ID: 8f0370b673e8b667e3c80597903cffe6e724ec941d8e1768b5c5df0291e44f52
Opcode Fuzzy Hash: 086a057d25c123e6e906b60cb2c3ce381c00a933b1d6efc55c477bb1cbbbeb81
Instruction Fuzzy Hash: 4EE15E36A06A5684EB10CB65E8447B93770FB48BA8F548236DE5ED37A5DF3CE546C300

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACC1B240 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 101networkCOMMON

Download Yara Rule

APIs

TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF6ACC1B236), ref: 00007FF6ACC1B2D1
ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF6ACC1B236), ref: 00007FF6ACC1B37E
WSACleanup.WS2_32 ref: 00007FF6ACC1B3A6

Strings

called `Option::unwrap()` on a `None` value, xrefs: 00007FF6ACC1B3B3
lock count overflow in reentrant mutexlibrary\std\src\sync\remutex.rs, xrefs: 00007FF6ACC1B2B0

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: ExclusiveLock$AcquireCleanupRelease
String ID: called `Option::unwrap()` on a `None` value$lock count overflow in reentrant mutexlibrary\std\src\sync\remutex.rs
API String ID: 220092793-2043005836
Opcode ID: efd448666f6f8d215e28ff117b3abb25a29ac3a18ebbdc6518b2f7e093eaa245
Instruction ID: b789f1695ccef872a8020d193d7e0f35d4d433beff54c5bb5e386ee6a196da4f
Opcode Fuzzy Hash: efd448666f6f8d215e28ff117b3abb25a29ac3a18ebbdc6518b2f7e093eaa245
Instruction Fuzzy Hash: 45518C69E0AA8695FB11DBA8E8543B82370EB64324F808631D95FD23A3DF3CF595C710

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACC26C90 Relevance: 7.7, APIs: 5, Instructions: 199networkCOMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140 ref: 00007FF6ACC26CD8
getaddrinfo.WS2_32 ref: 00007FF6ACC26DFD
WSAGetLastError.WS2_32 ref: 00007FF6ACC26E07

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: ErrorLastgetaddrinfomemcpy
String ID:
API String ID: 1131991525-0
Opcode ID: 94ea0df7c53acda5d5b0866cfd13dda87131a7d3bd7490fd4dbfb2bb44b87d22
Instruction ID: 785af3b494f96c71b000c5e1637e42fab07b1758dcc8621b30e8d900da99211e
Opcode Fuzzy Hash: 94ea0df7c53acda5d5b0866cfd13dda87131a7d3bd7490fd4dbfb2bb44b87d22
Instruction Fuzzy Hash: 60811376A0AB8581FB609B15E4003B9A7B0FBA47A4F549171DE8E867D4EF7CE4C5C310

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACB81769 Relevance: 7.7, APIs: 6, Instructions: 159COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140 ref: 00007FF6ACB81862
memcpy.VCRUNTIME140 ref: 00007FF6ACB8189D

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: memcpy
String ID:
API String ID: 3510742995-0
Opcode ID: 346086b44ada2f1e3a0340000f7b47c619b1f58ab660616d89be969b92b0765c
Instruction ID: 017444e9a9c4dff26e23f19667089f11fb1f71546c3974dd088621227231b317
Opcode Fuzzy Hash: 346086b44ada2f1e3a0340000f7b47c619b1f58ab660616d89be969b92b0765c
Instruction Fuzzy Hash: 2B71B13270E6E284EB61DB25D4047EC6361EB86F88F884035CE8D8B79ADF2DD146C351

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACBF5D4E Relevance: 7.6, APIs: 6, Instructions: 117COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140 ref: 00007FF6ACBF6887

Part of subcall function 00007FF6ACBDCB7D: memcpy.VCRUNTIME140 ref: 00007FF6ACBDCBBA

memcpy.VCRUNTIME140 ref: 00007FF6ACBF6986
memcpy.VCRUNTIME140 ref: 00007FF6ACBF69AF
memcpy.VCRUNTIME140 ref: 00007FF6ACBF69D5
memcpy.VCRUNTIME140 ref: 00007FF6ACBF6A1F
memcpy.VCRUNTIME140 ref: 00007FF6ACBF6A45
memcpy.VCRUNTIME140 ref: 00007FF6ACBF6A72
memcpy.VCRUNTIME140 ref: 00007FF6ACBF6AAB
memcpy.VCRUNTIME140 ref: 00007FF6ACBF6AEA
memcpy.VCRUNTIME140 ref: 00007FF6ACBF6B26
memcpy.VCRUNTIME140 ref: 00007FF6ACBF6C0C

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: memcpy
String ID:
API String ID: 3510742995-0
Opcode ID: 909dc707576a7b86f9a64ddb49f0860af99a7800cc31e2462320c74395d2e751
Instruction ID: 8e3baa761d6964c3eac7116ca13c336acf9e7348c4cdc87e7f9cb1d3306e3c4a
Opcode Fuzzy Hash: 909dc707576a7b86f9a64ddb49f0860af99a7800cc31e2462320c74395d2e751
Instruction Fuzzy Hash: EB51CC26A09AC181E6718B29E0453EEA360FF96344F009125DFCD47B96DF3EE295C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACBC4DEB Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 237COMMON

Download Yara Rule

APIs

WaitOnAddress.KERNELBASE ref: 00007FF6ACBC4EF9
CloseHandle.KERNEL32 ref: 00007FF6ACBC4F4E

Strings

called `Option::unwrap()` on a `None` value, xrefs: 00007FF6ACBC509A
use of std::thread::current() is not possible after the thread's local data has been destroyed, xrefs: 00007FF6ACBC5025, 00007FF6ACBC503D

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: AddressCloseHandleWait
String ID: called `Option::unwrap()` on a `None` value$use of std::thread::current() is not possible after the thread's local data has been destroyed
API String ID: 592885855-4159215923
Opcode ID: 4cbd011a4454beaccd62c88be50fc936397f8323f78a8fa1a7e9d5b9002a744a
Instruction ID: ae5984efad0d06cf363a9bfee15ecd57b11330c8325de76b1235ebdf17ce67cd
Opcode Fuzzy Hash: 4cbd011a4454beaccd62c88be50fc936397f8323f78a8fa1a7e9d5b9002a744a
Instruction Fuzzy Hash: D691C622A0AA6294EB11CF65E8507F92770FB49BA8F444231EE6D877D0DF3DE586C340

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACBBAAAD Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 115COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140 ref: 00007FF6ACBBAB62

Strings

/rustc/cc66ad468955717ab92600c770da8c1601a4ff33\library\core\src\sync\atomic.rsthere is no such thing as an acquire store, xrefs: 00007FF6ACBBAB15, 00007FF6ACBBC558, 00007FF6ACBBC9D8
failed to park thread, xrefs: 00007FF6ACBBC51C

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: memcpy
String ID: /rustc/cc66ad468955717ab92600c770da8c1601a4ff33\library\core\src\sync\atomic.rsthere is no such thing as an acquire store$failed to park thread
API String ID: 3510742995-2705530224
Opcode ID: f9924bf10e59e7cfa5430add25aca21243f87efeb2c33ce1b0f31075c10c3233
Instruction ID: 46c4abffaedc2e5007b64a65a7de58a353e9ebc95e88d8c506d93dcfc0a408fb
Opcode Fuzzy Hash: f9924bf10e59e7cfa5430add25aca21243f87efeb2c33ce1b0f31075c10c3233
Instruction Fuzzy Hash: 4B51833290ABC6D4EA219B58E4813F97374FF95344F508232DACD926A6EF3DE246C750

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACC30380 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 73threadCOMMON

Download Yara Rule

APIs

SetThreadStackGuarantee.KERNELBASE ref: 00007FF6ACC303A1
GetLastError.KERNEL32 ref: 00007FF6ACC303AB

Strings

/rustc/cc66ad468955717ab92600c770da8c1601a4ff33\library\core\src\sync\atomic.rsthere is no such thing as an acquire store, xrefs: 00007FF6ACC3040D

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: ErrorGuaranteeLastStackThread
String ID: /rustc/cc66ad468955717ab92600c770da8c1601a4ff33\library\core\src\sync\atomic.rsthere is no such thing as an acquire store
API String ID: 2304615615-834858101
Opcode ID: 889d127f158086ee74f557d1085a67dfe92c8af55c5afebe322c79042a5259dc
Instruction ID: 253c7b3c59fedcd6eb23336adfe008ccac7da75bd6318ba5a3c757e1975cb71f
Opcode Fuzzy Hash: 889d127f158086ee74f557d1085a67dfe92c8af55c5afebe322c79042a5259dc
Instruction Fuzzy Hash: 05315A23E05B5199E7009F61E8852EC7BB4FB84B58F548636DE5E937A5DF38D582C300

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACC27290 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 38networkCOMMON

Download Yara Rule

APIs

memset.VCRUNTIME140 ref: 00007FF6ACC272BB
WSAStartup.WS2_32 ref: 00007FF6ACC272C7

Strings

called `Option::unwrap()` on a `None` value, xrefs: 00007FF6ACC272E9

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: Startupmemset
String ID: called `Option::unwrap()` on a `None` value
API String ID: 1873301828-836832528
Opcode ID: f9bb0ebc86d3da28b1439102763b4785a4bd7f93670612f565a5b312c3411b78
Instruction ID: 1078d88dbcaf35e01efb03cc1fd251c149f40c539247345d65f2f6a577da503b
Opcode Fuzzy Hash: f9bb0ebc86d3da28b1439102763b4785a4bd7f93670612f565a5b312c3411b78
Instruction Fuzzy Hash: 7F016D76A5AB1B81F754AF25E5493EA6371EB84B80F40C032DA5E8BB94DF3CE106C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACBF30B9 Relevance: 5.2, APIs: 4, Instructions: 159COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140 ref: 00007FF6ACBF30CA
memcpy.VCRUNTIME140 ref: 00007FF6ACBF30F2
memcpy.VCRUNTIME140 ref: 00007FF6ACBF31D9
memcpy.VCRUNTIME140 ref: 00007FF6ACBF31EE

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: memcpy
String ID:
API String ID: 3510742995-0
Opcode ID: b3b14d5bf8e044bfd669ab79cdd523fdbb93a5ebff59ecbe7d1efc76327cf1f4
Instruction ID: fd80482b27dc1e4852293a2917b08bf33f9ae2956e138eb9eea369a4cd74d1e4
Opcode Fuzzy Hash: b3b14d5bf8e044bfd669ab79cdd523fdbb93a5ebff59ecbe7d1efc76327cf1f4
Instruction Fuzzy Hash: 1E61F816A1D6E289E760DB15A0003BEB761FF96784F404032EE8E877CACF2DE605C741

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACBEE818 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 74COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140 ref: 00007FF6ACBEEDE0
memcpy.VCRUNTIME140 ref: 00007FF6ACBEEE09

Strings

`async fn` resumed after completion, xrefs: 00007FF6ACBEED15

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: memcpy
String ID: `async fn` resumed after completion
API String ID: 3510742995-507674517
Opcode ID: 7ba7805b45cc77f29b3e374e0a0970859498acd2c4593819fdc4379c1930f5d2
Instruction ID: e223f3f8e45a81e8f9ff06f1ec8727402cefe291b2aae672ba99fbda73147023
Opcode Fuzzy Hash: 7ba7805b45cc77f29b3e374e0a0970859498acd2c4593819fdc4379c1930f5d2
Instruction Fuzzy Hash: 39417CA6A09BE5C1E765CB14E4547F87378FB9AB4DF458122CE8D83261DF39E282C300

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACC22010 Relevance: 4.6, APIs: 3, Instructions: 65COMMON

Download Yara Rule

APIs

GetFileInformationByHandle.KERNELBASE ref: 00007FF6ACC2203E
GetFileInformationByHandleEx.KERNEL32 ref: 00007FF6ACC22076
GetLastError.KERNEL32 ref: 00007FF6ACC220FA

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: FileHandleInformation$ErrorLast
String ID:
API String ID: 3070998852-0
Opcode ID: af5ab4bf324c486a60537bfae912b8b427ffcddb63bc92ae55d6c5512ecf48c3
Instruction ID: 06fac5de85f4b0df4f5faaed7373bf92923b36964ba671056c27affcb2a66473
Opcode Fuzzy Hash: af5ab4bf324c486a60537bfae912b8b427ffcddb63bc92ae55d6c5512ecf48c3
Instruction Fuzzy Hash: D8314B7261868187E3348F1AF5417AAB7B1FB98794F109124EBCA83B54EF7DE581CB00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACBEF3A3 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 225COMMON

Download Yara Rule

Strings

`async fn` resumed after completion, xrefs: 00007FF6ACBEF5D2, 00007FF6ACBEF5E2

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID:
String ID: `async fn` resumed after completion
API String ID: 0-507674517
Opcode ID: 8c14774ffa7984e9ce8ce018ea99f6f5f285283b20d869dc6d2e10b8f2c9be44
Instruction ID: ebd564b86275ecdf4a552645acc00a59778db8478e232bfa82fee5043eb6c4ff
Opcode Fuzzy Hash: 8c14774ffa7984e9ce8ce018ea99f6f5f285283b20d869dc6d2e10b8f2c9be44
Instruction Fuzzy Hash: 89919426A1AB9582EA318B25A4013BAA7B0FF57B90F444171DFCE87B51DF3DE582C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACC174C4 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 121COMMON

Download Yara Rule

APIs

AcquireCredentialsHandleA.SECUR32 ref: 00007FF6ACC175F0

Strings

Microsoft Unified Security Protocol Provider, xrefs: 00007FF6ACC175DE

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: AcquireCredentialsHandle
String ID: Microsoft Unified Security Protocol Provider
API String ID: 3250056690-238809041
Opcode ID: adfd6c70846423f5407c03b49ca501d1cb56ac9780cd5761bb501d7cb70fd068
Instruction ID: 8afa99eb362f8b952b6f146f732313ac3e64dc720a9c2ab26e80629f858f25e5
Opcode Fuzzy Hash: adfd6c70846423f5407c03b49ca501d1cb56ac9780cd5761bb501d7cb70fd068
Instruction Fuzzy Hash: 1E410822A1A78182FB60CF1AE4007BA67B1FB89794F148135DE8E87795DF3DE496C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACBAEC0F Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 29windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6ACBC3270: memset.VCRUNTIME140(?,?,?,?,00007FF6ACBC3571), ref: 00007FF6ACBC3291
Part of subcall function 00007FF6ACBC3270: memset.VCRUNTIME140(?,?,?,?,00007FF6ACBC3571), ref: 00007FF6ACBC32A5

Shell_NotifyIconW.SHELL32 ref: 00007FF6ACBAEC4E

Strings

INTERNAL ERROR: TrayNotification handle is not HWND!lib\native-windows-gui\src\controls\tray_notification.rs, xrefs: 00007FF6ACBAEC6F

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: memset$IconNotifyShell_
String ID: INTERNAL ERROR: TrayNotification handle is not HWND!lib\native-windows-gui\src\controls\tray_notification.rs
API String ID: 775735060-761690577
Opcode ID: c2a65cdfd06b40b81ae4351b165dd9ef4124c4eb4a09cb7a89079e39cbee7d7b
Instruction ID: b07a91b49d71c914d002a9c2dfbc2425b85b5bb06659c88767adb7a4897612d7
Opcode Fuzzy Hash: c2a65cdfd06b40b81ae4351b165dd9ef4124c4eb4a09cb7a89079e39cbee7d7b
Instruction Fuzzy Hash: 76F05422E0F55352FA65A724E4053FA1660DF96750F508039D5AE9A6C2DD2DF6968300

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACBEEE26 Relevance: 3.2, APIs: 1, Strings: 1, Instructions: 165COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140 ref: 00007FF6ACBEEEF8

Strings

tcp connect error, xrefs: 00007FF6ACBEEFA6

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: memcpy
String ID: tcp connect error
API String ID: 3510742995-3983906501
Opcode ID: 80a3ad2a3e419ece000124446244cc6738db1026fbc1d14dd646801e2393b0f4
Instruction ID: 27e8d222a09e8eca177af5e42ae7fe2268495e48d6a8080aec1b04a45752782c
Opcode Fuzzy Hash: 80a3ad2a3e419ece000124446244cc6738db1026fbc1d14dd646801e2393b0f4
Instruction Fuzzy Hash: 15818F36A0DBE5C0E621CB15E4057EAB364FB9AB88F004162DE8D57756DF2EE186C701

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACC21E00 Relevance: 3.2, APIs: 2, Instructions: 155fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNELBASE ref: 00007FF6ACC21FAB
GetLastError.KERNEL32 ref: 00007FF6ACC21FE0

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: CreateErrorFileLast
String ID:
API String ID: 1214770103-0
Opcode ID: c01b092ee50e71a486e0ab02c04bc27a1ea34b23a9f43f4cf6f74b20f5628b13
Instruction ID: d35d89eaf3226618764817637b33414e4a6eda73dc9015fa23146ffa2ea805a3
Opcode Fuzzy Hash: c01b092ee50e71a486e0ab02c04bc27a1ea34b23a9f43f4cf6f74b20f5628b13
Instruction Fuzzy Hash: F551B311A0D29253FA759B12962437A2BB0BF05794F2421B1DFAF87AD1DF3DECA58700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACC2FEB0 Relevance: 3.1, APIs: 2, Instructions: 85threadCOMMON

Download Yara Rule

APIs

CreateThread.KERNELBASE ref: 00007FF6ACC2FF1B
GetLastError.KERNEL32 ref: 00007FF6ACC2FF64

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: CreateErrorLastThread
String ID:
API String ID: 1689873465-0
Opcode ID: c8fba45091aa9e287e60deb80a005f70438253e80e1b303b889a6ecba4c1972d
Instruction ID: 83ad5d880c64de2c72a1457e759033470454351f1e02c99ed817f94b8995904d
Opcode Fuzzy Hash: c8fba45091aa9e287e60deb80a005f70438253e80e1b303b889a6ecba4c1972d
Instruction Fuzzy Hash: 0F31B133B05B0185FB109B61E8043AD67B5BB88BA4F148534EEAD97BD8DF38D486C310

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACC23A40 Relevance: 3.1, APIs: 2, Instructions: 52COMMON

Download Yara Rule

APIs

CreateDirectoryW.KERNELBASE ref: 00007FF6ACC23AA0
GetLastError.KERNEL32 ref: 00007FF6ACC23AC0

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: CreateDirectoryErrorLast
String ID:
API String ID: 1375471231-0
Opcode ID: d8d6bbc2d2e08da40612f3c7e01ef503ce3ce8caed79a4eef3234420ec0ccdd0
Instruction ID: af29cd1fb92e65b0c50c85ef00926e8d26f49a49598a6d768c6589ce182b706c
Opcode Fuzzy Hash: d8d6bbc2d2e08da40612f3c7e01ef503ce3ce8caed79a4eef3234420ec0ccdd0
Instruction Fuzzy Hash: 7811A321B0E65181EA61A755A15127BA275BFC8BD0F0C5131ED8F97F89DE3CD9828710

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACC36B00 Relevance: 3.1, APIs: 2, Instructions: 51fileCOMMON

Download Yara Rule

APIs

DeleteFileW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,00007FF6ACBAFB01), ref: 00007FF6ACC36B5E
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF6ACBAFB01), ref: 00007FF6ACC36B7E

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: DeleteErrorFileLast
String ID:
API String ID: 2018770650-0
Opcode ID: 6e3eb8a19f4c73c2f802d6adb3268c2bfad5baad81961feec87e097da9e89959
Instruction ID: 049ca77b725249c691377087f44387494ff3ae8bb2cdd087d91f413f096d7a49
Opcode Fuzzy Hash: 6e3eb8a19f4c73c2f802d6adb3268c2bfad5baad81961feec87e097da9e89959
Instruction Fuzzy Hash: 8D11A325B1E65141EA61AB12B24127EE370FFC8BD4F084130ED8F97B89DE3CE9429B10

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACC1A330 Relevance: 3.0, APIs: 2, Instructions: 36threadCOMMON

Download Yara Rule

APIs

GetCurrentThread.KERNEL32 ref: 00007FF6ACC1A37C
SetThreadDescription.KERNELBASE ref: 00007FF6ACC1A38F

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: Thread$CurrentDescription
String ID:
API String ID: 654298328-0
Opcode ID: 3b0f17b73d55c4ec01b76b67364f05aeef3b3332a0cb9eea68180be82311dd3f
Instruction ID: d6a233ea2bab02895614e81a9b745c4a079cedb4b032327bb88a1cbe509386ef
Opcode Fuzzy Hash: 3b0f17b73d55c4ec01b76b67364f05aeef3b3332a0cb9eea68180be82311dd3f
Instruction Fuzzy Hash: 1A01A255A0E99281EA11A75AE4043BD6370EF81FD0F984032EA4F97B99CE3CE9868710

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACC3A0D4 Relevance: 3.0, APIs: 2, Instructions: 22networkCOMMON

Download Yara Rule

APIs

setsockopt.WS2_32 ref: 00007FF6ACC3A101
WSAGetLastError.WS2_32 ref: 00007FF6ACC3A110

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: ErrorLastsetsockopt
String ID:
API String ID: 1729277954-0
Opcode ID: eef715f778cefa36e8380584186b44171a04f204dee2129086a27648c525401d
Instruction ID: bf7d8f6c523902cdd048a6aa1ee3a68f4292b131a4e3fbaa565cacbcdda17413
Opcode Fuzzy Hash: eef715f778cefa36e8380584186b44171a04f204dee2129086a27648c525401d
Instruction Fuzzy Hash: 10E0D861B29501C6E7205B74A04537AB370AB98B40F504931D95FC67E0DF3DC166CB10

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACB85139 Relevance: 2.6, APIs: 2, Instructions: 133COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,?,?,?,?,?,00007FF6ACBCCB65,?,?,?,?,?,?,?,00007FF6ACBCF0D6), ref: 00007FF6ACB851A1
memcpy.VCRUNTIME140 ref: 00007FF6ACB851DC

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: memcpy
String ID:
API String ID: 3510742995-0
Opcode ID: 7bb8036c191154707ccd01f092784ba7290adc474d8abba6d22610966dc78fdf
Instruction ID: 6d10a2acac5cc401fd8a44136ff4ff2243f208331e896da0a396c0b760da1ee9
Opcode Fuzzy Hash: 7bb8036c191154707ccd01f092784ba7290adc474d8abba6d22610966dc78fdf
Instruction Fuzzy Hash: 70519A72B06B5782EE14CF26E6846AD7361FB56B80B448431CF8E97790DF3EE0A59340

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACB817AD Relevance: 2.6, APIs: 2, Instructions: 70COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6ACBBD3B5: memcpy.VCRUNTIME140 ref: 00007FF6ACBBD4BC

memcpy.VCRUNTIME140 ref: 00007FF6ACB81862

Part of subcall function 00007FF6ACC0F04C: memcpy.VCRUNTIME140 ref: 00007FF6ACC0F06D

memcpy.VCRUNTIME140 ref: 00007FF6ACB8189D

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: memcpy
String ID:
API String ID: 3510742995-0
Opcode ID: 31f89930d24af2daad1fb0bc22f674fed1457b5be85875dd81ecb978a3b0060d
Instruction ID: cbddad74f680e976cb4f4dfcf567f2bac4de95ebff6db09db8993de142dc1892
Opcode Fuzzy Hash: 31f89930d24af2daad1fb0bc22f674fed1457b5be85875dd81ecb978a3b0060d
Instruction Fuzzy Hash: 4E314A3271AAD2C4EB51DF21A4043ED6361E786B98F884136CE8D5B79ACF39D186C311

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACBDCB7D Relevance: 2.5, APIs: 2, Instructions: 43COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140 ref: 00007FF6ACBDCBBA
memcpy.VCRUNTIME140 ref: 00007FF6ACBDCBDD

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: memcpy
String ID:
API String ID: 3510742995-0
Opcode ID: c60fce83c25590f01a546e191aac22d9e1c6df0e80ed588a290c61a0a07afb2b
Instruction ID: 8f46798cd8499ef1100ac2bd26bb4d08b64ff4a3d66be4d2bfa280947fe712b2
Opcode Fuzzy Hash: c60fce83c25590f01a546e191aac22d9e1c6df0e80ed588a290c61a0a07afb2b
Instruction Fuzzy Hash: 90017176B0975681FB25AE12F5413BD63A0AB967E4F488030DEDE86B82DF7ED4818701

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACC4B488 Relevance: 1.6, APIs: 1, Instructions: 130COMMON

Download Yara Rule

APIs

SleepEx.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF6ACC4B5AD

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: Sleep
String ID:
API String ID: 3472027048-0
Opcode ID: 9df022a7ff477967f5b40402e89abdf6c02ba20dca4135238c7ce2d350d90f22
Instruction ID: e3227557e2dee6d65468920706b835d4de76b284ba6ecb00bb133f83f5237957
Opcode Fuzzy Hash: 9df022a7ff477967f5b40402e89abdf6c02ba20dca4135238c7ce2d350d90f22
Instruction Fuzzy Hash: 8751D922A0EA8141FB658B25E5693B9A7B0FF89748F448135DE8E87796CF3DE446C300

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACBDA585 Relevance: 1.6, APIs: 1, Instructions: 80registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNELBASE ref: 00007FF6ACBDA60B

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 9a7d025ff2323c45462b7808ba4d75206d026866eb62d127f91c39fe77137139
Instruction ID: 3ba87c2472f57bb06e5ab2ed0168789447aefb1340abb07dc450782c2182ff5f
Opcode Fuzzy Hash: 9a7d025ff2323c45462b7808ba4d75206d026866eb62d127f91c39fe77137139
Instruction Fuzzy Hash: C9319F2261AB9085E6518B02F94176AB7A4FB8A7D4F149131FE8E87B45CF7DE581C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACBDCF03 Relevance: 1.6, APIs: 1, Instructions: 58COMMON

Download Yara Rule

APIs

ApplyControlToken.SECUR32 ref: 00007FF6ACBDCF68

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: ApplyControlToken
String ID:
API String ID: 61203409-0
Opcode ID: a3c625a021363f20362f489640186cf4e63d00c1e488a834b670428d9e2fd4fa
Instruction ID: c1c92e4b20132af5b90feb43c546c830f4d8223d1e4576932ebdf6bbd4470524
Opcode Fuzzy Hash: a3c625a021363f20362f489640186cf4e63d00c1e488a834b670428d9e2fd4fa
Instruction Fuzzy Hash: F621A472A19A9186EB618F15E5803BD67E1EB46BC0F104031EB9EC7695DF3EE499C302

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACBF6E54 Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

closesocket.WS2_32 ref: 00007FF6ACBF6ED5

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: closesocket
String ID:
API String ID: 2781271927-0
Opcode ID: b74f8c674f612cceba1689502afd75c8d1a2d407e689c485258de5e9c1353e16
Instruction ID: 87bbdb6615cc76d8b66f15ba43a8895b9a831f4606c3aead0fb87462179dc3e8
Opcode Fuzzy Hash: b74f8c674f612cceba1689502afd75c8d1a2d407e689c485258de5e9c1353e16
Instruction Fuzzy Hash: 7611942EE0A56245FE219A26D55017D7370EF92FA0F444136DE6ECB7D2DE2DE8428380

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACBF6E72 Relevance: 1.6, APIs: 1, Instructions: 50COMMON

Download Yara Rule

APIs

closesocket.WS2_32 ref: 00007FF6ACBF6ED5

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: closesocket
String ID:
API String ID: 2781271927-0
Opcode ID: 2693b5e6fbc1207850141977f41b0dec65f69872b8b475b97f2b870bd3ca0d04
Instruction ID: 8fe64c005ace8308452143168110b43d0255a75396429066609280f908575439
Opcode Fuzzy Hash: 2693b5e6fbc1207850141977f41b0dec65f69872b8b475b97f2b870bd3ca0d04
Instruction Fuzzy Hash: 9711A92BA0A51181FA21AB27E54157D6330EF95FA0B444231DF5E8B7D2DE2DE8938340

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACBF6D10 Relevance: 1.5, APIs: 1, Instructions: 47COMMON

Download Yara Rule

APIs

closesocket.WS2_32 ref: 00007FF6ACBF6ED5

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: closesocket
String ID:
API String ID: 2781271927-0
Opcode ID: 48d0cd5cc2807625d220f08a2035b068e17dc256d56ecc68c3b1f08d51e7eb7c
Instruction ID: 933b899a0363f2132656ef9fce6494fd3b1a33db7de3c5166ef26508c5ce5807
Opcode Fuzzy Hash: 48d0cd5cc2807625d220f08a2035b068e17dc256d56ecc68c3b1f08d51e7eb7c
Instruction Fuzzy Hash: 7611A92AA0A51181EB319B27D54057D7330EF95FA0F444131DE5F8B7D2CE2DE8438380

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACC102E6 Relevance: 1.5, APIs: 1, Instructions: 35COMMON

Download Yara Rule

APIs

DeleteSecurityContext.SECUR32(?,?,?,00007FF6ACC103F2), ref: 00007FF6ACC10265

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: ContextDeleteSecurity
String ID:
API String ID: 4039438073-0
Opcode ID: 44c9c8c7bce263c797afba1b23850145d553a66eea2085005a35d3116d559d24
Instruction ID: 9e6a15f2f260982a46b74b2bcd4fb88396ddb56f1875e8338963ba7963bdaf5f
Opcode Fuzzy Hash: 44c9c8c7bce263c797afba1b23850145d553a66eea2085005a35d3116d559d24
Instruction Fuzzy Hash: D5010476A0A951C2EA65EB66E4913BE6360FF96780F409032DBDFD3255DE1DF8468300

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACBC2FBF Relevance: 1.5, APIs: 1, Instructions: 18windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32 ref: 00007FF6ACBC2FD8

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: 4e443f7dceac4cdab567c597dfaf4886a65f0e37769fa38cf8b8c37d0c7d3490
Instruction ID: d65db92d4bb6793f58eca14d5196d25d6ed30ec32414f567c839a39c28dcd1cb
Opcode Fuzzy Hash: 4e443f7dceac4cdab567c597dfaf4886a65f0e37769fa38cf8b8c37d0c7d3490
Instruction Fuzzy Hash: 14D01218F1F46781FBA426251B46D7E0191AB96300F60C431D61EC49C5CC2EF9C21602

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACC17292 Relevance: 1.5, APIs: 1, Instructions: 17COMMON

Download Yara Rule

APIs

QueryContextAttributesW.SECUR32 ref: 00007FF6ACC172A4

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: AttributesContextQuery
String ID:
API String ID: 1320229847-0
Opcode ID: ea7027812e9a521ad6d393489815e0482e12dad4a330f110d4227f17b1d6db1c
Instruction ID: 78aaed13fb3c4ad67f1978449137d2e4381c8d2e09222b127538edf391f3493a
Opcode Fuzzy Hash: ea7027812e9a521ad6d393489815e0482e12dad4a330f110d4227f17b1d6db1c
Instruction Fuzzy Hash: 6BE05B65F05D42C3F7648B56985136B1272B79C384F50D031D549C778CCE7CC5575750

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACC19E7B Relevance: 1.5, APIs: 1, Instructions: 10networkCOMMON

Download Yara Rule

APIs

connect.WS2_32 ref: 00007FF6ACC19E86

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: connect
String ID:
API String ID: 1959786783-0
Opcode ID: f285e0f9b91f62626910fb17d37371ceb29afac08cf25f68c1c61330feb20cd8
Instruction ID: ddf2ab737f887bff233de1fa94d85d9b80eecfe28eddf7db39833094e26933d2
Opcode Fuzzy Hash: f285e0f9b91f62626910fb17d37371ceb29afac08cf25f68c1c61330feb20cd8
Instruction Fuzzy Hash: 90C08C60F6F003C2E3581B239C4126811A07F0AB40F804038C50AC2250ED1CE4E68B00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACC32A60 Relevance: 1.5, APIs: 1, Instructions: 3COMMON

Download Yara Rule

APIs

ExitProcess.KERNEL32 ref: 00007FF6ACC32A69

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: ExitProcess
String ID:
API String ID: 621844428-0
Opcode ID: 3a264cae7a1b36bd45ec842a3ca9c24b4c161323c77393ef7d2b2674ce850e52
Instruction ID: edbdf909ff913f4a984f33d872f1db0ca3eb591e0b754bae1a84a6b9b562378d
Opcode Fuzzy Hash: 3a264cae7a1b36bd45ec842a3ca9c24b4c161323c77393ef7d2b2674ce850e52
Instruction Fuzzy Hash: 53A00220A1644186E3082751A95936C21319B59762F516435C10B56691CD5D94D54765

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00007FF6ACBF0761 Relevance: 143.1, APIs: 74, Strings: 7, Instructions: 1307COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140 ref: 00007FF6ACBF09C8
memcpy.VCRUNTIME140 ref: 00007FF6ACBF09DD

Strings

future polled after completion, xrefs: 00007FF6ACBF2101, 00007FF6ACBF2121
authority implies host, xrefs: 00007FF6ACBF0EF0, 00007FF6ACBF0F6A, 00007FF6ACBF0F87
proxy headers too long for tunnelunexpected eof while tunnelingC:\Users\rt-dev\.cargo\registry\src\index.crates.io-6f17d22bba15001f\hyper-0.14.28\src\client\pool.rs, xrefs: 00007FF6ACBF226E
`async fn` resumed after completion, xrefs: 00007FF6ACBF2111, 00007FF6ACBF213B
/rustc/cc66ad468955717ab92600c770da8c1601a4ff33\library\core\src\sync\atomic.rsthere is no such thing as an acquire store, xrefs: 00007FF6ACBF0FCE, 00007FF6ACBF1804
no host in urlscheme and authority is valid Uri, xrefs: 00007FF6ACBF10AD, 00007FF6ACBF1836
User-Agent: Proxy-Authorization: , xrefs: 00007FF6ACBF0ECB

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: memcpy
String ID: authority implies host$/rustc/cc66ad468955717ab92600c770da8c1601a4ff33\library\core\src\sync\atomic.rsthere is no such thing as an acquire store$User-Agent: Proxy-Authorization: $`async fn` resumed after completion$future polled after completion$no host in urlscheme and authority is valid Uri$proxy headers too long for tunnelunexpected eof while tunnelingC:\Users\rt-dev\.cargo\registry\src\index.crates.io-6f17d22bba15001f\hyper-0.14.28\src\client\pool.rs
API String ID: 3510742995-1783931369
Opcode ID: f16dbd089796403662462d5abccef41eb8d3f77db58e3c27ec1918caac67a3bb
Instruction ID: c4931d0c4a4950623f3f2be3641eede95e3df2a058fa1118924fc8c3f47b20ae
Opcode Fuzzy Hash: f16dbd089796403662462d5abccef41eb8d3f77db58e3c27ec1918caac67a3bb
Instruction Fuzzy Hash: 9DE2D126A09BD284E760DF25E4443EE6360FB96B88F448036CE8D8779ADF3DD285C751

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACC2E310 Relevance: 26.8, APIs: 14, Strings: 1, Instructions: 528COMMON

Download Yara Rule

APIs

SetLastError.KERNEL32 ref: 00007FF6ACC30CBF
GetFullPathNameW.KERNEL32 ref: 00007FF6ACC30CD5
GetLastError.KERNEL32 ref: 00007FF6ACC30CE1
GetLastError.KERNEL32 ref: 00007FF6ACC30CFA
memcmp.VCRUNTIME140 ref: 00007FF6ACC30D7D
GetLastError.KERNEL32 ref: 00007FF6ACC30D95
SetLastError.KERNEL32 ref: 00007FF6ACC3117F
GetFullPathNameW.KERNEL32 ref: 00007FF6ACC31195
GetLastError.KERNEL32 ref: 00007FF6ACC311A2
GetLastError.KERNEL32 ref: 00007FF6ACC311BB

Strings

internal error: entered unreachable codeC:\Users\rt-dev\.cargo\registry\src\index.crates.io-6f17d22bba15001f\tokio-1.37.0\src\sync\notify.rs, xrefs: 00007FF6ACC30EF2, 00007FF6ACC313B7

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: ErrorLast$FullNamePath$memcmp
String ID: internal error: entered unreachable codeC:\Users\rt-dev\.cargo\registry\src\index.crates.io-6f17d22bba15001f\tokio-1.37.0\src\sync\notify.rs
API String ID: 1351486824-1553992548
Opcode ID: 90e0ae4409a6cb7930f41a37e7f149ed77aef8c46a33d6af30d3d0d41da57ff9
Instruction ID: b78f1ecea6639fbbc5439f90293eb07045ef89a7d75faf015e57b9e3ffb03cd6
Opcode Fuzzy Hash: 90e0ae4409a6cb7930f41a37e7f149ed77aef8c46a33d6af30d3d0d41da57ff9
Instruction Fuzzy Hash: 6A32B462A067C289E7719F21E9447E9A3B8FB44B98F048135DE5E9BB85DF7CD285C300

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACC224A0 Relevance: 17.9, APIs: 7, Strings: 3, Instructions: 425COMMON

Download Yara Rule

APIs

SetLastError.KERNEL32 ref: 00007FF6ACC22688
GetFullPathNameW.KERNEL32 ref: 00007FF6ACC226A1
GetLastError.KERNEL32 ref: 00007FF6ACC226AD
GetLastError.KERNEL32 ref: 00007FF6ACC226C6

Strings

\\?\\\?\UNC\, xrefs: 00007FF6ACC227B9, 00007FF6ACC2282C
/rustc/cc66ad468955717ab92600c770da8c1601a4ff33\library\core\src\sync\atomic.rsthere is no such thing as an acquire store, xrefs: 00007FF6ACC227DF, 00007FF6ACC22870, 00007FF6ACC2287C, 00007FF6ACC22B60
internal error: entered unreachable codeC:\Users\rt-dev\.cargo\registry\src\index.crates.io-6f17d22bba15001f\tokio-1.37.0\src\sync\notify.rs, xrefs: 00007FF6ACC22AE4

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: ErrorLast$FullNamePath
String ID: /rustc/cc66ad468955717ab92600c770da8c1601a4ff33\library\core\src\sync\atomic.rsthere is no such thing as an acquire store$\\?\\\?\UNC\$internal error: entered unreachable codeC:\Users\rt-dev\.cargo\registry\src\index.crates.io-6f17d22bba15001f\tokio-1.37.0\src\sync\notify.rs
API String ID: 2482867836-92575520
Opcode ID: 97be710fc74bac047c885d8233cac3a08e170369620a918bff87946b7e115149
Instruction ID: c62dba108d6a41e5868a1e75f85e0c9e36b3e85d5a5d794041d7314ad0e2038d
Opcode Fuzzy Hash: 97be710fc74bac047c885d8233cac3a08e170369620a918bff87946b7e115149
Instruction Fuzzy Hash: 3912D462A0AA9685EB70EF11C8647F823B4FB04BA8F509575DA5E877C4EF7CD681D300

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACBE8FB9 Relevance: 17.9, APIs: 2, Strings: 9, Instructions: 1398COMMON

Download Yara Rule

Strings

assertion failed: self.remote.is_none()C:\Users\rt-dev\.cargo\registry\src\index.crates.io-6f17d22bba15001f\h2-0.3.26\src\proto\settings.rs, xrefs: 00007FF6ACBED8D3
invalid settings frame, xrefs: 00007FF6ACBE97CE, 00007FF6ACBE9A9F
assertion failed: val <= frame::MAX_MAX_FRAME_SIZE as usize, xrefs: 00007FF6ACBED96A
invalid GOAWAY frameC:\Users\rt-dev\.cargo\registry\src\index.crates.io-6f17d22bba15001f\h2-0.3.26\src\proto\go_away.rs, xrefs: 00007FF6ACBE93C3
assertion failed: DEFAULT_MAX_FRAME_SIZE as usize <= val && val <= MAX_MAX_FRAME_SIZE as usizeC:\Users\rt-dev\.cargo\registry\src\index.crates.io-6f17d22bba15001f\h2-0.3.26\src\codec\framed_read.rs, xrefs: 00007FF6ACBED8E8
invalid pong frame, xrefs: 00007FF6ACBE94E0
/rustc/cc66ad468955717ab92600c770da8c1601a4ff33\library\core\src\sync\atomic.rsthere is no such thing as an acquire store, xrefs: 00007FF6ACBE9CE4, 00007FF6ACBED781, 00007FF6ACBED7E0
bytes remaining on streamunexpected EOF during chunk size lineInvalid chunk size line: missing size digitinvalid chunk size: overflowInvalid chunk end LFInvalid chunk body CRInvalid chunk body LFInvalid chunk size LFInvalid chunk size linear white spaceinvalid, xrefs: 00007FF6ACBEAABA
invalid ping frameC:\Users\rt-dev\.cargo\registry\src\index.crates.io-6f17d22bba15001f\h2-0.3.26\src\proto\ping_pong.rs, xrefs: 00007FF6ACBE9583, 00007FF6ACBE95FD

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: PerformanceQuery$AcquireCounterExclusiveFrequencyLock
String ID: /rustc/cc66ad468955717ab92600c770da8c1601a4ff33\library\core\src\sync\atomic.rsthere is no such thing as an acquire store$assertion failed: DEFAULT_MAX_FRAME_SIZE as usize <= val && val <= MAX_MAX_FRAME_SIZE as usizeC:\Users\rt-dev\.cargo\registry\src\index.crates.io-6f17d22bba15001f\h2-0.3.26\src\codec\framed_read.rs$assertion failed: self.remote.is_none()C:\Users\rt-dev\.cargo\registry\src\index.crates.io-6f17d22bba15001f\h2-0.3.26\src\proto\settings.rs$assertion failed: val <= frame::MAX_MAX_FRAME_SIZE as usize$bytes remaining on streamunexpected EOF during chunk size lineInvalid chunk size line: missing size digitinvalid chunk size: overflowInvalid chunk end LFInvalid chunk body CRInvalid chunk body LFInvalid chunk size LFInvalid chunk size linear white spaceinvalid$invalid GOAWAY frameC:\Users\rt-dev\.cargo\registry\src\index.crates.io-6f17d22bba15001f\h2-0.3.26\src\proto\go_away.rs$invalid ping frameC:\Users\rt-dev\.cargo\registry\src\index.crates.io-6f17d22bba15001f\h2-0.3.26\src\proto\ping_pong.rs$invalid pong frame$invalid settings frame
API String ID: 3940818809-1497200981
Opcode ID: a05dd3dd5640b79fcc40cddc915b465b39cc3d6d297714778b1f977c6e7d01b0
Instruction ID: 14544dbd91fcde48518b3af5b8b771240adaedcdf17b2350a01b612ee080279d
Opcode Fuzzy Hash: a05dd3dd5640b79fcc40cddc915b465b39cc3d6d297714778b1f977c6e7d01b0
Instruction Fuzzy Hash: 8BF25B76A0EAD18AEB758B24E0403EAB7A0FB96B44F404135DB8D87B95DF3DE155CB00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACC04DA0 Relevance: 14.7, APIs: 4, Strings: 5, Instructions: 1239COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6ACB93699: AcquireSRWLockExclusive.KERNEL32(?,?,?,?,00007FF6ACB96AFF,?,?,?,11E1A2F0,?,?,00007FF6ACC0485B), ref: 00007FF6ACB936A8

Part of subcall function 00007FF6ACBEFB7A: memcpy.VCRUNTIME140 ref: 00007FF6ACBEFBDC
Part of subcall function 00007FF6ACBEFB7A: memcpy.VCRUNTIME140 ref: 00007FF6ACBEFC3A

memcpy.VCRUNTIME140 ref: 00007FF6ACC05B17
memcpy.VCRUNTIME140 ref: 00007FF6ACC05F4B
memcpy.VCRUNTIME140 ref: 00007FF6ACC0615D

Strings

called `Option::unwrap()` on a `None` value, xrefs: 00007FF6ACC06892
unexpected flow control state, xrefs: 00007FF6ACC06821, 00007FF6ACC06882
invalid frame, xrefs: 00007FF6ACC06852
invalid WINDOW_UPDATE frame, xrefs: 00007FF6ACC05487, 00007FF6ACC067F1
/rustc/cc66ad468955717ab92600c770da8c1601a4ff33\library\core\src\sync\atomic.rsthere is no such thing as an acquire store, xrefs: 00007FF6ACC06592

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: memcpy$AcquireExclusiveLock
String ID: /rustc/cc66ad468955717ab92600c770da8c1601a4ff33\library\core\src\sync\atomic.rsthere is no such thing as an acquire store$called `Option::unwrap()` on a `None` value$invalid WINDOW_UPDATE frame$invalid frame$unexpected flow control state
API String ID: 2425716495-709161842
Opcode ID: 9b3d2b3ca760539adfac64a5645b97ad8b9abc358c7ec0700f0dcde971384028
Instruction ID: 5c76f8f31e4b709a6ac28bdfe40beb1bf19052ef23783df2d82f0e4d01232612
Opcode Fuzzy Hash: 9b3d2b3ca760539adfac64a5645b97ad8b9abc358c7ec0700f0dcde971384028
Instruction Fuzzy Hash: 91D26C76A0EAC186EA759B15E0403EEB7A0FB99784F444136DB8E83B5ADF3DD145CB00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACC32C50 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 162COMMON

Download Yara Rule

APIs

QueryPerformanceFrequency.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,?,00007FF6ACC32FDD), ref: 00007FF6ACC32C86
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,?,00007FF6ACC32FDD), ref: 00007FF6ACC32DD1

Strings

attempt to divide by zero, xrefs: 00007FF6ACC32DB7
overflow when subtracting durations, xrefs: 00007FF6ACC32E71
called `Result::unwrap()` on an `Err` value, xrefs: 00007FF6ACC32DEE
/rustc/cc66ad468955717ab92600c770da8c1601a4ff33\library\core\src\sync\atomic.rsthere is no such thing as an acquire store, xrefs: 00007FF6ACC32E1F, 00007FF6ACC32E4D

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: ErrorFrequencyLastPerformanceQuery
String ID: /rustc/cc66ad468955717ab92600c770da8c1601a4ff33\library\core\src\sync\atomic.rsthere is no such thing as an acquire store$attempt to divide by zero$called `Result::unwrap()` on an `Err` value$overflow when subtracting durations
API String ID: 3362413890-2772291347
Opcode ID: 5c0c8b595aef6bbac5d5fd90b4d5f177b9f817cbf6015f6a2843a587ccfc272b
Instruction ID: a847422b25b0acf4e584ec2dc341f3697e9aa048ae5a4a4ac427dadda24a2a1c
Opcode Fuzzy Hash: 5c0c8b595aef6bbac5d5fd90b4d5f177b9f817cbf6015f6a2843a587ccfc272b
Instruction Fuzzy Hash: 6751E122F1AA5285FF19CB64E8447B9A3B5EB94754F508231D91F82B95FF3CE685C300

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACBB0666 Relevance: 8.0, APIs: 4, Strings: 1, Instructions: 469COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140 ref: 00007FF6ACBB0819
memcpy.VCRUNTIME140 ref: 00007FF6ACBB08A0

Part of subcall function 00007FF6ACBC0CBB: memcpy.VCRUNTIME140 ref: 00007FF6ACBC0CFD

Part of subcall function 00007FF6ACBC0C49: memcpy.VCRUNTIME140 ref: 00007FF6ACBC0C79

Part of subcall function 00007FF6ACBC1225: memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,00000000,?,?,?,00000000,?,00007FF6ACBB04A8), ref: 00007FF6ACBC1265

memcpy.VCRUNTIME140 ref: 00007FF6ACBB0D5B
memcpy.VCRUNTIME140 ref: 00007FF6ACBB0D9A

Strings

called `Option::unwrap()` on a `None` value, xrefs: 00007FF6ACBB1906

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: memcpy
String ID: called `Option::unwrap()` on a `None` value
API String ID: 3510742995-836832528
Opcode ID: beb599dde79f36d756282e6e096bbc1878a10fcfaef4df2b635c6c794368038f
Instruction ID: c1d62210d5dc7da5e3cf82e456f4c83e0c0e7f86279ddcc32b0bc8fdd96d4a88
Opcode Fuzzy Hash: beb599dde79f36d756282e6e096bbc1878a10fcfaef4df2b635c6c794368038f
Instruction Fuzzy Hash: DD12B562A0AA9185EB30DF25EC453ED2365FB46BC8F404135DE4D9BB9ADF39E645C300

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACBA6230 Relevance: 7.9, APIs: 3, Strings: 2, Instructions: 390COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140 ref: 00007FF6ACBA63EF
memcpy.VCRUNTIME140 ref: 00007FF6ACBA652D
memcpy.VCRUNTIME140 ref: 00007FF6ACBA670E

Strings

called `Result::unwrap()` on an `Err` value, xrefs: 00007FF6ACBA687F
capacity overflow, xrefs: 00007FF6ACBA6805, 00007FF6ACBA6834

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: memcpy
String ID: called `Result::unwrap()` on an `Err` value$capacity overflow
API String ID: 3510742995-2618782069
Opcode ID: b6ae9ca5b21502fd0790b710edf2c63990eb2dff2954c882ba4e536c725845e4
Instruction ID: 7cab3b780e467b1a6dbe65b75e7af934ece9d0fb4635499b7582541a6565ca5f
Opcode Fuzzy Hash: b6ae9ca5b21502fd0790b710edf2c63990eb2dff2954c882ba4e536c725845e4
Instruction Fuzzy Hash: 3DF1E5B6B0AB9582EA64CB05E4143AA63A4FBD5B80F408136DEDE87B98DF3DD445C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACC14E30 Relevance: 7.3, Strings: 5, Instructions: 1089COMMON

Download Yara Rule

Strings

called `Option::unwrap()` on a `None` value, xrefs: 00007FF6ACC1533B
`fmt::Error`s should be impossible without a `fmt::Formatter`, xrefs: 00007FF6ACC15EC2
__ZN, xrefs: 00007FF6ACC157BD
" fn( -> = falsetrue { }{, xrefs: 00007FF6ACC150CD
{invalid syntax}{recursion limit reached}, xrefs: 00007FF6ACC14FF4, 00007FF6ACC1521C

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID:
String ID: " fn( -> = falsetrue { }{$__ZN$`fmt::Error`s should be impossible without a `fmt::Formatter`$called `Option::unwrap()` on a `None` value${invalid syntax}{recursion limit reached}
API String ID: 0-2023270090
Opcode ID: d949ac583bdd3d810ca5987f5ea76921b89ad72f9a8b9b136b986985be345a04
Instruction ID: c5b89e368b4054e9ef4dbdb28ff8e9fc3c0acb208a7657af7d49411cb0bda704
Opcode Fuzzy Hash: d949ac583bdd3d810ca5987f5ea76921b89ad72f9a8b9b136b986985be345a04
Instruction Fuzzy Hash: B4A25462E1FA9285FE618B1AA4043BA67B1EF45794F444232EA9F877D4DF3CE841C710

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACC4C2EC Relevance: 5.2, APIs: 4, Instructions: 233COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140 ref: 00007FF6ACC4C3C5
memset.VCRUNTIME140 ref: 00007FF6ACC4C448
memcpy.VCRUNTIME140 ref: 00007FF6ACC4C4A0
memcpy.VCRUNTIME140 ref: 00007FF6ACC4C605

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: memcpy$memset
String ID:
API String ID: 438689982-0
Opcode ID: e17caec00a9932a2364c67b2d0a6728671ebcd5e1c2be9162504fd8b36a02f68
Instruction ID: 1ebc28ccf59abae1f5ba544ed53d79b6805a9b18744c4bf1e7b3104a7b85af7e
Opcode Fuzzy Hash: e17caec00a9932a2364c67b2d0a6728671ebcd5e1c2be9162504fd8b36a02f68
Instruction Fuzzy Hash: 7E813462B1AB8181EE10CB2599091B96B61EB81FE0F449335DE6F57BE5DE3CD041D300

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACC4A5E0 Relevance: 4.8, APIs: 2, Strings: 1, Instructions: 273COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140 ref: 00007FF6ACC4A6FC
memset.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,00000000,?,00007FF6ACB9142D), ref: 00007FF6ACC4A7A5

Strings

/rustc/cc66ad468955717ab92600c770da8c1601a4ff33\library\core\src\sync\atomic.rsthere is no such thing as an acquire store, xrefs: 00007FF6ACC4A5F9

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: memcpymemset
String ID: /rustc/cc66ad468955717ab92600c770da8c1601a4ff33\library\core\src\sync\atomic.rsthere is no such thing as an acquire store
API String ID: 1297977491-834858101
Opcode ID: 8c9d50352f579506cb884bff1e00828dd71987e13c18d6177f358736d41564c7
Instruction ID: 3c5132d15eeb44ba4349ed599fa419a3a4b808cabb6cf6bf9eacf4b239a0f6ba
Opcode Fuzzy Hash: 8c9d50352f579506cb884bff1e00828dd71987e13c18d6177f358736d41564c7
Instruction Fuzzy Hash: 73A1152271EB8582EA11CB25A50917AA760FB9ABD0F448735DFAE977D1DF3CD181C300

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACC22390 Relevance: 4.6, APIs: 3, Instructions: 67filenativesynchronizationCOMMON

Download Yara Rule

APIs

NtReadFile.NTDLL ref: 00007FF6ACC223DD
WaitForSingleObject.KERNEL32 ref: 00007FF6ACC223F2
RtlNtStatusToDosError.NTDLL ref: 00007FF6ACC2242A

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: ErrorFileObjectReadSingleStatusWait
String ID:
API String ID: 3583596364-0
Opcode ID: f249e83ebeb69c89721920bb073c7b43cd1fc98c70234191caeb55732ff96a18
Instruction ID: 189a13d574c8f6d80d37353f5af2092bdeac9768f74172fa5d175da68177003a
Opcode Fuzzy Hash: f249e83ebeb69c89721920bb073c7b43cd1fc98c70234191caeb55732ff96a18
Instruction Fuzzy Hash: 9C21B932A1978282F7209B25F45476A6771EB85764F109231EA9E83BA4EF7CE1C58700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACBDA278 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 165windowCOMMON

Download Yara Rule

APIs

EncryptMessage.SECUR32 ref: 00007FF6ACBDA456

Strings

assertion failed: buf.len() <= sizes.cbMaximumMessage as usize, xrefs: 00007FF6ACBDA521

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: EncryptMessage
String ID: assertion failed: buf.len() <= sizes.cbMaximumMessage as usize
API String ID: 801064719-4253526853
Opcode ID: 94067c955eea958d9efc0b7ac5b9ab0063325781f529c8e4a3c28ab33203313a
Instruction ID: d1365339d07deb90e4299d818b455aaaa946bdaa1f8d6c6bd6783deefe86fd08
Opcode Fuzzy Hash: 94067c955eea958d9efc0b7ac5b9ab0063325781f529c8e4a3c28ab33203313a
Instruction Fuzzy Hash: 03715B7260AB8286EB55CB16E4447EAB3A0FB4AB84F444035EE9E87785DF3DE184C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACC42F20 Relevance: 3.2, Strings: 2, Instructions: 681COMMON

Download Yara Rule

Strings

called `Option::unwrap()` on a `None` value, xrefs: 00007FF6ACC43AB8, 00007FF6ACC43AC8
file:///file://, xrefs: 00007FF6ACC43697

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: memcpy
String ID: called `Option::unwrap()` on a `None` value$file:///file://
API String ID: 3510742995-356431328
Opcode ID: 23c9c8d58f75fcb7320a45b584ed86d2d2cf43b314b8648d0971f6656a0062e6
Instruction ID: 21605b9c96ab383d89c443abf7233e51128f70506fc62b638944e93dc6d462d7
Opcode Fuzzy Hash: 23c9c8d58f75fcb7320a45b584ed86d2d2cf43b314b8648d0971f6656a0062e6
Instruction Fuzzy Hash: B162A162A1A7C182E660CB16D548BAAB7B9FB997C0F05C125DF9E93B55DF3CD084CB00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACBBE77D Relevance: 3.1, APIs: 2, Instructions: 55filenativeCOMMON

Download Yara Rule

APIs

NtCancelIoFileEx.NTDLL ref: 00007FF6ACBBE7B6
RtlNtStatusToDosError.NTDLL ref: 00007FF6ACBBE7DC

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: CancelErrorFileStatus
String ID:
API String ID: 1267829034-0
Opcode ID: a762e331ed67c7348a26fc482eaa1702f3dd36c8ddb11ce2b57304c1506f9c36
Instruction ID: bdd19808e1e30b9b97e5478a3d2b0a53154ab41018561a03d9efdd584c413f07
Opcode Fuzzy Hash: a762e331ed67c7348a26fc482eaa1702f3dd36c8ddb11ce2b57304c1506f9c36
Instruction Fuzzy Hash: C421907261AF81C6EB608B28F4943A933E4F714758F208136C29D877A1DF7DD19AC340

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACC47054 Relevance: 3.0, Strings: 2, Instructions: 489COMMON

Download Yara Rule

Strings

called `Option::unwrap()` on a `None` value, xrefs: 00007FF6ACC47808
a non-empty list of numbers, xrefs: 00007FF6ACC47822

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID:
String ID: a non-empty list of numbers$called `Option::unwrap()` on a `None` value
API String ID: 0-3390434519
Opcode ID: 2054494f13c5c23bd34d1806572eb551626805c536d1b25ece93df518e12a617
Instruction ID: ed6afc851f714778cccb33f2e17757d22576e0189944249b0adaacbfbe756caf
Opcode Fuzzy Hash: 2054494f13c5c23bd34d1806572eb551626805c536d1b25ece93df518e12a617
Instruction Fuzzy Hash: AF22BE22A0ABA1C1EB249B11E6483BE77B5FB85B84F548135DE8E87795DF3DE481C300

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACC4C655 Relevance: 2.7, APIs: 2, Instructions: 238COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140 ref: 00007FF6ACC4C72E
memset.VCRUNTIME140 ref: 00007FF6ACC4C7B1

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: memcpymemset
String ID:
API String ID: 1297977491-0
Opcode ID: 7a9e58250e2ce82eafcfefc91d00e9991f7facf7d5f9c74f1e3c3e36c766a83f
Instruction ID: e06ff98b3e18735c5dd1006935e4da67549f75a0efdb4753e6ea594642366fcc
Opcode Fuzzy Hash: 7a9e58250e2ce82eafcfefc91d00e9991f7facf7d5f9c74f1e3c3e36c766a83f
Instruction Fuzzy Hash: D5910663B1AB8182EE158B2596091B9AB60FB95BE0F049736DEAF477E5DF3CD141C300

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACBDC38E Relevance: 1.6, APIs: 1, Instructions: 98windowCOMMON

Download Yara Rule

APIs

DecryptMessage.SECUR32 ref: 00007FF6ACBDC408

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: DecryptMessage
String ID:
API String ID: 1433999834-0
Opcode ID: 9d004acff8470b8ffa0d5f888b232eed4e3cd1735776fb2692d1c5fca908f57a
Instruction ID: e1c4eb6bed7083ae7019b278cab63ec1818a1b2521c1b18d49b84adef5c393c1
Opcode Fuzzy Hash: 9d004acff8470b8ffa0d5f888b232eed4e3cd1735776fb2692d1c5fca908f57a
Instruction Fuzzy Hash: 5741EF7261A7C28AEB5ACF64D5943EEB7A0F749788F148139DB9D83640CF39E4A48700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACC2E3E0 Relevance: 1.6, Strings: 1, Instructions: 326COMMON

Download Yara Rule

Strings

/rustc/cc66ad468955717ab92600c770da8c1601a4ff33\library\core\src\sync\atomic.rsthere is no such thing as an acquire store, xrefs: 00007FF6ACC2E82B

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID:
String ID: /rustc/cc66ad468955717ab92600c770da8c1601a4ff33\library\core\src\sync\atomic.rsthere is no such thing as an acquire store
API String ID: 0-834858101
Opcode ID: 4a510fbd3437066661dca5315316aba404f17ccd85ad443e635313b53c5eed6c
Instruction ID: ca2b5cee420ed5d856d943377ee40e25ac8c85ec0580575586fe0c4a7faa1c77
Opcode Fuzzy Hash: 4a510fbd3437066661dca5315316aba404f17ccd85ad443e635313b53c5eed6c
Instruction Fuzzy Hash: DBB17752E2EA5641FA25AB25D12027E67B5FF01782F04B679DEBF937D0EE7CE5408200

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACB88630 Relevance: 1.5, Strings: 1, Instructions: 261COMMON

Download Yara Rule

Strings

/rustc/cc66ad468955717ab92600c770da8c1601a4ff33\library\core\src\sync\atomic.rsthere is no such thing as an acquire store, xrefs: 00007FF6ACB88684

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID:
String ID: /rustc/cc66ad468955717ab92600c770da8c1601a4ff33\library\core\src\sync\atomic.rsthere is no such thing as an acquire store
API String ID: 0-834858101
Opcode ID: e7892b8fbaa7862d8f33034e316b4f5775103a5494cb820caf08f3486a1274f0
Instruction ID: 30dc7f26af09c972a539cdc972aef63c6bc73f52b2ab2de533b9ce88a7e7f4e8
Opcode Fuzzy Hash: e7892b8fbaa7862d8f33034e316b4f5775103a5494cb820caf08f3486a1274f0
Instruction Fuzzy Hash: 5491F632A0A76783EA518B35A904A7977E5BB16B94F599530CE5DD33D0EE3FD842C300

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACC4AA73 Relevance: 1.5, APIs: 1, Instructions: 252COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140 ref: 00007FF6ACC4AB45

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: memcpy
String ID:
API String ID: 3510742995-0
Opcode ID: 16eea2d4c2f7776062dcee6afb7e10b8a41fa1ec2311067b2bea318473f3c50b
Instruction ID: 8ea24c3d42284236dd1dcbf6992100a2b0d5d1b06cf1b45373233c33dbcc5b06
Opcode Fuzzy Hash: 16eea2d4c2f7776062dcee6afb7e10b8a41fa1ec2311067b2bea318473f3c50b
Instruction Fuzzy Hash: E391FF62B1ABC582EA118B2995081B96B60AB96FF4B448735DFBF677D1DF3CD181C300

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACB82B10 Relevance: .6, Instructions: 553COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9984a555d7789c99f7a3ffbd2ce8c31e4900e8d1fa33da80aece53bf1a1c9833
Instruction ID: c00949ca5f41a2a33fe3a9cba97a2720af662eacd988fbf6e7f2ba8bcb351c5b
Opcode Fuzzy Hash: 9984a555d7789c99f7a3ffbd2ce8c31e4900e8d1fa33da80aece53bf1a1c9833
Instruction Fuzzy Hash: F2223813E19BF645F7129B3C9802AB96760BF5B7D8F049335EE9992AD6CF39D2418300

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACC1EA00 Relevance: .2, Instructions: 233COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d61486f4cdbb292a2aa475f0c0ce9b4e3a08cde41203a3d535657f797c88bb0b
Instruction ID: faad3a9dbe643474c769c9ee3caa27f5c66d9d4113be418104714bfbdc3c0055
Opcode Fuzzy Hash: d61486f4cdbb292a2aa475f0c0ce9b4e3a08cde41203a3d535657f797c88bb0b
Instruction Fuzzy Hash: E3913922E1F6C241FB74872AA619BBA67B1EF50784F040139DE9BC39D5DE6DE185C310

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACC21000 Relevance: .2, Instructions: 208COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ae6372e742fb5253c66d5b50757d8133e61a56540ee1848dd89ddde3ec23f4c2
Instruction ID: 1c2db033f3532003fd35efeddffd366ea7303246ec371a4e4904164831d7cc57
Opcode Fuzzy Hash: ae6372e742fb5253c66d5b50757d8133e61a56540ee1848dd89ddde3ec23f4c2
Instruction Fuzzy Hash: D2615622E1DB9641E364A719A42037EBAB0B7857A0F105275EFAF83BD9DE3CD811D740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACC12D10 Relevance: .2, Instructions: 169COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 808f8ae11855f427b03934c7ee154fade109c355c1ccf68a216d46c519f14f20
Instruction ID: 508ee3a3002bf19fccf5a9e76f3d12d8790dfb9fa2a9335b6191aa1cde617df3
Opcode Fuzzy Hash: 808f8ae11855f427b03934c7ee154fade109c355c1ccf68a216d46c519f14f20
Instruction Fuzzy Hash: DB51D226A0D65586EB70CB1AA44067ABBA0FB89795F004136EF8F97794EF3CD441CB10

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACC18DB1 Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a63fa806a5f5e913a76727bde8e2d6bf7cb1a347420100579dbcea14d2e888f6
Instruction ID: 090355aa1edfe1b8d7b20d3b35dfcbf003d1ce5207ec81bbf1fbcdcb4d405c25
Opcode Fuzzy Hash: a63fa806a5f5e913a76727bde8e2d6bf7cb1a347420100579dbcea14d2e888f6
Instruction Fuzzy Hash: 7321377BA342544B9386EF2BB904A06B751B7D0B99F09E020FE1AD7B01D139DD52CB84

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACC18CB9 Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 554d77e9e93ff7b45652bf6dad61402579141d4dcebaf3a2992a6e7da36c079c
Instruction ID: cc5af6971bcfbc2695d639f70a6e016c67b03ec3ee3a0bbf567886161a415e2d
Opcode Fuzzy Hash: 554d77e9e93ff7b45652bf6dad61402579141d4dcebaf3a2992a6e7da36c079c
Instruction Fuzzy Hash: 8E21F37793926817A3569F2EB900A46BE94B308BA8F59F01DFE07A3701E134DD868780

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACC30820 Relevance: 15.2, APIs: 10, Instructions: 152fileCOMMON

Download Yara Rule

APIs

memset.VCRUNTIME140 ref: 00007FF6ACC3086C
ReadFileEx.KERNEL32 ref: 00007FF6ACC308BD
SleepEx.KERNEL32 ref: 00007FF6ACC308F1
WriteFileEx.KERNEL32 ref: 00007FF6ACC30979
SleepEx.KERNEL32 ref: 00007FF6ACC3099A
ReadFileEx.KERNEL32 ref: 00007FF6ACC30A00
GetLastError.KERNEL32 ref: 00007FF6ACC30A0E
GetLastError.KERNEL32 ref: 00007FF6ACC30A15
CloseHandle.KERNEL32 ref: 00007FF6ACC30A2B
CloseHandle.KERNEL32 ref: 00007FF6ACC30A34

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: File$CloseErrorHandleLastReadSleep$Writememset
String ID:
API String ID: 2218894433-0
Opcode ID: cfdcf6df0bb07d978be3f88b081d220ffb7fce4622b0134a688665022c73c042
Instruction ID: 46e5a1c6f61daf591ee00df8428df65ab38933f10ea8831de65955d3342eae6d
Opcode Fuzzy Hash: cfdcf6df0bb07d978be3f88b081d220ffb7fce4622b0134a688665022c73c042
Instruction Fuzzy Hash: 8E617322605AC299E7319F25EC04BFAB774FB44798F444232EE594ABD8CF78D286D700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACC2E9E0 Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 280COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32 ref: 00007FF6ACC2E9F1
DuplicateHandle.KERNEL32 ref: 00007FF6ACC2EA1C
CloseHandle.KERNEL32 ref: 00007FF6ACC2EAEA
GetLastError.KERNEL32 ref: 00007FF6ACC2EBB0

Strings

cannot access a Thread Local Storage value during or after destruction/rustc/cc66ad468955717ab92600c770da8c1601a4ff33\library\std\src\thread\local.rs, xrefs: 00007FF6ACC2EF36, 00007FF6ACC2EF64
failed to spawn thread, xrefs: 00007FF6ACC2EE98
/rustc/cc66ad468955717ab92600c770da8c1601a4ff33\library\core\src\sync\atomic.rsthere is no such thing as an acquire store, xrefs: 00007FF6ACC2EEE7

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: Handle$CloseCurrentDuplicateErrorLastProcess
String ID: /rustc/cc66ad468955717ab92600c770da8c1601a4ff33\library\core\src\sync\atomic.rsthere is no such thing as an acquire store$cannot access a Thread Local Storage value during or after destruction/rustc/cc66ad468955717ab92600c770da8c1601a4ff33\library\std\src\thread\local.rs$failed to spawn thread
API String ID: 3328748953-2900089146
Opcode ID: 231bf67785bbef2f382d3e07b522e4cf65eb164b8d70b8e51fc0afbd45bad0da
Instruction ID: e982e165b52ca1e4e8b4cb0f29e95a427ce6f1fb73ed9433a3dd86cfca45e55e
Opcode Fuzzy Hash: 231bf67785bbef2f382d3e07b522e4cf65eb164b8d70b8e51fc0afbd45bad0da
Instruction Fuzzy Hash: 30D1AE32A0AB8289F711AF24D8503F937B4EB54799F445179EA4E93B96DF3CE185C340

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACC0C4C3 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 208encryptionCOMMON

Download Yara Rule

APIs

CertDuplicateCertificateContext.CRYPT32 ref: 00007FF6ACC0C636
CertOpenStore.CRYPT32 ref: 00007FF6ACC0C66A
CertFreeCertificateContext.CRYPT32 ref: 00007FF6ACC0C6B9
CertFreeCertificateContext.CRYPT32 ref: 00007FF6ACC0D223

Strings

invalid minimum TLS version for backendinvalid maximum TLS version for backendClient::new(), xrefs: 00007FF6ACC0D1F3
cannot access a Thread Local Storage value during or after destruction/rustc/cc66ad468955717ab92600c770da8c1601a4ff33\library\std\src\thread\local.rs, xrefs: 00007FF6ACC0D15F

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: Cert$CertificateContext$Free$DuplicateOpenStore
String ID: cannot access a Thread Local Storage value during or after destruction/rustc/cc66ad468955717ab92600c770da8c1601a4ff33\library\std\src\thread\local.rs$invalid minimum TLS version for backendinvalid maximum TLS version for backendClient::new()
API String ID: 3431705244-3739867826
Opcode ID: 67e3aaad2d8da3e23e1d658c579bc9b5687412ea194c111d92ac7c18654e0c33
Instruction ID: 42d226bfb48ee7c60883962bd048761630c3278e3ea851ccd6d2bb4a718f79e0
Opcode Fuzzy Hash: 67e3aaad2d8da3e23e1d658c579bc9b5687412ea194c111d92ac7c18654e0c33
Instruction Fuzzy Hash: 65B15D6690EAC285E671DB15E4553FAA3B0FB85744F404032DB8E87BAADF3CE585CB01

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACC4507D Relevance: 10.8, APIs: 2, Strings: 5, Instructions: 313COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140 ref: 00007FF6ACC451FD
memcpy.VCRUNTIME140 ref: 00007FF6ACC454A4

Strings

://assertion failed: !self.serialization[scheme_end_as_usize..].starts_with(\"://\"), xrefs: 00007FF6ACC45230, 00007FF6ACC454D4
:/., xrefs: 00007FF6ACC4514E
assertion failed: self.is_char_boundary(idx), xrefs: 00007FF6ACC45105
assertion failed: self.is_char_boundary(n)/rustc/cc66ad468955717ab92600c770da8c1601a4ff33\library\alloc\src\string.rs, xrefs: 00007FF6ACC451B2
/rustc/cc66ad468955717ab92600c770da8c1601a4ff33\library\core\src\sync\atomic.rsthere is no such thing as an acquire store, xrefs: 00007FF6ACC45372

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: memcpy
String ID: /rustc/cc66ad468955717ab92600c770da8c1601a4ff33\library\core\src\sync\atomic.rsthere is no such thing as an acquire store$:/.$://assertion failed: !self.serialization[scheme_end_as_usize..].starts_with(\"://\")$assertion failed: self.is_char_boundary(idx)$assertion failed: self.is_char_boundary(n)/rustc/cc66ad468955717ab92600c770da8c1601a4ff33\library\alloc\src\string.rs
API String ID: 3510742995-1365945519
Opcode ID: cf61f552e343efa2f1f01d5a32ba86f6913f56c42d802484bea280dbaebf991c
Instruction ID: 90c6b910d0dcd1bb95d7efe23cf6b130487a423d7f8cc79e729e865fcd33caec
Opcode Fuzzy Hash: cf61f552e343efa2f1f01d5a32ba86f6913f56c42d802484bea280dbaebf991c
Instruction Fuzzy Hash: 35D1A276A0AB8695EA20DF52A5086BA7775FB45BC0F408136DE8F87B96DF3CE144C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACC32230 Relevance: 10.7, APIs: 6, Strings: 1, Instructions: 209COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(000006E4,?,00000264,00007FF6ACC27AA3), ref: 00007FF6ACC3230D
memcpy.VCRUNTIME140(000006E4,?,00000264,00007FF6ACC27AA3), ref: 00007FF6ACC3236F
memcpy.VCRUNTIME140(000006E4,?,00000264,00007FF6ACC27AA3), ref: 00007FF6ACC323A3
memcpy.VCRUNTIME140(000006E4,?,00000264,00007FF6ACC27AA3), ref: 00007FF6ACC323DA
memcpy.VCRUNTIME140(000006E4,?,00000264,00007FF6ACC27AA3), ref: 00007FF6ACC32400
memcpy.VCRUNTIME140 ref: 00007FF6ACC32504

Strings

assertion failed: new_left_len <= CAPACITY, xrefs: 00007FF6ACC325F5

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: memcpy
String ID: assertion failed: new_left_len <= CAPACITY
API String ID: 3510742995-3316943531
Opcode ID: eb9f4d3c5d542daa5d20565f0bd95ecb8b285ca76a18f884477bfc35b6d38fe5
Instruction ID: eb52d6e9351fca02787886de22d1638f7e21cd7f3ca886e9edcc3da375056972
Opcode Fuzzy Hash: eb9f4d3c5d542daa5d20565f0bd95ecb8b285ca76a18f884477bfc35b6d38fe5
Instruction Fuzzy Hash: 3CA1B222A25BC482DA05DF19E4407EAB7B8FB98B94F499236DF5D53361EF38E251C300

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACC22BB0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 150COMMON

Download Yara Rule

APIs

SetLastError.KERNEL32 ref: 00007FF6ACC22C9A
GetFinalPathNameByHandleW.KERNEL32 ref: 00007FF6ACC22CB0
GetLastError.KERNEL32 ref: 00007FF6ACC22CBD
GetLastError.KERNEL32 ref: 00007FF6ACC22CD6
GetLastError.KERNEL32 ref: 00007FF6ACC22D67

Strings

internal error: entered unreachable codeC:\Users\rt-dev\.cargo\registry\src\index.crates.io-6f17d22bba15001f\tokio-1.37.0\src\sync\notify.rs, xrefs: 00007FF6ACC22D89

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: ErrorLast$FinalHandleNamePath
String ID: internal error: entered unreachable codeC:\Users\rt-dev\.cargo\registry\src\index.crates.io-6f17d22bba15001f\tokio-1.37.0\src\sync\notify.rs
API String ID: 1636761289-1553992548
Opcode ID: f61dcedb8980cfcc33298db4e36787153c4f5a564f5b520408ba084e24210733
Instruction ID: 6bd5328a97dfe0f058f79264b1d143d6810309454f07eb3894c6d02854224eec
Opcode Fuzzy Hash: f61dcedb8980cfcc33298db4e36787153c4f5a564f5b520408ba084e24210733
Instruction Fuzzy Hash: BB51D122A0ABC149FB369F21DC187F92264BB54BA8F405671DE5ED77C5EF78D281C200

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACC32A80 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 103COMMON

Download Yara Rule

APIs

QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,00000000,?,00007FF6ACBC5DB4,?,?,00000002,?,0000029714063F30,?,00007FFA322DADA0), ref: 00007FF6ACC32A9F
QueryPerformanceFrequency.KERNEL32(?,?,?,?,?,?,00000000,?,00007FF6ACBC5DB4,?,?,00000002,?,0000029714063F30,?,00007FFA322DADA0), ref: 00007FF6ACC32AC9
GetLastError.KERNEL32(?,?,?,?,?,?,00000000,?,00007FF6ACBC5DB4,?,?,00000002,?,0000029714063F30,?,00007FFA322DADA0), ref: 00007FF6ACC32B78
GetLastError.KERNEL32(?,?,?,?,?,?,00000000,?,00007FF6ACBC5DB4,?,?,00000002,?,0000029714063F30,?,00007FFA322DADA0), ref: 00007FF6ACC32BB3

Strings

attempt to divide by zero, xrefs: 00007FF6ACC32B5E
called `Result::unwrap()` on an `Err` value, xrefs: 00007FF6ACC32B95, 00007FF6ACC32BD0

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: ErrorLastPerformanceQuery$CounterFrequency
String ID: attempt to divide by zero$called `Result::unwrap()` on an `Err` value
API String ID: 2984914903-3035377958
Opcode ID: 707e6246089662efa25883928daa96037e4e597e3984871ddf0c1e24ef47b402
Instruction ID: 698ec505445c8208ca438ff597199ad5ae5a4675fe5078fd627bb9546649ce5e
Opcode Fuzzy Hash: 707e6246089662efa25883928daa96037e4e597e3984871ddf0c1e24ef47b402
Instruction Fuzzy Hash: CF41C061F06B4795FF149FA1A8042F9A3B5AB84788F408536C95F93B95EF3CE246C340

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACBDCDAA Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 99encryptionCOMMON

Download Yara Rule

APIs

CertFreeCertificateChain.CRYPT32 ref: 00007FF6ACBDCEEA

Part of subcall function 00007FF6ACC17311: CertDuplicateCertificateChain.CRYPT32 ref: 00007FF6ACC17346

Part of subcall function 00007FF6ACC173C2: CertDuplicateCertificateContext.CRYPT32 ref: 00007FF6ACC173F3

CertFreeCertificateChain.CRYPT32 ref: 00007FF6ACBDCEC5

Part of subcall function 00007FF6ACC17B36: CertEnumCertificatesInStore.CRYPT32 ref: 00007FF6ACC17B57
Part of subcall function 00007FF6ACC17B36: CertDuplicateCertificateContext.CRYPT32 ref: 00007FF6ACC17B68

CertFreeCertificateContext.CRYPT32 ref: 00007FF6ACBDCE73
CertFreeCertificateContext.CRYPT32 ref: 00007FF6ACBDCE99
CertFreeCertificateChain.CRYPT32 ref: 00007FF6ACBDCEA6

Strings

unable to find any user-specified roots in the final cert chainC:\Users\rt-dev\.cargo\registry\src\index.crates.io-6f17d22bba15001f\tokio-util-0.7.10\src\util\poll_buf.rs, xrefs: 00007FF6ACBDCED0

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: Cert$Certificate$Free$ChainContext$Duplicate$CertificatesEnumStore
String ID: unable to find any user-specified roots in the final cert chainC:\Users\rt-dev\.cargo\registry\src\index.crates.io-6f17d22bba15001f\tokio-util-0.7.10\src\util\poll_buf.rs
API String ID: 3153740760-4114968074
Opcode ID: 47a47e064ffe698cf00033ed5eec993d32252bb4628a67f9e3edfd2080e1a07b
Instruction ID: 26d51ab02ad921518ddda59bda6fbfefd55bcb39a256232e1fae8bdaa2ad817c
Opcode Fuzzy Hash: 47a47e064ffe698cf00033ed5eec993d32252bb4628a67f9e3edfd2080e1a07b
Instruction Fuzzy Hash: 71310822B0E662C2EA11EB16E81077A63A4FB8ABD4F548031EE4EC7755DE3DE481C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACBAE2DD Relevance: 9.3, APIs: 4, Strings: 2, Instructions: 311COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140 ref: 00007FF6ACBAE3E7
memcpy.VCRUNTIME140 ref: 00007FF6ACBAE400
CloseHandle.KERNEL32 ref: 00007FF6ACBAEA05

Strings

/rustc/cc66ad468955717ab92600c770da8c1601a4ff33\library\core\src\sync\atomic.rsthere is no such thing as an acquire store, xrefs: 00007FF6ACBAE593
`async fn` resumed after completionC:\Users\rt-dev\.cargo\registry\src\index.crates.io-6f17d22bba15001f\reqwest-0.11.27\src\async_impl\response.rs, xrefs: 00007FF6ACBAE760

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: memcpy$CloseHandle
String ID: /rustc/cc66ad468955717ab92600c770da8c1601a4ff33\library\core\src\sync\atomic.rsthere is no such thing as an acquire store$`async fn` resumed after completionC:\Users\rt-dev\.cargo\registry\src\index.crates.io-6f17d22bba15001f\reqwest-0.11.27\src\async_impl\response.rs
API String ID: 2153058950-3491672885
Opcode ID: daf046ecf36cb220b7958f9b91bc749f1121056b53b18375e0d677f7899fed90
Instruction ID: 06083722f1ddcf33172e1a7c4fed2bf508676f9bf1ed49d55cf3571dd8421735
Opcode Fuzzy Hash: daf046ecf36cb220b7958f9b91bc749f1121056b53b18375e0d677f7899fed90
Instruction Fuzzy Hash: 39F1A422A0ABD281E751CF24D0453FD6360FB96B48F485132DF8D9B6AAEF39E595C310

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACBF0843 Relevance: 9.3, APIs: 3, Strings: 3, Instructions: 253COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140 ref: 00007FF6ACBF0CF7

Part of subcall function 00007FF6ACB81635: memcpy.VCRUNTIME140 ref: 00007FF6ACB8169F

Part of subcall function 00007FF6ACC4161F: memcpy.VCRUNTIME140(?,?,?,?,00007FF6ACB81734), ref: 00007FF6ACC41649

Strings

authority implies host, xrefs: 00007FF6ACBF0EF0, 00007FF6ACBF0F6A, 00007FF6ACBF0F87
/rustc/cc66ad468955717ab92600c770da8c1601a4ff33\library\core\src\sync\atomic.rsthere is no such thing as an acquire store, xrefs: 00007FF6ACBF0FCE
User-Agent: Proxy-Authorization: , xrefs: 00007FF6ACBF0ECB

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: memcpy
String ID: authority implies host$/rustc/cc66ad468955717ab92600c770da8c1601a4ff33\library\core\src\sync\atomic.rsthere is no such thing as an acquire store$User-Agent: Proxy-Authorization:
API String ID: 3510742995-1880463825
Opcode ID: 8c1b592e68af74c4f087558df8dd06d64824b8558a0b8519afe65661777e18fd
Instruction ID: efc7af06f8d155a096a2b51f6fba0f1d546a4d50a158b5d8ea28de6413ba7b73
Opcode Fuzzy Hash: 8c1b592e68af74c4f087558df8dd06d64824b8558a0b8519afe65661777e18fd
Instruction Fuzzy Hash: 0CE1C06260ABC5C4E751DF24E4007EA33A4FB96B48F085136DE8D8B39ADF39D198C361

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACC20850 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 281windowCOMMON

Download Yara Rule

APIs

memset.VCRUNTIME140 ref: 00007FF6ACC20895
GetModuleHandleW.KERNEL32 ref: 00007FF6ACC208AF
FormatMessageW.KERNEL32 ref: 00007FF6ACC208F5
GetLastError.KERNEL32 ref: 00007FF6ACC209FC

Strings

NTDLL.DLL, xrefs: 00007FF6ACC208A8

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: ErrorFormatHandleLastMessageModulememset
String ID: NTDLL.DLL
API String ID: 1434010500-1613819793
Opcode ID: 48e3c456626a09961e094bd27170baafb8e0ecc0a41bf8a04827ff537b6128d1
Instruction ID: 02d4fbc660bb900358ad024ac9c24857282ec25201459bf57347e6fb139ef9cc
Opcode Fuzzy Hash: 48e3c456626a09961e094bd27170baafb8e0ecc0a41bf8a04827ff537b6128d1
Instruction Fuzzy Hash: 4EC19D72A0ABC298F7319F21D8543F962B1FB44384F449132DA8E86AD9EF7CD685D340

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACC26E90 Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 217COMMON

Download Yara Rule

APIs

freeaddrinfo.WS2_32(?,?,?,?,?,00007FF6ACBA7D9D), ref: 00007FF6ACC26EFE
freeaddrinfo.WS2_32(?,?,?,?,?,?,?,?,?,?,00007FF6ACBA7D9D), ref: 00007FF6ACC270DD
freeaddrinfo.WS2_32 ref: 00007FF6ACC271DC

Strings

assertion failed: len as usize >= mem::size_of::<c::sockaddr_in>()library\std\src\sys_common\net.rs, xrefs: 00007FF6ACC27132, 00007FF6ACC2716A
assertion failed: len as usize >= mem::size_of::<c::sockaddr_in6>(), xrefs: 00007FF6ACC2714C, 00007FF6ACC27188

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: freeaddrinfo
String ID: assertion failed: len as usize >= mem::size_of::<c::sockaddr_in6>()$assertion failed: len as usize >= mem::size_of::<c::sockaddr_in>()library\std\src\sys_common\net.rs
API String ID: 2731292433-3350695673
Opcode ID: e1734dd83146a8e6857f81375d2294116001e50f4a49cd74727950279abcf6ef
Instruction ID: bc6b3da86c8525497244df04b4edac9bdcae88b48015f4181a43615f6c389f08
Opcode Fuzzy Hash: e1734dd83146a8e6857f81375d2294116001e50f4a49cd74727950279abcf6ef
Instruction Fuzzy Hash: 1F91F0A2A16B91CAF7109B55D8403BE7BB1FB88B54F009235DE4EA3794DF38E486C340

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACC384D1 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 102synchronizationCOMMON

Download Yara Rule

APIs

WaitForSingleObject.KERNEL32 ref: 00007FF6ACC384FB
CloseHandle.KERNEL32 ref: 00007FF6ACC3850D
GetLastError.KERNEL32 ref: 00007FF6ACC38592
CloseHandle.KERNEL32 ref: 00007FF6ACC38623

Strings

called `Option::unwrap()` on a `None` value, xrefs: 00007FF6ACC3857E, 00007FF6ACC385E8

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: CloseHandle$ErrorLastObjectSingleWait
String ID: called `Option::unwrap()` on a `None` value
API String ID: 1454876536-836832528
Opcode ID: ec50250fc34559c0a0dbd7da8603366b11533036b39759623fe4ae03724665ec
Instruction ID: 99e54cffae429cb0e7b102ddd1151d6a9976c71748209f7ebaff83c2eb42358d
Opcode Fuzzy Hash: ec50250fc34559c0a0dbd7da8603366b11533036b39759623fe4ae03724665ec
Instruction Fuzzy Hash: F8417C76A06B0194EA14DB55E9403B863B0FB84BA8F548232DE6E877E0DF38D596C340

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACC1B050 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 91COMMON

Download Yara Rule

Strings

NtReleaseKeyedEvent, xrefs: 00007FF6ACC1B167
ntdll, xrefs: 00007FF6ACC1B155

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID:
String ID: NtReleaseKeyedEvent$ntdll
API String ID: 0-31681898
Opcode ID: a567fd50c8d08fc4c8eb161df846d1f761bab90004072304b016d2adf71c5d20
Instruction ID: 64a8dbb86861cb6ec2181186337d9dc8e9d09f9f7f85d5b208d9633665b9b2c0
Opcode Fuzzy Hash: a567fd50c8d08fc4c8eb161df846d1f761bab90004072304b016d2adf71c5d20
Instruction Fuzzy Hash: 6131DE65B0AA1681EA10CB1AB850A696370AF84BB0F504331ED2E83BE4DF3CD0478B00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACC1ACF0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 63libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32 ref: 00007FF6ACC1AD7B
GetProcAddress.KERNEL32 ref: 00007FF6ACC1AD90

Strings

NtCreateKeyedEvent, xrefs: 00007FF6ACC1AD86
ntdll, xrefs: 00007FF6ACC1AD74
/rustc/cc66ad468955717ab92600c770da8c1601a4ff33\library\core\src\sync\atomic.rsthere is no such thing as an acquire store, xrefs: 00007FF6ACC1AD15

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: AddressHandleModuleProc
String ID: /rustc/cc66ad468955717ab92600c770da8c1601a4ff33\library\core\src\sync\atomic.rsthere is no such thing as an acquire store$NtCreateKeyedEvent$ntdll
API String ID: 1646373207-2790318539
Opcode ID: a5347214d85c3647f201fd8e346d779beb2b3e12b2c1efb5dfab75c5c85bd4d8
Instruction ID: 73a3f9d77ad3bd18d65490884a5758d2a5df387aa17ebb567b4e110cce74dd92
Opcode Fuzzy Hash: a5347214d85c3647f201fd8e346d779beb2b3e12b2c1efb5dfab75c5c85bd4d8
Instruction Fuzzy Hash: C8118426F16F0594EB00DB61AC446E86374BB58B54F849235DD5E93BA4EF3CE586C300

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACBEA282 Relevance: 7.9, APIs: 4, Strings: 1, Instructions: 374COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140 ref: 00007FF6ACBEB4D8
memcpy.VCRUNTIME140 ref: 00007FF6ACBEC632

Strings

/rustc/cc66ad468955717ab92600c770da8c1601a4ff33\library\core\src\sync\atomic.rsthere is no such thing as an acquire store, xrefs: 00007FF6ACBEBEB3, 00007FF6ACBEC7A5

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: memcpy
String ID: /rustc/cc66ad468955717ab92600c770da8c1601a4ff33\library\core\src\sync\atomic.rsthere is no such thing as an acquire store
API String ID: 3510742995-834858101
Opcode ID: cafc5fb9f2b092274a617de26ba41a332971c2cef7cf13d6ae8fa01f65324acc
Instruction ID: 26fdf255134e59a6a4dcffbda47f7ca1b3bca530d568a9f7ebd4aef3f2715559
Opcode Fuzzy Hash: cafc5fb9f2b092274a617de26ba41a332971c2cef7cf13d6ae8fa01f65324acc
Instruction Fuzzy Hash: CC22063661DAC18AE7718B25E0803EEBBA0FB9A740F445126EAC987B59DF7DD144CF10

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACBEA540 Relevance: 7.8, APIs: 4, Strings: 1, Instructions: 331COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140 ref: 00007FF6ACBEBA20
memcpy.VCRUNTIME140 ref: 00007FF6ACBEC632

Strings

/rustc/cc66ad468955717ab92600c770da8c1601a4ff33\library\core\src\sync\atomic.rsthere is no such thing as an acquire store, xrefs: 00007FF6ACBEBF24, 00007FF6ACBEC873

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: memcpy
String ID: /rustc/cc66ad468955717ab92600c770da8c1601a4ff33\library\core\src\sync\atomic.rsthere is no such thing as an acquire store
API String ID: 3510742995-834858101
Opcode ID: 29b466d26cac4db982d9cf23db74788af7ffe87f3f4394559eb03488d92ec0a5
Instruction ID: 1fe21539f7d2378c03ea57cb94fbf92582a8adfccbcbd3985b76540144c5d65f
Opcode Fuzzy Hash: 29b466d26cac4db982d9cf23db74788af7ffe87f3f4394559eb03488d92ec0a5
Instruction Fuzzy Hash: 4E02033661DAC18AE7718B15E0843EAB7A0FB9A740F405126EBCD87B59DF7DD185CB00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACBD03C3 Relevance: 7.7, APIs: 6, Instructions: 191COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140 ref: 00007FF6ACBD05C8
memcpy.VCRUNTIME140 ref: 00007FF6ACBD0601
memcpy.VCRUNTIME140 ref: 00007FF6ACBD068B
memcpy.VCRUNTIME140 ref: 00007FF6ACBD06AD
memcpy.VCRUNTIME140 ref: 00007FF6ACBD06F2

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: memcpy
String ID:
API String ID: 3510742995-0
Opcode ID: 5f5683217565dc29038ee9952d1ce6686fb4ee688ae9143008b532979de9eaa4
Instruction ID: a7910b900e30b1ec9ee511d2a7e593e7fb06fe41d33b475ee81cf52cb45ca025
Opcode Fuzzy Hash: 5f5683217565dc29038ee9952d1ce6686fb4ee688ae9143008b532979de9eaa4
Instruction Fuzzy Hash: D991CC32A09A9591EB219F25E1453FDB360FB9AB88F009131DF8D53696EF39E195C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACBAE1BB Relevance: 7.7, APIs: 6, Instructions: 162COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6ACBBD3B5: memcpy.VCRUNTIME140 ref: 00007FF6ACBBD4BC

memcpy.VCRUNTIME140 ref: 00007FF6ACBAE270

Part of subcall function 00007FF6ACC0F04C: memcpy.VCRUNTIME140 ref: 00007FF6ACC0F06D

memcpy.VCRUNTIME140 ref: 00007FF6ACBAE2AB

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: memcpy
String ID:
API String ID: 3510742995-0
Opcode ID: 0a4510c3f69b3186c255c36e7549a20a264a91f87b761566e538fc77cc539594
Instruction ID: 0fc69e0d63cef44e3b072e8acdc110cc89721f658324d9ef831a109e8fd3b85e
Opcode Fuzzy Hash: 0a4510c3f69b3186c255c36e7549a20a264a91f87b761566e538fc77cc539594
Instruction Fuzzy Hash: B571903270E6D285EB61DB25D4043ED6361EB86B88F484035CE8D8B78ADF2DD156C311

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACC2E941 Relevance: 7.6, APIs: 5, Instructions: 69COMMON

Download Yara Rule

APIs

GetStdHandle.KERNEL32 ref: 00007FF6ACC2E943
GetLastError.KERNEL32 ref: 00007FF6ACC2E95F
GetCurrentProcess.KERNEL32 ref: 00007FF6ACC2EB70
DuplicateHandle.KERNEL32 ref: 00007FF6ACC2EB9B
GetLastError.KERNEL32 ref: 00007FF6ACC2EBB0

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: ErrorHandleLast$CurrentDuplicateProcess
String ID:
API String ID: 3697983210-0
Opcode ID: 2d6da15d7255a9a9023a15f6a24a8e6c8c9c9d2eff47a9d5d96c574274b4ee8a
Instruction ID: 0c4e76146342fb47601560d1cc18b8b16e930616ea9a260742d032b019cddf02
Opcode Fuzzy Hash: 2d6da15d7255a9a9023a15f6a24a8e6c8c9c9d2eff47a9d5d96c574274b4ee8a
Instruction Fuzzy Hash: 2A21B172A0AA4185F720AF21E4593B926B5EB84BE5F445239DA6FD77C4CF3CE4848350

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACBBE1EC Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 134COMMON

Download Yara Rule

APIs

GetWindowSubclass.COMCTL32 ref: 00007FF6ACBBE2AF
RemoveWindowSubclass.COMCTL32 ref: 00007FF6ACBBE2E3

Strings

Parent of hander was either freed or is already unboundlib\native-windows-gui\src\win32\window.rs, xrefs: 00007FF6ACBBE3AE
/rustc/cc66ad468955717ab92600c770da8c1601a4ff33\library\core\src\sync\atomic.rsthere is no such thing as an acquire store, xrefs: 00007FF6ACBBE33A

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: SubclassWindow$Remove
String ID: /rustc/cc66ad468955717ab92600c770da8c1601a4ff33\library\core\src\sync\atomic.rsthere is no such thing as an acquire store$Parent of hander was either freed or is already unboundlib\native-windows-gui\src\win32\window.rs
API String ID: 1478890493-1387618753
Opcode ID: 18681303398a1c4a9dd781ee3fbb7508e39fe8048b32dba51b27d0e0e0e1f94e
Instruction ID: c1dc6f5bdacb96058d2d7ff16631de006c05938328efb7b81f6d0c5997980d26
Opcode Fuzzy Hash: 18681303398a1c4a9dd781ee3fbb7508e39fe8048b32dba51b27d0e0e0e1f94e
Instruction Fuzzy Hash: 4051B172A1AB8581EB10CB56E8407AAB7B0FB85BD4F504236EE9D877A5CF3CD545C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACC266E0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 131COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6ACC26170: AcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF6ACC26715), ref: 00007FF6ACC261EE
Part of subcall function 00007FF6ACC26170: ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF6ACC26715), ref: 00007FF6ACC26296

AcquireSRWLockExclusive.KERNEL32 ref: 00007FF6ACC2677F
ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF6ACC26866

Strings

lock count overflow in reentrant mutexlibrary\std\src\sync\remutex.rs, xrefs: 00007FF6ACC2675E
stdoutstderrlibrary\std\src\io\mod.rs, xrefs: 00007FF6ACC266FD

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: ExclusiveLock$AcquireRelease
String ID: lock count overflow in reentrant mutexlibrary\std\src\sync\remutex.rs$stdoutstderrlibrary\std\src\io\mod.rs
API String ID: 17069307-1592239295
Opcode ID: 38397d8b8f904321c00a2561c683bc7f0bfe374c051fef87d3c5ddbee2010f13
Instruction ID: 5c283c9d7845225aac7ae682a4a903f326eaf1b91f81f9ed8d22481943eaf2da
Opcode Fuzzy Hash: 38397d8b8f904321c00a2561c683bc7f0bfe374c051fef87d3c5ddbee2010f13
Instruction Fuzzy Hash: 0B513C3AA06B4299EB10DB54E8403E937B4FB54758F508136DE4ED3BA9DF38D585C350

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACC269C0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 130COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6ACC26170: AcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF6ACC26715), ref: 00007FF6ACC261EE
Part of subcall function 00007FF6ACC26170: ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF6ACC26715), ref: 00007FF6ACC26296

AcquireSRWLockExclusive.KERNEL32 ref: 00007FF6ACC26A4E
ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF6ACC26B39

Strings

lock count overflow in reentrant mutexlibrary\std\src\sync\remutex.rs, xrefs: 00007FF6ACC26A2D
stderrlibrary\std\src\io\mod.rs, xrefs: 00007FF6ACC269DD

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: ExclusiveLock$AcquireRelease
String ID: lock count overflow in reentrant mutexlibrary\std\src\sync\remutex.rs$stderrlibrary\std\src\io\mod.rs
API String ID: 17069307-3646365866
Opcode ID: 788c16fb9e690fb54048f8c57c810ebf6df13936f2adc5fc6e95a385ac293323
Instruction ID: e048ef45abfdcc5c9c348061685ba120651d753bd09368dd755f4fb5ed444f66
Opcode Fuzzy Hash: 788c16fb9e690fb54048f8c57c810ebf6df13936f2adc5fc6e95a385ac293323
Instruction Fuzzy Hash: 30516C36A06B4299EB10DB64E8443ED37B4FB54758F508136CE4E93B95DF38D58AC350

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACBC2ECD Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 63registryCOMMON

Download Yara Rule

APIs

LoadCursorW.USER32 ref: 00007FF6ACBC2F2E
RegisterClassExW.USER32 ref: 00007FF6ACBC2F6E
GetLastError.KERNEL32 ref: 00007FF6ACBC2F78

Part of subcall function 00007FF6ACBC3B95: memcpy.VCRUNTIME140 ref: 00007FF6ACBC3BC2

Strings

System class creation failedNativeWindowsGuiWindowNWG_FRAMEMessage only window creation failed, xrefs: 00007FF6ACBC2F8C

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: ClassCursorErrorLastLoadRegistermemcpy
String ID: System class creation failedNativeWindowsGuiWindowNWG_FRAMEMessage only window creation failed
API String ID: 3122224758-2417488252
Opcode ID: eb430bab87f9fe6f61e514b190cc8a2e6327f12f20249d857dcefc45b1ae092e
Instruction ID: 27a1c534fa3165f1321fbfbf3b2c936a96c675066707fcd7104f9af7ec265d80
Opcode Fuzzy Hash: eb430bab87f9fe6f61e514b190cc8a2e6327f12f20249d857dcefc45b1ae092e
Instruction Fuzzy Hash: D821B023A0EA5685EA209B05E4443BE76A0F749B88F608134DE8D8B695DF7ED147C740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACC1AC80 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 30libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32 ref: 00007FF6ACC1AC9C
GetProcAddress.KERNEL32 ref: 00007FF6ACC1ACB1

Strings

NtWaitForKeyedEvent, xrefs: 00007FF6ACC1ACA7
ntdll, xrefs: 00007FF6ACC1AC95

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: AddressHandleModuleProc
String ID: NtWaitForKeyedEvent$ntdll
API String ID: 1646373207-2815205136
Opcode ID: 58b145f34404b371388e781a586c08e78053bf23e7d4aa753d1444d1236f7140
Instruction ID: fff0773b64f980f3def766ba49604b90cf79f5ae378111cdcfdd9da543096b1a
Opcode Fuzzy Hash: 58b145f34404b371388e781a586c08e78053bf23e7d4aa753d1444d1236f7140
Instruction Fuzzy Hash: F8F08C20F0BA1291FE15CB5BBD8496066B07F58FD0F849134CC0EA3764EE3DE4868310

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACC1CCD0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 22libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32 ref: 00007FF6ACC1CCE3
GetProcAddress.KERNEL32 ref: 00007FF6ACC1CCF8

Strings

kernel32, xrefs: 00007FF6ACC1CCDC
SetThreadDescription, xrefs: 00007FF6ACC1CCEE

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: AddressHandleModuleProc
String ID: SetThreadDescription$kernel32
API String ID: 1646373207-1950310818
Opcode ID: 447589d55cd255991e542c15f2ffa44f239c1a1a02c5768f32bf985e8b0bff33
Instruction ID: 8d35b9a21c4b33df73a68aec03c7e2a0a295aef1248d47a8fe41d1ff7cf3fb61
Opcode Fuzzy Hash: 447589d55cd255991e542c15f2ffa44f239c1a1a02c5768f32bf985e8b0bff33
Instruction Fuzzy Hash: 57E09A24F0BA6291FE15DB1ABD881B026B0AF48FD0B448034CC0FC3760EE2CE48AC310

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACBD0F8F Relevance: 6.3, APIs: 5, Instructions: 76COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140 ref: 00007FF6ACBD0FEF
memcpy.VCRUNTIME140 ref: 00007FF6ACBD1010
memcpy.VCRUNTIME140 ref: 00007FF6ACBD1061
memcpy.VCRUNTIME140 ref: 00007FF6ACBD1083
memcpy.VCRUNTIME140 ref: 00007FF6ACBD10A8

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: memcpy
String ID:
API String ID: 3510742995-0
Opcode ID: bd6dadba03973d1cba86e55e36f24e40df77354d849c45be221ec7d59860e834
Instruction ID: 810bd818c03417012a761f809d19cb7c3fe1c55c16c339e54bf983c1978993a1
Opcode Fuzzy Hash: bd6dadba03973d1cba86e55e36f24e40df77354d849c45be221ec7d59860e834
Instruction Fuzzy Hash: 9D31D61770EAD151EB22D62695103AEBF74E7A7B80F44C121CF8E4778ADE2DD25AC702

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACC42944 Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 199COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140 ref: 00007FF6ACC42A19

Part of subcall function 00007FF6ACBC6263: memcpy.VCRUNTIME140(?,?,00000000,?,?,?,00000000,00007FF6ACC463A5), ref: 00007FF6ACBC62AF

Strings

fileC:\Users\rt-dev\.cargo\registry\src\index.crates.io-6f17d22bba15001f\url-2.5.0\src\parser.rs, xrefs: 00007FF6ACC4298C
called `Result::unwrap()` on an `Err` value, xrefs: 00007FF6ACC42BB8
/rustc/cc66ad468955717ab92600c770da8c1601a4ff33\library\core\src\sync\atomic.rsthere is no such thing as an acquire store, xrefs: 00007FF6ACC429CB

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: memcpy
String ID: /rustc/cc66ad468955717ab92600c770da8c1601a4ff33\library\core\src\sync\atomic.rsthere is no such thing as an acquire store$called `Result::unwrap()` on an `Err` value$fileC:\Users\rt-dev\.cargo\registry\src\index.crates.io-6f17d22bba15001f\url-2.5.0\src\parser.rs
API String ID: 3510742995-572183596
Opcode ID: bfae673e05a99ca4665476b50f51f99404c3f69701bbc4fe607d42e392d6e6d0
Instruction ID: fdf18e4dcf130aa787bf90df0eafabfebd8083c179dbc1026a80acda8561532f
Opcode Fuzzy Hash: bfae673e05a99ca4665476b50f51f99404c3f69701bbc4fe607d42e392d6e6d0
Instruction Fuzzy Hash: 64610B66B1A74246FA649B12AA097BA77B1BF45BC4F00C035DE4F87B92EE3CE5458300

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACBF2355 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 133COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6ACBA2C8E: memcpy.VCRUNTIME140 ref: 00007FF6ACBA2D39

Part of subcall function 00007FF6ACBA2D4D: memcpy.VCRUNTIME140 ref: 00007FF6ACBA2E54

memcpy.VCRUNTIME140 ref: 00007FF6ACBF24BF
memcpy.VCRUNTIME140 ref: 00007FF6ACBF251D

Strings

called `Result::unwrap()` on an `Err` value, xrefs: 00007FF6ACBF2578
scheme and authority is valid Uri, xrefs: 00007FF6ACBF25AA

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: memcpy
String ID: called `Result::unwrap()` on an `Err` value$scheme and authority is valid Uri
API String ID: 3510742995-1220905182
Opcode ID: e434d12c8d14d1af2b0b0fd371cfa653c08bb791465583965ed4ae06856e0037
Instruction ID: 649d32069f0c0a6fad61de7559823a0911f61c580c1116808c4709fb2fe15d28
Opcode Fuzzy Hash: e434d12c8d14d1af2b0b0fd371cfa653c08bb791465583965ed4ae06856e0037
Instruction Fuzzy Hash: C661B326A0EAC294E7228B54E4103EEB770FB9A354F444022DBCD53B5AEF7DD286C741

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACC02648 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 129COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140 ref: 00007FF6ACC02758
memcpy.VCRUNTIME140 ref: 00007FF6ACC0277A

Strings

`async fn` resumed after completion, xrefs: 00007FF6ACC026A5
Network unreachabletcp connect error, xrefs: 00007FF6ACC02CF2

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: memcpy
String ID: Network unreachabletcp connect error$`async fn` resumed after completion
API String ID: 3510742995-4043785169
Opcode ID: f63b84932a4be735cfaea749fffdf687cc10f076a8f81a1b9d2ff66ed4c60205
Instruction ID: 86845055f888af3d963345497ecb6f9d3f851e4e0c0df309675e7a4bb7f25c29
Opcode Fuzzy Hash: f63b84932a4be735cfaea749fffdf687cc10f076a8f81a1b9d2ff66ed4c60205
Instruction Fuzzy Hash: 9B518E62909BC581E726CF28D4417F97770FB99B48F549222DE8D83256EF39E6C6C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACBAEAAE Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 40windowCOMMON

Download Yara Rule

APIs

SetForegroundWindow.USER32 ref: 00007FF6ACBAEB01
TrackPopupMenu.USER32 ref: 00007FF6ACBAEB21

Strings

Menu is not bound, xrefs: 00007FF6ACBAEAD4

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: ForegroundMenuPopupTrackWindow
String ID: Menu is not bound
API String ID: 2778813987-3411762878
Opcode ID: 4a4eaccf042b8efec5daa6f22e20f2b275354a936b4c07d9890e92215b574630
Instruction ID: b0ddd5d1aed34ac1267ea52ac426bd311c7e5f7795e669921aae8b36a25230eb
Opcode Fuzzy Hash: 4a4eaccf042b8efec5daa6f22e20f2b275354a936b4c07d9890e92215b574630
Instruction Fuzzy Hash: 8701A733A1A65643E711DB12E8447AA67B0FB95B84F508131EF4ED7B85CF3DE9468700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACBF2C6E Relevance: 5.2, APIs: 4, Instructions: 159COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140 ref: 00007FF6ACBF2C7F
memcpy.VCRUNTIME140 ref: 00007FF6ACBF2CA7
memcpy.VCRUNTIME140 ref: 00007FF6ACBF2D8E
memcpy.VCRUNTIME140 ref: 00007FF6ACBF2DA3

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: memcpy
String ID:
API String ID: 3510742995-0
Opcode ID: adfe12f59581b055018262fe8acd9bdd13073195755bab0e5d658b62a3a83485
Instruction ID: ced1db5e4be44862e4ee3e9c780b53f47faee1ede9e2cb52209bd69b759ca220
Opcode Fuzzy Hash: adfe12f59581b055018262fe8acd9bdd13073195755bab0e5d658b62a3a83485
Instruction Fuzzy Hash: C261FE2AA1E6A289E720DB11A0152BDB771FF56784F504031EE8E877C5CF3DD542C742

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACBDE48F Relevance: 5.1, APIs: 4, Instructions: 109COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140 ref: 00007FF6ACBE0189
memcpy.VCRUNTIME140 ref: 00007FF6ACBE01EF
memcpy.VCRUNTIME140 ref: 00007FF6ACBE022C
memcpy.VCRUNTIME140 ref: 00007FF6ACBE0256
memcpy.VCRUNTIME140 ref: 00007FF6ACBE02D6
memcpy.VCRUNTIME140 ref: 00007FF6ACBE03B2
memcpy.VCRUNTIME140 ref: 00007FF6ACBE0416
memcpy.VCRUNTIME140 ref: 00007FF6ACBE0459
memcpy.VCRUNTIME140 ref: 00007FF6ACBE048A
memcpy.VCRUNTIME140 ref: 00007FF6ACBE0514
memcpy.VCRUNTIME140 ref: 00007FF6ACBE0586
memcpy.VCRUNTIME140 ref: 00007FF6ACBE06C8
memcpy.VCRUNTIME140 ref: 00007FF6ACBE0701
memcpy.VCRUNTIME140 ref: 00007FF6ACBE075A
memcpy.VCRUNTIME140 ref: 00007FF6ACBE07BE
memcpy.VCRUNTIME140 ref: 00007FF6ACBE0838
memcpy.VCRUNTIME140 ref: 00007FF6ACBE0886
memcpy.VCRUNTIME140 ref: 00007FF6ACBE08FA
memcpy.VCRUNTIME140 ref: 00007FF6ACBE093F
memcpy.VCRUNTIME140 ref: 00007FF6ACBE099A
memcpy.VCRUNTIME140 ref: 00007FF6ACBE0A1D
memcpy.VCRUNTIME140 ref: 00007FF6ACBE0A3A
memcpy.VCRUNTIME140 ref: 00007FF6ACBE0AC3
memcpy.VCRUNTIME140 ref: 00007FF6ACBE0AFA
memcpy.VCRUNTIME140 ref: 00007FF6ACBE0B5E

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: memcpy
String ID:
API String ID: 3510742995-0
Opcode ID: b0c56ef6956aac930394a18b2b68dcbe68b95f2704c5f62625dbe32f4b33c9b5
Instruction ID: e362268a820c956013455c55628f143ce5f964858763eb94c6bbb4d7fa6a874a
Opcode Fuzzy Hash: b0c56ef6956aac930394a18b2b68dcbe68b95f2704c5f62625dbe32f4b33c9b5
Instruction Fuzzy Hash: C6518032B19AA185EA60DA01E4407AA73B4F786B98F840135DE9D87BD5CF7DD441DB01

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACBD503C Relevance: 5.1, APIs: 4, Instructions: 74COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140 ref: 00007FF6ACBD5065
memcpy.VCRUNTIME140 ref: 00007FF6ACBD50AE
memcpy.VCRUNTIME140 ref: 00007FF6ACBD50D5
memcpy.VCRUNTIME140 ref: 00007FF6ACBD5108

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: memcpy
String ID:
API String ID: 3510742995-0
Opcode ID: da3d694890f05e2d643c2e1e3578548e027a4fa3902514e8c209d8e4b7bc5b0f
Instruction ID: 1efa33f56ec54113e27fc90b07d2f24dd6c81da35c75796f31102b31b37ff513
Opcode Fuzzy Hash: da3d694890f05e2d643c2e1e3578548e027a4fa3902514e8c209d8e4b7bc5b0f
Instruction Fuzzy Hash: 0F31B862719B9142EA65DA35E8143FFA350EB53785F449031CB9F87682DE3EF149C702

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACC0AAA3 Relevance: 5.1, APIs: 4, Instructions: 74COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140 ref: 00007FF6ACC0AACC
memcpy.VCRUNTIME140 ref: 00007FF6ACC0AB15
memcpy.VCRUNTIME140 ref: 00007FF6ACC0AB3C
memcpy.VCRUNTIME140 ref: 00007FF6ACC0AB6F

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: memcpy
String ID:
API String ID: 3510742995-0
Opcode ID: fc2f90bbd0820f02b3f6c871b38498dc77c5f1d84c5a9ed603ab4c8274a6c927
Instruction ID: 964a94719a94883b0ee3418385efaf756c549adb44fc9ff46dd480131613757c
Opcode Fuzzy Hash: fc2f90bbd0820f02b3f6c871b38498dc77c5f1d84c5a9ed603ab4c8274a6c927
Instruction Fuzzy Hash: 3831E862709B9182EA749B35E8107FFA361EB52784F849031DB9F87682DE3DF145C702

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6ACC48AA0 Relevance: 5.1, APIs: 4, Instructions: 63memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(?,?,?,00007FF6ACC1AFF3), ref: 00007FF6ACC48AEA
HeapAlloc.KERNEL32(?,?,?,00007FF6ACC1AFF3), ref: 00007FF6ACC48B08
memcpy.VCRUNTIME140(?,?,00007FF6ACC1AFF3), ref: 00007FF6ACC48B38
HeapFree.KERNEL32(?,?,00007FF6ACC1AFF3), ref: 00007FF6ACC48B4A

Memory Dump Source

Source File: 0000000B.00000002.16254171276.00007FF6ACB81000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6ACB80000, based on PE: true

Associated: 0000000B.00000002.16254140045.00007FF6ACB80000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254373691.00007FF6ACC4F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254507297.00007FF6ACCBF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000B.00000002.16254546063.00007FF6ACCC0000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6acb80000_McAfeeStinger.jbxd

Similarity

API ID: Heap$AllocFreeProcessmemcpy
String ID:
API String ID: 3455684755-0
Opcode ID: 2a8c5eb42c71a000e9da381d69874c45f737957d8de9020f182aa77cca6bfed5
Instruction ID: aa1f569cc5d0857f3f26eeab4f125eca649179f253808e1ef24de917702579cf
Opcode Fuzzy Hash: 2a8c5eb42c71a000e9da381d69874c45f737957d8de9020f182aa77cca6bfed5
Instruction Fuzzy Hash: 70119466B0BA5141FA15CBA3AE441B916B1AF88BE0F44C935CD1FC77A0DE3CD1C38200

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://cgigroup.blob.core.windows.net/cgi-protective-monitoring-service/tools/get-stinger.html

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Cryptography

Phishing

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\mcafee.ico

C:\Users\user\AppData\Local\Temp\nwg5202.tmp

C:\Users\user\AppData\Local\Temp\nwg553E.tmp

C:\Users\user\AppData\Local\mcafee-stinger\avvdat.ini

C:\Users\user\Downloads\McAfeeStinger.exe (copy)

C:\Users\user\Downloads\Unconfirmed 115533.crdownload (copy)

C:\Users\user\Downloads\bedb9404-1434-4489-b3f3-9a06b7c9028e.tmp

Static File Info

File Icon

Network Behavior

Snort IDS Alerts

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

Statistics

CPU Usage

Memory Usage

High Level Behavior Distribution

Windows Analysis Report
https://cgigroup.blob.core.windows.net/cgi-protective-monitoring-service/tools/get-stinger.html