Joe Sandbox Cloud Basic Analysis Report
Edit tour

Windows Analysis Report
PuTTy.exe

Overview

General Information

Sample name:PuTTy.exe
Analysis ID:1415345
MD5:037b72bd0844cb2ce886cd6442c03694
SHA1:242a11ac80b1370801169997fbf6265a412e61ec
SHA256:0caa772186814dbf84856293f102c7538980bcd31b70c1836be236e9fa05c48d
Tags:exeGoLoader
Infos:

Detection

Score:56
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Installs new ROOT certificates
Potentially malicious time measurement code found
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to call native functions
Detected potential crypto function
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
May check the online IP address of the machine
PE file contains more sections than normal
PE file contains sections with non-standard names
Stores large binary data to the registry
Tries to load missing DLLs

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Process Tree

  • System is w10x64
  • PuTTy.exe (PID: 4920 cmdline: "C:\Users\user\Desktop\PuTTy.exe" MD5: 037B72BD0844CB2CE886CD6442C03694)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

  • AV Detection
  • Compliance
  • Software Vulnerabilities
  • Networking
  • System Summary
  • Data Obfuscation
  • Persistence and Installation Behavior
  • Hooking and other Techniques for Hiding and Protection
  • Malware Analysis System Evasion
  • Anti Debugging
  • Language, Device and Operating System Detection

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: PuTTy.exeReversingLabs: Detection: 13%
Source: PuTTy.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: C:\Users\user\Desktop\PuTTy.exeCode function: 4x nop then cmp rdx, rbx0_2_00007FF775F1C3A0
Source: C:\Users\user\Desktop\PuTTy.exeCode function: 4x nop then lock or byte ptr [rdx], r8L0_2_00007FF775F31420
Source: C:\Users\user\Desktop\PuTTy.exeCode function: 4x nop then shr r10, 0Dh0_2_00007FF775F3D020
Source: C:\Users\user\Desktop\PuTTy.exeCode function: 4x nop then shr rdi, 0Dh0_2_00007FF775F3BBA0
Source: C:\Users\user\Desktop\PuTTy.exeCode function: 4x nop then cmp rdx, 40h0_2_00007FF775F30CE0
Source: Joe Sandbox ViewIP Address: 172.67.74.152 172.67.74.152
Source: unknownDNS query: name: api.ipify.org
Source: unknownDNS query: name: api.ipify.org
Source: unknownDNS query: name: api.ipify.org
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: C:\Users\user\Desktop\PuTTy.exeCode function: 0_2_00007FF775F79180 WSARecv,0_2_00007FF775F79180
Source: global trafficHTTP traffic detected: GET /?format=text HTTP/1.1Host: api.ipify.orgUser-Agent: Go-http-client/1.1Accept-Encoding: gzip
Source: global trafficHTTP traffic detected: GET /api.php?action=check_ip&ip=102.165.48.43 HTTP/1.1Host: zodiacrealm.infoUser-Agent: Go-http-client/1.1Accept-Encoding: gzip
Source: unknownDNS traffic detected: queries for: api.ipify.org
Source: PuTTy.exeString found in binary or memory: https://api.ipify.org?format=textpseudo
Source: PuTTy.exe, 00000000.00000002.1270981896.000000C0000B4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://zodiacrealm.info/api.php?action=check_ip&ip=102.165.48.43
Source: PuTTy.exeString found in binary or memory: https://zodiacrealm.info/api.php?action=check_ip&ip=Step
Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
Source: C:\Users\user\Desktop\PuTTy.exeCode function: 0_2_00007FF775F55E60 NtWaitForSingleObject,0_2_00007FF775F55E60
Source: C:\Users\user\Desktop\PuTTy.exeCode function: 0_2_00007FF775F42E80 RtlAddVectoredContinueHandler,NtWaitForSingleObject,RtlGetCurrentPeb,RtlGetNtVersionNumbers,timeBeginPeriod,timeEndPeriod,WSAGetOverlappedResult,0_2_00007FF775F42E80
Source: C:\Users\user\Desktop\PuTTy.exeCode function: 0_2_00007FF775F795C0 NtWaitForSingleObject,0_2_00007FF775F795C0
Source: C:\Users\user\Desktop\PuTTy.exeCode function: 0_2_00007FF775F4C5E0 NtWaitForSingleObject,0_2_00007FF775F4C5E0
Source: C:\Users\user\Desktop\PuTTy.exeCode function: 0_2_00007FF775F4C6C0 NtWaitForSingleObject,0_2_00007FF775F4C6C0
Source: C:\Users\user\Desktop\PuTTy.exeCode function: 0_2_00007FF775F4C420 NtWaitForSingleObject,0_2_00007FF775F4C420
Source: C:\Users\user\Desktop\PuTTy.exeCode function: 0_2_00007FF775F4C500 NtWaitForSingleObject,0_2_00007FF775F4C500
Source: C:\Users\user\Desktop\PuTTy.exeCode function: 0_2_00007FF775F384000_2_00007FF775F38400
Source: C:\Users\user\Desktop\PuTTy.exeCode function: 0_2_00007FF775F1D2200_2_00007FF775F1D220
Source: C:\Users\user\Desktop\PuTTy.exeCode function: 0_2_00007FF775F4F3000_2_00007FF775F4F300
Source: C:\Users\user\Desktop\PuTTy.exeCode function: 0_2_00007FF775F390A00_2_00007FF775F390A0
Source: C:\Users\user\Desktop\PuTTy.exeCode function: 0_2_00007FF775F1DDC00_2_00007FF775F1DDC0
Source: C:\Users\user\Desktop\PuTTy.exeCode function: 0_2_00007FF775F559C00_2_00007FF775F559C0
Source: C:\Users\user\Desktop\PuTTy.exeCode function: 0_2_00007FF775F45A200_2_00007FF775F45A20
Source: C:\Users\user\Desktop\PuTTy.exeCode function: 0_2_00007FF775F2B8600_2_00007FF775F2B860
Source: C:\Users\user\Desktop\PuTTy.exeCode function: 0_2_00007FF775F498600_2_00007FF775F49860
Source: C:\Users\user\Desktop\PuTTy.exeCode function: 0_2_00007FF775F7E8800_2_00007FF775F7E880
Source: C:\Users\user\Desktop\PuTTy.exeCode function: 0_2_00007FF775F1E8C00_2_00007FF775F1E8C0
Source: C:\Users\user\Desktop\PuTTy.exeCode function: 0_2_00007FF775F616200_2_00007FF775F61620
Source: C:\Users\user\Desktop\PuTTy.exeCode function: 0_2_00007FF775F316800_2_00007FF775F31680
Source: C:\Users\user\Desktop\PuTTy.exeCode function: 0_2_00007FF775F993800_2_00007FF775F99380
Source: C:\Users\user\Desktop\PuTTy.exeCode function: 0_2_00007FF775F3E4400_2_00007FF775F3E440
Source: C:\Users\user\Desktop\PuTTy.exeCode function: 0_2_00007FF775F594800_2_00007FF775F59480
Source: C:\Users\user\Desktop\PuTTy.exeCode function: 0_2_00007FF775F674A00_2_00007FF775F674A0
Source: C:\Users\user\Desktop\PuTTy.exeCode function: 0_2_00007FF775F2B4C00_2_00007FF775F2B4C0
Source: C:\Users\user\Desktop\PuTTy.exeCode function: 0_2_00007FF775F421C00_2_00007FF775F421C0
Source: C:\Users\user\Desktop\PuTTy.exeCode function: 0_2_00007FF775F25F600_2_00007FF775F25F60
Source: C:\Users\user\Desktop\PuTTy.exeCode function: 0_2_00007FF775F7EFC00_2_00007FF775F7EFC0
Source: C:\Users\user\Desktop\PuTTy.exeCode function: 0_2_00007FF775F3D0200_2_00007FF775F3D020
Source: C:\Users\user\Desktop\PuTTy.exeCode function: 0_2_00007FF775F490200_2_00007FF775F49020
Source: C:\Users\user\Desktop\PuTTy.exeCode function: 0_2_00007FF775F3C0600_2_00007FF775F3C060
Source: C:\Users\user\Desktop\PuTTy.exeCode function: 0_2_00007FF775F6AD200_2_00007FF775F6AD20
Source: C:\Users\user\Desktop\PuTTy.exeCode function: 0_2_00007FF775F5FD800_2_00007FF775F5FD80
Source: C:\Users\user\Desktop\PuTTy.exeCode function: 0_2_00007FF775F80DE00_2_00007FF775F80DE0
Source: C:\Users\user\Desktop\PuTTy.exeCode function: 0_2_00007FF775F32E000_2_00007FF775F32E00
Source: C:\Users\user\Desktop\PuTTy.exeCode function: 0_2_00007FF775F71E200_2_00007FF775F71E20
Source: C:\Users\user\Desktop\PuTTy.exeCode function: 0_2_00007FF775F2AEA00_2_00007FF775F2AEA0
Source: C:\Users\user\Desktop\PuTTy.exeCode function: 0_2_00007FF775F35EC00_2_00007FF775F35EC0
Source: C:\Users\user\Desktop\PuTTy.exeCode function: 0_2_00007FF775F74B490_2_00007FF775F74B49
Source: C:\Users\user\Desktop\PuTTy.exeCode function: 0_2_00007FF775F98B600_2_00007FF775F98B60
Source: C:\Users\user\Desktop\PuTTy.exeCode function: 0_2_00007FF775F8FB600_2_00007FF775F8FB60
Source: C:\Users\user\Desktop\PuTTy.exeCode function: 0_2_00007FF775F3BBA00_2_00007FF775F3BBA0
Source: C:\Users\user\Desktop\PuTTy.exeCode function: 0_2_00007FF775F1AC400_2_00007FF775F1AC40
Source: C:\Users\user\Desktop\PuTTy.exeCode function: 0_2_00007FF775F4CC400_2_00007FF775F4CC40
Source: C:\Users\user\Desktop\PuTTy.exeCode function: 0_2_00007FF775F2ECE00_2_00007FF775F2ECE0
Source: C:\Users\user\Desktop\PuTTy.exeCode function: 0_2_00007FF775F4FD000_2_00007FF775F4FD00
Source: C:\Users\user\Desktop\PuTTy.exeCode function: 0_2_00007FF775F5C9E00_2_00007FF775F5C9E0
Source: C:\Users\user\Desktop\PuTTy.exeCode function: 0_2_00007FF775F50AC00_2_00007FF775F50AC0
Source: C:\Users\user\Desktop\PuTTy.exeCode function: String function: 00007FF775F483E0 appears 32 times
Source: C:\Users\user\Desktop\PuTTy.exeCode function: String function: 00007FF775F608E0 appears 37 times
Source: C:\Users\user\Desktop\PuTTy.exeCode function: String function: 00007FF775F48300 appears 562 times
Source: C:\Users\user\Desktop\PuTTy.exeCode function: String function: 00007FF775F4A5C0 appears 579 times
Source: C:\Users\user\Desktop\PuTTy.exeCode function: String function: 00007FF775F49DA0 appears 66 times
Source: PuTTy.exeStatic PE information: Number of sections : 21 > 10
Source: C:\Users\user\Desktop\PuTTy.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\PuTTy.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\Desktop\PuTTy.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Users\user\Desktop\PuTTy.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Users\user\Desktop\PuTTy.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\PuTTy.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Users\user\Desktop\PuTTy.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\Desktop\PuTTy.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\PuTTy.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\PuTTy.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\Desktop\PuTTy.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\Desktop\PuTTy.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\Desktop\PuTTy.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\PuTTy.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\PuTTy.exeSection loaded: gpapi.dllJump to behavior
Source: classification engineClassification label: mal56.evad.winEXE@1/0@2/2
Source: C:\Users\user\Desktop\PuTTy.exeMutant created: \Sessions\1\BaseNamedObjects\??????????????????????????????????????
Source: C:\Users\user\Desktop\PuTTy.exeFile opened: C:\Windows\system32\0a4d4743317859070a9ec403b9aeb5a10379d6544ca48f5868de31371db930e1AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJump to behavior
Source: PuTTy.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\PuTTy.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: PuTTy.exeReversingLabs: Detection: 13%
Source: PuTTy.exeString found in binary or memory: C:/Program Files/Go/src/net/addrselect.go
Source: PuTTy.exeString found in binary or memory: -start
Source: PuTTy.exeString found in binary or memory: -addr
Source: PuTTy.exeString found in binary or memory: C:/Program Files/Go/src/net/addrselect.go
Source: PuTTy.exeString found in binary or memory: -start
Source: PuTTy.exeString found in binary or memory: -addr
Source: PuTTy.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
Source: PuTTy.exeStatic PE information: Image base 0x140000000 > 0x60000000
Source: PuTTy.exeStatic file information: File size 13198274 > 1048576
Source: PuTTy.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x269000
Source: PuTTy.exeStatic PE information: Raw size of .rdata is bigger than: 0x100000 < 0x276200
Source: PuTTy.exeStatic PE information: Raw size of /19 is bigger than: 0x100000 < 0x1e8a00
Source: PuTTy.exeStatic PE information: Raw size of /81 is bigger than: 0x100000 < 0x313400
Source: PuTTy.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: PuTTy.exeStatic PE information: section name: .xdata
Source: PuTTy.exeStatic PE information: section name: /4
Source: PuTTy.exeStatic PE information: section name: /19
Source: PuTTy.exeStatic PE information: section name: /31
Source: PuTTy.exeStatic PE information: section name: /45
Source: PuTTy.exeStatic PE information: section name: /57
Source: PuTTy.exeStatic PE information: section name: /70
Source: PuTTy.exeStatic PE information: section name: /81
Source: PuTTy.exeStatic PE information: section name: /92
Source: PuTTy.exeStatic PE information: section name: /106

Persistence and Installation Behavior

barindex
Source: C:\Users\user\Desktop\PuTTy.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 BlobJump to behavior
Source: C:\Users\user\Desktop\PuTTy.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 BlobJump to behavior
Source: C:\Users\user\Desktop\PuTTy.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 BlobJump to behavior
Source: C:\Users\user\Desktop\PuTTy.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PuTTy.exeCode function: 0_2_00007FF775F77880 rdtscp0_2_00007FF775F77880
Source: C:\Users\user\Desktop\PuTTy.exeAPI coverage: 5.3 %
Source: PuTTy.exe, 00000000.00000002.1273684816.00000225B0153000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Anti Debugging

barindex
Source: C:\Users\user\Desktop\PuTTy.exeCode function: 0_2_00007FF775F77880 Start: 00007FF775F77889 End: 00007FF775F7789F0_2_00007FF775F77880
Source: C:\Users\user\Desktop\PuTTy.exeCode function: 0_2_00007FF775F77880 rdtscp0_2_00007FF775F77880
Source: C:\Users\user\Desktop\PuTTy.exeCode function: 0_2_00007FF775F11190 Sleep,Sleep,SetUnhandledExceptionFilter,malloc,strlen,malloc,memcpy,_initterm,GetStartupInfoA,0_2_00007FF775F11190
Source: C:\Users\user\Desktop\PuTTy.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
Command and Scripting Interpreter		1
DLL Side-Loading		1
DLL Side-Loading		1
Modify Registry		OS Credential Dumping11
Security Software Discovery		Remote Services1
Archive Collected Data		11
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Deobfuscate/Decode Files or Information		LSASS Memory1
System Network Configuration Discovery		Remote Desktop ProtocolData from Removable Media2
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)2
Obfuscated Files or Information		Security Account Manager2
System Information Discovery		SMB/Windows Admin SharesData from Network Shared Drive2
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
Install Root Certificate		NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture3
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
DLL Side-Loading		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1415345 Sample: PuTTy.exe Startdate: 25/03/2024 Architecture: WINDOWS Score: 56 10 zodiacrealm.info 2->10 12 api.ipify.org 2->12 18 Multi AV Scanner detection for submitted file 2->18 6 PuTTy.exe 2->6         started        signatures3 process4 dnsIp5 14 zodiacrealm.info 91.198.166.79, 443, 49707 LEVEL-NEXTGI Gibraltar 6->14 16 api.ipify.org 172.67.74.152, 443, 49706 CLOUDFLARENETUS United States 6->16 20 Installs new ROOT certificates 6->20 22 Potentially malicious time measurement code found 6->22 signatures6

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
PuTTy.exe13%ReversingLabsWin32.Trojan.Generic

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://zodiacrealm.info/api.php?action=check_ip&ip=Step0%Avira URL Cloudsafe
https://zodiacrealm.info/api.php?action=check_ip&ip=102.165.48.430%Avira URL Cloudsafe

Domains and IPs

Download Network PCAP: filteredfull

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
zodiacrealm.info
91.198.166.79
truefalse
    		unknown
    api.ipify.org
    		172.67.74.152
    		truefalse
      		high

      Contacted URLs

      NameMaliciousAntivirus DetectionReputation
      https://zodiacrealm.info/api.php?action=check_ip&ip=102.165.48.43false
      • Avira URL Cloud: safe
      		unknown
      https://api.ipify.org/?format=textfalse
        		high
        NameSourceMaliciousAntivirus DetectionReputation
        https://api.ipify.org?format=textpseudoPuTTy.exefalse
          		high
          https://zodiacrealm.info/api.php?action=check_ip&ip=StepPuTTy.exefalse
          • Avira URL Cloud: safe
          		unknown

          World Map of Contacted IPs

          • No. of IPs < 25%
          • 25% < No. of IPs < 50%
          • 50% < No. of IPs < 75%
          • 75% < No. of IPs

          Public IPs

          IPDomainCountryFlagASNASN NameMalicious
          91.198.166.79
          		zodiacrealm.infoGibraltar
          		41578LEVEL-NEXTGIfalse
          172.67.74.152
          		api.ipify.orgUnited States
          		13335CLOUDFLARENETUSfalse

          General Information

          Joe Sandbox version:40.0.0 Tourmaline
          Analysis ID:1415345
          Start date and time:2024-03-25 18:25:56 +01:00
          Joe Sandbox product:CloudBasic
          Overall analysis duration:0h 6m 1s
          Hypervisor based Inspection enabled:false
          Report type:full
          Cookbook file name:default.jbs
          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
          Number of analysed new started processes analysed:13
          Number of new started drivers analysed:0
          Number of existing processes analysed:0
          Number of existing drivers analysed:0
          Number of injected processes analysed:0
          Technologies:
          • HCA enabled
          • EGA enabled
          • AMSI enabled
          Analysis Mode:default
          Analysis stop reason:Timeout
          Sample name:PuTTy.exe
          Detection:MAL
          Classification:mal56.evad.winEXE@1/0@2/2
          EGA Information:
          • Successful, ratio: 100%
          HCA Information:
          • Successful, ratio: 95%
          • Number of executed functions: 10
          • Number of non-executed functions: 46
          Cookbook Comments:
          • Found application associated with file extension: .exe
          • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
          • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
          • Not all processes where analyzed, report is missing behavior information
          • Report size getting too big, too many NtQueryValueKey calls found.
          • VT rate limit hit for: PuTTy.exe

          Simulations

          Behavior and APIs

          No simulations

          Joe Sandbox View / Context

          IPs

          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
          172.67.74.152Sky-Beta Setup 1.0.0.exeGet hashmaliciousUnknownBrowse
          • api.ipify.org/?format=json

          Domains

          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
          api.ipify.org#U00f6deme onaylama.exeGet hashmaliciousAgentTeslaBrowse
          • 104.26.12.205
          a7cM5MqeLl8qfNe.exeGet hashmaliciousAgentTeslaBrowse
          • 104.26.12.205
          Payment_Advice.vbsGet hashmaliciousAgentTesla, GuLoaderBrowse
          • 104.26.13.205
          Statement of Accounts.exeGet hashmaliciousAgentTeslaBrowse
          • 104.26.13.205
          QUOTE0001113456250324.vbsGet hashmaliciousAgentTesla, GuLoaderBrowse
          • 104.26.13.205
          Definitive Itinerary.xlam.xlsxGet hashmaliciousAgentTeslaBrowse
          • 104.26.13.205
          Resqust for Quote.xlam.xlsxGet hashmaliciousAgentTeslaBrowse
          • 104.26.13.205
          I_DEC.exeGet hashmaliciousAgentTesla, GuLoaderBrowse
          • 104.26.13.205
          SecuriteInfo.com.PWSX-gen.17424.6091.exeGet hashmaliciousAgentTeslaBrowse
          • 104.26.12.205
          microzx.scr.exeGet hashmaliciousAgentTeslaBrowse
          • 104.26.12.205

          ASNs

          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
          LEVEL-NEXTGIbxH7w08kANGet hashmaliciousMiraiBrowse
          • 195.34.78.104
          CLOUDFLARENETUShttps://eTransaction@6412c866.5c79da8e904785696236898f.workers.dev/?qrc=test@test.comGet hashmaliciousHTMLPhisherBrowse
          • 104.17.2.184
          8uWQgkZ8o7.exeGet hashmaliciousLummaCBrowse
          • 104.21.61.80
          NzzLT6kipw.exeGet hashmaliciousLummaCBrowse
          • 172.67.143.65
          https://hwoyu369d6b4ab5c706a3f6835282bbf38f5.gjhutchings11.workers.dev/Get hashmaliciousUnknownBrowse
          • 1.1.1.1
          R7piqpsoTx.exeGet hashmaliciousLummaC, PureLog Stealer, RisePro StealerBrowse
          • 172.67.75.166
          MJ2Ltjq5mk.exeGet hashmaliciousLummaC, PureLog Stealer, RisePro StealerBrowse
          • 104.26.4.15
          2024SCBC-#U00e9nergies et b#U00e2timent(1).pptxGet hashmaliciousUnknownBrowse
          • 104.17.25.14
          #U00f6deme onaylama.exeGet hashmaliciousAgentTeslaBrowse
          • 104.26.12.205
          a7cM5MqeLl8qfNe.exeGet hashmaliciousAgentTeslaBrowse
          • 104.26.12.205
          GSO3357.exeGet hashmaliciousFormBookBrowse
          • 23.227.38.74

          JA3 Fingerprints

          No context

          Dropped Files

          No context

          Created / dropped Files

          No created / dropped files found

          Static File Info

          General

          File type:PE32+ executable (GUI) x86-64, for MS Windows
          Entropy (8bit):5.5584052613325055
          TrID:
          • Win64 Executable GUI (202006/5) 92.65%
          • Win64 Executable (generic) (12005/4) 5.51%
          • Generic Win/DOS Executable (2004/3) 0.92%
          • DOS Executable Generic (2002/1) 0.92%
          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
          File name:PuTTy.exe
          File size:13'198'274 bytes
          MD5:037b72bd0844cb2ce886cd6442c03694
          SHA1:242a11ac80b1370801169997fbf6265a412e61ec
          SHA256:0caa772186814dbf84856293f102c7538980bcd31b70c1836be236e9fa05c48d
          SHA512:a4ee635a38a3f781a6d8b4994eed2f3ba2102ce3085615914f6a8148bdd9351878dfa20fd11ba65379b9d7670b8d4246ac0083237318120a70a7ec6a841813e2
          SSDEEP:98304:lS949otHsw/xmF4EMz5YA8/cwumyz5E/qfOeXtOqmSr2fvYFgaH3e:E2OtHswYxMHzq7v
          TLSH:28D64903FA948AEECA559279896246C27771FC442F16A7C36B04F63C6DB37D86EB4304
          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d........L..H,....&....$..&...R................@.....................................y....`... ............................

          File Icon

          Icon Hash:90cececece8e8eb0

          Static PE Info

          General

          Entrypoint:0x1400014c0
          Entrypoint Section:.text
          Digitally signed:false
          Imagebase:0x140000000
          Subsystem:windows gui
          Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LARGE_ADDRESS_AWARE
          DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
          Time Stamp:0x0 [Thu Jan 1 00:00:00 1970 UTC]
          TLS Callbacks:0x4025e980, 0x1, 0x4025e950, 0x1, 0x402623e0, 0x1
          CLR (.Net) Version:
          OS Version Major:6
          OS Version Minor:1
          File Version Major:6
          File Version Minor:1
          Subsystem Version Major:6
          Subsystem Version Minor:1
          Import Hash:8c893e679774af99b3a5f251a00677ac
          Instruction
          dec eax
          sub esp, 28h
          dec eax
          mov eax, dword ptr [005114B5h]
          mov dword ptr [eax], 00000001h
          call 00007FCB5517CCEFh
          nop
          nop
          dec eax
          add esp, 28h
          ret
          nop dword ptr [eax]
          dec eax
          sub esp, 28h
          dec eax
          mov eax, dword ptr [00511495h]
          mov dword ptr [eax], 00000000h
          call 00007FCB5517CCCFh
          nop
          nop
          dec eax
          add esp, 28h
          ret
          nop dword ptr [eax]
          dec eax
          sub esp, 28h
          call 00007FCB553E527Ch
          dec eax
          test eax, eax
          sete al
          movzx eax, al
          neg eax
          dec eax
          add esp, 28h
          ret
          nop
          nop
          nop
          nop
          nop
          nop
          nop
          dec eax
          lea ecx, dword ptr [00000009h]
          jmp 00007FCB5517D009h
          nop dword ptr [eax+00h]
          ret
          nop
          nop
          nop
          nop
          nop
          nop
          nop
          nop
          nop
          nop
          nop
          nop
          nop
          nop
          nop
          jmp dword ptr [eax]
          inc edi
          outsd
          and byte ptr [edx+75h], ah
          imul ebp, dword ptr [esp+20h], 203A4449h
          and cl, byte ptr [ebp+76h]
          dec ecx
          inc edx
          push 00000053h
          push 31735374h
          jnbe 00007FCB5517D085h
          inc ebp
          pop eax
          imul edx, dword ptr [esi+56h], 44h
          das
          dec ecx
          insb
          popad
          jnc 00007FCB5517D07Fh
          xor eax, 5F337378h
          imul ebp, dword ptr [ebx+4Ah], 65415163h
          xor al, byte ptr [ebx+2Fh]
          xor al, 6Dh
          xor dword ptr [ecx+6Ah], ecx
          imul esp, dword ptr [esi+48h], 4F504543h
          cmp byte ptr [ebp+00h], dh
          NameVirtual AddressVirtual Size Is in Section
          IMAGE_DIRECTORY_ENTRY_EXPORT0x5810000x4e.edata
          IMAGE_DIRECTORY_ENTRY_IMPORT0x5820000x13f8.idata
          IMAGE_DIRECTORY_ENTRY_RESOURCE0x5860000x4e8.rsrc
          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x5140000xeb2c.pdata
          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
          IMAGE_DIRECTORY_ENTRY_BASERELOC0x5870000xb5c0.reloc
          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
          IMAGE_DIRECTORY_ENTRY_TLS0x5122e00x28.rdata
          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
          IMAGE_DIRECTORY_ENTRY_IAT0x5824840x448.idata
          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

          Sections

          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
          .text0x10000x268f100x269000dc4ae12b72f9ad6d7fc13727a94acec2unknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          .data0x26a0000x324300x32600842a01ad79e5d0c051e0ac998678c6ffFalse0.43207196029776673data5.422676002804889IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
          .rdata0x29d0000x2761300x2762002b325774687a759c1b3395686f6d95c1unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ
          .pdata0x5140000xeb2c0xec00183a5214c192f26d08ad0bade15315b0False0.4116459216101695data5.625120123755757IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ
          .xdata0x5230000xc6c0xe005d3c2db7a4636306050d271a16985661False0.2592075892857143data4.003135362268442IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ
          .bss0x5240000x5ce000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
          .edata0x5810000x4e0x2003fbef6c2c10ad17866afee8e96a85c08False0.130859375data0.8186529123118903IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ
          .idata0x5820000x13f80x14006ccf508aa61e38da1aefff1abc9f32dfFalse0.319140625data4.5684469491694895IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
          .CRT0x5840000x700x20087484b07d3cd3d74b1dfc4c401bcd909False0.083984375data0.47773273182820153IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
          .tls0x5850000x100x200bf619eac0cdf3f68d496ea9344137e8bFalse0.02734375data0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
          .rsrc0x5860000x4e80x6004dc4024472776c624fa9b45490fef639False0.3333333333333333data4.783628429040189IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
          .reloc0x5870000xb5c00xb600037b2f6f246d5a83521fa7a16d309031False0.27210679945054944data5.435342683198044IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
          /40x5930000x8c00xa00d457633a9513a84a8dd5dee55c245fe9False0.195703125data1.8947153873522524IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
          /190x5940000x1e88b10x1e8a00518118c9e545484f6b8acc102d0343e7False0.3647492165515477data6.135702868320386IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
          /310x77d0000x3e2a0x40000dacb109edd129b7f0e00efec779b81aFalse0.20306396484375data4.725794528343116IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
          /450x7810000xd1cb20xd1e004561b53efcd87a13d78cd44e4651426fFalse0.4843843061346039data5.99056910607981IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
          /570x8530000x48e180x49000a0772c55597ae79b98fc6d3d234ea16fFalse0.2630832619863014data4.307187692841097IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
          /700x89c0000xa4d0xc00139f5e740769e48ee340d7a599a84a6eFalse0.3717447916666667data4.658994799629712IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
          /810x89d0000x3132dc0x3134003c8180cc73b631c9ece95b685874abacunknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
          /920xbb10000xd98a00xd9a00961171de91ff24e7473afc98913bf74dFalse0.16003172566053991data2.362236568413847IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
          /1060xc8b0000x300x20040cca7c46fc713b4f088e5d440ca7931False0.103515625data0.8556848540171443IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
          NameRVASizeTypeLanguageCountryZLIB Complexity
          RT_MANIFEST0x5860580x48fXML 1.0 document, ASCII text0.40102827763496146
          DLLImport
          KERNEL32.dllAddAtomA, AddVectoredExceptionHandler, CloseHandle, CreateEventA, CreateFileA, CreateIoCompletionPort, CreateMutexA, CreateProcessA, CreateSemaphoreA, CreateThread, CreateWaitableTimerExW, DeleteAtom, DeleteCriticalSection, DuplicateHandle, EnterCriticalSection, ExitProcess, FindAtomA, FormatMessageA, FreeEnvironmentStringsW, GetAtomNameA, GetConsoleMode, GetCurrentProcess, GetCurrentProcessId, GetCurrentThread, GetCurrentThreadId, GetEnvironmentStringsW, GetErrorMode, GetHandleInformation, GetLastError, GetProcAddress, GetProcessAffinityMask, GetQueuedCompletionStatusEx, GetStartupInfoA, GetStdHandle, GetSystemDirectoryA, GetSystemInfo, GetSystemTimeAsFileTime, GetThreadContext, GetThreadPriority, GetTickCount, InitializeCriticalSection, IsDBCSLeadByteEx, IsDebuggerPresent, LeaveCriticalSection, LoadLibraryExW, LoadLibraryW, LocalFree, MultiByteToWideChar, OpenProcess, OutputDebugStringA, PostQueuedCompletionStatus, QueryPerformanceCounter, QueryPerformanceFrequency, RaiseException, RaiseFailFastException, ReleaseMutex, ReleaseSemaphore, RemoveVectoredExceptionHandler, ResetEvent, ResumeThread, SetConsoleCtrlHandler, SetErrorMode, SetEvent, SetLastError, SetProcessAffinityMask, SetProcessPriorityBoost, SetThreadContext, SetThreadPriority, SetUnhandledExceptionFilter, SetWaitableTimer, Sleep, SuspendThread, SwitchToThread, TlsAlloc, TlsGetValue, TlsSetValue, TryEnterCriticalSection, VirtualAlloc, VirtualFree, VirtualProtect, VirtualQuery, WaitForMultipleObjects, WaitForSingleObject, WerGetFlags, WerSetFlags, WideCharToMultiByte, WriteConsoleW, WriteFile, __C_specific_handler
          msvcrt.dll___lc_codepage_func, ___mb_cur_max_func, __getmainargs, __initenv, __iob_func, __lconv_init, __set_app_type, __setusermatherr, _acmdln, _amsg_exit, _beginthread, _beginthreadex, _cexit, _commode, _endthreadex, _errno, _fmode, _initterm, _lock, _memccpy, _onexit, _setjmp, _strdup, _ultoa, _unlock, abort, calloc, exit, fprintf, fputc, free, fwrite, localeconv, longjmp, malloc, memcpy, memmove, memset, printf, realloc, signal, strerror, strlen, strncmp, vfprintf, wcslen
          NameOrdinalAddress
          _cgo_dummy_export10x140580030

          Network Behavior

          Download Network PCAP: filteredfull

          Network Port Distribution

          • Total Packets: 28
          • 443 (HTTPS)
          • 53 (DNS)
          TimestampSource PortDest PortSource IPDest IP
          Mar 25, 2024 18:26:47.829035997 CET49706443192.168.2.11172.67.74.152
          Mar 25, 2024 18:26:47.829077959 CET44349706172.67.74.152192.168.2.11
          Mar 25, 2024 18:26:47.829159021 CET49706443192.168.2.11172.67.74.152
          Mar 25, 2024 18:26:47.829468966 CET49706443192.168.2.11172.67.74.152
          Mar 25, 2024 18:26:47.829483986 CET44349706172.67.74.152192.168.2.11
          Mar 25, 2024 18:26:48.038125038 CET44349706172.67.74.152192.168.2.11
          Mar 25, 2024 18:26:48.038302898 CET49706443192.168.2.11172.67.74.152
          Mar 25, 2024 18:26:48.038336039 CET44349706172.67.74.152192.168.2.11
          Mar 25, 2024 18:26:48.038424015 CET49706443192.168.2.11172.67.74.152
          Mar 25, 2024 18:26:48.038430929 CET44349706172.67.74.152192.168.2.11
          Mar 25, 2024 18:26:48.040083885 CET44349706172.67.74.152192.168.2.11
          Mar 25, 2024 18:26:48.040148020 CET49706443192.168.2.11172.67.74.152
          Mar 25, 2024 18:26:48.146459103 CET49706443192.168.2.11172.67.74.152
          Mar 25, 2024 18:26:48.146569967 CET49706443192.168.2.11172.67.74.152
          Mar 25, 2024 18:26:48.146630049 CET44349706172.67.74.152192.168.2.11
          Mar 25, 2024 18:26:48.193877935 CET49706443192.168.2.11172.67.74.152
          Mar 25, 2024 18:26:48.193897963 CET44349706172.67.74.152192.168.2.11
          Mar 25, 2024 18:26:48.241816998 CET49706443192.168.2.11172.67.74.152
          Mar 25, 2024 18:26:48.339881897 CET44349706172.67.74.152192.168.2.11
          Mar 25, 2024 18:26:48.339962959 CET44349706172.67.74.152192.168.2.11
          Mar 25, 2024 18:26:48.340606928 CET49706443192.168.2.11172.67.74.152
          Mar 25, 2024 18:26:48.340671062 CET49706443192.168.2.11172.67.74.152
          Mar 25, 2024 18:26:48.340686083 CET44349706172.67.74.152192.168.2.11
          Mar 25, 2024 18:26:48.340749025 CET49706443192.168.2.11172.67.74.152
          Mar 25, 2024 18:26:48.340756893 CET44349706172.67.74.152192.168.2.11
          Mar 25, 2024 18:26:48.752593040 CET49707443192.168.2.1191.198.166.79
          Mar 25, 2024 18:26:48.752624035 CET4434970791.198.166.79192.168.2.11
          Mar 25, 2024 18:26:48.755170107 CET49707443192.168.2.1191.198.166.79
          Mar 25, 2024 18:26:48.755170107 CET49707443192.168.2.1191.198.166.79
          Mar 25, 2024 18:26:48.755209923 CET4434970791.198.166.79192.168.2.11
          Mar 25, 2024 18:26:49.350279093 CET4434970791.198.166.79192.168.2.11
          Mar 25, 2024 18:26:49.350642920 CET49707443192.168.2.1191.198.166.79
          Mar 25, 2024 18:26:49.350666046 CET4434970791.198.166.79192.168.2.11
          Mar 25, 2024 18:26:49.350876093 CET49707443192.168.2.1191.198.166.79
          Mar 25, 2024 18:26:49.350888968 CET4434970791.198.166.79192.168.2.11
          Mar 25, 2024 18:26:49.352093935 CET4434970791.198.166.79192.168.2.11
          Mar 25, 2024 18:26:49.352175951 CET49707443192.168.2.1191.198.166.79
          Mar 25, 2024 18:26:49.359204054 CET49707443192.168.2.1191.198.166.79
          Mar 25, 2024 18:26:49.359282017 CET4434970791.198.166.79192.168.2.11
          Mar 25, 2024 18:26:49.359298944 CET49707443192.168.2.1191.198.166.79
          Mar 25, 2024 18:26:49.404228926 CET4434970791.198.166.79192.168.2.11
          Mar 25, 2024 18:26:49.406424999 CET49707443192.168.2.1191.198.166.79
          Mar 25, 2024 18:26:49.406450987 CET4434970791.198.166.79192.168.2.11
          Mar 25, 2024 18:26:49.454802990 CET49707443192.168.2.1191.198.166.79
          Mar 25, 2024 18:26:49.569518089 CET4434970791.198.166.79192.168.2.11
          Mar 25, 2024 18:26:49.569607973 CET4434970791.198.166.79192.168.2.11
          Mar 25, 2024 18:26:49.569701910 CET49707443192.168.2.1191.198.166.79
          Mar 25, 2024 18:26:49.584438086 CET49707443192.168.2.1191.198.166.79
          Mar 25, 2024 18:26:49.584438086 CET49707443192.168.2.1191.198.166.79
          Mar 25, 2024 18:26:49.584458113 CET4434970791.198.166.79192.168.2.11
          Mar 25, 2024 18:26:49.584467888 CET4434970791.198.166.79192.168.2.11
          TimestampSource PortDest PortSource IPDest IP
          Mar 25, 2024 18:26:47.673950911 CET6549153192.168.2.111.1.1.1
          Mar 25, 2024 18:26:47.769783974 CET53654911.1.1.1192.168.2.11
          Mar 25, 2024 18:26:48.348526001 CET5064053192.168.2.111.1.1.1
          Mar 25, 2024 18:26:48.749798059 CET53506401.1.1.1192.168.2.11

          DNS Queries

          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
          Mar 25, 2024 18:26:47.673950911 CET192.168.2.111.1.1.10xcb83Standard query (0)api.ipify.orgA (IP address)IN (0x0001)false
          Mar 25, 2024 18:26:48.348526001 CET192.168.2.111.1.1.10x7a91Standard query (0)zodiacrealm.infoA (IP address)IN (0x0001)false

          DNS Answers

          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
          Mar 25, 2024 18:26:47.769783974 CET1.1.1.1192.168.2.110xcb83No error (0)api.ipify.org172.67.74.152A (IP address)IN (0x0001)false
          Mar 25, 2024 18:26:47.769783974 CET1.1.1.1192.168.2.110xcb83No error (0)api.ipify.org104.26.13.205A (IP address)IN (0x0001)false
          Mar 25, 2024 18:26:47.769783974 CET1.1.1.1192.168.2.110xcb83No error (0)api.ipify.org104.26.12.205A (IP address)IN (0x0001)false
          Mar 25, 2024 18:26:48.749798059 CET1.1.1.1192.168.2.110x7a91No error (0)zodiacrealm.info91.198.166.79A (IP address)IN (0x0001)false

          HTTP Request Dependency Graph

          • api.ipify.org
          • zodiacrealm.info

          HTTPS Proxied Packets

          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
          0192.168.2.1149706172.67.74.1524434920C:\Users\user\Desktop\PuTTy.exe
          TimestampBytes transferredDirectionData
          2024-03-25 17:26:48 UTC106OUTGET /?format=text HTTP/1.1
          Host: api.ipify.org
          User-Agent: Go-http-client/1.1
          Accept-Encoding: gzip
          2024-03-25 17:26:48 UTC211INHTTP/1.1 200 OK
          Date: Mon, 25 Mar 2024 17:26:48 GMT
          Content-Type: text/plain
          Content-Length: 13
          Connection: close
          Vary: Origin
          CF-Cache-Status: DYNAMIC
          Server: cloudflare
          CF-RAY: 86a09ba74f3381d9-IAD
          2024-03-25 17:26:48 UTC13INData Raw: 31 30 32 2e 31 36 35 2e 34 38 2e 34 33
          Data Ascii: 102.165.48.43


          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
          1192.168.2.114970791.198.166.794434920C:\Users\user\Desktop\PuTTy.exe
          TimestampBytes transferredDirectionData
          2024-03-25 17:26:49 UTC137OUTGET /api.php?action=check_ip&ip=102.165.48.43 HTTP/1.1
          Host: zodiacrealm.info
          User-Agent: Go-http-client/1.1
          Accept-Encoding: gzip
          2024-03-25 17:26:49 UTC157INHTTP/1.1 200 OK
          Server: nginx/1.24.0
          Date: Mon, 25 Mar 2024 17:26:49 GMT
          Content-Type: text/html; charset=UTF-8
          Content-Length: 13
          Connection: close
          2024-03-25 17:26:49 UTC13INData Raw: 55 6e 73 75 63 63 65 73 73 66 75 6c 6c
          Data Ascii: Unsuccessfull


          Statistics

          CPU Usage

          050100s020406080100

          Click to jump to process

          Memory Usage

          050100s0.005101520MB

          Click to jump to process

          High Level Behavior Distribution

          • File
          • Network

          Click to dive into process behavior distribution

          System Behavior

          General

          Target ID:0
          Start time:18:26:45
          Start date:25/03/2024
          Path:C:\Users\user\Desktop\PuTTy.exe
          Wow64 process (32bit):false
          Commandline:"C:\Users\user\Desktop\PuTTy.exe"
          Imagebase:0x7ff775f10000
          File size:13'198'274 bytes
          MD5 hash:037B72BD0844CB2CE886CD6442C03694
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:Go lang
          Reputation:low
          Has exited:true
          Show Windows behavior

          File Activities

          Show Windows behavior

          Section Activities

          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
          Show Windows behavior

          Mutex Activities

          Show Windows behavior

          Process Activities

          Show Windows behavior

          Thread Activities

          Show Windows behavior

          Memory Activities

          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
          Show Windows behavior

          Network Activities


          Disassembly

          Execution Graph

          Execution Coverage

          Dynamic/Packed Code Coverage

          Signature Coverage

          Execution Coverage:1.1%
          Dynamic/Decrypted Code Coverage:0%
          Signature Coverage:17.7%
          Total number of Nodes:919
          Total number of Limit Nodes:80
          Show Legend
          Hide Nodes/Edges
          execution_graph 50153 7ff775f5d517 50158 7ff775f1c620 50153->50158 50155 7ff775f5d546 50168 7ff775f1c840 WSARecv 50155->50168 50157 7ff775f5d5a6 50159 7ff775f1c62a 50158->50159 50159->50158 50160 7ff775f1c648 50159->50160 50179 7ff775f48300 WSARecv 50159->50179 50161 7ff775f1c6a2 50160->50161 50169 7ff775f44bc0 WSARecv 50160->50169 50161->50155 50164 7ff775f1c74a 50164->50155 50166 7ff775f1c679 50166->50164 50170 7ff775f759c0 50166->50170 50178 7ff775f44880 WSARecv 50166->50178 50168->50157 50169->50166 50171 7ff775f759e1 50170->50171 50173 7ff775f75a3f 50170->50173 50171->50173 50180 7ff775f53560 50171->50180 50188 7ff775f2a7c0 50171->50188 50193 7ff775f38c80 50171->50193 50199 7ff775f6ef20 50171->50199 50172 7ff775f75a09 50172->50166 50173->50166 50178->50166 50179->50159 50181 7ff775f53566 50180->50181 50181->50180 50203 7ff775f535c0 50181->50203 50185 7ff775f5359a 50186 7ff775f535a8 50185->50186 50218 7ff775f4f620 50185->50218 50186->50172 50190 7ff775f2a7c6 50188->50190 50190->50188 50191 7ff775f2a7f3 50190->50191 50418 7ff775f3a6a0 50190->50418 50440 7ff775f48300 WSARecv 50190->50440 50191->50172 50194 7ff775f38c86 50193->50194 50194->50193 50197 7ff775f38cc6 50194->50197 50548 7ff775f385a0 WSARecv 50194->50548 50510 7ff775f390a0 50197->50510 50198 7ff775f38cdc 50198->50172 50200 7ff775f6ef26 50199->50200 50200->50199 50201 7ff775f4ea80 WSARecv 50200->50201 50202 7ff775f6ef45 50201->50202 50202->50172 50208 7ff775f535ca 50203->50208 50207 7ff775f5366f 50247 7ff775f53960 WSARecv 50207->50247 50208->50203 50208->50207 50209 7ff775f48300 WSARecv 50208->50209 50233 7ff775f53de0 50208->50233 50243 7ff775f483e0 WSARecv 50208->50243 50244 7ff775f533c0 WSARecv 50208->50244 50245 7ff775f4cc40 WSARecv 50208->50245 50246 7ff775f4b840 WSARecv 50208->50246 50209->50208 50213 7ff775f536ee 50248 7ff775f4cc40 WSARecv 50213->50248 50215 7ff775f53813 50216 7ff775f5357f 50215->50216 50249 7ff775f687c0 WSARecv 50215->50249 50232 7ff775f572e0 WSARecv 50216->50232 50219 7ff775f4f62a 50218->50219 50219->50218 50220 7ff775f4f655 50219->50220 50221 7ff775f1c620 WSARecv 50219->50221 50223 7ff775f4f6e8 50219->50223 50224 7ff775f4f6a8 50219->50224 50272 7ff775f57280 WSARecv 50219->50272 50275 7ff775f48300 WSARecv 50219->50275 50220->50186 50221->50219 50274 7ff775f1c840 WSARecv 50223->50274 50273 7ff775f1c840 WSARecv 50224->50273 50228 7ff775f4f6fb 50251 7ff775f4f020 50228->50251 50229 7ff775f4f6b6 50229->50186 50231 7ff775f4f70c 50231->50186 50232->50185 50242 7ff775f53dea 50233->50242 50234 7ff775f1c620 WSARecv 50234->50242 50235 7ff775f53f23 50235->50208 50236 7ff775f53eb0 50238 7ff775f53ef2 50236->50238 50240 7ff775f759c0 WSARecv 50236->50240 50237 7ff775f53e46 50237->50235 50237->50236 50239 7ff775f759c0 WSARecv 50237->50239 50238->50208 50239->50236 50240->50238 50242->50233 50242->50234 50242->50237 50250 7ff775f1c840 WSARecv 50242->50250 50243->50208 50244->50208 50245->50208 50246->50208 50247->50213 50248->50215 50249->50216 50250->50242 50262 7ff775f4f02a 50251->50262 50252 7ff775f1c620 WSARecv 50252->50262 50254 7ff775f48300 WSARecv 50254->50262 50255 7ff775f4f12c 50291 7ff775f4bde0 WSARecv 50255->50291 50257 7ff775f4f131 50292 7ff775f1c840 WSARecv 50257->50292 50258 7ff775f4f1c4 50260 7ff775f4f1db 50258->50260 50293 7ff775f1c840 WSARecv 50258->50293 50260->50231 50262->50251 50262->50252 50262->50254 50262->50255 50262->50258 50263 7ff775f4f125 50262->50263 50289 7ff775f570e0 WSARecv 50262->50289 50290 7ff775f1c840 WSARecv 50262->50290 50294 7ff775f1c920 WSARecv 50263->50294 50265 7ff775f4f151 50276 7ff775f4ea80 50265->50276 50268 7ff775f4f178 50270 7ff775f4f192 50268->50270 50271 7ff775f1c620 WSARecv 50268->50271 50269 7ff775f4f229 50269->50231 50270->50231 50271->50270 50272->50219 50273->50229 50274->50228 50275->50219 50277 7ff775f4ea8a 50276->50277 50277->50276 50279 7ff775f4eb87 50277->50279 50282 7ff775f1c620 WSARecv 50277->50282 50283 7ff775f4eb12 50277->50283 50295 7ff775f4e100 50277->50295 50336 7ff775f48300 WSARecv 50277->50336 50317 7ff775f4ec00 50279->50317 50281 7ff775f4eb8c 50281->50268 50282->50277 50285 7ff775f4eb49 50283->50285 50334 7ff775f1c920 WSARecv 50283->50334 50335 7ff775f1c840 WSARecv 50285->50335 50288 7ff775f4eb57 50288->50268 50289->50262 50290->50262 50291->50257 50292->50265 50293->50260 50294->50269 50296 7ff775f4e10a 50295->50296 50296->50295 50341 7ff775f59000 WSARecv 50296->50341 50298 7ff775f4e12d 50299 7ff775f4e15a 50298->50299 50342 7ff775f55220 WSARecv 50298->50342 50301 7ff775f4e185 50299->50301 50302 7ff775f1c620 WSARecv 50299->50302 50337 7ff775f1e720 50301->50337 50308 7ff775f4e172 50302->50308 50304 7ff775f4e336 50359 7ff775f1c840 WSARecv 50304->50359 50305 7ff775f4e191 50343 7ff775f4be40 WSARecv 50305->50343 50308->50304 50311 7ff775f759c0 WSARecv 50308->50311 50309 7ff775f4e1c5 50344 7ff775f533c0 WSARecv 50309->50344 50311->50308 50312 7ff775f4e1cf 50313 7ff775f4e235 50312->50313 50345 7ff775f553c0 50312->50345 50358 7ff775f59120 WSARecv 50313->50358 50316 7ff775f4e276 50316->50277 50319 7ff775f4ec0a 50317->50319 50318 7ff775f4eca3 50411 7ff775f59000 WSARecv 50318->50411 50319->50317 50319->50318 50320 7ff775f4ec3c 50319->50320 50414 7ff775f48300 WSARecv 50319->50414 50409 7ff775f59000 WSARecv 50320->50409 50324 7ff775f4ecb4 50412 7ff775f44d00 WSARecv 50324->50412 50325 7ff775f4ec65 50401 7ff775f775c0 50325->50401 50328 7ff775f4ecbe 50413 7ff775f59120 WSARecv 50328->50413 50330 7ff775f4ec7f 50410 7ff775f59120 WSARecv 50330->50410 50331 7ff775f4ecca 50331->50281 50333 7ff775f4ec9d 50333->50281 50334->50285 50335->50288 50336->50277 50338 7ff775f1e726 50337->50338 50338->50337 50360 7ff775f1ddc0 50338->50360 50340 7ff775f1e745 50340->50305 50341->50298 50342->50299 50343->50309 50344->50312 50349 7ff775f553ca 50345->50349 50346 7ff775f48300 WSARecv 50346->50349 50348 7ff775f5540b 50350 7ff775f5541e 50348->50350 50395 7ff775f684e0 WSARecv 50348->50395 50349->50345 50349->50346 50349->50348 50352 7ff775f4a5c0 WSARecv 50349->50352 50353 7ff775f4a540 WSARecv 50349->50353 50396 7ff775f49d40 WSARecv 50349->50396 50397 7ff775f4a440 WSARecv 50349->50397 50398 7ff775f4a300 WSARecv 50349->50398 50399 7ff775f49f80 WSARecv 50349->50399 50400 7ff775f49da0 WSARecv 50349->50400 50350->50313 50352->50349 50353->50349 50358->50316 50359->50301 50373 7ff775f1ddca 50360->50373 50361 7ff775f48300 WSARecv 50361->50373 50364 7ff775f1de08 50382 7ff775f1e9e0 50364->50382 50367 7ff775f1df87 50367->50340 50369 7ff775f1dbc0 WSARecv 50369->50373 50371 7ff775f1e49e 50375 7ff775f1e4c7 50371->50375 50392 7ff775f40180 WSARecv 50371->50392 50373->50360 50373->50361 50373->50364 50373->50367 50373->50369 50373->50371 50374 7ff775f1e491 50373->50374 50386 7ff775f1e600 WSARecv 50373->50386 50387 7ff775f26e00 WSARecv 50373->50387 50388 7ff775f25f60 WSARecv 50373->50388 50389 7ff775f31420 WSARecv 50373->50389 50390 7ff775f1e800 WSARecv 50373->50390 50391 7ff775f1e680 WSARecv 50374->50391 50377 7ff775f1e52f 50375->50377 50393 7ff775f2ada0 WSARecv 50375->50393 50377->50340 50380 7ff775f1e51d 50380->50377 50394 7ff775f2aea0 WSARecv 50380->50394 50383 7ff775f1e9e6 50382->50383 50383->50382 50384 7ff775f759c0 WSARecv 50383->50384 50385 7ff775f1de59 50384->50385 50385->50340 50386->50373 50387->50373 50388->50373 50389->50373 50390->50373 50391->50371 50392->50375 50393->50380 50394->50377 50395->50350 50396->50349 50397->50349 50398->50349 50399->50349 50400->50349 50402 7ff775f7764c 50401->50402 50403 7ff775f775e5 50401->50403 50408 7ff775f79180 WSARecv 50402->50408 50403->50402 50405 7ff775f775fa 50403->50405 50404 7ff775f7766a 50404->50330 50415 7ff775f79180 50405->50415 50406 7ff775f77627 50406->50330 50408->50404 50409->50325 50410->50333 50411->50324 50412->50328 50413->50331 50414->50319 50416 7ff775f791d0 WSARecv 50415->50416 50417 7ff775f791bf 50415->50417 50416->50406 50417->50416 50420 7ff775f3a6aa 50418->50420 50419 7ff775f1c620 WSARecv 50421 7ff775f3a6d9 50419->50421 50420->50418 50420->50419 50441 7ff775f2a980 50421->50441 50423 7ff775f3a6e5 50453 7ff775f1c840 WSARecv 50423->50453 50425 7ff775f3a6f8 50454 7ff775f3a2c0 WSARecv 50425->50454 50427 7ff775f3a785 50428 7ff775f3a78d 50427->50428 50429 7ff775f3a844 50427->50429 50431 7ff775f3a809 50428->50431 50455 7ff775f24f60 WSARecv 50428->50455 50430 7ff775f1c620 WSARecv 50429->50430 50432 7ff775f3a852 50430->50432 50431->50190 50458 7ff775f1c840 WSARecv 50432->50458 50435 7ff775f3a7a9 50437 7ff775f3a7e5 50435->50437 50456 7ff775f30760 WSARecv 50435->50456 50436 7ff775f3a88c 50436->50190 50457 7ff775f305e0 WSARecv 50437->50457 50440->50190 50450 7ff775f2a98a 50441->50450 50442 7ff775f2a99e 50444 7ff775f2a9a7 50442->50444 50445 7ff775f2a9f7 50442->50445 50446 7ff775f1e9e0 WSARecv 50442->50446 50444->50423 50447 7ff775f2aa27 50445->50447 50459 7ff775f38100 50445->50459 50446->50445 50447->50423 50450->50441 50450->50442 50465 7ff775f49d40 WSARecv 50450->50465 50466 7ff775f4a5c0 WSARecv 50450->50466 50467 7ff775f49da0 WSARecv 50450->50467 50468 7ff775f48300 WSARecv 50450->50468 50453->50425 50454->50427 50455->50435 50456->50437 50457->50431 50458->50436 50460 7ff775f3810a 50459->50460 50460->50459 50462 7ff775f3825c 50460->50462 50469 7ff775f27b40 50460->50469 50474 7ff775f27be0 WSARecv 50460->50474 50475 7ff775f48300 WSARecv 50460->50475 50462->50447 50465->50450 50466->50450 50467->50450 50468->50450 50476 7ff775f41600 50469->50476 50474->50460 50475->50460 50477 7ff775f41625 50476->50477 50478 7ff775f27b5b 50477->50478 50498 7ff775f49d40 WSARecv 50477->50498 50495 7ff775f45660 50478->50495 50480 7ff775f41645 50499 7ff775f4a5c0 WSARecv 50480->50499 50482 7ff775f41656 50500 7ff775f4a300 WSARecv 50482->50500 50484 7ff775f41665 50501 7ff775f4a5c0 WSARecv 50484->50501 50486 7ff775f41676 50502 7ff775f4a3e0 WSARecv 50486->50502 50488 7ff775f41685 50503 7ff775f49f80 WSARecv 50488->50503 50490 7ff775f4168a 50504 7ff775f49da0 WSARecv 50490->50504 50492 7ff775f4168f 50505 7ff775f48300 WSARecv 50492->50505 50494 7ff775f416a5 50506 7ff775f453e0 50495->50506 50498->50480 50499->50482 50500->50484 50501->50486 50502->50488 50503->50490 50504->50492 50505->50494 50507 7ff775f453fc 50506->50507 50508 7ff775f775c0 WSARecv 50507->50508 50509 7ff775f27ba5 50508->50509 50509->50460 50515 7ff775f390af 50510->50515 50511 7ff775f1c620 WSARecv 50511->50515 50512 7ff775f3cd60 WSARecv 50512->50515 50514 7ff775f392be 50612 7ff775f1c840 WSARecv 50514->50612 50515->50510 50515->50511 50515->50512 50519 7ff775f391b0 50515->50519 50521 7ff775f39254 50515->50521 50524 7ff775f391fd 50515->50524 50549 7ff775f39900 50515->50549 50609 7ff775f3e440 WSARecv 50515->50609 50610 7ff775f1c840 WSARecv 50515->50610 50619 7ff775f48300 WSARecv 50515->50619 50525 7ff775f39495 50519->50525 50613 7ff775f79660 WSARecv 50519->50613 50611 7ff775f1c840 WSARecv 50521->50611 50523 7ff775f39265 50523->50198 50524->50514 50585 7ff775f38fa0 50524->50585 50593 7ff775f39660 50525->50593 50528 7ff775f394e5 50530 7ff775f39538 50528->50530 50599 7ff775f27e00 50528->50599 50533 7ff775f41600 WSARecv 50530->50533 50531 7ff775f393c5 50614 7ff775f337e0 WSARecv 50531->50614 50536 7ff775f39554 50533->50536 50539 7ff775f39575 50536->50539 50541 7ff775f41600 WSARecv 50536->50541 50537 7ff775f41600 WSARecv 50537->50530 50538 7ff775f39446 50615 7ff775f79660 WSARecv 50538->50615 50617 7ff775f416c0 WSARecv 50539->50617 50541->50539 50543 7ff775f39459 50543->50525 50616 7ff775f2dd40 WSARecv 50543->50616 50545 7ff775f39585 50618 7ff775f417a0 WSARecv 50545->50618 50547 7ff775f395f4 50547->50198 50548->50197 50550 7ff775f3990a 50549->50550 50550->50549 50580 7ff775f39996 50550->50580 50620 7ff775f1d220 50550->50620 50553 7ff775f41600 WSARecv 50557 7ff775f39b49 50553->50557 50554 7ff775f39a7c 50647 7ff775f49d40 WSARecv 50554->50647 50555 7ff775f3997f 50562 7ff775f41600 WSARecv 50555->50562 50555->50580 50654 7ff775f416c0 WSARecv 50557->50654 50558 7ff775f39aa5 50648 7ff775f4a5c0 WSARecv 50558->50648 50561 7ff775f39b55 50655 7ff775f417a0 WSARecv 50561->50655 50565 7ff775f399e6 50562->50565 50563 7ff775f39ab6 50649 7ff775f4a300 WSARecv 50563->50649 50645 7ff775f416c0 WSARecv 50565->50645 50567 7ff775f39b6c 50636 7ff775f3b220 50567->50636 50569 7ff775f39ac5 50650 7ff775f4a5c0 WSARecv 50569->50650 50571 7ff775f399f2 50646 7ff775f417a0 WSARecv 50571->50646 50573 7ff775f39b85 50573->50515 50575 7ff775f39ad6 50651 7ff775f4a300 WSARecv 50575->50651 50576 7ff775f39a09 50578 7ff775f3b220 WSARecv 50576->50578 50578->50580 50579 7ff775f39ae8 50652 7ff775f4a5c0 WSARecv 50579->50652 50580->50553 50582 7ff775f39af9 50653 7ff775f49da0 WSARecv 50582->50653 50584 7ff775f39afe 50584->50515 50586 7ff775f38faa 50585->50586 50586->50585 50587 7ff775f38fdd 50586->50587 50591 7ff775f38fc5 50586->50591 50588 7ff775f2a980 WSARecv 50587->50588 50589 7ff775f38fe8 50588->50589 50589->50514 50590 7ff775f39009 50590->50514 50591->50590 50592 7ff775f2a980 WSARecv 50591->50592 50592->50591 50597 7ff775f3966a 50593->50597 50595 7ff775f3982b 50595->50528 50597->50593 50597->50595 50598 7ff775f3abe0 WSARecv 50597->50598 50693 7ff775f38e40 WSARecv 50597->50693 50694 7ff775f46880 WSARecv 50597->50694 50598->50597 50604 7ff775f27e0a 50599->50604 50600 7ff775f27e73 50600->50537 50601 7ff775f45660 WSARecv 50601->50604 50602 7ff775f49d40 WSARecv 50602->50604 50603 7ff775f4a5c0 WSARecv 50603->50604 50604->50599 50604->50600 50604->50601 50604->50602 50604->50603 50605 7ff775f4a300 WSARecv 50604->50605 50606 7ff775f49f80 WSARecv 50604->50606 50607 7ff775f49da0 WSARecv 50604->50607 50608 7ff775f48300 WSARecv 50604->50608 50605->50604 50606->50604 50607->50604 50608->50604 50609->50515 50610->50515 50611->50523 50612->50519 50613->50531 50614->50538 50615->50543 50616->50525 50617->50545 50618->50547 50619->50515 50621 7ff775f1d22f 50620->50621 50621->50620 50622 7ff775f1eda0 WSARecv 50621->50622 50627 7ff775f2a980 WSARecv 50621->50627 50628 7ff775f45660 WSARecv 50621->50628 50629 7ff775f4a440 WSARecv 50621->50629 50630 7ff775f1e9e0 WSARecv 50621->50630 50631 7ff775f1d579 50621->50631 50632 7ff775f48300 WSARecv 50621->50632 50633 7ff775f4a5c0 WSARecv 50621->50633 50656 7ff775f28140 50621->50656 50663 7ff775f28060 WSARecv 50621->50663 50664 7ff775f1d9e0 WSARecv 50621->50664 50665 7ff775f49d40 WSARecv 50621->50665 50666 7ff775f49f80 WSARecv 50621->50666 50667 7ff775f49da0 WSARecv 50621->50667 50622->50621 50627->50621 50628->50621 50629->50621 50630->50621 50631->50554 50631->50555 50632->50621 50633->50621 50644 7ff775f3b22a 50636->50644 50641 7ff775f3b44c 50641->50573 50642 7ff775f27b40 WSARecv 50642->50644 50644->50636 50644->50641 50644->50642 50668 7ff775f3d680 50644->50668 50683 7ff775f34560 WSARecv 50644->50683 50684 7ff775f40660 WSARecv 50644->50684 50685 7ff775f40a60 WSARecv 50644->50685 50686 7ff775f48300 WSARecv 50644->50686 50645->50571 50646->50576 50647->50558 50648->50563 50649->50569 50650->50575 50651->50579 50652->50582 50653->50584 50654->50561 50655->50567 50657 7ff775f2814a 50656->50657 50657->50656 50658 7ff775f45660 WSARecv 50657->50658 50659 7ff775f28185 50658->50659 50660 7ff775f281a5 50659->50660 50661 7ff775f45660 WSARecv 50659->50661 50660->50621 50662 7ff775f281e5 50661->50662 50662->50621 50663->50621 50664->50621 50665->50621 50666->50621 50667->50621 50676 7ff775f3d68f 50668->50676 50670 7ff775f4a5c0 WSARecv 50670->50676 50671 7ff775f3da07 50688 7ff775f3dc20 WSARecv 50671->50688 50674 7ff775f3da35 50674->50644 50675 7ff775f4a440 WSARecv 50675->50676 50676->50668 50676->50670 50676->50671 50676->50675 50680 7ff775f406e0 WSARecv 50676->50680 50681 7ff775f41600 WSARecv 50676->50681 50682 7ff775f27e00 WSARecv 50676->50682 50687 7ff775f40660 WSARecv 50676->50687 50689 7ff775f49d40 WSARecv 50676->50689 50690 7ff775f49f80 WSARecv 50676->50690 50691 7ff775f49da0 WSARecv 50676->50691 50692 7ff775f48300 WSARecv 50676->50692 50680->50676 50681->50676 50682->50676 50683->50644 50684->50644 50685->50644 50686->50644 50687->50676 50688->50674 50689->50676 50690->50676 50691->50676 50692->50676 50693->50597 50695 7ff775f5e63a 50696 7ff775f5e669 50695->50696 50699 7ff775f5e707 50696->50699 50700 7ff775f5e735 50696->50700 50712 7ff775f48300 WSARecv 50696->50712 50713 7ff775f5e440 WSARecv 50699->50713 50708 7ff775f68e80 WSARecv 50700->50708 50704 7ff775f5e870 50706 7ff775f5e89d 50704->50706 50709 7ff775f5e000 WSARecv 50704->50709 50710 7ff775f694a0 WSARecv 50704->50710 50705 7ff775f5e8c6 50711 7ff775f5db00 WSARecv 50706->50711 50708->50704 50709->50704 50710->50704 50711->50705 50712->50699 50713->50700 50714 7ff775f1eaa0 50715 7ff775f1eaa6 50714->50715 50715->50714 50718 7ff775f1eae0 50715->50718 50717 7ff775f1eac8 50720 7ff775f1eaea 50718->50720 50719 7ff775f1eb25 50721 7ff775f1ebfc 50719->50721 50722 7ff775f1eb36 50719->50722 50720->50718 50720->50719 50725 7ff775f48300 WSARecv 50720->50725 50723 7ff775f27b40 WSARecv 50721->50723 50724 7ff775f1c620 WSARecv 50722->50724 50727 7ff775f1eb6a 50722->50727 50726 7ff775f1ec05 50723->50726 50724->50727 50725->50720 50726->50717 50728 7ff775f27b40 WSARecv 50727->50728 50731 7ff775f1ebf7 50727->50731 50729 7ff775f1ebe5 50728->50729 50729->50731 50732 7ff775f1ed10 50729->50732 50730 7ff775f1ec69 50734 7ff775f1eca5 50730->50734 50737 7ff775f41600 WSARecv 50730->50737 50731->50730 50740 7ff775f1c840 WSARecv 50731->50740 50741 7ff775f48300 WSARecv 50732->50741 50742 7ff775f1c840 WSARecv 50732->50742 50734->50717 50738 7ff775f1ec90 50737->50738 50739 7ff775f41600 WSARecv 50738->50739 50739->50734 50740->50730 50741->50732 50742->50732 50743 7ff775f43b20 50744 7ff775f43b2a 50743->50744 50744->50743 50765 7ff775f42e80 50744->50765 50754 7ff775f43b76 50802 7ff775f42de0 50754->50802 50758 7ff775f43b8a 50823 7ff775f43620 50758->50823 50760 7ff775f43b8f 50830 7ff775f454e0 50760->50830 50769 7ff775f42e8f 50765->50769 50766 7ff775f455e0 WSARecv 50766->50769 50767 7ff775f48300 WSARecv 50767->50769 50768 7ff775f42d20 WSARecv 50768->50769 50769->50765 50769->50766 50769->50767 50769->50768 50770 7ff775f433a5 50769->50770 50837 7ff775f42d20 50770->50837 50773 7ff775f433f8 50775 7ff775f5b8e0 50773->50775 50777 7ff775f5b8ea 50775->50777 50777->50775 50845 7ff775f454a0 50777->50845 50779 7ff775f454e0 WSARecv 50780 7ff775f5b919 50779->50780 50781 7ff775f45560 WSARecv 50780->50781 50782 7ff775f5b957 50781->50782 50783 7ff775f454e0 WSARecv 50782->50783 50784 7ff775f43b65 50783->50784 50785 7ff775f5ba20 50784->50785 50786 7ff775f5ba2a 50785->50786 50786->50785 50787 7ff775f45560 WSARecv 50786->50787 50788 7ff775f5ba57 50787->50788 50789 7ff775f5bade 50788->50789 50790 7ff775f5ba75 50788->50790 50791 7ff775f454e0 WSARecv 50789->50791 50792 7ff775f45560 WSARecv 50790->50792 50794 7ff775f43b6a 50791->50794 50793 7ff775f5ba93 50792->50793 50795 7ff775f45560 WSARecv 50793->50795 50796 7ff775f437e0 50794->50796 50795->50794 50797 7ff775f437ea 50796->50797 50797->50796 50798 7ff775f45660 WSARecv 50797->50798 50799 7ff775f4381b 50798->50799 50800 7ff775f43853 50799->50800 50801 7ff775f454e0 WSARecv 50799->50801 50836 7ff775f43720 WSARecv 50800->50836 50801->50800 50806 7ff775f42dea 50802->50806 50803 7ff775f45560 WSARecv 50803->50806 50805 7ff775f42e3b 50807 7ff775f43880 50805->50807 50806->50802 50806->50803 50806->50805 50848 7ff775f48300 WSARecv 50806->50848 50814 7ff775f4388a 50807->50814 50809 7ff775f4397b 50809->50758 50810 7ff775f454a0 WSARecv 50810->50814 50812 7ff775f43a25 50856 7ff775f457e0 50812->50856 50814->50807 50814->50809 50814->50810 50814->50812 50849 7ff775f44060 50814->50849 50859 7ff775f455e0 50814->50859 50815 7ff775f43a5f 50816 7ff775f43abb 50815->50816 50862 7ff775f49d40 WSARecv 50815->50862 50816->50758 50818 7ff775f43a9f 50863 7ff775f4a5c0 WSARecv 50818->50863 50820 7ff775f43ab0 50864 7ff775f49da0 WSARecv 50820->50864 50822 7ff775f43ab5 50822->50758 50824 7ff775f4362a 50823->50824 50824->50823 50825 7ff775f455e0 WSARecv 50824->50825 50826 7ff775f43671 50825->50826 50827 7ff775f454e0 WSARecv 50826->50827 50829 7ff775f4370b 50826->50829 50828 7ff775f436bd 50827->50828 50828->50760 50829->50760 50831 7ff775f453e0 WSARecv 50830->50831 50832 7ff775f43bc5 50831->50832 50833 7ff775f45560 50832->50833 50834 7ff775f453e0 WSARecv 50833->50834 50835 7ff775f43c05 50834->50835 50836->50754 50838 7ff775f42d26 50837->50838 50838->50837 50839 7ff775f42d45 50838->50839 50844 7ff775f48300 WSARecv 50838->50844 50840 7ff775f45560 WSARecv 50839->50840 50842 7ff775f42d5f 50840->50842 50842->50773 50843 7ff775f43da0 WSARecv 50842->50843 50843->50773 50844->50838 50846 7ff775f453e0 WSARecv 50845->50846 50847 7ff775f454d2 50846->50847 50847->50779 50848->50806 50850 7ff775f440d8 50849->50850 50851 7ff775f44072 50849->50851 50852 7ff775f45560 WSARecv 50851->50852 50853 7ff775f4409b 50852->50853 50865 7ff775f58ea0 WSARecv 50853->50865 50855 7ff775f440d2 50855->50814 50857 7ff775f453e0 WSARecv 50856->50857 50858 7ff775f45836 50857->50858 50858->50815 50860 7ff775f453e0 WSARecv 50859->50860 50861 7ff775f45636 50860->50861 50861->50814 50862->50818 50863->50820 50864->50822 50865->50855 50866 7ff775f38d00 50867 7ff775f38d06 50866->50867 50867->50866 50868 7ff775f38d12 50867->50868 50872 7ff775f48300 WSARecv 50867->50872 50869 7ff775f390a0 WSARecv 50868->50869 50871 7ff775f38d19 50869->50871 50872->50867 50873 7ff775f5e9c0 50894 7ff775f5e9d2 50873->50894 50874 7ff775f49d40 WSARecv 50874->50894 50876 7ff775f48300 WSARecv 50876->50894 50877 7ff775f5ed46 50880 7ff775f5ed7e 50877->50880 50914 7ff775f51f80 WSARecv 50877->50914 50878 7ff775f5ed8b 50882 7ff775f5edc5 50878->50882 50916 7ff775f63de0 WSARecv 50878->50916 50879 7ff775f5ee86 50895 7ff775f5eecb 50879->50895 50919 7ff775f49d40 WSARecv 50879->50919 50915 7ff775f51f00 WSARecv 50880->50915 50882->50879 50883 7ff775f5ee11 50882->50883 50917 7ff775f4cc40 WSARecv 50883->50917 50887 7ff775f49d40 WSARecv 50887->50895 50889 7ff775f5ee2d 50918 7ff775f4cc40 WSARecv 50889->50918 50890 7ff775f5ee98 50920 7ff775f4a5c0 WSARecv 50890->50920 50893 7ff775f5eea9 50921 7ff775f4a300 WSARecv 50893->50921 50894->50873 50894->50874 50894->50876 50894->50877 50894->50878 50900 7ff775f4a440 WSARecv 50894->50900 50907 7ff775f49f80 WSARecv 50894->50907 50909 7ff775f6a860 WSARecv 50894->50909 50911 7ff775f4a5c0 WSARecv 50894->50911 50912 7ff775f4a540 WSARecv 50894->50912 50913 7ff775f49da0 WSARecv 50894->50913 50926 7ff775f4a300 WSARecv 50894->50926 50927 7ff775f62f00 WSARecv 50894->50927 50895->50887 50902 7ff775f4a5c0 WSARecv 50895->50902 50905 7ff775f49da0 WSARecv 50895->50905 50908 7ff775f4a440 WSARecv 50895->50908 50924 7ff775f48300 WSARecv 50895->50924 50925 7ff775f4a300 WSARecv 50895->50925 50899 7ff775f5eeb5 50922 7ff775f4a5c0 WSARecv 50899->50922 50900->50894 50901 7ff775f5ee56 50902->50895 50904 7ff775f5eec6 50923 7ff775f49da0 WSARecv 50904->50923 50905->50895 50907->50894 50908->50895 50909->50894 50911->50894 50912->50894 50913->50894 50914->50880 50915->50878 50916->50882 50917->50889 50918->50901 50919->50890 50920->50893 50921->50899 50922->50904 50923->50895 50924->50895 50925->50895 50926->50894 50927->50894 50928 7ff775f55e60 50929 7ff775f55e6a 50928->50929 50929->50928 50931 7ff775f55efd 50929->50931 50934 7ff775f45760 50929->50934 50933 7ff775f455e0 WSARecv 50933->50931 50935 7ff775f453e0 WSARecv 50934->50935 50936 7ff775f457b6 50935->50936 50936->50933 50937 7ff775f4bac0 50955 7ff775f4baca 50937->50955 50942 7ff775f44060 WSARecv 50942->50955 50951 7ff775f1c620 WSARecv 50951->50955 50955->50937 50955->50942 50955->50951 50956 7ff775f4bc89 50955->50956 50960 7ff775f1cee0 50955->50960 50975 7ff775f121a0 50955->50975 50981 7ff775f44100 50955->50981 50996 7ff775f58760 50955->50996 51012 7ff775f626c0 WSARecv 50955->51012 51013 7ff775f15060 WSARecv 50955->51013 51014 7ff775f4be40 WSARecv 50955->51014 51015 7ff775f624a0 WSARecv 50955->51015 51016 7ff775f6d500 WSARecv 50955->51016 51017 7ff775f1ba20 WSARecv 50955->51017 51018 7ff775f60420 WSARecv 50955->51018 51019 7ff775f2aac0 WSARecv 50955->51019 51020 7ff775f79660 WSARecv 50955->51020 51021 7ff775f18d40 WSARecv 50955->51021 51022 7ff775f549a0 WSARecv 50955->51022 51024 7ff775f48300 WSARecv 50955->51024 51023 7ff775f1c840 WSARecv 50956->51023 50959 7ff775f4bc97 50961 7ff775f1ceea 50960->50961 50961->50960 50962 7ff775f49d40 WSARecv 50961->50962 50963 7ff775f4a300 WSARecv 50961->50963 50965 7ff775f1cf5d 50961->50965 50968 7ff775f4a3e0 WSARecv 50961->50968 50969 7ff775f4a5c0 WSARecv 50961->50969 50971 7ff775f49da0 WSARecv 50961->50971 50972 7ff775f48300 WSARecv 50961->50972 50962->50961 50963->50961 51025 7ff775f38400 50965->51025 50968->50961 50969->50961 50970 7ff775f1d01f 50970->50955 50971->50961 50972->50961 50973 7ff775f1cf97 50973->50970 50974 7ff775f2a980 WSARecv 50973->50974 50974->50973 50976 7ff775f121a6 50975->50976 50976->50975 51085 7ff775f12740 50976->51085 50978 7ff775f121bd 51093 7ff775f12200 WSARecv 50978->51093 50980 7ff775f121cc 50980->50955 50991 7ff775f4410a 50981->50991 50982 7ff775f454a0 WSARecv 50982->50991 50984 7ff775f44251 50985 7ff775f454e0 WSARecv 50984->50985 50986 7ff775f44266 50985->50986 51110 7ff775f73c20 WSARecv 50986->51110 50989 7ff775f442a5 50990 7ff775f45560 WSARecv 50989->50990 50992 7ff775f442c5 50990->50992 50991->50981 50991->50982 50991->50984 50994 7ff775f44302 50991->50994 51108 7ff775f5c900 WSARecv 50991->51108 51109 7ff775f618c0 WSARecv 50991->51109 51096 7ff775f434a0 50992->51096 50994->50955 50995 7ff775f442dc 50995->50955 50998 7ff775f5876a 50996->50998 50998->50996 51112 7ff775f18d40 WSARecv 50998->51112 50999 7ff775f587a5 51000 7ff775f1e720 WSARecv 50999->51000 51001 7ff775f587bb 51000->51001 51113 7ff775f70f60 WSARecv 51001->51113 51003 7ff775f587f5 51114 7ff775f58a40 WSARecv 51003->51114 51005 7ff775f5884c 51115 7ff775f58a40 WSARecv 51005->51115 51007 7ff775f5885d 51116 7ff775f18d40 WSARecv 51007->51116 51009 7ff775f58889 51117 7ff775f72be0 WSARecv 51009->51117 51011 7ff775f5888e 51011->50955 51012->50955 51013->50955 51014->50955 51015->50955 51016->50955 51017->50955 51018->50955 51019->50955 51020->50955 51021->50955 51022->50955 51023->50959 51024->50955 51026 7ff775f3840a 51025->51026 51026->51025 51059 7ff775f2a860 WSARecv 51026->51059 51028 7ff775f38486 51060 7ff775f2a860 WSARecv 51028->51060 51030 7ff775f384a5 51061 7ff775f2a860 WSARecv 51030->51061 51032 7ff775f384bf 51062 7ff775f2a860 WSARecv 51032->51062 51034 7ff775f384d9 51063 7ff775f2a860 WSARecv 51034->51063 51036 7ff775f384f3 51064 7ff775f2a860 WSARecv 51036->51064 51038 7ff775f3850d 51065 7ff775f2a860 WSARecv 51038->51065 51040 7ff775f38527 51044 7ff775f3b060 51040->51044 51043 7ff775f26a60 WSARecv 51043->50973 51046 7ff775f3b06a 51044->51046 51045 7ff775f3b08a 51066 7ff775f407c0 51045->51066 51046->51044 51046->51045 51050 7ff775f4a3e0 WSARecv 51046->51050 51054 7ff775f49d40 WSARecv 51046->51054 51055 7ff775f4a5c0 WSARecv 51046->51055 51056 7ff775f49f80 WSARecv 51046->51056 51057 7ff775f49da0 WSARecv 51046->51057 51079 7ff775f48300 WSARecv 51046->51079 51048 7ff775f3b0d6 51070 7ff775f3d540 51048->51070 51050->51046 51051 7ff775f3b0e5 51075 7ff775f34480 51051->51075 51054->51046 51055->51046 51056->51046 51057->51046 51059->51028 51060->51030 51061->51032 51062->51034 51063->51036 51064->51038 51065->51040 51067 7ff775f407c6 51066->51067 51067->51066 51068 7ff775f1e9e0 WSARecv 51067->51068 51069 7ff775f407fa 51068->51069 51069->51048 51073 7ff775f3d54a 51070->51073 51071 7ff775f3d645 51071->51051 51072 7ff775f28140 WSARecv 51072->51073 51073->51070 51073->51071 51073->51072 51080 7ff775f48300 WSARecv 51073->51080 51076 7ff775f3448a 51075->51076 51076->51075 51081 7ff775f3df60 51076->51081 51078 7ff775f1cf92 51078->51043 51079->51046 51080->51073 51083 7ff775f3df66 51081->51083 51082 7ff775f28140 WSARecv 51084 7ff775f3df85 51082->51084 51083->51081 51083->51082 51084->51078 51086 7ff775f1274a 51085->51086 51086->51085 51087 7ff775f1e720 WSARecv 51086->51087 51088 7ff775f1275e 51087->51088 51089 7ff775f128bf 51088->51089 51094 7ff775f5c9e0 WSARecv 51088->51094 51092 7ff775f12aca 51089->51092 51095 7ff775f5c9e0 WSARecv 51089->51095 51092->50978 51093->50980 51094->51089 51095->51092 51097 7ff775f434af 51096->51097 51097->51096 51098 7ff775f455e0 WSARecv 51097->51098 51099 7ff775f434e6 51098->51099 51100 7ff775f43605 51099->51100 51101 7ff775f42d20 WSARecv 51099->51101 51100->50995 51102 7ff775f43566 51101->51102 51103 7ff775f435ff 51102->51103 51111 7ff775f73c20 WSARecv 51102->51111 51103->50995 51105 7ff775f435a5 51106 7ff775f455e0 WSARecv 51105->51106 51107 7ff775f435e7 51106->51107 51107->50995 51108->50991 51109->50991 51110->50989 51111->51105 51112->50999 51113->51003 51114->51005 51115->51007 51116->51009 51117->51011 51118 7ff775f4d900 51119 7ff775f4d913 51118->51119 51124 7ff775f4d980 51119->51124 51123 7ff775f4d974 51126 7ff775f4d98a 51124->51126 51125 7ff775f4d9a9 51139 7ff775f44ea0 51125->51139 51126->51124 51126->51125 51189 7ff775f48300 WSARecv 51126->51189 51129 7ff775f4d9e5 51130 7ff775f4d9fc 51129->51130 51187 7ff775f4da80 WSARecv 51129->51187 51132 7ff775f4da1d 51130->51132 51155 7ff775f559c0 51130->51155 51133 7ff775f4da3e 51132->51133 51188 7ff775f55220 WSARecv 51132->51188 51173 7ff775f515e0 51133->51173 51138 7ff775f4dac0 WSARecv 51138->51123 51154 7ff775f44eaf 51139->51154 51140 7ff775f457e0 WSARecv 51140->51154 51141 7ff775f1c620 WSARecv 51141->51154 51142 7ff775f454a0 WSARecv 51142->51154 51144 7ff775f45660 WSARecv 51144->51154 51145 7ff775f4a300 WSARecv 51145->51154 51146 7ff775f455e0 WSARecv 51146->51154 51147 7ff775f45089 51147->51129 51148 7ff775f49d40 WSARecv 51148->51154 51149 7ff775f4a5c0 WSARecv 51149->51154 51150 7ff775f49f80 WSARecv 51150->51154 51151 7ff775f4a440 WSARecv 51151->51154 51152 7ff775f49da0 WSARecv 51152->51154 51153 7ff775f48300 WSARecv 51153->51154 51154->51139 51154->51140 51154->51141 51154->51142 51154->51144 51154->51145 51154->51146 51154->51147 51154->51148 51154->51149 51154->51150 51154->51151 51154->51152 51154->51153 51190 7ff775f1c840 WSARecv 51154->51190 51170 7ff775f559ca 51155->51170 51156 7ff775f1c620 WSARecv 51156->51170 51158 7ff775f759c0 WSARecv 51158->51170 51159 7ff775f79660 WSARecv 51159->51170 51161 7ff775f775c0 WSARecv 51161->51170 51167 7ff775f55520 WSARecv 51167->51170 51168 7ff775f51300 WSARecv 51168->51170 51169 7ff775f43720 WSARecv 51169->51170 51170->51155 51170->51156 51170->51158 51170->51159 51170->51161 51170->51167 51170->51168 51170->51169 51172 7ff775f1c840 WSARecv 51170->51172 51191 7ff775f55f40 51170->51191 51205 7ff775f55580 WSARecv 51170->51205 51206 7ff775f66cc0 WSARecv 51170->51206 51207 7ff775f1cd60 WSARecv 51170->51207 51208 7ff775f428c0 WSARecv 51170->51208 51209 7ff775f33220 WSARecv 51170->51209 51210 7ff775f2ada0 WSARecv 51170->51210 51211 7ff775f562a0 WSARecv 51170->51211 51172->51170 51185 7ff775f515ea 51173->51185 51177 7ff775f48300 WSARecv 51177->51185 51179 7ff775f1c620 WSARecv 51179->51185 51180 7ff775f51817 51182 7ff775f4fba0 WSARecv 51180->51182 51181 7ff775f4f620 WSARecv 51181->51185 51184 7ff775f4d96a 51182->51184 51184->51138 51185->51173 51185->51177 51185->51179 51185->51180 51185->51181 51186 7ff775f1c840 WSARecv 51185->51186 51323 7ff775f4f760 51185->51323 51339 7ff775f51280 51185->51339 51345 7ff775f4fba0 51185->51345 51357 7ff775f4f9e0 WSARecv 51185->51357 51358 7ff775f4fd00 WSARecv 51185->51358 51186->51185 51187->51130 51188->51133 51189->51126 51190->51154 51192 7ff775f55f4a 51191->51192 51192->51191 51193 7ff775f1c620 WSARecv 51192->51193 51202 7ff775f55f65 51193->51202 51194 7ff775f56047 51216 7ff775f1c840 WSARecv 51194->51216 51196 7ff775f56055 51196->51170 51201 7ff775f55520 WSARecv 51201->51202 51202->51194 51202->51201 51204 7ff775f1c620 WSARecv 51202->51204 51212 7ff775f56200 51202->51212 51217 7ff775f1c840 WSARecv 51202->51217 51218 7ff775f68c00 WSARecv 51202->51218 51219 7ff775f684e0 WSARecv 51202->51219 51220 7ff775f4f300 51202->51220 51204->51202 51205->51170 51206->51170 51207->51170 51208->51170 51209->51170 51210->51170 51211->51170 51213 7ff775f56206 51212->51213 51213->51212 51214 7ff775f56255 51213->51214 51266 7ff775f45a20 51213->51266 51214->51202 51216->51196 51217->51202 51218->51202 51219->51202 51223 7ff775f4f30a 51220->51223 51221 7ff775f4f5ed 51222 7ff775f4f020 WSARecv 51221->51222 51224 7ff775f4f5f6 51222->51224 51223->51220 51223->51221 51226 7ff775f4f356 51223->51226 51224->51202 51225 7ff775f4f39c 51227 7ff775f4f40b 51225->51227 51236 7ff775f4f3fc 51225->51236 51226->51225 51228 7ff775f4f38d 51226->51228 51229 7ff775f4f465 51227->51229 51231 7ff775f4f444 51227->51231 51230 7ff775f4f020 WSARecv 51228->51230 51232 7ff775f1c620 WSARecv 51229->51232 51233 7ff775f4f396 51230->51233 51234 7ff775f4f020 WSARecv 51231->51234 51235 7ff775f4f473 51232->51235 51233->51202 51237 7ff775f4f45f 51234->51237 51238 7ff775f4f47d 51235->51238 51245 7ff775f4f4bd 51235->51245 51239 7ff775f4f020 WSARecv 51236->51239 51237->51202 51240 7ff775f4f4a9 51238->51240 51315 7ff775f1c920 WSARecv 51238->51315 51241 7ff775f4f405 51239->51241 51316 7ff775f1c840 WSARecv 51240->51316 51241->51202 51244 7ff775f4f4b7 51244->51202 51246 7ff775f4f51c 51245->51246 51317 7ff775f1c920 WSARecv 51245->51317 51247 7ff775f4f5cb 51246->51247 51248 7ff775f4f52e 51246->51248 51322 7ff775f1c840 WSARecv 51247->51322 51250 7ff775f4f572 51248->51250 51252 7ff775f4f550 51248->51252 51319 7ff775f56f40 WSARecv 51250->51319 51251 7ff775f4f5d9 51253 7ff775f4f020 WSARecv 51251->51253 51318 7ff775f1c840 WSARecv 51252->51318 51258 7ff775f4f5e7 51253->51258 51257 7ff775f4f55e 51260 7ff775f4f020 WSARecv 51257->51260 51258->51202 51259 7ff775f4f5a5 51320 7ff775f1c840 WSARecv 51259->51320 51262 7ff775f4f56c 51260->51262 51262->51202 51263 7ff775f4f5b3 51264 7ff775f4f5c5 51263->51264 51321 7ff775f51220 WSARecv 51263->51321 51264->51202 51292 7ff775f45a32 51266->51292 51267 7ff775f48300 WSARecv 51267->51292 51268 7ff775f45e22 51268->51214 51269 7ff775f1c620 WSARecv 51269->51292 51270 7ff775f45a97 51305 7ff775f1c840 WSARecv 51270->51305 51272 7ff775f457e0 WSARecv 51272->51292 51273 7ff775f45aa6 51273->51214 51274 7ff775f45b3b 51306 7ff775f1c840 WSARecv 51274->51306 51276 7ff775f45b4a 51277 7ff775f1c620 WSARecv 51276->51277 51279 7ff775f45b85 51277->51279 51280 7ff775f454e0 WSARecv 51279->51280 51282 7ff775f45b9f 51280->51282 51283 7ff775f45dc1 51282->51283 51284 7ff775f45bbf 51282->51284 51309 7ff775f1c840 WSARecv 51283->51309 51286 7ff775f45560 WSARecv 51284->51286 51288 7ff775f45be6 51286->51288 51307 7ff775f1c840 WSARecv 51288->51307 51290 7ff775f45dcf 51293 7ff775f454e0 WSARecv 51290->51293 51292->51266 51292->51267 51292->51268 51292->51269 51292->51270 51292->51272 51292->51274 51310 7ff775f49d40 WSARecv 51292->51310 51311 7ff775f4a5c0 WSARecv 51292->51311 51312 7ff775f4a300 WSARecv 51292->51312 51313 7ff775f49f80 WSARecv 51292->51313 51314 7ff775f49da0 WSARecv 51292->51314 51294 7ff775f45de9 51293->51294 51294->51214 51296 7ff775f45c06 51297 7ff775f45d2c 51296->51297 51308 7ff775f49860 WSARecv 51296->51308 51299 7ff775f454e0 WSARecv 51297->51299 51301 7ff775f45d76 51299->51301 51300 7ff775f45cd8 51300->51297 51303 7ff775f45560 WSARecv 51300->51303 51302 7ff775f454e0 WSARecv 51301->51302 51304 7ff775f45da5 51302->51304 51303->51297 51304->51214 51305->51273 51306->51276 51307->51296 51308->51300 51309->51290 51310->51292 51311->51292 51312->51292 51313->51292 51314->51292 51315->51240 51316->51244 51317->51246 51318->51257 51319->51259 51320->51263 51321->51264 51322->51251 51332 7ff775f4f76a 51323->51332 51324 7ff775f553c0 WSARecv 51324->51332 51326 7ff775f4f300 WSARecv 51326->51332 51328 7ff775f4f808 51361 7ff775f55220 WSARecv 51328->51361 51330 7ff775f49d40 WSARecv 51330->51332 51331 7ff775f4f818 51331->51185 51332->51323 51332->51324 51332->51326 51332->51328 51332->51330 51333 7ff775f49da0 WSARecv 51332->51333 51334 7ff775f4a540 WSARecv 51332->51334 51335 7ff775f4a300 WSARecv 51332->51335 51336 7ff775f49f80 WSARecv 51332->51336 51337 7ff775f4a5c0 WSARecv 51332->51337 51338 7ff775f48300 WSARecv 51332->51338 51359 7ff775f55520 WSARecv 51332->51359 51360 7ff775f1c9a0 WSARecv 51332->51360 51333->51332 51334->51332 51335->51332 51336->51332 51337->51332 51338->51332 51340 7ff775f51286 51339->51340 51340->51339 51341 7ff775f512b9 51340->51341 51342 7ff775f48300 WSARecv 51340->51342 51343 7ff775f4f620 WSARecv 51341->51343 51342->51340 51344 7ff775f512be 51343->51344 51344->51185 51346 7ff775f4fbaa 51345->51346 51346->51345 51348 7ff775f4fbd9 51346->51348 51362 7ff775f3fd80 WSARecv 51346->51362 51363 7ff775f4cc40 WSARecv 51348->51363 51350 7ff775f4fc3b 51351 7ff775f4fc93 51350->51351 51364 7ff775f45940 WSARecv 51350->51364 51353 7ff775f4fcb3 51351->51353 51354 7ff775f4fcae 51351->51354 51365 7ff775f68b20 WSARecv 51351->51365 51353->51185 51366 7ff775f688a0 WSARecv 51354->51366 51357->51185 51358->51185 51359->51332 51360->51332 51361->51331 51362->51348 51363->51350 51364->51351 51365->51354 51366->51353 51367 7ff775f75940 51368 7ff775f75974 51367->51368 51369 7ff775f7596f 51367->51369 51376 7ff775f51a80 51368->51376 51390 7ff775f4b6e0 WSARecv 51369->51390 51377 7ff775f51a8a 51376->51377 51377->51376 51378 7ff775f51ac5 51377->51378 51392 7ff775f67380 WSARecv 51377->51392 51393 7ff775f4cc40 WSARecv 51378->51393 51381 7ff775f51b9a 51382 7ff775f515e0 WSARecv 51381->51382 51383 7ff775f51b9f 51382->51383 51391 7ff775f4b720 WSARecv 51383->51391 51384 7ff775f51ad9 51384->51381 51385 7ff775f51b77 51384->51385 51394 7ff775f68a00 WSARecv 51384->51394 51395 7ff775f4cc40 WSARecv 51385->51395 51388 7ff775f51b8b 51389 7ff775f4fba0 WSARecv 51388->51389 51389->51381 51392->51378 51393->51384 51394->51385 51395->51388 51396 7ff775f75740 51397 7ff775f75782 51396->51397 51400 7ff775f7c600 51397->51400 51399 7ff775f75889 51403 7ff775f534e0 51400->51403 51406 7ff775f534e6 51403->51406 51404 7ff775f759c0 WSARecv 51405 7ff775f5352b 51404->51405 51405->51399 51406->51403 51406->51404

          Executed Functions

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 0 7ff775f42e80-7ff775f42e89 1 7ff775f4347b-7ff775f43485 call 7ff775f75b00 0->1 2 7ff775f42e8f-7ff775f42ee3 call 7ff775f455e0 0->2 1->0 7 7ff775f43469-7ff775f4347a call 7ff775f48300 2->7 8 7ff775f42ee9-7ff775f42f52 call 7ff775f42d20 2->8 7->1 13 7ff775f42f67-7ff775f42f98 call 7ff775f455e0 8->13 14 7ff775f42f54-7ff775f42f63 call 7ff775f77a40 8->14 18 7ff775f42f9d-7ff775f42fb7 13->18 14->13 19 7ff775f43458-7ff775f43464 call 7ff775f48300 18->19 20 7ff775f42fbd-7ff775f43003 call 7ff775f42d20 18->20 19->7 23 7ff775f43008-7ff775f4300f 20->23 24 7ff775f43011-7ff775f43020 call 7ff775f77a40 23->24 25 7ff775f43024-7ff775f43074 call 7ff775f455e0 23->25 24->25 30 7ff775f4307a-7ff775f430d1 call 7ff775f42d20 25->30 31 7ff775f43447-7ff775f43453 call 7ff775f48300 25->31 35 7ff775f430e6-7ff775f43138 call 7ff775f42d20 30->35 36 7ff775f430d3-7ff775f430e2 call 7ff775f77a40 30->36 31->19 41 7ff775f4313a-7ff775f43149 call 7ff775f77a40 35->41 42 7ff775f4314d-7ff775f431ac call 7ff775f42d20 35->42 36->35 41->42 47 7ff775f431ae-7ff775f431bd call 7ff775f77a40 42->47 48 7ff775f431c1-7ff775f431f2 call 7ff775f455e0 42->48 47->48 52 7ff775f431f7-7ff775f43211 48->52 53 7ff775f43217-7ff775f43253 call 7ff775f42d20 52->53 54 7ff775f43436-7ff775f43442 call 7ff775f48300 52->54 58 7ff775f43268-7ff775f432ac call 7ff775f42d20 53->58 59 7ff775f43255-7ff775f43264 call 7ff775f77a40 53->59 54->31 64 7ff775f432ae-7ff775f432bd call 7ff775f77a40 58->64 65 7ff775f432c1-7ff775f432d0 58->65 59->58 64->65 67 7ff775f432d6-7ff775f432d9 65->67 68 7ff775f43425-7ff775f43431 call 7ff775f48300 65->68 67->68 70 7ff775f432df-7ff775f43309 call 7ff775f455e0 67->70 68->54 73 7ff775f4330e-7ff775f43328 70->73 74 7ff775f4332e-7ff775f43380 call 7ff775f42d20 73->74 75 7ff775f43412-7ff775f43420 call 7ff775f48300 73->75 79 7ff775f43382-7ff775f43391 call 7ff775f77a40 74->79 80 7ff775f43395-7ff775f433a3 74->80 75->68 79->80 81 7ff775f43401-7ff775f4340d call 7ff775f48300 80->81 82 7ff775f433a5-7ff775f433ec call 7ff775f42d20 80->82 81->75 88 7ff775f433f8-7ff775f43400 82->88 89 7ff775f433ee-7ff775f433f3 call 7ff775f43da0 82->89 89->88
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1274885397.00007FF775F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF775F10000, based on PE: true
          • Associated: 00000000.00000002.1274865359.00007FF775F10000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275126150.00007FF77617A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275147767.00007FF77617E000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275173158.00007FF7761A1000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275190336.00007FF7761A7000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275207578.00007FF7761A8000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275223972.00007FF7761A9000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275241129.00007FF7761AB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275257490.00007FF7761AD000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776434000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF77645B000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776462000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776489000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276049563.00007FF776492000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276075284.00007FF776493000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276075284.00007FF776496000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276120553.00007FF776497000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff775f10000_PuTTy.jbxd
          Similarity
          • API ID:
          • String ID: AddVecto$Continue$ForSingl$Handler$NtWaitFo$Numbers$RtlGetCu$RtlGetNt$SystemFu$WSAGetOv$WSAGetOverlappedResult not found_cgo_pthread_key_created missingruntime: sudog with non-nil elemruntime: sudog with non-nil nextruntime: sudog with non-nil prevruntime: mcall function returnedruntime: newstack called from g=runtime: stack split at bad timepani$advapi32.dll$advapi32.dll not foundduplicated defer entryruntime.main not on m0set_crosscall2 missingbad g->status in readywirep: invalid p stateassembly checks failedstack not a power of 2minpc or maxpc invalidcompileCallback: type trace: alloc too largenon-Go function at$dPeriod$dResult$eObject$ine_get_$kernel32.dll$kernel32.dll not foundadvapi32.dll not foundduplicated defer entryruntime.main not on m0set_crosscall2 missingbad g->status in readywirep: invalid p stateassembly checks failedstack not a power of 2minpc or maxpc invalidcompileCallback: type trace: alloc too l$nPeriod$ntdll.dll$redConti$rentPeb$stemFunc$tVersion$timeBegi$timeBegin/EndPeriod not foundruntime: sudog with non-nil cgfput: bad status (not Gdead)LockOSThread nesting overflowsemacquire not on the G stackruntime: split stack overflowstring concatenation too longinvalid function symbol tableinvalid length of trace even$timeEndP$tion036$tlGetCur$verlappe$version$wine_get$winmm.dll$ws2_32.dll$ws2_32.dll not foundpreempt off reason: forcegc: phase errorgopark: bad g statusgo of nil func valuewirep: already in goselectgo: bad wakeupsemaRoot rotateRightreflect.makeFuncStubdodeltimer0: wrong Ptrace: out of memoryheader line too longGetAdaptersAddresses
          • API String ID: 0-3729139115
          • Opcode ID: 4b96316937aaaf55366d587bc97639c8c6c77cecc9b9da070cad624ebc4d8915
          • Instruction ID: ab02e35ea9221be998824d3ecf9864e18fdd8c14b706713de73f4047f9f6c15c
          • Opcode Fuzzy Hash: 4b96316937aaaf55366d587bc97639c8c6c77cecc9b9da070cad624ebc4d8915
          • Instruction Fuzzy Hash: 76E14272A38B8680EA50EB12FC447AAB3A5FB45BC0F848135D98C47BA9DF7DD544C720
          Uniqueness

          Uniqueness Score: -1.00%

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 372 7ff775f1d220-7ff775f1d229 373 7ff775f1d990-7ff775f1d9c0 call 7ff775f75b00 372->373 374 7ff775f1d22f-7ff775f1d272 372->374 373->372 375 7ff775f1d27b-7ff775f1d299 call 7ff775f1eda0 374->375 376 7ff775f1d274-7ff775f1d276 374->376 384 7ff775f1d29b-7ff775f1d2c0 375->384 385 7ff775f1d2c5 375->385 378 7ff775f1d647-7ff775f1d64d 376->378 382 7ff775f1d76c-7ff775f1d77e 378->382 383 7ff775f1d653-7ff775f1d674 378->383 386 7ff775f1d780-7ff775f1d783 382->386 387 7ff775f1d676-7ff775f1d683 383->387 388 7ff775f1d685-7ff775f1d6a7 383->388 384->378 389 7ff775f1d2ca-7ff775f1d32e 385->389 390 7ff775f1d847-7ff775f1d851 386->390 391 7ff775f1d789-7ff775f1d7a3 call 7ff775f1d9e0 386->391 392 7ff775f1d6fe-7ff775f1d704 387->392 393 7ff775f1d6a9-7ff775f1d6ac 388->393 394 7ff775f1d6ae-7ff775f1d6c0 call 7ff775f28140 388->394 408 7ff775f1d334-7ff775f1d344 389->408 409 7ff775f1d5a5-7ff775f1d5b0 389->409 396 7ff775f1d86c-7ff775f1d887 390->396 397 7ff775f1d853-7ff775f1d86a 390->397 416 7ff775f1d7a9-7ff775f1d83d call 7ff775f2a980 * 2 391->416 417 7ff775f1d8e5-7ff775f1d8f1 391->417 398 7ff775f1d758-7ff775f1d76a 392->398 399 7ff775f1d706-7ff775f1d709 392->399 393->392 402 7ff775f1d6c5-7ff775f1d6f6 394->402 406 7ff775f1d898-7ff775f1d8c4 396->406 407 7ff775f1d889-7ff775f1d896 396->407 403 7ff775f1d8c8-7ff775f1d8cb 397->403 398->386 404 7ff775f1d70f-7ff775f1d753 call 7ff775f28060 399->404 405 7ff775f1d616-7ff775f1d644 399->405 402->392 412 7ff775f1d8cd-7ff775f1d8d4 403->412 413 7ff775f1d905-7ff775f1d98f call 7ff775f49d40 call 7ff775f4a5c0 call 7ff775f4a440 call 7ff775f4a5c0 call 7ff775f4a440 call 7ff775f4a5c0 * 2 call 7ff775f49f80 call 7ff775f49da0 call 7ff775f48300 403->413 404->405 405->378 406->403 407->403 414 7ff775f1d34a-7ff775f1d365 408->414 415 7ff775f1d609-7ff775f1d611 call 7ff775f77e00 408->415 420 7ff775f1d8f2-7ff775f1d900 call 7ff775f48300 412->420 421 7ff775f1d8d6-7ff775f1d8e0 412->421 413->373 422 7ff775f1d40b-7ff775f1d423 414->422 423 7ff775f1d36b-7ff775f1d3a3 call 7ff775f45660 414->423 415->405 416->390 420->413 421->389 428 7ff775f1d5e7-7ff775f1d5f3 call 7ff775f48300 422->428 429 7ff775f1d429-7ff775f1d451 call 7ff775f1eda0 422->429 436 7ff775f1d3a8-7ff775f1d3c3 423->436 439 7ff775f1d5f8-7ff775f1d604 call 7ff775f48300 428->439 446 7ff775f1d472-7ff775f1d483 429->446 447 7ff775f1d453-7ff775f1d464 call 7ff775f1e9e0 429->447 436->439 441 7ff775f1d3c9-7ff775f1d3d8 436->441 439->415 442 7ff775f1d3da-7ff775f1d3db 441->442 443 7ff775f1d3dd 441->443 448 7ff775f1d3de-7ff775f1d401 442->448 443->448 451 7ff775f1d489-7ff775f1d4a7 446->451 452 7ff775f1d58e-7ff775f1d59b 446->452 454 7ff775f1d469-7ff775f1d46c 447->454 448->422 455 7ff775f1d4ad-7ff775f1d4b9 451->455 456 7ff775f1d556-7ff775f1d56b 451->456 452->409 454->446 460 7ff775f1d5d6-7ff775f1d5e2 call 7ff775f48300 454->460 461 7ff775f1d4bb 455->461 462 7ff775f1d4c2-7ff775f1d4e3 call 7ff775f1e9e0 455->462 458 7ff775f1d5bc-7ff775f1d5c0 call 7ff775f77e60 456->458 459 7ff775f1d56d-7ff775f1d577 456->459 469 7ff775f1d5c5-7ff775f1d5d1 call 7ff775f48300 458->469 465 7ff775f1d579-7ff775f1d589 459->465 466 7ff775f1d5b1-7ff775f1d5b7 call 7ff775f77de0 459->466 460->428 461->462 462->469 474 7ff775f1d4e9-7ff775f1d52e 462->474 466->458 469->460 476 7ff775f1d530-7ff775f1d539 call 7ff775f787c0 474->476 477 7ff775f1d541-7ff775f1d54e 474->477 476->477 477->456
          Strings
          • ) not in usable address space: runtime: cannot allocate memorycheckmark found unmarked objectruntime: failed to commit pages/memory/classes/heap/free:bytes/memory/classes/os-stacks:bytespacer: sweep done at heap size non in-use span in unswept listcasgstatus: , xrefs: 00007FF775F1D954
          • out of memory allocating heap arena metadata/cpu/classes/scavenge/background:cpu-secondsruntime: unexpected metric registration for gcmarknewobject called while doing checkmarkactive sweepers found at start of mark phaseno P available, write barriers are forbi, xrefs: 00007FF775F1D5D6
          • out of memory allocating allArenas/memory/classes/heap/objects:bytesruntime.SetFinalizer: cannot pass too many pages allocated in chunk?mspan.ensureSwept: m is not lockedVirtualQuery for stack base failedforEachP: sched.safePointWait != 0schedule: spinning wit, xrefs: 00007FF775F1D5C5
          • end outside usable address spaceruntime: failed to release pagesruntime: fixalloc size too largeinvalid limiter event type foundscanstack: goroutine not stoppedscavenger state is already wiredsweep increased allocation countremovespecial on invalid pointerrunt, xrefs: 00007FF775F1D8BD
          • , xrefs: 00007FF775F1D8AD
          • arena already initialized to unused region of span bytes failed with errno=runtime: VirtualAlloc of /sched/gomaxprocs:threadsremaining pointer buffersslice bounds out of range_cgo_thread_start missingallgadd: bad status Gidleruntime: program exceeds startm: p , xrefs: 00007FF775F1D5E7
          • base outside usable address spaceruntime: memory allocated by OS [misrounded allocation in sysAllocconcurrent map read and map writeruntime: failed to decommit pages/cpu/classes/gc/pause:cpu-seconds/cpu/classes/gc/total:cpu-seconds/gc/limiter/last-enabled:gc-c, xrefs: 00007FF775F1D88F
          • memory reservation exceeds address space limittried to park scavenger from another goroutinereleased less than one physical page of memory (bad use of unsafe.Pointer? try -d=checkptr)sysGrow bounds not aligned to pallocChunkBytesruntime: failed to create new , xrefs: 00007FF775F1D97E
          • out of memory allocating heap arena map/cpu/classes/gc/mark/assist:cpu-seconds/cpu/classes/scavenge/total:cpu-seconds/memory/classes/profiling/buckets:bytesmspan.sweep: bad span state after sweepruntime: blocked write on free polldescsuspendG from non-preempti, xrefs: 00007FF775F1D5F8
          • region exceeds uintptr range/gc/heap/frees-by-size:bytes/gc/heap/tiny/allocs:objects/sched/goroutines:goroutinesgcBgMarkWorker: mode not setmspan.sweep: m is not lockedfound pointer to free objectmheap.freeSpanLocked - span runtime.semasleep unexpectedfatal: m, xrefs: 00007FF775F1D863
          Memory Dump Source
          • Source File: 00000000.00000002.1274885397.00007FF775F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF775F10000, based on PE: true
          • Associated: 00000000.00000002.1274865359.00007FF775F10000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275126150.00007FF77617A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275147767.00007FF77617E000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275173158.00007FF7761A1000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275190336.00007FF7761A7000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275207578.00007FF7761A8000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275223972.00007FF7761A9000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275241129.00007FF7761AB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275257490.00007FF7761AD000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776434000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF77645B000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776462000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776489000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276049563.00007FF776492000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276075284.00007FF776493000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276075284.00007FF776496000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276120553.00007FF776497000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff775f10000_PuTTy.jbxd
          Similarity
          • API ID:
          • String ID: $) not in usable address space: runtime: cannot allocate memorycheckmark found unmarked objectruntime: failed to commit pages/memory/classes/heap/free:bytes/memory/classes/os-stacks:bytespacer: sweep done at heap size non in-use span in unswept listcasgstatus: $arena already initialized to unused region of span bytes failed with errno=runtime: VirtualAlloc of /sched/gomaxprocs:threadsremaining pointer buffersslice bounds out of range_cgo_thread_start missingallgadd: bad status Gidleruntime: program exceeds startm: p $base outside usable address spaceruntime: memory allocated by OS [misrounded allocation in sysAllocconcurrent map read and map writeruntime: failed to decommit pages/cpu/classes/gc/pause:cpu-seconds/cpu/classes/gc/total:cpu-seconds/gc/limiter/last-enabled:gc-c$end outside usable address spaceruntime: failed to release pagesruntime: fixalloc size too largeinvalid limiter event type foundscanstack: goroutine not stoppedscavenger state is already wiredsweep increased allocation countremovespecial on invalid pointerrunt$memory reservation exceeds address space limittried to park scavenger from another goroutinereleased less than one physical page of memory (bad use of unsafe.Pointer? try -d=checkptr)sysGrow bounds not aligned to pallocChunkBytesruntime: failed to create new $out of memory allocating allArenas/memory/classes/heap/objects:bytesruntime.SetFinalizer: cannot pass too many pages allocated in chunk?mspan.ensureSwept: m is not lockedVirtualQuery for stack base failedforEachP: sched.safePointWait != 0schedule: spinning wit$out of memory allocating heap arena map/cpu/classes/gc/mark/assist:cpu-seconds/cpu/classes/scavenge/total:cpu-seconds/memory/classes/profiling/buckets:bytesmspan.sweep: bad span state after sweepruntime: blocked write on free polldescsuspendG from non-preempti$out of memory allocating heap arena metadata/cpu/classes/scavenge/background:cpu-secondsruntime: unexpected metric registration for gcmarknewobject called while doing checkmarkactive sweepers found at start of mark phaseno P available, write barriers are forbi$region exceeds uintptr range/gc/heap/frees-by-size:bytes/gc/heap/tiny/allocs:objects/sched/goroutines:goroutinesgcBgMarkWorker: mode not setmspan.sweep: m is not lockedfound pointer to free objectmheap.freeSpanLocked - span runtime.semasleep unexpectedfatal: m
          • API String ID: 0-2908405890
          • Opcode ID: a9b7e242114ce2353f5a8305fe4ff356203a124d2fc32717b350ddc33b941b85
          • Instruction ID: 2152431c1c02fe61e644c348ac0d3321dc639ae5dc851a4e0bd3c6038281b9e2
          • Opcode Fuzzy Hash: a9b7e242114ce2353f5a8305fe4ff356203a124d2fc32717b350ddc33b941b85
          • Instruction Fuzzy Hash: F6029123A29BC182EB90AB11E4407BAB765FB85F94F844532EE9D43799CF3CE544C750
          Uniqueness

          Uniqueness Score: -1.00%

          Strings
          • !"#$%%&&''((()))*++,,,,,------....//////0001123333333333444444444455666677777888888888889999999999::::::;;;;;;;;;;;;;;;;<<<<<<<<<<<<<<<<=====>>>>>>>>>>>??????????@@@@@@@@@@@@@@@@@@@@@@AAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC, xrefs: 00007FF775F1E10D
          • mallocgc called without a P or outside bootstrappingruntime.SetFinalizer: pointer not in allocated blockruntime: use of FixAlloc_Alloc before FixAlloc_Initspan set block with unpopped elements found in resetruntime: GetQueuedCompletionStatusEx failed (errno= , xrefs: 00007FF775F1E58C
          • mallocgc called with gcphase == _GCmarkterminationrecursive call during initialization - linker skewattempt to execute system stack code on user stackcompileCallback: function argument frame too largecrypto/cipher: incorrect nonce length given to GCMchacha20: , xrefs: 00007FF775F1E5BF
          • malloc during signalclose of nil channelinconsistent lockedmnotetsleep not on g0bad system page size to unallocated span/gc/scan/stack:bytes/gc/scan/total:bytes/gc/heap/frees:bytes/gc/gomemlimit:bytesp mcache not flushed markroot jobs donepacer: assist ratio=, xrefs: 00007FF775F1E59D
          • delayed zeroing on data that may contain pointerssweeper left outstanding across sweep generationsfully empty unfreed span set block found in resetcasgstatus: waiting for Gwaiting but is Grunnableecdsa: internal error: truncated hash is too longcrypto/elliptic, xrefs: 00007FF775F1E547
          • malloc deadlockruntime error: with GC progscan missed a gmisaligned maskruntime: min = runtime: inUse=runtime: max = recovery failedstopm holding pstartm: m has ppreempt SPWRITEmissing mcache?ms: gomaxprocs=]morebuf={pc:: no frame (sp=runtime: frame runti, xrefs: 00007FF775F1E5AE
          Memory Dump Source
          • Source File: 00000000.00000002.1274885397.00007FF775F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF775F10000, based on PE: true
          • Associated: 00000000.00000002.1274865359.00007FF775F10000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275126150.00007FF77617A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275147767.00007FF77617E000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275173158.00007FF7761A1000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275190336.00007FF7761A7000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275207578.00007FF7761A8000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275223972.00007FF7761A9000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275241129.00007FF7761AB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275257490.00007FF7761AD000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776434000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF77645B000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776462000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776489000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276049563.00007FF776492000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276075284.00007FF776493000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276075284.00007FF776496000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276120553.00007FF776497000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff775f10000_PuTTy.jbxd
          Similarity
          • API ID:
          • String ID: !"#$%%&&''((()))*++,,,,,------....//////0001123333333333444444444455666677777888888888889999999999::::::;;;;;;;;;;;;;;;;<<<<<<<<<<<<<<<<=====>>>>>>>>>>>??????????@@@@@@@@@@@@@@@@@@@@@@AAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC$delayed zeroing on data that may contain pointerssweeper left outstanding across sweep generationsfully empty unfreed span set block found in resetcasgstatus: waiting for Gwaiting but is Grunnableecdsa: internal error: truncated hash is too longcrypto/elliptic$malloc deadlockruntime error: with GC progscan missed a gmisaligned maskruntime: min = runtime: inUse=runtime: max = recovery failedstopm holding pstartm: m has ppreempt SPWRITEmissing mcache?ms: gomaxprocs=]morebuf={pc:: no frame (sp=runtime: frame runti$malloc during signalclose of nil channelinconsistent lockedmnotetsleep not on g0bad system page size to unallocated span/gc/scan/stack:bytes/gc/scan/total:bytes/gc/heap/frees:bytes/gc/gomemlimit:bytesp mcache not flushed markroot jobs donepacer: assist ratio=$mallocgc called with gcphase == _GCmarkterminationrecursive call during initialization - linker skewattempt to execute system stack code on user stackcompileCallback: function argument frame too largecrypto/cipher: incorrect nonce length given to GCMchacha20: $mallocgc called without a P or outside bootstrappingruntime.SetFinalizer: pointer not in allocated blockruntime: use of FixAlloc_Alloc before FixAlloc_Initspan set block with unpopped elements found in resetruntime: GetQueuedCompletionStatusEx failed (errno=
          • API String ID: 0-850241918
          • Opcode ID: 7418a724594f3a7d8b132c04ac9dbcc95f31f3450cc7d1f2792c9ed302844d8c
          • Instruction ID: 6fac0f4dbea73263a160af56cb601f2ddbd8954e3cc7f28a2fb1c468f0a21b96
          • Opcode Fuzzy Hash: 7418a724594f3a7d8b132c04ac9dbcc95f31f3450cc7d1f2792c9ed302844d8c
          • Instruction Fuzzy Hash: 8132B163A386C282EB50AB15E4407BAAB65FB45F94F844936EF8D47795CF3CE940C720
          Uniqueness

          Uniqueness Score: -1.00%

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 1351 7ff775f45a20-7ff775f45a2c 1352 7ff775f45ea8-7ff775f45eb7 call 7ff775f75b00 1351->1352 1353 7ff775f45a32-7ff775f45a44 1351->1353 1352->1351 1355 7ff775f45a4a-7ff775f45a62 1353->1355 1356 7ff775f45e96-7ff775f45ea7 call 7ff775f48300 1353->1356 1359 7ff775f45a68-7ff775f45a95 call 7ff775f1c620 1355->1359 1360 7ff775f45e22-7ff775f45e38 1355->1360 1356->1352 1364 7ff775f45a97-7ff775f45acc call 7ff775f1c840 1359->1364 1365 7ff775f45acd-7ff775f45b18 call 7ff775f457e0 1359->1365 1369 7ff775f45b1d-7ff775f45b35 1365->1369 1370 7ff775f45e39-7ff775f45e91 call 7ff775f79240 call 7ff775f49d40 call 7ff775f4a5c0 call 7ff775f4a300 call 7ff775f49f80 call 7ff775f49da0 call 7ff775f48300 1369->1370 1371 7ff775f45b3b-7ff775f45b80 call 7ff775f1c840 call 7ff775f1c620 1369->1371 1370->1356 1378 7ff775f45b85-7ff775f45b9a call 7ff775f454e0 1371->1378 1382 7ff775f45b9f-7ff775f45bb9 1378->1382 1384 7ff775f45dc1-7ff775f45e21 call 7ff775f1c840 call 7ff775f454e0 1382->1384 1385 7ff775f45bbf-7ff775f45c23 call 7ff775f45560 call 7ff775f1c840 1382->1385 1399 7ff775f45c30-7ff775f45c37 1385->1399 1400 7ff775f45c25-7ff775f45c28 1385->1400 1403 7ff775f45c39-7ff775f45c3c 1399->1403 1404 7ff775f45c4b-7ff775f45c55 1399->1404 1400->1399 1402 7ff775f45c2a-7ff775f45c2e 1400->1402 1402->1399 1409 7ff775f45c6d-7ff775f45c70 1402->1409 1403->1404 1406 7ff775f45c3e-7ff775f45c44 1403->1406 1407 7ff775f45c57-7ff775f45c5a 1404->1407 1408 7ff775f45c6b 1404->1408 1406->1404 1410 7ff775f45c46-7ff775f45c49 1406->1410 1407->1408 1411 7ff775f45c5c-7ff775f45c64 1407->1411 1408->1409 1412 7ff775f45cb2 1409->1412 1413 7ff775f45c72-7ff775f45c79 1409->1413 1410->1409 1411->1408 1414 7ff775f45c66-7ff775f45c69 1411->1414 1417 7ff775f45cb4-7ff775f45cb7 1412->1417 1415 7ff775f45c7b-7ff775f45c89 1413->1415 1416 7ff775f45c96-7ff775f45ca8 1413->1416 1414->1409 1420 7ff775f45cae-7ff775f45cb0 1415->1420 1421 7ff775f45c8b-7ff775f45c94 1415->1421 1416->1417 1418 7ff775f45cbd-7ff775f45cda call 7ff775f49860 1417->1418 1419 7ff775f45d46-7ff775f45da0 call 7ff775f454e0 * 2 1417->1419 1427 7ff775f45d3e 1418->1427 1428 7ff775f45cdc-7ff775f45d3b call 7ff775f45560 1418->1428 1431 7ff775f45da5-7ff775f45dc0 1419->1431 1420->1417 1421->1416 1424 7ff775f45caa-7ff775f45cac 1421->1424 1424->1417 1427->1419 1428->1427
          Strings
          • runtime.preemptM: duplicatehandle faileddeferproc: d.panic != nil after newdefermust be able to track idle limiter eventruntime: SyscallN has too many argumentsevictOldest(%v) on table with %v entriescrypto/cipher: message too large for GCMcrypto/cipher: outpu, xrefs: 00007FF775F45E85
          • runtime.preemptM: duplicatehandle failed; errno=runtime: waitforsingleobject wait_failed; errno=x509: X25519 key encoded with illegal parametersx509: SAN uniformResourceIdentifier is malformedx509: IP constraint contained value of length %dx509: internal error, xrefs: 00007FF775F45E5D
          • self-preempt [recovered]bad recoverybad g statusentersyscallwirep: p->m=) p->status=releasep: m= sysmonwait= preemptoff=cas64 failed m->gsignal=-byte limitruntime: sp=abi mismatch (sensitive)RevertToSelfCreateEventWGetConsoleCPUnlockFileExVirtualQuerynot poll, xrefs: 00007FF775F45E96
          Memory Dump Source
          • Source File: 00000000.00000002.1274885397.00007FF775F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF775F10000, based on PE: true
          • Associated: 00000000.00000002.1274865359.00007FF775F10000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275126150.00007FF77617A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275147767.00007FF77617E000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275173158.00007FF7761A1000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275190336.00007FF7761A7000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275207578.00007FF7761A8000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275223972.00007FF7761A9000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275241129.00007FF7761AB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275257490.00007FF7761AD000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776434000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF77645B000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776462000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776489000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276049563.00007FF776492000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276075284.00007FF776493000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276075284.00007FF776496000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276120553.00007FF776497000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff775f10000_PuTTy.jbxd
          Similarity
          • API ID:
          • String ID: runtime.preemptM: duplicatehandle failed; errno=runtime: waitforsingleobject wait_failed; errno=x509: X25519 key encoded with illegal parametersx509: SAN uniformResourceIdentifier is malformedx509: IP constraint contained value of length %dx509: internal error$runtime.preemptM: duplicatehandle faileddeferproc: d.panic != nil after newdefermust be able to track idle limiter eventruntime: SyscallN has too many argumentsevictOldest(%v) on table with %v entriescrypto/cipher: message too large for GCMcrypto/cipher: outpu$self-preempt [recovered]bad recoverybad g statusentersyscallwirep: p->m=) p->status=releasep: m= sysmonwait= preemptoff=cas64 failed m->gsignal=-byte limitruntime: sp=abi mismatch (sensitive)RevertToSelfCreateEventWGetConsoleCPUnlockFileExVirtualQuerynot poll
          • API String ID: 0-542705066
          • Opcode ID: 12041f36b5bcdd64a5b60cc9a79a6675a181f3390e4ebdcaadb0fb12dc4b4419
          • Instruction ID: 3be0a17f93f45a55bb56eba6ea0ff96eed2788e5e7659cc20f582f9cbba29f06
          • Opcode Fuzzy Hash: 12041f36b5bcdd64a5b60cc9a79a6675a181f3390e4ebdcaadb0fb12dc4b4419
          • Instruction Fuzzy Hash: 85D17033A29B8281DA51FB25E8803BAA760FB46F94F949235DE9C43795DF3CE481C710
          Uniqueness

          Uniqueness Score: -1.00%

          Strings
          • grew heap, but no adequate free space foundroot level max pages doesn't fit in summaryunfinished open-coded defers in deferreturnruntime: releaseSudog with non-nil gp.paramunknown runnable goroutine during bootstrapruntime: casfrom_Gscanstatus bad oldval gp=ru, xrefs: 00007FF775F39602
          Memory Dump Source
          • Source File: 00000000.00000002.1274885397.00007FF775F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF775F10000, based on PE: true
          • Associated: 00000000.00000002.1274865359.00007FF775F10000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275126150.00007FF77617A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275147767.00007FF77617E000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275173158.00007FF7761A1000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275190336.00007FF7761A7000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275207578.00007FF7761A8000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275223972.00007FF7761A9000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275241129.00007FF7761AB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275257490.00007FF7761AD000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776434000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF77645B000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776462000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776489000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276049563.00007FF776492000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276075284.00007FF776493000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276075284.00007FF776496000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276120553.00007FF776497000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff775f10000_PuTTy.jbxd
          Similarity
          • API ID:
          • String ID: grew heap, but no adequate free space foundroot level max pages doesn't fit in summaryunfinished open-coded defers in deferreturnruntime: releaseSudog with non-nil gp.paramunknown runnable goroutine during bootstrapruntime: casfrom_Gscanstatus bad oldval gp=ru
          • API String ID: 0-3045916205
          • Opcode ID: 6ff496ac22c371e283768d8e957b3ca929ef14b242b2014f054f468a03a525b7
          • Instruction ID: 22e8a8875545458aac51b8527972dfddda71c1ea51900fd182500b9f644a73f4
          • Opcode Fuzzy Hash: 6ff496ac22c371e283768d8e957b3ca929ef14b242b2014f054f468a03a525b7
          • Instruction Fuzzy Hash: 5CE18F63A3DBC681EA60AF15E5807AAE7A0FB85F90F945135DA8D43B99CF3CD450CB10
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.1274885397.00007FF775F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF775F10000, based on PE: true
          • Associated: 00000000.00000002.1274865359.00007FF775F10000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275126150.00007FF77617A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275147767.00007FF77617E000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275173158.00007FF7761A1000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275190336.00007FF7761A7000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275207578.00007FF7761A8000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275223972.00007FF7761A9000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275241129.00007FF7761AB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275257490.00007FF7761AD000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776434000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF77645B000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776462000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776489000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276049563.00007FF776492000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276075284.00007FF776493000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276075284.00007FF776496000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276120553.00007FF776497000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff775f10000_PuTTy.jbxd
          Similarity
          • API ID: Recv
          • String ID:
          • API String ID: 4192927123-0
          • Opcode ID: ae9484ab8339121adab38818ee12098b0ed07cd46f7304dadeff90e65abf235e
          • Instruction ID: 58187b4dd45749db721fa2ce5397546a727bb6edfe27afb3837ad8f687713bab
          • Opcode Fuzzy Hash: ae9484ab8339121adab38818ee12098b0ed07cd46f7304dadeff90e65abf235e
          • Instruction Fuzzy Hash: 35016D36A14F80C1EB109B5AE9413297374E748BE4F644225DFAD57BA4CF39E1A3C740
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1274885397.00007FF775F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF775F10000, based on PE: true
          • Associated: 00000000.00000002.1274865359.00007FF775F10000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275126150.00007FF77617A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275147767.00007FF77617E000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275173158.00007FF7761A1000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275190336.00007FF7761A7000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275207578.00007FF7761A8000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275223972.00007FF7761A9000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275241129.00007FF7761AB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275257490.00007FF7761AD000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776434000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF77645B000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776462000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776489000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276049563.00007FF776492000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276075284.00007FF776493000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276075284.00007FF776496000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276120553.00007FF776497000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff775f10000_PuTTy.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 7e65949b94060199da2e61c7b20b912fb9e9dc1dace1b101db1f9ffdee3a606f
          • Instruction ID: 8a3a3899caf234872cca0cb5f41588d12b3b5884bbcc3e2a5581f2d190e799cb
          • Opcode Fuzzy Hash: 7e65949b94060199da2e61c7b20b912fb9e9dc1dace1b101db1f9ffdee3a606f
          • Instruction Fuzzy Hash: BBD17133B3DA8286EA04AB16E85427AF7A0FF85B80F845035E58D477A9DF7CE540C720
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1274885397.00007FF775F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF775F10000, based on PE: true
          • Associated: 00000000.00000002.1274865359.00007FF775F10000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275126150.00007FF77617A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275147767.00007FF77617E000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275173158.00007FF7761A1000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275190336.00007FF7761A7000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275207578.00007FF7761A8000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275223972.00007FF7761A9000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275241129.00007FF7761AB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275257490.00007FF7761AD000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776434000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF77645B000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776462000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776489000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276049563.00007FF776492000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276075284.00007FF776493000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276075284.00007FF776496000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276120553.00007FF776497000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff775f10000_PuTTy.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 12a0bec1e240109df92d0a9c99088685e145cdb704f1d5e6f58e8d4d8f06adba
          • Instruction ID: 05f4824eeaf4cd86b2154f9bef9893675bd1f081d778f0562a57f551ca06cf01
          • Opcode Fuzzy Hash: 12a0bec1e240109df92d0a9c99088685e145cdb704f1d5e6f58e8d4d8f06adba
          • Instruction Fuzzy Hash: AA918633E3868286FF14BF16D88477AE691AF84F84FD49035C50D573A5DE2CE9828760
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1274885397.00007FF775F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF775F10000, based on PE: true
          • Associated: 00000000.00000002.1274865359.00007FF775F10000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275126150.00007FF77617A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275147767.00007FF77617E000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275173158.00007FF7761A1000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275190336.00007FF7761A7000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275207578.00007FF7761A8000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275223972.00007FF7761A9000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275241129.00007FF7761AB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275257490.00007FF7761AD000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776434000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF77645B000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776462000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776489000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276049563.00007FF776492000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276075284.00007FF776493000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276075284.00007FF776496000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276120553.00007FF776497000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff775f10000_PuTTy.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 0af685f71c755950569c5d8edf0092a1eec7ff412b6c08ed56e1c4896b0e83f8
          • Instruction ID: 0a7ff8d4bb1de355e5c89befb91df6427bd114d2458cdbe04c613e75a816c671
          • Opcode Fuzzy Hash: 0af685f71c755950569c5d8edf0092a1eec7ff412b6c08ed56e1c4896b0e83f8
          • Instruction Fuzzy Hash: 4B418277A28B8691E744AB16E8801EEA760FB84F50FC58036DA4E43B69CF3CD646C714
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1274885397.00007FF775F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF775F10000, based on PE: true
          • Associated: 00000000.00000002.1274865359.00007FF775F10000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275126150.00007FF77617A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275147767.00007FF77617E000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275173158.00007FF7761A1000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275190336.00007FF7761A7000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275207578.00007FF7761A8000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275223972.00007FF7761A9000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275241129.00007FF7761AB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275257490.00007FF7761AD000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776434000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF77645B000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776462000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776489000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276049563.00007FF776492000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276075284.00007FF776493000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276075284.00007FF776496000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276120553.00007FF776497000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff775f10000_PuTTy.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 08a976cbe4cc897a64db5d218d18352369ef04d6662949e968853662eaa32815
          • Instruction ID: 453642d57818ac6ec5c7f5bd5dd8dc121de16a8e5e193c352864988239ddc10c
          • Opcode Fuzzy Hash: 08a976cbe4cc897a64db5d218d18352369ef04d6662949e968853662eaa32815
          • Instruction Fuzzy Hash: D7214C33A28F8581EA00EB25E84117AB7A0FB4AF80F959231EE9C43755DF3DE191C710
          Uniqueness

          Uniqueness Score: -1.00%

          Non-executed Functions

          Strings
          • runtime: p.searchAddr = range partially overlapsbad defer entry in panicbypassed recovery failedstack trace unavailablebindm in unexpected GOOSrunqsteal: runq overflowdouble traceGCSweepStartidna: disallowed rune %Uchacha20: wrong key sizex509: malformed vali, xrefs: 00007FF775F3C8C5
          • ] = (usageinit ms, fault tab= top=[...], fp:bad nsse41sse42ssse3SHA-1P-224P-256P-384P-521ECDSAGreek (at ClassStringFormat[]bytestringBasic CookieacceptcookieexpectoriginserverclosedExpectstatusPragmasocks Lockedactivesocks5CANCELGOAWAYPADDEDlistensocketSunday, xrefs: 00007FF775F3C398
          • , i = code= addr= m->p= p->m=SCHED curg= ctxt: min= max= (...) base GetACPrdtscppopcntCommonLengthheaderAnswercmd/goSTREETavx512rdrandrdseedAPPDATAfloat32float64UpgradeReferer flags= len=%d (conn) %v=%v,expiresrefererrefreshtrailerGODEBUGTrailer:method:sch, xrefs: 00007FF775F3C8E5
          • , npages = tracealloc( p->status= in status idleprocs= gcwaiting= schedtick= timerslen= mallocing=bad timedivfloat64nan1float64nan2float64nan3float32nan2GOTRACEBACK) at entry+ (targetpc= , plugin: runtime: g : frame.sp=created by HTTPS_PROXYhttps_proxyMoveFil, xrefs: 00007FF775F3C85C
          • runtime: levelShift[level] = doRecordGoroutineProfile gp1=timeBegin/EndPeriod not foundruntime: sudog with non-nil cgfput: bad status (not Gdead)LockOSThread nesting overflowsemacquire not on the G stackruntime: split stack overflowstring concatenation too lon, xrefs: 00007FF775F3C945
          • runtime: summary[runtime: level = , p.searchAddr = runtime.newosprocruntime/internal/thread exhaustionlocked m0 woke upentersyscallblock spinningthreads=gp.waiting != nilunknown caller pcstack: frame={sp:runtime: nameOff runtime: typeOff runtime: textOff Syste, xrefs: 00007FF775F3C35F, 00007FF775F3C796
          • , j0 = head = panic: nmsys= locks= dying= allocs m->g0= pad1= pad2= text= minpc= value= (scan)types : type SHA-224SHA-256SHA-384SHA-512Ed25519MD2-RSAMD5-RSAserial:::ffff:answersos/execruntime2.5.4.62.5.4.32.5.4.52.5.4.72.5.4.82.5.4.9avx512fosxsave#internG, xrefs: 00007FF775F3C87A
          • ] = pc=: p=cas1cas2cas3cas4cas5cas6 at m= sp= sp: lr: fp=) m=xn--ermssse3avx2bmi1bmi2asn1bitsNameTypecx16sse2false<nil>Error:***@Rangeallowrangehttpsclose:path%s %q%s=%sHTTP/socksFound&amp;&#34;&#39;writentohsMarchAprilmonthLocal+0530+0430+0545+0630+0330+08, xrefs: 00007FF775F3C7D6
          • , levelBits[level] = runtime: searchIdx = defer on system stackpanic on system stackasync stack too largestartm: m is spinningstartlockedm: m has pfindrunnable: wrong ppreempt at unknown pcreleasep: invalid argcheckdead: runnable gruntime: newstack at runtime:, xrefs: 00007FF775F3C965
          • runtime: npages = runtime: range = {index out of rangeruntime: gp: gp=runtime: getg: g=forEachP: not done in async preemptbad manualFreeListruntime: textAddr cleantimers: bad p frames elided..., locked to threadruntime.semacreateruntime.semawakeupdecoding, xrefs: 00007FF775F3C40F
          • bad summary dataruntime: addr = runtime: base = runtime: head = already; errno=runtime stack:invalid g statuscastogscanstatusbad g transitionschedule: in cgoreflect mismatch untyped locals missing stackmapbad symbol tablenon-Go function not in ranges:inva, xrefs: 00007FF775F3C43C, 00007FF775F3CB8C
          Memory Dump Source
          • Source File: 00000000.00000002.1274885397.00007FF775F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF775F10000, based on PE: true
          • Associated: 00000000.00000002.1274865359.00007FF775F10000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275126150.00007FF77617A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275147767.00007FF77617E000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275173158.00007FF7761A1000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275190336.00007FF7761A7000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275207578.00007FF7761A8000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275223972.00007FF7761A9000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275241129.00007FF7761AB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275257490.00007FF7761AD000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776434000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF77645B000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776462000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776489000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276049563.00007FF776492000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276075284.00007FF776493000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276075284.00007FF776496000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276120553.00007FF776497000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff775f10000_PuTTy.jbxd
          Similarity
          • API ID:
          • String ID: , i = code= addr= m->p= p->m=SCHED curg= ctxt: min= max= (...) base GetACPrdtscppopcntCommonLengthheaderAnswercmd/goSTREETavx512rdrandrdseedAPPDATAfloat32float64UpgradeReferer flags= len=%d (conn) %v=%v,expiresrefererrefreshtrailerGODEBUGTrailer:method:sch$, j0 = head = panic: nmsys= locks= dying= allocs m->g0= pad1= pad2= text= minpc= value= (scan)types : type SHA-224SHA-256SHA-384SHA-512Ed25519MD2-RSAMD5-RSAserial:::ffff:answersos/execruntime2.5.4.62.5.4.32.5.4.52.5.4.72.5.4.82.5.4.9avx512fosxsave#internG$, levelBits[level] = runtime: searchIdx = defer on system stackpanic on system stackasync stack too largestartm: m is spinningstartlockedm: m has pfindrunnable: wrong ppreempt at unknown pcreleasep: invalid argcheckdead: runnable gruntime: newstack at runtime:$, npages = tracealloc( p->status= in status idleprocs= gcwaiting= schedtick= timerslen= mallocing=bad timedivfloat64nan1float64nan2float64nan3float32nan2GOTRACEBACK) at entry+ (targetpc= , plugin: runtime: g : frame.sp=created by HTTPS_PROXYhttps_proxyMoveFil$] = pc=: p=cas1cas2cas3cas4cas5cas6 at m= sp= sp: lr: fp=) m=xn--ermssse3avx2bmi1bmi2asn1bitsNameTypecx16sse2false<nil>Error:***@Rangeallowrangehttpsclose:path%s %q%s=%sHTTP/socksFound&amp;&#34;&#39;writentohsMarchAprilmonthLocal+0530+0430+0545+0630+0330+08$] = (usageinit ms, fault tab= top=[...], fp:bad nsse41sse42ssse3SHA-1P-224P-256P-384P-521ECDSAGreek (at ClassStringFormat[]bytestringBasic CookieacceptcookieexpectoriginserverclosedExpectstatusPragmasocks Lockedactivesocks5CANCELGOAWAYPADDEDlistensocketSunday$bad summary dataruntime: addr = runtime: base = runtime: head = already; errno=runtime stack:invalid g statuscastogscanstatusbad g transitionschedule: in cgoreflect mismatch untyped locals missing stackmapbad symbol tablenon-Go function not in ranges:inva$runtime: levelShift[level] = doRecordGoroutineProfile gp1=timeBegin/EndPeriod not foundruntime: sudog with non-nil cgfput: bad status (not Gdead)LockOSThread nesting overflowsemacquire not on the G stackruntime: split stack overflowstring concatenation too lon$runtime: npages = runtime: range = {index out of rangeruntime: gp: gp=runtime: getg: g=forEachP: not done in async preemptbad manualFreeListruntime: textAddr cleantimers: bad p frames elided..., locked to threadruntime.semacreateruntime.semawakeupdecoding$runtime: p.searchAddr = range partially overlapsbad defer entry in panicbypassed recovery failedstack trace unavailablebindm in unexpected GOOSrunqsteal: runq overflowdouble traceGCSweepStartidna: disallowed rune %Uchacha20: wrong key sizex509: malformed vali$runtime: summary[runtime: level = , p.searchAddr = runtime.newosprocruntime/internal/thread exhaustionlocked m0 woke upentersyscallblock spinningthreads=gp.waiting != nilunknown caller pcstack: frame={sp:runtime: nameOff runtime: typeOff runtime: textOff Syste
          • API String ID: 0-4062963944
          • Opcode ID: 3db2beec586eaa063211c001e204b84b660399382cd4849b34f70cc8f6eec98e
          • Instruction ID: 450c877bce0cc37cee56e51607380a453250607742cd799a04a82f5ef1bca211
          • Opcode Fuzzy Hash: 3db2beec586eaa063211c001e204b84b660399382cd4849b34f70cc8f6eec98e
          • Instruction Fuzzy Hash: 2C326E77B39BC681FA60AB11E4417EAA325FB49B80F804532DE8D17B9ADE3CD445C760
          Uniqueness

          Uniqueness Score: -1.00%

          Strings
          • previous allocCount=, levelBits[level] = runtime: searchIdx = defer on system stackpanic on system stackasync stack too largestartm: m is spinningstartlockedm: m has pfindrunnable: wrong ppreempt at unknown pcreleasep: invalid argcheckdead: runnable gruntime:, xrefs: 00007FF775F368CF
          • sweep: tried to preserve a user arena spanruntime: blocked write on closing polldescacquireSudog: found s.elem != nil in cachefatal error: cgo callback before cgo callon a locked thread with no template threadunexpected signal during runtime executionpoly1305, xrefs: 00007FF775F367C6
          • mheap.sweepgen=runtime: nelems=workbuf is emptymSpanList.removemSpanList.insertbad special kindbad summary dataruntime: addr = runtime: base = runtime: head = already; errno=runtime stack:invalid g statuscastogscanstatusbad g transitionschedule: in cgorefl, xrefs: 00007FF775F36833, 00007FF775F36C05
          • sweep increased allocation countremovespecial on invalid pointerruntime: root level max pages = WSAGetOverlappedResult not found_cgo_pthread_key_created missingruntime: sudog with non-nil elemruntime: sudog with non-nil nextruntime: sudog with non-nil prevrunt, xrefs: 00007FF775F36919
          • mspan.sweep: bad span stateinvalid profile bucket typeruntime: corrupted polldescruntime: netpollinit failedcould not find QPC syscallsruntime: asyncPreemptStack=runtime: thread ID overflowstopTheWorld: holding locksgcstopm: not waiting for gcinternal lockOSTh, xrefs: 00007FF775F36C2A
          • mspan.sweep: m is not lockedfound pointer to free objectmheap.freeSpanLocked - span runtime.semasleep unexpectedfatal: morestack on gsignalruntime: casgstatus: oldval=gcstopm: negative nmspinningfindrunnable: netpoll with psave on system g not allowednewproc1, xrefs: 00007FF775F36C3B
          • mspan.sweep: bad span state after sweepruntime: blocked write on free polldescsuspendG from non-preemptible goroutineruntime: casfrom_Gscanstatus failed gp=stack growth not allowed in system calltraceback: unexpected SPWRITE function invalid indexed representa, xrefs: 00007FF775F36858
          • nalloc= nfreed=[signal newval= mcount= bytes, stack=[ minLC= maxpc= stack=[ minutes etypes if-rangeNO_PROXYno_proxyMD5+SHA1SHA3-224SHA3-256SHA3-384SHA3-512SHA1-RSADSA-SHA1x509sha1DNS nameClassANYQuestionnet/httpgo/build2.5.4.102.5.4.112.5.4.17avx512cdavx5, xrefs: 00007FF775F368B2
          • sweepgen= sweepgen , bound = , limit = tracefree(tracegc()exitThreadBad varintGC forced runqueue= stopwait= runqsize= gfreecnt= throwing= spinning=atomicand8float64nanfloat32nanException ptrSize= targetpc= until pc=unknown pcruntime: ggoroutine HTTP_PROXY, xrefs: 00007FF775F36818, 00007FF775F36BE5
          • swept cached spanmarkBits overflowruntime: summary[runtime: level = , p.searchAddr = runtime.newosprocruntime/internal/thread exhaustionlocked m0 woke upentersyscallblock spinningthreads=gp.waiting != nilunknown caller pcstack: frame={sp:runtime: nameOff runti, xrefs: 00007FF775F367D7
          Memory Dump Source
          • Source File: 00000000.00000002.1274885397.00007FF775F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF775F10000, based on PE: true
          • Associated: 00000000.00000002.1274865359.00007FF775F10000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275126150.00007FF77617A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275147767.00007FF77617E000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275173158.00007FF7761A1000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275190336.00007FF7761A7000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275207578.00007FF7761A8000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275223972.00007FF7761A9000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275241129.00007FF7761AB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275257490.00007FF7761AD000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776434000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF77645B000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776462000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776489000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276049563.00007FF776492000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276075284.00007FF776493000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276075284.00007FF776496000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276120553.00007FF776497000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff775f10000_PuTTy.jbxd
          Similarity
          • API ID:
          • String ID: mheap.sweepgen=runtime: nelems=workbuf is emptymSpanList.removemSpanList.insertbad special kindbad summary dataruntime: addr = runtime: base = runtime: head = already; errno=runtime stack:invalid g statuscastogscanstatusbad g transitionschedule: in cgorefl$ nalloc= nfreed=[signal newval= mcount= bytes, stack=[ minLC= maxpc= stack=[ minutes etypes if-rangeNO_PROXYno_proxyMD5+SHA1SHA3-224SHA3-256SHA3-384SHA3-512SHA1-RSADSA-SHA1x509sha1DNS nameClassANYQuestionnet/httpgo/build2.5.4.102.5.4.112.5.4.17avx512cdavx5$ previous allocCount=, levelBits[level] = runtime: searchIdx = defer on system stackpanic on system stackasync stack too largestartm: m is spinningstartlockedm: m has pfindrunnable: wrong ppreempt at unknown pcreleasep: invalid argcheckdead: runnable gruntime:$ sweepgen= sweepgen , bound = , limit = tracefree(tracegc()exitThreadBad varintGC forced runqueue= stopwait= runqsize= gfreecnt= throwing= spinning=atomicand8float64nanfloat32nanException ptrSize= targetpc= until pc=unknown pcruntime: ggoroutine HTTP_PROXY$mspan.sweep: bad span state after sweepruntime: blocked write on free polldescsuspendG from non-preemptible goroutineruntime: casfrom_Gscanstatus failed gp=stack growth not allowed in system calltraceback: unexpected SPWRITE function invalid indexed representa$mspan.sweep: bad span stateinvalid profile bucket typeruntime: corrupted polldescruntime: netpollinit failedcould not find QPC syscallsruntime: asyncPreemptStack=runtime: thread ID overflowstopTheWorld: holding locksgcstopm: not waiting for gcinternal lockOSTh$mspan.sweep: m is not lockedfound pointer to free objectmheap.freeSpanLocked - span runtime.semasleep unexpectedfatal: morestack on gsignalruntime: casgstatus: oldval=gcstopm: negative nmspinningfindrunnable: netpoll with psave on system g not allowednewproc1$sweep increased allocation countremovespecial on invalid pointerruntime: root level max pages = WSAGetOverlappedResult not found_cgo_pthread_key_created missingruntime: sudog with non-nil elemruntime: sudog with non-nil nextruntime: sudog with non-nil prevrunt$sweep: tried to preserve a user arena spanruntime: blocked write on closing polldescacquireSudog: found s.elem != nil in cachefatal error: cgo callback before cgo callon a locked thread with no template threadunexpected signal during runtime executionpoly1305$swept cached spanmarkBits overflowruntime: summary[runtime: level = , p.searchAddr = runtime.newosprocruntime/internal/thread exhaustionlocked m0 woke upentersyscallblock spinningthreads=gp.waiting != nilunknown caller pcstack: frame={sp:runtime: nameOff runti
          • API String ID: 0-4174013723
          • Opcode ID: dd59ef907015ad3ae028f65bccb02bff8d9ef310fc156e527700ec9f1207c1c2
          • Instruction ID: ed27ba5b24dc7ea81043d9e98fe46d2d023fec2b168b577181394a9f4d627720
          • Opcode Fuzzy Hash: dd59ef907015ad3ae028f65bccb02bff8d9ef310fc156e527700ec9f1207c1c2
          • Instruction Fuzzy Hash: 2A829173A3CAC685EB60AB11E4407BAB7A1FB45B84F855135EA8D03B99DF3CE454C720
          Uniqueness

          Uniqueness Score: -1.00%

          Strings
          • gc done but gcphase != _GCoffruntime: p.gcMarkWorkerMode= scanobject of a noscan objectruntime: marking free object addspecial on invalid pointerruntime: summary max pages = runtime: levelShift[level] = doRecordGoroutineProfile gp1=timeBegin/EndPeriod not foun, xrefs: 00007FF775F2C4E9
          • MB globals, work.nproc= work.nwait= nStackRoots= flushedWork double unlock s.spanclass= MB) workers=min too large-byte block (runtime: val=runtime: seq=fatal error: idlethreads= syscalltick=load64 failedxadd64 failedxchg64 failednil stackbase}sched={pc:, xrefs: 00007FF775F2C305
          • MB goal, s.state = s.base()= heapGoal=GOMEMLIMIT KiB now, pages at sweepgen= sweepgen , bound = , limit = tracefree(tracegc()exitThreadBad varintGC forced runqueue= stopwait= runqsize= gfreecnt= throwing= spinning=atomicand8float64nanfloat32nanException , xrefs: 00007FF775F2C2C5
          • failed to set sweep barrierwork.nwait was > work.nproc not in stack roots range [allocated pages below zero?address not a stack addressmspan.sweep: bad span stateinvalid profile bucket typeruntime: corrupted polldescruntime: netpollinit failedcould not find QP, xrefs: 00007FF775F2C4D8
          • ., xrefs: 00007FF775F2BE34
          • MB stacks, worker mode nDataRoots= nSpanRoots= wbuf1=<nil> wbuf2=<nil> gcscandone runtime: gp= found at *( s.elemsize= B (goal , cons/mark maxTrigger= pages/byte s.sweepgen= allocCount end tracegcbad g0 stackself-preempt [recovered]bad recoverybad g , xrefs: 00007FF775F2C2E5
          • gc %: gp *(in n= ) - P MPC= < end > ]:pc= G204206304400500adxaesshaavxfmaMD4MD5RSADSAURISET): TTLnetroottruePOSTEtag0x%xdateetagfromhostlinkvaryHostDatehttpgzip%xGone&lt;&gt;idle1080DATAPINGreadpipefileopenStatbindJuneJuly as hourEESTSASTAK, xrefs: 00007FF775F2BEB4
          • gcing MB, got= ... max=scav ptr ] = (usageinit ms, fault tab= top=[...], fp:bad nsse41sse42ssse3SHA-1P-224P-256P-384P-521ECDSAGreek (at ClassStringFormat[]bytestringBasic CookieacceptcookieexpectoriginserverclosedExpectstatusPragmasocks Lockedactivesocks5C, xrefs: 00007FF775F2B91A
          • ms cpu, (forced) wbuf1.n= wbuf2.n= s.limit= s.state= B work ( B exp.) marked unmarked in use), size = bad prune, tail = recover: not in [ctxt != 0, oldval=, newval= threads=: status= blocked= lockedg=atomicor8 runtime= m->curg=(unknown)traceback} stack=, xrefs: 00007FF775F2C24B
          • ms clock, nBSSRoots=runtime: P exp.) for minTrigger=GOMEMLIMIT=bad m value, elemsize= freeindex= span.list=, npages = tracealloc( p->status= in status idleprocs= gcwaiting= schedtick= timerslen= mallocing=bad timedivfloat64nan1float64nan2float64nan3float32, xrefs: 00007FF775F2C045
          Memory Dump Source
          • Source File: 00000000.00000002.1274885397.00007FF775F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF775F10000, based on PE: true
          • Associated: 00000000.00000002.1274865359.00007FF775F10000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275126150.00007FF77617A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275147767.00007FF77617E000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275173158.00007FF7761A1000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275190336.00007FF7761A7000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275207578.00007FF7761A8000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275223972.00007FF7761A9000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275241129.00007FF7761AB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275257490.00007FF7761AD000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776434000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF77645B000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776462000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776489000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276049563.00007FF776492000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276075284.00007FF776493000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276075284.00007FF776496000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276120553.00007FF776497000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff775f10000_PuTTy.jbxd
          Similarity
          • API ID:
          • String ID: MB globals, work.nproc= work.nwait= nStackRoots= flushedWork double unlock s.spanclass= MB) workers=min too large-byte block (runtime: val=runtime: seq=fatal error: idlethreads= syscalltick=load64 failedxadd64 failedxchg64 failednil stackbase}sched={pc:$ MB goal, s.state = s.base()= heapGoal=GOMEMLIMIT KiB now, pages at sweepgen= sweepgen , bound = , limit = tracefree(tracegc()exitThreadBad varintGC forced runqueue= stopwait= runqsize= gfreecnt= throwing= spinning=atomicand8float64nanfloat32nanException $ MB stacks, worker mode nDataRoots= nSpanRoots= wbuf1=<nil> wbuf2=<nil> gcscandone runtime: gp= found at *( s.elemsize= B (goal , cons/mark maxTrigger= pages/byte s.sweepgen= allocCount end tracegcbad g0 stackself-preempt [recovered]bad recoverybad g $ ms clock, nBSSRoots=runtime: P exp.) for minTrigger=GOMEMLIMIT=bad m value, elemsize= freeindex= span.list=, npages = tracealloc( p->status= in status idleprocs= gcwaiting= schedtick= timerslen= mallocing=bad timedivfloat64nan1float64nan2float64nan3float32$ ms cpu, (forced) wbuf1.n= wbuf2.n= s.limit= s.state= B work ( B exp.) marked unmarked in use), size = bad prune, tail = recover: not in [ctxt != 0, oldval=, newval= threads=: status= blocked= lockedg=atomicor8 runtime= m->curg=(unknown)traceback} stack=$.$failed to set sweep barrierwork.nwait was > work.nproc not in stack roots range [allocated pages below zero?address not a stack addressmspan.sweep: bad span stateinvalid profile bucket typeruntime: corrupted polldescruntime: netpollinit failedcould not find QP$gc %: gp *(in n= ) - P MPC= < end > ]:pc= G204206304400500adxaesshaavxfmaMD4MD5RSADSAURISET): TTLnetroottruePOSTEtag0x%xdateetagfromhostlinkvaryHostDatehttpgzip%xGone&lt;&gt;idle1080DATAPINGreadpipefileopenStatbindJuneJuly as hourEESTSASTAK$gc done but gcphase != _GCoffruntime: p.gcMarkWorkerMode= scanobject of a noscan objectruntime: marking free object addspecial on invalid pointerruntime: summary max pages = runtime: levelShift[level] = doRecordGoroutineProfile gp1=timeBegin/EndPeriod not foun$gcing MB, got= ... max=scav ptr ] = (usageinit ms, fault tab= top=[...], fp:bad nsse41sse42ssse3SHA-1P-224P-256P-384P-521ECDSAGreek (at ClassStringFormat[]bytestringBasic CookieacceptcookieexpectoriginserverclosedExpectstatusPragmasocks Lockedactivesocks5C
          • API String ID: 0-2256705910
          • Opcode ID: e77be2a7af6f414896d959af961b8905c40004360d7d1a32399497d972be4a78
          • Instruction ID: 350fe371915f892e7e1fc531dfb48df27cd1936a2fdcade6f6cdc0262eae39a6
          • Opcode Fuzzy Hash: e77be2a7af6f414896d959af961b8905c40004360d7d1a32399497d972be4a78
          • Instruction Fuzzy Hash: 6D623D73A3DBC285EA50BB16E8413BAB765EB49B80FC44131D98D537AADF2CE544C720
          Uniqueness

          Uniqueness Score: -1.00%

          Strings
          • runtime: frame runtimer: bad ptraceback stuckImpersonateSelfOpenThreadTokenRegCreateKeyExWRegDeleteValueW is unavailableinvalid integerinvalid boolean0601021504Z0700non-minimal tagunknown Go typereflectlite.Setinvalid pointerjstmpllitinterptarinsecurepathzipin, xrefs: 00007FF775F601D4, 00007FF775F6035A
          • untyped args out of range no module data in goroutine need more dataREQUEST_METHODModule32FirstWunreachable: RegSetValueExWdata truncatedResourceHeaderRCodeNameErrormime/multipartnegative updateaccept-encodingaccept-languagex-forwarded-forAccept-Encodingrec, xrefs: 00007FF775F601F7
          • args stack map entries for invalid runtime symbol tableruntime: no module data for [originating from goroutine invalid byte in chunk lengthinvalid proxy address %q: %vbig: misuse of expNNWindowedx509: invalid RSA public keyx509: invalid DSA public keyx509: in, xrefs: 00007FF775F60136
          • locals stack map entries for abi mismatch detected between runtime: impossible type kind unsafe.Slice: len out of rangeGODEBUG: unknown cpu feature "subtle.XORBytes: dst too shortcrypto/rsa: verification errorx509: invalid ECDSA parametersx509: SAN dNSName is, xrefs: 00007FF775F602C5
          • bad symbol tablenon-Go function not in ranges:invalid encodingDuplicateTokenExGetCurrentThreadRtlVirtualUnwindGODEBUG: value "division by zerolength too largeinvalid dns nameunpacking headerRCodeFormatErroravx512vpclmulqdq192.121.16.228:220123456789ABCDEFX01, xrefs: 00007FF775F6018A, 00007FF775F6031B
          • and tls: Earlyparsehostsfilesimap2imap3imapspop3sutf-8%s*%dtext/defersweepschedhchansudoggscanmheaptracepanicsleep cnt=gcing MB, got= ... max=scav ptr ] = (usageinit ms, fault tab= top=[...], fp:bad nsse41sse42ssse3SHA-1P-224P-256P-384P-521ECDSAGreek (at , xrefs: 00007FF775F6011B, 00007FF775F602A5
          • (targetpc= , plugin: runtime: g : frame.sp=created by HTTPS_PROXYhttps_proxyMoveFileExWNetShareAddNetShareDelSHA-512/224SHA-512/256BLAKE2s-256BLAKE2b-256BLAKE2b-384BLAKE2b-512authoritiesadditionalsClassHESIODgocachehashgocachetestarchive/tarcrypto/x509archive, xrefs: 00007FF775F60159, 00007FF775F602E8
          • missing stackmapbad symbol tablenon-Go function not in ranges:invalid encodingDuplicateTokenExGetCurrentThreadRtlVirtualUnwindGODEBUG: value "division by zerolength too largeinvalid dns nameunpacking headerRCodeFormatErroravx512vpclmulqdq192.121.16.228:22012, xrefs: 00007FF775F60239, 00007FF775F603CF
          • runtime: pcdata is bad ABI descriptiondodeltimer: wrong Padjusttimers: bad pevictCount overflowSetTokenInformationMultiByteToWideCharfile already existsfile does not existfile already closedunknown hash value negative coordinatex509: malformed OIDx509: trailin, xrefs: 00007FF775F600FD, 00007FF775F60287
          • untyped locals missing stackmapbad symbol tablenon-Go function not in ranges:invalid encodingDuplicateTokenExGetCurrentThreadRtlVirtualUnwindGODEBUG: value "division by zerolength too largeinvalid dns nameunpacking headerRCodeFormatErroravx512vpclmulqdq192., xrefs: 00007FF775F6037D
          Memory Dump Source
          • Source File: 00000000.00000002.1274885397.00007FF775F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF775F10000, based on PE: true
          • Associated: 00000000.00000002.1274865359.00007FF775F10000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275126150.00007FF77617A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275147767.00007FF77617E000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275173158.00007FF7761A1000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275190336.00007FF7761A7000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275207578.00007FF7761A8000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275223972.00007FF7761A9000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275241129.00007FF7761AB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275257490.00007FF7761AD000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776434000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF77645B000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776462000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776489000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276049563.00007FF776492000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276075284.00007FF776493000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276075284.00007FF776496000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276120553.00007FF776497000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff775f10000_PuTTy.jbxd
          Similarity
          • API ID:
          • String ID: (targetpc= , plugin: runtime: g : frame.sp=created by HTTPS_PROXYhttps_proxyMoveFileExWNetShareAddNetShareDelSHA-512/224SHA-512/256BLAKE2s-256BLAKE2b-256BLAKE2b-384BLAKE2b-512authoritiesadditionalsClassHESIODgocachehashgocachetestarchive/tarcrypto/x509archive$ and tls: Earlyparsehostsfilesimap2imap3imapspop3sutf-8%s*%dtext/defersweepschedhchansudoggscanmheaptracepanicsleep cnt=gcing MB, got= ... max=scav ptr ] = (usageinit ms, fault tab= top=[...], fp:bad nsse41sse42ssse3SHA-1P-224P-256P-384P-521ECDSAGreek (at $ args stack map entries for invalid runtime symbol tableruntime: no module data for [originating from goroutine invalid byte in chunk lengthinvalid proxy address %q: %vbig: misuse of expNNWindowedx509: invalid RSA public keyx509: invalid DSA public keyx509: in$ locals stack map entries for abi mismatch detected between runtime: impossible type kind unsafe.Slice: len out of rangeGODEBUG: unknown cpu feature "subtle.XORBytes: dst too shortcrypto/rsa: verification errorx509: invalid ECDSA parametersx509: SAN dNSName is$ untyped args out of range no module data in goroutine need more dataREQUEST_METHODModule32FirstWunreachable: RegSetValueExWdata truncatedResourceHeaderRCodeNameErrormime/multipartnegative updateaccept-encodingaccept-languagex-forwarded-forAccept-Encodingrec$ untyped locals missing stackmapbad symbol tablenon-Go function not in ranges:invalid encodingDuplicateTokenExGetCurrentThreadRtlVirtualUnwindGODEBUG: value "division by zerolength too largeinvalid dns nameunpacking headerRCodeFormatErroravx512vpclmulqdq192.$bad symbol tablenon-Go function not in ranges:invalid encodingDuplicateTokenExGetCurrentThreadRtlVirtualUnwindGODEBUG: value "division by zerolength too largeinvalid dns nameunpacking headerRCodeFormatErroravx512vpclmulqdq192.121.16.228:220123456789ABCDEFX01$missing stackmapbad symbol tablenon-Go function not in ranges:invalid encodingDuplicateTokenExGetCurrentThreadRtlVirtualUnwindGODEBUG: value "division by zerolength too largeinvalid dns nameunpacking headerRCodeFormatErroravx512vpclmulqdq192.121.16.228:22012$runtime: frame runtimer: bad ptraceback stuckImpersonateSelfOpenThreadTokenRegCreateKeyExWRegDeleteValueW is unavailableinvalid integerinvalid boolean0601021504Z0700non-minimal tagunknown Go typereflectlite.Setinvalid pointerjstmpllitinterptarinsecurepathzipin$runtime: pcdata is bad ABI descriptiondodeltimer: wrong Padjusttimers: bad pevictCount overflowSetTokenInformationMultiByteToWideCharfile already existsfile does not existfile already closedunknown hash value negative coordinatex509: malformed OIDx509: trailin
          • API String ID: 0-3617834852
          • Opcode ID: ac00e82b9245ce306a76b0eb8393c541605139a335cbd378f3ee2d0a5d4c14b1
          • Instruction ID: cfa1c1a93075a5195150501730aa56cbb9dc6c7ac025b1774d0913c452790592
          • Opcode Fuzzy Hash: ac00e82b9245ce306a76b0eb8393c541605139a335cbd378f3ee2d0a5d4c14b1
          • Instruction Fuzzy Hash: 9E025F3763CAC285EA60FB25E4807AAE365FB49B84F944131DA8D4379ADF3CE544C720
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.1274885397.00007FF775F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF775F10000, based on PE: true
          • Associated: 00000000.00000002.1274865359.00007FF775F10000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275126150.00007FF77617A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275147767.00007FF77617E000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275173158.00007FF7761A1000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275190336.00007FF7761A7000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275207578.00007FF7761A8000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275223972.00007FF7761A9000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275241129.00007FF7761AB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275257490.00007FF7761AD000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776434000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF77645B000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776462000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776489000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276049563.00007FF776492000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276075284.00007FF776493000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276075284.00007FF776496000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276120553.00007FF776497000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff775f10000_PuTTy.jbxd
          Similarity
          • API ID: malloc$ExceptionFilterInfoSleepStartupUnhandledmemcpystrlen
          • String ID:
          • API String ID: 649803965-0
          • Opcode ID: 9d28d8b69045d7985b2ee6a8b57febb3bec335bad0a8f40b9aea03016f51e93e
          • Instruction ID: 17290eac71d491ddc74870074f47508f6af561c82f20d112dd10298a3f0298e4
          • Opcode Fuzzy Hash: 9d28d8b69045d7985b2ee6a8b57febb3bec335bad0a8f40b9aea03016f51e93e
          • Instruction Fuzzy Hash: 2F817F37E39A8685FB50BF12E850BBAA3A1AF45B80FC44935DD0C47799DE2DE904C760
          Uniqueness

          Uniqueness Score: -1.00%

          Strings
          • runtime: marking free object addspecial on invalid pointerruntime: summary max pages = runtime: levelShift[level] = doRecordGoroutineProfile gp1=timeBegin/EndPeriod not foundruntime: sudog with non-nil cgfput: bad status (not Gdead)LockOSThread nesting overflo, xrefs: 00007FF775F30EA7
          • base of <==GOGC] = pc=: p=cas1cas2cas3cas4cas5cas6 at m= sp= sp: lr: fp=) m=xn--ermssse3avx2bmi1bmi2asn1bitsNameTypecx16sse2false<nil>Error:***@Rangeallowrangehttpsclose:path%s %q%s=%sHTTP/socksFound&amp;&#34;&#39;writentohsMarchAprilmonthLocal+0530+0430+0, xrefs: 00007FF775F30F1B
          • objgc %: gp *(in n= ) - P MPC= < end > ]:pc= G204206304400500adxaesshaavxfmaMD4MD5RSADSAURISET): TTLnetroottruePOSTEtag0x%xdateetagfromhostlinkvaryHostDatehttpgzip%xGone&lt;&gt;idle1080DATAPINGreadpipefileopenStatbindJuneJuly as hourEESTSAS, xrefs: 00007FF775F30F36
          • greyobject: obj not pointer-alignedmismatched begin/end of activeSweepmheap.freeSpanLocked - invalid freeattempt to clear non-empty span setruntime: close polldesc w/o unblockruntime: inconsistent read deadlinefindrunnable: netpoll with spinningpidleput: P has, xrefs: 00007FF775F30F6F
          • marking free object KiB work (eager), [controller reset]mspan.sweep: state=sysMemStat overflowbad sequence numberntdll.dll not foundwinmm.dll not foundruntime: g0 stack [missing deferreturnpanic during mallocpanic holding lockspanic during panic, g->atomics, xrefs: 00007FF775F30F5E
          • found at *( s.elemsize= B (goal , cons/mark maxTrigger= pages/byte s.sweepgen= allocCount end tracegcbad g0 stackself-preempt [recovered]bad recoverybad g statusentersyscallwirep: p->m=) p->status=releasep: m= sysmonwait= preemptoff=cas64 failed m->gs, xrefs: 00007FF775F30EC5
          Memory Dump Source
          • Source File: 00000000.00000002.1274885397.00007FF775F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF775F10000, based on PE: true
          • Associated: 00000000.00000002.1274865359.00007FF775F10000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275126150.00007FF77617A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275147767.00007FF77617E000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275173158.00007FF7761A1000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275190336.00007FF7761A7000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275207578.00007FF7761A8000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275223972.00007FF7761A9000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275241129.00007FF7761AB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275257490.00007FF7761AD000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776434000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF77645B000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776462000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776489000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276049563.00007FF776492000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276075284.00007FF776493000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276075284.00007FF776496000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276120553.00007FF776497000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff775f10000_PuTTy.jbxd
          Similarity
          • API ID:
          • String ID: found at *( s.elemsize= B (goal , cons/mark maxTrigger= pages/byte s.sweepgen= allocCount end tracegcbad g0 stackself-preempt [recovered]bad recoverybad g statusentersyscallwirep: p->m=) p->status=releasep: m= sysmonwait= preemptoff=cas64 failed m->gs$base of <==GOGC] = pc=: p=cas1cas2cas3cas4cas5cas6 at m= sp= sp: lr: fp=) m=xn--ermssse3avx2bmi1bmi2asn1bitsNameTypecx16sse2false<nil>Error:***@Rangeallowrangehttpsclose:path%s %q%s=%sHTTP/socksFound&amp;&#34;&#39;writentohsMarchAprilmonthLocal+0530+0430+0$greyobject: obj not pointer-alignedmismatched begin/end of activeSweepmheap.freeSpanLocked - invalid freeattempt to clear non-empty span setruntime: close polldesc w/o unblockruntime: inconsistent read deadlinefindrunnable: netpoll with spinningpidleput: P has$marking free object KiB work (eager), [controller reset]mspan.sweep: state=sysMemStat overflowbad sequence numberntdll.dll not foundwinmm.dll not foundruntime: g0 stack [missing deferreturnpanic during mallocpanic holding lockspanic during panic, g->atomics$objgc %: gp *(in n= ) - P MPC= < end > ]:pc= G204206304400500adxaesshaavxfmaMD4MD5RSADSAURISET): TTLnetroottruePOSTEtag0x%xdateetagfromhostlinkvaryHostDatehttpgzip%xGone&lt;&gt;idle1080DATAPINGreadpipefileopenStatbindJuneJuly as hourEESTSAS$runtime: marking free object addspecial on invalid pointerruntime: summary max pages = runtime: levelShift[level] = doRecordGoroutineProfile gp1=timeBegin/EndPeriod not foundruntime: sudog with non-nil cgfput: bad status (not Gdead)LockOSThread nesting overflo
          • API String ID: 0-3604055129
          • Opcode ID: 34d1639a8bd55bfebaf196c845dec2b5bf7fcd5d4b8825e325c0601f9ed961fe
          • Instruction ID: 03972546df5ef7b2164d83821d2834abd85e0a0d2771592b924aa5e7f64b11b7
          • Opcode Fuzzy Hash: 34d1639a8bd55bfebaf196c845dec2b5bf7fcd5d4b8825e325c0601f9ed961fe
          • Instruction Fuzzy Hash: 0B719363A38BC286FA50AB11E4403B9E765FB45F84F845136EE8D0779ACF2CE594C720
          Uniqueness

          Uniqueness Score: -1.00%

          Strings
          • sp= sp: lr: fp=) m=xn--ermssse3avx2bmi1bmi2asn1bitsNameTypecx16sse2false<nil>Error:***@Rangeallowrangehttpsclose:path%s %q%s=%sHTTP/socksFound&amp;&#34;&#39;writentohsMarchAprilmonthLocal+0530+0430+0545+0630+0330+0845+1030+1245+1345-09301562578125int16int32in, xrefs: 00007FF775F6B372
          • ...key???///%25Viaudpdns::1setcgoftpfinobjgc %: gp *(in n= ) - P MPC= < end > ]:pc= G204206304400500adxaesshaavxfmaMD4MD5RSADSAURISET): TTLnetroottruePOSTEtag0x%xdateetagfromhostlinkvaryHostDatehttpgzip%xGone&lt;&gt;idle1080DATAPINGrea, xrefs: 00007FF775F6B192
          • non-Go function at pc=hpack: string too longheader field %q = %q%sidna: invalid label %qRtlLookupFunctionEntryCreateEnvironmentBlock%SystemRoot%\system32\overflowing coordinateinvalid number base %dx509: malformed issuerzero length BIT STRINGreflectlite.Value., xrefs: 00007FF775F6B4A5
          • fp=) m=xn--ermssse3avx2bmi1bmi2asn1bitsNameTypecx16sse2false<nil>Error:***@Rangeallowrangehttpsclose:path%s %q%s=%sHTTP/socksFound&amp;&#34;&#39;writentohsMarchAprilmonthLocal+0530+0430+0545+0630+0330+0845+1030+1245+1345-09301562578125int16int32int64uint8arra, xrefs: 00007FF775F6B352
          • pc=: p=cas1cas2cas3cas4cas5cas6 at m= sp= sp: lr: fp=) m=xn--ermssse3avx2bmi1bmi2asn1bitsNameTypecx16sse2false<nil>Error:***@Rangeallowrangehttpsclose:path%s %q%s=%sHTTP/socksFound&amp;&#34;&#39;writentohsMarchAprilmonthLocal+0530+0430+0545+0630+0330+0845+1, xrefs: 00007FF775F6B392
          Memory Dump Source
          • Source File: 00000000.00000002.1274885397.00007FF775F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF775F10000, based on PE: true
          • Associated: 00000000.00000002.1274865359.00007FF775F10000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275126150.00007FF77617A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275147767.00007FF77617E000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275173158.00007FF7761A1000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275190336.00007FF7761A7000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275207578.00007FF7761A8000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275223972.00007FF7761A9000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275241129.00007FF7761AB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275257490.00007FF7761AD000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776434000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF77645B000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776462000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776489000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276049563.00007FF776492000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276075284.00007FF776493000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276075284.00007FF776496000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276120553.00007FF776497000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff775f10000_PuTTy.jbxd
          Similarity
          • API ID:
          • String ID: fp=) m=xn--ermssse3avx2bmi1bmi2asn1bitsNameTypecx16sse2false<nil>Error:***@Rangeallowrangehttpsclose:path%s %q%s=%sHTTP/socksFound&amp;&#34;&#39;writentohsMarchAprilmonthLocal+0530+0430+0545+0630+0330+0845+1030+1245+1345-09301562578125int16int32int64uint8arra$ pc=: p=cas1cas2cas3cas4cas5cas6 at m= sp= sp: lr: fp=) m=xn--ermssse3avx2bmi1bmi2asn1bitsNameTypecx16sse2false<nil>Error:***@Rangeallowrangehttpsclose:path%s %q%s=%sHTTP/socksFound&amp;&#34;&#39;writentohsMarchAprilmonthLocal+0530+0430+0545+0630+0330+0845+1$ sp= sp: lr: fp=) m=xn--ermssse3avx2bmi1bmi2asn1bitsNameTypecx16sse2false<nil>Error:***@Rangeallowrangehttpsclose:path%s %q%s=%sHTTP/socksFound&amp;&#34;&#39;writentohsMarchAprilmonthLocal+0530+0430+0545+0630+0330+0845+1030+1245+1345-09301562578125int16int32in$...key???///%25Viaudpdns::1setcgoftpfinobjgc %: gp *(in n= ) - P MPC= < end > ]:pc= G204206304400500adxaesshaavxfmaMD4MD5RSADSAURISET): TTLnetroottruePOSTEtag0x%xdateetagfromhostlinkvaryHostDatehttpgzip%xGone&lt;&gt;idle1080DATAPINGrea$non-Go function at pc=hpack: string too longheader field %q = %q%sidna: invalid label %qRtlLookupFunctionEntryCreateEnvironmentBlock%SystemRoot%\system32\overflowing coordinateinvalid number base %dx509: malformed issuerzero length BIT STRINGreflectlite.Value.
          • API String ID: 0-1984337319
          • Opcode ID: bfb9cda0d6dcfe69d6730e784b1b3acb51f86123160cb9a2ee2edd7b6a44c36c
          • Instruction ID: 048270a0e805a2d462d66b954cf32e768f7120ede912d4dfa981888c0efd2918
          • Opcode Fuzzy Hash: bfb9cda0d6dcfe69d6730e784b1b3acb51f86123160cb9a2ee2edd7b6a44c36c
          • Instruction Fuzzy Hash: 18222C3363DBC185E660AB11E4847AAE761FB89B84F944235EACD07B9ACF3CD444CB10
          Uniqueness

          Uniqueness Score: -1.00%

          Strings
          • suspendG from non-preemptible goroutineruntime: casfrom_Gscanstatus failed gp=stack growth not allowed in system calltraceback: unexpected SPWRITE function invalid indexed representation index %dcipher: incorrect tag size given to GCMecdsa: public key point is, xrefs: 00007FF775F4954A
          • , goid= s=nil (scan MB in pacer: % CPU ( zombie, j0 = head = panic: nmsys= locks= dying= allocs m->g0= pad1= pad2= text= minpc= value= (scan)types : type SHA-224SHA-256SHA-384SHA-512Ed25519MD2-RSAMD5-RSAserial:::ffff:answersos/execruntime2.5.4.62.5.4.32, xrefs: 00007FF775F4946F, 00007FF775F494F7
          • runtime: gp: gp=runtime: getg: g=forEachP: not done in async preemptbad manualFreeListruntime: textAddr cleantimers: bad p frames elided..., locked to threadruntime.semacreateruntime.semawakeupdecoding error: %vGetComputerNameExWGetModuleFileNameWuse of c, xrefs: 00007FF775F49451
          • , gp->atomicstatus=marking free object KiB work (eager), [controller reset]mspan.sweep: state=sysMemStat overflowbad sequence numberntdll.dll not foundwinmm.dll not foundruntime: g0 stack [missing deferreturnpanic during mallocpanic holding lockspanic during , xrefs: 00007FF775F4948F
          • invalid g statuscastogscanstatusbad g transitionschedule: in cgoreflect mismatch untyped locals missing stackmapbad symbol tablenon-Go function not in ranges:invalid encodingDuplicateTokenExGetCurrentThreadRtlVirtualUnwindGODEBUG: value "division by zeroleng, xrefs: 00007FF775F49539
          Memory Dump Source
          • Source File: 00000000.00000002.1274885397.00007FF775F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF775F10000, based on PE: true
          • Associated: 00000000.00000002.1274865359.00007FF775F10000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275126150.00007FF77617A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275147767.00007FF77617E000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275173158.00007FF7761A1000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275190336.00007FF7761A7000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275207578.00007FF7761A8000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275223972.00007FF7761A9000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275241129.00007FF7761AB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275257490.00007FF7761AD000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776434000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF77645B000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776462000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776489000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276049563.00007FF776492000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276075284.00007FF776493000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276075284.00007FF776496000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276120553.00007FF776497000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff775f10000_PuTTy.jbxd
          Similarity
          • API ID:
          • String ID: , goid= s=nil (scan MB in pacer: % CPU ( zombie, j0 = head = panic: nmsys= locks= dying= allocs m->g0= pad1= pad2= text= minpc= value= (scan)types : type SHA-224SHA-256SHA-384SHA-512Ed25519MD2-RSAMD5-RSAserial:::ffff:answersos/execruntime2.5.4.62.5.4.32$, gp->atomicstatus=marking free object KiB work (eager), [controller reset]mspan.sweep: state=sysMemStat overflowbad sequence numberntdll.dll not foundwinmm.dll not foundruntime: g0 stack [missing deferreturnpanic during mallocpanic holding lockspanic during $invalid g statuscastogscanstatusbad g transitionschedule: in cgoreflect mismatch untyped locals missing stackmapbad symbol tablenon-Go function not in ranges:invalid encodingDuplicateTokenExGetCurrentThreadRtlVirtualUnwindGODEBUG: value "division by zeroleng$runtime: gp: gp=runtime: getg: g=forEachP: not done in async preemptbad manualFreeListruntime: textAddr cleantimers: bad p frames elided..., locked to threadruntime.semacreateruntime.semawakeupdecoding error: %vGetComputerNameExWGetModuleFileNameWuse of c$suspendG from non-preemptible goroutineruntime: casfrom_Gscanstatus failed gp=stack growth not allowed in system calltraceback: unexpected SPWRITE function invalid indexed representation index %dcipher: incorrect tag size given to GCMecdsa: public key point is
          • API String ID: 0-956697974
          • Opcode ID: 57993fe9ea1cd9c778d63f1d79ea4f06ae8652e0dd7f2565b2a327d64f355945
          • Instruction ID: 30ba6e27a63d19f1e53bc217e228c91622f783fb2d629d237a11d2a1b587bea2
          • Opcode Fuzzy Hash: 57993fe9ea1cd9c778d63f1d79ea4f06ae8652e0dd7f2565b2a327d64f355945
          • Instruction Fuzzy Hash: A1E13033A3C7C186E750EB15E541A7AFB65EB85F90F844175EA9D03B9ACF2CE5408B20
          Uniqueness

          Uniqueness Score: -1.00%

          Strings
          • lfstack.push span.limit= span.state=bad flushGen MB stacks, worker mode nDataRoots= nSpanRoots= wbuf1=<nil> wbuf2=<nil> gcscandone runtime: gp= found at *( s.elemsize= B (goal , cons/mark maxTrigger= pages/byte s.sweepgen= allocCount end tracegcbad g0, xrefs: 00007FF775F1C4AF
          • cnt=gcing MB, got= ... max=scav ptr ] = (usageinit ms, fault tab= top=[...], fp:bad nsse41sse42ssse3SHA-1P-224P-256P-384P-521ECDSAGreek (at ClassStringFormat[]bytestringBasic CookieacceptcookieexpectoriginserverclosedExpectstatusPragmasocks Lockedactiveso, xrefs: 00007FF775F1C445
          • packed=BAD RANK status unknown(trigger= npages= nalloc= nfreed=[signal newval= mcount= bytes, stack=[ minLC= maxpc= stack=[ minutes etypes if-rangeNO_PROXYno_proxyMD5+SHA1SHA3-224SHA3-256SHA3-384SHA3-512SHA1-RSADSA-SHA1x509sha1DNS nameClassANYQuestionnet/, xrefs: 00007FF775F1C465
          • -> node= ms cpu, (forced) wbuf1.n= wbuf2.n= s.limit= s.state= B work ( B exp.) marked unmarked in use), size = bad prune, tail = recover: not in [ctxt != 0, oldval=, newval= threads=: status= blocked= lockedg=atomicor8 runtime= m->curg=(unknown)tracebac, xrefs: 00007FF775F1C485
          • runtime: lfstack.push invalid packing: node=out of memory allocating heap arena metadata/cpu/classes/scavenge/background:cpu-secondsruntime: unexpected metric registration for gcmarknewobject called while doing checkmarkactive sweepers found at start of mark p, xrefs: 00007FF775F1C425
          Memory Dump Source
          • Source File: 00000000.00000002.1274885397.00007FF775F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF775F10000, based on PE: true
          • Associated: 00000000.00000002.1274865359.00007FF775F10000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275126150.00007FF77617A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275147767.00007FF77617E000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275173158.00007FF7761A1000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275190336.00007FF7761A7000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275207578.00007FF7761A8000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275223972.00007FF7761A9000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275241129.00007FF7761AB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275257490.00007FF7761AD000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776434000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF77645B000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776462000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776489000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276049563.00007FF776492000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276075284.00007FF776493000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276075284.00007FF776496000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276120553.00007FF776497000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff775f10000_PuTTy.jbxd
          Similarity
          • API ID:
          • String ID: -> node= ms cpu, (forced) wbuf1.n= wbuf2.n= s.limit= s.state= B work ( B exp.) marked unmarked in use), size = bad prune, tail = recover: not in [ctxt != 0, oldval=, newval= threads=: status= blocked= lockedg=atomicor8 runtime= m->curg=(unknown)tracebac$ cnt=gcing MB, got= ... max=scav ptr ] = (usageinit ms, fault tab= top=[...], fp:bad nsse41sse42ssse3SHA-1P-224P-256P-384P-521ECDSAGreek (at ClassStringFormat[]bytestringBasic CookieacceptcookieexpectoriginserverclosedExpectstatusPragmasocks Lockedactiveso$ packed=BAD RANK status unknown(trigger= npages= nalloc= nfreed=[signal newval= mcount= bytes, stack=[ minLC= maxpc= stack=[ minutes etypes if-rangeNO_PROXYno_proxyMD5+SHA1SHA3-224SHA3-256SHA3-384SHA3-512SHA1-RSADSA-SHA1x509sha1DNS nameClassANYQuestionnet/$lfstack.push span.limit= span.state=bad flushGen MB stacks, worker mode nDataRoots= nSpanRoots= wbuf1=<nil> wbuf2=<nil> gcscandone runtime: gp= found at *( s.elemsize= B (goal , cons/mark maxTrigger= pages/byte s.sweepgen= allocCount end tracegcbad g0$runtime: lfstack.push invalid packing: node=out of memory allocating heap arena metadata/cpu/classes/scavenge/background:cpu-secondsruntime: unexpected metric registration for gcmarknewobject called while doing checkmarkactive sweepers found at start of mark p
          • API String ID: 0-1933805
          • Opcode ID: 3856d985c366afca65e3fd49458a52b0cb318e9eb278dbca97dbdc71d64d9920
          • Instruction ID: 6b72f3926187477ed67d5cdf78af0fe4717c43638a7d1049fa9ef25e24251221
          • Opcode Fuzzy Hash: 3856d985c366afca65e3fd49458a52b0cb318e9eb278dbca97dbdc71d64d9920
          • Instruction Fuzzy Hash: A1313033A39BC686E600BF10E8415B9E764EB49B80FC85931EE8D477AADF3CD4518720
          Uniqueness

          Uniqueness Score: -1.00%

          Strings
          • findrunnable: negative nmspinningfreeing stack not in a stack spanstackalloc not on scheduler stackruntime: goroutine stack exceeds runtime: text offset out of rangetimer period must be non-negativeruntime: name offset out of rangeruntime: type offset out of r, xrefs: 00007FF775F508FD
          • findrunnable: wrong ppreempt at unknown pcreleasep: invalid argcheckdead: runnable gruntime: newstack at runtime: newstack sp=runtime: confused by pcHeader.textStart= timer data corruptionAdjustTokenPrivilegesLookupPrivilegeValueWNetUserGetLocalGroupsGetProfi, xrefs: 00007FF775F5090E
          • findrunnable: netpoll with spinningpidleput: P has non-empty run queuetraceback did not unwind completelyruntime: createevent failed; errno=hpack: invalid Huffman-encoded datadynamic table size update too largefile type does not support deadlinechacha20: outpu, xrefs: 00007FF775F508DB
          • findrunnable: netpoll with psave on system g not allowednewproc1: newg missing stacknewproc1: new g is not GdeadFixedStack is not power-of-2missing stack in shrinkstack args stack map entries for invalid runtime symbol tableruntime: no module data for [origina, xrefs: 00007FF775F508EC
          Memory Dump Source
          • Source File: 00000000.00000002.1274885397.00007FF775F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF775F10000, based on PE: true
          • Associated: 00000000.00000002.1274865359.00007FF775F10000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275126150.00007FF77617A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275147767.00007FF77617E000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275173158.00007FF7761A1000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275190336.00007FF7761A7000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275207578.00007FF7761A8000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275223972.00007FF7761A9000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275241129.00007FF7761AB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275257490.00007FF7761AD000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776434000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF77645B000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776462000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776489000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276049563.00007FF776492000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276075284.00007FF776493000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276075284.00007FF776496000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276120553.00007FF776497000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff775f10000_PuTTy.jbxd
          Similarity
          • API ID:
          • String ID: findrunnable: negative nmspinningfreeing stack not in a stack spanstackalloc not on scheduler stackruntime: goroutine stack exceeds runtime: text offset out of rangetimer period must be non-negativeruntime: name offset out of rangeruntime: type offset out of r$findrunnable: netpoll with psave on system g not allowednewproc1: newg missing stacknewproc1: new g is not GdeadFixedStack is not power-of-2missing stack in shrinkstack args stack map entries for invalid runtime symbol tableruntime: no module data for [origina$findrunnable: netpoll with spinningpidleput: P has non-empty run queuetraceback did not unwind completelyruntime: createevent failed; errno=hpack: invalid Huffman-encoded datadynamic table size update too largefile type does not support deadlinechacha20: outpu$findrunnable: wrong ppreempt at unknown pcreleasep: invalid argcheckdead: runnable gruntime: newstack at runtime: newstack sp=runtime: confused by pcHeader.textStart= timer data corruptionAdjustTokenPrivilegesLookupPrivilegeValueWNetUserGetLocalGroupsGetProfi
          • API String ID: 0-1197349456
          • Opcode ID: 459d80f7625579ffe4d1fcada37b87dfe7f26062653bef9645261ddead5b1299
          • Instruction ID: f7990849ed048665cd1e26d764a80826c111125facf4a7f6879c7d9ef697beb0
          • Opcode Fuzzy Hash: 459d80f7625579ffe4d1fcada37b87dfe7f26062653bef9645261ddead5b1299
          • Instruction Fuzzy Hash: 0B728233A3D6C285EB60AB16E8403BAE764EB85F90F845035DA4C17B99DF3CE585C760
          Uniqueness

          Uniqueness Score: -1.00%

          Strings
          • flushGen MB goal, s.state = s.base()= heapGoal=GOMEMLIMIT KiB now, pages at sweepgen= sweepgen , bound = , limit = tracefree(tracegc()exitThreadBad varintGC forced runqueue= stopwait= runqsize= gfreecnt= throwing= spinning=atomicand8float64nanfloat32nan, xrefs: 00007FF775F2B375
          • runtime: p ms clock, nBSSRoots=runtime: P exp.) for minTrigger=GOMEMLIMIT=bad m value, elemsize= freeindex= span.list=, npages = tracealloc( p->status= in status idleprocs= gcwaiting= schedtick= timerslen= mallocing=bad timedivfloat64nan1float64nan2float64, xrefs: 00007FF775F2B35A
          • p mcache not flushed markroot jobs donepacer: assist ratio=workbuf is not emptybad use of bucket.mpbad use of bucket.bpruntime: double waitws2_32.dll not foundpreempt off reason: forcegc: phase errorgopark: bad g statusgo of nil func valuewirep: already in go, xrefs: 00007FF775F2B3B8
          • != sweepgen MB globals, work.nproc= work.nwait= nStackRoots= flushedWork double unlock s.spanclass= MB) workers=min too large-byte block (runtime: val=runtime: seq=fatal error: idlethreads= syscalltick=load64 failedxadd64 failedxchg64 failednil stackbase, xrefs: 00007FF775F2B390
          Memory Dump Source
          • Source File: 00000000.00000002.1274885397.00007FF775F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF775F10000, based on PE: true
          • Associated: 00000000.00000002.1274865359.00007FF775F10000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275126150.00007FF77617A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275147767.00007FF77617E000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275173158.00007FF7761A1000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275190336.00007FF7761A7000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275207578.00007FF7761A8000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275223972.00007FF7761A9000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275241129.00007FF7761AB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275257490.00007FF7761AD000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776434000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF77645B000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776462000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776489000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276049563.00007FF776492000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276075284.00007FF776493000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276075284.00007FF776496000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276120553.00007FF776497000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff775f10000_PuTTy.jbxd
          Similarity
          • API ID:
          • String ID: != sweepgen MB globals, work.nproc= work.nwait= nStackRoots= flushedWork double unlock s.spanclass= MB) workers=min too large-byte block (runtime: val=runtime: seq=fatal error: idlethreads= syscalltick=load64 failedxadd64 failedxchg64 failednil stackbase$ flushGen MB goal, s.state = s.base()= heapGoal=GOMEMLIMIT KiB now, pages at sweepgen= sweepgen , bound = , limit = tracefree(tracegc()exitThreadBad varintGC forced runqueue= stopwait= runqsize= gfreecnt= throwing= spinning=atomicand8float64nanfloat32nan$p mcache not flushed markroot jobs donepacer: assist ratio=workbuf is not emptybad use of bucket.mpbad use of bucket.bpruntime: double waitws2_32.dll not foundpreempt off reason: forcegc: phase errorgopark: bad g statusgo of nil func valuewirep: already in go$runtime: p ms clock, nBSSRoots=runtime: P exp.) for minTrigger=GOMEMLIMIT=bad m value, elemsize= freeindex= span.list=, npages = tracealloc( p->status= in status idleprocs= gcwaiting= schedtick= timerslen= mallocing=bad timedivfloat64nan1float64nan2float64
          • API String ID: 0-3993034679
          • Opcode ID: 4d357d1d600e82de21b7afe64a60f45d7664b357b80bd4aede827da8016388e3
          • Instruction ID: 7182ca83fd1c1e1d75af481a1680f65290d91691258b603055b1412d8bc441a9
          • Opcode Fuzzy Hash: 4d357d1d600e82de21b7afe64a60f45d7664b357b80bd4aede827da8016388e3
          • Instruction Fuzzy Hash: ABE15073A3DB8286EB44AB25E84026EF761FB49B90F844135DA5D437A9DF3CE944C720
          Uniqueness

          Uniqueness Score: -1.00%

          Strings
          • casgstatus: waiting for Gwaiting but is Grunnableecdsa: internal error: truncated hash is too longcrypto/elliptic: internal error: invalid encodingx509: invalid RDNSequence: invalid attribute typex509: Ed25519 key encoded with illegal parameterschacha20poly130, xrefs: 00007FF775F4CFBB
          • newval= mcount= bytes, stack=[ minLC= maxpc= stack=[ minutes etypes if-rangeNO_PROXYno_proxyMD5+SHA1SHA3-224SHA3-256SHA3-384SHA3-512SHA1-RSADSA-SHA1x509sha1DNS nameClassANYQuestionnet/httpgo/build2.5.4.102.5.4.112.5.4.17avx512cdavx512eravx512pfavx512vlavx5, xrefs: 00007FF775F4D025
          • runtime: casgstatus: oldval=gcstopm: negative nmspinningfindrunnable: netpoll with psave on system g not allowednewproc1: newg missing stacknewproc1: new g is not GdeadFixedStack is not power-of-2missing stack in shrinkstack args stack map entries for invalid , xrefs: 00007FF775F4D007
          • casgstatus: bad incoming valuesresetspinning: not a spinning mentersyscallblock inconsistent runtime: split stack overflow: ...additional frames elided...unsafe.String: len out of rangex509: malformed GeneralizedTimex509: invalid basic constraintsx509: malfor, xrefs: 00007FF775F4D04F
          Memory Dump Source
          • Source File: 00000000.00000002.1274885397.00007FF775F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF775F10000, based on PE: true
          • Associated: 00000000.00000002.1274865359.00007FF775F10000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275126150.00007FF77617A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275147767.00007FF77617E000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275173158.00007FF7761A1000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275190336.00007FF7761A7000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275207578.00007FF7761A8000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275223972.00007FF7761A9000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275241129.00007FF7761AB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275257490.00007FF7761AD000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776434000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF77645B000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776462000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776489000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276049563.00007FF776492000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276075284.00007FF776493000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276075284.00007FF776496000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276120553.00007FF776497000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff775f10000_PuTTy.jbxd
          Similarity
          • API ID:
          • String ID: newval= mcount= bytes, stack=[ minLC= maxpc= stack=[ minutes etypes if-rangeNO_PROXYno_proxyMD5+SHA1SHA3-224SHA3-256SHA3-384SHA3-512SHA1-RSADSA-SHA1x509sha1DNS nameClassANYQuestionnet/httpgo/build2.5.4.102.5.4.112.5.4.17avx512cdavx512eravx512pfavx512vlavx5$casgstatus: bad incoming valuesresetspinning: not a spinning mentersyscallblock inconsistent runtime: split stack overflow: ...additional frames elided...unsafe.String: len out of rangex509: malformed GeneralizedTimex509: invalid basic constraintsx509: malfor$casgstatus: waiting for Gwaiting but is Grunnableecdsa: internal error: truncated hash is too longcrypto/elliptic: internal error: invalid encodingx509: invalid RDNSequence: invalid attribute typex509: Ed25519 key encoded with illegal parameterschacha20poly130$runtime: casgstatus: oldval=gcstopm: negative nmspinningfindrunnable: netpoll with psave on system g not allowednewproc1: newg missing stacknewproc1: new g is not GdeadFixedStack is not power-of-2missing stack in shrinkstack args stack map entries for invalid
          • API String ID: 0-2589707916
          • Opcode ID: abaa8f00015929c6802137067a68baa2f392418446e2be6dbf39b3681ba6e594
          • Instruction ID: b07d8fd0dbac2c9dc34ca7c6dea60e6db6914b580bdc1230cc859be52081fa10
          • Opcode Fuzzy Hash: abaa8f00015929c6802137067a68baa2f392418446e2be6dbf39b3681ba6e594
          • Instruction Fuzzy Hash: EBC17137A39A8285E614EF26D44176AF761FB4AF90F849132DA5C43799CF3DE441CB20
          Uniqueness

          Uniqueness Score: -1.00%

          Strings
          • runtime., xrefs: 00007FF775F49A1B
          • reflect., xrefs: 00007FF775F49A7B
          • runtime/internal/thread exhaustionlocked m0 woke upentersyscallblock spinningthreads=gp.waiting != nilunknown caller pcstack: frame={sp:runtime: nameOff runtime: typeOff runtime: textOff SystemFunction036RegLoadMUIStringW%%!%c(big.Int=%s)invalid BMPStringinval, xrefs: 00007FF775F49A54
          • bad restart PC-thread limitstopm spinning nmidlelocked= needspinning=store64 failedsemaRoot queuebad allocCountbad span statestack overflow untyped args out of range no module data in goroutine need more dataREQUEST_METHODModule32FirstWunreachable: RegSetVa, xrefs: 00007FF775F49B45
          Memory Dump Source
          • Source File: 00000000.00000002.1274885397.00007FF775F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF775F10000, based on PE: true
          • Associated: 00000000.00000002.1274865359.00007FF775F10000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275126150.00007FF77617A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275147767.00007FF77617E000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275173158.00007FF7761A1000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275190336.00007FF7761A7000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275207578.00007FF7761A8000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275223972.00007FF7761A9000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275241129.00007FF7761AB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275257490.00007FF7761AD000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776434000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF77645B000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776462000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776489000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276049563.00007FF776492000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276075284.00007FF776493000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276075284.00007FF776496000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276120553.00007FF776497000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff775f10000_PuTTy.jbxd
          Similarity
          • API ID:
          • String ID: bad restart PC-thread limitstopm spinning nmidlelocked= needspinning=store64 failedsemaRoot queuebad allocCountbad span statestack overflow untyped args out of range no module data in goroutine need more dataREQUEST_METHODModule32FirstWunreachable: RegSetVa$reflect.$runtime.$runtime/internal/thread exhaustionlocked m0 woke upentersyscallblock spinningthreads=gp.waiting != nilunknown caller pcstack: frame={sp:runtime: nameOff runtime: typeOff runtime: textOff SystemFunction036RegLoadMUIStringW%%!%c(big.Int=%s)invalid BMPStringinval
          • API String ID: 0-3279910817
          • Opcode ID: 28187a6240e09010e983808f967cc91d3412a2021f2642f630a539f2f0024913
          • Instruction ID: ac8a14c1933b43d5d8b697c04e6e53610f3ff8411dfd1d493929b007f5b16bc0
          • Opcode Fuzzy Hash: 28187a6240e09010e983808f967cc91d3412a2021f2642f630a539f2f0024913
          • Instruction Fuzzy Hash: 0981A733B3868186EB60AF109140BBEE391FB85F94F988135DA9D47784DF3CE9918720
          Uniqueness

          Uniqueness Score: -1.00%

          Strings
          • (scan MB in pacer: % CPU ( zombie, j0 = head = panic: nmsys= locks= dying= allocs m->g0= pad1= pad2= text= minpc= value= (scan)types : type SHA-224SHA-256SHA-384SHA-512Ed25519MD2-RSAMD5-RSAserial:::ffff:answersos/execruntime2.5.4.62.5.4.32.5.4.52.5.4.72, xrefs: 00007FF775F318A5
          • MB) workers=min too large-byte block (runtime: val=runtime: seq=fatal error: idlethreads= syscalltick=load64 failedxadd64 failedxchg64 failednil stackbase}sched={pc:, gp->status= pluginpath= : unknown pc called from gzip, deflateGetTempPath2WModule32NextW, xrefs: 00007FF775F31905
          • pacer: assist ratio=workbuf is not emptybad use of bucket.mpbad use of bucket.bpruntime: double waitws2_32.dll not foundpreempt off reason: forcegc: phase errorgopark: bad g statusgo of nil func valuewirep: already in goselectgo: bad wakeupsemaRoot rotateRight, xrefs: 00007FF775F31886
          Memory Dump Source
          • Source File: 00000000.00000002.1274885397.00007FF775F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF775F10000, based on PE: true
          • Associated: 00000000.00000002.1274865359.00007FF775F10000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275126150.00007FF77617A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275147767.00007FF77617E000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275173158.00007FF7761A1000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275190336.00007FF7761A7000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275207578.00007FF7761A8000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275223972.00007FF7761A9000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275241129.00007FF7761AB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275257490.00007FF7761AD000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776434000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF77645B000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776462000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776489000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276049563.00007FF776492000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276075284.00007FF776493000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276075284.00007FF776496000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276120553.00007FF776497000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff775f10000_PuTTy.jbxd
          Similarity
          • API ID:
          • String ID: (scan MB in pacer: % CPU ( zombie, j0 = head = panic: nmsys= locks= dying= allocs m->g0= pad1= pad2= text= minpc= value= (scan)types : type SHA-224SHA-256SHA-384SHA-512Ed25519MD2-RSAMD5-RSAserial:::ffff:answersos/execruntime2.5.4.62.5.4.32.5.4.52.5.4.72$ MB) workers=min too large-byte block (runtime: val=runtime: seq=fatal error: idlethreads= syscalltick=load64 failedxadd64 failedxchg64 failednil stackbase}sched={pc:, gp->status= pluginpath= : unknown pc called from gzip, deflateGetTempPath2WModule32NextW$pacer: assist ratio=workbuf is not emptybad use of bucket.mpbad use of bucket.bpruntime: double waitws2_32.dll not foundpreempt off reason: forcegc: phase errorgopark: bad g statusgo of nil func valuewirep: already in goselectgo: bad wakeupsemaRoot rotateRight
          • API String ID: 0-993857517
          • Opcode ID: 215edbf313a6bf950c97d45009199267261b342e1997cb594dfe546982cef081
          • Instruction ID: 4f9cdb3913d5e84e07dce254e92cfa644311539253b705fe4a1901b1d9143eec
          • Opcode Fuzzy Hash: 215edbf313a6bf950c97d45009199267261b342e1997cb594dfe546982cef081
          • Instruction Fuzzy Hash: 3F81A13393CF9585E641FB25D8406BAE765FF8AB80F848631E98D1766ACF2CE441C760
          Uniqueness

          Uniqueness Score: -1.00%

          Strings
          • selectgo: bad wakeupsemaRoot rotateRightreflect.makeFuncStubdodeltimer0: wrong Ptrace: out of memoryheader line too longGetAdaptersAddressesGetProcessMemoryInfonumber has no digitsx509usefallbackrootsgetCert can't be nilinvalid UTF-8 stringx509: malformed spki, xrefs: 00007FF775F5A0DB
          • gp.waiting != nilunknown caller pcstack: frame={sp:runtime: nameOff runtime: typeOff runtime: textOff SystemFunction036RegLoadMUIStringW%%!%c(big.Int=%s)invalid BMPStringinvalid IA5Stringinteger too large060102150405Z0700CelestialCodes.exebufio: buffer fullref, xrefs: 00007FF775F5A105
          Memory Dump Source
          • Source File: 00000000.00000002.1274885397.00007FF775F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF775F10000, based on PE: true
          • Associated: 00000000.00000002.1274865359.00007FF775F10000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275126150.00007FF77617A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275147767.00007FF77617E000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275173158.00007FF7761A1000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275190336.00007FF7761A7000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275207578.00007FF7761A8000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275223972.00007FF7761A9000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275241129.00007FF7761AB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275257490.00007FF7761AD000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776434000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF77645B000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776462000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776489000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276049563.00007FF776492000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276075284.00007FF776493000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276075284.00007FF776496000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276120553.00007FF776497000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff775f10000_PuTTy.jbxd
          Similarity
          • API ID:
          • String ID: gp.waiting != nilunknown caller pcstack: frame={sp:runtime: nameOff runtime: typeOff runtime: textOff SystemFunction036RegLoadMUIStringW%%!%c(big.Int=%s)invalid BMPStringinvalid IA5Stringinteger too large060102150405Z0700CelestialCodes.exebufio: buffer fullref$selectgo: bad wakeupsemaRoot rotateRightreflect.makeFuncStubdodeltimer0: wrong Ptrace: out of memoryheader line too longGetAdaptersAddressesGetProcessMemoryInfonumber has no digitsx509usefallbackrootsgetCert can't be nilinvalid UTF-8 stringx509: malformed spki
          • API String ID: 0-554060132
          • Opcode ID: 725a3d3a6519a3224e8ae24bbc57bcbc24ed389ddafd4fa98d18ee223ff4febc
          • Instruction ID: d11869a8c7799c86051c896e5cf524c1a160c921dac55d4cbd632ba7a3c82549
          • Opcode Fuzzy Hash: 725a3d3a6519a3224e8ae24bbc57bcbc24ed389ddafd4fa98d18ee223ff4febc
          • Instruction Fuzzy Hash: 85C28A33639BC182E660AF12E8447AAB7A4FB48F80F958536DE9D43799CF78D950C710
          Uniqueness

          Uniqueness Score: -1.00%

          Strings
          • reflectlite.Value.IsNil23283064365386962890625reflect.Value.Interfacereflect.Value.NumMethodCLIENT_TRAFFIC_SECRET_0SERVER_TRAFFIC_SECRET_0QUICEncryptionLevel(%v)unsupported certificateno application protocolmissing protocol schemeinvalid URI for requestunexpec, xrefs: 00007FF775F812CD
          • reflectlite.Value.Type4656612873077392578125unexpected method stepreflect.Value.MapIndex to array with length ECDSAWithP256AndSHA256ECDSAWithP384AndSHA384ECDSAWithP521AndSHA512error decoding messageinappropriate fallback.localhost.localdomainmissing ']' in add, xrefs: 00007FF775F81303
          Memory Dump Source
          • Source File: 00000000.00000002.1274885397.00007FF775F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF775F10000, based on PE: true
          • Associated: 00000000.00000002.1274865359.00007FF775F10000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275126150.00007FF77617A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275147767.00007FF77617E000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275173158.00007FF7761A1000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275190336.00007FF7761A7000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275207578.00007FF7761A8000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275223972.00007FF7761A9000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275241129.00007FF7761AB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275257490.00007FF7761AD000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776434000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF77645B000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776462000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776489000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276049563.00007FF776492000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276075284.00007FF776493000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276075284.00007FF776496000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276120553.00007FF776497000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff775f10000_PuTTy.jbxd
          Similarity
          • API ID:
          • String ID: reflectlite.Value.IsNil23283064365386962890625reflect.Value.Interfacereflect.Value.NumMethodCLIENT_TRAFFIC_SECRET_0SERVER_TRAFFIC_SECRET_0QUICEncryptionLevel(%v)unsupported certificateno application protocolmissing protocol schemeinvalid URI for requestunexpec$reflectlite.Value.Type4656612873077392578125unexpected method stepreflect.Value.MapIndex to array with length ECDSAWithP256AndSHA256ECDSAWithP384AndSHA384ECDSAWithP521AndSHA512error decoding messageinappropriate fallback.localhost.localdomainmissing ']' in add
          • API String ID: 0-4227794735
          • Opcode ID: 87ec6d1f379dc02e1474aaeb05dd4a91c37857505d08e003cc62b9b6cd0cc9d8
          • Instruction ID: 66e059c9273f0c5ebb346fad44bb4b9b86828332086d4d2acd81a5e19d35f357
          • Opcode Fuzzy Hash: 87ec6d1f379dc02e1474aaeb05dd4a91c37857505d08e003cc62b9b6cd0cc9d8
          • Instruction Fuzzy Hash: FBE12C23A3CB8281EA60EB15F8407BAE3A4FB85B80F845535DA8D53759DF3CE455C760
          Uniqueness

          Uniqueness Score: -1.00%

          Strings
          • runtime: inconsistent read deadlinefindrunnable: netpoll with spinningpidleput: P has non-empty run queuetraceback did not unwind completelyruntime: createevent failed; errno=hpack: invalid Huffman-encoded datadynamic table size update too largefile type does , xrefs: 00007FF775F423A6
          • runtime: inconsistent write deadlineUnable to determine system directoryruntime: VirtualQuery failed; errno=runtime: sudog with non-nil waitlinkruntime: mcall called on m->g0 stackstartm: P required for spinning=true) is not Grunnable or Gscanrunnableruntime:, xrefs: 00007FF775F4233D
          Memory Dump Source
          • Source File: 00000000.00000002.1274885397.00007FF775F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF775F10000, based on PE: true
          • Associated: 00000000.00000002.1274865359.00007FF775F10000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275126150.00007FF77617A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275147767.00007FF77617E000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275173158.00007FF7761A1000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275190336.00007FF7761A7000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275207578.00007FF7761A8000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275223972.00007FF7761A9000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275241129.00007FF7761AB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275257490.00007FF7761AD000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776434000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF77645B000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776462000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776489000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276049563.00007FF776492000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276075284.00007FF776493000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276075284.00007FF776496000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276120553.00007FF776497000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff775f10000_PuTTy.jbxd
          Similarity
          • API ID:
          • String ID: runtime: inconsistent read deadlinefindrunnable: netpoll with spinningpidleput: P has non-empty run queuetraceback did not unwind completelyruntime: createevent failed; errno=hpack: invalid Huffman-encoded datadynamic table size update too largefile type does $runtime: inconsistent write deadlineUnable to determine system directoryruntime: VirtualQuery failed; errno=runtime: sudog with non-nil waitlinkruntime: mcall called on m->g0 stackstartm: P required for spinning=true) is not Grunnable or Gscanrunnableruntime:
          • API String ID: 0-3482143090
          • Opcode ID: 7f9658dd036715d155a95de38a340029dffab4eb55e2205875936dedfcd00157
          • Instruction ID: 73c576e675e3e28e1f7d18765366103158b3bec0e0852fd3baf3ffa38941c545
          • Opcode Fuzzy Hash: 7f9658dd036715d155a95de38a340029dffab4eb55e2205875936dedfcd00157
          • Instruction Fuzzy Hash: 1E51D723A3D7C686EA64AB15A44073EEAA0EB85F90F944539EA9E437D5CF3DD4408720
          Uniqueness

          Uniqueness Score: -1.00%

          Strings
          • !"#$%%&&''((()))*++,,,,,------....//////0001123333333333444444444455666677777888888888889999999999::::::;;;;;;;;;;;;;;;;<<<<<<<<<<<<<<<<=====>>>>>>>>>>>??????????@@@@@@@@@@@@@@@@@@@@@@AAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC, xrefs: 00007FF775F5CABA, 00007FF775F5CB9A, 00007FF775F5CCB0, 00007FF775F5CDCC
          Memory Dump Source
          • Source File: 00000000.00000002.1274885397.00007FF775F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF775F10000, based on PE: true
          • Associated: 00000000.00000002.1274865359.00007FF775F10000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275126150.00007FF77617A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275147767.00007FF77617E000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275173158.00007FF7761A1000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275190336.00007FF7761A7000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275207578.00007FF7761A8000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275223972.00007FF7761A9000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275241129.00007FF7761AB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275257490.00007FF7761AD000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776434000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF77645B000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776462000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776489000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276049563.00007FF776492000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276075284.00007FF776493000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276075284.00007FF776496000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276120553.00007FF776497000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff775f10000_PuTTy.jbxd
          Similarity
          • API ID:
          • String ID: !"#$%%&&''((()))*++,,,,,------....//////0001123333333333444444444455666677777888888888889999999999::::::;;;;;;;;;;;;;;;;<<<<<<<<<<<<<<<<=====>>>>>>>>>>>??????????@@@@@@@@@@@@@@@@@@@@@@AAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC
          • API String ID: 0-2911004680
          • Opcode ID: a1e4b5ed7459d7769ad0cf5cd2541a7c7816e00e127db1d888db172f32c8805e
          • Instruction ID: ae4e5c2214c7d217e0a7a12dd803faf1dc4a2d6769646520b138e7d25dc749a2
          • Opcode Fuzzy Hash: a1e4b5ed7459d7769ad0cf5cd2541a7c7816e00e127db1d888db172f32c8805e
          • Instruction Fuzzy Hash: 45F19C63B39AC681EA50AB55E8043B9E665FB44FD0FC80432EA5E43799CF6CE641C760
          Uniqueness

          Uniqueness Score: -1.00%

          Strings
          • invalid length of trace eventruntime: traceback stuck. pc=runtime: impossible type kindruntime.semasleep wait_failedGetVolumeInformationByHandleWcrypto/aes: invalid key size crypto/des: invalid key size crypto/rc4: invalid key size x509: unsupported time forma, xrefs: 00007FF775F67764
          Memory Dump Source
          • Source File: 00000000.00000002.1274885397.00007FF775F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF775F10000, based on PE: true
          • Associated: 00000000.00000002.1274865359.00007FF775F10000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275126150.00007FF77617A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275147767.00007FF77617E000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275173158.00007FF7761A1000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275190336.00007FF7761A7000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275207578.00007FF7761A8000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275223972.00007FF7761A9000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275241129.00007FF7761AB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275257490.00007FF7761AD000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776434000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF77645B000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776462000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776489000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276049563.00007FF776492000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276075284.00007FF776493000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276075284.00007FF776496000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276120553.00007FF776497000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff775f10000_PuTTy.jbxd
          Similarity
          • API ID:
          • String ID: invalid length of trace eventruntime: traceback stuck. pc=runtime: impossible type kindruntime.semasleep wait_failedGetVolumeInformationByHandleWcrypto/aes: invalid key size crypto/des: invalid key size crypto/rc4: invalid key size x509: unsupported time forma
          • API String ID: 0-815402860
          • Opcode ID: d3432b52083acb9b9d0e8f3bca217cab7776fd939ada52c3c48619fa075d97dd
          • Instruction ID: 87f2a264a12987d9dabf80fff940462bbe2fec8aa25457e89913b7afb36bbf3a
          • Opcode Fuzzy Hash: d3432b52083acb9b9d0e8f3bca217cab7776fd939ada52c3c48619fa075d97dd
          • Instruction Fuzzy Hash: 97D1D863A3EACA82EA54AB15D4003BAB761F745F84FA44235EA4E03BD5CF2CD451CB61
          Uniqueness

          Uniqueness Score: -1.00%

          Strings
          • bad summary dataruntime: addr = runtime: base = runtime: head = already; errno=runtime stack:invalid g statuscastogscanstatusbad g transitionschedule: in cgoreflect mismatch untyped locals missing stackmapbad symbol tablenon-Go function not in ranges:inva, xrefs: 00007FF775F3E707
          Memory Dump Source
          • Source File: 00000000.00000002.1274885397.00007FF775F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF775F10000, based on PE: true
          • Associated: 00000000.00000002.1274865359.00007FF775F10000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275126150.00007FF77617A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275147767.00007FF77617E000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275173158.00007FF7761A1000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275190336.00007FF7761A7000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275207578.00007FF7761A8000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275223972.00007FF7761A9000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275241129.00007FF7761AB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275257490.00007FF7761AD000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776434000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF77645B000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776462000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776489000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276049563.00007FF776492000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276075284.00007FF776493000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276075284.00007FF776496000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276120553.00007FF776497000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff775f10000_PuTTy.jbxd
          Similarity
          • API ID:
          • String ID: bad summary dataruntime: addr = runtime: base = runtime: head = already; errno=runtime stack:invalid g statuscastogscanstatusbad g transitionschedule: in cgoreflect mismatch untyped locals missing stackmapbad symbol tablenon-Go function not in ranges:inva
          • API String ID: 0-3699108350
          • Opcode ID: 0e724042f1ade8e1945a8bafde0c706eab917e44d7abe424dba7265bd2f34370
          • Instruction ID: c515d2260c2cf36258819276c44d89830fa525bb63bc628bada5c01bc1ffcd6f
          • Opcode Fuzzy Hash: 0e724042f1ade8e1945a8bafde0c706eab917e44d7abe424dba7265bd2f34370
          • Instruction Fuzzy Hash: A471C2B7A38BC582EA40AB15E4403A9A765FB49FD0F845236EF9D1378ACE3CE445C350
          Uniqueness

          Uniqueness Score: -1.00%

          Strings
          • 00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67, xrefs: 00007FF775F994BB
          Memory Dump Source
          • Source File: 00000000.00000002.1274885397.00007FF775F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF775F10000, based on PE: true
          • Associated: 00000000.00000002.1274865359.00007FF775F10000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275126150.00007FF77617A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275147767.00007FF77617E000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275173158.00007FF7761A1000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275190336.00007FF7761A7000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275207578.00007FF7761A8000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275223972.00007FF7761A9000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275241129.00007FF7761AB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275257490.00007FF7761AD000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776434000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF77645B000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776462000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776489000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276049563.00007FF776492000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276075284.00007FF776493000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276075284.00007FF776496000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276120553.00007FF776497000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff775f10000_PuTTy.jbxd
          Similarity
          • API ID:
          • String ID: 00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67
          • API String ID: 0-3300367623
          • Opcode ID: ee4c63e475626b83de3cf1fc271b516ba106ce23b9766ce50fc09f1396b3406d
          • Instruction ID: 343e2ba24bc56acdeac6988a9245627bf06522ea6590cb3b3ae19ead926c6a99
          • Opcode Fuzzy Hash: ee4c63e475626b83de3cf1fc271b516ba106ce23b9766ce50fc09f1396b3406d
          • Instruction Fuzzy Hash: 65514563B3C9D242EB29AB19960167CE28DAB84F90FD68135C90E877C5CF2DE841C360
          Uniqueness

          Uniqueness Score: -1.00%

          Strings
          • gcing MB, got= ... max=scav ptr ] = (usageinit ms, fault tab= top=[...], fp:bad nsse41sse42ssse3SHA-1P-224P-256P-384P-521ECDSAGreek (at ClassStringFormat[]bytestringBasic CookieacceptcookieexpectoriginserverclosedExpectstatusPragmasocks Lockedactivesocks5C, xrefs: 00007FF775F2B648
          Memory Dump Source
          • Source File: 00000000.00000002.1274885397.00007FF775F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF775F10000, based on PE: true
          • Associated: 00000000.00000002.1274865359.00007FF775F10000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275126150.00007FF77617A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275147767.00007FF77617E000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275173158.00007FF7761A1000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275190336.00007FF7761A7000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275207578.00007FF7761A8000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275223972.00007FF7761A9000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275241129.00007FF7761AB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275257490.00007FF7761AD000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776434000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF77645B000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776462000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776489000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276049563.00007FF776492000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276075284.00007FF776493000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276075284.00007FF776496000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276120553.00007FF776497000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff775f10000_PuTTy.jbxd
          Similarity
          • API ID:
          • String ID: gcing MB, got= ... max=scav ptr ] = (usageinit ms, fault tab= top=[...], fp:bad nsse41sse42ssse3SHA-1P-224P-256P-384P-521ECDSAGreek (at ClassStringFormat[]bytestringBasic CookieacceptcookieexpectoriginserverclosedExpectstatusPragmasocks Lockedactivesocks5C
          • API String ID: 0-3266934206
          • Opcode ID: 6ec9d1a701b784f9699547681ce9a64c7e97a45e1cce1475467bd41f3cd5906d
          • Instruction ID: 6a1025a52a297defdc3f9d71a0d4a94f17a76bb42c6642f08a3eb600bc05bde0
          • Opcode Fuzzy Hash: 6ec9d1a701b784f9699547681ce9a64c7e97a45e1cce1475467bd41f3cd5906d
          • Instruction Fuzzy Hash: 92716333A3DA4285EB44FB22E8852BAA7A0FF49B40FC18136D94D47395DE3DE944C720
          Uniqueness

          Uniqueness Score: -1.00%

          Strings
          • gcmarknewobject called while doing checkmarkactive sweepers found at start of mark phaseno P available, write barriers are forbiddencompileCallback: float results not supportedcannot trace user goroutine on its own stackunsafe.Slice: ptr is nil and len is not , xrefs: 00007FF775F31507
          Memory Dump Source
          • Source File: 00000000.00000002.1274885397.00007FF775F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF775F10000, based on PE: true
          • Associated: 00000000.00000002.1274865359.00007FF775F10000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275126150.00007FF77617A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275147767.00007FF77617E000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275173158.00007FF7761A1000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275190336.00007FF7761A7000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275207578.00007FF7761A8000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275223972.00007FF7761A9000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275241129.00007FF7761AB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275257490.00007FF7761AD000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776434000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF77645B000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776462000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776489000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276049563.00007FF776492000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276075284.00007FF776493000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276075284.00007FF776496000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276120553.00007FF776497000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff775f10000_PuTTy.jbxd
          Similarity
          • API ID:
          • String ID: gcmarknewobject called while doing checkmarkactive sweepers found at start of mark phaseno P available, write barriers are forbiddencompileCallback: float results not supportedcannot trace user goroutine on its own stackunsafe.Slice: ptr is nil and len is not
          • API String ID: 0-3110597650
          • Opcode ID: bbc32f2959b87941c53b4df3a590af4d951a50a148aee1651a1a49c6b1f02b3c
          • Instruction ID: 2e19817f7016d11c73f2f50f440013529f2fdb15afca57a4397b65f77b391f71
          • Opcode Fuzzy Hash: bbc32f2959b87941c53b4df3a590af4d951a50a148aee1651a1a49c6b1f02b3c
          • Instruction Fuzzy Hash: DD21C2A3B25AC946EF05AF15C4403F8AB65E756FC8F899076CE0D07B96CE2CD554C360
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1274885397.00007FF775F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF775F10000, based on PE: true
          • Associated: 00000000.00000002.1274865359.00007FF775F10000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275126150.00007FF77617A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275147767.00007FF77617E000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275173158.00007FF7761A1000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275190336.00007FF7761A7000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275207578.00007FF7761A8000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275223972.00007FF7761A9000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275241129.00007FF7761AB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275257490.00007FF7761AD000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776434000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF77645B000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776462000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776489000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276049563.00007FF776492000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276075284.00007FF776493000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276075284.00007FF776496000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276120553.00007FF776497000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff775f10000_PuTTy.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 339bc034b6991c3a25f8422800448db2eb7af5214e01a553cafb018bf9c7913f
          • Instruction ID: 3c07275f8ea5cde53714f5b0378765e4ace7ab74aca44811c038e7e0b88b42e7
          • Opcode Fuzzy Hash: 339bc034b6991c3a25f8422800448db2eb7af5214e01a553cafb018bf9c7913f
          • Instruction Fuzzy Hash: EF32B223E3C6D182EBA0AB19D40027DA791EB45FD0FD45872FA4D17799DE6CE882D720
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1274885397.00007FF775F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF775F10000, based on PE: true
          • Associated: 00000000.00000002.1274865359.00007FF775F10000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275126150.00007FF77617A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275147767.00007FF77617E000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275173158.00007FF7761A1000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275190336.00007FF7761A7000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275207578.00007FF7761A8000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275223972.00007FF7761A9000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275241129.00007FF7761AB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275257490.00007FF7761AD000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776434000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF77645B000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776462000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776489000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276049563.00007FF776492000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276075284.00007FF776493000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276075284.00007FF776496000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276120553.00007FF776497000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff775f10000_PuTTy.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: bbecaeedc5629b5ff5b2e392d1e5d3e109847af1a087be23edb2d0449953d0df
          • Instruction ID: 5e821a605baad61fbc5212c6b26f6981901efad780619327c61bf3c582db841b
          • Opcode Fuzzy Hash: bbecaeedc5629b5ff5b2e392d1e5d3e109847af1a087be23edb2d0449953d0df
          • Instruction Fuzzy Hash: 4DD1E363F3CAD582EA60AB16A4016BAE665FB85FC4F844031EE4E87B59CF2CD945C710
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1274885397.00007FF775F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF775F10000, based on PE: true
          • Associated: 00000000.00000002.1274865359.00007FF775F10000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275126150.00007FF77617A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275147767.00007FF77617E000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275173158.00007FF7761A1000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275190336.00007FF7761A7000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275207578.00007FF7761A8000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275223972.00007FF7761A9000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275241129.00007FF7761AB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275257490.00007FF7761AD000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776434000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF77645B000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776462000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776489000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276049563.00007FF776492000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276075284.00007FF776493000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276075284.00007FF776496000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276120553.00007FF776497000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff775f10000_PuTTy.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 22c4c12a12138e84b996b6207b1f0ac2c4a6e7940965e9e7061c635f7ad818ff
          • Instruction ID: e9fc1a16e91a0083dfcc89eebc818a1220024cef16da9a4d00538326aaafd15e
          • Opcode Fuzzy Hash: 22c4c12a12138e84b996b6207b1f0ac2c4a6e7940965e9e7061c635f7ad818ff
          • Instruction Fuzzy Hash: F3D151A2B29BC481D660DB56A8407AEE761F789FD0F848136EE8D57B99CF3CD450CB10
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1274885397.00007FF775F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF775F10000, based on PE: true
          • Associated: 00000000.00000002.1274865359.00007FF775F10000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275126150.00007FF77617A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275147767.00007FF77617E000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275173158.00007FF7761A1000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275190336.00007FF7761A7000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275207578.00007FF7761A8000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275223972.00007FF7761A9000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275241129.00007FF7761AB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275257490.00007FF7761AD000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776434000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF77645B000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776462000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776489000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276049563.00007FF776492000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276075284.00007FF776493000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276075284.00007FF776496000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276120553.00007FF776497000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff775f10000_PuTTy.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 4c5026248b10003446996eb36432e0e130507aacc5bfb64b71f910afc2b386e4
          • Instruction ID: 527dde202090eb3e988be1c092228c4241b3d3e14f237286cf2d7c4a24845b10
          • Opcode Fuzzy Hash: 4c5026248b10003446996eb36432e0e130507aacc5bfb64b71f910afc2b386e4
          • Instruction Fuzzy Hash: 4BF15F33A28BC581EAA0AB15E8403BEA7A5FB85F80FD58535EA8D47795CF3DD484C710
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1274885397.00007FF775F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF775F10000, based on PE: true
          • Associated: 00000000.00000002.1274865359.00007FF775F10000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275126150.00007FF77617A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275147767.00007FF77617E000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275173158.00007FF7761A1000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275190336.00007FF7761A7000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275207578.00007FF7761A8000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275223972.00007FF7761A9000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275241129.00007FF7761AB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275257490.00007FF7761AD000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776434000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF77645B000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776462000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776489000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276049563.00007FF776492000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276075284.00007FF776493000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276075284.00007FF776496000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276120553.00007FF776497000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff775f10000_PuTTy.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 9fdb7e4ea6da8f73ae1eec21f4fb049acb096dd70b966ade15acf0e0eb44a4d8
          • Instruction ID: 725771a90a607154030933ca30cc978905c1074536ad51fdff54c6f10583c386
          • Opcode Fuzzy Hash: 9fdb7e4ea6da8f73ae1eec21f4fb049acb096dd70b966ade15acf0e0eb44a4d8
          • Instruction Fuzzy Hash: 65E14C33A39AC585EA60AB25E44036AF765FB85F80FD44836EB8D07B99DF3CD4458B10
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1274885397.00007FF775F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF775F10000, based on PE: true
          • Associated: 00000000.00000002.1274865359.00007FF775F10000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275126150.00007FF77617A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275147767.00007FF77617E000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275173158.00007FF7761A1000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275190336.00007FF7761A7000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275207578.00007FF7761A8000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275223972.00007FF7761A9000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275241129.00007FF7761AB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275257490.00007FF7761AD000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776434000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF77645B000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776462000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776489000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276049563.00007FF776492000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276075284.00007FF776493000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276075284.00007FF776496000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276120553.00007FF776497000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff775f10000_PuTTy.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: d278a68979bdb4e2e12c457c456d8457c7900f727f69271caa071a0e33b01651
          • Instruction ID: 8440095ea7ac4f616cd20b7af977aa87c39cf877eb3731575504616449ff8833
          • Opcode Fuzzy Hash: d278a68979bdb4e2e12c457c456d8457c7900f727f69271caa071a0e33b01651
          • Instruction Fuzzy Hash: CBB13F16D2CFCB50E613677D9403A7667106EF3AC4B41D73ABAC6F16A3DB162A00B532
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1274885397.00007FF775F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF775F10000, based on PE: true
          • Associated: 00000000.00000002.1274865359.00007FF775F10000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275126150.00007FF77617A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275147767.00007FF77617E000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275173158.00007FF7761A1000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275190336.00007FF7761A7000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275207578.00007FF7761A8000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275223972.00007FF7761A9000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275241129.00007FF7761AB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275257490.00007FF7761AD000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776434000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF77645B000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776462000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776489000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276049563.00007FF776492000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276075284.00007FF776493000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276075284.00007FF776496000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276120553.00007FF776497000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff775f10000_PuTTy.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: dc85461f6cdb9452b27dab7e61e7b32e3e14609444ef3c9bd6b40ec0fa363441
          • Instruction ID: 5c4e07469b7e7864b4a5a3bdfc64d09de86f6e3c2e47bc0ec59ef5fdc267b67b
          • Opcode Fuzzy Hash: dc85461f6cdb9452b27dab7e61e7b32e3e14609444ef3c9bd6b40ec0fa363441
          • Instruction Fuzzy Hash: 5C91F673B3D6C286D764AB26A410A7AE7A5FB85FC0F984035EE4D07B49DE3CE5408B50
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1274885397.00007FF775F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF775F10000, based on PE: true
          • Associated: 00000000.00000002.1274865359.00007FF775F10000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275126150.00007FF77617A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275147767.00007FF77617E000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275173158.00007FF7761A1000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275190336.00007FF7761A7000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275207578.00007FF7761A8000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275223972.00007FF7761A9000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275241129.00007FF7761AB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275257490.00007FF7761AD000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776434000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF77645B000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776462000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776489000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276049563.00007FF776492000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276075284.00007FF776493000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276075284.00007FF776496000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276120553.00007FF776497000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff775f10000_PuTTy.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 85cce94ff9d5bcab866fd367d605385e77d3c61c1a8f7f6c173ad607559e20a6
          • Instruction ID: 1a25eb159fcea21ffcb55c82f4d3bd217b39b4bcbf6f171a508c777a27405420
          • Opcode Fuzzy Hash: 85cce94ff9d5bcab866fd367d605385e77d3c61c1a8f7f6c173ad607559e20a6
          • Instruction Fuzzy Hash: 80A15F77A28BC582EB109B15E0802AAB765F789BD4F941236EB9D53B99CF3CD450CB00
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1274885397.00007FF775F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF775F10000, based on PE: true
          • Associated: 00000000.00000002.1274865359.00007FF775F10000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275126150.00007FF77617A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275147767.00007FF77617E000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275173158.00007FF7761A1000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275190336.00007FF7761A7000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275207578.00007FF7761A8000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275223972.00007FF7761A9000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275241129.00007FF7761AB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275257490.00007FF7761AD000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776434000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF77645B000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776462000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776489000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276049563.00007FF776492000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276075284.00007FF776493000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276075284.00007FF776496000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276120553.00007FF776497000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff775f10000_PuTTy.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: e9f3ac7197d4e9825d5509f6ad159fb9ac576d64d30bfd62f49be3ad38db0dc0
          • Instruction ID: f7c16632063d851736f520bd850fe01954404b79b42c9d9378a4a6fd5523ec44
          • Opcode Fuzzy Hash: e9f3ac7197d4e9825d5509f6ad159fb9ac576d64d30bfd62f49be3ad38db0dc0
          • Instruction Fuzzy Hash: E3916E73A28BC582EA509B11E4403AAA762FB85FC0F855136EF9D57B9ACF3CD450C750
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1274885397.00007FF775F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF775F10000, based on PE: true
          • Associated: 00000000.00000002.1274865359.00007FF775F10000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275126150.00007FF77617A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275147767.00007FF77617E000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275173158.00007FF7761A1000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275190336.00007FF7761A7000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275207578.00007FF7761A8000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275223972.00007FF7761A9000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275241129.00007FF7761AB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275257490.00007FF7761AD000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776434000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF77645B000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776462000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776489000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276049563.00007FF776492000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276075284.00007FF776493000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276075284.00007FF776496000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276120553.00007FF776497000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff775f10000_PuTTy.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 13d7459e759ce90b26b23ba6940f4c3405e2c2fc028d5d641444bb7443fc93f9
          • Instruction ID: 1525d0b1fb654e0eb8fa98e26571bbda06b0d6d2b6e97f786eb9718c13bb8d21
          • Opcode Fuzzy Hash: 13d7459e759ce90b26b23ba6940f4c3405e2c2fc028d5d641444bb7443fc93f9
          • Instruction Fuzzy Hash: 2771E57393CBC182EB41AB25A4413BEA7A1EB56FD0F949235EA5D137C5CF3CE4908620
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1274885397.00007FF775F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF775F10000, based on PE: true
          • Associated: 00000000.00000002.1274865359.00007FF775F10000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275126150.00007FF77617A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275147767.00007FF77617E000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275173158.00007FF7761A1000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275190336.00007FF7761A7000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275207578.00007FF7761A8000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275223972.00007FF7761A9000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275241129.00007FF7761AB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275257490.00007FF7761AD000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776434000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF77645B000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776462000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776489000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276049563.00007FF776492000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276075284.00007FF776493000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276075284.00007FF776496000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276120553.00007FF776497000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff775f10000_PuTTy.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 88dcf394d6e4962d838399384e7b09d05d77da2f7414c0e09023e5cb6bbd5b17
          • Instruction ID: cb1d19a1c7b7197395315f5353ae169b3354bbf561ae8d3d32c7ad9a378921d8
          • Opcode Fuzzy Hash: 88dcf394d6e4962d838399384e7b09d05d77da2f7414c0e09023e5cb6bbd5b17
          • Instruction Fuzzy Hash: 5A510A96B26E9641EE049B53952007AF361EB4AFD0798E633CE1D7779CDE3CE4028394
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1274885397.00007FF775F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF775F10000, based on PE: true
          • Associated: 00000000.00000002.1274865359.00007FF775F10000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275126150.00007FF77617A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275147767.00007FF77617E000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275173158.00007FF7761A1000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275190336.00007FF7761A7000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275207578.00007FF7761A8000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275223972.00007FF7761A9000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275241129.00007FF7761AB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275257490.00007FF7761AD000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776434000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF77645B000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776462000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776489000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276049563.00007FF776492000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276075284.00007FF776493000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276075284.00007FF776496000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276120553.00007FF776497000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff775f10000_PuTTy.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: eab0759d33f9c954d454e4eef0761b1b7635eb5f0ccd5bceae82a4de668522ad
          • Instruction ID: 98b9772c210ab9aa49f2d32e8cbdbbeb739d85c7bacbc00c77fe4d2327df82bb
          • Opcode Fuzzy Hash: eab0759d33f9c954d454e4eef0761b1b7635eb5f0ccd5bceae82a4de668522ad
          • Instruction Fuzzy Hash: 9341E633FB8D864AEB10AB3494417B69285DB41B38FCC4B74CF2D472C2EE2DA49595A0
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1274885397.00007FF775F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF775F10000, based on PE: true
          • Associated: 00000000.00000002.1274865359.00007FF775F10000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275126150.00007FF77617A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275147767.00007FF77617E000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275173158.00007FF7761A1000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275190336.00007FF7761A7000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275207578.00007FF7761A8000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275223972.00007FF7761A9000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275241129.00007FF7761AB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275257490.00007FF7761AD000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776434000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF77645B000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776462000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776489000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276049563.00007FF776492000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276075284.00007FF776493000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276075284.00007FF776496000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276120553.00007FF776497000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff775f10000_PuTTy.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: e857e89081123d735b674d3dc7fa2c294a5f02fb70759e9d4ae2afd38b24713a
          • Instruction ID: df6d64b1921b8f044072cc8afec3e8f9cca1b9ac90d1b348665e3de2ca731438
          • Opcode Fuzzy Hash: e857e89081123d735b674d3dc7fa2c294a5f02fb70759e9d4ae2afd38b24713a
          • Instruction Fuzzy Hash: 9751F733A2CBC185D760AB16B84036AE7A5F799BC0F944035EA8D53B59DF3CE455CB10
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1274885397.00007FF775F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF775F10000, based on PE: true
          • Associated: 00000000.00000002.1274865359.00007FF775F10000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275126150.00007FF77617A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275147767.00007FF77617E000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275173158.00007FF7761A1000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275190336.00007FF7761A7000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275207578.00007FF7761A8000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275223972.00007FF7761A9000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275241129.00007FF7761AB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275257490.00007FF7761AD000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776434000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF77645B000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776462000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776489000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276049563.00007FF776492000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276075284.00007FF776493000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276075284.00007FF776496000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276120553.00007FF776497000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff775f10000_PuTTy.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 185c93eb15ac379675bb3d1c424d0a35d84cceed86a6710c9908a0c6410d92e2
          • Instruction ID: a075aa176cbe93ad9301a42ed2d80aa2461b4ee19bdd0c55387f07d654b96750
          • Opcode Fuzzy Hash: 185c93eb15ac379675bb3d1c424d0a35d84cceed86a6710c9908a0c6410d92e2
          • Instruction Fuzzy Hash: 3741C4A3E3FE8649ED07A73A5C51035D2065F92FE0794C731D82F661D9AF1EA5828220
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1274885397.00007FF775F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF775F10000, based on PE: true
          • Associated: 00000000.00000002.1274865359.00007FF775F10000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275126150.00007FF77617A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275147767.00007FF77617E000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275173158.00007FF7761A1000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275190336.00007FF7761A7000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275207578.00007FF7761A8000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275223972.00007FF7761A9000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275241129.00007FF7761AB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275257490.00007FF7761AD000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776434000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF77645B000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776462000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776489000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276049563.00007FF776492000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276075284.00007FF776493000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276075284.00007FF776496000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276120553.00007FF776497000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff775f10000_PuTTy.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 6fb6a6f1c5147f831e0757ed6f0464a371103e568fa0f5e38dfee2e98994634b
          • Instruction ID: 6ecab95f1ddecb42079c77dfda1c6f0d6754469a83b6ce0d710334322c418877
          • Opcode Fuzzy Hash: 6fb6a6f1c5147f831e0757ed6f0464a371103e568fa0f5e38dfee2e98994634b
          • Instruction Fuzzy Hash: F321DAA2E35F450ADA8397395451322C50B5F96BE0F68D332ED1F76796EF28A0D34110
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1274885397.00007FF775F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF775F10000, based on PE: true
          • Associated: 00000000.00000002.1274865359.00007FF775F10000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275126150.00007FF77617A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275147767.00007FF77617E000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275173158.00007FF7761A1000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275190336.00007FF7761A7000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275207578.00007FF7761A8000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275223972.00007FF7761A9000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275241129.00007FF7761AB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275257490.00007FF7761AD000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776434000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF77645B000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776462000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776489000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276049563.00007FF776492000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276075284.00007FF776493000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276075284.00007FF776496000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276120553.00007FF776497000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff775f10000_PuTTy.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 5bdca11814e257034a430d2534bbfcab2f1c991e43e961595fbd7c1472380c71
          • Instruction ID: 231f33136b04552228f15163897644f477c94eefde35fe52a758997e51077394
          • Opcode Fuzzy Hash: 5bdca11814e257034a430d2534bbfcab2f1c991e43e961595fbd7c1472380c71
          • Instruction Fuzzy Hash: 5C219037A28F8581DA00EB21E94117AB760FB4AF80F549632EE9C43755DF3CE191C710
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1274885397.00007FF775F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF775F10000, based on PE: true
          • Associated: 00000000.00000002.1274865359.00007FF775F10000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275126150.00007FF77617A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275147767.00007FF77617E000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275173158.00007FF7761A1000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275190336.00007FF7761A7000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275207578.00007FF7761A8000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275223972.00007FF7761A9000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275241129.00007FF7761AB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275257490.00007FF7761AD000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776434000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF77645B000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776462000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776489000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276049563.00007FF776492000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276075284.00007FF776493000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276075284.00007FF776496000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276120553.00007FF776497000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff775f10000_PuTTy.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 038bd6f38d43a72ad2e9c479e94437e856e042b72c2d015bd7b5c9efb54f6037
          • Instruction ID: 412b61b7737f20f9259258af178e918297f232fa86e09774ea7deebbe1fdbd10
          • Opcode Fuzzy Hash: 038bd6f38d43a72ad2e9c479e94437e856e042b72c2d015bd7b5c9efb54f6037
          • Instruction Fuzzy Hash: 7D214F27A28F85C2DA00EB26E84117AA760FB4AF80F559631EE9C43765DF3CE191C710
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1274885397.00007FF775F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF775F10000, based on PE: true
          • Associated: 00000000.00000002.1274865359.00007FF775F10000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275126150.00007FF77617A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275147767.00007FF77617E000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275173158.00007FF7761A1000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275190336.00007FF7761A7000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275207578.00007FF7761A8000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275223972.00007FF7761A9000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275241129.00007FF7761AB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275257490.00007FF7761AD000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776434000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF77645B000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776462000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776489000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276049563.00007FF776492000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276075284.00007FF776493000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276075284.00007FF776496000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276120553.00007FF776497000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff775f10000_PuTTy.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: dbbc1c96bbdd468078cc8444a61829702d01217f533c6742d30432a3f07eeca7
          • Instruction ID: 0c34700612d1e97924b97893dbb00dc80957a97145fc12952d92e1d138375211
          • Opcode Fuzzy Hash: dbbc1c96bbdd468078cc8444a61829702d01217f533c6742d30432a3f07eeca7
          • Instruction Fuzzy Hash: 72215E37A28F8681DA00EB25E94117AB760FB4AF80F559231EE9C43765DF3DE191C710
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1274885397.00007FF775F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF775F10000, based on PE: true
          • Associated: 00000000.00000002.1274865359.00007FF775F10000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275126150.00007FF77617A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275147767.00007FF77617E000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275173158.00007FF7761A1000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275190336.00007FF7761A7000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275207578.00007FF7761A8000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275223972.00007FF7761A9000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275241129.00007FF7761AB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275257490.00007FF7761AD000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776434000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF77645B000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776462000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776489000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276049563.00007FF776492000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276075284.00007FF776493000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276075284.00007FF776496000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276120553.00007FF776497000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff775f10000_PuTTy.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: aaa42d5b09dd5189d8701183dffaf4957a011b33b993325264e23e112f9fb1b6
          • Instruction ID: d54788f18bf7eb04dbf24a27811719ed343ece400e7550aab81711e909e94407
          • Opcode Fuzzy Hash: aaa42d5b09dd5189d8701183dffaf4957a011b33b993325264e23e112f9fb1b6
          • Instruction Fuzzy Hash: E3216037A28F8581DA00EB26E84517AB760FB4AF80F559632EE9C43759DF3CE191C710
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1274885397.00007FF775F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF775F10000, based on PE: true
          • Associated: 00000000.00000002.1274865359.00007FF775F10000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275126150.00007FF77617A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275147767.00007FF77617E000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275173158.00007FF7761A1000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275190336.00007FF7761A7000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275207578.00007FF7761A8000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275223972.00007FF7761A9000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275241129.00007FF7761AB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275257490.00007FF7761AD000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776434000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF77645B000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776462000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776489000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276049563.00007FF776492000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276075284.00007FF776493000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276075284.00007FF776496000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276120553.00007FF776497000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff775f10000_PuTTy.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 35503efc0b02d980c7fbe89dfde5c9b61a028bf9620ba1989b3b47437324878a
          • Instruction ID: 23f1c8b69dccd3a632da22023992624d26bc7a25aca07e2c2a170ab3d76899f6
          • Opcode Fuzzy Hash: 35503efc0b02d980c7fbe89dfde5c9b61a028bf9620ba1989b3b47437324878a
          • Instruction Fuzzy Hash: ADE0E636714E44C4D6205B2AE8413967324E744BB4F590321EFBC077E4CE3CD2628F44
          Uniqueness

          Uniqueness Score: -1.00%

          Memory Dump Source
          • Source File: 00000000.00000002.1274885397.00007FF775F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF775F10000, based on PE: true
          • Associated: 00000000.00000002.1274865359.00007FF775F10000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275126150.00007FF77617A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275147767.00007FF77617E000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275173158.00007FF7761A1000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275190336.00007FF7761A7000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275207578.00007FF7761A8000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275223972.00007FF7761A9000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275241129.00007FF7761AB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275257490.00007FF7761AD000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776434000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF77645B000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776462000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776489000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276049563.00007FF776492000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276075284.00007FF776493000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276075284.00007FF776496000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276120553.00007FF776497000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff775f10000_PuTTy.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: b74fc2f2e351b5f421c99f3de7163aa5de10e749f766cc8a66bdb76c638101e7
          • Instruction ID: 1d83c73a01f60034fd7d56936c9c9c941327a28a657471666031b07de5c9b19e
          • Opcode Fuzzy Hash: b74fc2f2e351b5f421c99f3de7163aa5de10e749f766cc8a66bdb76c638101e7
          • Instruction Fuzzy Hash: 2AC080E2D3FBC314FB24A304A900335EAC54F85780ED080B0E14C0115C9D6C76408124
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1274885397.00007FF775F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF775F10000, based on PE: true
          • Associated: 00000000.00000002.1274865359.00007FF775F10000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275126150.00007FF77617A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275147767.00007FF77617E000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275173158.00007FF7761A1000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275190336.00007FF7761A7000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275207578.00007FF7761A8000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275223972.00007FF7761A9000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275241129.00007FF7761AB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275257490.00007FF7761AD000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776434000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF77645B000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776462000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776489000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276049563.00007FF776492000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276075284.00007FF776493000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276075284.00007FF776496000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276120553.00007FF776497000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff775f10000_PuTTy.jbxd
          Similarity
          • API ID: QueryVirtual
          • String ID: VirtualProtect failed with code 0x%x$ VirtualQuery failed for %d bytes at address %p$Address %p has no image-section$Mingw-w64 runtime failure:
          • API String ID: 1804819252-1534286854
          • Opcode ID: bd0f74a64fe43e332ce818d5a916ad1fcb08f3da001a19d72ebb284a4c4e8fb9
          • Instruction ID: d83fdedbbb09b6b9268b5e54a3ac3d55e5c3aa4b18cec6eea76bf9a1331db8e6
          • Opcode Fuzzy Hash: bd0f74a64fe43e332ce818d5a916ad1fcb08f3da001a19d72ebb284a4c4e8fb9
          • Instruction Fuzzy Hash: 2351B067B3874685EE10AB51FC45ABBA760BB45B98F848134DE0D07358EE3CE545C710
          Uniqueness

          Uniqueness Score: -1.00%

          APIs
          • VirtualProtect.KERNEL32(00007FF776490B00,00007FFEFE3AADA0,?,?,?,00000001,00007FF775F11261), ref: 00007FF77616EEB5
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1274885397.00007FF775F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF775F10000, based on PE: true
          • Associated: 00000000.00000002.1274865359.00007FF775F10000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275126150.00007FF77617A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275147767.00007FF77617E000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275173158.00007FF7761A1000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275190336.00007FF7761A7000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275207578.00007FF7761A8000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275223972.00007FF7761A9000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275241129.00007FF7761AB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275257490.00007FF7761AD000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776434000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF77645B000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776462000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1275511205.00007FF776489000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276049563.00007FF776492000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276075284.00007FF776493000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276075284.00007FF776496000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.1276120553.00007FF776497000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff775f10000_PuTTy.jbxd
          Similarity
          • API ID: ProtectVirtual
          • String ID: Unknown pseudo relocation bit size %d.$ Unknown pseudo relocation protocol version %d.
          • API String ID: 544645111-395989641
          • Opcode ID: aa1ca11ce625c7ac9b7be97da47ca7e9bf56b908fe6f156aa260d9eb04243716
          • Instruction ID: ad5d86b31b971e1acaff4125e04d2b6e631d15a4c31e13592aa989554af68a37
          • Opcode Fuzzy Hash: aa1ca11ce625c7ac9b7be97da47ca7e9bf56b908fe6f156aa260d9eb04243716
          • Instruction Fuzzy Hash: A661AD6BB3C64286EE10AF11BC4857BE761BB95B98F94C331DA5D0739CEE3DE5408220
          Uniqueness

          Uniqueness Score: -1.00%