Joe Sandbox Cloud Basic Analysis Report
Edit tour

Windows Analysis Report
FQElDjFG5t.exe

Overview

General Information

Sample Name:FQElDjFG5t.exe
Original Sample Name:6b44d99b258c275ee7fcf230da177f3e.exe
Analysis ID:1352543
MD5:6b44d99b258c275ee7fcf230da177f3e
SHA1:833a461f6d479d164b453cc9f5f51259d991b1b7
SHA256:1aecadf489a6dd7a3a6e5dfda9425673a9d04d38a5cb6b0b8f961536c11237ed
Tags:64exeSliver
Infos:

Detection

Sliver
Score:68
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Malicious sample detected (through community Yara rule)
Yara detected Sliver Implants
Potentially malicious time measurement code found
Found inlined nop instructions (likely shell or obfuscated code)
Queries the volume information (name, serial number etc) of a device
Yara signature match
Installs a raw input device (often for capturing keystrokes)
Detected TCP or UDP traffic on non-standard ports
PE file contains sections with non-standard names
Detected potential crypto function
Found potential string decryption / allocating functions
Program does not show much activity (idle)
Contains functionality for execution timing, often used to detect debuggers

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Process Tree

  • System is w10x64
  • FQElDjFG5t.exe (PID: 616 cmdline: C:\Users\user\Desktop\FQElDjFG5t.exe MD5: 6B44D99B258C275EE7FCF230DA177F3E)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
SliverAccording to VK9 Seecurity, Sliver is a Command and Control (C2) system made for penetration testers, red teams, and advanced persistent threats. It generates implants (slivers) that can run on virtually every architecture out there, and securely manage these connections through a central server. Sliver supports multiple callback protocols including DNS, TCP, and HTTP(S) to make egress simple, even when those pesky blue teams block your domains. You can even have multiple operators (players) simultaneously commanding your sliver army.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.sliver

Malware Configuration

No configs have been found

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
FQElDjFG5t.exeMulti_Trojan_Bishopsliver_42298c4aunknownunknown
  • 0xbe9a14:$a1: ).RequestResend
  • 0xbddf49:$a2: ).GetPrivInfo
FQElDjFG5t.exeINDICATOR_TOOL_SliverDetects Sliver implant cross-platform adversary emulation/red teamditekSHen
  • 0x95ded1:$s3: .WGTCPForwarder
  • 0x95e954:$s3: .WGTCPForwarder
  • 0x9602eb:$s3: .WGTCPForwarder
  • 0x960dc0:$s3: .WGTCPForwarder
  • 0x962f7c:$s3: .WGTCPForwarder
  • 0x963c38:$s3: .WGTCPForwarder
  • 0x95a8d0:$s6: .BackdoorReq
  • 0x95de2f:$s7: .ProcessDumpReq
  • 0x960108:$s8: .InvokeSpawnDllReq
  • 0x9563ff:$s9: .SpawnDll
  • 0x95aa08:$s9: .SpawnDll

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.3280051062.000000C00010E000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_SliverYara detected Sliver ImplantsJoe Security
    00000000.00000002.3278823516.0000000000D88000.00000002.00000001.01000000.00000003.sdmpMulti_Trojan_Bishopsliver_42298c4aunknownunknown
    • 0x72c14:$a1: ).RequestResend
    • 0x67149:$a2: ).GetPrivInfo
    00000000.00000000.2020196596.0000000000D88000.00000002.00000001.01000000.00000003.sdmpMulti_Trojan_Bishopsliver_42298c4aunknownunknown
    • 0x72c14:$a1: ).RequestResend
    • 0x67149:$a2: ).GetPrivInfo
    Process Memory Space: FQElDjFG5t.exe PID: 616JoeSecurity_SliverYara detected Sliver ImplantsJoe Security
      Process Memory Space: FQElDjFG5t.exe PID: 616Multi_Trojan_Bishopsliver_42298c4aunknownunknown
      • 0x4b19b:$a1: ).RequestResend
      • 0x7fff1:$a1: ).RequestResend
      • 0x3f6d0:$a2: ).GetPrivInfo
      • 0x74b59:$a2: ).GetPrivInfo

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      0.2.FQElDjFG5t.exe.210000.0.unpackMulti_Trojan_Bishopsliver_42298c4aunknownunknown
      • 0xbe9a14:$a1: ).RequestResend
      • 0xbddf49:$a2: ).GetPrivInfo
      0.2.FQElDjFG5t.exe.210000.0.unpackINDICATOR_TOOL_SliverDetects Sliver implant cross-platform adversary emulation/red teamditekSHen
      • 0x95ded1:$s3: .WGTCPForwarder
      • 0x95e954:$s3: .WGTCPForwarder
      • 0x9602eb:$s3: .WGTCPForwarder
      • 0x960dc0:$s3: .WGTCPForwarder
      • 0x962f7c:$s3: .WGTCPForwarder
      • 0x963c38:$s3: .WGTCPForwarder
      • 0x95a8d0:$s6: .BackdoorReq
      • 0x95de2f:$s7: .ProcessDumpReq
      • 0x960108:$s8: .InvokeSpawnDllReq
      • 0x9563ff:$s9: .SpawnDll
      • 0x95aa08:$s9: .SpawnDll
      0.0.FQElDjFG5t.exe.210000.0.unpackMulti_Trojan_Bishopsliver_42298c4aunknownunknown
      • 0xbe9a14:$a1: ).RequestResend
      • 0xbddf49:$a2: ).GetPrivInfo
      0.0.FQElDjFG5t.exe.210000.0.unpackINDICATOR_TOOL_SliverDetects Sliver implant cross-platform adversary emulation/red teamditekSHen
      • 0x95ded1:$s3: .WGTCPForwarder
      • 0x95e954:$s3: .WGTCPForwarder
      • 0x9602eb:$s3: .WGTCPForwarder
      • 0x960dc0:$s3: .WGTCPForwarder
      • 0x962f7c:$s3: .WGTCPForwarder
      • 0x963c38:$s3: .WGTCPForwarder
      • 0x95a8d0:$s6: .BackdoorReq
      • 0x95de2f:$s7: .ProcessDumpReq
      • 0x960108:$s8: .InvokeSpawnDllReq
      • 0x9563ff:$s9: .SpawnDll
      • 0x95aa08:$s9: .SpawnDll

      Sigma Signatures

      No Sigma rule has matched

      Snort Signatures

      No Snort rule has matched

      Joe Sandbox Signatures

      Click to jump to signature section

      Show All Signature Results

      AV Detection

      barindex
      Source: FQElDjFG5t.exeReversingLabs: Detection: 50%
      Source: FQElDjFG5t.exeVirustotal: Detection: 59%Perma Link
      Source: FQElDjFG5t.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
      Source: C:\Users\user\Desktop\FQElDjFG5t.exeCode function: 4x nop then mov rdi, 0000800000000000h0_2_00237120
      Source: C:\Users\user\Desktop\FQElDjFG5t.exeCode function: 4x nop then mov rsi, r90_2_00237EC0
      Source: global trafficTCP traffic: 192.168.2.5:49705 -> 94.198.53.143:8888
      Source: unknownTCP traffic detected without corresponding DNS query: 94.198.53.143
      Source: unknownTCP traffic detected without corresponding DNS query: 94.198.53.143
      Source: unknownTCP traffic detected without corresponding DNS query: 94.198.53.143
      Source: unknownTCP traffic detected without corresponding DNS query: 94.198.53.143
      Source: unknownTCP traffic detected without corresponding DNS query: 94.198.53.143
      Source: unknownTCP traffic detected without corresponding DNS query: 94.198.53.143
      Source: unknownTCP traffic detected without corresponding DNS query: 94.198.53.143
      Source: unknownTCP traffic detected without corresponding DNS query: 94.198.53.143
      Source: unknownTCP traffic detected without corresponding DNS query: 94.198.53.143
      Source: unknownTCP traffic detected without corresponding DNS query: 94.198.53.143
      Source: unknownTCP traffic detected without corresponding DNS query: 94.198.53.143
      Source: unknownTCP traffic detected without corresponding DNS query: 94.198.53.143
      Source: unknownTCP traffic detected without corresponding DNS query: 94.198.53.143
      Source: unknownTCP traffic detected without corresponding DNS query: 94.198.53.143
      Source: FQElDjFG5t.exe, 00000000.00000002.3280051062.000000C00016C000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: GetRawInputDatamemstr_4b7d096d-5

      System Summary

      barindex
      Source: FQElDjFG5t.exe, type: SAMPLEMatched rule: Multi_Trojan_Bishopsliver_42298c4a Author: unknown
      Source: FQElDjFG5t.exe, type: SAMPLEMatched rule: Detects Sliver implant cross-platform adversary emulation/red team Author: ditekSHen
      Source: 0.2.FQElDjFG5t.exe.210000.0.unpack, type: UNPACKEDPEMatched rule: Multi_Trojan_Bishopsliver_42298c4a Author: unknown
      Source: 0.2.FQElDjFG5t.exe.210000.0.unpack, type: UNPACKEDPEMatched rule: Detects Sliver implant cross-platform adversary emulation/red team Author: ditekSHen
      Source: 0.0.FQElDjFG5t.exe.210000.0.unpack, type: UNPACKEDPEMatched rule: Multi_Trojan_Bishopsliver_42298c4a Author: unknown
      Source: 0.0.FQElDjFG5t.exe.210000.0.unpack, type: UNPACKEDPEMatched rule: Detects Sliver implant cross-platform adversary emulation/red team Author: ditekSHen
      Source: 00000000.00000002.3278823516.0000000000D88000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Multi_Trojan_Bishopsliver_42298c4a Author: unknown
      Source: 00000000.00000000.2020196596.0000000000D88000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Multi_Trojan_Bishopsliver_42298c4a Author: unknown
      Source: Process Memory Space: FQElDjFG5t.exe PID: 616, type: MEMORYSTRMatched rule: Multi_Trojan_Bishopsliver_42298c4a Author: unknown
      Source: FQElDjFG5t.exe, type: SAMPLEMatched rule: Multi_Trojan_Bishopsliver_42298c4a reference_sample = 3b45aae401ac64c055982b5f3782a3c4c892bdb9f9a5531657d50c27497c8007, os = multi, severity = x86, creation_date = 2021-10-20, scan_context = file, memory, license = Elastic License v2, threat_name = Multi.Trojan.Bishopsliver, fingerprint = 0734b090ea10abedef4d9ed48d45c834dd5cf8e424886a5be98e484f69c5e12a, id = 42298c4a-fcea-4c5a-b213-32db00e4eb5a, last_modified = 2022-01-14
      Source: FQElDjFG5t.exe, type: SAMPLEMatched rule: INDICATOR_TOOL_Sliver author = ditekSHen, description = Detects Sliver implant cross-platform adversary emulation/red team
      Source: 0.2.FQElDjFG5t.exe.210000.0.unpack, type: UNPACKEDPEMatched rule: Multi_Trojan_Bishopsliver_42298c4a reference_sample = 3b45aae401ac64c055982b5f3782a3c4c892bdb9f9a5531657d50c27497c8007, os = multi, severity = x86, creation_date = 2021-10-20, scan_context = file, memory, license = Elastic License v2, threat_name = Multi.Trojan.Bishopsliver, fingerprint = 0734b090ea10abedef4d9ed48d45c834dd5cf8e424886a5be98e484f69c5e12a, id = 42298c4a-fcea-4c5a-b213-32db00e4eb5a, last_modified = 2022-01-14
      Source: 0.2.FQElDjFG5t.exe.210000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_TOOL_Sliver author = ditekSHen, description = Detects Sliver implant cross-platform adversary emulation/red team
      Source: 0.0.FQElDjFG5t.exe.210000.0.unpack, type: UNPACKEDPEMatched rule: Multi_Trojan_Bishopsliver_42298c4a reference_sample = 3b45aae401ac64c055982b5f3782a3c4c892bdb9f9a5531657d50c27497c8007, os = multi, severity = x86, creation_date = 2021-10-20, scan_context = file, memory, license = Elastic License v2, threat_name = Multi.Trojan.Bishopsliver, fingerprint = 0734b090ea10abedef4d9ed48d45c834dd5cf8e424886a5be98e484f69c5e12a, id = 42298c4a-fcea-4c5a-b213-32db00e4eb5a, last_modified = 2022-01-14
      Source: 0.0.FQElDjFG5t.exe.210000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_TOOL_Sliver author = ditekSHen, description = Detects Sliver implant cross-platform adversary emulation/red team
      Source: 00000000.00000002.3278823516.0000000000D88000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Multi_Trojan_Bishopsliver_42298c4a reference_sample = 3b45aae401ac64c055982b5f3782a3c4c892bdb9f9a5531657d50c27497c8007, os = multi, severity = x86, creation_date = 2021-10-20, scan_context = file, memory, license = Elastic License v2, threat_name = Multi.Trojan.Bishopsliver, fingerprint = 0734b090ea10abedef4d9ed48d45c834dd5cf8e424886a5be98e484f69c5e12a, id = 42298c4a-fcea-4c5a-b213-32db00e4eb5a, last_modified = 2022-01-14
      Source: 00000000.00000000.2020196596.0000000000D88000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Multi_Trojan_Bishopsliver_42298c4a reference_sample = 3b45aae401ac64c055982b5f3782a3c4c892bdb9f9a5531657d50c27497c8007, os = multi, severity = x86, creation_date = 2021-10-20, scan_context = file, memory, license = Elastic License v2, threat_name = Multi.Trojan.Bishopsliver, fingerprint = 0734b090ea10abedef4d9ed48d45c834dd5cf8e424886a5be98e484f69c5e12a, id = 42298c4a-fcea-4c5a-b213-32db00e4eb5a, last_modified = 2022-01-14
      Source: Process Memory Space: FQElDjFG5t.exe PID: 616, type: MEMORYSTRMatched rule: Multi_Trojan_Bishopsliver_42298c4a reference_sample = 3b45aae401ac64c055982b5f3782a3c4c892bdb9f9a5531657d50c27497c8007, os = multi, severity = x86, creation_date = 2021-10-20, scan_context = file, memory, license = Elastic License v2, threat_name = Multi.Trojan.Bishopsliver, fingerprint = 0734b090ea10abedef4d9ed48d45c834dd5cf8e424886a5be98e484f69c5e12a, id = 42298c4a-fcea-4c5a-b213-32db00e4eb5a, last_modified = 2022-01-14
      Source: C:\Users\user\Desktop\FQElDjFG5t.exeCode function: 0_2_002568600_2_00256860
      Source: C:\Users\user\Desktop\FQElDjFG5t.exeCode function: 0_2_002160A00_2_002160A0
      Source: C:\Users\user\Desktop\FQElDjFG5t.exeCode function: 0_2_002580A00_2_002580A0
      Source: C:\Users\user\Desktop\FQElDjFG5t.exeCode function: 0_2_0021D1200_2_0021D120
      Source: C:\Users\user\Desktop\FQElDjFG5t.exeCode function: 0_2_002391200_2_00239120
      Source: C:\Users\user\Desktop\FQElDjFG5t.exeCode function: 0_2_002371200_2_00237120
      Source: C:\Users\user\Desktop\FQElDjFG5t.exeCode function: 0_2_002169800_2_00216980
      Source: C:\Users\user\Desktop\FQElDjFG5t.exeCode function: 0_2_002349800_2_00234980
      Source: C:\Users\user\Desktop\FQElDjFG5t.exeCode function: 0_2_0022E2600_2_0022E260
      Source: C:\Users\user\Desktop\FQElDjFG5t.exeCode function: 0_2_00256A400_2_00256A40
      Source: C:\Users\user\Desktop\FQElDjFG5t.exeCode function: 0_2_00224B400_2_00224B40
      Source: C:\Users\user\Desktop\FQElDjFG5t.exeCode function: 0_2_0021BBA00_2_0021BBA0
      Source: C:\Users\user\Desktop\FQElDjFG5t.exeCode function: 0_2_002433C00_2_002433C0
      Source: C:\Users\user\Desktop\FQElDjFG5t.exeCode function: 0_2_0022BCA00_2_0022BCA0
      Source: C:\Users\user\Desktop\FQElDjFG5t.exeCode function: 0_2_00233CC00_2_00233CC0
      Source: C:\Users\user\Desktop\FQElDjFG5t.exeCode function: 0_2_0022F5200_2_0022F520
      Source: C:\Users\user\Desktop\FQElDjFG5t.exeCode function: 0_2_0021C5600_2_0021C560
      Source: C:\Users\user\Desktop\FQElDjFG5t.exeCode function: 0_2_002405600_2_00240560
      Source: C:\Users\user\Desktop\FQElDjFG5t.exeCode function: 0_2_002375A00_2_002375A0
      Source: C:\Users\user\Desktop\FQElDjFG5t.exeCode function: 0_2_00223E600_2_00223E60
      Source: C:\Users\user\Desktop\FQElDjFG5t.exeCode function: 0_2_00216E400_2_00216E40
      Source: C:\Users\user\Desktop\FQElDjFG5t.exeCode function: 0_2_00237EC00_2_00237EC0
      Source: C:\Users\user\Desktop\FQElDjFG5t.exeCode function: 0_2_002197400_2_00219740
      Source: C:\Users\user\Desktop\FQElDjFG5t.exeCode function: 0_2_00253FA00_2_00253FA0
      Source: C:\Users\user\Desktop\FQElDjFG5t.exeCode function: 0_2_00228F800_2_00228F80
      Source: C:\Users\user\Desktop\FQElDjFG5t.exeCode function: 0_2_00245FE00_2_00245FE0
      Source: C:\Users\user\Desktop\FQElDjFG5t.exeCode function: String function: 002572E0 appears 37 times
      Source: C:\Users\user\Desktop\FQElDjFG5t.exeCode function: String function: 00242BC0 appears 304 times
      Source: FQElDjFG5t.exeReversingLabs: Detection: 50%
      Source: FQElDjFG5t.exeVirustotal: Detection: 59%
      Source: C:\Users\user\Desktop\FQElDjFG5t.exeFile read: C:\Users\user\Desktop\FQElDjFG5t.exeJump to behavior
      Source: FQElDjFG5t.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
      Source: C:\Users\user\Desktop\FQElDjFG5t.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
      Source: C:\Users\user\Desktop\FQElDjFG5t.exeFile opened: C:\Windows\system32\32d5d4ec2242a952d34df308cf2233ed2d63c0984b18cb8445435f26968b52e0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJump to behavior
      Source: classification engineClassification label: mal68.troj.evad.winEXE@1/0@0/1
      Source: FQElDjFG5t.exeStatic file information: File size 15886848 > 1048576
      Source: FQElDjFG5t.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
      Source: FQElDjFG5t.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x93e800
      Source: FQElDjFG5t.exeStatic PE information: Raw size of .rdata is bigger than: 0x100000 < 0x57e800
      Source: FQElDjFG5t.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
      Source: FQElDjFG5t.exeStatic PE information: section name: .symtab
      Source: C:\Users\user\Desktop\FQElDjFG5t.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\FQElDjFG5t.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
      Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
      Source: C:\Users\user\Desktop\FQElDjFG5t.exeCode function: 0_2_0026B7A0 rdtscp0_2_0026B7A0
      Source: FQElDjFG5t.exe, 00000000.00000002.3280763749.000001B6C116C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllII

      Anti Debugging

      barindex
      Source: C:\Users\user\Desktop\FQElDjFG5t.exeCode function: 0_2_0026B7A0 Start: 0026B7A9 End: 0026B7BF0_2_0026B7A0
      Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
      Source: C:\Users\user\Desktop\FQElDjFG5t.exeCode function: 0_2_0026B7A0 rdtscp0_2_0026B7A0
      Source: C:\Users\user\Desktop\FQElDjFG5t.exeQueries volume information: C:\Users\user\Desktop\FQElDjFG5t.exe VolumeInformationJump to behavior

      Stealing of Sensitive Information

      barindex
      Source: Yara matchFile source: 00000000.00000002.3280051062.000000C00010E000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: Process Memory Space: FQElDjFG5t.exe PID: 616, type: MEMORYSTR

      Remote Access Functionality

      barindex
      Source: Yara matchFile source: 00000000.00000002.3280051062.000000C00010E000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: Process Memory Space: FQElDjFG5t.exe PID: 616, type: MEMORYSTR

      Mitre Att&ck Matrix

      Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpactResource DevelopmentReconnaissance
      Valid AccountsWindows Management InstrumentationPath InterceptionPath Interception1
      Deobfuscate/Decode Files or Information      		11
      Input Capture      		11
      Security Software Discovery      		Remote Services11
      Input Capture      		Exfiltration Over Other Network Medium1
      Encrypted Channel      		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationAbuse Accessibility FeaturesAcquire InfrastructureGather Victim Identity Information
      Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts2
      Obfuscated Files or Information      		LSASS Memory12
      System Information Discovery      		Remote Desktop Protocol1
      Archive Collected Data      		Exfiltration Over Bluetooth1
      Non-Standard Port      		SIM Card SwapObtain Device Cloud BackupsNetwork Denial of ServiceDomainsCredentials

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet
      behaviorgraph top1 signatures2 2 Behavior Graph ID: 1352543 Sample: FQElDjFG5t.exe Startdate: 03/12/2023 Architecture: WINDOWS Score: 68 11 Malicious sample detected (through community Yara rule) 2->11 13 Multi AV Scanner detection for submitted file 2->13 15 Yara detected Sliver Implants 2->15 5 FQElDjFG5t.exe 2->5         started        process3 dnsIp4 9 94.198.53.143, 49705, 49713, 49716 DHUBRU Russian Federation 5->9 17 Potentially malicious time measurement code found 5->17 signatures5

      Screenshots

      Download Video

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      FQElDjFG5t.exe50%ReversingLabsWin64.Trojan.TangoMarte
      FQElDjFG5t.exe60%VirustotalBrowse

      Dropped Files

      No Antivirus matches

      Unpacked PE Files

      No Antivirus matches

      Domains

      No Antivirus matches

      URLs

      No Antivirus matches

      Domains and IPs

      Download Network PCAP: filteredfull

      Contacted Domains

      No contacted domains info

      World Map of Contacted IPs

      • No. of IPs < 25%
      • 25% < No. of IPs < 50%
      • 50% < No. of IPs < 75%
      • 75% < No. of IPs

      Public IPs

      IPDomainCountryFlagASNASN NameMalicious
      94.198.53.143
      		unknownRussian Federation
      		56694DHUBRUfalse

      General Information

      Joe Sandbox Version:38.0.0 Ammolite
      Analysis ID:1352543
      Start date and time:2023-12-03 14:50:10 +01:00
      Joe Sandbox Product:CloudBasic
      Overall analysis duration:0h 5m 22s
      Hypervisor based Inspection enabled:false
      Report type:full
      Cookbook file name:default.jbs
      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
      Number of analysed new started processes analysed:4
      Number of new started drivers analysed:0
      Number of existing processes analysed:0
      Number of existing drivers analysed:0
      Number of injected processes analysed:0
      Technologies:
      • HCA enabled
      • EGA enabled
      • AMSI enabled
      Analysis Mode:default
      Analysis stop reason:Timeout
      Sample file name:FQElDjFG5t.exe
      renamed because original name is a hash value
      Original Sample Name:6b44d99b258c275ee7fcf230da177f3e.exe
      Detection:MAL
      Classification:mal68.troj.evad.winEXE@1/0@0/1
      EGA Information:Failed
      HCA Information:Failed
      Cookbook Comments:
      • Found application associated with file extension: .exe
      • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
      • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
      • Execution Graph export aborted for target FQElDjFG5t.exe, PID 616 because there are no executed function

      Simulations

      Behavior and APIs

      No simulations

      Joe Sandbox View / Context

      IPs

      No context

      Domains

      No context

      ASNs

      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
      DHUBRU6.exeGet hashmaliciousUnknownBrowse
      • 188.127.230.235
      https://www.thestageonbroadway.comGet hashmaliciousUnknownBrowse
      • 188.127.230.189
      HCLcleanupcachecookiebacupcleanall.docGet hashmaliciousRemcosBrowse
      • 188.127.249.32
      approval_order_PO.docx.docGet hashmaliciousRemcosBrowse
      • 188.127.249.32
      https://andreeasasser.comGet hashmaliciousUnknownBrowse
      • 188.127.230.189
      http://www.southportland.orgGet hashmaliciousUnknownBrowse
      • 188.127.231.166
      http://gnavigatio.comGet hashmaliciousUnknownBrowse
      • 188.127.227.131
      n3azp2aT3v.exeGet hashmaliciousUnknownBrowse
      • 94.198.50.231
      n3azp2aT3v.exeGet hashmaliciousUnknownBrowse
      • 94.198.50.231
      iIxNeD04JI.exeGet hashmaliciousUnknownBrowse
      • 94.198.50.231
      iIxNeD04JI.exeGet hashmaliciousUnknownBrowse
      • 94.198.50.231
      Browser_updates_14.0.6336.jsGet hashmaliciousNetSupport RATBrowse
      • 188.127.230.98
      https://cristinaamaro.com/cdn/help.php?671Get hashmaliciousNetSupport RATBrowse
      • 188.127.230.98
      Hilix.mips.elfGet hashmaliciousMiraiBrowse
      • 91.199.137.77
      Chrome_update.jsGet hashmaliciousNetSupport RATBrowse
      • 188.127.227.119
      Remittance76_PO_876543.htmGet hashmaliciousUnknownBrowse
      • 188.127.227.223
      Remittance76_PO_876543.htmGet hashmaliciousUnknownBrowse
      • 188.127.227.223
      8zUWZCJ5Ze.elfGet hashmaliciousMiraiBrowse
      • 91.199.137.62
      24a93ddf60120497dd5848ec03147621840eb5b371d81.exeGet hashmaliciousNetSupport RATBrowse
      • 185.9.147.202
      24a93ddf60120497dd5848ec03147621840eb5b371d81.exeGet hashmaliciousNetSupport RATBrowse
      • 185.9.147.202

      JA3 Fingerprints

      No context

      Dropped Files

      No context

      Created / dropped Files

      No created / dropped files found

      Static File Info

      General

      File type:PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
      Entropy (8bit):6.118170899262842
      TrID:
      • Win64 Executable (generic) (12005/4) 74.95%
      • Generic Win/DOS Executable (2004/3) 12.51%
      • DOS Executable Generic (2002/1) 12.50%
      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.04%
      File name:FQElDjFG5t.exe
      File size:15'886'848 bytes
      MD5:6b44d99b258c275ee7fcf230da177f3e
      SHA1:833a461f6d479d164b453cc9f5f51259d991b1b7
      SHA256:1aecadf489a6dd7a3a6e5dfda9425673a9d04d38a5cb6b0b8f961536c11237ed
      SHA512:5ed0cb03aa7f84445cd45e51836deb95fb62b9cb6b578f1ee173639464ea850b68ad27f79160207895f92b0cebda6972cfa5937bbd6bb28d0cb074907cdfb8b0
      SSDEEP:98304:KXX+aiZFtuYvgK408HLwkoS9fye+ZV6zEmHyd6ceCSGp:K0tzvf4bHUkT9fd+ZdmPk
      TLSH:9BF61A03F8951594C4F9D1B489218262FA70785C0B7973DF6BA1F7B42B327E09EBA790
      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d........h........".................@.........@...........................................`... ............................

      File Icon

      Icon Hash:00928e8e8686b000

      Static PE Info

      General

      Entrypoint:0x45d040
      Entrypoint Section:.text
      Digitally signed:false
      Imagebase:0x400000
      Subsystem:windows gui
      Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, DEBUG_STRIPPED
      DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
      Time Stamp:0x0 [Thu Jan 1 00:00:00 1970 UTC]
      TLS Callbacks:
      CLR (.Net) Version:
      OS Version Major:6
      OS Version Minor:1
      File Version Major:6
      File Version Minor:1
      Subsystem Version Major:6
      Subsystem Version Minor:1
      Import Hash:f0ea7b7844bbc5bfa9bb32efdcea957c
      Instruction
      jmp 00007F947CE227B0h
      int3
      int3
      int3
      int3
      int3
      int3
      int3
      int3
      int3
      int3
      int3
      int3
      int3
      int3
      int3
      int3
      int3
      int3
      int3
      int3
      int3
      int3
      int3
      int3
      int3
      int3
      int3
      pushfd
      cld
      dec eax
      sub esp, 000000E0h
      dec eax
      mov dword ptr [esp], edi
      dec eax
      mov dword ptr [esp+08h], esi
      dec eax
      mov dword ptr [esp+10h], ebp
      dec eax
      mov dword ptr [esp+18h], ebx
      dec esp
      mov dword ptr [esp+20h], esp
      dec esp
      mov dword ptr [esp+28h], ebp
      dec esp
      mov dword ptr [esp+30h], esi
      dec esp
      mov dword ptr [esp+38h], edi
      movups dqword ptr [esp+40h], xmm6
      movups dqword ptr [esp+50h], xmm7
      inc esp
      movups dqword ptr [esp+60h], xmm0
      inc esp
      movups dqword ptr [esp+70h], xmm1
      inc esp
      movups dqword ptr [esp+00000080h], xmm2
      inc esp
      movups dqword ptr [esp+00000090h], xmm3
      inc esp
      movups dqword ptr [esp+000000A0h], xmm4
      inc esp
      movups dqword ptr [esp+000000B0h], xmm5
      inc esp
      movups dqword ptr [esp+000000C0h], xmm6
      inc esp
      movups dqword ptr [esp+000000D0h], xmm7
      dec eax
      sub esp, 30h
      dec ecx
      mov ebp, ecx
      dec ecx
      mov edi, eax
      dec eax
      mov edx, dword ptr [00EFDBE3h]
      dec eax
      mov edx, dword ptr [edx]
      dec eax
      cmp edx, 00000000h
      jne 00007F947CE2647Eh
      dec eax
      mov eax, 00000000h
      jmp 00007F947CE26543h
      dec eax
      mov edx, dword ptr [edx]
      dec eax
      NameVirtual AddressVirtual Size Is in Section
      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
      IMAGE_DIRECTORY_ENTRY_IMPORT0xf6f0000x490.idata
      IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
      IMAGE_DIRECTORY_ENTRY_BASERELOC0xf700000x279b0.reloc
      IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
      IMAGE_DIRECTORY_ENTRY_IAT0xebf0400x148.data
      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

      Sections

      NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
      .text0x10000x93e7fd0x93e800unknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
      .rdata0x9400000x57e7880x57e800unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
      .data0xebf0000xaf3500x41200False0.38803832773512476data4.773375836859468IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
      .idata0xf6f0000x4900x600False0.3372395833333333data3.6139814069913854IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
      .reloc0xf700000x279b00x27a00False0.13942355086750788data5.4438349548067215IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
      .symtab0xf980000x40x200False0.02734375data0.020393135236084953IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
      DLLImport
      kernel32.dllWriteFile, WriteConsoleW, WaitForMultipleObjects, WaitForSingleObject, VirtualQuery, VirtualFree, VirtualAlloc, TlsAlloc, SwitchToThread, SuspendThread, SetWaitableTimer, SetUnhandledExceptionFilter, SetProcessPriorityBoost, SetEvent, SetErrorMode, SetConsoleCtrlHandler, ResumeThread, PostQueuedCompletionStatus, LoadLibraryA, LoadLibraryW, SetThreadContext, GetThreadContext, GetSystemInfo, GetSystemDirectoryA, GetStdHandle, GetQueuedCompletionStatusEx, GetProcessAffinityMask, GetProcAddress, GetEnvironmentStringsW, GetConsoleMode, FreeEnvironmentStringsW, ExitProcess, DuplicateHandle, CreateWaitableTimerExW, CreateThread, CreateIoCompletionPort, CreateFileA, CreateEventA, CloseHandle, AddVectoredExceptionHandler

      Network Behavior

      Download Network PCAP: filteredfull

      TimestampSource PortDest PortSource IPDest IP
      Dec 3, 2023 14:51:00.311356068 CET497058888192.168.2.594.198.53.143
      Dec 3, 2023 14:51:00.519615889 CET88884970594.198.53.143192.168.2.5
      Dec 3, 2023 14:51:01.030443907 CET497058888192.168.2.594.198.53.143
      Dec 3, 2023 14:51:01.240024090 CET88884970594.198.53.143192.168.2.5
      Dec 3, 2023 14:51:01.749279022 CET497058888192.168.2.594.198.53.143
      Dec 3, 2023 14:51:01.957565069 CET88884970594.198.53.143192.168.2.5
      Dec 3, 2023 14:51:02.467902899 CET497058888192.168.2.594.198.53.143
      Dec 3, 2023 14:51:02.676217079 CET88884970594.198.53.143192.168.2.5
      Dec 3, 2023 14:51:03.186655045 CET497058888192.168.2.594.198.53.143
      Dec 3, 2023 14:51:03.395139933 CET88884970594.198.53.143192.168.2.5
      Dec 3, 2023 14:52:03.397701979 CET497138888192.168.2.594.198.53.143
      Dec 3, 2023 14:52:03.605952024 CET88884971394.198.53.143192.168.2.5
      Dec 3, 2023 14:52:04.115473986 CET497138888192.168.2.594.198.53.143
      Dec 3, 2023 14:52:04.328780890 CET88884971394.198.53.143192.168.2.5
      Dec 3, 2023 14:52:04.834007978 CET497138888192.168.2.594.198.53.143
      Dec 3, 2023 14:52:05.042041063 CET88884971394.198.53.143192.168.2.5
      Dec 3, 2023 14:52:05.552767038 CET497138888192.168.2.594.198.53.143
      Dec 3, 2023 14:52:05.768969059 CET88884971394.198.53.143192.168.2.5
      Dec 3, 2023 14:52:06.271625042 CET497138888192.168.2.594.198.53.143
      Dec 3, 2023 14:52:06.479882002 CET88884971394.198.53.143192.168.2.5
      Dec 3, 2023 14:53:06.482491970 CET497168888192.168.2.594.198.53.143
      Dec 3, 2023 14:53:06.690773964 CET88884971694.198.53.143192.168.2.5
      Dec 3, 2023 14:53:07.201913118 CET497168888192.168.2.594.198.53.143
      Dec 3, 2023 14:53:07.410693884 CET88884971694.198.53.143192.168.2.5
      Dec 3, 2023 14:53:07.920677900 CET497168888192.168.2.594.198.53.143
      Dec 3, 2023 14:53:08.158020020 CET88884971694.198.53.143192.168.2.5
      Dec 3, 2023 14:53:08.670706987 CET497168888192.168.2.594.198.53.143

      Statistics

      CPU Usage

      050100s020406080100

      Click to jump to process

      Memory Usage

      050100s0.005101520MB

      Click to jump to process

      High Level Behavior Distribution

      • File
      • Network

      Click to dive into process behavior distribution

      System Behavior

      General

      Target ID:0
      Start time:14:50:59
      Start date:03/12/2023
      Path:C:\Users\user\Desktop\FQElDjFG5t.exe
      Wow64 process (32bit):false
      Commandline:C:\Users\user\Desktop\FQElDjFG5t.exe
      Imagebase:0x210000
      File size:15'886'848 bytes
      MD5 hash:6B44D99B258C275EE7FCF230DA177F3E
      Has elevated privileges:true
      Has administrator privileges:true
      Programmed in:Go lang
      Yara matches:
      • Rule: JoeSecurity_Sliver, Description: Yara detected Sliver Implants, Source: 00000000.00000002.3280051062.000000C00010E000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
      • Rule: Multi_Trojan_Bishopsliver_42298c4a, Description: unknown, Source: 00000000.00000002.3278823516.0000000000D88000.00000002.00000001.01000000.00000003.sdmp, Author: unknown
      • Rule: Multi_Trojan_Bishopsliver_42298c4a, Description: unknown, Source: 00000000.00000000.2020196596.0000000000D88000.00000002.00000001.01000000.00000003.sdmp, Author: unknown
      Reputation:low
      Has exited:false
      Show Windows behavior

      File Activities

      Show Windows behavior

      Section Activities

      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
      Show Windows behavior

      Process Activities

      Show Windows behavior

      Thread Activities

      Show Windows behavior

      Memory Activities

      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
      Show Windows behavior

      Network Activities


      Disassembly

      Non-executed Functions

      Strings
      • mallocgc called without a P or outside bootstrappingruntime.SetFinalizer: pointer not in allocated blockspan set block with unpopped elements found in resetcompileCallback: argument size is larger than uintptrgcControllerState.findRunnable: blackening not enab, xrefs: 0021CD3F
      • !"#$%%&&''((()))*++,,,,,------....//////0001123333333333444444444455666677777888888888889999999999::::::;;;;;;;;;;;;;;;;<<<<<<<<<<<<<<<<=====>>>>>>>>>>>??????????@@@@@@@@@@@@@@@@@@@@@@AAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC, xrefs: 0021C8CD
      • malloc during signalnotetsleep not on g0p mcache not flushedreflect.makeFuncStubruntime: double waitselectgo: bad wakeupsemaRoot rotateRighttrace: out of memorywirep: already in goworkbuf is not emptyws2_32.dll not foundExtensionRangeOptionsasync stack too lar, xrefs: 0021CD50
      • malloc deadlockmisaligned maskmissing mcache?preempt SPWRITErecovery failedruntime error: runtimer: bad pscan missed a gstartm: m has pstopm holding psync.Mutex.Locktraceback stuck, not a function0123456789ABCDEF0123456789abcdefGC scavenge waitGC worker (idle), xrefs: 0021CD65
      • mallocgc called with gcphase == _GCmarkterminationrecursive call during initialization - linker skewruntime: unable to acquire - semaphore out of syncfatal: systemstack called from unexpected goroutinelimiterEvent.stop: invalid limiter event type foundpotentia, xrefs: 0021CD76
      • delayed zeroing on data that may contain pointersfully empty unfreed span set block found in resetinvalid memory address or nil pointer dereferencepanicwrap: unexpected string after package name: runtime.reflect_makemap: unsupported map key typeruntime: unexpe, xrefs: 0021CCF7
      Memory Dump Source
      • Source File: 00000000.00000002.3278312667.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
      • Associated: 00000000.00000002.3278294522.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D86000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D88000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279172615.00000000010CF000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279185545.00000000010DD000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279195325.00000000010DE000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279206570.00000000010DF000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279229186.0000000001102000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279242042.0000000001107000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000110A000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000113D000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.0000000001143000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000116A000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279329929.000000000117F000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279340387.0000000001180000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_210000_FQElDjFG5t.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID: !"#$%%&&''((()))*++,,,,,------....//////0001123333333333444444444455666677777888888888889999999999::::::;;;;;;;;;;;;;;;;<<<<<<<<<<<<<<<<=====>>>>>>>>>>>??????????@@@@@@@@@@@@@@@@@@@@@@AAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC$delayed zeroing on data that may contain pointersfully empty unfreed span set block found in resetinvalid memory address or nil pointer dereferencepanicwrap: unexpected string after package name: runtime.reflect_makemap: unsupported map key typeruntime: unexpe$malloc deadlockmisaligned maskmissing mcache?preempt SPWRITErecovery failedruntime error: runtimer: bad pscan missed a gstartm: m has pstopm holding psync.Mutex.Locktraceback stuck, not a function0123456789ABCDEF0123456789abcdefGC scavenge waitGC worker (idle)$malloc during signalnotetsleep not on g0p mcache not flushedreflect.makeFuncStubruntime: double waitselectgo: bad wakeupsemaRoot rotateRighttrace: out of memorywirep: already in goworkbuf is not emptyws2_32.dll not foundExtensionRangeOptionsasync stack too lar$mallocgc called with gcphase == _GCmarkterminationrecursive call during initialization - linker skewruntime: unable to acquire - semaphore out of syncfatal: systemstack called from unexpected goroutinelimiterEvent.stop: invalid limiter event type foundpotentia$mallocgc called without a P or outside bootstrappingruntime.SetFinalizer: pointer not in allocated blockspan set block with unpopped elements found in resetcompileCallback: argument size is larger than uintptrgcControllerState.findRunnable: blackening not enab
      • API String ID: 0-101214207
      • Opcode ID: 0e473ff9c561d72fd1d1afa45c9f15abc78760d71a254a792b6b7ef71dcf6857
      • Instruction ID: 02e5c1ddbbe096b66ea0d91c4e4c6053133ecef19be0f853f8679ec5600eacae
      • Opcode Fuzzy Hash: 0e473ff9c561d72fd1d1afa45c9f15abc78760d71a254a792b6b7ef71dcf6857
      • Instruction Fuzzy Hash: 9122F27A268B9482DB14CF15E0407EABBA5F3A8BD4F645122EF8D07755CB78C8E4CB40
      Uniqueness

      Uniqueness Score: -1.00%

      Strings
      • misrounded allocation in sysAllocruntime: failed to decommit pagesruntime: name offset out of rangeruntime: text offset out of rangeruntime: type offset out of rangeslice bounds out of range [%x:%y]stackalloc not on scheduler stackstoplockedm: inconsistent loc, xrefs: 0021C23A
      • memory reservation exceeds address space limitpanicwrap: unexpected string after type name: released less than one physical page of memoryruntime: name offset base pointer out of rangeruntime: text offset base pointer out of rangeruntime: type offset base poin, xrefs: 0021C24B
      • out of memory allocating heap arena mapruntime: blocked write on free polldescstack growth not allowed in system callsuspendG from non-preemptible goroutinetrailing backslash at end of expressionbulkBarrierPreWrite: unaligned argumentscannot free workbufs when, xrefs: 0021BF68
      • out of memory allocating heap arena metadataspan on userArena.faultList has invalid sizeunsafe.Slice: ptr is nil and len is not zeroexitsyscall: syscall frame is no longer validproduced a trigger greater than the heap goaltransitioning GC to the same state as , xrefs: 0021BF46
      • out of memory allocating allArenasruntime.SetFinalizer: cannot pass runtime: g is running but p is notschedule: spinning with local workslice bounds out of range [%x:%y:]slice bounds out of range [:%x:%y]attempt to clear non-empty span setfindrunnable: netpoll, xrefs: 0021BF35
      Memory Dump Source
      • Source File: 00000000.00000002.3278312667.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
      • Associated: 00000000.00000002.3278294522.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D86000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D88000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279172615.00000000010CF000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279185545.00000000010DD000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279195325.00000000010DE000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279206570.00000000010DF000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279229186.0000000001102000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279242042.0000000001107000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000110A000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000113D000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.0000000001143000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000116A000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279329929.000000000117F000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279340387.0000000001180000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_210000_FQElDjFG5t.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID: memory reservation exceeds address space limitpanicwrap: unexpected string after type name: released less than one physical page of memoryruntime: name offset base pointer out of rangeruntime: text offset base pointer out of rangeruntime: type offset base poin$misrounded allocation in sysAllocruntime: failed to decommit pagesruntime: name offset out of rangeruntime: text offset out of rangeruntime: type offset out of rangeslice bounds out of range [%x:%y]stackalloc not on scheduler stackstoplockedm: inconsistent loc$out of memory allocating allArenasruntime.SetFinalizer: cannot pass runtime: g is running but p is notschedule: spinning with local workslice bounds out of range [%x:%y:]slice bounds out of range [:%x:%y]attempt to clear non-empty span setfindrunnable: netpoll$out of memory allocating heap arena mapruntime: blocked write on free polldescstack growth not allowed in system callsuspendG from non-preemptible goroutinetrailing backslash at end of expressionbulkBarrierPreWrite: unaligned argumentscannot free workbufs when$out of memory allocating heap arena metadataspan on userArena.faultList has invalid sizeunsafe.Slice: ptr is nil and len is not zeroexitsyscall: syscall frame is no longer validproduced a trigger greater than the heap goaltransitioning GC to the same state as
      • API String ID: 0-1643033615
      • Opcode ID: ce10a2faa6ffb2736525d080221c15718faaa40f7fe48bda1b522bdefbe25f75
      • Instruction ID: a4bac948091c3992fc3db30ac824aa5aa89b4f747d5971065a8112e2859de05e
      • Opcode Fuzzy Hash: ce10a2faa6ffb2736525d080221c15718faaa40f7fe48bda1b522bdefbe25f75
      • Instruction Fuzzy Hash: 35F1AC36618B8482DB648F52E4403EAB7A5F399B94F448222EFAD53789CF7CC495CB40
      Uniqueness

      Uniqueness Score: -1.00%

      Strings
      • gc done but gcphase != _GCoffgfput: bad status (not Gdead)invalid character class rangeinvalid function symbol tableinvalid length of trace eventneed padding in bucket (elem)notesleep - waitm out of syncruntime.semasleep wait_failedruntime: impossible type kin, xrefs: 0022997D
      • ., xrefs: 00229666
      • failed to set sweep barriergcstopm: not waiting for gcgrowslice: len out of rangeinternal lockOSThread errorinvalid profile bucket typemakechan: size out of rangemakeslice: cap out of rangemakeslice: len out of rangemspan.sweep: bad span stateprogToPointerMask, xrefs: 0022996C
      • gcinggnamegroupgscanhchanhost@hostshttpsimap2imap3imapsint16int32int64json=kind=labelmatchmheapmkdirmonthmtimename=ndr:"no IPntohsoneofpanicparsepop3srangerouterune schedsleepslicesse41sse42ssse3startsudogsweeptext/tls: traceuint8unameusageutf-8valueweak=write, xrefs: 00229057, 0022906D
      Memory Dump Source
      • Source File: 00000000.00000002.3278312667.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
      • Associated: 00000000.00000002.3278294522.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D86000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D88000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279172615.00000000010CF000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279185545.00000000010DD000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279195325.00000000010DE000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279206570.00000000010DF000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279229186.0000000001102000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279242042.0000000001107000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000110A000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000113D000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.0000000001143000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000116A000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279329929.000000000117F000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279340387.0000000001180000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_210000_FQElDjFG5t.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID: .$failed to set sweep barriergcstopm: not waiting for gcgrowslice: len out of rangeinternal lockOSThread errorinvalid profile bucket typemakechan: size out of rangemakeslice: cap out of rangemakeslice: len out of rangemspan.sweep: bad span stateprogToPointerMask$gc done but gcphase != _GCoffgfput: bad status (not Gdead)invalid character class rangeinvalid function symbol tableinvalid length of trace eventneed padding in bucket (elem)notesleep - waitm out of syncruntime.semasleep wait_failedruntime: impossible type kin$gcinggnamegroupgscanhchanhost@hostshttpsimap2imap3imapsint16int32int64json=kind=labelmatchmheapmkdirmonthmtimename=ndr:"no IPntohsoneofpanicparsepop3srangerouterune schedsleepslicesse41sse42ssse3startsudogsweeptext/tls: traceuint8unameusageutf-8valueweak=write
      • API String ID: 0-2811292124
      • Opcode ID: a47648213e44e0b2cd38835db5e7a1d4737406afe4e14a8b1998d1afb585018a
      • Instruction ID: a87f68f972533781afc27b9d4f258469a9fb0326e302aa0de9417070933130a1
      • Opcode Fuzzy Hash: a47648213e44e0b2cd38835db5e7a1d4737406afe4e14a8b1998d1afb585018a
      • Instruction Fuzzy Hash: 6A42AE32618B8496EB15CF65F8803EAB3A5F78AB80F449226DB8D53765EF7DC494C700
      Uniqueness

      Uniqueness Score: -1.00%

      Strings
      • @w!, xrefs: 002172BD
      • G waiting list is corruptedaddress not a stack addresscould not find QPC syscallsexpression nests too deeplyfailed to set sweep barriergcstopm: not waiting for gcgrowslice: len out of rangeinternal lockOSThread errorinvalid profile bucket typemakechan: size ou, xrefs: 002173A4
      • unreachableabi mismatchbad flushGenbad g statusbad g0 stackbad recoverycan't happencas64 failedchan receivedumping heapentersyscallgcBitsArenaslfstack.pushmheapSpecialmspanSpecialself-preemptspanSetSpinesweepWaiterstraceStringsunexpected ) is nil, not , not po, xrefs: 00216FF0
      Memory Dump Source
      • Source File: 00000000.00000002.3278312667.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
      • Associated: 00000000.00000002.3278294522.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D86000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D88000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279172615.00000000010CF000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279185545.00000000010DD000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279195325.00000000010DE000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279206570.00000000010DF000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279229186.0000000001102000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279242042.0000000001107000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000110A000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000113D000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.0000000001143000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000116A000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279329929.000000000117F000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279340387.0000000001180000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_210000_FQElDjFG5t.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID: @w!$G waiting list is corruptedaddress not a stack addresscould not find QPC syscallsexpression nests too deeplyfailed to set sweep barriergcstopm: not waiting for gcgrowslice: len out of rangeinternal lockOSThread errorinvalid profile bucket typemakechan: size ou$unreachableabi mismatchbad flushGenbad g statusbad g0 stackbad recoverycan't happencas64 failedchan receivedumping heapentersyscallgcBitsArenaslfstack.pushmheapSpecialmspanSpecialself-preemptspanSetSpinesweepWaiterstraceStringsunexpected ) is nil, not , not po
      • API String ID: 0-1347575037
      • Opcode ID: 8df25ac7a03e1fe505576296fe86e7b4d42b685ab5aee26f2dab71778f45e3d4
      • Instruction ID: a916fa8039cad585aef4e0b22181374240871e7a422f6c1e50e3b51d018ea1db
      • Opcode Fuzzy Hash: 8df25ac7a03e1fe505576296fe86e7b4d42b685ab5aee26f2dab71778f45e3d4
      • Instruction Fuzzy Hash: 20029C72628B8486DB24DF25E44439EA7B1F799BC0F589025DE8C47B59CF79C8E5CB00
      Uniqueness

      Uniqueness Score: -1.00%

      Strings
      • @w!, xrefs: 002164AE
      • G waiting list is corruptedaddress not a stack addresscould not find QPC syscallsexpression nests too deeplyfailed to set sweep barriergcstopm: not waiting for gcgrowslice: len out of rangeinternal lockOSThread errorinvalid profile bucket typemakechan: size ou, xrefs: 00216686
      • unreachableabi mismatchbad flushGenbad g statusbad g0 stackbad recoverycan't happencas64 failedchan receivedumping heapentersyscallgcBitsArenaslfstack.pushmheapSpecialmspanSpecialself-preemptspanSetSpinesweepWaiterstraceStringsunexpected ) is nil, not , not po, xrefs: 0021619B
      Memory Dump Source
      • Source File: 00000000.00000002.3278312667.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
      • Associated: 00000000.00000002.3278294522.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D86000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D88000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279172615.00000000010CF000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279185545.00000000010DD000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279195325.00000000010DE000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279206570.00000000010DF000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279229186.0000000001102000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279242042.0000000001107000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000110A000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000113D000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.0000000001143000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000116A000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279329929.000000000117F000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279340387.0000000001180000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_210000_FQElDjFG5t.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID: @w!$G waiting list is corruptedaddress not a stack addresscould not find QPC syscallsexpression nests too deeplyfailed to set sweep barriergcstopm: not waiting for gcgrowslice: len out of rangeinternal lockOSThread errorinvalid profile bucket typemakechan: size ou$unreachableabi mismatchbad flushGenbad g statusbad g0 stackbad recoverycan't happencas64 failedchan receivedumping heapentersyscallgcBitsArenaslfstack.pushmheapSpecialmspanSpecialself-preemptspanSetSpinesweepWaiterstraceStringsunexpected ) is nil, not , not po
      • API String ID: 0-1347575037
      • Opcode ID: c4751e29e3f97bf0e4f963a0877252c1d2e944dd63c595520dd3de37cfd191db
      • Instruction ID: 56f4b4b9463fff8e56fe2b612578898d1c151b9562c19650092ecc293b30a577
      • Opcode Fuzzy Hash: c4751e29e3f97bf0e4f963a0877252c1d2e944dd63c595520dd3de37cfd191db
      • Instruction Fuzzy Hash: 3AF1D072224B84C6D7109F21E4443DEB7A1F799BE0F985225DA9C47B99CF79C8E4CB00
      Uniqueness

      Uniqueness Score: -1.00%

      Strings
      • reflect.methodValueCallruntime: internal errorruntime: netpoll faileds.allocCount > s.nelemsschedule: holding locksshrinkstack at bad timespan has no free stacksstack growth after forkwork.nwait > work.nprocbad defer entry in panicbypassed recovery failedcan't, xrefs: 002568CC
      • reflect mismatchschedule: in cgossh: MAC failureworkbuf is empty0123456789ABCDEFX: missing method GC assist markingbad TinySizeClassentersyscallblockg already scannedgp.waiting != nilkey align too biglocked m0 woke upmark - bad statusmarkBits overflowmissing c, xrefs: 002569DE, 00256A18
      • reflect.makeFuncStubruntime: double waitselectgo: bad wakeupsemaRoot rotateRighttrace: out of memorywirep: already in goworkbuf is not emptyws2_32.dll not foundExtensionRangeOptionsasync stack too largecheckdead: runnable gconcurrent map writesdefer on system , xrefs: 002568E6
      Memory Dump Source
      • Source File: 00000000.00000002.3278312667.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
      • Associated: 00000000.00000002.3278294522.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D86000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D88000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279172615.00000000010CF000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279185545.00000000010DD000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279195325.00000000010DE000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279206570.00000000010DF000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279229186.0000000001102000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279242042.0000000001107000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000110A000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000113D000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.0000000001143000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000116A000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279329929.000000000117F000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279340387.0000000001180000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_210000_FQElDjFG5t.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID: reflect mismatchschedule: in cgossh: MAC failureworkbuf is empty0123456789ABCDEFX: missing method GC assist markingbad TinySizeClassentersyscallblockg already scannedgp.waiting != nilkey align too biglocked m0 woke upmark - bad statusmarkBits overflowmissing c$reflect.makeFuncStubruntime: double waitselectgo: bad wakeupsemaRoot rotateRighttrace: out of memorywirep: already in goworkbuf is not emptyws2_32.dll not foundExtensionRangeOptionsasync stack too largecheckdead: runnable gconcurrent map writesdefer on system $reflect.methodValueCallruntime: internal errorruntime: netpoll faileds.allocCount > s.nelemsschedule: holding locksshrinkstack at bad timespan has no free stacksstack growth after forkwork.nwait > work.nprocbad defer entry in panicbypassed recovery failedcan't
      • API String ID: 0-3319628484
      • Opcode ID: 6fd36594a6b5bdd9bea86ef5ca11426470dbf57a6e3985906778bc6bc6556db7
      • Instruction ID: 80bf2e8e89fb062e768b28ff4149b245fb6e0c32f7012d888a9c326282fba485
      • Opcode Fuzzy Hash: 6fd36594a6b5bdd9bea86ef5ca11426470dbf57a6e3985906778bc6bc6556db7
      • Instruction Fuzzy Hash: 07518433324A45C6CB10DF19E18125EB761F788BE4F985221EF9D577A9CB38C869CB44
      Uniqueness

      Uniqueness Score: -1.00%

      Strings
      • runtime.preemptM: duplicatehandle failedruntime: SyscallN has too many argumentsattempted to add zero-sized address rangegcSweep being done but phase is not GCoffmheap.freeSpanLocked - invalid span statemheap.freeSpanLocked - invalid stack freeobjects added ou, xrefs: 002409AE
      • self-preemptspanSetSpinesweepWaiterstraceStringsunexpected ) is nil, not , not pointerGC sweep waitbad map statedalTLDpSugct?double unlockfilter methodinvalid UTF-8load64 failedmin too largenil stackbaseout of memoryprofMemActiveprofMemFuturetraceStackTabvalue, xrefs: 002409BF
      Memory Dump Source
      • Source File: 00000000.00000002.3278312667.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
      • Associated: 00000000.00000002.3278294522.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D86000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D88000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279172615.00000000010CF000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279185545.00000000010DD000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279195325.00000000010DE000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279206570.00000000010DF000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279229186.0000000001102000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279242042.0000000001107000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000110A000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000113D000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.0000000001143000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000116A000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279329929.000000000117F000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279340387.0000000001180000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_210000_FQElDjFG5t.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID: runtime.preemptM: duplicatehandle failedruntime: SyscallN has too many argumentsattempted to add zero-sized address rangegcSweep being done but phase is not GCoffmheap.freeSpanLocked - invalid span statemheap.freeSpanLocked - invalid stack freeobjects added ou$self-preemptspanSetSpinesweepWaiterstraceStringsunexpected ) is nil, not , not pointerGC sweep waitbad map statedalTLDpSugct?double unlockfilter methodinvalid UTF-8load64 failedmin too largenil stackbaseout of memoryprofMemActiveprofMemFuturetraceStackTabvalue
      • API String ID: 0-1298296546
      • Opcode ID: 2b3f8bfcea3e2a6b3a7f930ef1e7608e0ad8cd1a88b84b946f715cb51b575f27
      • Instruction ID: d7f682c9fb5a837092eaf2cf61770c4d821e55e3b2f50f08ab9af0b898497222
      • Opcode Fuzzy Hash: 2b3f8bfcea3e2a6b3a7f930ef1e7608e0ad8cd1a88b84b946f715cb51b575f27
      • Instruction Fuzzy Hash: FEC17C36615F8082DB15DF25F48139AB760F78AB94F158236EBAC83B99DF39C091CB40
      Uniqueness

      Uniqueness Score: -1.00%

      Strings
      • invalid g statusmSpanList.insertmSpanList.removemissing stackmapreflect mismatchschedule: in cgossh: MAC failureworkbuf is empty0123456789ABCDEFX: missing method GC assist markingbad TinySizeClassentersyscallblockg already scannedgp.waiting != nilkey align too, xrefs: 002437D6
      • suspendG from non-preemptible goroutinetrailing backslash at end of expressionbulkBarrierPreWrite: unaligned argumentscannot free workbufs when work.full != 0deferproc: d.panic != nil after newdeferfailed to acquire lock to reset capacityinvalid span in heapAr, xrefs: 002437E7
      Memory Dump Source
      • Source File: 00000000.00000002.3278312667.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
      • Associated: 00000000.00000002.3278294522.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D86000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D88000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279172615.00000000010CF000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279185545.00000000010DD000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279195325.00000000010DE000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279206570.00000000010DF000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279229186.0000000001102000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279242042.0000000001107000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000110A000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000113D000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.0000000001143000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000116A000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279329929.000000000117F000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279340387.0000000001180000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_210000_FQElDjFG5t.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID: invalid g statusmSpanList.insertmSpanList.removemissing stackmapreflect mismatchschedule: in cgossh: MAC failureworkbuf is empty0123456789ABCDEFX: missing method GC assist markingbad TinySizeClassentersyscallblockg already scannedgp.waiting != nilkey align too$suspendG from non-preemptible goroutinetrailing backslash at end of expressionbulkBarrierPreWrite: unaligned argumentscannot free workbufs when work.full != 0deferproc: d.panic != nil after newdeferfailed to acquire lock to reset capacityinvalid span in heapAr
      • API String ID: 0-3430136995
      • Opcode ID: 4047015615d7494dfac294171a59691806bf92681dbf1bfcac72b4239276a80e
      • Instruction ID: c038e5be857faeb02e7aa6309bd0b45e44a03686695281d6dccadadb1d82b134
      • Opcode Fuzzy Hash: 4047015615d7494dfac294171a59691806bf92681dbf1bfcac72b4239276a80e
      • Instruction Fuzzy Hash: 19A18F76228B80C2C718CF26F0417AABB61F38ABD0F458166EF9D17B59CB79C551CB40
      Uniqueness

      Uniqueness Score: -1.00%

      Strings
      • casgstatus: waiting for Gwaiting but is Grunnabledelayed zeroing on data that may contain pointersfully empty unfreed span set block found in resetinvalid memory address or nil pointer dereferencepanicwrap: unexpected string after package name: runtime.reflect, xrefs: 00246365
      • casgstatus: bad incoming valuescheckmark found unmarked objectinternal error - misuse of itabnon in-use span in unswept listresetspinning: not a spinning mruntime: cannot allocate memoryruntime: failed to commit pagesslice bounds out of range [%x:]slice bounds, xrefs: 00246394
      Memory Dump Source
      • Source File: 00000000.00000002.3278312667.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
      • Associated: 00000000.00000002.3278294522.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D86000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D88000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279172615.00000000010CF000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279185545.00000000010DD000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279195325.00000000010DE000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279206570.00000000010DF000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279229186.0000000001102000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279242042.0000000001107000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000110A000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000113D000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.0000000001143000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000116A000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279329929.000000000117F000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279340387.0000000001180000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_210000_FQElDjFG5t.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID: casgstatus: bad incoming valuescheckmark found unmarked objectinternal error - misuse of itabnon in-use span in unswept listresetspinning: not a spinning mruntime: cannot allocate memoryruntime: failed to commit pagesslice bounds out of range [%x:]slice bounds$casgstatus: waiting for Gwaiting but is Grunnabledelayed zeroing on data that may contain pointersfully empty unfreed span set block found in resetinvalid memory address or nil pointer dereferencepanicwrap: unexpected string after package name: runtime.reflect
      • API String ID: 0-2061123795
      • Opcode ID: 064ed48ac336a163d4a04cacae5ddb77ea8e20baa72fe821ae3d1afc97052ea4
      • Instruction ID: 2a47c49ed398051c8f7835e6bac987b8fb883a925a15eebed17d1642ad7940bd
      • Opcode Fuzzy Hash: 064ed48ac336a163d4a04cacae5ddb77ea8e20baa72fe821ae3d1afc97052ea4
      • Instruction Fuzzy Hash: EAA18236715A84C6DB18CF26E08935ABB61F34BB80F148126EF9D43B59CF7AC466CB41
      Uniqueness

      Uniqueness Score: -1.00%

      Strings
      • !"#$%%&&''((()))*++,,,,,------....//////0001123333333333444444444455666677777888888888889999999999::::::;;;;;;;;;;;;;;;;<<<<<<<<<<<<<<<<=====>>>>>>>>>>>??????????@@@@@@@@@@@@@@@@@@@@@@AAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC, xrefs: 00254090, 00254170, 00254290, 0025438E
      Memory Dump Source
      • Source File: 00000000.00000002.3278312667.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
      • Associated: 00000000.00000002.3278294522.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D86000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D88000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279172615.00000000010CF000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279185545.00000000010DD000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279195325.00000000010DE000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279206570.00000000010DF000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279229186.0000000001102000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279242042.0000000001107000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000110A000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000113D000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.0000000001143000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000116A000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279329929.000000000117F000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279340387.0000000001180000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_210000_FQElDjFG5t.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID: !"#$%%&&''((()))*++,,,,,------....//////0001123333333333444444444455666677777888888888889999999999::::::;;;;;;;;;;;;;;;;<<<<<<<<<<<<<<<<=====>>>>>>>>>>>??????????@@@@@@@@@@@@@@@@@@@@@@AAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC
      • API String ID: 0-2911004680
      • Opcode ID: d490f03246a5b30dfdb544fd32f5b34de476dc7a2410ef522784b4d820749ba3
      • Instruction ID: 6c5ef227abe09c26c9b8c409d5940a6453b5b3637958341f1693ed8c22ecf317
      • Opcode Fuzzy Hash: d490f03246a5b30dfdb544fd32f5b34de476dc7a2410ef522784b4d820749ba3
      • Instruction Fuzzy Hash: 69E1E3B2324B8482DA049B41E5003A9F366F755BD5F848522EF9E47B98EFBCC5E8C744
      Uniqueness

      Uniqueness Score: -1.00%

      Strings
      • bad summary databad symbol tablecastogscanstatusgc: unswept spaninteger overflowinvalid checksuminvalid g statusmSpanList.insertmSpanList.removemissing stackmapreflect mismatchschedule: in cgossh: MAC failureworkbuf is empty0123456789ABCDEFX: missing method GC, xrefs: 00237845, 00237B67
      Memory Dump Source
      • Source File: 00000000.00000002.3278312667.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
      • Associated: 00000000.00000002.3278294522.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D86000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D88000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279172615.00000000010CF000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279185545.00000000010DD000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279195325.00000000010DE000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279206570.00000000010DF000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279229186.0000000001102000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279242042.0000000001107000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000110A000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000113D000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.0000000001143000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000116A000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279329929.000000000117F000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279340387.0000000001180000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_210000_FQElDjFG5t.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID: bad summary databad symbol tablecastogscanstatusgc: unswept spaninteger overflowinvalid checksuminvalid g statusmSpanList.insertmSpanList.removemissing stackmapreflect mismatchschedule: in cgossh: MAC failureworkbuf is empty0123456789ABCDEFX: missing method GC
      • API String ID: 0-3708075424
      • Opcode ID: 5ae685e05d1b9b8b8d5575c60131c33033848ea170c1315dcd455422bf87dff9
      • Instruction ID: e3f39232a8e8dd6e56bc92a7d04abcb536313c4051093e46ebc22470afdee053
      • Opcode Fuzzy Hash: 5ae685e05d1b9b8b8d5575c60131c33033848ea170c1315dcd455422bf87dff9
      • Instruction Fuzzy Hash: 4ED19BB6728BC882DB20CF56E44079AB326F395BC0F544126EE9E57B58DF78C565CB00
      Uniqueness

      Uniqueness Score: -1.00%

      Strings
      • grew heap, but no adequate free space foundmethodValueCallFrameObjs is not in a modulenon in-use span found with specials bit setroot level max pages doesn't fit in summaryruntime.SetFinalizer: finalizer already setruntime.SetFinalizer: first argument is nilru, xrefs: 00234EC9
      Memory Dump Source
      • Source File: 00000000.00000002.3278312667.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
      • Associated: 00000000.00000002.3278294522.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D86000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D88000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279172615.00000000010CF000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279185545.00000000010DD000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279195325.00000000010DE000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279206570.00000000010DF000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279229186.0000000001102000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279242042.0000000001107000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000110A000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000113D000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.0000000001143000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000116A000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279329929.000000000117F000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279340387.0000000001180000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_210000_FQElDjFG5t.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID: grew heap, but no adequate free space foundmethodValueCallFrameObjs is not in a modulenon in-use span found with specials bit setroot level max pages doesn't fit in summaryruntime.SetFinalizer: finalizer already setruntime.SetFinalizer: first argument is nilru
      • API String ID: 0-3933224645
      • Opcode ID: 2bcce78ac8fd25a6606e37d9f49ddf783ea0a3303cfbbf16289c0a070b1cbd1d
      • Instruction ID: 11d2f6a9cf9edcd67479ba4b2325a6f83abfa1d441ddb267e159da487d2f8804
      • Opcode Fuzzy Hash: 2bcce78ac8fd25a6606e37d9f49ddf783ea0a3303cfbbf16289c0a070b1cbd1d
      • Instruction Fuzzy Hash: 44E17DB2229B8881DB64DF16F49039AB761F789BD0F589156EF8D43B29CF38C464CB40
      Uniqueness

      Uniqueness Score: -1.00%

      Strings
      • bad symbol tablecastogscanstatusgc: unswept spaninteger overflowinvalid checksuminvalid g statusmSpanList.insertmSpanList.removemissing stackmapreflect mismatchschedule: in cgossh: MAC failureworkbuf is empty0123456789ABCDEFX: missing method GC assist markingb, xrefs: 00256D53, 00256D86
      Memory Dump Source
      • Source File: 00000000.00000002.3278312667.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
      • Associated: 00000000.00000002.3278294522.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D86000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D88000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279172615.00000000010CF000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279185545.00000000010DD000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279195325.00000000010DE000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279206570.00000000010DF000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279229186.0000000001102000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279242042.0000000001107000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000110A000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000113D000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.0000000001143000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000116A000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279329929.000000000117F000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279340387.0000000001180000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_210000_FQElDjFG5t.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID: bad symbol tablecastogscanstatusgc: unswept spaninteger overflowinvalid checksuminvalid g statusmSpanList.insertmSpanList.removemissing stackmapreflect mismatchschedule: in cgossh: MAC failureworkbuf is empty0123456789ABCDEFX: missing method GC assist markingb
      • API String ID: 0-989636611
      • Opcode ID: adb621d7414fd0ba0e1d176b32e54071d796eb703f030779d3d72a2d0cef2f0c
      • Instruction ID: 8c6d4a0aef98c9cc672a74ed8dce8efccd9469cebed487f06059574c57d4eed4
      • Opcode Fuzzy Hash: adb621d7414fd0ba0e1d176b32e54071d796eb703f030779d3d72a2d0cef2f0c
      • Instruction Fuzzy Hash: 16912172324A8086CB14DF15E04435EB772F788BD2F949512EF8D57758DB78C969CB04
      Uniqueness

      Uniqueness Score: -1.00%

      Strings
      • bulkBarrierPreWrite: unaligned argumentscannot free workbufs when work.full != 0deferproc: d.panic != nil after newdeferfailed to acquire lock to reset capacityinvalid span in heapArena for user arenamarkWorkerStop: unknown mark worker modemust be able to trac, xrefs: 0022414F
      Memory Dump Source
      • Source File: 00000000.00000002.3278312667.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
      • Associated: 00000000.00000002.3278294522.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D86000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D88000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279172615.00000000010CF000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279185545.00000000010DD000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279195325.00000000010DE000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279206570.00000000010DF000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279229186.0000000001102000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279242042.0000000001107000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000110A000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000113D000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.0000000001143000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000116A000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279329929.000000000117F000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279340387.0000000001180000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_210000_FQElDjFG5t.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID: bulkBarrierPreWrite: unaligned argumentscannot free workbufs when work.full != 0deferproc: d.panic != nil after newdeferfailed to acquire lock to reset capacityinvalid span in heapArena for user arenamarkWorkerStop: unknown mark worker modemust be able to trac
      • API String ID: 0-2536305361
      • Opcode ID: 88134ef427d7ae0eaf0ad3b284a34afd5398f1d8eead483c74f06cfed7c35e41
      • Instruction ID: 3e46e624d3dbba6286bdbed97ce935ae5912b752b1bef3aa10b10f8bed998ce9
      • Opcode Fuzzy Hash: 88134ef427d7ae0eaf0ad3b284a34afd5398f1d8eead483c74f06cfed7c35e41
      • Instruction Fuzzy Hash: 6171ACB2629AA4D2DB14DF96F50039AB3B2F754BC0F549026EF8907B19DF78C5B08B00
      Uniqueness

      Uniqueness Score: -1.00%

      Strings
      • bad summary databad symbol tablecastogscanstatusgc: unswept spaninteger overflowinvalid checksuminvalid g statusmSpanList.insertmSpanList.removemissing stackmapreflect mismatchschedule: in cgossh: MAC failureworkbuf is empty0123456789ABCDEFX: missing method GC, xrefs: 002393A6
      Memory Dump Source
      • Source File: 00000000.00000002.3278312667.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
      • Associated: 00000000.00000002.3278294522.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D86000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D88000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279172615.00000000010CF000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279185545.00000000010DD000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279195325.00000000010DE000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279206570.00000000010DF000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279229186.0000000001102000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279242042.0000000001107000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000110A000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000113D000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.0000000001143000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000116A000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279329929.000000000117F000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279340387.0000000001180000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_210000_FQElDjFG5t.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID: bad summary databad symbol tablecastogscanstatusgc: unswept spaninteger overflowinvalid checksuminvalid g statusmSpanList.insertmSpanList.removemissing stackmapreflect mismatchschedule: in cgossh: MAC failureworkbuf is empty0123456789ABCDEFX: missing method GC
      • API String ID: 0-3708075424
      • Opcode ID: 08e33983636380a5a67685c2feac67b7ef5b256d35803219f3f38bed36a6b0fc
      • Instruction ID: a46251045cb832e2cda3dd598cb16b3111adb46c89a02089333f27a683e23779
      • Opcode Fuzzy Hash: 08e33983636380a5a67685c2feac67b7ef5b256d35803219f3f38bed36a6b0fc
      • Instruction Fuzzy Hash: 0451C0B7620B8882DB109F55E44039A7765F78ABD0F405266EFAD53799CFB8C4E4CB40
      Uniqueness

      Uniqueness Score: -1.00%

      Memory Dump Source
      • Source File: 00000000.00000002.3278312667.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
      • Associated: 00000000.00000002.3278294522.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D86000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D88000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279172615.00000000010CF000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279185545.00000000010DD000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279195325.00000000010DE000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279206570.00000000010DF000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279229186.0000000001102000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279242042.0000000001107000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000110A000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000113D000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.0000000001143000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000116A000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279329929.000000000117F000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279340387.0000000001180000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_210000_FQElDjFG5t.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 6c855b4f64ad143f50b1cb1914096968fa5f728e715130c13c17eeef06de5166
      • Instruction ID: 66b35d9ae97d4a4f1c8fddf20e1aaf0dddb0c52ae4666c4bb1dc1df573c0787f
      • Opcode Fuzzy Hash: 6c855b4f64ad143f50b1cb1914096968fa5f728e715130c13c17eeef06de5166
      • Instruction Fuzzy Hash: 6CC16A66728BE491CA60AB96F84079AA761F389FD0F448126EF9D57B58CF78C460CB40
      Uniqueness

      Uniqueness Score: -1.00%

      Memory Dump Source
      • Source File: 00000000.00000002.3278312667.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
      • Associated: 00000000.00000002.3278294522.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D86000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D88000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279172615.00000000010CF000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279185545.00000000010DD000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279195325.00000000010DE000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279206570.00000000010DF000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279229186.0000000001102000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279242042.0000000001107000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000110A000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000113D000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.0000000001143000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000116A000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279329929.000000000117F000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279340387.0000000001180000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_210000_FQElDjFG5t.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 4185b2927a126eb5136d32091d9c381e43eb3c1cd882dc5af19289a1ab42d665
      • Instruction ID: 6f357e7df746a791c860bfd55ed351971be9212b156c183baf68061e58ce9e9b
      • Opcode Fuzzy Hash: 4185b2927a126eb5136d32091d9c381e43eb3c1cd882dc5af19289a1ab42d665
      • Instruction Fuzzy Hash: FCB1F072229B88C5DB10CF15E1483AEB3A1FB65BC4F189026CA8D53B54CF7AC9E5C780
      Uniqueness

      Uniqueness Score: -1.00%

      Memory Dump Source
      • Source File: 00000000.00000002.3278312667.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
      • Associated: 00000000.00000002.3278294522.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D86000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D88000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279172615.00000000010CF000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279185545.00000000010DD000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279195325.00000000010DE000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279206570.00000000010DF000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279229186.0000000001102000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279242042.0000000001107000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000110A000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000113D000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.0000000001143000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000116A000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279329929.000000000117F000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279340387.0000000001180000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_210000_FQElDjFG5t.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: b77153c868838aadf43734fdc7cd186b0aab42e722069721db3122889ce4c31f
      • Instruction ID: bb302c96d41becb08f9cdd53340ce8364a9a858b3ce9df0ebc784620089f4837
      • Opcode Fuzzy Hash: b77153c868838aadf43734fdc7cd186b0aab42e722069721db3122889ce4c31f
      • Instruction Fuzzy Hash: 9E9138B7628F8482DB108F15F48025AB7A5F78ABD4F545226EBAD53B99CF3CD061CB00
      Uniqueness

      Uniqueness Score: -1.00%

      Memory Dump Source
      • Source File: 00000000.00000002.3278312667.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
      • Associated: 00000000.00000002.3278294522.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D86000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D88000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279172615.00000000010CF000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279185545.00000000010DD000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279195325.00000000010DE000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279206570.00000000010DF000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279229186.0000000001102000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279242042.0000000001107000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000110A000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000113D000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.0000000001143000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000116A000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279329929.000000000117F000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279340387.0000000001180000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_210000_FQElDjFG5t.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: a421f0efdab49721a912cdb888e59ca821a688a72a0fe75df184c34d3c508843
      • Instruction ID: c733598a1d38b41109c888aabd6062c29653f39552468b55e1d97e40a9be5a38
      • Opcode Fuzzy Hash: a421f0efdab49721a912cdb888e59ca821a688a72a0fe75df184c34d3c508843
      • Instruction Fuzzy Hash: 2F71AFB3728B8882DB108F15E48076AB762F796BC0F545126EB8D57B59CF7CC0A5CB40
      Uniqueness

      Uniqueness Score: -1.00%

      Memory Dump Source
      • Source File: 00000000.00000002.3278312667.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
      • Associated: 00000000.00000002.3278294522.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D86000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D88000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279172615.00000000010CF000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279185545.00000000010DD000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279195325.00000000010DE000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279206570.00000000010DF000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279229186.0000000001102000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279242042.0000000001107000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000110A000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000113D000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.0000000001143000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000116A000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279329929.000000000117F000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279340387.0000000001180000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_210000_FQElDjFG5t.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: b408b3c690ddcd17396af7acf5866f91f5e8bb82ca619db6911387a38787a58f
      • Instruction ID: 9f66f8e08c57997e1ecbffe4765169546b2cf65d6f054941c27ca3ae18ea6bbb
      • Opcode Fuzzy Hash: b408b3c690ddcd17396af7acf5866f91f5e8bb82ca619db6911387a38787a58f
      • Instruction Fuzzy Hash: BB611532628B9496D7068F75F5403AAA762F796BD0F489222EF9D53B85DF78C064CB00
      Uniqueness

      Uniqueness Score: -1.00%

      Memory Dump Source
      • Source File: 00000000.00000002.3278312667.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
      • Associated: 00000000.00000002.3278294522.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D86000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D88000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279172615.00000000010CF000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279185545.00000000010DD000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279195325.00000000010DE000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279206570.00000000010DF000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279229186.0000000001102000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279242042.0000000001107000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000110A000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000113D000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.0000000001143000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000116A000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279329929.000000000117F000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279340387.0000000001180000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_210000_FQElDjFG5t.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: abead951a813e5358cd0c84ee03dc574c8a30d54d624572e69f322caa0fe7548
      • Instruction ID: df13b612f2b9bb6ab08cfa85988c1983639865d4644ae8b4e861f4df87514d75
      • Opcode Fuzzy Hash: abead951a813e5358cd0c84ee03dc574c8a30d54d624572e69f322caa0fe7548
      • Instruction Fuzzy Hash: 4541D6A6B21A5541AF048E2685200EAE3A1E75BFD0399A233CF2D777A8C67CD5D6C344
      Uniqueness

      Uniqueness Score: -1.00%

      Memory Dump Source
      • Source File: 00000000.00000002.3278312667.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
      • Associated: 00000000.00000002.3278294522.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D86000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D88000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279172615.00000000010CF000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279185545.00000000010DD000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279195325.00000000010DE000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279206570.00000000010DF000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279229186.0000000001102000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279242042.0000000001107000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000110A000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000113D000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.0000000001143000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000116A000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279329929.000000000117F000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279340387.0000000001180000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_210000_FQElDjFG5t.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 3cef435d2d98081d9a422bf937df34a2aa5badf140908dd2b871aa1c4f62ec28
      • Instruction ID: a75868c93531e0950098984a2957a05403e90a7edb439c5bb3a5d331deb13e0f
      • Opcode Fuzzy Hash: 3cef435d2d98081d9a422bf937df34a2aa5badf140908dd2b871aa1c4f62ec28
      • Instruction Fuzzy Hash: 9E413622724E40CADF14DF669481366A791E784795F888A31DF6C937C7DEBCC4B98B08
      Uniqueness

      Uniqueness Score: -1.00%

      Memory Dump Source
      • Source File: 00000000.00000002.3278312667.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
      • Associated: 00000000.00000002.3278294522.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D86000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D88000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279172615.00000000010CF000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279185545.00000000010DD000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279195325.00000000010DE000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279206570.00000000010DF000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279229186.0000000001102000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279242042.0000000001107000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000110A000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000113D000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.0000000001143000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000116A000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279329929.000000000117F000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279340387.0000000001180000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_210000_FQElDjFG5t.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 78c911a257e2ceaf146d54302eb0be7e122805c1a027953a31ca8bf9802f1fc0
      • Instruction ID: c2f8a8787f398e052008af710c739ee0f45821337cefb246dab524c1e9d895cf
      • Opcode Fuzzy Hash: 78c911a257e2ceaf146d54302eb0be7e122805c1a027953a31ca8bf9802f1fc0
      • Instruction Fuzzy Hash: 0F510372628F5485DB16DF66E44036AA7A5FBDABC0F09C736AA4D63715CF38C0A1C700
      Uniqueness

      Uniqueness Score: -1.00%

      Memory Dump Source
      • Source File: 00000000.00000002.3278312667.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
      • Associated: 00000000.00000002.3278294522.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D86000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D88000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279172615.00000000010CF000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279185545.00000000010DD000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279195325.00000000010DE000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279206570.00000000010DF000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279229186.0000000001102000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279242042.0000000001107000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000110A000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000113D000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.0000000001143000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000116A000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279329929.000000000117F000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279340387.0000000001180000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_210000_FQElDjFG5t.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 5d7cb5e507824b451ec2b02ca2b1d33ca0787a346b45afad07f40c0701454faa
      • Instruction ID: ff12b3bc09c385ba784a1cebd5fea9561b31a41ebc98619aa6307ee7592469bc
      • Opcode Fuzzy Hash: 5d7cb5e507824b451ec2b02ca2b1d33ca0787a346b45afad07f40c0701454faa
      • Instruction Fuzzy Hash: CD415171B2BE1445CD4BDFBAA1603A4922BDF93BE0F94C3325D3B771E4EB1990628600
      Uniqueness

      Uniqueness Score: -1.00%

      Memory Dump Source
      • Source File: 00000000.00000002.3278312667.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
      • Associated: 00000000.00000002.3278294522.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D86000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D88000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279172615.00000000010CF000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279185545.00000000010DD000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279195325.00000000010DE000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279206570.00000000010DF000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279229186.0000000001102000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279242042.0000000001107000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000110A000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000113D000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.0000000001143000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000116A000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279329929.000000000117F000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279340387.0000000001180000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_210000_FQElDjFG5t.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 5641b2b2fffe9dda90e46c084dac493856925f9ddbc345431e64ba720e045fe3
      • Instruction ID: 35327f8513aea0c05d4034ba209e706b0544c87ea77c0421e7ffd7e8b02bb6eb
      • Opcode Fuzzy Hash: 5641b2b2fffe9dda90e46c084dac493856925f9ddbc345431e64ba720e045fe3
      • Instruction Fuzzy Hash: 182139A2E25E444ACA47DB3A8400351921AAFA6BD0F58C722AD1E77796EB38D0D34640
      Uniqueness

      Uniqueness Score: -1.00%

      Memory Dump Source
      • Source File: 00000000.00000002.3278312667.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
      • Associated: 00000000.00000002.3278294522.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D86000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D88000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279172615.00000000010CF000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279185545.00000000010DD000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279195325.00000000010DE000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279206570.00000000010DF000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279229186.0000000001102000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279242042.0000000001107000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000110A000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000113D000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.0000000001143000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000116A000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279329929.000000000117F000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279340387.0000000001180000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_210000_FQElDjFG5t.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: aa24e09daec39e20bf3908c6b9e245ebd066cf3f1dd348db90e21d9525ad61a2
      • Instruction ID: 5d2616009211133fc58e26f5d76bf0e6e7387ee47ae6105469bde4b99454fc1f
      • Opcode Fuzzy Hash: aa24e09daec39e20bf3908c6b9e245ebd066cf3f1dd348db90e21d9525ad61a2
      • Instruction Fuzzy Hash: 3831867A328B4991DB48CF15F4813EA6761E789BC4F849022EF4E43769DF38C659C700
      Uniqueness

      Uniqueness Score: -1.00%

      Memory Dump Source
      • Source File: 00000000.00000002.3278312667.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
      • Associated: 00000000.00000002.3278294522.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D86000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D88000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279172615.00000000010CF000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279185545.00000000010DD000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279195325.00000000010DE000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279206570.00000000010DF000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279229186.0000000001102000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279242042.0000000001107000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000110A000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000113D000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.0000000001143000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000116A000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279329929.000000000117F000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279340387.0000000001180000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_210000_FQElDjFG5t.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 78e9a4d800102f051f1374f6cf9acaf25a51bd3c7dc6cf284cbda8c1ded95b6d
      • Instruction ID: 189b1c5a9cd134826171f3521dd87568583c921d1f4c97854dc443273693135b
      • Opcode Fuzzy Hash: 78e9a4d800102f051f1374f6cf9acaf25a51bd3c7dc6cf284cbda8c1ded95b6d
      • Instruction Fuzzy Hash: 6BC02BF2A2BBC628FB13C70079003C0B9C18FA53C0D80C084835880215E76C92D08208
      Uniqueness

      Uniqueness Score: -1.00%

      Strings
      • , not a function0123456789ABCDEF0123456789abcdefGC scavenge waitGC worker (idle)GODEBUG: value "bad g transitionbad special kindbad summary databad symbol tablecastogscanstatusgc: unswept spaninteger overflowinvalid checksuminvalid g statusmSpanList.insertmSpa, xrefs: 00227B5D
      • , not pointerGC sweep waitbad map statedalTLDpSugct?double unlockfilter methodinvalid UTF-8load64 failedmin too largenil stackbaseout of memoryprofMemActiveprofMemFuturetraceStackTabvalue method xadd64 failedxchg64 failed to finalizer GC assist waitGC worker i, xrefs: 00227C46
      • runtime.SetFinalizer: pointer not in allocated blockspan set block with unpopped elements found in resetcompileCallback: argument size is larger than uintptrgcControllerState.findRunnable: blackening not enabledno goroutines (main called runtime.Goexit) - dead, xrefs: 00227C02
      • runtime.SetFinalizer: first argument is runtime.preemptM: duplicatehandle failedruntime: SyscallN has too many argumentsattempted to add zero-sized address rangegcSweep being done but phase is not GCoffmheap.freeSpanLocked - invalid span statemheap.freeSpanLoc, xrefs: 00227C55
      • runtime.SetFinalizer: second argument is runtime: blocked read on closing polldescruntime: typeBitsBulkBarrier without typestopTheWorld: not stopped (stopwait != 0)acquireSudog: found s.elem != nil in cachefatal error: cgo callback before cgo callnon-empty ma, xrefs: 00227B6C
      • because dotdotdotGC worker (active)bad lfnode addressbad manualFreeListchunk out of ordercleantimers: bad pcompression methoddimension overflowelem align too bigforEachP: not donegarbage collectionindex out of rangeruntime.semacreateruntime.semawakeupstopping, xrefs: 00227AFC
      • runtime.SetFinalizer: cannot pass runtime: g is running but p is notschedule: spinning with local workslice bounds out of range [%x:%y:]slice bounds out of range [:%x:%y]attempt to clear non-empty span setfindrunnable: netpoll with spinninggreyobject: obj not , xrefs: 00227A76, 00227ACD, 00227B37
      • to finalizer GC assist waitGC worker initbad allocCountbad restart PCbad span statefinalizer waitkey size wrongnil elem type!no module datanot a PNG filesemaRoot queuestack overflowstopm spinningstore64 failedsync.Cond.WaituserArenaStatework.full != 0bad IEND, xrefs: 00227A61, 00227AB8, 00227B22
      • runtime.SetFinalizer: first argument was allocated into an arenaruntime.SetFinalizer: pointer not at beginning of allocated blockuser arena chunk size is not a mutliple of the physical page sizecannot convert slice with length %y to array or pointer to array w, xrefs: 00227C13
      • runtime.SetFinalizer: first argument is nilruntime: releaseSudog with non-nil gp.paramunfinished open-coded defers in deferreturnunknown runnable goroutine during bootstrapactive sweepers found at start of mark phasecompileCallback: float results not supported, xrefs: 00227C6A
      Memory Dump Source
      • Source File: 00000000.00000002.3278312667.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
      • Associated: 00000000.00000002.3278294522.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D86000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D88000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279172615.00000000010CF000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279185545.00000000010DD000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279195325.00000000010DE000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279206570.00000000010DF000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279229186.0000000001102000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279242042.0000000001107000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000110A000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000113D000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.0000000001143000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000116A000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279329929.000000000117F000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279340387.0000000001180000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_210000_FQElDjFG5t.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID: because dotdotdotGC worker (active)bad lfnode addressbad manualFreeListchunk out of ordercleantimers: bad pcompression methoddimension overflowelem align too bigforEachP: not donegarbage collectionindex out of rangeruntime.semacreateruntime.semawakeupstopping$ to finalizer GC assist waitGC worker initbad allocCountbad restart PCbad span statefinalizer waitkey size wrongnil elem type!no module datanot a PNG filesemaRoot queuestack overflowstopm spinningstore64 failedsync.Cond.WaituserArenaStatework.full != 0bad IEND$, not a function0123456789ABCDEF0123456789abcdefGC scavenge waitGC worker (idle)GODEBUG: value "bad g transitionbad special kindbad summary databad symbol tablecastogscanstatusgc: unswept spaninteger overflowinvalid checksuminvalid g statusmSpanList.insertmSpa$, not pointerGC sweep waitbad map statedalTLDpSugct?double unlockfilter methodinvalid UTF-8load64 failedmin too largenil stackbaseout of memoryprofMemActiveprofMemFuturetraceStackTabvalue method xadd64 failedxchg64 failed to finalizer GC assist waitGC worker i$runtime.SetFinalizer: cannot pass runtime: g is running but p is notschedule: spinning with local workslice bounds out of range [%x:%y:]slice bounds out of range [:%x:%y]attempt to clear non-empty span setfindrunnable: netpoll with spinninggreyobject: obj not $runtime.SetFinalizer: first argument is nilruntime: releaseSudog with non-nil gp.paramunfinished open-coded defers in deferreturnunknown runnable goroutine during bootstrapactive sweepers found at start of mark phasecompileCallback: float results not supported$runtime.SetFinalizer: first argument is runtime.preemptM: duplicatehandle failedruntime: SyscallN has too many argumentsattempted to add zero-sized address rangegcSweep being done but phase is not GCoffmheap.freeSpanLocked - invalid span statemheap.freeSpanLoc$runtime.SetFinalizer: first argument was allocated into an arenaruntime.SetFinalizer: pointer not at beginning of allocated blockuser arena chunk size is not a mutliple of the physical page sizecannot convert slice with length %y to array or pointer to array w$runtime.SetFinalizer: pointer not in allocated blockspan set block with unpopped elements found in resetcompileCallback: argument size is larger than uintptrgcControllerState.findRunnable: blackening not enabledno goroutines (main called runtime.Goexit) - dead$runtime.SetFinalizer: second argument is runtime: blocked read on closing polldescruntime: typeBitsBulkBarrier without typestopTheWorld: not stopped (stopwait != 0)acquireSudog: found s.elem != nil in cachefatal error: cgo callback before cgo callnon-empty ma
      • API String ID: 0-4046867270
      • Opcode ID: 9fe49c7fa6cf1ce59d96bbacc926ee0f51fdda7826cc0c4f21e7022bb69b3bf4
      • Instruction ID: 94a73a61962ebe3671477cefbf768ceb559381efc843d3c413f6d6b642400c67
      • Opcode Fuzzy Hash: 9fe49c7fa6cf1ce59d96bbacc926ee0f51fdda7826cc0c4f21e7022bb69b3bf4
      • Instruction Fuzzy Hash: F2F1B03262DB90D2EB209F51F4413AEB7A4F385B80F488526DB8D53B99DF78C4A5CB10
      Uniqueness

      Uniqueness Score: -1.00%

      Strings
      • debugCal, xrefs: 00217C0E
      • runtime., xrefs: 00217CB6
      • debugCal, xrefs: 00217AF3
      • debugCal, xrefs: 00217C50
      • call from unknown functioncorrupted semaphore ticketforEachP: P did not run fnfreedefer with d.fn != nilnegative idle mark workersnotewakeup - double wakeupout of memory (stackalloc)persistentalloc: size == 0shrinking stack in libcallssh: invalid packet length, xrefs: 00217AAD, 00217AB9
      • debugCal, xrefs: 00217BB8
      • call from within the Go runtimecasgstatus: bad incoming valuescheckmark found unmarked objectinternal error - misuse of itabnon in-use span in unswept listresetspinning: not a spinning mruntime: cannot allocate memoryruntime: failed to commit pagesslice bounds, xrefs: 00217CDB, 00217CE7
      • call not at safe pointcompileCallabck: type duplicated defer entryfreeIndex is not validgetenv before env initheadTailIndex overflowinteger divide by zerointerface conversion: kernel32.dll not foundminpc or maxpc invalidnon-positive dimensionoldoverflow is not, xrefs: 00217D62, 00217D6E
      • l655, xrefs: 00217C95
      • debugCal, xrefs: 00217B52
      Memory Dump Source
      • Source File: 00000000.00000002.3278312667.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
      • Associated: 00000000.00000002.3278294522.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D86000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D88000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279172615.00000000010CF000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279185545.00000000010DD000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279195325.00000000010DE000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279206570.00000000010DF000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279229186.0000000001102000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279242042.0000000001107000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000110A000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000113D000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.0000000001143000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000116A000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279329929.000000000117F000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279340387.0000000001180000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_210000_FQElDjFG5t.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID: call from unknown functioncorrupted semaphore ticketforEachP: P did not run fnfreedefer with d.fn != nilnegative idle mark workersnotewakeup - double wakeupout of memory (stackalloc)persistentalloc: size == 0shrinking stack in libcallssh: invalid packet length$call from within the Go runtimecasgstatus: bad incoming valuescheckmark found unmarked objectinternal error - misuse of itabnon in-use span in unswept listresetspinning: not a spinning mruntime: cannot allocate memoryruntime: failed to commit pagesslice bounds$call not at safe pointcompileCallabck: type duplicated defer entryfreeIndex is not validgetenv before env initheadTailIndex overflowinteger divide by zerointerface conversion: kernel32.dll not foundminpc or maxpc invalidnon-positive dimensionoldoverflow is not$debugCal$debugCal$debugCal$debugCal$debugCal$l655$runtime.
      • API String ID: 0-3127990129
      • Opcode ID: f253991a83c8dafcf89b434333db8bb481c17af3d0fe48d6e9be4fc8624f821b
      • Instruction ID: 028c6e6ecffe019ffeb80fd3202bc6ee0bea21670681141eb29739cafbef8e6a
      • Opcode Fuzzy Hash: f253991a83c8dafcf89b434333db8bb481c17af3d0fe48d6e9be4fc8624f821b
      • Instruction Fuzzy Hash: 43715976A2DA8285DE349F14D0403A977F1E7E5BD4F58C427D64A03724EB78C9E4CB82
      Uniqueness

      Uniqueness Score: -1.00%

      Strings
      • is not pointer00000000BAD RANK_UNKNOWNdeadlockpollDescrwmutexRrwmutexWscavengetraceBufatomicor8bad prunechan sendctxt != 0hchanLeafinterfacemSpanDeadmap_entrypanicwaitpclmulqdqpreemptedprofBlockrwxrwxrwxstackpooltracebackwbufSpansBad varintGOMAXPROCSGOMEMLIM, xrefs: 0021879F
      • interface conversion: kernel32.dll not foundminpc or maxpc invalidnon-positive dimensionoldoverflow is not nilruntime.main not on m0s.freeindex > s.nelemsscanstack - bad statussend on closed channelspan has no free spacestack not a power of 2trace reader (bloc, xrefs: 002185BD, 00218774, 00218859
      • (types from different scopes)GODEBUG: unknown cpu feature "assignment to entry in nil mapcheckdead: inconsistent countsfailed to get system page sizefreedefer with d._panic != nilinvalid pointer found on stackndr:"varying,X-subStringArray"notetsleep - waitm o, xrefs: 00218734
      • is on %04x&gt;&lt;) = +Inf-Inf-inf...:.bat.cmd.com.css.exe.gif.htm.jpg.mjs.pdf.png.svg.xml000001000x%x100010803125: %s:464:88*ABRTACDTACSTAEDTAESTAKDTAKSTALRMAWSTAhomArgsAtoiCASECESTCHARCOWSCZARCallChamDATADashEESTEnumFOZYGOGCGrayHKCCHKCRHKCUHKLMHKPDHORNHigh, xrefs: 002185F2
      • interfacemSpanDeadmap_entrypanicwaitpclmulqdqpreemptedprofBlockrwxrwxrwxstackpooltracebackwbufSpansBad varintGOMAXPROCSGOMEMLIMITatomicand8debug callexitThreadfloat32nanfloat64nanmSpanInUsenotifyListprofInsertsemacquirestackLargeunknown pcassistQueuebad m valu, xrefs: 0021851B
      • : missing method GC assist markingbad TinySizeClassentersyscallblockg already scannedgp.waiting != nilkey align too biglocked m0 woke upmark - bad statusmarkBits overflowmissing closing )missing closing ]notetsleepg on g0runtime.newosprocruntime/internal/scano, xrefs: 002187D7
      • , not , val .local.onion.proto0x%08x390625; and <-chanACARIDALIYOSARGALSASLOPEAnswerArabicAugustBIOGASBOINGSBOSQUEBinaryBitBltBrahmiCANCELCHAKRACHINASCINQUECarianChakmaClosedCommonCopticDREARYEMETINEndDocExpectFieldsFormatFridayGAMMEDGOAWAYGOWANSGUIROSGetACPGo, xrefs: 0021861D
      • (types from different packages)WSAGetOverlappedResult not found" not supported for cpu option "invalid limiter event type foundremovespecial on invalid pointerruntime.semasleep wait_abandonedruntime: failed to release pagesruntime: fixalloc size too largerunt, xrefs: 00218715
      • is nil, not , not pointerGC sweep waitbad map statedalTLDpSugct?double unlockfilter methodinvalid UTF-8load64 failedmin too largenil stackbaseout of memoryprofMemActiveprofMemFuturetraceStackTabvalue method xadd64 failedxchg64 failed to finalizer GC assist wa, xrefs: 00218844
      Memory Dump Source
      • Source File: 00000000.00000002.3278312667.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
      • Associated: 00000000.00000002.3278294522.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D86000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D88000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279172615.00000000010CF000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279185545.00000000010DD000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279195325.00000000010DE000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279206570.00000000010DF000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279229186.0000000001102000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279242042.0000000001107000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000110A000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000113D000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.0000000001143000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000116A000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279329929.000000000117F000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279340387.0000000001180000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_210000_FQElDjFG5t.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID: (types from different packages)WSAGetOverlappedResult not found" not supported for cpu option "invalid limiter event type foundremovespecial on invalid pointerruntime.semasleep wait_abandonedruntime: failed to release pagesruntime: fixalloc size too largerunt$ (types from different scopes)GODEBUG: unknown cpu feature "assignment to entry in nil mapcheckdead: inconsistent countsfailed to get system page sizefreedefer with d._panic != nilinvalid pointer found on stackndr:"varying,X-subStringArray"notetsleep - waitm o$ is on %04x&gt;&lt;) = +Inf-Inf-inf...:.bat.cmd.com.css.exe.gif.htm.jpg.mjs.pdf.png.svg.xml000001000x%x100010803125: %s:464:88*ABRTACDTACSTAEDTAESTAKDTAKSTALRMAWSTAhomArgsAtoiCASECESTCHARCOWSCZARCallChamDATADashEESTEnumFOZYGOGCGrayHKCCHKCRHKCUHKLMHKPDHORNHigh$ is nil, not , not pointerGC sweep waitbad map statedalTLDpSugct?double unlockfilter methodinvalid UTF-8load64 failedmin too largenil stackbaseout of memoryprofMemActiveprofMemFuturetraceStackTabvalue method xadd64 failedxchg64 failed to finalizer GC assist wa$ is not pointer00000000BAD RANK_UNKNOWNdeadlockpollDescrwmutexRrwmutexWscavengetraceBufatomicor8bad prunechan sendctxt != 0hchanLeafinterfacemSpanDeadmap_entrypanicwaitpclmulqdqpreemptedprofBlockrwxrwxrwxstackpooltracebackwbufSpansBad varintGOMAXPROCSGOMEMLIM$, not , val .local.onion.proto0x%08x390625; and <-chanACARIDALIYOSARGALSASLOPEAnswerArabicAugustBIOGASBOINGSBOSQUEBinaryBitBltBrahmiCANCELCHAKRACHINASCINQUECarianChakmaClosedCommonCopticDREARYEMETINEndDocExpectFieldsFormatFridayGAMMEDGOAWAYGOWANSGUIROSGetACPGo$: missing method GC assist markingbad TinySizeClassentersyscallblockg already scannedgp.waiting != nilkey align too biglocked m0 woke upmark - bad statusmarkBits overflowmissing closing )missing closing ]notetsleepg on g0runtime.newosprocruntime/internal/scano$interface conversion: kernel32.dll not foundminpc or maxpc invalidnon-positive dimensionoldoverflow is not nilruntime.main not on m0s.freeindex > s.nelemsscanstack - bad statussend on closed channelspan has no free spacestack not a power of 2trace reader (bloc$interfacemSpanDeadmap_entrypanicwaitpclmulqdqpreemptedprofBlockrwxrwxrwxstackpooltracebackwbufSpansBad varintGOMAXPROCSGOMEMLIMITatomicand8debug callexitThreadfloat32nanfloat64nanmSpanInUsenotifyListprofInsertsemacquirestackLargeunknown pcassistQueuebad m valu
      • API String ID: 0-657713465
      • Opcode ID: 5ecc1f15737a933ec44d783d3ee3754b69804aa2dacc9502bed77240ac9861ec
      • Instruction ID: 89602dbb57a87b94f807bce7e3bf49b59f160d950f0bf1e04af529b21b898ab4
      • Opcode Fuzzy Hash: 5ecc1f15737a933ec44d783d3ee3754b69804aa2dacc9502bed77240ac9861ec
      • Instruction Fuzzy Hash: 0891C076218BC585DB60DB15F4803DAB3A5F388B84F548126DACD97B19EF79C4A9CB00
      Uniqueness

      Uniqueness Score: -1.00%

      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.3278312667.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
      • Associated: 00000000.00000002.3278294522.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D86000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D88000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279172615.00000000010CF000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279185545.00000000010DD000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279195325.00000000010DE000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279206570.00000000010DF000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279229186.0000000001102000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279242042.0000000001107000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000110A000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000113D000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.0000000001143000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000116A000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279329929.000000000117F000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279340387.0000000001180000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_210000_FQElDjFG5t.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID: 7&$PowerReg$gisterSu$ication$powrprof$rof.dll$spendRes$umeNotif
      • API String ID: 0-3821198036
      • Opcode ID: 666069df797119817a7d83d56717bc1da16c08bfd8d4b7f1a21d27dcb0b38b1d
      • Instruction ID: f3aa147af92bc0ce27cd4943df7f75135a7959c0f67315b11f89a8399ba9d15f
      • Opcode Fuzzy Hash: 666069df797119817a7d83d56717bc1da16c08bfd8d4b7f1a21d27dcb0b38b1d
      • Instruction Fuzzy Hash: 583126B6218B8085D624DB11F44039AB7A5F785BC4F988126EBDC47B5ADF7DC164CB40
      Uniqueness

      Uniqueness Score: -1.00%

      Strings
      • GODEBUG: unknown cpu feature "assignment to entry in nil mapcheckdead: inconsistent countsfailed to get system page sizefreedefer with d._panic != nilinvalid pointer found on stackndr:"varying,X-subStringArray"notetsleep - waitm out of syncrunqputslow: queue i, xrefs: 002114B5
      • cpu., xrefs: 002110F3
      • GODEBUG: value "bad g transitionbad special kindbad summary databad symbol tablecastogscanstatusgc: unswept spaninteger overflowinvalid checksuminvalid g statusmSpanList.insertmSpanList.removemissing stackmapreflect mismatchschedule: in cgossh: MAC failurework, xrefs: 00211211
      • ", missing CPU supportchan receive (nil chan)close of closed channelfatal: morestack on g0garbage collection scangcDrain phase incorrectindex out of range [%x]invalid escape sequenceleft over markroot jobsmakechan: bad alignmentmissing type in runfinqnanotim, xrefs: 0021134C
      • GODEBUG: no value specified for "concurrent map read and map writefindrunnable: negative nmspinningfreeing stack not in a stack spanmin must be a non-zero power of 2misrounded allocation in sysAllocruntime: failed to decommit pagesruntime: name offset out of r, xrefs: 00211288
      • GODEBUG: can not enable "PLTE, color type mismatch_cgo_thread_start missingallgadd: bad status Gidlearena already initializedbad status in shrinkstackbad system huge page sizechansend: spurious wakeupcheckdead: no m for timercheckdead: no p for timermissing st, xrefs: 0021132C
      • " not supported for cpu option "invalid limiter event type foundremovespecial on invalid pointerruntime.semasleep wait_abandonedruntime: failed to release pagesruntime: fixalloc size too largeruntime: mcall function returnedruntime: stack split at bad timerunt, xrefs: 00211234
      Memory Dump Source
      • Source File: 00000000.00000002.3278312667.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
      • Associated: 00000000.00000002.3278294522.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D86000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D88000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279172615.00000000010CF000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279185545.00000000010DD000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279195325.00000000010DE000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279206570.00000000010DF000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279229186.0000000001102000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279242042.0000000001107000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000110A000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000113D000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.0000000001143000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000116A000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279329929.000000000117F000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279340387.0000000001180000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_210000_FQElDjFG5t.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID: " not supported for cpu option "invalid limiter event type foundremovespecial on invalid pointerruntime.semasleep wait_abandonedruntime: failed to release pagesruntime: fixalloc size too largeruntime: mcall function returnedruntime: stack split at bad timerunt$", missing CPU supportchan receive (nil chan)close of closed channelfatal: morestack on g0garbage collection scangcDrain phase incorrectindex out of range [%x]invalid escape sequenceleft over markroot jobsmakechan: bad alignmentmissing type in runfinqnanotim$GODEBUG: can not enable "PLTE, color type mismatch_cgo_thread_start missingallgadd: bad status Gidlearena already initializedbad status in shrinkstackbad system huge page sizechansend: spurious wakeupcheckdead: no m for timercheckdead: no p for timermissing st$GODEBUG: no value specified for "concurrent map read and map writefindrunnable: negative nmspinningfreeing stack not in a stack spanmin must be a non-zero power of 2misrounded allocation in sysAllocruntime: failed to decommit pagesruntime: name offset out of r$GODEBUG: unknown cpu feature "assignment to entry in nil mapcheckdead: inconsistent countsfailed to get system page sizefreedefer with d._panic != nilinvalid pointer found on stackndr:"varying,X-subStringArray"notetsleep - waitm out of syncrunqputslow: queue i$GODEBUG: value "bad g transitionbad special kindbad summary databad symbol tablecastogscanstatusgc: unswept spaninteger overflowinvalid checksuminvalid g statusmSpanList.insertmSpanList.removemissing stackmapreflect mismatchschedule: in cgossh: MAC failurework$cpu.
      • API String ID: 0-511654176
      • Opcode ID: c06d1901140b517624a829965726b2cb0e9dd642d1ec2c11e6c533e180d9720e
      • Instruction ID: 7729e3ec71489e8018bdadaf718eafaddf93e038854629ebacf5eeb7c638a5cd
      • Opcode Fuzzy Hash: c06d1901140b517624a829965726b2cb0e9dd642d1ec2c11e6c533e180d9720e
      • Instruction Fuzzy Hash: 10C1AF72629B8481DB04DB65E0403EEB7A5F3A9BD0F944512EF8E47B59DF78C8B08B50
      Uniqueness

      Uniqueness Score: -1.00%

      Strings
      • value method xadd64 failedxchg64 failed to finalizer GC assist waitGC worker initbad allocCountbad restart PCbad span statefinalizer waitkey size wrongnil elem type!no module datanot a PNG filesemaRoot queuestack overflowstopm spinningstore64 failedsync.Cond.W, xrefs: 00219253
      • pointer00000000BAD RANK_UNKNOWNdeadlockpollDescrwmutexRrwmutexWscavengetraceBufatomicor8bad prunechan sendctxt != 0hchanLeafinterfacemSpanDeadmap_entrypanicwaitpclmulqdqpreemptedprofBlockrwxrwxrwxstackpooltracebackwbufSpansBad varintGOMAXPROCSGOMEMLIMITatomic, xrefs: 00219321
      • panicwrap: no ( in panicwrap: no ) in runtime: preempt g0semaRoot rotateLeftstopm holding lockssysMemStat overflowtoo much pixel dataunexpected g statusunknown wait reasonwinmm.dll not foundbad system page sizebad use of bucket.bpbad use of bucket.mpchan send , xrefs: 002193C2
      • panicwrap: no ) in runtime: preempt g0semaRoot rotateLeftstopm holding lockssysMemStat overflowtoo much pixel dataunexpected g statusunknown wait reasonwinmm.dll not foundbad system page sizebad use of bucket.bpbad use of bucket.mpchan send (nil chan)close of , xrefs: 0021937F
      • ), xrefs: 002191AE
      • panicwrap: unexpected string after type name: released less than one physical page of memoryruntime: name offset base pointer out of rangeruntime: text offset base pointer out of rangeruntime: type offset base pointer out of rangeslice bounds out of range [:%x, xrefs: 002191E8
      • panicwrap: unexpected string after package name: runtime.reflect_makemap: unsupported map key typeruntime: unexpected waitm - semaphore out of syncs.allocCount != s.nelems && freeIndex == s.nelemsslice bounds out of range [::%x] with capacity %ysweeper left ou, xrefs: 00219118
      Memory Dump Source
      • Source File: 00000000.00000002.3278312667.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
      • Associated: 00000000.00000002.3278294522.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D86000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D88000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279172615.00000000010CF000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279185545.00000000010DD000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279195325.00000000010DE000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279206570.00000000010DF000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279229186.0000000001102000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279242042.0000000001107000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000110A000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000113D000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.0000000001143000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000116A000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279329929.000000000117F000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279340387.0000000001180000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_210000_FQElDjFG5t.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID: pointer00000000BAD RANK_UNKNOWNdeadlockpollDescrwmutexRrwmutexWscavengetraceBufatomicor8bad prunechan sendctxt != 0hchanLeafinterfacemSpanDeadmap_entrypanicwaitpclmulqdqpreemptedprofBlockrwxrwxrwxstackpooltracebackwbufSpansBad varintGOMAXPROCSGOMEMLIMITatomic$)$panicwrap: no ( in panicwrap: no ) in runtime: preempt g0semaRoot rotateLeftstopm holding lockssysMemStat overflowtoo much pixel dataunexpected g statusunknown wait reasonwinmm.dll not foundbad system page sizebad use of bucket.bpbad use of bucket.mpchan send $panicwrap: no ) in runtime: preempt g0semaRoot rotateLeftstopm holding lockssysMemStat overflowtoo much pixel dataunexpected g statusunknown wait reasonwinmm.dll not foundbad system page sizebad use of bucket.bpbad use of bucket.mpchan send (nil chan)close of $panicwrap: unexpected string after package name: runtime.reflect_makemap: unsupported map key typeruntime: unexpected waitm - semaphore out of syncs.allocCount != s.nelems && freeIndex == s.nelemsslice bounds out of range [::%x] with capacity %ysweeper left ou$panicwrap: unexpected string after type name: released less than one physical page of memoryruntime: name offset base pointer out of rangeruntime: text offset base pointer out of rangeruntime: type offset base pointer out of rangeslice bounds out of range [:%x$value method xadd64 failedxchg64 failed to finalizer GC assist waitGC worker initbad allocCountbad restart PCbad span statefinalizer waitkey size wrongnil elem type!no module datanot a PNG filesemaRoot queuestack overflowstopm spinningstore64 failedsync.Cond.W
      • API String ID: 0-1423911815
      • Opcode ID: eb956182fa5163eea33046fb9f301504e65ee5012e1e2ffe90e1e8bdd22cf353
      • Instruction ID: 57ac93a5bbd0cffbafefccc8db2445d80026f28e47038d6a30a301fc64b15611
      • Opcode Fuzzy Hash: eb956182fa5163eea33046fb9f301504e65ee5012e1e2ffe90e1e8bdd22cf353
      • Instruction Fuzzy Hash: 63819C32228BC084CB64DB21F4553DAB3A5F788780F848626EADD47B59DF7DC1A8CB40
      Uniqueness

      Uniqueness Score: -1.00%

      Strings
      • :&, xrefs: 00229B27
      • work.nwait > work.nprocbad defer entry in panicbypassed recovery failedcan't scan our own stackdouble traceGCSweepStartgcDrainN phase incorrecthash of unhashable type invalid interlace methodpageAlloc: out of memoryqueuefinalizer during GCrange partially overl, xrefs: 00229DAA
      • gcBgMarkWorker: blackening not enabledindex out of range [%x] with length %yinternal error: exit hook invoked exitm changed unexpectedly in cgocallbackgmakechan: invalid channel element typeruntime: blocked read on free polldescruntime: sudog with non-false is, xrefs: 00229DE0
      • GC worker initbad allocCountbad restart PCbad span statefinalizer waitkey size wrongnil elem type!no module datanot a PNG filesemaRoot queuestack overflowstopm spinningstore64 failedsync.Cond.WaituserArenaStatework.full != 0bad IEND lengthbad IHDR lengthbad PL, xrefs: 00229A95, 00229AAC
      • work.nwait was > work.nprocFixedStack is not power-of-2comparing uncomparable type fatal: morestack on gsignalfindrunnable: netpoll with pfound pointer to free objectgcBgMarkWorker: mode not setgcstopm: negative nmspinninginvalid runtime symbol tablemissing s, xrefs: 00229DBB
      Memory Dump Source
      • Source File: 00000000.00000002.3278312667.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
      • Associated: 00000000.00000002.3278294522.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D86000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D88000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279172615.00000000010CF000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279185545.00000000010DD000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279195325.00000000010DE000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279206570.00000000010DF000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279229186.0000000001102000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279242042.0000000001107000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000110A000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000113D000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.0000000001143000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000116A000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279329929.000000000117F000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279340387.0000000001180000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_210000_FQElDjFG5t.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID: :&$GC worker initbad allocCountbad restart PCbad span statefinalizer waitkey size wrongnil elem type!no module datanot a PNG filesemaRoot queuestack overflowstopm spinningstore64 failedsync.Cond.WaituserArenaStatework.full != 0bad IEND lengthbad IHDR lengthbad PL$gcBgMarkWorker: blackening not enabledindex out of range [%x] with length %yinternal error: exit hook invoked exitm changed unexpectedly in cgocallbackgmakechan: invalid channel element typeruntime: blocked read on free polldescruntime: sudog with non-false is$work.nwait > work.nprocbad defer entry in panicbypassed recovery failedcan't scan our own stackdouble traceGCSweepStartgcDrainN phase incorrecthash of unhashable type invalid interlace methodpageAlloc: out of memoryqueuefinalizer during GCrange partially overl$work.nwait was > work.nprocFixedStack is not power-of-2comparing uncomparable type fatal: morestack on gsignalfindrunnable: netpoll with pfound pointer to free objectgcBgMarkWorker: mode not setgcstopm: negative nmspinninginvalid runtime symbol tablemissing s
      • API String ID: 0-3519515180
      • Opcode ID: a5689a80199a90c3486cc5c3704e8705597710103685e9ba522c6149b0999854
      • Instruction ID: 53801beb08a1c0472d2f5446e6b8e03ca251f27ae56d1acb9d36ff477b62c1e9
      • Opcode Fuzzy Hash: a5689a80199a90c3486cc5c3704e8705597710103685e9ba522c6149b0999854
      • Instruction Fuzzy Hash: DD91A832224B94D2EB00DF65F4843DAB765F34AB94F105226EB8C43BA8CF79C4A5CB40
      Uniqueness

      Uniqueness Score: -1.00%

      Strings
      • , not a function0123456789ABCDEF0123456789abcdefGC scavenge waitGC worker (idle)GODEBUG: value "bad g transitionbad special kindbad summary databad symbol tablecastogscanstatusgc: unswept spaninteger overflowinvalid checksuminvalid g statusmSpanList.insertmSpa, xrefs: 00227B5D
      • runtime.SetFinalizer: second argument is runtime: blocked read on closing polldescruntime: typeBitsBulkBarrier without typestopTheWorld: not stopped (stopwait != 0)acquireSudog: found s.elem != nil in cachefatal error: cgo callback before cgo callnon-empty ma, xrefs: 00227B6C
      • because dotdotdotGC worker (active)bad lfnode addressbad manualFreeListchunk out of ordercleantimers: bad pcompression methoddimension overflowelem align too bigforEachP: not donegarbage collectionindex out of rangeruntime.semacreateruntime.semawakeupstopping, xrefs: 00227AFC
      • runtime.SetFinalizer: cannot pass runtime: g is running but p is notschedule: spinning with local workslice bounds out of range [%x:%y:]slice bounds out of range [:%x:%y]attempt to clear non-empty span setfindrunnable: netpoll with spinninggreyobject: obj not , xrefs: 00227A76, 00227ACD, 00227B37
      • to finalizer GC assist waitGC worker initbad allocCountbad restart PCbad span statefinalizer waitkey size wrongnil elem type!no module datanot a PNG filesemaRoot queuestack overflowstopm spinningstore64 failedsync.Cond.WaituserArenaStatework.full != 0bad IEND, xrefs: 00227A61, 00227AB8, 00227B22
      Memory Dump Source
      • Source File: 00000000.00000002.3278312667.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
      • Associated: 00000000.00000002.3278294522.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D86000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D88000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279172615.00000000010CF000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279185545.00000000010DD000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279195325.00000000010DE000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279206570.00000000010DF000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279229186.0000000001102000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279242042.0000000001107000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000110A000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000113D000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.0000000001143000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000116A000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279329929.000000000117F000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279340387.0000000001180000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_210000_FQElDjFG5t.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID: because dotdotdotGC worker (active)bad lfnode addressbad manualFreeListchunk out of ordercleantimers: bad pcompression methoddimension overflowelem align too bigforEachP: not donegarbage collectionindex out of rangeruntime.semacreateruntime.semawakeupstopping$ to finalizer GC assist waitGC worker initbad allocCountbad restart PCbad span statefinalizer waitkey size wrongnil elem type!no module datanot a PNG filesemaRoot queuestack overflowstopm spinningstore64 failedsync.Cond.WaituserArenaStatework.full != 0bad IEND$, not a function0123456789ABCDEF0123456789abcdefGC scavenge waitGC worker (idle)GODEBUG: value "bad g transitionbad special kindbad summary databad symbol tablecastogscanstatusgc: unswept spaninteger overflowinvalid checksuminvalid g statusmSpanList.insertmSpa$runtime.SetFinalizer: cannot pass runtime: g is running but p is notschedule: spinning with local workslice bounds out of range [%x:%y:]slice bounds out of range [:%x:%y]attempt to clear non-empty span setfindrunnable: netpoll with spinninggreyobject: obj not $runtime.SetFinalizer: second argument is runtime: blocked read on closing polldescruntime: typeBitsBulkBarrier without typestopTheWorld: not stopped (stopwait != 0)acquireSudog: found s.elem != nil in cachefatal error: cgo callback before cgo callnon-empty ma
      • API String ID: 0-3085556167
      • Opcode ID: fafa3d2ee3402aea57f22b72b652a51cefc60fad68c1575d605e5817d01d6243
      • Instruction ID: 06264732c14586138eb8ab11de9f155e97383279872b14fc09f9ed8524ba91ef
      • Opcode Fuzzy Hash: fafa3d2ee3402aea57f22b72b652a51cefc60fad68c1575d605e5817d01d6243
      • Instruction Fuzzy Hash: 8C41F03122CB9591E720AF92F44179E77A1F384BC0F588572EA4993B18EF78C475CB41
      Uniqueness

      Uniqueness Score: -1.00%

      Strings
      • , not a function0123456789ABCDEF0123456789abcdefGC scavenge waitGC worker (idle)GODEBUG: value "bad g transitionbad special kindbad summary databad symbol tablecastogscanstatusgc: unswept spaninteger overflowinvalid checksuminvalid g statusmSpanList.insertmSpa, xrefs: 00227B5D
      • runtime.SetFinalizer: second argument is runtime: blocked read on closing polldescruntime: typeBitsBulkBarrier without typestopTheWorld: not stopped (stopwait != 0)acquireSudog: found s.elem != nil in cachefatal error: cgo callback before cgo callnon-empty ma, xrefs: 00227B6C
      • because dotdotdotGC worker (active)bad lfnode addressbad manualFreeListchunk out of ordercleantimers: bad pcompression methoddimension overflowelem align too bigforEachP: not donegarbage collectionindex out of rangeruntime.semacreateruntime.semawakeupstopping, xrefs: 00227AFC
      • runtime.SetFinalizer: cannot pass runtime: g is running but p is notschedule: spinning with local workslice bounds out of range [%x:%y:]slice bounds out of range [:%x:%y]attempt to clear non-empty span setfindrunnable: netpoll with spinninggreyobject: obj not , xrefs: 00227A76, 00227ACD, 00227B37
      • to finalizer GC assist waitGC worker initbad allocCountbad restart PCbad span statefinalizer waitkey size wrongnil elem type!no module datanot a PNG filesemaRoot queuestack overflowstopm spinningstore64 failedsync.Cond.WaituserArenaStatework.full != 0bad IEND, xrefs: 00227A61, 00227AB8, 00227B22
      Memory Dump Source
      • Source File: 00000000.00000002.3278312667.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
      • Associated: 00000000.00000002.3278294522.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D86000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D88000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279172615.00000000010CF000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279185545.00000000010DD000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279195325.00000000010DE000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279206570.00000000010DF000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279229186.0000000001102000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279242042.0000000001107000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000110A000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000113D000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.0000000001143000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000116A000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279329929.000000000117F000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279340387.0000000001180000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_210000_FQElDjFG5t.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID: because dotdotdotGC worker (active)bad lfnode addressbad manualFreeListchunk out of ordercleantimers: bad pcompression methoddimension overflowelem align too bigforEachP: not donegarbage collectionindex out of rangeruntime.semacreateruntime.semawakeupstopping$ to finalizer GC assist waitGC worker initbad allocCountbad restart PCbad span statefinalizer waitkey size wrongnil elem type!no module datanot a PNG filesemaRoot queuestack overflowstopm spinningstore64 failedsync.Cond.WaituserArenaStatework.full != 0bad IEND$, not a function0123456789ABCDEF0123456789abcdefGC scavenge waitGC worker (idle)GODEBUG: value "bad g transitionbad special kindbad summary databad symbol tablecastogscanstatusgc: unswept spaninteger overflowinvalid checksuminvalid g statusmSpanList.insertmSpa$runtime.SetFinalizer: cannot pass runtime: g is running but p is notschedule: spinning with local workslice bounds out of range [%x:%y:]slice bounds out of range [:%x:%y]attempt to clear non-empty span setfindrunnable: netpoll with spinninggreyobject: obj not $runtime.SetFinalizer: second argument is runtime: blocked read on closing polldescruntime: typeBitsBulkBarrier without typestopTheWorld: not stopped (stopwait != 0)acquireSudog: found s.elem != nil in cachefatal error: cgo callback before cgo callnon-empty ma
      • API String ID: 0-3085556167
      • Opcode ID: 623f1a3bab27a598d6f2aba8c2cf4bfcd3a03ce480cb820423a6d559dbd1cdeb
      • Instruction ID: 9b19c1f9a36df7856776da436d0f2077f58d24bdb17b09b12a1fe45e39d6f169
      • Opcode Fuzzy Hash: 623f1a3bab27a598d6f2aba8c2cf4bfcd3a03ce480cb820423a6d559dbd1cdeb
      • Instruction Fuzzy Hash: 9041F13122CB9591E720AF92F44179EB7A1F384BC0F588572EA4993B18EF78C475CB41
      Uniqueness

      Uniqueness Score: -1.00%

      Strings
      • , not a function0123456789ABCDEF0123456789abcdefGC scavenge waitGC worker (idle)GODEBUG: value "bad g transitionbad special kindbad summary databad symbol tablecastogscanstatusgc: unswept spaninteger overflowinvalid checksuminvalid g statusmSpanList.insertmSpa, xrefs: 00227B5D
      • runtime.SetFinalizer: second argument is runtime: blocked read on closing polldescruntime: typeBitsBulkBarrier without typestopTheWorld: not stopped (stopwait != 0)acquireSudog: found s.elem != nil in cachefatal error: cgo callback before cgo callnon-empty ma, xrefs: 00227B6C
      • because dotdotdotGC worker (active)bad lfnode addressbad manualFreeListchunk out of ordercleantimers: bad pcompression methoddimension overflowelem align too bigforEachP: not donegarbage collectionindex out of rangeruntime.semacreateruntime.semawakeupstopping, xrefs: 00227AFC
      • runtime.SetFinalizer: cannot pass runtime: g is running but p is notschedule: spinning with local workslice bounds out of range [%x:%y:]slice bounds out of range [:%x:%y]attempt to clear non-empty span setfindrunnable: netpoll with spinninggreyobject: obj not , xrefs: 00227A76, 00227ACD, 00227B37
      • to finalizer GC assist waitGC worker initbad allocCountbad restart PCbad span statefinalizer waitkey size wrongnil elem type!no module datanot a PNG filesemaRoot queuestack overflowstopm spinningstore64 failedsync.Cond.WaituserArenaStatework.full != 0bad IEND, xrefs: 00227A61, 00227AB8, 00227B22
      Memory Dump Source
      • Source File: 00000000.00000002.3278312667.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
      • Associated: 00000000.00000002.3278294522.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D86000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D88000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279172615.00000000010CF000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279185545.00000000010DD000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279195325.00000000010DE000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279206570.00000000010DF000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279229186.0000000001102000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279242042.0000000001107000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000110A000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000113D000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.0000000001143000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000116A000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279329929.000000000117F000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279340387.0000000001180000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_210000_FQElDjFG5t.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID: because dotdotdotGC worker (active)bad lfnode addressbad manualFreeListchunk out of ordercleantimers: bad pcompression methoddimension overflowelem align too bigforEachP: not donegarbage collectionindex out of rangeruntime.semacreateruntime.semawakeupstopping$ to finalizer GC assist waitGC worker initbad allocCountbad restart PCbad span statefinalizer waitkey size wrongnil elem type!no module datanot a PNG filesemaRoot queuestack overflowstopm spinningstore64 failedsync.Cond.WaituserArenaStatework.full != 0bad IEND$, not a function0123456789ABCDEF0123456789abcdefGC scavenge waitGC worker (idle)GODEBUG: value "bad g transitionbad special kindbad summary databad symbol tablecastogscanstatusgc: unswept spaninteger overflowinvalid checksuminvalid g statusmSpanList.insertmSpa$runtime.SetFinalizer: cannot pass runtime: g is running but p is notschedule: spinning with local workslice bounds out of range [%x:%y:]slice bounds out of range [:%x:%y]attempt to clear non-empty span setfindrunnable: netpoll with spinninggreyobject: obj not $runtime.SetFinalizer: second argument is runtime: blocked read on closing polldescruntime: typeBitsBulkBarrier without typestopTheWorld: not stopped (stopwait != 0)acquireSudog: found s.elem != nil in cachefatal error: cgo callback before cgo callnon-empty ma
      • API String ID: 0-3085556167
      • Opcode ID: cab50c7570de346aaa23623bac989bcf592f128a898acff34fade60b8248ca23
      • Instruction ID: c3835ceeadb4464383897583f50e95e86fd93b1bd8167a659e54d37fee1d7a6a
      • Opcode Fuzzy Hash: cab50c7570de346aaa23623bac989bcf592f128a898acff34fade60b8248ca23
      • Instruction Fuzzy Hash: 6841F13122CB9591E720AF92F44179EB7A1F384BC0F588572EA4993B18EF78C475CB41
      Uniqueness

      Uniqueness Score: -1.00%

      Strings
      • , not a function0123456789ABCDEF0123456789abcdefGC scavenge waitGC worker (idle)GODEBUG: value "bad g transitionbad special kindbad summary databad symbol tablecastogscanstatusgc: unswept spaninteger overflowinvalid checksuminvalid g statusmSpanList.insertmSpa, xrefs: 00227B5D
      • runtime.SetFinalizer: second argument is runtime: blocked read on closing polldescruntime: typeBitsBulkBarrier without typestopTheWorld: not stopped (stopwait != 0)acquireSudog: found s.elem != nil in cachefatal error: cgo callback before cgo callnon-empty ma, xrefs: 00227B6C
      • because dotdotdotGC worker (active)bad lfnode addressbad manualFreeListchunk out of ordercleantimers: bad pcompression methoddimension overflowelem align too bigforEachP: not donegarbage collectionindex out of rangeruntime.semacreateruntime.semawakeupstopping, xrefs: 00227AFC
      • runtime.SetFinalizer: cannot pass runtime: g is running but p is notschedule: spinning with local workslice bounds out of range [%x:%y:]slice bounds out of range [:%x:%y]attempt to clear non-empty span setfindrunnable: netpoll with spinninggreyobject: obj not , xrefs: 00227A76, 00227ACD, 00227B37
      • to finalizer GC assist waitGC worker initbad allocCountbad restart PCbad span statefinalizer waitkey size wrongnil elem type!no module datanot a PNG filesemaRoot queuestack overflowstopm spinningstore64 failedsync.Cond.WaituserArenaStatework.full != 0bad IEND, xrefs: 00227A61, 00227AB8, 00227B22
      Memory Dump Source
      • Source File: 00000000.00000002.3278312667.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
      • Associated: 00000000.00000002.3278294522.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D86000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D88000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279172615.00000000010CF000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279185545.00000000010DD000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279195325.00000000010DE000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279206570.00000000010DF000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279229186.0000000001102000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279242042.0000000001107000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000110A000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000113D000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.0000000001143000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000116A000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279329929.000000000117F000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279340387.0000000001180000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_210000_FQElDjFG5t.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID: because dotdotdotGC worker (active)bad lfnode addressbad manualFreeListchunk out of ordercleantimers: bad pcompression methoddimension overflowelem align too bigforEachP: not donegarbage collectionindex out of rangeruntime.semacreateruntime.semawakeupstopping$ to finalizer GC assist waitGC worker initbad allocCountbad restart PCbad span statefinalizer waitkey size wrongnil elem type!no module datanot a PNG filesemaRoot queuestack overflowstopm spinningstore64 failedsync.Cond.WaituserArenaStatework.full != 0bad IEND$, not a function0123456789ABCDEF0123456789abcdefGC scavenge waitGC worker (idle)GODEBUG: value "bad g transitionbad special kindbad summary databad symbol tablecastogscanstatusgc: unswept spaninteger overflowinvalid checksuminvalid g statusmSpanList.insertmSpa$runtime.SetFinalizer: cannot pass runtime: g is running but p is notschedule: spinning with local workslice bounds out of range [%x:%y:]slice bounds out of range [:%x:%y]attempt to clear non-empty span setfindrunnable: netpoll with spinninggreyobject: obj not $runtime.SetFinalizer: second argument is runtime: blocked read on closing polldescruntime: typeBitsBulkBarrier without typestopTheWorld: not stopped (stopwait != 0)acquireSudog: found s.elem != nil in cachefatal error: cgo callback before cgo callnon-empty ma
      • API String ID: 0-3085556167
      • Opcode ID: fafa3d2ee3402aea57f22b72b652a51cefc60fad68c1575d605e5817d01d6243
      • Instruction ID: 06264732c14586138eb8ab11de9f155e97383279872b14fc09f9ed8524ba91ef
      • Opcode Fuzzy Hash: fafa3d2ee3402aea57f22b72b652a51cefc60fad68c1575d605e5817d01d6243
      • Instruction Fuzzy Hash: 8C41F03122CB9591E720AF92F44179E77A1F384BC0F588572EA4993B18EF78C475CB41
      Uniqueness

      Uniqueness Score: -1.00%

      Strings
      • , not a function0123456789ABCDEF0123456789abcdefGC scavenge waitGC worker (idle)GODEBUG: value "bad g transitionbad special kindbad summary databad symbol tablecastogscanstatusgc: unswept spaninteger overflowinvalid checksuminvalid g statusmSpanList.insertmSpa, xrefs: 00227B5D
      • runtime.SetFinalizer: second argument is runtime: blocked read on closing polldescruntime: typeBitsBulkBarrier without typestopTheWorld: not stopped (stopwait != 0)acquireSudog: found s.elem != nil in cachefatal error: cgo callback before cgo callnon-empty ma, xrefs: 00227B6C
      • because dotdotdotGC worker (active)bad lfnode addressbad manualFreeListchunk out of ordercleantimers: bad pcompression methoddimension overflowelem align too bigforEachP: not donegarbage collectionindex out of rangeruntime.semacreateruntime.semawakeupstopping, xrefs: 00227AFC
      • runtime.SetFinalizer: cannot pass runtime: g is running but p is notschedule: spinning with local workslice bounds out of range [%x:%y:]slice bounds out of range [:%x:%y]attempt to clear non-empty span setfindrunnable: netpoll with spinninggreyobject: obj not , xrefs: 00227A76, 00227ACD, 00227B37
      • to finalizer GC assist waitGC worker initbad allocCountbad restart PCbad span statefinalizer waitkey size wrongnil elem type!no module datanot a PNG filesemaRoot queuestack overflowstopm spinningstore64 failedsync.Cond.WaituserArenaStatework.full != 0bad IEND, xrefs: 00227A61, 00227AB8, 00227B22
      Memory Dump Source
      • Source File: 00000000.00000002.3278312667.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
      • Associated: 00000000.00000002.3278294522.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D86000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D88000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279172615.00000000010CF000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279185545.00000000010DD000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279195325.00000000010DE000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279206570.00000000010DF000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279229186.0000000001102000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279242042.0000000001107000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000110A000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000113D000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.0000000001143000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000116A000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279329929.000000000117F000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279340387.0000000001180000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_210000_FQElDjFG5t.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID: because dotdotdotGC worker (active)bad lfnode addressbad manualFreeListchunk out of ordercleantimers: bad pcompression methoddimension overflowelem align too bigforEachP: not donegarbage collectionindex out of rangeruntime.semacreateruntime.semawakeupstopping$ to finalizer GC assist waitGC worker initbad allocCountbad restart PCbad span statefinalizer waitkey size wrongnil elem type!no module datanot a PNG filesemaRoot queuestack overflowstopm spinningstore64 failedsync.Cond.WaituserArenaStatework.full != 0bad IEND$, not a function0123456789ABCDEF0123456789abcdefGC scavenge waitGC worker (idle)GODEBUG: value "bad g transitionbad special kindbad summary databad symbol tablecastogscanstatusgc: unswept spaninteger overflowinvalid checksuminvalid g statusmSpanList.insertmSpa$runtime.SetFinalizer: cannot pass runtime: g is running but p is notschedule: spinning with local workslice bounds out of range [%x:%y:]slice bounds out of range [:%x:%y]attempt to clear non-empty span setfindrunnable: netpoll with spinninggreyobject: obj not $runtime.SetFinalizer: second argument is runtime: blocked read on closing polldescruntime: typeBitsBulkBarrier without typestopTheWorld: not stopped (stopwait != 0)acquireSudog: found s.elem != nil in cachefatal error: cgo callback before cgo callnon-empty ma
      • API String ID: 0-3085556167
      • Opcode ID: fafa3d2ee3402aea57f22b72b652a51cefc60fad68c1575d605e5817d01d6243
      • Instruction ID: 06264732c14586138eb8ab11de9f155e97383279872b14fc09f9ed8524ba91ef
      • Opcode Fuzzy Hash: fafa3d2ee3402aea57f22b72b652a51cefc60fad68c1575d605e5817d01d6243
      • Instruction Fuzzy Hash: 8C41F03122CB9591E720AF92F44179E77A1F384BC0F588572EA4993B18EF78C475CB41
      Uniqueness

      Uniqueness Score: -1.00%

      Strings
      • , not a function0123456789ABCDEF0123456789abcdefGC scavenge waitGC worker (idle)GODEBUG: value "bad g transitionbad special kindbad summary databad symbol tablecastogscanstatusgc: unswept spaninteger overflowinvalid checksuminvalid g statusmSpanList.insertmSpa, xrefs: 00227B5D
      • runtime.SetFinalizer: second argument is runtime: blocked read on closing polldescruntime: typeBitsBulkBarrier without typestopTheWorld: not stopped (stopwait != 0)acquireSudog: found s.elem != nil in cachefatal error: cgo callback before cgo callnon-empty ma, xrefs: 00227B6C
      • because dotdotdotGC worker (active)bad lfnode addressbad manualFreeListchunk out of ordercleantimers: bad pcompression methoddimension overflowelem align too bigforEachP: not donegarbage collectionindex out of rangeruntime.semacreateruntime.semawakeupstopping, xrefs: 00227AFC
      • runtime.SetFinalizer: cannot pass runtime: g is running but p is notschedule: spinning with local workslice bounds out of range [%x:%y:]slice bounds out of range [:%x:%y]attempt to clear non-empty span setfindrunnable: netpoll with spinninggreyobject: obj not , xrefs: 00227A76, 00227ACD, 00227B37
      • to finalizer GC assist waitGC worker initbad allocCountbad restart PCbad span statefinalizer waitkey size wrongnil elem type!no module datanot a PNG filesemaRoot queuestack overflowstopm spinningstore64 failedsync.Cond.WaituserArenaStatework.full != 0bad IEND, xrefs: 00227A61, 00227AB8, 00227B22
      Memory Dump Source
      • Source File: 00000000.00000002.3278312667.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
      • Associated: 00000000.00000002.3278294522.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D86000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D88000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279172615.00000000010CF000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279185545.00000000010DD000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279195325.00000000010DE000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279206570.00000000010DF000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279229186.0000000001102000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279242042.0000000001107000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000110A000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000113D000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.0000000001143000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000116A000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279329929.000000000117F000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279340387.0000000001180000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_210000_FQElDjFG5t.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID: because dotdotdotGC worker (active)bad lfnode addressbad manualFreeListchunk out of ordercleantimers: bad pcompression methoddimension overflowelem align too bigforEachP: not donegarbage collectionindex out of rangeruntime.semacreateruntime.semawakeupstopping$ to finalizer GC assist waitGC worker initbad allocCountbad restart PCbad span statefinalizer waitkey size wrongnil elem type!no module datanot a PNG filesemaRoot queuestack overflowstopm spinningstore64 failedsync.Cond.WaituserArenaStatework.full != 0bad IEND$, not a function0123456789ABCDEF0123456789abcdefGC scavenge waitGC worker (idle)GODEBUG: value "bad g transitionbad special kindbad summary databad symbol tablecastogscanstatusgc: unswept spaninteger overflowinvalid checksuminvalid g statusmSpanList.insertmSpa$runtime.SetFinalizer: cannot pass runtime: g is running but p is notschedule: spinning with local workslice bounds out of range [%x:%y:]slice bounds out of range [:%x:%y]attempt to clear non-empty span setfindrunnable: netpoll with spinninggreyobject: obj not $runtime.SetFinalizer: second argument is runtime: blocked read on closing polldescruntime: typeBitsBulkBarrier without typestopTheWorld: not stopped (stopwait != 0)acquireSudog: found s.elem != nil in cachefatal error: cgo callback before cgo callnon-empty ma
      • API String ID: 0-3085556167
      • Opcode ID: e4fddce0eeeca1a3932a80fdf0005c55a797b852647a44de061333f59ec6a853
      • Instruction ID: 72ef6b426d407b49b60e87935f18038d4dd79fec44f95f6371edef43ac605250
      • Opcode Fuzzy Hash: e4fddce0eeeca1a3932a80fdf0005c55a797b852647a44de061333f59ec6a853
      • Instruction Fuzzy Hash: 3741F13122CB9591E720AF92F44179E77A1F384BC0F588572EA4993B18EF78C475CB41
      Uniqueness

      Uniqueness Score: -1.00%

      Strings
      • , not a function0123456789ABCDEF0123456789abcdefGC scavenge waitGC worker (idle)GODEBUG: value "bad g transitionbad special kindbad summary databad symbol tablecastogscanstatusgc: unswept spaninteger overflowinvalid checksuminvalid g statusmSpanList.insertmSpa, xrefs: 00227B5D
      • runtime.SetFinalizer: second argument is runtime: blocked read on closing polldescruntime: typeBitsBulkBarrier without typestopTheWorld: not stopped (stopwait != 0)acquireSudog: found s.elem != nil in cachefatal error: cgo callback before cgo callnon-empty ma, xrefs: 00227B6C
      • because dotdotdotGC worker (active)bad lfnode addressbad manualFreeListchunk out of ordercleantimers: bad pcompression methoddimension overflowelem align too bigforEachP: not donegarbage collectionindex out of rangeruntime.semacreateruntime.semawakeupstopping, xrefs: 00227AFC
      • runtime.SetFinalizer: cannot pass runtime: g is running but p is notschedule: spinning with local workslice bounds out of range [%x:%y:]slice bounds out of range [:%x:%y]attempt to clear non-empty span setfindrunnable: netpoll with spinninggreyobject: obj not , xrefs: 00227A76, 00227ACD, 00227B37
      • to finalizer GC assist waitGC worker initbad allocCountbad restart PCbad span statefinalizer waitkey size wrongnil elem type!no module datanot a PNG filesemaRoot queuestack overflowstopm spinningstore64 failedsync.Cond.WaituserArenaStatework.full != 0bad IEND, xrefs: 00227A61, 00227AB8, 00227B22
      Memory Dump Source
      • Source File: 00000000.00000002.3278312667.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
      • Associated: 00000000.00000002.3278294522.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D86000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D88000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279172615.00000000010CF000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279185545.00000000010DD000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279195325.00000000010DE000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279206570.00000000010DF000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279229186.0000000001102000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279242042.0000000001107000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000110A000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000113D000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.0000000001143000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000116A000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279329929.000000000117F000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279340387.0000000001180000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_210000_FQElDjFG5t.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID: because dotdotdotGC worker (active)bad lfnode addressbad manualFreeListchunk out of ordercleantimers: bad pcompression methoddimension overflowelem align too bigforEachP: not donegarbage collectionindex out of rangeruntime.semacreateruntime.semawakeupstopping$ to finalizer GC assist waitGC worker initbad allocCountbad restart PCbad span statefinalizer waitkey size wrongnil elem type!no module datanot a PNG filesemaRoot queuestack overflowstopm spinningstore64 failedsync.Cond.WaituserArenaStatework.full != 0bad IEND$, not a function0123456789ABCDEF0123456789abcdefGC scavenge waitGC worker (idle)GODEBUG: value "bad g transitionbad special kindbad summary databad symbol tablecastogscanstatusgc: unswept spaninteger overflowinvalid checksuminvalid g statusmSpanList.insertmSpa$runtime.SetFinalizer: cannot pass runtime: g is running but p is notschedule: spinning with local workslice bounds out of range [%x:%y:]slice bounds out of range [:%x:%y]attempt to clear non-empty span setfindrunnable: netpoll with spinninggreyobject: obj not $runtime.SetFinalizer: second argument is runtime: blocked read on closing polldescruntime: typeBitsBulkBarrier without typestopTheWorld: not stopped (stopwait != 0)acquireSudog: found s.elem != nil in cachefatal error: cgo callback before cgo callnon-empty ma
      • API String ID: 0-3085556167
      • Opcode ID: 8ac3d9750a6f5688bb300b0914bdeff912661b696897f441c81a3cfa47450ba2
      • Instruction ID: 4c7602e8e2b5042e80f8b345f31acbf8bb14c0ac690208b5725ffdad9360f0be
      • Opcode Fuzzy Hash: 8ac3d9750a6f5688bb300b0914bdeff912661b696897f441c81a3cfa47450ba2
      • Instruction Fuzzy Hash: 3541F13122CB9591E720AF92F44179E77A1F384BC0F588572EA4993B18EF78C475CB41
      Uniqueness

      Uniqueness Score: -1.00%

      Strings
      • , not a function0123456789ABCDEF0123456789abcdefGC scavenge waitGC worker (idle)GODEBUG: value "bad g transitionbad special kindbad summary databad symbol tablecastogscanstatusgc: unswept spaninteger overflowinvalid checksuminvalid g statusmSpanList.insertmSpa, xrefs: 00227B5D
      • runtime.SetFinalizer: second argument is runtime: blocked read on closing polldescruntime: typeBitsBulkBarrier without typestopTheWorld: not stopped (stopwait != 0)acquireSudog: found s.elem != nil in cachefatal error: cgo callback before cgo callnon-empty ma, xrefs: 00227B6C
      • because dotdotdotGC worker (active)bad lfnode addressbad manualFreeListchunk out of ordercleantimers: bad pcompression methoddimension overflowelem align too bigforEachP: not donegarbage collectionindex out of rangeruntime.semacreateruntime.semawakeupstopping, xrefs: 00227AFC
      • runtime.SetFinalizer: cannot pass runtime: g is running but p is notschedule: spinning with local workslice bounds out of range [%x:%y:]slice bounds out of range [:%x:%y]attempt to clear non-empty span setfindrunnable: netpoll with spinninggreyobject: obj not , xrefs: 00227A76, 00227ACD, 00227B37
      • to finalizer GC assist waitGC worker initbad allocCountbad restart PCbad span statefinalizer waitkey size wrongnil elem type!no module datanot a PNG filesemaRoot queuestack overflowstopm spinningstore64 failedsync.Cond.WaituserArenaStatework.full != 0bad IEND, xrefs: 00227A61, 00227AB8, 00227B22
      Memory Dump Source
      • Source File: 00000000.00000002.3278312667.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
      • Associated: 00000000.00000002.3278294522.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D86000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D88000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279172615.00000000010CF000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279185545.00000000010DD000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279195325.00000000010DE000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279206570.00000000010DF000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279229186.0000000001102000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279242042.0000000001107000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000110A000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000113D000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.0000000001143000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000116A000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279329929.000000000117F000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279340387.0000000001180000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_210000_FQElDjFG5t.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID: because dotdotdotGC worker (active)bad lfnode addressbad manualFreeListchunk out of ordercleantimers: bad pcompression methoddimension overflowelem align too bigforEachP: not donegarbage collectionindex out of rangeruntime.semacreateruntime.semawakeupstopping$ to finalizer GC assist waitGC worker initbad allocCountbad restart PCbad span statefinalizer waitkey size wrongnil elem type!no module datanot a PNG filesemaRoot queuestack overflowstopm spinningstore64 failedsync.Cond.WaituserArenaStatework.full != 0bad IEND$, not a function0123456789ABCDEF0123456789abcdefGC scavenge waitGC worker (idle)GODEBUG: value "bad g transitionbad special kindbad summary databad symbol tablecastogscanstatusgc: unswept spaninteger overflowinvalid checksuminvalid g statusmSpanList.insertmSpa$runtime.SetFinalizer: cannot pass runtime: g is running but p is notschedule: spinning with local workslice bounds out of range [%x:%y:]slice bounds out of range [:%x:%y]attempt to clear non-empty span setfindrunnable: netpoll with spinninggreyobject: obj not $runtime.SetFinalizer: second argument is runtime: blocked read on closing polldescruntime: typeBitsBulkBarrier without typestopTheWorld: not stopped (stopwait != 0)acquireSudog: found s.elem != nil in cachefatal error: cgo callback before cgo callnon-empty ma
      • API String ID: 0-3085556167
      • Opcode ID: 374622e9d73ef88742abf8a191313526f3c7d6a6862eb5495a855e7bab303dac
      • Instruction ID: 8f634c7e5dbdb955ae2868aba256e90a6791de68120cfe9b77f303aec19034af
      • Opcode Fuzzy Hash: 374622e9d73ef88742abf8a191313526f3c7d6a6862eb5495a855e7bab303dac
      • Instruction Fuzzy Hash: 9941F13122CB9591E720AF92F44179E77A1F384BC0F588572EA4993B18EF78C475CB41
      Uniqueness

      Uniqueness Score: -1.00%

      Strings
      • , not a function0123456789ABCDEF0123456789abcdefGC scavenge waitGC worker (idle)GODEBUG: value "bad g transitionbad special kindbad summary databad symbol tablecastogscanstatusgc: unswept spaninteger overflowinvalid checksuminvalid g statusmSpanList.insertmSpa, xrefs: 00227B5D
      • runtime.SetFinalizer: second argument is runtime: blocked read on closing polldescruntime: typeBitsBulkBarrier without typestopTheWorld: not stopped (stopwait != 0)acquireSudog: found s.elem != nil in cachefatal error: cgo callback before cgo callnon-empty ma, xrefs: 00227B6C
      • because dotdotdotGC worker (active)bad lfnode addressbad manualFreeListchunk out of ordercleantimers: bad pcompression methoddimension overflowelem align too bigforEachP: not donegarbage collectionindex out of rangeruntime.semacreateruntime.semawakeupstopping, xrefs: 00227AFC
      • runtime.SetFinalizer: cannot pass runtime: g is running but p is notschedule: spinning with local workslice bounds out of range [%x:%y:]slice bounds out of range [:%x:%y]attempt to clear non-empty span setfindrunnable: netpoll with spinninggreyobject: obj not , xrefs: 00227A76, 00227ACD, 00227B37
      • to finalizer GC assist waitGC worker initbad allocCountbad restart PCbad span statefinalizer waitkey size wrongnil elem type!no module datanot a PNG filesemaRoot queuestack overflowstopm spinningstore64 failedsync.Cond.WaituserArenaStatework.full != 0bad IEND, xrefs: 00227A61, 00227AB8, 00227B22
      Memory Dump Source
      • Source File: 00000000.00000002.3278312667.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
      • Associated: 00000000.00000002.3278294522.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D86000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D88000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279172615.00000000010CF000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279185545.00000000010DD000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279195325.00000000010DE000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279206570.00000000010DF000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279229186.0000000001102000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279242042.0000000001107000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000110A000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000113D000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.0000000001143000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000116A000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279329929.000000000117F000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279340387.0000000001180000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_210000_FQElDjFG5t.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID: because dotdotdotGC worker (active)bad lfnode addressbad manualFreeListchunk out of ordercleantimers: bad pcompression methoddimension overflowelem align too bigforEachP: not donegarbage collectionindex out of rangeruntime.semacreateruntime.semawakeupstopping$ to finalizer GC assist waitGC worker initbad allocCountbad restart PCbad span statefinalizer waitkey size wrongnil elem type!no module datanot a PNG filesemaRoot queuestack overflowstopm spinningstore64 failedsync.Cond.WaituserArenaStatework.full != 0bad IEND$, not a function0123456789ABCDEF0123456789abcdefGC scavenge waitGC worker (idle)GODEBUG: value "bad g transitionbad special kindbad summary databad symbol tablecastogscanstatusgc: unswept spaninteger overflowinvalid checksuminvalid g statusmSpanList.insertmSpa$runtime.SetFinalizer: cannot pass runtime: g is running but p is notschedule: spinning with local workslice bounds out of range [%x:%y:]slice bounds out of range [:%x:%y]attempt to clear non-empty span setfindrunnable: netpoll with spinninggreyobject: obj not $runtime.SetFinalizer: second argument is runtime: blocked read on closing polldescruntime: typeBitsBulkBarrier without typestopTheWorld: not stopped (stopwait != 0)acquireSudog: found s.elem != nil in cachefatal error: cgo callback before cgo callnon-empty ma
      • API String ID: 0-3085556167
      • Opcode ID: deeb3df0b0a500d43f5f8fbf64467ffcd5b2413eb5fb63024dc07a3a02dde824
      • Instruction ID: d138fb1b7bb56501120c70d7d9b3ac04d32ffe82276fec0d9d88168323dd7807
      • Opcode Fuzzy Hash: deeb3df0b0a500d43f5f8fbf64467ffcd5b2413eb5fb63024dc07a3a02dde824
      • Instruction Fuzzy Hash: C841E03222CB9591E720AF92F44179E77A5F384BC0F588572EA8993B18EF78C475CB41
      Uniqueness

      Uniqueness Score: -1.00%

      Strings
      • , not a function0123456789ABCDEF0123456789abcdefGC scavenge waitGC worker (idle)GODEBUG: value "bad g transitionbad special kindbad summary databad symbol tablecastogscanstatusgc: unswept spaninteger overflowinvalid checksuminvalid g statusmSpanList.insertmSpa, xrefs: 00227B5D
      • runtime.SetFinalizer: second argument is runtime: blocked read on closing polldescruntime: typeBitsBulkBarrier without typestopTheWorld: not stopped (stopwait != 0)acquireSudog: found s.elem != nil in cachefatal error: cgo callback before cgo callnon-empty ma, xrefs: 00227B6C
      • because dotdotdotGC worker (active)bad lfnode addressbad manualFreeListchunk out of ordercleantimers: bad pcompression methoddimension overflowelem align too bigforEachP: not donegarbage collectionindex out of rangeruntime.semacreateruntime.semawakeupstopping, xrefs: 00227AFC
      • runtime.SetFinalizer: cannot pass runtime: g is running but p is notschedule: spinning with local workslice bounds out of range [%x:%y:]slice bounds out of range [:%x:%y]attempt to clear non-empty span setfindrunnable: netpoll with spinninggreyobject: obj not , xrefs: 00227A76, 00227ACD, 00227B37
      • to finalizer GC assist waitGC worker initbad allocCountbad restart PCbad span statefinalizer waitkey size wrongnil elem type!no module datanot a PNG filesemaRoot queuestack overflowstopm spinningstore64 failedsync.Cond.WaituserArenaStatework.full != 0bad IEND, xrefs: 00227A61, 00227AB8, 00227B22
      Memory Dump Source
      • Source File: 00000000.00000002.3278312667.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
      • Associated: 00000000.00000002.3278294522.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D86000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D88000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279172615.00000000010CF000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279185545.00000000010DD000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279195325.00000000010DE000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279206570.00000000010DF000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279229186.0000000001102000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279242042.0000000001107000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000110A000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000113D000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.0000000001143000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000116A000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279329929.000000000117F000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279340387.0000000001180000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_210000_FQElDjFG5t.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID: because dotdotdotGC worker (active)bad lfnode addressbad manualFreeListchunk out of ordercleantimers: bad pcompression methoddimension overflowelem align too bigforEachP: not donegarbage collectionindex out of rangeruntime.semacreateruntime.semawakeupstopping$ to finalizer GC assist waitGC worker initbad allocCountbad restart PCbad span statefinalizer waitkey size wrongnil elem type!no module datanot a PNG filesemaRoot queuestack overflowstopm spinningstore64 failedsync.Cond.WaituserArenaStatework.full != 0bad IEND$, not a function0123456789ABCDEF0123456789abcdefGC scavenge waitGC worker (idle)GODEBUG: value "bad g transitionbad special kindbad summary databad symbol tablecastogscanstatusgc: unswept spaninteger overflowinvalid checksuminvalid g statusmSpanList.insertmSpa$runtime.SetFinalizer: cannot pass runtime: g is running but p is notschedule: spinning with local workslice bounds out of range [%x:%y:]slice bounds out of range [:%x:%y]attempt to clear non-empty span setfindrunnable: netpoll with spinninggreyobject: obj not $runtime.SetFinalizer: second argument is runtime: blocked read on closing polldescruntime: typeBitsBulkBarrier without typestopTheWorld: not stopped (stopwait != 0)acquireSudog: found s.elem != nil in cachefatal error: cgo callback before cgo callnon-empty ma
      • API String ID: 0-3085556167
      • Opcode ID: 8717d5d5c81b41f4a189a809dfa1ee01c0294baed470aa70b1172c7c3df26b48
      • Instruction ID: 7fdbed369fa84481572da84f5186d6cbb5bea0e06b9674a5ef1e75484551a317
      • Opcode Fuzzy Hash: 8717d5d5c81b41f4a189a809dfa1ee01c0294baed470aa70b1172c7c3df26b48
      • Instruction Fuzzy Hash: 7041D132228B9491E720AF92F44179E77A4F344BC0F488572EA4D93B18EF78C475CB41
      Uniqueness

      Uniqueness Score: -1.00%

      Strings
      • , not a function0123456789ABCDEF0123456789abcdefGC scavenge waitGC worker (idle)GODEBUG: value "bad g transitionbad special kindbad summary databad symbol tablecastogscanstatusgc: unswept spaninteger overflowinvalid checksuminvalid g statusmSpanList.insertmSpa, xrefs: 00227B5D
      • runtime.SetFinalizer: second argument is runtime: blocked read on closing polldescruntime: typeBitsBulkBarrier without typestopTheWorld: not stopped (stopwait != 0)acquireSudog: found s.elem != nil in cachefatal error: cgo callback before cgo callnon-empty ma, xrefs: 00227B6C
      • because dotdotdotGC worker (active)bad lfnode addressbad manualFreeListchunk out of ordercleantimers: bad pcompression methoddimension overflowelem align too bigforEachP: not donegarbage collectionindex out of rangeruntime.semacreateruntime.semawakeupstopping, xrefs: 00227AFC
      • runtime.SetFinalizer: cannot pass runtime: g is running but p is notschedule: spinning with local workslice bounds out of range [%x:%y:]slice bounds out of range [:%x:%y]attempt to clear non-empty span setfindrunnable: netpoll with spinninggreyobject: obj not , xrefs: 00227A76, 00227ACD, 00227B37
      • to finalizer GC assist waitGC worker initbad allocCountbad restart PCbad span statefinalizer waitkey size wrongnil elem type!no module datanot a PNG filesemaRoot queuestack overflowstopm spinningstore64 failedsync.Cond.WaituserArenaStatework.full != 0bad IEND, xrefs: 00227A61, 00227AB8, 00227B22
      Memory Dump Source
      • Source File: 00000000.00000002.3278312667.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
      • Associated: 00000000.00000002.3278294522.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D86000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D88000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279172615.00000000010CF000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279185545.00000000010DD000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279195325.00000000010DE000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279206570.00000000010DF000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279229186.0000000001102000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279242042.0000000001107000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000110A000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000113D000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.0000000001143000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000116A000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279329929.000000000117F000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279340387.0000000001180000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_210000_FQElDjFG5t.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID: because dotdotdotGC worker (active)bad lfnode addressbad manualFreeListchunk out of ordercleantimers: bad pcompression methoddimension overflowelem align too bigforEachP: not donegarbage collectionindex out of rangeruntime.semacreateruntime.semawakeupstopping$ to finalizer GC assist waitGC worker initbad allocCountbad restart PCbad span statefinalizer waitkey size wrongnil elem type!no module datanot a PNG filesemaRoot queuestack overflowstopm spinningstore64 failedsync.Cond.WaituserArenaStatework.full != 0bad IEND$, not a function0123456789ABCDEF0123456789abcdefGC scavenge waitGC worker (idle)GODEBUG: value "bad g transitionbad special kindbad summary databad symbol tablecastogscanstatusgc: unswept spaninteger overflowinvalid checksuminvalid g statusmSpanList.insertmSpa$runtime.SetFinalizer: cannot pass runtime: g is running but p is notschedule: spinning with local workslice bounds out of range [%x:%y:]slice bounds out of range [:%x:%y]attempt to clear non-empty span setfindrunnable: netpoll with spinninggreyobject: obj not $runtime.SetFinalizer: second argument is runtime: blocked read on closing polldescruntime: typeBitsBulkBarrier without typestopTheWorld: not stopped (stopwait != 0)acquireSudog: found s.elem != nil in cachefatal error: cgo callback before cgo callnon-empty ma
      • API String ID: 0-3085556167
      • Opcode ID: 54b82f681e5831b7bcf5832cae3918faf19944e40c15aee7b2e710561c25eac5
      • Instruction ID: c158ea98877ae81678a124da2c7f615712cae2d2b5332b855d453366b8c3098f
      • Opcode Fuzzy Hash: 54b82f681e5831b7bcf5832cae3918faf19944e40c15aee7b2e710561c25eac5
      • Instruction Fuzzy Hash: D741E132228B9491E720AF92F44179E77A4F384BC0F488572EA4D93B18EF78C875CB41
      Uniqueness

      Uniqueness Score: -1.00%

      Strings
      • , not a function0123456789ABCDEF0123456789abcdefGC scavenge waitGC worker (idle)GODEBUG: value "bad g transitionbad special kindbad summary databad symbol tablecastogscanstatusgc: unswept spaninteger overflowinvalid checksuminvalid g statusmSpanList.insertmSpa, xrefs: 00227B5D
      • runtime.SetFinalizer: second argument is runtime: blocked read on closing polldescruntime: typeBitsBulkBarrier without typestopTheWorld: not stopped (stopwait != 0)acquireSudog: found s.elem != nil in cachefatal error: cgo callback before cgo callnon-empty ma, xrefs: 00227B6C
      • because dotdotdotGC worker (active)bad lfnode addressbad manualFreeListchunk out of ordercleantimers: bad pcompression methoddimension overflowelem align too bigforEachP: not donegarbage collectionindex out of rangeruntime.semacreateruntime.semawakeupstopping, xrefs: 00227AFC
      • runtime.SetFinalizer: cannot pass runtime: g is running but p is notschedule: spinning with local workslice bounds out of range [%x:%y:]slice bounds out of range [:%x:%y]attempt to clear non-empty span setfindrunnable: netpoll with spinninggreyobject: obj not , xrefs: 00227A76, 00227ACD, 00227B37
      • to finalizer GC assist waitGC worker initbad allocCountbad restart PCbad span statefinalizer waitkey size wrongnil elem type!no module datanot a PNG filesemaRoot queuestack overflowstopm spinningstore64 failedsync.Cond.WaituserArenaStatework.full != 0bad IEND, xrefs: 00227A61, 00227AB8, 00227B22
      Memory Dump Source
      • Source File: 00000000.00000002.3278312667.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
      • Associated: 00000000.00000002.3278294522.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D86000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D88000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279172615.00000000010CF000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279185545.00000000010DD000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279195325.00000000010DE000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279206570.00000000010DF000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279229186.0000000001102000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279242042.0000000001107000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000110A000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000113D000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.0000000001143000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000116A000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279329929.000000000117F000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279340387.0000000001180000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_210000_FQElDjFG5t.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID: because dotdotdotGC worker (active)bad lfnode addressbad manualFreeListchunk out of ordercleantimers: bad pcompression methoddimension overflowelem align too bigforEachP: not donegarbage collectionindex out of rangeruntime.semacreateruntime.semawakeupstopping$ to finalizer GC assist waitGC worker initbad allocCountbad restart PCbad span statefinalizer waitkey size wrongnil elem type!no module datanot a PNG filesemaRoot queuestack overflowstopm spinningstore64 failedsync.Cond.WaituserArenaStatework.full != 0bad IEND$, not a function0123456789ABCDEF0123456789abcdefGC scavenge waitGC worker (idle)GODEBUG: value "bad g transitionbad special kindbad summary databad symbol tablecastogscanstatusgc: unswept spaninteger overflowinvalid checksuminvalid g statusmSpanList.insertmSpa$runtime.SetFinalizer: cannot pass runtime: g is running but p is notschedule: spinning with local workslice bounds out of range [%x:%y:]slice bounds out of range [:%x:%y]attempt to clear non-empty span setfindrunnable: netpoll with spinninggreyobject: obj not $runtime.SetFinalizer: second argument is runtime: blocked read on closing polldescruntime: typeBitsBulkBarrier without typestopTheWorld: not stopped (stopwait != 0)acquireSudog: found s.elem != nil in cachefatal error: cgo callback before cgo callnon-empty ma
      • API String ID: 0-3085556167
      • Opcode ID: 8717d5d5c81b41f4a189a809dfa1ee01c0294baed470aa70b1172c7c3df26b48
      • Instruction ID: 7fdbed369fa84481572da84f5186d6cbb5bea0e06b9674a5ef1e75484551a317
      • Opcode Fuzzy Hash: 8717d5d5c81b41f4a189a809dfa1ee01c0294baed470aa70b1172c7c3df26b48
      • Instruction Fuzzy Hash: 7041D132228B9491E720AF92F44179E77A4F344BC0F488572EA4D93B18EF78C475CB41
      Uniqueness

      Uniqueness Score: -1.00%

      Strings
      • , not a function0123456789ABCDEF0123456789abcdefGC scavenge waitGC worker (idle)GODEBUG: value "bad g transitionbad special kindbad summary databad symbol tablecastogscanstatusgc: unswept spaninteger overflowinvalid checksuminvalid g statusmSpanList.insertmSpa, xrefs: 00227B5D
      • runtime.SetFinalizer: second argument is runtime: blocked read on closing polldescruntime: typeBitsBulkBarrier without typestopTheWorld: not stopped (stopwait != 0)acquireSudog: found s.elem != nil in cachefatal error: cgo callback before cgo callnon-empty ma, xrefs: 00227B6C
      • because dotdotdotGC worker (active)bad lfnode addressbad manualFreeListchunk out of ordercleantimers: bad pcompression methoddimension overflowelem align too bigforEachP: not donegarbage collectionindex out of rangeruntime.semacreateruntime.semawakeupstopping, xrefs: 00227AFC
      • runtime.SetFinalizer: cannot pass runtime: g is running but p is notschedule: spinning with local workslice bounds out of range [%x:%y:]slice bounds out of range [:%x:%y]attempt to clear non-empty span setfindrunnable: netpoll with spinninggreyobject: obj not , xrefs: 00227A76, 00227ACD, 00227B37
      • to finalizer GC assist waitGC worker initbad allocCountbad restart PCbad span statefinalizer waitkey size wrongnil elem type!no module datanot a PNG filesemaRoot queuestack overflowstopm spinningstore64 failedsync.Cond.WaituserArenaStatework.full != 0bad IEND, xrefs: 00227A61, 00227AB8, 00227B22
      Memory Dump Source
      • Source File: 00000000.00000002.3278312667.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
      • Associated: 00000000.00000002.3278294522.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D86000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D88000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279172615.00000000010CF000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279185545.00000000010DD000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279195325.00000000010DE000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279206570.00000000010DF000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279229186.0000000001102000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279242042.0000000001107000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000110A000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000113D000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.0000000001143000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000116A000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279329929.000000000117F000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279340387.0000000001180000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_210000_FQElDjFG5t.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID: because dotdotdotGC worker (active)bad lfnode addressbad manualFreeListchunk out of ordercleantimers: bad pcompression methoddimension overflowelem align too bigforEachP: not donegarbage collectionindex out of rangeruntime.semacreateruntime.semawakeupstopping$ to finalizer GC assist waitGC worker initbad allocCountbad restart PCbad span statefinalizer waitkey size wrongnil elem type!no module datanot a PNG filesemaRoot queuestack overflowstopm spinningstore64 failedsync.Cond.WaituserArenaStatework.full != 0bad IEND$, not a function0123456789ABCDEF0123456789abcdefGC scavenge waitGC worker (idle)GODEBUG: value "bad g transitionbad special kindbad summary databad symbol tablecastogscanstatusgc: unswept spaninteger overflowinvalid checksuminvalid g statusmSpanList.insertmSpa$runtime.SetFinalizer: cannot pass runtime: g is running but p is notschedule: spinning with local workslice bounds out of range [%x:%y:]slice bounds out of range [:%x:%y]attempt to clear non-empty span setfindrunnable: netpoll with spinninggreyobject: obj not $runtime.SetFinalizer: second argument is runtime: blocked read on closing polldescruntime: typeBitsBulkBarrier without typestopTheWorld: not stopped (stopwait != 0)acquireSudog: found s.elem != nil in cachefatal error: cgo callback before cgo callnon-empty ma
      • API String ID: 0-3085556167
      • Opcode ID: a818b87021d12e8ded9d61e2e13c1b598fa051760c244deaadac948cbe2f5b43
      • Instruction ID: c8e5be256e4ec83b824d41f51c66866e4c53a2bfdac34dc44aff52fb5a2bd707
      • Opcode Fuzzy Hash: a818b87021d12e8ded9d61e2e13c1b598fa051760c244deaadac948cbe2f5b43
      • Instruction Fuzzy Hash: A341E232228B9491E720AF92F44179E77A4F344BC0F488572EA4D93B18EF78C875CB41
      Uniqueness

      Uniqueness Score: -1.00%

      Strings
      • , not a function0123456789ABCDEF0123456789abcdefGC scavenge waitGC worker (idle)GODEBUG: value "bad g transitionbad special kindbad summary databad symbol tablecastogscanstatusgc: unswept spaninteger overflowinvalid checksuminvalid g statusmSpanList.insertmSpa, xrefs: 00227B5D
      • runtime.SetFinalizer: second argument is runtime: blocked read on closing polldescruntime: typeBitsBulkBarrier without typestopTheWorld: not stopped (stopwait != 0)acquireSudog: found s.elem != nil in cachefatal error: cgo callback before cgo callnon-empty ma, xrefs: 00227B6C
      • because dotdotdotGC worker (active)bad lfnode addressbad manualFreeListchunk out of ordercleantimers: bad pcompression methoddimension overflowelem align too bigforEachP: not donegarbage collectionindex out of rangeruntime.semacreateruntime.semawakeupstopping, xrefs: 00227AFC
      • runtime.SetFinalizer: cannot pass runtime: g is running but p is notschedule: spinning with local workslice bounds out of range [%x:%y:]slice bounds out of range [:%x:%y]attempt to clear non-empty span setfindrunnable: netpoll with spinninggreyobject: obj not , xrefs: 00227A76, 00227ACD, 00227B37
      • to finalizer GC assist waitGC worker initbad allocCountbad restart PCbad span statefinalizer waitkey size wrongnil elem type!no module datanot a PNG filesemaRoot queuestack overflowstopm spinningstore64 failedsync.Cond.WaituserArenaStatework.full != 0bad IEND, xrefs: 00227A61, 00227AB8, 00227B22
      Memory Dump Source
      • Source File: 00000000.00000002.3278312667.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
      • Associated: 00000000.00000002.3278294522.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D86000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D88000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279172615.00000000010CF000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279185545.00000000010DD000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279195325.00000000010DE000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279206570.00000000010DF000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279229186.0000000001102000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279242042.0000000001107000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000110A000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000113D000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.0000000001143000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000116A000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279329929.000000000117F000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279340387.0000000001180000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_210000_FQElDjFG5t.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID: because dotdotdotGC worker (active)bad lfnode addressbad manualFreeListchunk out of ordercleantimers: bad pcompression methoddimension overflowelem align too bigforEachP: not donegarbage collectionindex out of rangeruntime.semacreateruntime.semawakeupstopping$ to finalizer GC assist waitGC worker initbad allocCountbad restart PCbad span statefinalizer waitkey size wrongnil elem type!no module datanot a PNG filesemaRoot queuestack overflowstopm spinningstore64 failedsync.Cond.WaituserArenaStatework.full != 0bad IEND$, not a function0123456789ABCDEF0123456789abcdefGC scavenge waitGC worker (idle)GODEBUG: value "bad g transitionbad special kindbad summary databad symbol tablecastogscanstatusgc: unswept spaninteger overflowinvalid checksuminvalid g statusmSpanList.insertmSpa$runtime.SetFinalizer: cannot pass runtime: g is running but p is notschedule: spinning with local workslice bounds out of range [%x:%y:]slice bounds out of range [:%x:%y]attempt to clear non-empty span setfindrunnable: netpoll with spinninggreyobject: obj not $runtime.SetFinalizer: second argument is runtime: blocked read on closing polldescruntime: typeBitsBulkBarrier without typestopTheWorld: not stopped (stopwait != 0)acquireSudog: found s.elem != nil in cachefatal error: cgo callback before cgo callnon-empty ma
      • API String ID: 0-3085556167
      • Opcode ID: 54b82f681e5831b7bcf5832cae3918faf19944e40c15aee7b2e710561c25eac5
      • Instruction ID: c158ea98877ae81678a124da2c7f615712cae2d2b5332b855d453366b8c3098f
      • Opcode Fuzzy Hash: 54b82f681e5831b7bcf5832cae3918faf19944e40c15aee7b2e710561c25eac5
      • Instruction Fuzzy Hash: D741E132228B9491E720AF92F44179E77A4F384BC0F488572EA4D93B18EF78C875CB41
      Uniqueness

      Uniqueness Score: -1.00%

      Strings
      • , not a function0123456789ABCDEF0123456789abcdefGC scavenge waitGC worker (idle)GODEBUG: value "bad g transitionbad special kindbad summary databad symbol tablecastogscanstatusgc: unswept spaninteger overflowinvalid checksuminvalid g statusmSpanList.insertmSpa, xrefs: 00227B5D
      • runtime.SetFinalizer: second argument is runtime: blocked read on closing polldescruntime: typeBitsBulkBarrier without typestopTheWorld: not stopped (stopwait != 0)acquireSudog: found s.elem != nil in cachefatal error: cgo callback before cgo callnon-empty ma, xrefs: 00227B6C
      • because dotdotdotGC worker (active)bad lfnode addressbad manualFreeListchunk out of ordercleantimers: bad pcompression methoddimension overflowelem align too bigforEachP: not donegarbage collectionindex out of rangeruntime.semacreateruntime.semawakeupstopping, xrefs: 00227AFC
      • runtime.SetFinalizer: cannot pass runtime: g is running but p is notschedule: spinning with local workslice bounds out of range [%x:%y:]slice bounds out of range [:%x:%y]attempt to clear non-empty span setfindrunnable: netpoll with spinninggreyobject: obj not , xrefs: 00227A76, 00227ACD, 00227B37
      • to finalizer GC assist waitGC worker initbad allocCountbad restart PCbad span statefinalizer waitkey size wrongnil elem type!no module datanot a PNG filesemaRoot queuestack overflowstopm spinningstore64 failedsync.Cond.WaituserArenaStatework.full != 0bad IEND, xrefs: 00227A61, 00227AB8, 00227B22
      Memory Dump Source
      • Source File: 00000000.00000002.3278312667.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
      • Associated: 00000000.00000002.3278294522.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D86000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D88000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279172615.00000000010CF000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279185545.00000000010DD000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279195325.00000000010DE000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279206570.00000000010DF000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279229186.0000000001102000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279242042.0000000001107000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000110A000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000113D000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.0000000001143000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000116A000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279329929.000000000117F000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279340387.0000000001180000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_210000_FQElDjFG5t.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID: because dotdotdotGC worker (active)bad lfnode addressbad manualFreeListchunk out of ordercleantimers: bad pcompression methoddimension overflowelem align too bigforEachP: not donegarbage collectionindex out of rangeruntime.semacreateruntime.semawakeupstopping$ to finalizer GC assist waitGC worker initbad allocCountbad restart PCbad span statefinalizer waitkey size wrongnil elem type!no module datanot a PNG filesemaRoot queuestack overflowstopm spinningstore64 failedsync.Cond.WaituserArenaStatework.full != 0bad IEND$, not a function0123456789ABCDEF0123456789abcdefGC scavenge waitGC worker (idle)GODEBUG: value "bad g transitionbad special kindbad summary databad symbol tablecastogscanstatusgc: unswept spaninteger overflowinvalid checksuminvalid g statusmSpanList.insertmSpa$runtime.SetFinalizer: cannot pass runtime: g is running but p is notschedule: spinning with local workslice bounds out of range [%x:%y:]slice bounds out of range [:%x:%y]attempt to clear non-empty span setfindrunnable: netpoll with spinninggreyobject: obj not $runtime.SetFinalizer: second argument is runtime: blocked read on closing polldescruntime: typeBitsBulkBarrier without typestopTheWorld: not stopped (stopwait != 0)acquireSudog: found s.elem != nil in cachefatal error: cgo callback before cgo callnon-empty ma
      • API String ID: 0-3085556167
      • Opcode ID: 54b82f681e5831b7bcf5832cae3918faf19944e40c15aee7b2e710561c25eac5
      • Instruction ID: c158ea98877ae81678a124da2c7f615712cae2d2b5332b855d453366b8c3098f
      • Opcode Fuzzy Hash: 54b82f681e5831b7bcf5832cae3918faf19944e40c15aee7b2e710561c25eac5
      • Instruction Fuzzy Hash: D741E132228B9491E720AF92F44179E77A4F384BC0F488572EA4D93B18EF78C875CB41
      Uniqueness

      Uniqueness Score: -1.00%

      Strings
      • , not a function0123456789ABCDEF0123456789abcdefGC scavenge waitGC worker (idle)GODEBUG: value "bad g transitionbad special kindbad summary databad symbol tablecastogscanstatusgc: unswept spaninteger overflowinvalid checksuminvalid g statusmSpanList.insertmSpa, xrefs: 00227B5D
      • runtime.SetFinalizer: second argument is runtime: blocked read on closing polldescruntime: typeBitsBulkBarrier without typestopTheWorld: not stopped (stopwait != 0)acquireSudog: found s.elem != nil in cachefatal error: cgo callback before cgo callnon-empty ma, xrefs: 00227B6C
      • because dotdotdotGC worker (active)bad lfnode addressbad manualFreeListchunk out of ordercleantimers: bad pcompression methoddimension overflowelem align too bigforEachP: not donegarbage collectionindex out of rangeruntime.semacreateruntime.semawakeupstopping, xrefs: 00227AFC
      • runtime.SetFinalizer: cannot pass runtime: g is running but p is notschedule: spinning with local workslice bounds out of range [%x:%y:]slice bounds out of range [:%x:%y]attempt to clear non-empty span setfindrunnable: netpoll with spinninggreyobject: obj not , xrefs: 00227A76, 00227ACD, 00227B37
      • to finalizer GC assist waitGC worker initbad allocCountbad restart PCbad span statefinalizer waitkey size wrongnil elem type!no module datanot a PNG filesemaRoot queuestack overflowstopm spinningstore64 failedsync.Cond.WaituserArenaStatework.full != 0bad IEND, xrefs: 00227A61, 00227AB8, 00227B22
      Memory Dump Source
      • Source File: 00000000.00000002.3278312667.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
      • Associated: 00000000.00000002.3278294522.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D86000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D88000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279172615.00000000010CF000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279185545.00000000010DD000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279195325.00000000010DE000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279206570.00000000010DF000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279229186.0000000001102000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279242042.0000000001107000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000110A000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000113D000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.0000000001143000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000116A000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279329929.000000000117F000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279340387.0000000001180000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_210000_FQElDjFG5t.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID: because dotdotdotGC worker (active)bad lfnode addressbad manualFreeListchunk out of ordercleantimers: bad pcompression methoddimension overflowelem align too bigforEachP: not donegarbage collectionindex out of rangeruntime.semacreateruntime.semawakeupstopping$ to finalizer GC assist waitGC worker initbad allocCountbad restart PCbad span statefinalizer waitkey size wrongnil elem type!no module datanot a PNG filesemaRoot queuestack overflowstopm spinningstore64 failedsync.Cond.WaituserArenaStatework.full != 0bad IEND$, not a function0123456789ABCDEF0123456789abcdefGC scavenge waitGC worker (idle)GODEBUG: value "bad g transitionbad special kindbad summary databad symbol tablecastogscanstatusgc: unswept spaninteger overflowinvalid checksuminvalid g statusmSpanList.insertmSpa$runtime.SetFinalizer: cannot pass runtime: g is running but p is notschedule: spinning with local workslice bounds out of range [%x:%y:]slice bounds out of range [:%x:%y]attempt to clear non-empty span setfindrunnable: netpoll with spinninggreyobject: obj not $runtime.SetFinalizer: second argument is runtime: blocked read on closing polldescruntime: typeBitsBulkBarrier without typestopTheWorld: not stopped (stopwait != 0)acquireSudog: found s.elem != nil in cachefatal error: cgo callback before cgo callnon-empty ma
      • API String ID: 0-3085556167
      • Opcode ID: 5faa10e4f9aa72227332cd8c11eee83d01737487d9bd9e4a22de04f04af51bda
      • Instruction ID: 8bea7cee9c8c7148befadb188f9603bb9549fc411bd3c89455802765d9134e5e
      • Opcode Fuzzy Hash: 5faa10e4f9aa72227332cd8c11eee83d01737487d9bd9e4a22de04f04af51bda
      • Instruction Fuzzy Hash: F141E132228B9491E720AF92F44179E77A4F384BC0F488572EA4D93B18EF78C875CB41
      Uniqueness

      Uniqueness Score: -1.00%

      Strings
      • , not a function0123456789ABCDEF0123456789abcdefGC scavenge waitGC worker (idle)GODEBUG: value "bad g transitionbad special kindbad summary databad symbol tablecastogscanstatusgc: unswept spaninteger overflowinvalid checksuminvalid g statusmSpanList.insertmSpa, xrefs: 00227B5D
      • runtime.SetFinalizer: second argument is runtime: blocked read on closing polldescruntime: typeBitsBulkBarrier without typestopTheWorld: not stopped (stopwait != 0)acquireSudog: found s.elem != nil in cachefatal error: cgo callback before cgo callnon-empty ma, xrefs: 00227B6C
      • because dotdotdotGC worker (active)bad lfnode addressbad manualFreeListchunk out of ordercleantimers: bad pcompression methoddimension overflowelem align too bigforEachP: not donegarbage collectionindex out of rangeruntime.semacreateruntime.semawakeupstopping, xrefs: 00227AFC
      • runtime.SetFinalizer: cannot pass runtime: g is running but p is notschedule: spinning with local workslice bounds out of range [%x:%y:]slice bounds out of range [:%x:%y]attempt to clear non-empty span setfindrunnable: netpoll with spinninggreyobject: obj not , xrefs: 00227A76, 00227ACD, 00227B37
      • to finalizer GC assist waitGC worker initbad allocCountbad restart PCbad span statefinalizer waitkey size wrongnil elem type!no module datanot a PNG filesemaRoot queuestack overflowstopm spinningstore64 failedsync.Cond.WaituserArenaStatework.full != 0bad IEND, xrefs: 00227A61, 00227AB8, 00227B22
      Memory Dump Source
      • Source File: 00000000.00000002.3278312667.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
      • Associated: 00000000.00000002.3278294522.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D86000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D88000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279172615.00000000010CF000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279185545.00000000010DD000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279195325.00000000010DE000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279206570.00000000010DF000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279229186.0000000001102000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279242042.0000000001107000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000110A000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000113D000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.0000000001143000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000116A000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279329929.000000000117F000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279340387.0000000001180000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_210000_FQElDjFG5t.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID: because dotdotdotGC worker (active)bad lfnode addressbad manualFreeListchunk out of ordercleantimers: bad pcompression methoddimension overflowelem align too bigforEachP: not donegarbage collectionindex out of rangeruntime.semacreateruntime.semawakeupstopping$ to finalizer GC assist waitGC worker initbad allocCountbad restart PCbad span statefinalizer waitkey size wrongnil elem type!no module datanot a PNG filesemaRoot queuestack overflowstopm spinningstore64 failedsync.Cond.WaituserArenaStatework.full != 0bad IEND$, not a function0123456789ABCDEF0123456789abcdefGC scavenge waitGC worker (idle)GODEBUG: value "bad g transitionbad special kindbad summary databad symbol tablecastogscanstatusgc: unswept spaninteger overflowinvalid checksuminvalid g statusmSpanList.insertmSpa$runtime.SetFinalizer: cannot pass runtime: g is running but p is notschedule: spinning with local workslice bounds out of range [%x:%y:]slice bounds out of range [:%x:%y]attempt to clear non-empty span setfindrunnable: netpoll with spinninggreyobject: obj not $runtime.SetFinalizer: second argument is runtime: blocked read on closing polldescruntime: typeBitsBulkBarrier without typestopTheWorld: not stopped (stopwait != 0)acquireSudog: found s.elem != nil in cachefatal error: cgo callback before cgo callnon-empty ma
      • API String ID: 0-3085556167
      • Opcode ID: b0df9786d9a1e6e5ce4cecd4bdaddb6bb91a8ce63d35fa4dc2fc6f909a9ca8e1
      • Instruction ID: c58fa6aeee89c63ce03f7fd9e43c5c0a92daede87c6b8786dfed19213351f778
      • Opcode Fuzzy Hash: b0df9786d9a1e6e5ce4cecd4bdaddb6bb91a8ce63d35fa4dc2fc6f909a9ca8e1
      • Instruction Fuzzy Hash: 4C41D032228B9491E720AF92F44179E77A4F384BC0F488572EA4D93B18EF78C875CB41
      Uniqueness

      Uniqueness Score: -1.00%

      Strings
      • pclmulqdqpreemptedprofBlockrwxrwxrwxstackpooltracebackwbufSpansBad varintGOMAXPROCSGOMEMLIMITatomicand8debug callexitThreadfloat32nanfloat64nanmSpanInUsenotifyListprofInsertsemacquirestackLargeunknown pcassistQueuebad m valuebad timedivcgocall nilfloat32nan2fl, xrefs: 00211646
      • sse41sse42ssse3startsudogsweeptext/tls: traceuint8unameusageutf-8valueweak=writexxxxx Value%s: %s%s: %v%v: %v, not , val .local.onion.proto0x%08x390625; and <-chanACARIDALIYOSARGALSASLOPEAnswerArabicAugustBIOGASBOINGSBOSQUEBinaryBitBltBrahmiCANCELCHAKRACHINASC, xrefs: 0021189F, 002118BC
      • popcntproto2proto3rdrandrdseedrdtscpreadatrealmsremoverenamereturnrune1 secondselectsendtoserversetenvsint32sint64socketsocks5stringstructswitchsyntaxsysmontelnettimersuint16uint32uint64unusedustar ustar, xrefs: 002117F1, 0021180F
      • avx2basebindbitsbmi1bmi2boolcallcap cas1cas2cas3cas4cas5cas6casechancx16datedef=dialelseenumermsetagexecfailfilefromftpsfuncgotogziphosthourhttpicmpidleigmpint8itabkindlazylinklistnamenoneopenpathpipepop3quitreadrootseeksizesmtpspansse2sse3synctRNStar, xrefs: 00211AB5, 00211AD2
      Memory Dump Source
      • Source File: 00000000.00000002.3278312667.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
      • Associated: 00000000.00000002.3278294522.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D86000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D88000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279172615.00000000010CF000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279185545.00000000010DD000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279195325.00000000010DE000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279206570.00000000010DF000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279229186.0000000001102000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279242042.0000000001107000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000110A000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000113D000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.0000000001143000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000116A000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279329929.000000000117F000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279340387.0000000001180000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_210000_FQElDjFG5t.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID: avx2basebindbitsbmi1bmi2boolcallcap cas1cas2cas3cas4cas5cas6casechancx16datedef=dialelseenumermsetagexecfailfilefromftpsfuncgotogziphosthourhttpicmpidleigmpint8itabkindlazylinklistnamenoneopenpathpipepop3quitreadrootseeksizesmtpspansse2sse3synctRNStar$pclmulqdqpreemptedprofBlockrwxrwxrwxstackpooltracebackwbufSpansBad varintGOMAXPROCSGOMEMLIMITatomicand8debug callexitThreadfloat32nanfloat64nanmSpanInUsenotifyListprofInsertsemacquirestackLargeunknown pcassistQueuebad m valuebad timedivcgocall nilfloat32nan2fl$popcntproto2proto3rdrandrdseedrdtscpreadatrealmsremoverenamereturnrune1 secondselectsendtoserversetenvsint32sint64socketsocks5stringstructswitchsyntaxsysmontelnettimersuint16uint32uint64unusedustar ustar$sse41sse42ssse3startsudogsweeptext/tls: traceuint8unameusageutf-8valueweak=writexxxxx Value%s: %s%s: %v%v: %v, not , val .local.onion.proto0x%08x390625; and <-chanACARIDALIYOSARGALSASLOPEAnswerArabicAugustBIOGASBOINGSBOSQUEBinaryBitBltBrahmiCANCELCHAKRACHINASC
      • API String ID: 0-719224210
      • Opcode ID: e8cb1977e327ab16620129423f53fe442ce9874a075bfd53106aaacc3e25ed8b
      • Instruction ID: 85a341348b8591f73b806d0419797a713682e81d050a58fa60928b94f026f8c4
      • Opcode Fuzzy Hash: e8cb1977e327ab16620129423f53fe442ce9874a075bfd53106aaacc3e25ed8b
      • Instruction Fuzzy Hash: CD32ECB6228A48D1EB00DF25F8457D97BB0F750B84F894626DB8E87725EF79C5A8C700
      Uniqueness

      Uniqueness Score: -1.00%

      Strings
      • mark - bad statusmarkBits overflowmissing closing )missing closing ]notetsleepg on g0runtime.newosprocruntime/internal/scanobject n == 0select (no cases)swept cached spansync.RWMutex.Lockthread exhaustionunknown caller pcwait for GC cycle because dotdotdotGC w, xrefs: 0022C824
      • scanstack - bad statussend on closed channelspan has no free spacestack not a power of 2trace reader (blocked)trace: alloc too largeunexpected length codewirep: invalid p state", missing CPU supportchan receive (nil chan)close of closed channelfatal: morestac, xrefs: 0022CB80
      • can't scan our own stackdouble traceGCSweepStartgcDrainN phase incorrecthash of unhashable type invalid interlace methodpageAlloc: out of memoryqueuefinalizer during GCrange partially overlapsrunqsteal: runq overflowspan has no free objectsupdate during transi, xrefs: 0022CB45
      • scanstack: goroutine not stoppedscavenger state is already wiredslice bounds out of range [%x::]slice bounds out of range [:%x:]slice bounds out of range [::%x]sweep increased allocation countGODEBUG: no value specified for "concurrent map read and map writefi, xrefs: 0022CB67
      Memory Dump Source
      • Source File: 00000000.00000002.3278312667.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
      • Associated: 00000000.00000002.3278294522.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D86000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D88000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279172615.00000000010CF000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279185545.00000000010DD000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279195325.00000000010DE000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279206570.00000000010DF000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279229186.0000000001102000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279242042.0000000001107000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000110A000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000113D000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.0000000001143000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000116A000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279329929.000000000117F000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279340387.0000000001180000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_210000_FQElDjFG5t.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID: can't scan our own stackdouble traceGCSweepStartgcDrainN phase incorrecthash of unhashable type invalid interlace methodpageAlloc: out of memoryqueuefinalizer during GCrange partially overlapsrunqsteal: runq overflowspan has no free objectsupdate during transi$mark - bad statusmarkBits overflowmissing closing )missing closing ]notetsleepg on g0runtime.newosprocruntime/internal/scanobject n == 0select (no cases)swept cached spansync.RWMutex.Lockthread exhaustionunknown caller pcwait for GC cycle because dotdotdotGC w$scanstack - bad statussend on closed channelspan has no free spacestack not a power of 2trace reader (blocked)trace: alloc too largeunexpected length codewirep: invalid p state", missing CPU supportchan receive (nil chan)close of closed channelfatal: morestac$scanstack: goroutine not stoppedscavenger state is already wiredslice bounds out of range [%x::]slice bounds out of range [:%x:]slice bounds out of range [::%x]sweep increased allocation countGODEBUG: no value specified for "concurrent map read and map writefi
      • API String ID: 0-2201561079
      • Opcode ID: b296483e89fecba6371d670f251d573ec4074a287cda3bad7c701cec9208ec5d
      • Instruction ID: 1a46a878a950a55a06d53d174b7247114fcd5c83daf0a7ee09dad4145e36188c
      • Opcode Fuzzy Hash: b296483e89fecba6371d670f251d573ec4074a287cda3bad7c701cec9208ec5d
      • Instruction Fuzzy Hash: 98D18D32228BD595DB24CF55F0807EEB7A1F789B84F689126DA8C13B59CF38C4A5CB40
      Uniqueness

      Uniqueness Score: -1.00%

      Strings
      • stack growth not allowed in system callsuspendG from non-preemptible goroutinetrailing backslash at end of expressionbulkBarrierPreWrite: unaligned argumentscannot free workbufs when work.full != 0deferproc: d.panic != nil after newdeferfailed to acquire lock , xrefs: 00255EE5
      • nil stackbaseout of memoryprofMemActiveprofMemFuturetraceStackTabvalue method xadd64 failedxchg64 failed to finalizer GC assist waitGC worker initbad allocCountbad restart PCbad span statefinalizer waitkey size wrongnil elem type!no module datanot a PNG filese, xrefs: 00255ECF
      • @U%, xrefs: 00255E21
      • racy sudog adjustment due to parking on channelslice bounds out of range [::%x] with length %ytried to sleep scavenger from another goroutineCreateWaitableTimerEx when creating timer failedcould not find GetSystemTimeAsFileTime() syscallslice bounds out of ran, xrefs: 00255E57
      Memory Dump Source
      • Source File: 00000000.00000002.3278312667.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
      • Associated: 00000000.00000002.3278294522.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D86000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D88000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279172615.00000000010CF000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279185545.00000000010DD000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279195325.00000000010DE000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279206570.00000000010DF000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279229186.0000000001102000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279242042.0000000001107000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000110A000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000113D000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.0000000001143000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000116A000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279329929.000000000117F000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279340387.0000000001180000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_210000_FQElDjFG5t.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID: @U%$nil stackbaseout of memoryprofMemActiveprofMemFuturetraceStackTabvalue method xadd64 failedxchg64 failed to finalizer GC assist waitGC worker initbad allocCountbad restart PCbad span statefinalizer waitkey size wrongnil elem type!no module datanot a PNG filese$racy sudog adjustment due to parking on channelslice bounds out of range [::%x] with length %ytried to sleep scavenger from another goroutineCreateWaitableTimerEx when creating timer failedcould not find GetSystemTimeAsFileTime() syscallslice bounds out of ran$stack growth not allowed in system callsuspendG from non-preemptible goroutinetrailing backslash at end of expressionbulkBarrierPreWrite: unaligned argumentscannot free workbufs when work.full != 0deferproc: d.panic != nil after newdeferfailed to acquire lock
      • API String ID: 0-998930552
      • Opcode ID: ddcee5d16b1c67d331e4f5fd98dd97754531278def651aa983d65cd0e65256d2
      • Instruction ID: 69590393572afdf6089081cea9fd04cb2471cd5d542cb6fcad7b422c5476dbb9
      • Opcode Fuzzy Hash: ddcee5d16b1c67d331e4f5fd98dd97754531278def651aa983d65cd0e65256d2
      • Instruction Fuzzy Hash: C4915772229FD082CA649F21E15039EB365F789BC1F988126DF9C57B19DF38C4A8CB04
      Uniqueness

      Uniqueness Score: -1.00%

      Strings
      • stack size not a power of 2stopTheWorld: holding lockstimer when must be positivetoo many callback functionswork.nwait was > work.nprocFixedStack is not power-of-2comparing uncomparable type fatal: morestack on gsignalfindrunnable: netpoll with pfound pointer, xrefs: 0025507C
      • out of memoryprofMemActiveprofMemFuturetraceStackTabvalue method xadd64 failedxchg64 failed to finalizer GC assist waitGC worker initbad allocCountbad restart PCbad span statefinalizer waitkey size wrongnil elem type!no module datanot a PNG filesemaRoot queues, xrefs: 00254F5D
      • out of memory (stackalloc)persistentalloc: size == 0shrinking stack in libcallssh: invalid packet lengthstartlockedm: locked to meuse of invalid sweepLockerwakep: negative nmspinningCurveP256CurveP384CurveP521G waiting list is corruptedaddress not a stack addr, xrefs: 00254E84
      • stackalloc not on scheduler stackstoplockedm: inconsistent lockingtimer period must be non-negativeVirtualQuery for stack base faileddoaddtimer: P already set in timerforEachP: sched.safePointWait != 0invalid nested repetition operatorinvalid or unsupported Pe, xrefs: 0025508D
      Memory Dump Source
      • Source File: 00000000.00000002.3278312667.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
      • Associated: 00000000.00000002.3278294522.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D86000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D88000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279172615.00000000010CF000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279185545.00000000010DD000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279195325.00000000010DE000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279206570.00000000010DF000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279229186.0000000001102000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279242042.0000000001107000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000110A000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000113D000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.0000000001143000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000116A000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279329929.000000000117F000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279340387.0000000001180000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_210000_FQElDjFG5t.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID: out of memory (stackalloc)persistentalloc: size == 0shrinking stack in libcallssh: invalid packet lengthstartlockedm: locked to meuse of invalid sweepLockerwakep: negative nmspinningCurveP256CurveP384CurveP521G waiting list is corruptedaddress not a stack addr$out of memoryprofMemActiveprofMemFuturetraceStackTabvalue method xadd64 failedxchg64 failed to finalizer GC assist waitGC worker initbad allocCountbad restart PCbad span statefinalizer waitkey size wrongnil elem type!no module datanot a PNG filesemaRoot queues$stack size not a power of 2stopTheWorld: holding lockstimer when must be positivetoo many callback functionswork.nwait was > work.nprocFixedStack is not power-of-2comparing uncomparable type fatal: morestack on gsignalfindrunnable: netpoll with pfound pointer$stackalloc not on scheduler stackstoplockedm: inconsistent lockingtimer period must be non-negativeVirtualQuery for stack base faileddoaddtimer: P already set in timerforEachP: sched.safePointWait != 0invalid nested repetition operatorinvalid or unsupported Pe
      • API String ID: 0-1500535864
      • Opcode ID: 52cd4ebccff17126e19d1be650daf554e385d92afc861928d5a2f45a107950f7
      • Instruction ID: 6eb956b197b1d9ece591c539f5bdd34f50b4c85932955f908dce5cbcb40bd9a9
      • Opcode Fuzzy Hash: 52cd4ebccff17126e19d1be650daf554e385d92afc861928d5a2f45a107950f7
      • Instruction Fuzzy Hash: 7661AD32224B9086DB04EF15E0913AEB7A5F789BD4F544125EF8E47B64DF38C4A9CB44
      Uniqueness

      Uniqueness Score: -1.00%

      Strings
      • runtime: cannot allocate memoryruntime: failed to commit pagesslice bounds out of range [%x:]slice bounds out of range [:%x]unsafe.String: len out of rangewriteBytes with unfinished bits (types from different packages)WSAGetOverlappedResult not found" not supp, xrefs: 0021D5DE
      • persistentalloc: align is not a power of 2runtime: blocked write on closing polldescsweep: tried to preserve a user arena spanunexpected signal during runtime executiongcBgMarkWorker: unexpected gcMarkWorkerModegrew heap, but no adequate free space foundmethod, xrefs: 0021D610
      • persistentalloc: align is too largepidleput: P has non-empty run queueruntime: close polldesc w/o unblockruntime: inconsistent read deadlinessh: invalid packet length multipletraceback did not unwind completely0123456789abcdefghijklmnopqrstuvwxyzGo pointer sto, xrefs: 0021D5FF
      • persistentalloc: size == 0shrinking stack in libcallssh: invalid packet lengthstartlockedm: locked to meuse of invalid sweepLockerwakep: negative nmspinningCurveP256CurveP384CurveP521G waiting list is corruptedaddress not a stack addresscould not find QPC sysc, xrefs: 0021D625
      Memory Dump Source
      • Source File: 00000000.00000002.3278312667.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
      • Associated: 00000000.00000002.3278294522.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D86000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D88000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279172615.00000000010CF000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279185545.00000000010DD000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279195325.00000000010DE000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279206570.00000000010DF000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279229186.0000000001102000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279242042.0000000001107000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000110A000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000113D000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.0000000001143000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000116A000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279329929.000000000117F000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279340387.0000000001180000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_210000_FQElDjFG5t.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID: persistentalloc: align is not a power of 2runtime: blocked write on closing polldescsweep: tried to preserve a user arena spanunexpected signal during runtime executiongcBgMarkWorker: unexpected gcMarkWorkerModegrew heap, but no adequate free space foundmethod$persistentalloc: align is too largepidleput: P has non-empty run queueruntime: close polldesc w/o unblockruntime: inconsistent read deadlinessh: invalid packet length multipletraceback did not unwind completely0123456789abcdefghijklmnopqrstuvwxyzGo pointer sto$persistentalloc: size == 0shrinking stack in libcallssh: invalid packet lengthstartlockedm: locked to meuse of invalid sweepLockerwakep: negative nmspinningCurveP256CurveP384CurveP521G waiting list is corruptedaddress not a stack addresscould not find QPC sysc$runtime: cannot allocate memoryruntime: failed to commit pagesslice bounds out of range [%x:]slice bounds out of range [:%x]unsafe.String: len out of rangewriteBytes with unfinished bits (types from different packages)WSAGetOverlappedResult not found" not supp
      • API String ID: 0-479432679
      • Opcode ID: d641be48612bc93a50ae821f5ab9001ab2ce75e661bb052c84cb71dcfc847045
      • Instruction ID: 224b2ad849e4afb504ceaaaa64481ee7afe2d039aa90002b12ad8debc0c49be2
      • Opcode Fuzzy Hash: d641be48612bc93a50ae821f5ab9001ab2ce75e661bb052c84cb71dcfc847045
      • Instruction Fuzzy Hash: 69618772629B85D2DB14CF05E4803DAB7B5F798B84F849122EB9D13B29DF39C4A5CB00
      Uniqueness

      Uniqueness Score: -1.00%

      Strings
      • q$&, xrefs: 00262466
      • w%&, xrefs: 0026256D
      • l"&, xrefs: 00262F2B
      • runtime: impossible type kindruntime: split stack overflowruntime: sudog with non-nil cscanobject of a noscan objectsemacquire not on the G stackstring concatenation too longtimeBegin/EndPeriod not found (types from different scopes)GODEBUG: unknown cpu featur, xrefs: 00262F05
      Memory Dump Source
      • Source File: 00000000.00000002.3278312667.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
      • Associated: 00000000.00000002.3278294522.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D86000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D88000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279172615.00000000010CF000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279185545.00000000010DD000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279195325.00000000010DE000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279206570.00000000010DF000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279229186.0000000001102000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279242042.0000000001107000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000110A000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000113D000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.0000000001143000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000116A000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279329929.000000000117F000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279340387.0000000001180000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_210000_FQElDjFG5t.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID: l"&$q$&$runtime: impossible type kindruntime: split stack overflowruntime: sudog with non-nil cscanobject of a noscan objectsemacquire not on the G stackstring concatenation too longtimeBegin/EndPeriod not found (types from different scopes)GODEBUG: unknown cpu featur$w%&
      • API String ID: 0-158268585
      • Opcode ID: a9336e4f7acd8f23f3cec7b81ec6dd3ef9fc09bb7020892334f83d75d68174f1
      • Instruction ID: eec694ee11ed06c0b5c417c013246ed84b100e291209ff594c94ed417e0182c6
      • Opcode Fuzzy Hash: a9336e4f7acd8f23f3cec7b81ec6dd3ef9fc09bb7020892334f83d75d68174f1
      • Instruction Fuzzy Hash: 93619C32A28ED5C5DB759F14E4413DAA360F398790F880522DBEC47B9ADF28C8E4CB50
      Uniqueness

      Uniqueness Score: -1.00%

      Strings
      • bad sweepgen in refillcall not at safe pointcompileCallabck: type duplicated defer entryfreeIndex is not validgetenv before env initheadTailIndex overflowinteger divide by zerointerface conversion: kernel32.dll not foundminpc or maxpc invalidnon-positive dimen, xrefs: 00225AE5
      • refill of span with free space remainingruntime.SetFinalizer: first argument is runtime.preemptM: duplicatehandle failedruntime: SyscallN has too many argumentsattempted to add zero-sized address rangegcSweep being done but phase is not GCoffmheap.freeSpanLock, xrefs: 00225AF6
      • out of memoryprofMemActiveprofMemFuturetraceStackTabvalue method xadd64 failedxchg64 failed to finalizer GC assist waitGC worker initbad allocCountbad restart PCbad span statefinalizer waitkey size wrongnil elem type!no module datanot a PNG filesemaRoot queues, xrefs: 00225AC5
      • span has no free spacestack not a power of 2trace reader (blocked)trace: alloc too largeunexpected length codewirep: invalid p state", missing CPU supportchan receive (nil chan)close of closed channelfatal: morestack on g0garbage collection scangcDrain phase, xrefs: 00225AB1
      Memory Dump Source
      • Source File: 00000000.00000002.3278312667.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
      • Associated: 00000000.00000002.3278294522.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D86000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3278823516.0000000000D88000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279172615.00000000010CF000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279185545.00000000010DD000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279195325.00000000010DE000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279206570.00000000010DF000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279229186.0000000001102000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279242042.0000000001107000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000110A000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000113D000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.0000000001143000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.000000000116A000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279252169.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279329929.000000000117F000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.3279340387.0000000001180000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_210000_FQElDjFG5t.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID: bad sweepgen in refillcall not at safe pointcompileCallabck: type duplicated defer entryfreeIndex is not validgetenv before env initheadTailIndex overflowinteger divide by zerointerface conversion: kernel32.dll not foundminpc or maxpc invalidnon-positive dimen$out of memoryprofMemActiveprofMemFuturetraceStackTabvalue method xadd64 failedxchg64 failed to finalizer GC assist waitGC worker initbad allocCountbad restart PCbad span statefinalizer waitkey size wrongnil elem type!no module datanot a PNG filesemaRoot queues$refill of span with free space remainingruntime.SetFinalizer: first argument is runtime.preemptM: duplicatehandle failedruntime: SyscallN has too many argumentsattempted to add zero-sized address rangegcSweep being done but phase is not GCoffmheap.freeSpanLock$span has no free spacestack not a power of 2trace reader (blocked)trace: alloc too largeunexpected length codewirep: invalid p state", missing CPU supportchan receive (nil chan)close of closed channelfatal: morestack on g0garbage collection scangcDrain phase
      • API String ID: 0-3123902989
      • Opcode ID: 9d01ea8adf5bca23fe989c9e266f49bc981f0a33fdbe011c93073904d730ac25
      • Instruction ID: 86d9c5cbbf4eda87b8f3ece5c5b675a0f21262aaf33505a7ba68e199f38f3229
      • Opcode Fuzzy Hash: 9d01ea8adf5bca23fe989c9e266f49bc981f0a33fdbe011c93073904d730ac25
      • Instruction Fuzzy Hash: BC518D73224BA4C6DB10DF05E48039EB765F789B94F949122EB8D03B69DF38C966CB50
      Uniqueness

      Uniqueness Score: -1.00%