Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SecuriteInfo.com.Trojan.WinGo.Agent.10211.5558.exe

Overview

General Information

Sample name:SecuriteInfo.com.Trojan.WinGo.Agent.10211.5558.exe
Analysis ID:1446232
MD5:0313d8be33d8d352e3b7b6a24dd71943
SHA1:59f4008aee2f98560b2155f03cc1da34fd7fa789
SHA256:978aae287c78d11d1e0d76a35d78554b97039a26bf96b21f59de7112f4176a19
Tags:exe
Infos:

Detection

Score:5
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

Contains functionality for execution timing, often used to detect debuggers
Contains functionality to call native functions
Detected potential crypto function
Enables debug privileges
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
PE file contains an invalid checksum
PE file contains more sections than normal
PE file contains sections with non-standard names

Classification

Process Tree

  • System is w10x64
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: SecuriteInfo.com.Trojan.WinGo.Agent.10211.5558.exeStatic PE information: certificate valid
Source: SecuriteInfo.com.Trojan.WinGo.Agent.10211.5558.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.WinGo.Agent.10211.5558.exeCode function: 4x nop then mov r8, 0000800000000000h0_2_00438B20
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.WinGo.Agent.10211.5558.exeCode function: 4x nop then sub rbx, qword ptr [rax+18h]0_2_0042F380
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.WinGo.Agent.10211.5558.exeCode function: 4x nop then mov rsi, r90_2_00439FE0
Source: SecuriteInfo.com.Trojan.WinGo.Agent.10211.5558.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: SecuriteInfo.com.Trojan.WinGo.Agent.10211.5558.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: SecuriteInfo.com.Trojan.WinGo.Agent.10211.5558.exeString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: SecuriteInfo.com.Trojan.WinGo.Agent.10211.5558.exeString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: SecuriteInfo.com.Trojan.WinGo.Agent.10211.5558.exeString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: SecuriteInfo.com.Trojan.WinGo.Agent.10211.5558.exeString found in binary or memory: http://ocsp.digicert.com0
Source: SecuriteInfo.com.Trojan.WinGo.Agent.10211.5558.exeString found in binary or memory: http://ocsp.digicert.com0A
Source: SecuriteInfo.com.Trojan.WinGo.Agent.10211.5558.exeString found in binary or memory: http://www.digicert.com/CPS0
Source: SecuriteInfo.com.Trojan.WinGo.Agent.10211.5558.exeString found in binary or memory: https://www.wangsu.com/product/1810
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.WinGo.Agent.10211.5558.exeCode function: 0_2_00474BC0 SetWaitableTimer,NtWaitForSingleObject,0_2_00474BC0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.WinGo.Agent.10211.5558.exeCode function: 0_2_00474B80 NtWaitForSingleObject,0_2_00474B80
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.WinGo.Agent.10211.5558.exeCode function: 0_2_004358000_2_00435800
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.WinGo.Agent.10211.5558.exeCode function: 0_2_004470000_2_00447000
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.WinGo.Agent.10211.5558.exeCode function: 0_2_004150200_2_00415020
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.WinGo.Agent.10211.5558.exeCode function: 0_2_004330C00_2_004330C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.WinGo.Agent.10211.5558.exeCode function: 0_2_004848C00_2_004848C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.WinGo.Agent.10211.5558.exeCode function: 0_2_0041D8800_2_0041D880
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.WinGo.Agent.10211.5558.exeCode function: 0_2_0044A0800_2_0044A080
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.WinGo.Agent.10211.5558.exeCode function: 0_2_0045C1400_2_0045C140
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.WinGo.Agent.10211.5558.exeCode function: 0_2_004699400_2_00469940
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.WinGo.Agent.10211.5558.exeCode function: 0_2_0047F1400_2_0047F140
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.WinGo.Agent.10211.5558.exeCode function: 0_2_004159000_2_00415900
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.WinGo.Agent.10211.5558.exeCode function: 0_2_004301C00_2_004301C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.WinGo.Agent.10211.5558.exeCode function: 0_2_0041F1E00_2_0041F1E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.WinGo.Agent.10211.5558.exeCode function: 0_2_004161E00_2_004161E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.WinGo.Agent.10211.5558.exeCode function: 0_2_0042F9800_2_0042F980
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.WinGo.Agent.10211.5558.exeCode function: 0_2_004429800_2_00442980
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.WinGo.Agent.10211.5558.exeCode function: 0_2_0045C9800_2_0045C980
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.WinGo.Agent.10211.5558.exeCode function: 0_2_00424A400_2_00424A40
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.WinGo.Agent.10211.5558.exeCode function: 0_2_0044DA400_2_0044DA40
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.WinGo.Agent.10211.5558.exeCode function: 0_2_00452A400_2_00452A40
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.WinGo.Agent.10211.5558.exeCode function: 0_2_004352000_2_00435200
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.WinGo.Agent.10211.5558.exeCode function: 0_2_0046D2000_2_0046D200
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.WinGo.Agent.10211.5558.exeCode function: 0_2_004362E00_2_004362E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.WinGo.Agent.10211.5558.exeCode function: 0_2_0041C2800_2_0041C280
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.WinGo.Agent.10211.5558.exeCode function: 0_2_004823400_2_00482340
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.WinGo.Agent.10211.5558.exeCode function: 0_2_0042CB600_2_0042CB60
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.WinGo.Agent.10211.5558.exeCode function: 0_2_00482B600_2_00482B60
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.WinGo.Agent.10211.5558.exeCode function: 0_2_00438B200_2_00438B20
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.WinGo.Agent.10211.5558.exeCode function: 0_2_0047F3200_2_0047F320
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.WinGo.Agent.10211.5558.exeCode function: 0_2_00422BC00_2_00422BC0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.WinGo.Agent.10211.5558.exeCode function: 0_2_00429BC00_2_00429BC0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.WinGo.Agent.10211.5558.exeCode function: 0_2_004293C00_2_004293C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.WinGo.Agent.10211.5558.exeCode function: 0_2_00425B800_2_00425B80
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.WinGo.Agent.10211.5558.exeCode function: 0_2_0043EB800_2_0043EB80
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.WinGo.Agent.10211.5558.exeCode function: 0_2_0047CB800_2_0047CB80
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.WinGo.Agent.10211.5558.exeCode function: 0_2_0047BC600_2_0047BC60
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.WinGo.Agent.10211.5558.exeCode function: 0_2_00425C050_2_00425C05
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.WinGo.Agent.10211.5558.exeCode function: 0_2_0042D4C00_2_0042D4C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.WinGo.Agent.10211.5558.exeCode function: 0_2_0041CCDC0_2_0041CCDC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.WinGo.Agent.10211.5558.exeCode function: 0_2_00444CE00_2_00444CE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.WinGo.Agent.10211.5558.exeCode function: 0_2_0044F4A00_2_0044F4A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.WinGo.Agent.10211.5558.exeCode function: 0_2_00426D200_2_00426D20
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.WinGo.Agent.10211.5558.exeCode function: 0_2_00432D200_2_00432D20
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.WinGo.Agent.10211.5558.exeCode function: 0_2_0041F5E00_2_0041F5E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.WinGo.Agent.10211.5558.exeCode function: 0_2_0042E5E00_2_0042E5E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.WinGo.Agent.10211.5558.exeCode function: 0_2_00419DA00_2_00419DA0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.WinGo.Agent.10211.5558.exeCode function: 0_2_0046FDA90_2_0046FDA9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.WinGo.Agent.10211.5558.exeCode function: 0_2_00484E200_2_00484E20
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.WinGo.Agent.10211.5558.exeCode function: 0_2_004256E00_2_004256E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.WinGo.Agent.10211.5558.exeCode function: 0_2_00455EE00_2_00455EE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.WinGo.Agent.10211.5558.exeCode function: 0_2_004166800_2_00416680
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.WinGo.Agent.10211.5558.exeCode function: 0_2_00423E800_2_00423E80
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.WinGo.Agent.10211.5558.exeCode function: 0_2_00439FE00_2_00439FE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.WinGo.Agent.10211.5558.exeCode function: 0_2_0047CFE00_2_0047CFE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.WinGo.Agent.10211.5558.exeCode function: 0_2_00429F800_2_00429F80
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.WinGo.Agent.10211.5558.exeCode function: 0_2_00438F800_2_00438F80
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.WinGo.Agent.10211.5558.exeCode function: 0_2_004467800_2_00446780
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.WinGo.Agent.10211.5558.exeCode function: 0_2_0044CFA00_2_0044CFA0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.WinGo.Agent.10211.5558.exeCode function: String function: 00445DC0 appears 481 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.WinGo.Agent.10211.5558.exeCode function: String function: 004475C0 appears 51 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.WinGo.Agent.10211.5558.exeCode function: String function: 00447E40 appears 547 times
Source: SecuriteInfo.com.Trojan.WinGo.Agent.10211.5558.exeStatic PE information: Number of sections : 11 > 10
Source: classification engineClassification label: clean5.winEXE@1/1@0/0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.WinGo.Agent.10211.5558.exeFile created: C:\Users\logJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.WinGo.Agent.10211.5558.exeFile opened: C:\Windows\system32\08cf37e04f1bdb675838ac7928d447fddd6868b31ca70ab35e9de315bf3e68a9AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJump to behavior
Source: SecuriteInfo.com.Trojan.WinGo.Agent.10211.5558.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.WinGo.Agent.10211.5558.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.WinGo.Agent.10211.5558.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.WinGo.Agent.10211.5558.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.WinGo.Agent.10211.5558.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.WinGo.Agent.10211.5558.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.WinGo.Agent.10211.5558.exeSection loaded: umpdc.dllJump to behavior
Source: SecuriteInfo.com.Trojan.WinGo.Agent.10211.5558.exeStatic PE information: certificate valid
Source: SecuriteInfo.com.Trojan.WinGo.Agent.10211.5558.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
Source: SecuriteInfo.com.Trojan.WinGo.Agent.10211.5558.exeStatic file information: File size 3909440 > 1048576
Source: SecuriteInfo.com.Trojan.WinGo.Agent.10211.5558.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x14de00
Source: SecuriteInfo.com.Trojan.WinGo.Agent.10211.5558.exeStatic PE information: Raw size of .data is bigger than: 0x100000 < 0x100600
Source: SecuriteInfo.com.Trojan.WinGo.Agent.10211.5558.exeStatic PE information: Raw size of .rdata is bigger than: 0x100000 < 0x15ae00
Source: SecuriteInfo.com.Trojan.WinGo.Agent.10211.5558.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: SecuriteInfo.com.Trojan.WinGo.Agent.10211.5558.exeStatic PE information: real checksum: 0x3ba7a0 should be: 0x3bb076
Source: SecuriteInfo.com.Trojan.WinGo.Agent.10211.5558.exeStatic PE information: section name: .xdata
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.WinGo.Agent.10211.5558.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.WinGo.Agent.10211.5558.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.WinGo.Agent.10211.5558.exeCode function: 0_2_00472D80 rdtsc 0_2_00472D80
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.WinGo.Agent.10211.5558.exeAPI coverage: 5.3 %
Source: SecuriteInfo.com.Trojan.WinGo.Agent.10211.5558.exe, 00000000.00000002.1499256624.0000025D78B5D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.WinGo.Agent.10211.5558.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.WinGo.Agent.10211.5558.exeCode function: 0_2_00472D80 rdtsc 0_2_00472D80
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.WinGo.Agent.10211.5558.exeProcess token adjusted: DebugJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.WinGo.Agent.10211.5558.exeCode function: 0_2_00411180 Sleep,Sleep,SetUnhandledExceptionFilter,malloc,strlen,malloc,memcpy,_cexit,_initterm,GetStartupInfoA,0_2_00411180
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.WinGo.Agent.10211.5558.exeCode function: 0_2_0081D464 SetUnhandledExceptionFilter,VirtualAlloc,VirtualFree,0_2_0081D464
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.WinGo.Agent.10211.5558.exeCode function: 0_2_0055D5D0 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,0_2_0055D5D0

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
DLL Side-Loading		1
DLL Side-Loading		1
Masquerading		OS Credential Dumping1
System Time Discovery		Remote Services1
Archive Collected Data		1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Deobfuscate/Decode Files or Information		LSASS Memory11
Security Software Discovery		Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
DLL Side-Loading		Security Account Manager1
Process Discovery		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook2
Obfuscated Files or Information		NTDS2
System Information Discovery		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
SecuriteInfo.com.Trojan.WinGo.Agent.10211.5558.exe12%ReversingLabs

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://www.wangsu.com/product/18100%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
https://www.wangsu.com/product/1810SecuriteInfo.com.Trojan.WinGo.Agent.10211.5558.exefalse
  • Avira URL Cloud: safe
unknown

World Map of Contacted IPs

No contacted IP infos

General Information

Joe Sandbox version:40.0.0 Tourmaline
Analysis ID:1446232
Start date and time:2024-05-23 01:30:16 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 3m 9s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:default.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:2
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Sample name:SecuriteInfo.com.Trojan.WinGo.Agent.10211.5558.exe
Detection:CLEAN
Classification:clean5.winEXE@1/1@0/0
EGA Information:
  • Successful, ratio: 100%
HCA Information:
  • Successful, ratio: 71%
  • Number of executed functions: 2
  • Number of non-executed functions: 66
Cookbook Comments:
  • Found application associated with file extension: .exe
  • Stop behavior analysis, all processes terminated

Warnings

  • Exclude process from analysis (whitelisted): dllhost.exe
  • VT rate limit hit for: SecuriteInfo.com.Trojan.WinGo.Agent.10211.5558.exe

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASNs

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

C:\Users\log\securelink_securebox.log.0

Download File
Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.WinGo.Agent.10211.5558.exe
File Type:ASCII text
Category:dropped
Size (bytes):694
Entropy (8bit):5.201870619894299
Encrypted:false
SSDEEP:12:oz5j8ODlbKKp5Ldc52y1ST5DnHk5/Vc5X7GXp5H0X/hXyk5TITC7btDFBkG43D:oz1G8FKAy4T1EDcp7G5tC5S2FbkGyD
MD5:A11BDFC7C72B6174B86B69BD5AFC252C
SHA1:4583E0238DD39BECA1EF0A316A268527DF8BF25B
SHA-256:3D6EE977C68EC0DE5836E55709DFBDFDF28C3962701180BF3DCEE5FE379FEE07
SHA-512:5B9AD7946B2C5A3522033384BA2F072601BEAEC9F2CC621690D0D58A07F7D29667EC0E546F9E30B5222E3AE9E02F865348DE00C5937EA8239FE0571E8CD3F487
Malicious:false
Reputation:low
Preview:[2024/05/22 19:31:36] (main.go:94) [I] SecureLink_Securebox version: 2.97.1-613 .[2024/05/22 19:31:36] (main.go:95) [I] system type: windows .[2024/05/22 19:31:36] (main.go:96) [I] system version: Windows 10 Pro(AMD64) .[2024/05/22 19:31:36] (main.go:97) [I] arch: AMD64 .[2024/05/22 19:31:36] (main.go:98) [I] time: 1716420696 .[2024/05/22 19:31:36] (main.go:99) [I] go version: go1.17.3 .[2024/05/22 19:31:36] (main.go:100) [I] Git Info:Branch:HEAD,CommitID:6ab5d676f3e06f1e.[2024/05/22 19:31:36] (main.go:102) [I] boottime: 2024-05-22 17:56:09 .[2024/05/22 19:31:36] (securebox_windows.go:97) [F] Securebox instance load WsSecBoxCoreDll failed: The specified module could not be found..

Static File Info

General

File type:PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
Entropy (8bit):5.584191090725657
TrID:
  • Win64 Executable (generic) (12005/4) 74.95%
  • Generic Win/DOS Executable (2004/3) 12.51%
  • DOS Executable Generic (2002/1) 12.50%
  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.04%
File name:SecuriteInfo.com.Trojan.WinGo.Agent.10211.5558.exe
File size:3'909'440 bytes
MD5:0313d8be33d8d352e3b7b6a24dd71943
SHA1:59f4008aee2f98560b2155f03cc1da34fd7fa789
SHA256:978aae287c78d11d1e0d76a35d78554b97039a26bf96b21f59de7112f4176a19
SHA512:11e4928df8aee585dea7b14717b8e55c30a290354a192c13646b82945253221ca723d8d81b5087eeb215c852457c240198671e9005867992c4a3fe7302c7a5c6
SSDEEP:98304:5fg6btywSSvRky24I/sQQQQQQQQQQQQQ0:K/r4n
TLSH:19066B03FC9144E5C4ABD230C966D6927A3078A8273123D37B62A6B52F73BD46EBD354
File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.....$e......................;...............@...............................A.......;...`... ............................

File Icon

Icon Hash:00928e8e8686b000

Static PE Info

General

Entrypoint:0x4014b0
Entrypoint Section:.text
Digitally signed:true
Imagebase:0x400000
Subsystem:windows gui
Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, DEBUG_STRIPPED
DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:0x6524AFF3 [Tue Oct 10 01:59:15 2023 UTC]
TLS Callbacks:0x54d7e0
CLR (.Net) Version:
OS Version Major:6
OS Version Minor:1
File Version Major:6
File Version Minor:1
Subsystem Version Major:6
Subsystem Version Minor:1
Import Hash:db8c0fee07d969271eb17bc24dbc27b5

Authenticode Signature

Signature Valid:true
Signature Issuer:CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O="DigiCert, Inc.", C=US
Signature Validation Error:The operation completed successfully
Error Number:0
Not Before, Not After
  • 18/05/2022 02:00:00 14/06/2024 01:59:59
Subject Chain
  • CN="Wangsu\xa0Science\xa0&\xa0Technology\xa0Co.,\xa0Ltd.", O="Wangsu\xa0Science\xa0&\xa0Technology\xa0Co.,\xa0Ltd.", S=shanghai, C=CN
Version:3
Thumbprint MD5:590D3391BD8A1DBA7B3374BAAF0ED936
Thumbprint SHA-1:D7111BAD09CB3D054CD0D59E89B9AAFA091DFAA7
Thumbprint SHA-256:B8E436C63EDB1EB080715015365926DAD5EFD198DE55527E31055D2EF0611F8C
Serial:0CEA6CFB9B4BBC7160C7363874F6C4F4

Entrypoint Preview

Instruction
dec eax
sub esp, 28h
dec eax
mov eax, dword ptr [003A9625h]
mov dword ptr [eax], 00000001h
call 00007FF22CDC90CFh
call 00007FF22CC7CC7Ah
nop
nop
dec eax
add esp, 28h
ret
nop dword ptr [eax+00h]
nop word ptr [eax+eax+00000000h]
dec eax
sub esp, 28h
dec eax
mov eax, dword ptr [003A95F5h]
mov dword ptr [eax], 00000000h
call 00007FF22CDC909Fh
call 00007FF22CC7CC4Ah
nop
nop
dec eax
add esp, 28h
ret
nop dword ptr [eax+00h]
nop word ptr [eax+eax+00000000h]
dec eax
sub esp, 28h
call 00007FF22CDCA69Ch
dec eax
test eax, eax
sete al
movzx eax, al
neg eax
dec eax
add esp, 28h
ret
nop
nop
nop
nop
nop
nop
nop
dec eax
lea ecx, dword ptr [00000009h]
jmp 00007FF22CC7CF99h
nop dword ptr [eax+00h]
ret
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop word ptr [eax+eax+00000000h]
nop word ptr [eax+eax+00h]
jmp dword ptr [eax]
inc edi
outsd
and byte ptr [edx+75h], ah
imul ebp, dword ptr [esp+20h], 203A4449h
and dl, byte ptr [esi+33h]
dec edx
push ebx
sub eax, 00513876h

Data Directories

NameVirtual AddressVirtual Size Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT0x40c0000x4e.edata
IMAGE_DIRECTORY_ENTRY_IMPORT0x40d0000xd4c.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
IMAGE_DIRECTORY_ENTRY_EXCEPTION0x3ab0000x300.pdata
IMAGE_DIRECTORY_ENTRY_SECURITY0x3b96000x1140.bss
IMAGE_DIRECTORY_ENTRY_BASERELOC0x4100000xe36c.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
IMAGE_DIRECTORY_ENTRY_TLS0x3aa6e00x28.rdata
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
IMAGE_DIRECTORY_ENTRY_IAT0x40d3040x2c8.idata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

Sections

NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
.text0x10000x14dd600x14de0005d57c574fefc1e2f339817dccb4cf65False0.44141794973792586data6.215356455158111IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.data0x14f0000x1005c00x100600ade33e860d6dead6835920ed9c3b3ec1False0.28023296562652367data3.4007899550710485IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rdata0x2500000x15ad300x15ae00b2efb4489b7ce10720a2d171acbe4fbfFalse0.3692314189189189data5.342765173294378IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ
.pdata0x3ab0000x3000x4002ef3a5d47fdacddf18b3e053485a1bf4False0.416015625data3.841408555962239IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ
.xdata0x3ac0000x25c0x400e16675b6b76b252fea9415cea39fef8bFalse0.255859375data2.7301948013686044IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ
.bss0x3ad0000x5e9040x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.edata0x40c0000x4e0x200965253207f2cd70ff780c459855b3c9fFalse0.146484375data0.9167983329625411IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ
.idata0x40d0000xd4c0xe00cb5cf454248277886544e954dd3eca3aFalse0.32700892857142855data4.334054545283628IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.CRT0x40e0000x680x200db3b3fa75c41855de5bd00aad4c988c6False0.076171875data0.2804011676589459IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.tls0x40f0000x100x200bf619eac0cdf3f68d496ea9344137e8bFalse0.02734375data0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.reloc0x4100000xe36c0xe400131713bb1dbca38dbfeedcb307048e57False0.2692399945175439data5.451910033479595IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Imports

DLLImport
KERNEL32.dllAddVectoredExceptionHandler, CloseHandle, CreateEventA, CreateFileA, CreateIoCompletionPort, CreateThread, CreateWaitableTimerExW, DeleteCriticalSection, DuplicateHandle, EnterCriticalSection, ExitProcess, FreeEnvironmentStringsW, GetConsoleMode, GetCurrentProcess, GetCurrentProcessId, GetCurrentThreadId, GetEnvironmentStringsW, GetLastError, GetProcAddress, GetProcessAffinityMask, GetQueuedCompletionStatusEx, GetStartupInfoA, GetStdHandle, GetSystemDirectoryA, GetSystemInfo, GetSystemTimeAsFileTime, GetThreadContext, GetTickCount, InitializeCriticalSection, LeaveCriticalSection, LoadLibraryA, LoadLibraryW, PostQueuedCompletionStatus, QueryPerformanceCounter, ResumeThread, RtlAddFunctionTable, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, SetConsoleCtrlHandler, SetErrorMode, SetEvent, SetProcessPriorityBoost, SetThreadContext, SetUnhandledExceptionFilter, SetWaitableTimer, Sleep, SuspendThread, SwitchToThread, TerminateProcess, TlsGetValue, UnhandledExceptionFilter, VirtualAlloc, VirtualFree, VirtualProtect, VirtualQuery, WaitForMultipleObjects, WaitForSingleObject, WriteConsoleW, WriteFile, __C_specific_handler
msvcrt.dll__getmainargs, __initenv, __iob_func, __lconv_init, __set_app_type, __setusermatherr, _acmdln, _amsg_exit, _beginthread, _cexit, _errno, _fmode, _initterm, _onexit, abort, calloc, exit, fprintf, free, fwrite, malloc, memcpy, signal, strlen, strncmp, vfprintf

Exports

NameOrdinalAddress
_cgo_dummy_export10x80b8f0

Network Behavior

No network behavior found

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

System Behavior

General

Target ID:0
Start time:19:31:36
Start date:22/05/2024
Path:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.WinGo.Agent.10211.5558.exe
Wow64 process (32bit):false
Commandline:"C:\Users\user\Desktop\SecuriteInfo.com.Trojan.WinGo.Agent.10211.5558.exe"
Imagebase:0x410000
File size:3'909'440 bytes
MD5 hash:0313D8BE33D8D352E3B7B6A24DD71943
Has elevated privileges:true
Has administrator privileges:true
Programmed in:Go lang
Reputation:low
Has exited:true

Disassembly

Reset < >

    Execution Graph

    Execution Coverage:0.1%
    Dynamic/Decrypted Code Coverage:0%
    Signature Coverage:25%
    Total number of Nodes:8
    Total number of Limit Nodes:1
    execution_graph 39426 442760 39427 442766 39426->39427 39427->39426 39428 442799 39427->39428 39430 474bc0 SetWaitableTimer 39427->39430 39431 474c41 39430->39431 39431->39428 39432 474720 39433 474759 VirtualAlloc 39432->39433 39434 474748 39432->39434 39434->39433

    Executed Functions

    Function 00474BC0 Relevance: 1.5, APIs: 1, Instructions: 27timeCOMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 0 474bc0-474c38 SetWaitableTimer 1 474c41-474c4a 0->1
    APIs
    • SetWaitableTimer.KERNELBASE ref: 00474C23
    Memory Dump Source
    • Source File: 00000000.00000002.1491953205.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
    • Associated: 00000000.00000002.1491897069.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492053005.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000568000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000059A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005B6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005D6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005F6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000602000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000610000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000622000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492852298.0000000000626000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492866092.0000000000629000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493520914.000000000062F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493536412.0000000000631000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000649000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000652000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000656000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000659000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000065C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494465228.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007BD000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007E7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007EE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000815000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000818000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494907083.000000000081D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1495023982.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_410000_SecuriteInfo.jbxd
    Similarity
    • API ID: TimerWaitable
    • String ID:
    • API String ID: 1823812067-0
    • Opcode ID: 2e8538dc62a670cc9c85be178c5e5c360367c2cc6471a3e7ae808cc936f0842b
    • Instruction ID: c1e45acc564f7497e6050d7e55d75485a5bcdac03d10b6a01d94a9a30b514bcd
    • Opcode Fuzzy Hash: 2e8538dc62a670cc9c85be178c5e5c360367c2cc6471a3e7ae808cc936f0842b
    • Instruction Fuzzy Hash: 3801F976615F8085DB508B46F89034A7364F3C8FE4F141222EEAD8B7A4CF3DC1228B40
    Function 00474720 Relevance: 1.3, APIs: 1, Instructions: 33memoryCOMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 2 474720-474746 3 474759-47479f VirtualAlloc 2->3 4 474748-47474b 2->4 5 47474f-474756 4->5 6 47474d 4->6 5->3 6->5
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1491953205.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
    • Associated: 00000000.00000002.1491897069.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492053005.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000568000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000059A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005B6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005D6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005F6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000602000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000610000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000622000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492852298.0000000000626000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492866092.0000000000629000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493520914.000000000062F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493536412.0000000000631000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000649000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000652000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000656000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000659000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000065C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494465228.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007BD000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007E7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007EE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000815000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000818000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494907083.000000000081D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1495023982.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_410000_SecuriteInfo.jbxd
    Similarity
    • API ID: AllocVirtual
    • String ID:
    • API String ID: 4275171209-0
    • Opcode ID: ec32adce0cd5bc8520c12415e3187a795f8d14d15a33849337bdff7cc2047cae
    • Instruction ID: 9f5f15976cde115a7c53e6b31c6c5543c72bc478648a3221972e4cac0356dc45
    • Opcode Fuzzy Hash: ec32adce0cd5bc8520c12415e3187a795f8d14d15a33849337bdff7cc2047cae
    • Instruction Fuzzy Hash: 9AF049B6A11B8082EB24CB2EE94132D7370F749BE4F248216CF5D63B24CB39E592C340

    Non-executed Functions

    Function 00429F80 Relevance: 18.1, Strings: 14, Instructions: 642COMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 410 429f80-429f8c 411 429f92-429fc3 410->411 412 42ac86-42ac97 call 470c80 410->412 414 429fc5-429fca 411->414 415 429fcc-429fcf 411->415 412->410 417 429fd2-429fe3 414->417 415->417 418 429fe5-429fea 417->418 419 429fec 417->419 420 429ff3-42a067 call 474c80 418->420 419->420 423 42a079-42a080 call 473020 420->423 424 42a069-42a077 420->424 426 42a085-42a16c call 44a080 call 470b40 * 2 call 44a080 423->426 424->426 435 42a187-42a1a1 426->435 436 42a16e-42a182 call 463740 426->436 438 42a1a3-42a1ae 435->438 439 42a1b0-42a1ba call 473020 435->439 436->435 440 42a1bf-42a1c6 438->440 439->440 442 42ac6f-42ac85 call 445dc0 440->442 443 42a1cc-42a283 call 4301c0 call 474c80 call 474ce0 440->443 442->412 452 42a2a0-42a2a4 443->452 453 42a285-42a296 443->453 455 42a2a6-42a2c7 452->455 456 42a30e-42a311 452->456 454 42a341-42a43d 453->454 457 42a445-42a519 call 41b5c0 call 44e200 call 41b7e0 call 43c140 call 470b40 call 43c1c0 call 434c60 call 470b40 * 2 454->457 458 42a43f 454->458 459 42a2d6-42a30c 455->459 460 42a2c9-42a2d4 455->460 461 42a314-42a326 456->461 483 42a64a-42a651 457->483 484 42a51f-42a538 457->484 458->457 459->461 460->461 463 42ac65-42ac6a call 4733c0 461->463 464 42a32c-42a33c 461->464 463->442 464->454 485 42a6b2-42a6f1 call 4578c0 * 2 483->485 486 42a653-42a6b0 call 447540 483->486 487 42a547 484->487 488 42a53a-42a545 484->488 504 42a6f3-42a6fb 485->504 505 42a705-42a714 485->505 495 42a718-42a71c 486->495 491 42a549-42a54b 487->491 488->491 491->483 494 42a551-42a559 491->494 494->483 497 42a55f-42a645 call 447540 call 447e40 call 447b40 call 447e40 call 447b40 call 447e40 call 447b40 call 447e40 call 447840 call 447e40 call 4475c0 494->497 500 42a726-42a74b 495->500 501 42a71e-42a724 495->501 497->483 502 42a751-42a765 500->502 503 42ac58-42ac60 call 4733a0 500->503 501->500 507 42a775-42a779 501->507 508 42a767-42a773 502->508 509 42a715 502->509 503->463 504->505 512 42a6fd 504->512 510 42ac4e-42ac53 call 4733a0 507->510 511 42a77f-42a8a9 call 45cfe0 call 447540 call 447e40 call 447b40 call 447e40 * 3 call 447c40 call 447e40 call 4475c0 507->511 508->509 509->495 510->503 554 42a918-42a91c 511->554 512->505 555 42a96a-42aa00 call 447540 call 447e40 call 4475c0 554->555 556 42a91e-42a933 554->556 575 42aa62-42aa66 555->575 557 42a8ab-42a913 call 42bc80 call 45cfe0 call 447540 call 447e40 call 4475c0 556->557 558 42a939-42a965 call 447540 call 447e40 call 4475c0 556->558 557->554 558->557 578 42aaea-42abf1 call 447540 call 447e40 call 447b40 call 447e40 call 447b40 call 447e40 call 447b40 call 447e40 call 447b40 call 447e40 call 447c40 call 447e40 call 4475c0 575->578 579 42aa6c-42aa84 575->579 637 42abf3-42ac09 call 447540 call 447e40 call 4475c0 578->637 638 42ac0e-42ac35 call 447540 call 4477a0 call 4475c0 578->638 581 42aa86-42aa8a 579->581 582 42aa8c-42aaaf call 447540 call 447e40 call 4475c0 579->582 581->582 585 42aab4-42aab7 581->585 592 42aa02-42aa5e call 42bc80 call 45cfe0 call 447540 call 447e40 call 4475c0 582->592 585->592 593 42aabd-42aae5 call 447540 call 447e40 call 4475c0 585->593 592->575 593->592 637->638 638->485 650 42ac3b-42ac49 call 41b7e0 638->650 650->485
    Strings
    • DDD, xrefs: 0042A1CC
    • pacer: sweep done at heap size pattern contains path separatorreflect.MakeSlice: negative capreflect.MakeSlice: negative lenreflect: Len of non-array type resetspinning: not a spinning mruntime: cannot allocate memoryruntime: failed to commit pagesruntime: spl, xrefs: 0042A5A5
    • pages at runqsize= runqueue= s.base()= spinning= stopwait= sweepgen sweepgen= targetpc= throwing= until pc=%!Weekday(, bound = , limit = /dev/stdin12207031256103515625: parsing AdditionalBad varintBaltic RimCCSID00858CCSID01140CCSID01141CCSID01142CCSID01143, xrefs: 0042A612
    • ., xrefs: 0042A767
    • ms cpu, not in [ of type runtime= s.limit= s.state= threads= u_a/u_g= unmarked wbuf1.n= wbuf2.n=%02d:%02d(unknown), newval=, oldval=, plugin:, size = , tail = 244140625: status=AuthorityBassa_VahBhaiksukiC:.*\.infClassINETCuneiformDiacriticEditionIDFindClos, xrefs: 0042AB34
    • (forced) -> node= blocked= defersc= in use) lockedg= lockedm= m->curg= marked ms cpu, not in [ of type runtime= s.limit= s.state= threads= u_a/u_g= unmarked wbuf1.n= wbuf2.n=%02d:%02d(unknown), newval=, oldval=, plugin:, size = , tail = 244140625: status, xrefs: 0042ABF8
    • gc done but gcphase != _GCoffgfput: bad status (not Gdead)integer not minimally-encodedinvalid character class rangeinvalid length of trace eventio: read/write on closed pipemachine is not on the networkneed padding in bucket (elem)no XENIX semaphores availabl, xrefs: 0042AC6F
    • MB during sweep; swept Marquesas Standard TimeMauritius Standard TimeNoncharacter_Code_PointQueryServiceLockStatusWQyzylorda Standard TimeSafeArrayCreateVectorExSetEnvironmentVariableWSetInformationJobObjectSetProcessPriorityBoostSingapore Standard TimeSri Lan, xrefs: 0042A5F4
    • MB; allocated MakeAbsoluteSDModule32FirstWNetUserGetInfoOpenSCManagerWOther_ID_StartPattern_SyntaxPdhAddCounterWProcess32NextWQuotation_MarkRCodeNameErrorRegSetValueExWSbox EVENT: %sSetConsoleModeSetFilePointerSetThreadTokenSysAllocStringTranslateNameWVirtualP, xrefs: 0042A5C7
    • MB, W_a= and cnt= h_a= h_g= h_t= max= ms, ptr siz= tab= top= u_a= u_g=%s:%d+0330+0430+0530+0545+0630+0845+1030+1245+1345, fp:-09301.0.01562578125<nil>AEligASCIIAcircAdlamAlphaAprilAringBamumBatakBuhidCP273CP280CP284CP285CP500CP868CP870CP871CP918Call Delta, xrefs: 0042AB9A
    • ms clock, nBSSRoots= p->status= s.nelems= schedtick= span.list= timerslen=, elemsize=, npages = /dev/stderr/dev/stdout30517578125: frame.sp=BLAKE2b-256BLAKE2b-384BLAKE2b-512BLAKE2s-256ClassHESIODCloseHandleCoGetObjectCreateFileWDEVICE INFODeleteFileWDives_A, xrefs: 0042A96F
    • gcinggreekgscanhchanhttpsicirciexclimageimap2imap3imapsinet4inet6infininit int16int32int64kappalaquolceilldquolientlsquomaccemaccymacgrmactrmdashmheapmicrominusmkdirmonthnablandashnotinntohsocircoeligolineomegaopluspanicpop3spoundprimeradicraquorceilrdquoreqId, xrefs: 0042A069, 0042A079
    • pages/byte preemptoff= s.elemsize= s.sweepgen= span.limit= span.state= sysmonwait= wbuf1=<nil> wbuf2=<nil>) p->status=-byte limit.probeStat.0152587890625762939453125AllocConsoleBidi_ControlCoCreateGuidCoInitializeCreateEventWCreateMutexWCurrentBuildEBCDIC-C, xrefs: 0042A633
    • %: %s%v '"'): +00+01+03+04+05+06+07+08+09+10+11+12+13+14-01-02-03-04-05-06-08-09-11-12...125273277278280284285297420437625838850851852855857860861862863865866868869871875916922970: `???ADTASTAprAugBSTCATCDTCETCSTChiDecDltEATEDTEETEOFESTETHEtaFebFriGBKGMTGUIHD, xrefs: 0042A845
    Memory Dump Source
    • Source File: 00000000.00000002.1491953205.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
    • Associated: 00000000.00000002.1491897069.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492053005.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000568000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000059A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005B6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005D6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005F6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000602000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000610000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000622000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492852298.0000000000626000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492866092.0000000000629000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493520914.000000000062F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493536412.0000000000631000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000649000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000652000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000656000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000659000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000065C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494465228.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007BD000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007E7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007EE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000815000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000818000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494907083.000000000081D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1495023982.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_410000_SecuriteInfo.jbxd
    Similarity
    • API ID:
    • String ID: (forced) -> node= blocked= defersc= in use) lockedg= lockedm= m->curg= marked ms cpu, not in [ of type runtime= s.limit= s.state= threads= u_a/u_g= unmarked wbuf1.n= wbuf2.n=%02d:%02d(unknown), newval=, oldval=, plugin:, size = , tail = 244140625: status$ MB, W_a= and cnt= h_a= h_g= h_t= max= ms, ptr siz= tab= top= u_a= u_g=%s:%d+0330+0430+0530+0545+0630+0845+1030+1245+1345, fp:-09301.0.01562578125<nil>AEligASCIIAcircAdlamAlphaAprilAringBamumBatakBuhidCP273CP280CP284CP285CP500CP868CP870CP871CP918Call Delta$ ms clock, nBSSRoots= p->status= s.nelems= schedtick= span.list= timerslen=, elemsize=, npages = /dev/stderr/dev/stdout30517578125: frame.sp=BLAKE2b-256BLAKE2b-384BLAKE2b-512BLAKE2s-256ClassHESIODCloseHandleCoGetObjectCreateFileWDEVICE INFODeleteFileWDives_A$ ms cpu, not in [ of type runtime= s.limit= s.state= threads= u_a/u_g= unmarked wbuf1.n= wbuf2.n=%02d:%02d(unknown), newval=, oldval=, plugin:, size = , tail = 244140625: status=AuthorityBassa_VahBhaiksukiC:.*\.infClassINETCuneiformDiacriticEditionIDFindClos$ pages at runqsize= runqueue= s.base()= spinning= stopwait= sweepgen sweepgen= targetpc= throwing= until pc=%!Weekday(, bound = , limit = /dev/stdin12207031256103515625: parsing AdditionalBad varintBaltic RimCCSID00858CCSID01140CCSID01141CCSID01142CCSID01143$ pages/byte preemptoff= s.elemsize= s.sweepgen= span.limit= span.state= sysmonwait= wbuf1=<nil> wbuf2=<nil>) p->status=-byte limit.probeStat.0152587890625762939453125AllocConsoleBidi_ControlCoCreateGuidCoInitializeCreateEventWCreateMutexWCurrentBuildEBCDIC-C$%: %s%v '"'): +00+01+03+04+05+06+07+08+09+10+11+12+13+14-01-02-03-04-05-06-08-09-11-12...125273277278280284285297420437625838850851852855857860861862863865866868869871875916922970: `???ADTASTAprAugBSTCATCDTCETCSTChiDecDltEATEDTEETEOFESTETHEtaFebFriGBKGMTGUIHD$.$DDD$MB during sweep; swept Marquesas Standard TimeMauritius Standard TimeNoncharacter_Code_PointQueryServiceLockStatusWQyzylorda Standard TimeSafeArrayCreateVectorExSetEnvironmentVariableWSetInformationJobObjectSetProcessPriorityBoostSingapore Standard TimeSri Lan$MB; allocated MakeAbsoluteSDModule32FirstWNetUserGetInfoOpenSCManagerWOther_ID_StartPattern_SyntaxPdhAddCounterWProcess32NextWQuotation_MarkRCodeNameErrorRegSetValueExWSbox EVENT: %sSetConsoleModeSetFilePointerSetThreadTokenSysAllocStringTranslateNameWVirtualP$gc done but gcphase != _GCoffgfput: bad status (not Gdead)integer not minimally-encodedinvalid character class rangeinvalid length of trace eventio: read/write on closed pipemachine is not on the networkneed padding in bucket (elem)no XENIX semaphores availabl$gcinggreekgscanhchanhttpsicirciexclimageimap2imap3imapsinet4inet6infininit int16int32int64kappalaquolceilldquolientlsquomaccemaccymacgrmactrmdashmheapmicrominusmkdirmonthnablandashnotinntohsocircoeligolineomegaopluspanicpop3spoundprimeradicraquorceilrdquoreqId$pacer: sweep done at heap size pattern contains path separatorreflect.MakeSlice: negative capreflect.MakeSlice: negative lenreflect: Len of non-array type resetspinning: not a spinning mruntime: cannot allocate memoryruntime: failed to commit pagesruntime: spl
    • API String ID: 0-2358842520
    • Opcode ID: 2f138b02efc6cd88e13d8d272a925041e7f0b7880fddf278de6723e7854a6517
    • Instruction ID: 2f387b512cda84f6c4bb41e1cb0dd073c5996d3e125ec6b0cb00c4eb4612f748
    • Opcode Fuzzy Hash: 2f138b02efc6cd88e13d8d272a925041e7f0b7880fddf278de6723e7854a6517
    • Instruction Fuzzy Hash: A9628E31708B9086EB10DB25F84539AB369FB89794F84912BDE8C17B66DF3CC496C705
    Function 00438F80 Relevance: 15.6, Strings: 12, Instructions: 553COMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 1166 438f80-438f8c 1167 438f92-439017 1166->1167 1168 439b46-439b60 call 470c80 1166->1168 1170 439040-439044 1167->1170 1168->1166 1172 43904a-439094 1170->1172 1173 439158-439167 1170->1173 1176 43909a-4390a3 1172->1176 1177 439b38-439b45 call 473420 1172->1177 1174 4393da-4393e2 call 4733c0 1173->1174 1175 43916d-439198 call 43b840 1173->1175 1186 4393e7-4393f7 1174->1186 1189 439241-439263 1175->1189 1190 43919e-439240 call 438ea0 1175->1190 1181 439b30-439b33 call 473460 1176->1181 1182 4390a9-439117 1176->1182 1177->1168 1181->1177 1187 439122 1182->1187 1188 439119-439120 1182->1188 1191 439400-439403 1186->1191 1192 439125-439153 1187->1192 1188->1192 1193 4393d5 call 4733a0 1189->1193 1194 439269-439292 1189->1194 1195 439670-439673 1191->1195 1196 439409 1191->1196 1192->1191 1193->1174 1199 439298-4392a7 1194->1199 1200 4393bd-4393cb 1194->1200 1203 439679-439683 1195->1203 1204 43992f-4399a0 call 438ea0 1195->1204 1201 439b25-439b2b call 4733a0 1196->1201 1202 43940f-439416 1196->1202 1209 4393ad-4393b8 1199->1209 1210 4392ad-4393a8 call 447540 call 447e40 call 447c40 call 447e40 call 447c40 call 447e40 call 447b40 call 447e40 call 447b40 call 447e40 call 447b40 call 447e40 call 4475c0 call 447540 call 447e40 call 447b40 call 4477a0 call 4475c0 call 445dc0 1199->1210 1200->1193 1201->1181 1211 439418-43941a 1202->1211 1212 43941c-4394d4 1202->1212 1205 439916-43992e 1203->1205 1206 439689-4396b4 1203->1206 1220 439a75-439a83 1204->1220 1214 4396b6-4396bc 1206->1214 1215 4396be-4396da 1206->1215 1210->1209 1211->1186 1223 4394da-4394e0 1212->1223 1224 43960d-439668 1212->1224 1219 4396e1-4396eb 1214->1219 1215->1219 1227 4396f5-4396f9 1219->1227 1228 4396ed-4396f3 1219->1228 1225 439a89-439abb 1220->1225 1226 439b0f-439b20 call 445dc0 1220->1226 1230 4394e2-4394e7 1223->1230 1231 4394e9-4394fd 1223->1231 1224->1195 1232 439ac5-439ade 1225->1232 1233 439abd-439ac3 1225->1233 1226->1201 1234 439700-439911 call 447540 call 447e40 call 447c40 call 447e40 call 447c40 call 447e40 call 447b40 call 447e40 call 447b40 call 447e40 call 447b40 call 4477a0 call 4475c0 call 447540 call 447e40 call 447c40 call 447e40 call 447b40 call 447e40 call 447c40 call 4477a0 call 4475c0 call 447540 call 447e40 call 447ca0 call 447e40 call 447c40 call 4477a0 call 4475c0 call 447540 call 447e40 call 447b40 call 447e40 call 447b40 call 4477a0 call 4475c0 1227->1234 1228->1234 1238 439500-439503 1230->1238 1231->1238 1239 439ae1-439af3 1232->1239 1233->1239 1234->1220 1242 439019-439038 1238->1242 1243 439509-43950c 1238->1243 1244 439af5-439afa 1239->1244 1245 439aff-439b03 1239->1245 1242->1170 1248 43951a-439535 1243->1248 1249 43950e-439518 1243->1249 1245->1226 1253 43953b 1248->1253 1254 4395b8-439608 1248->1254 1252 439540 1249->1252 1257 439542-43954b 1252->1257 1258 43954d-439558 1252->1258 1253->1252 1254->1186 1261 43955c-4395b3 1257->1261 1258->1261 1261->1186
    Strings
    • , j0 = 19531252.5.4.32.5.4.52.5.4.62.5.4.72.5.4.82.5.4.99765625AvestanBengaliBrailleCLOSINGCP00858CP01140CP01141CP01142CP01143CP01144CP01145CP01146CP01147CP01148CP01149ChanDirConvertCopySidCypriotDOS-720DOS-862DeseretElbasanElymaicEpsilonFreeSidGB18030GODEBUGG, xrefs: 004397FA
    • , i = , not .err.0/../..390625<-chanAacuteAgraveAnswerArabicAtildeAugustBrahmiCLIENTCLOSEDCP1026CP1251CarianCcedilChakmaCommonCopticDELETEDaggerEUC-JPEUC-KREacuteEgraveFormatFridayGB2312GOROOTGetACPGothicHangulHatranHebrewHyphenIBM037IBM273IBM277IBM278IBM280IB, xrefs: 00439865
    • runtime: npages = runtime: range = {segmentation faultsequence truncatedstreams pipe errorsystem page size (tracebackancestorstruncated sequenceuse of closed filevalue out of range called using nil *, g->atomicstatus=, gp->atomicstatus=14901161193847656252006, xrefs: 0043936F
    • ] = ] n=allgallpaposasn1aumlavx2basebetabindbmi1bmi2boolbullcallcas1cas2cas3cas4cas5cas6centchancirccongcopydArrdarrdeademspenspermseumleurofilefnofftpsfunchArrharrhourhttpicmpidleigmpinetint8iotaisinitabiumljsonkindlArrlanglarrmacrnbspnsubnullopenordfordmouml, xrefs: 0043974F
    • bad summary databad symbol tablecastogscanstatuscontext canceledcsISOLatinArabiccsISOLatinHebrewcsPC8CodePage437division by zeroflush cache loggc: unswept spangcshrinkstackoffget path failed integer overflowinvalid argumentinvalid exchangeinvalid g statusinva, xrefs: 0043939C, 00439B0F
    • runtime: levelShift[level] = runtime: marking free object runtime: p.gcMarkWorkerMode= runtime: split stack overflowruntime: sudog with non-nil cruntime: summary max pages = runtime: unknown pc in defer semacquire not on the G stackset device info name %s id %, xrefs: 004398C5
    • runtime: summary[runtime: textOff runtime: typeOff scanobject n == 0select (no cases)stack: frame={sp:swept cached spanthread exhaustiontrigger underflowunknown caller pcunknown func typeunknown type kindwait for GC cyclewrong medium typewrong moduel type but, xrefs: 004392BC, 0043970A
    • runtime: p.searchAddr = span has no free objectsstack trace unavailablestructure needs cleaningwmi: invalid entity type bytes failed with errno= to unused region of span with too many arguments %s has only %d characters2006-01-02T15:04:05Z07:00291038304567337, xrefs: 00439845
    • , levelBits[level] = 186264514923095703125931322574615478515625AdjustTokenPrivilegesAlaskan Standard TimeAnatolian_HieroglyphsArabian Standard TimeBelarus Standard TimeCentral Standard TimeChangeServiceConfig2WClient connecting: %pDeregisterEventSourceEastern , xrefs: 004398E5
    • runtime: level = runtime: nameOff runtime: pointer runtime: summary[runtime: textOff runtime: typeOff scanobject n == 0select (no cases)stack: frame={sp:swept cached spanthread exhaustiontrigger underflowunknown caller pcunknown func typeunknown type kindwait , xrefs: 004397BE
    • ] = (acircacuteaeligalphaaringarrayasympbdquocedilcloseclubscp-arcp-grcp-iscp037cp277cp278cp290cp297cp367cp420cp424cp437cp737cp775cp803cp819cp838cp850cp851cp852cp855cp856cp857cp858cp860cp861cp862cp863cp864cp865cp866cp869cp874cp875cp916cp922cp932cp949cp970cpu%d, xrefs: 004392F5
    • , npages = /dev/stderr/dev/stdout30517578125: frame.sp=BLAKE2b-256BLAKE2b-384BLAKE2b-512BLAKE2s-256ClassHESIODCloseHandleCoGetObjectCreateFileWDEVICE INFODeleteFileWDives_AkuruESTABLISHEDExitProcessFreeConsoleFreeLibraryGOTRACEBACKGetFileTypeGetIfEntry2GetMess, xrefs: 004397DC
    Memory Dump Source
    • Source File: 00000000.00000002.1491953205.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
    • Associated: 00000000.00000002.1491897069.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492053005.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000568000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000059A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005B6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005D6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005F6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000602000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000610000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000622000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492852298.0000000000626000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492866092.0000000000629000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493520914.000000000062F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493536412.0000000000631000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000649000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000652000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000656000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000659000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000065C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494465228.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007BD000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007E7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007EE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000815000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000818000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494907083.000000000081D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1495023982.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_410000_SecuriteInfo.jbxd
    Similarity
    • API ID:
    • String ID: , i = , not .err.0/../..390625<-chanAacuteAgraveAnswerArabicAtildeAugustBrahmiCLIENTCLOSEDCP1026CP1251CarianCcedilChakmaCommonCopticDELETEDaggerEUC-JPEUC-KREacuteEgraveFormatFridayGB2312GOROOTGetACPGothicHangulHatranHebrewHyphenIBM037IBM273IBM277IBM278IBM280IB$, j0 = 19531252.5.4.32.5.4.52.5.4.62.5.4.72.5.4.82.5.4.99765625AvestanBengaliBrailleCLOSINGCP00858CP01140CP01141CP01142CP01143CP01144CP01145CP01146CP01147CP01148CP01149ChanDirConvertCopySidCypriotDOS-720DOS-862DeseretElbasanElymaicEpsilonFreeSidGB18030GODEBUGG$, levelBits[level] = 186264514923095703125931322574615478515625AdjustTokenPrivilegesAlaskan Standard TimeAnatolian_HieroglyphsArabian Standard TimeBelarus Standard TimeCentral Standard TimeChangeServiceConfig2WClient connecting: %pDeregisterEventSourceEastern $, npages = /dev/stderr/dev/stdout30517578125: frame.sp=BLAKE2b-256BLAKE2b-384BLAKE2b-512BLAKE2s-256ClassHESIODCloseHandleCoGetObjectCreateFileWDEVICE INFODeleteFileWDives_AkuruESTABLISHEDExitProcessFreeConsoleFreeLibraryGOTRACEBACKGetFileTypeGetIfEntry2GetMess$] = (acircacuteaeligalphaaringarrayasympbdquocedilcloseclubscp-arcp-grcp-iscp037cp277cp278cp290cp297cp367cp420cp424cp437cp737cp775cp803cp819cp838cp850cp851cp852cp855cp856cp857cp858cp860cp861cp862cp863cp864cp865cp866cp869cp874cp875cp916cp922cp932cp949cp970cpu%d$] = ] n=allgallpaposasn1aumlavx2basebetabindbmi1bmi2boolbullcallcas1cas2cas3cas4cas5cas6centchancirccongcopydArrdarrdeademspenspermseumleurofilefnofftpsfunchArrharrhourhttpicmpidleigmpinetint8iotaisinitabiumljsonkindlArrlanglarrmacrnbspnsubnullopenordfordmouml$bad summary databad symbol tablecastogscanstatuscontext canceledcsISOLatinArabiccsISOLatinHebrewcsPC8CodePage437division by zeroflush cache loggc: unswept spangcshrinkstackoffget path failed integer overflowinvalid argumentinvalid exchangeinvalid g statusinva$runtime: level = runtime: nameOff runtime: pointer runtime: summary[runtime: textOff runtime: typeOff scanobject n == 0select (no cases)stack: frame={sp:swept cached spanthread exhaustiontrigger underflowunknown caller pcunknown func typeunknown type kindwait $runtime: levelShift[level] = runtime: marking free object runtime: p.gcMarkWorkerMode= runtime: split stack overflowruntime: sudog with non-nil cruntime: summary max pages = runtime: unknown pc in defer semacquire not on the G stackset device info name %s id %$runtime: npages = runtime: range = {segmentation faultsequence truncatedstreams pipe errorsystem page size (tracebackancestorstruncated sequenceuse of closed filevalue out of range called using nil *, g->atomicstatus=, gp->atomicstatus=14901161193847656252006$runtime: p.searchAddr = span has no free objectsstack trace unavailablestructure needs cleaningwmi: invalid entity type bytes failed with errno= to unused region of span with too many arguments %s has only %d characters2006-01-02T15:04:05Z07:00291038304567337$runtime: summary[runtime: textOff runtime: typeOff scanobject n == 0select (no cases)stack: frame={sp:swept cached spanthread exhaustiontrigger underflowunknown caller pcunknown func typeunknown type kindwait for GC cyclewrong medium typewrong moduel type but
    • API String ID: 0-1825740063
    • Opcode ID: 02301c97a973a49a8bf4dabb7862ff93d51222afa01ffa441ab12622a1633a1c
    • Instruction ID: 96eb84ceed6cc5bb517a5abe8fda4c3fbc688cc6e21fba895f212724bb9791ea
    • Opcode Fuzzy Hash: 02301c97a973a49a8bf4dabb7862ff93d51222afa01ffa441ab12622a1633a1c
    • Instruction Fuzzy Hash: 6B329E76318BC481EB209B12E8423DAA365F789BC4F549527DE8D07B5ADF7CC856CB04
    Function 0041C280 Relevance: 15.3, Strings: 12, Instructions: 339COMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 1356 41c280-41c289 1357 41c8f0-41c909 call 470c80 1356->1357 1358 41c28f-41c2e3 call 41ddc0 1356->1358 1357->1356 1363 41c2e5-41c2f2 1358->1363 1364 41c2f7 1358->1364 1365 41c5dc-41c5e6 1363->1365 1366 41c2fc-41c325 1364->1366 1367 41c6d9-41c6e9 1365->1367 1368 41c5ec-41c60d 1365->1368 1369 41c34e-41c368 1366->1369 1370 41c6eb-41c6ee 1367->1370 1371 41c61d-41c636 1368->1371 1372 41c60f-41c61b 1368->1372 1373 41c536-41c548 1369->1373 1374 41c36e-41c379 1369->1374 1375 41c6f4-41c708 call 41c920 1370->1375 1376 41c79d-41c7a7 1370->1376 1378 41c638-41c63a 1371->1378 1379 41c63c-41c66a call 428040 1371->1379 1377 41c674-41c67a 1372->1377 1380 41c59a-41c5a2 call 4733c0 1374->1380 1381 41c37f-41c39a 1374->1381 1407 41c839-41c84c 1375->1407 1408 41c70e-41c79a call 429080 * 2 1375->1408 1382 41c7c2-41c7db 1376->1382 1383 41c7a9-41c7c0 1376->1383 1384 41c6c5-41c6d7 1377->1384 1385 41c67c-41c683 1377->1385 1378->1377 1379->1377 1392 41c5a7-41c5d9 1380->1392 1389 41c3f0-41c405 1381->1389 1390 41c39c-41c3b8 call 41d9e0 1381->1390 1394 41c7dd-41c7ea 1382->1394 1395 41c7ec-41c81c 1382->1395 1391 41c820-41c823 1383->1391 1384->1370 1385->1392 1393 41c689-41c6c0 call 427f00 1385->1393 1396 41c578-41c584 call 445dc0 1389->1396 1397 41c40b-41c430 call 41ddc0 1389->1397 1409 41c589-41c595 call 445dc0 1390->1409 1410 41c3be-41c3e6 1390->1410 1405 41c825-41c82c 1391->1405 1406 41c85e-41c8ef call 447540 call 447e40 call 447ca0 call 447e40 call 447ca0 call 447e40 * 2 call 4477a0 call 4475c0 call 445dc0 1391->1406 1392->1365 1393->1392 1394->1391 1395->1391 1396->1409 1418 41c451-41c467 1397->1418 1419 41c432-41c44b call 41d9e0 1397->1419 1413 41c84d-41c859 call 445dc0 1405->1413 1414 41c82e-41c834 1405->1414 1406->1357 1408->1376 1409->1380 1410->1389 1413->1406 1414->1366 1424 41c506-41c51b 1418->1424 1425 41c46d-41c479 1418->1425 1419->1418 1437 41c567-41c573 call 445dc0 1419->1437 1428 41c551 call 473420 1424->1428 1429 41c51d-41c52e 1424->1429 1431 41c482-41c4a3 call 41d9e0 1425->1431 1432 41c47b 1425->1432 1443 41c556-41c562 call 445dc0 1428->1443 1435 41c534-41c54c call 4733a0 1429->1435 1436 41c327-41c34b 1429->1436 1431->1443 1449 41c4a9-41c4ee 1431->1449 1432->1431 1435->1428 1436->1369 1437->1396 1443->1437 1450 41c501 1449->1450 1451 41c4f0-41c4f9 call 473d00 1449->1451 1450->1424 1451->1450
    Strings
    • out of memory allocating heap arena metadatareflect: funcLayout with interface receiver reflect: slice length out of range in SetLenruntime: lfstack.push invalid packing: node=use of WriteTo with pre-connected connectionSecurebox instance 'INSTALL CONFIG' unko, xrefs: 0041C567
    • arena already initializedbad status in shrinkstackbad system huge page sizechansend: spurious wakeupcheckdead: no m for timerexplicit tag has no childinconsistent poll.fdMutexinvalid cross-device linkinvalid network interfacejson: Unexpected key typejson: unsu, xrefs: 0041C578
    • out of memory allocating allArenasreflect: ChanDir of non-chan type reflect: Field index out of boundsreflect: Field of non-struct type reflect: string index out of rangeruntime.SetFinalizer: cannot pass runtime: g is running but p is notruntime: unexpected re, xrefs: 0041C556
    • memory reservation exceeds address space limitpanicwrap: unexpected string after type name: reflect.Value.Slice: slice index out of boundsreleased less than one physical page of memoryruntime: failed to create new OS thread (have runtime: name offset base poin, xrefs: 0041C8DE
    • out of memory allocating heap arena mapreflect.MakeMapWithSize of non-map typeruntime: blocked write on free polldescruntime: casfrom_Gscanstatus failed gp=stack growth not allowed in system callsuspendG from non-preemptible goroutinetags don't match (%d vs %+, xrefs: 0041C589
    • !, xrefs: 0041C7DD
    • runtime: memory allocated by OS [runtime: name offset out of rangeruntime: text offset out of rangeruntime: type offset out of rangeslice bounds out of range [%x:%y]stackalloc not on scheduler stackstoplockedm: inconsistent lockingstruct contains unexported fi, xrefs: 0041C877
    • misrounded allocation in sysAllocreflect.nameFrom: name too long: reflect: Field index out of rangereflect: NumOut of non-func type reflect: array index out of rangereflect: slice index out of rangeregexp: unhandled case in compileruntime: castogscanstatus old, xrefs: 0041C84D
    • region exceeds uintptr rangeruntime.semasleep unexpectedruntime: bad lfnode address runtime: casgstatus: oldval=runtime: no module data for save on system g not allowedservice receive exit signal:unexpected end of JSON inputunreserving unaligned regionx509: in, xrefs: 0041C7B9
    • base outside usable address spaceconcurrent map read and map writecrypto/aes: output not full blockfindrunnable: negative nmspinningfreeing stack not in a stack spanfunction running timeout(%ds), %pheapBitsSetType: unexpected shiftindefinite length found (not , xrefs: 0041C7E3
    • end outside usable address spacein literal false (expecting 'a')in literal false (expecting 'e')in literal false (expecting 'l')in literal false (expecting 's')integer is not minimally encodedinternal error: bigIntToFiatP521numerical argument out of domainpani, xrefs: 0041C811
    • ) not in usable address space: ...additional frames elided....lib section in a.out corrupted11368683772161602973937988281255684341886080801486968994140625Central Brazilian Standard TimeIgnore duplicate token updates.Mountain Standard Time (Mexico)Securebox in, xrefs: 0041C8AF
    Memory Dump Source
    • Source File: 00000000.00000002.1491953205.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
    • Associated: 00000000.00000002.1491897069.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492053005.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000568000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000059A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005B6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005D6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005F6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000602000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000610000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000622000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492852298.0000000000626000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492866092.0000000000629000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493520914.000000000062F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493536412.0000000000631000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000649000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000652000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000656000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000659000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000065C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494465228.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007BD000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007E7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007EE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000815000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000818000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494907083.000000000081D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1495023982.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_410000_SecuriteInfo.jbxd
    Similarity
    • API ID:
    • String ID: !$) not in usable address space: ...additional frames elided....lib section in a.out corrupted11368683772161602973937988281255684341886080801486968994140625Central Brazilian Standard TimeIgnore duplicate token updates.Mountain Standard Time (Mexico)Securebox in$arena already initializedbad status in shrinkstackbad system huge page sizechansend: spurious wakeupcheckdead: no m for timerexplicit tag has no childinconsistent poll.fdMutexinvalid cross-device linkinvalid network interfacejson: Unexpected key typejson: unsu$base outside usable address spaceconcurrent map read and map writecrypto/aes: output not full blockfindrunnable: negative nmspinningfreeing stack not in a stack spanfunction running timeout(%ds), %pheapBitsSetType: unexpected shiftindefinite length found (not $end outside usable address spacein literal false (expecting 'a')in literal false (expecting 'e')in literal false (expecting 'l')in literal false (expecting 's')integer is not minimally encodedinternal error: bigIntToFiatP521numerical argument out of domainpani$memory reservation exceeds address space limitpanicwrap: unexpected string after type name: reflect.Value.Slice: slice index out of boundsreleased less than one physical page of memoryruntime: failed to create new OS thread (have runtime: name offset base poin$misrounded allocation in sysAllocreflect.nameFrom: name too long: reflect: Field index out of rangereflect: NumOut of non-func type reflect: array index out of rangereflect: slice index out of rangeregexp: unhandled case in compileruntime: castogscanstatus old$out of memory allocating allArenasreflect: ChanDir of non-chan type reflect: Field index out of boundsreflect: Field of non-struct type reflect: string index out of rangeruntime.SetFinalizer: cannot pass runtime: g is running but p is notruntime: unexpected re$out of memory allocating heap arena mapreflect.MakeMapWithSize of non-map typeruntime: blocked write on free polldescruntime: casfrom_Gscanstatus failed gp=stack growth not allowed in system callsuspendG from non-preemptible goroutinetags don't match (%d vs %+$out of memory allocating heap arena metadatareflect: funcLayout with interface receiver reflect: slice length out of range in SetLenruntime: lfstack.push invalid packing: node=use of WriteTo with pre-connected connectionSecurebox instance 'INSTALL CONFIG' unko$region exceeds uintptr rangeruntime.semasleep unexpectedruntime: bad lfnode address runtime: casgstatus: oldval=runtime: no module data for save on system g not allowedservice receive exit signal:unexpected end of JSON inputunreserving unaligned regionx509: in$runtime: memory allocated by OS [runtime: name offset out of rangeruntime: text offset out of rangeruntime: type offset out of rangeslice bounds out of range [%x:%y]stackalloc not on scheduler stackstoplockedm: inconsistent lockingstruct contains unexported fi
    • API String ID: 0-2421829210
    • Opcode ID: 0767668c698cd23d1c3f2b0b5f03a6f67e74a0c1b21019b5720b0e1381f1a7da
    • Instruction ID: a578092e92fa99ab21110640c87578b1276e3a0317eb9cc38be78f8e2966b65a
    • Opcode Fuzzy Hash: 0767668c698cd23d1c3f2b0b5f03a6f67e74a0c1b21019b5720b0e1381f1a7da
    • Instruction Fuzzy Hash: 76E1CA72748B8482DB209B16E8803DAA365F749B94F84822BEFAC53B85DF3CD591C744
    Function 004330C0 Relevance: 14.4, Strings: 11, Instructions: 652COMMON
    Download Yara Rule
    Strings
    • mspan.sweep: m is not lockedneed padding in bucket (key)newproc1: new g is not Gdeadnewproc1: newg missing stackos: process already finishedprotocol driver not attachedreflect.MakeSlice: len > capregion exceeds uintptr rangeruntime.semasleep unexpectedruntime:, xrefs: 00433C3B
    • sweepgen= targetpc= throwing= until pc=%!Weekday(, bound = , limit = /dev/stdin12207031256103515625: parsing AdditionalBad varintBaltic RimCCSID00858CCSID01140CCSID01141CCSID01142CCSID01143CCSID01144CCSID01145CCSID01146CCSID01147CCSID01148CCSID01149CLOSE_WAIT, xrefs: 00433826, 00433BE5
    • swept cached spanthread exhaustiontrigger underflowunknown caller pcunknown func typeunknown type kindwait for GC cyclewrong medium typewrong moduel type but memory size because dotdotdot in async preempt to non-Go memory , locked to thread29802322387695312, xrefs: 004337EA
    • mheap.sweepgen= not in ranges: untyped locals , not a function0123456789ABCDEF0123456789abcdef2384185791015625: value of type CoCreateInstanceConnectNamedPipeCreateDirectoryWCreateJobObjectWCreateNamedPipeWDefineDosDeviceWDispatchMessageWDnsNameCompare_WDupl, xrefs: 00433845, 00433C05
    • mspan.sweep: bad span statenot a XENIX named type fileprogToPointerMask: overflowrunlock of unlocked rwmutexruntime: asyncPreemptStack=runtime: checkdead: find g runtime: checkdead: nmidle=runtime: corrupted polldescruntime: netpollinit failedruntime: thread I, xrefs: 00433C2A
    • mspan.sweep: bad span state after sweepout of memory allocating heap arena mapreflect.MakeMapWithSize of non-map typeruntime: blocked write on free polldescruntime: casfrom_Gscanstatus failed gp=stack growth not allowed in system callsuspendG from non-preempti, xrefs: 0043386A
    • nalloc= newval= nfreed= packed= pointer stack=[ status %!Month(.probe.02.5.4.102.5.4.112.5.4.1748828125API HOOKASMO-708AcceptExArmenianBalineseBopomofoBugineseCancelIoCherokeeClassANYCyrillicDecemberDuployanECMA-114ECMA-118ELOT_928EqualSidEthiopicExtenderFebr, xrefs: 004338AF
    • runtime: nelems=schedule: in cgostart cache logsystem version: time: bad [0-9]*workbuf is empty{"state": false} initialHeapLive= spinningthreads=%%!%c(big.Int=%s), p.searchAddr = 0123456789ABCDEFX0123456789abcdefx060102150405Z070011920928955078125596046447753, xrefs: 0043388F
    • previous allocCount=%s flag redefined: %s, levelBits[level] = 186264514923095703125931322574615478515625AdjustTokenPrivilegesAlaskan Standard TimeAnatolian_HieroglyphsArabian Standard TimeBelarus Standard TimeCentral Standard TimeChangeServiceConfig2WClient c, xrefs: 004338D2
    • sweep increased allocation countsync: negative WaitGroup counteruse of closed network connectionx509: unsupported elliptic curve of method on nil interface value to pointer to array with length %s ciphertext len:0, drop message142108547152020037174224853515625, xrefs: 0043391C
    • mspan.sweep: state=not implemented yetnotesleep not on g0ntdll.dll not foundnwait > work.nprocspanic during mallocpanic during panicpanic holding lockspanicwrap: no ( in panicwrap: no ) in reflect.Value.Fieldreflect.Value.Floatreflect.Value.Indexreflect.Value, xrefs: 00433808, 00433BC5
    Memory Dump Source
    • Source File: 00000000.00000002.1491953205.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
    • Associated: 00000000.00000002.1491897069.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492053005.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000568000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000059A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005B6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005D6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005F6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000602000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000610000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000622000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492852298.0000000000626000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492866092.0000000000629000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493520914.000000000062F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493536412.0000000000631000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000649000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000652000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000656000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000659000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000065C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494465228.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007BD000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007E7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007EE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000815000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000818000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494907083.000000000081D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1495023982.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_410000_SecuriteInfo.jbxd
    Similarity
    • API ID:
    • String ID: mheap.sweepgen= not in ranges: untyped locals , not a function0123456789ABCDEF0123456789abcdef2384185791015625: value of type CoCreateInstanceConnectNamedPipeCreateDirectoryWCreateJobObjectWCreateNamedPipeWDefineDosDeviceWDispatchMessageWDnsNameCompare_WDupl$ nalloc= newval= nfreed= packed= pointer stack=[ status %!Month(.probe.02.5.4.102.5.4.112.5.4.1748828125API HOOKASMO-708AcceptExArmenianBalineseBopomofoBugineseCancelIoCherokeeClassANYCyrillicDecemberDuployanECMA-114ECMA-118ELOT_928EqualSidEthiopicExtenderFebr$ previous allocCount=%s flag redefined: %s, levelBits[level] = 186264514923095703125931322574615478515625AdjustTokenPrivilegesAlaskan Standard TimeAnatolian_HieroglyphsArabian Standard TimeBelarus Standard TimeCentral Standard TimeChangeServiceConfig2WClient c$ sweepgen= targetpc= throwing= until pc=%!Weekday(, bound = , limit = /dev/stdin12207031256103515625: parsing AdditionalBad varintBaltic RimCCSID00858CCSID01140CCSID01141CCSID01142CCSID01143CCSID01144CCSID01145CCSID01146CCSID01147CCSID01148CCSID01149CLOSE_WAIT$mspan.sweep: bad span state after sweepout of memory allocating heap arena mapreflect.MakeMapWithSize of non-map typeruntime: blocked write on free polldescruntime: casfrom_Gscanstatus failed gp=stack growth not allowed in system callsuspendG from non-preempti$mspan.sweep: bad span statenot a XENIX named type fileprogToPointerMask: overflowrunlock of unlocked rwmutexruntime: asyncPreemptStack=runtime: checkdead: find g runtime: checkdead: nmidle=runtime: corrupted polldescruntime: netpollinit failedruntime: thread I$mspan.sweep: m is not lockedneed padding in bucket (key)newproc1: new g is not Gdeadnewproc1: newg missing stackos: process already finishedprotocol driver not attachedreflect.MakeSlice: len > capregion exceeds uintptr rangeruntime.semasleep unexpectedruntime:$mspan.sweep: state=not implemented yetnotesleep not on g0ntdll.dll not foundnwait > work.nprocspanic during mallocpanic during panicpanic holding lockspanicwrap: no ( in panicwrap: no ) in reflect.Value.Fieldreflect.Value.Floatreflect.Value.Indexreflect.Value$runtime: nelems=schedule: in cgostart cache logsystem version: time: bad [0-9]*workbuf is empty{"state": false} initialHeapLive= spinningthreads=%%!%c(big.Int=%s), p.searchAddr = 0123456789ABCDEFX0123456789abcdefx060102150405Z070011920928955078125596046447753$sweep increased allocation countsync: negative WaitGroup counteruse of closed network connectionx509: unsupported elliptic curve of method on nil interface value to pointer to array with length %s ciphertext len:0, drop message142108547152020037174224853515625$swept cached spanthread exhaustiontrigger underflowunknown caller pcunknown func typeunknown type kindwait for GC cyclewrong medium typewrong moduel type but memory size because dotdotdot in async preempt to non-Go memory , locked to thread29802322387695312
    • API String ID: 0-2931328089
    • Opcode ID: f023b04681e510b1cdf1c6bb5176b16f294356edb3b30a6543fe853baa58b311
    • Instruction ID: ac3766b89771d426117235db681d72ab758a46e352c219d3ad58ad22dcc8fb30
    • Opcode Fuzzy Hash: f023b04681e510b1cdf1c6bb5176b16f294356edb3b30a6543fe853baa58b311
    • Instruction Fuzzy Hash: F452CF72208A9086DB20DF16E44036EBBA5F789B85F44A157EBCD43B56CF3CCA95CB44
    Function 00411180 Relevance: 13.7, APIs: 9, Instructions: 189sleepstringCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1491953205.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
    • Associated: 00000000.00000002.1491897069.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492053005.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000568000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000059A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005B6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005D6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005F6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000602000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000610000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000622000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492852298.0000000000626000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492866092.0000000000629000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493520914.000000000062F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493536412.0000000000631000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000649000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000652000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000656000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000659000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000065C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494465228.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007BD000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007E7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007EE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000815000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000818000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494907083.000000000081D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1495023982.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_410000_SecuriteInfo.jbxd
    Similarity
    • API ID: malloc$ExceptionFilterInfoSleepStartupUnhandled_cexitmemcpystrlen
    • String ID:
    • API String ID: 1640792405-0
    • Opcode ID: fde0332488137e47c2b56a20ca4133480e3e961fd551625dc4256b5a38d14beb
    • Instruction ID: 5c222e5a35cf0c44317175704b4f863aaf6fb5df81595f1868b6ce3ee3dafe1e
    • Opcode Fuzzy Hash: fde0332488137e47c2b56a20ca4133480e3e961fd551625dc4256b5a38d14beb
    • Instruction Fuzzy Hash: C971DC31B04B0496EB24AF16E8957AA37A1F749B81F848027DE4D93761EF3CE885C719
    Function 0045C140 Relevance: 11.7, Strings: 9, Instructions: 423COMMON
    Download Yara Rule
    Strings
    • args stack map entries for !#$%&()*+-./:;<=>?@[]^_{|}~ 18189894035458564758300781259094947017729282379150390625Aus Central W. Standard TimeCanada Central Standard TimeCen. Australia Standard TimeCentral Europe Standard TimeCertCreateCertificateContextEnglish , xrefs: 0045C645
    • untyped args %02d/%02d/%02d%02d:%02d:%02d%04d/%02d/%02d-thread limit1907348632812595367431640625: extra text: ANSI_X3.4-1968ANSI_X3.4-1986CertCloseStoreCoInitializeExCoUninitializeControlServiceCreateEventExWCreateMutexExWCreateProcessWCreateServiceWCryptGen, xrefs: 0045C708
    • (targetpc= KiB work, freeindex= gcwaiting= idleprocs= in status mallocing= ms clock, nBSSRoots= p->status= s.nelems= schedtick= span.list= timerslen=, elemsize=, npages = /dev/stderr/dev/stdout30517578125: frame.sp=BLAKE2b-256BLAKE2b-384BLAKE2b-512BLAKE2s, xrefs: 0045C668, 0045C7F7
    • runtime: pcdata is runtime: preempt g0semaRoot rotateLeftskip this directorystopm holding lockssysMemStat overflowtoo many open filesunexpected g statusunknown Go type: %vunknown hash value unknown wait reasonwinmm.dll not foundzero length segment markroot job, xrefs: 0045C607, 0045C78F
    • and cnt= h_a= h_g= h_t= max= ms, ptr siz= tab= top= u_a= u_g=%s:%d+0330+0430+0530+0545+0630+0845+1030+1245+1345, fp:-09301.0.01562578125<nil>AEligASCIIAcircAdlamAlphaAprilAringBamumBatakBuhidCP273CP280CP284CP285CP500CP868CP870CP871CP918Call DeltaDograEVENT, xrefs: 0045C625, 0045C7B1
    • bad symbol tablecastogscanstatuscontext canceledcsISOLatinArabiccsISOLatinHebrewcsPC8CodePage437division by zeroflush cache loggc: unswept spangcshrinkstackoffget path failed integer overflowinvalid argumentinvalid exchangeinvalid g statusinvalid spdelta iso_, xrefs: 0045C69B, 0045C82A
    • runtime: frame runtime: max = runtime: min = runtimer: bad pscan missed a gstartm: m has pstopm holding p{"state": true} already; errno= mheap.sweepgen= not in ranges: untyped locals , not a function0123456789ABCDEF0123456789abcdef2384185791015625: value of t, xrefs: 0045C6E5, 0045C869
    • locals stack map entries for /securebox/WsSecBoxCoreDll.dll227373675443232059478759765625Central European Standard TimeCentral Standard Time (Mexico)E. South America Standard TimeEastern Standard Time (Mexico)GODEBUG: unknown cpu feature "GetProcessPreferredU, xrefs: 0045C7CF
    • missing stackmapnewmHandoff.lockno route to hostnon-Go functionobject is remotepacer: H_m_prev=public key errorreflect mismatchregexp: Compile(remote I/O errorruntime: g: g=runtime: addr = runtime: base = runtime: gp: gp=runtime: head = runtime: nelems=sche, xrefs: 0045C74F, 0045C8D9
    Memory Dump Source
    • Source File: 00000000.00000002.1491953205.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
    • Associated: 00000000.00000002.1491897069.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492053005.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000568000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000059A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005B6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005D6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005F6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000602000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000610000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000622000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492852298.0000000000626000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492866092.0000000000629000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493520914.000000000062F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493536412.0000000000631000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000649000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000652000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000656000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000659000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000065C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494465228.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007BD000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007E7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007EE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000815000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000818000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494907083.000000000081D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1495023982.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_410000_SecuriteInfo.jbxd
    Similarity
    • API ID:
    • String ID: (targetpc= KiB work, freeindex= gcwaiting= idleprocs= in status mallocing= ms clock, nBSSRoots= p->status= s.nelems= schedtick= span.list= timerslen=, elemsize=, npages = /dev/stderr/dev/stdout30517578125: frame.sp=BLAKE2b-256BLAKE2b-384BLAKE2b-512BLAKE2s$ and cnt= h_a= h_g= h_t= max= ms, ptr siz= tab= top= u_a= u_g=%s:%d+0330+0430+0530+0545+0630+0845+1030+1245+1345, fp:-09301.0.01562578125<nil>AEligASCIIAcircAdlamAlphaAprilAringBamumBatakBuhidCP273CP280CP284CP285CP500CP868CP870CP871CP918Call DeltaDograEVENT$ args stack map entries for !#$%&()*+-./:;<=>?@[]^_{|}~ 18189894035458564758300781259094947017729282379150390625Aus Central W. Standard TimeCanada Central Standard TimeCen. Australia Standard TimeCentral Europe Standard TimeCertCreateCertificateContextEnglish $ locals stack map entries for /securebox/WsSecBoxCoreDll.dll227373675443232059478759765625Central European Standard TimeCentral Standard Time (Mexico)E. South America Standard TimeEastern Standard Time (Mexico)GODEBUG: unknown cpu feature "GetProcessPreferredU$ untyped args %02d/%02d/%02d%02d:%02d:%02d%04d/%02d/%02d-thread limit1907348632812595367431640625: extra text: ANSI_X3.4-1968ANSI_X3.4-1986CertCloseStoreCoInitializeExCoUninitializeControlServiceCreateEventExWCreateMutexExWCreateProcessWCreateServiceWCryptGen$bad symbol tablecastogscanstatuscontext canceledcsISOLatinArabiccsISOLatinHebrewcsPC8CodePage437division by zeroflush cache loggc: unswept spangcshrinkstackoffget path failed integer overflowinvalid argumentinvalid exchangeinvalid g statusinvalid spdelta iso_$missing stackmapnewmHandoff.lockno route to hostnon-Go functionobject is remotepacer: H_m_prev=public key errorreflect mismatchregexp: Compile(remote I/O errorruntime: g: g=runtime: addr = runtime: base = runtime: gp: gp=runtime: head = runtime: nelems=sche$runtime: frame runtime: max = runtime: min = runtimer: bad pscan missed a gstartm: m has pstopm holding p{"state": true} already; errno= mheap.sweepgen= not in ranges: untyped locals , not a function0123456789ABCDEF0123456789abcdef2384185791015625: value of t$runtime: pcdata is runtime: preempt g0semaRoot rotateLeftskip this directorystopm holding lockssysMemStat overflowtoo many open filesunexpected g statusunknown Go type: %vunknown hash value unknown wait reasonwinmm.dll not foundzero length segment markroot job
    • API String ID: 0-739361008
    • Opcode ID: cd96c83b6552302c6a08ad3912aa7b69c7c2fc2f05385d83a545fbcb3713cb56
    • Instruction ID: 0cb12d7675fb04f307861699b2936e3570d90cc4db49fb131793b228b9b8dd96
    • Opcode Fuzzy Hash: cd96c83b6552302c6a08ad3912aa7b69c7c2fc2f05385d83a545fbcb3713cb56
    • Instruction Fuzzy Hash: 93026176208B8489E720EB12E48135FB765F789B89F54952BEE8D07B16DF3CC849CB05
    Function 0042D4C0 Relevance: 9.1, Strings: 7, Instructions: 352COMMON
    Download Yara Rule
    Strings
    • scanstack: goroutine not stoppedslice bounds out of range [%x::]slice bounds out of range [:%x:]slice bounds out of range [::%x]software caused connection abortsweep increased allocation countsync: negative WaitGroup counteruse of closed network connectionx509, xrefs: 0042DA9A
    • , gp->atomicstatus=14901161193847656252006-01-02 15:04:0520060102150405Z07007450580596923828125Altai Standard TimeBahia Standard TimeCanadian_AboriginalChina Standard TimeCreateSymbolicLinkWCryptReleaseContextDisconnectNamedPipeEgypt Standard TimeGC work not f, xrefs: 0042D6F0, 0042DA6F, 0042DB05
    • runtime: gp=runtime: sp=self-preemptshort bufferspanSetSpinesweepWaiterstraceStringsunexpected )version infowindows-1250windows-1251windows-1252windows-1253windows-1254windows-1255windows-1256windows-1257windows-1258wirep: p->m=worker mode wtsapi32.dll != swee, xrefs: 0042D6B7, 0042DA30
    • can't scan our own stackconnection reset by peerdouble traceGCSweepStartfloating point exceptionfunction not implementedgcDrainN phase incorrectget system version fail:hash of unhashable type initSpan: unaligned basejson: unsupported type: level 2 not synchron, xrefs: 0042D9FB
    • runtime:scanstack: gp=s.freeindex > s.nelemsscanstack - bad statussend on closed channelspan has no free spacestack not a power of 2timer goroutine (idle)trace reader (blocked)trace: alloc too largeunexpected method stepwirep: invalid p statezero length BIT ST, xrefs: 0042DAC6
    • mark - bad statusmarkBits overflowmissing closing )missing closing ]nil resource bodyno data availablenotetsleepg on g0permission deniedpipe Listen startreflect.Value.Capreflect.Value.Intreflect.Value.Lenreflect: New(nil)reflect: call of runtime.newosprocrunti, xrefs: 0042D71A
    • , goid=, j0 = 19531252.5.4.32.5.4.52.5.4.62.5.4.72.5.4.82.5.4.99765625AvestanBengaliBrailleCLOSINGCP00858CP01140CP01141CP01142CP01143CP01144CP01145CP01146CP01147CP01148CP01149ChanDirConvertCopySidCypriotDOS-720DOS-862DeseretElbasanElymaicEpsilonFreeSidGB18030G, xrefs: 0042D6D5, 0042DA52, 0042DAE5
    Memory Dump Source
    • Source File: 00000000.00000002.1491953205.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
    • Associated: 00000000.00000002.1491897069.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492053005.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000568000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000059A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005B6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005D6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005F6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000602000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000610000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000622000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492852298.0000000000626000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492866092.0000000000629000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493520914.000000000062F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493536412.0000000000631000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000649000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000652000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000656000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000659000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000065C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494465228.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007BD000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007E7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007EE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000815000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000818000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494907083.000000000081D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1495023982.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_410000_SecuriteInfo.jbxd
    Similarity
    • API ID:
    • String ID: , goid=, j0 = 19531252.5.4.32.5.4.52.5.4.62.5.4.72.5.4.82.5.4.99765625AvestanBengaliBrailleCLOSINGCP00858CP01140CP01141CP01142CP01143CP01144CP01145CP01146CP01147CP01148CP01149ChanDirConvertCopySidCypriotDOS-720DOS-862DeseretElbasanElymaicEpsilonFreeSidGB18030G$, gp->atomicstatus=14901161193847656252006-01-02 15:04:0520060102150405Z07007450580596923828125Altai Standard TimeBahia Standard TimeCanadian_AboriginalChina Standard TimeCreateSymbolicLinkWCryptReleaseContextDisconnectNamedPipeEgypt Standard TimeGC work not f$can't scan our own stackconnection reset by peerdouble traceGCSweepStartfloating point exceptionfunction not implementedgcDrainN phase incorrectget system version fail:hash of unhashable type initSpan: unaligned basejson: unsupported type: level 2 not synchron$mark - bad statusmarkBits overflowmissing closing )missing closing ]nil resource bodyno data availablenotetsleepg on g0permission deniedpipe Listen startreflect.Value.Capreflect.Value.Intreflect.Value.Lenreflect: New(nil)reflect: call of runtime.newosprocrunti$runtime: gp=runtime: sp=self-preemptshort bufferspanSetSpinesweepWaiterstraceStringsunexpected )version infowindows-1250windows-1251windows-1252windows-1253windows-1254windows-1255windows-1256windows-1257windows-1258wirep: p->m=worker mode wtsapi32.dll != swee$runtime:scanstack: gp=s.freeindex > s.nelemsscanstack - bad statussend on closed channelspan has no free spacestack not a power of 2timer goroutine (idle)trace reader (blocked)trace: alloc too largeunexpected method stepwirep: invalid p statezero length BIT ST$scanstack: goroutine not stoppedslice bounds out of range [%x::]slice bounds out of range [:%x:]slice bounds out of range [::%x]software caused connection abortsweep increased allocation countsync: negative WaitGroup counteruse of closed network connectionx509
    • API String ID: 0-1098542095
    • Opcode ID: fb5d90b982a8756d068d5c40ad8b223ee3cb3d804b9bcb83adfb773a0825bba9
    • Instruction ID: 5854ed7a6480f1c97c207e954d70b70e287e8400e4bef61e58ad41bb716a23a8
    • Opcode Fuzzy Hash: fb5d90b982a8756d068d5c40ad8b223ee3cb3d804b9bcb83adfb773a0825bba9
    • Instruction Fuzzy Hash: 01F16E72708B9086EB20DB16F48139EB765F789784F94952BDA8C07B6ACF3CC485CB45
    Function 00446780 Relevance: 9.0, Strings: 7, Instructions: 286COMMON
    Download Yara Rule
    Strings
    • , g->atomicstatus=, gp->atomicstatus=14901161193847656252006-01-02 15:04:0520060102150405Z07007450580596923828125Altai Standard TimeBahia Standard TimeCanadian_AboriginalChina Standard TimeCreateSymbolicLinkWCryptReleaseContextDisconnectNamedPipeEgypt Standar, xrefs: 00446C70
    • invalid g statusinvalid spdelta iso_8859-10:1992iso_8859-11:2001length too largemSpanList.insertmSpanList.removemaccentraleuropemessage too longmissing stackmapnewmHandoff.lockno route to hostnon-Go functionobject is remotepacer: H_m_prev=public key errorrefl, xrefs: 00446C9A
    • , gp->atomicstatus=14901161193847656252006-01-02 15:04:0520060102150405Z07007450580596923828125Altai Standard TimeBahia Standard TimeCanadian_AboriginalChina Standard TimeCreateSymbolicLinkWCryptReleaseContextDisconnectNamedPipeEgypt Standard TimeGC work not f, xrefs: 00446BEF
    • runtime: gp: gp=runtime: head = runtime: nelems=schedule: in cgostart cache logsystem version: time: bad [0-9]*workbuf is empty{"state": false} initialHeapLive= spinningthreads=%%!%c(big.Int=%s), p.searchAddr = 0123456789ABCDEFX0123456789abcdefx060102150405Z0, xrefs: 00446BB5
    • suspendG from non-preemptible goroutinetags don't match (%d vs %+v) %+v %s @%dtraceback: unexpected SPWRITE function trailing backslash at end of expressiontransport endpoint is already connected13877787807814456755295395851135253906256938893903907228377647697, xrefs: 00446CAB
    • runtime: g: g=runtime: addr = runtime: base = runtime: gp: gp=runtime: head = runtime: nelems=schedule: in cgostart cache logsystem version: time: bad [0-9]*workbuf is empty{"state": false} initialHeapLive= spinningthreads=%%!%c(big.Int=%s), p.searchAddr = , xrefs: 00446C3A
    • , goid=, j0 = 19531252.5.4.32.5.4.52.5.4.62.5.4.72.5.4.82.5.4.99765625AvestanBengaliBrailleCLOSINGCP00858CP01140CP01141CP01142CP01143CP01144CP01145CP01146CP01147CP01148CP01149ChanDirConvertCopySidCypriotDOS-720DOS-862DeseretElbasanElymaicEpsilonFreeSidGB18030G, xrefs: 00446BD0, 00446C55
    Memory Dump Source
    • Source File: 00000000.00000002.1491953205.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
    • Associated: 00000000.00000002.1491897069.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492053005.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000568000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000059A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005B6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005D6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005F6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000602000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000610000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000622000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492852298.0000000000626000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492866092.0000000000629000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493520914.000000000062F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493536412.0000000000631000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000649000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000652000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000656000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000659000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000065C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494465228.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007BD000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007E7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007EE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000815000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000818000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494907083.000000000081D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1495023982.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_410000_SecuriteInfo.jbxd
    Similarity
    • API ID:
    • String ID: , g->atomicstatus=, gp->atomicstatus=14901161193847656252006-01-02 15:04:0520060102150405Z07007450580596923828125Altai Standard TimeBahia Standard TimeCanadian_AboriginalChina Standard TimeCreateSymbolicLinkWCryptReleaseContextDisconnectNamedPipeEgypt Standar$, goid=, j0 = 19531252.5.4.32.5.4.52.5.4.62.5.4.72.5.4.82.5.4.99765625AvestanBengaliBrailleCLOSINGCP00858CP01140CP01141CP01142CP01143CP01144CP01145CP01146CP01147CP01148CP01149ChanDirConvertCopySidCypriotDOS-720DOS-862DeseretElbasanElymaicEpsilonFreeSidGB18030G$, gp->atomicstatus=14901161193847656252006-01-02 15:04:0520060102150405Z07007450580596923828125Altai Standard TimeBahia Standard TimeCanadian_AboriginalChina Standard TimeCreateSymbolicLinkWCryptReleaseContextDisconnectNamedPipeEgypt Standard TimeGC work not f$invalid g statusinvalid spdelta iso_8859-10:1992iso_8859-11:2001length too largemSpanList.insertmSpanList.removemaccentraleuropemessage too longmissing stackmapnewmHandoff.lockno route to hostnon-Go functionobject is remotepacer: H_m_prev=public key errorrefl$runtime: g: g=runtime: addr = runtime: base = runtime: gp: gp=runtime: head = runtime: nelems=schedule: in cgostart cache logsystem version: time: bad [0-9]*workbuf is empty{"state": false} initialHeapLive= spinningthreads=%%!%c(big.Int=%s), p.searchAddr = $runtime: gp: gp=runtime: head = runtime: nelems=schedule: in cgostart cache logsystem version: time: bad [0-9]*workbuf is empty{"state": false} initialHeapLive= spinningthreads=%%!%c(big.Int=%s), p.searchAddr = 0123456789ABCDEFX0123456789abcdefx060102150405Z0$suspendG from non-preemptible goroutinetags don't match (%d vs %+v) %+v %s @%dtraceback: unexpected SPWRITE function trailing backslash at end of expressiontransport endpoint is already connected13877787807814456755295395851135253906256938893903907228377647697
    • API String ID: 0-2736672043
    • Opcode ID: 361005fc4cbf93d798f1a36b0a0a82375904f3aea35bf372aa6dda34a4792eae
    • Instruction ID: 1c6e669f7e3bbd6ceac4398633d67f37720490b435a947257ee44d80314d771f
    • Opcode Fuzzy Hash: 361005fc4cbf93d798f1a36b0a0a82375904f3aea35bf372aa6dda34a4792eae
    • Instruction Fuzzy Hash: BDC1A176209B80C6E710DB26F08175ABB65F78AB94F159167EF8D03B6ACB7CC841CB05
    Function 00442980 Relevance: 9.0, Strings: 7, Instructions: 255COMMON
    Download Yara Rule
    Strings
    • 0U, xrefs: 00442CE5
    • U, xrefs: 00442C95
    • 8U, xrefs: 00442D13, 00442D5F
    • self-preemptshort bufferspanSetSpinesweepWaiterstraceStringsunexpected )version infowindows-1250windows-1251windows-1252windows-1253windows-1254windows-1255windows-1256windows-1257windows-1258wirep: p->m=worker mode wtsapi32.dll != sweepgen (default %q) (defa, xrefs: 00442E2E
    • runtime.preemptM: duplicatehandle failed; errno=runtime: waitforsingleobject unexpected; result=runtime: waitforsingleobject wait_failed; errno=slice bounds out of range [:%x] with capacity %ystrconv: illegal AppendFloat/FormatFloat bitSizesyscall: string with, xrefs: 00442DF8
    • runtime.preemptM: duplicatehandle failedruntime: out of memory: cannot allocate runtime: typeBitsBulkBarrier with type ryuFtoaFixed32 called with negative prec34694469519536141888238489627838134765625Couldn't open pipe to Securebox server:%vInstall param - to, xrefs: 00442E1D
    • pU, xrefs: 00442B39
    Memory Dump Source
    • Source File: 00000000.00000002.1491953205.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
    • Associated: 00000000.00000002.1491897069.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492053005.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000568000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000059A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005B6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005D6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005F6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000602000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000610000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000622000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492852298.0000000000626000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492866092.0000000000629000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493520914.000000000062F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493536412.0000000000631000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000649000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000652000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000656000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000659000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000065C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494465228.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007BD000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007E7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007EE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000815000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000818000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494907083.000000000081D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1495023982.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_410000_SecuriteInfo.jbxd
    Similarity
    • API ID:
    • String ID: 0U$8U$pU$runtime.preemptM: duplicatehandle failed; errno=runtime: waitforsingleobject unexpected; result=runtime: waitforsingleobject wait_failed; errno=slice bounds out of range [:%x] with capacity %ystrconv: illegal AppendFloat/FormatFloat bitSizesyscall: string with$runtime.preemptM: duplicatehandle failedruntime: out of memory: cannot allocate runtime: typeBitsBulkBarrier with type ryuFtoaFixed32 called with negative prec34694469519536141888238489627838134765625Couldn't open pipe to Securebox server:%vInstall param - to$self-preemptshort bufferspanSetSpinesweepWaiterstraceStringsunexpected )version infowindows-1250windows-1251windows-1252windows-1253windows-1254windows-1255windows-1256windows-1257windows-1258wirep: p->m=worker mode wtsapi32.dll != sweepgen (default %q) (defa$U
    • API String ID: 0-387376886
    • Opcode ID: fd44c60ad5a10409ef945d0c1d58be7f109da3bb2d97d9105d65218d8c37c08d
    • Instruction ID: 75ccb6d9a68139270b2f71c58655a3771fc1881cedb152ab1c97c3665e0614cc
    • Opcode Fuzzy Hash: fd44c60ad5a10409ef945d0c1d58be7f109da3bb2d97d9105d65218d8c37c08d
    • Instruction Fuzzy Hash: 0FC18F36605F8081E711DF25E8813AAB3A5F789B98F548227EE9C83B95CF7CC091CB44
    Function 00426D20 Relevance: 7.9, Strings: 6, Instructions: 421COMMON
    Download Yara Rule
    Strings
    • pacer: sweep done at heap size pattern contains path separatorreflect.MakeSlice: negative capreflect.MakeSlice: negative lenreflect: Len of non-array type resetspinning: not a spinning mruntime: cannot allocate memoryruntime: failed to commit pagesruntime: spl, xrefs: 00426F91, 004271D4, 00427305
    • pages at runqsize= runqueue= s.base()= spinning= stopwait= sweepgen sweepgen= targetpc= throwing= until pc=%!Weekday(, bound = , limit = /dev/stdin12207031256103515625: parsing AdditionalBad varintBaltic RimCCSID00858CCSID01140CCSID01141CCSID01142CCSID01143, xrefs: 00426FF6, 00427236, 00427367
    • span has no free objectsstack trace unavailablestructure needs cleaningwmi: invalid entity type bytes failed with errno= to unused region of span with too many arguments %s has only %d characters2006-01-02T15:04:05Z07:002910383045673370361328125AUS Central St, xrefs: 00426E2A
    • MB during sweep; swept Marquesas Standard TimeMauritius Standard TimeNoncharacter_Code_PointQueryServiceLockStatusWQyzylorda Standard TimeSafeArrayCreateVectorExSetEnvironmentVariableWSetInformationJobObjectSetProcessPriorityBoostSingapore Standard TimeSri Lan, xrefs: 00426FDB, 0042721B, 0042734C
    • MB; allocated MakeAbsoluteSDModule32FirstWNetUserGetInfoOpenSCManagerWOther_ID_StartPattern_SyntaxPdhAddCounterWProcess32NextWQuotation_MarkRCodeNameErrorRegSetValueExWSbox EVENT: %sSetConsoleModeSetFilePointerSetThreadTokenSysAllocStringTranslateNameWVirtualP, xrefs: 00426FB3, 004271F3, 00427325
    • pages/byte preemptoff= s.elemsize= s.sweepgen= span.limit= span.state= sysmonwait= wbuf1=<nil> wbuf2=<nil>) p->status=-byte limit.probeStat.0152587890625762939453125AllocConsoleBidi_ControlCoCreateGuidCoInitializeCreateEventWCreateMutexWCurrentBuildEBCDIC-C, xrefs: 00427012, 00427252, 00427385
    Memory Dump Source
    • Source File: 00000000.00000002.1491953205.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
    • Associated: 00000000.00000002.1491897069.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492053005.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000568000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000059A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005B6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005D6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005F6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000602000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000610000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000622000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492852298.0000000000626000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492866092.0000000000629000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493520914.000000000062F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493536412.0000000000631000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000649000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000652000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000656000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000659000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000065C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494465228.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007BD000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007E7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007EE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000815000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000818000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494907083.000000000081D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1495023982.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_410000_SecuriteInfo.jbxd
    Similarity
    • API ID:
    • String ID: pages at runqsize= runqueue= s.base()= spinning= stopwait= sweepgen sweepgen= targetpc= throwing= until pc=%!Weekday(, bound = , limit = /dev/stdin12207031256103515625: parsing AdditionalBad varintBaltic RimCCSID00858CCSID01140CCSID01141CCSID01142CCSID01143$ pages/byte preemptoff= s.elemsize= s.sweepgen= span.limit= span.state= sysmonwait= wbuf1=<nil> wbuf2=<nil>) p->status=-byte limit.probeStat.0152587890625762939453125AllocConsoleBidi_ControlCoCreateGuidCoInitializeCreateEventWCreateMutexWCurrentBuildEBCDIC-C$MB during sweep; swept Marquesas Standard TimeMauritius Standard TimeNoncharacter_Code_PointQueryServiceLockStatusWQyzylorda Standard TimeSafeArrayCreateVectorExSetEnvironmentVariableWSetInformationJobObjectSetProcessPriorityBoostSingapore Standard TimeSri Lan$MB; allocated MakeAbsoluteSDModule32FirstWNetUserGetInfoOpenSCManagerWOther_ID_StartPattern_SyntaxPdhAddCounterWProcess32NextWQuotation_MarkRCodeNameErrorRegSetValueExWSbox EVENT: %sSetConsoleModeSetFilePointerSetThreadTokenSysAllocStringTranslateNameWVirtualP$pacer: sweep done at heap size pattern contains path separatorreflect.MakeSlice: negative capreflect.MakeSlice: negative lenreflect: Len of non-array type resetspinning: not a spinning mruntime: cannot allocate memoryruntime: failed to commit pagesruntime: spl$span has no free objectsstack trace unavailablestructure needs cleaningwmi: invalid entity type bytes failed with errno= to unused region of span with too many arguments %s has only %d characters2006-01-02T15:04:05Z07:002910383045673370361328125AUS Central St
    • API String ID: 0-3338490417
    • Opcode ID: 2eca3c5f347b995d5ee6f17aeac34ef5506ae43148f8f0076f8b7aef43363377
    • Instruction ID: f96bc7279a1e0e9ea3e5f0117d6b467e261506329e2491b455fe213d5d1b882d
    • Opcode Fuzzy Hash: 2eca3c5f347b995d5ee6f17aeac34ef5506ae43148f8f0076f8b7aef43363377
    • Instruction Fuzzy Hash: 4702E13230DB8086EB04DB16F49136EB765F789788F90516AEA8E07766DF3CC845CB54
    Function 004301C0 Relevance: 7.7, Strings: 6, Instructions: 209COMMON
    Download Yara Rule
    Strings
    • triggerRatio=unsupported: use of closedvalue method windows-10000windows-10006windows-10007windows-10029windows-10081windows-51932x-mac-turkishxadd64 failedxchg64 failed}sched={pc: but progSize nmidlelocked= on zero Value out of range procedure in to fina, xrefs: 004304C5
    • heapMarked= m->gsignal= minTrigger= nDataRoots= nSpanRoots= pages/byte preemptoff= s.elemsize= s.sweepgen= span.limit= span.state= sysmonwait= wbuf1=<nil> wbuf2=<nil>) p->status=-byte limit.probeStat.0152587890625762939453125AllocConsoleBidi_ControlCoCreate, xrefs: 00430468
    • initialHeapLive= spinningthreads=%%!%c(big.Int=%s), p.searchAddr = 0123456789ABCDEFX0123456789abcdefx060102150405Z07001192092895507812559604644775390625: missing method AdjustTokenGroupsCreateStdDispatchDnsRecordListFreeFLE Standard TimeGC assist markingGMT S, xrefs: 004304A5
    • gcController.heapLive= into Go value of type %s connection error:%v ) must be a power of 223283064365386962890625<invalid reflect.Value>Adobe-Standard-EncodingArgentina Standard TimeAstrakhan Standard TimeCertGetCertificateChainDeleteVolumeMountPointWDestroy, xrefs: 00430485
    • trigger underflowunknown caller pcunknown func typeunknown type kindwait for GC cyclewrong medium typewrong moduel type but memory size because dotdotdot in async preempt to non-Go memory , locked to thread298023223876953125: day out of rangeArab Standard T, xrefs: 0043050F
    • runtime: heapGoal=runtime: npages = runtime: range = {segmentation faultsequence truncatedstreams pipe errorsystem page size (tracebackancestorstruncated sequenceuse of closed filevalue out of range called using nil *, g->atomicstatus=, gp->atomicstatus=14901, xrefs: 0043044D
    Memory Dump Source
    • Source File: 00000000.00000002.1491953205.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
    • Associated: 00000000.00000002.1491897069.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492053005.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000568000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000059A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005B6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005D6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005F6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000602000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000610000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000622000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492852298.0000000000626000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492866092.0000000000629000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493520914.000000000062F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493536412.0000000000631000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000649000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000652000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000656000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000659000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000065C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494465228.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007BD000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007E7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007EE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000815000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000818000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494907083.000000000081D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1495023982.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_410000_SecuriteInfo.jbxd
    Similarity
    • API ID:
    • String ID: gcController.heapLive= into Go value of type %s connection error:%v ) must be a power of 223283064365386962890625<invalid reflect.Value>Adobe-Standard-EncodingArgentina Standard TimeAstrakhan Standard TimeCertGetCertificateChainDeleteVolumeMountPointWDestroy$ heapMarked= m->gsignal= minTrigger= nDataRoots= nSpanRoots= pages/byte preemptoff= s.elemsize= s.sweepgen= span.limit= span.state= sysmonwait= wbuf1=<nil> wbuf2=<nil>) p->status=-byte limit.probeStat.0152587890625762939453125AllocConsoleBidi_ControlCoCreate$ initialHeapLive= spinningthreads=%%!%c(big.Int=%s), p.searchAddr = 0123456789ABCDEFX0123456789abcdefx060102150405Z07001192092895507812559604644775390625: missing method AdjustTokenGroupsCreateStdDispatchDnsRecordListFreeFLE Standard TimeGC assist markingGMT S$runtime: heapGoal=runtime: npages = runtime: range = {segmentation faultsequence truncatedstreams pipe errorsystem page size (tracebackancestorstruncated sequenceuse of closed filevalue out of range called using nil *, g->atomicstatus=, gp->atomicstatus=14901$trigger underflowunknown caller pcunknown func typeunknown type kindwait for GC cyclewrong medium typewrong moduel type but memory size because dotdotdot in async preempt to non-Go memory , locked to thread298023223876953125: day out of rangeArab Standard T$triggerRatio=unsupported: use of closedvalue method windows-10000windows-10006windows-10007windows-10029windows-10081windows-51932x-mac-turkishxadd64 failedxchg64 failed}sched={pc: but progSize nmidlelocked= on zero Value out of range procedure in to fina
    • API String ID: 0-3226299762
    • Opcode ID: 940f168b9cd23e43d25329f0bd0e68cf7778581316604ded8e3f48db2124dcdb
    • Instruction ID: f234a6771e296342ba53c2cbd49168ef305b403b5309113b3815fa2351bb1182
    • Opcode Fuzzy Hash: 940f168b9cd23e43d25329f0bd0e68cf7778581316604ded8e3f48db2124dcdb
    • Instruction Fuzzy Hash: 9E910232619F8486EA11DB36E46131AA326FB8DBC0F14A367EA5E17B66DF3CD441C704
    Function 00432D20 Relevance: 7.7, Strings: 6, Instructions: 206COMMON
    Download Yara Rule
    Strings
    • pacer: sweep done at heap size pattern contains path separatorreflect.MakeSlice: negative capreflect.MakeSlice: negative lenreflect: Len of non-array type resetspinning: not a spinning mruntime: cannot allocate memoryruntime: failed to commit pagesruntime: spl, xrefs: 00432E65, 00432F94
    • pages at runqsize= runqueue= s.base()= spinning= stopwait= sweepgen sweepgen= targetpc= throwing= until pc=%!Weekday(, bound = , limit = /dev/stdin12207031256103515625: parsing AdditionalBad varintBaltic RimCCSID00858CCSID01140CCSID01141CCSID01142CCSID01143, xrefs: 00432EC7, 00432FF6
    • MB during sweep; swept Marquesas Standard TimeMauritius Standard TimeNoncharacter_Code_PointQueryServiceLockStatusWQyzylorda Standard TimeSafeArrayCreateVectorExSetEnvironmentVariableWSetInformationJobObjectSetProcessPriorityBoostSingapore Standard TimeSri Lan, xrefs: 00432EAC, 00432FDB
    • MB; allocated MakeAbsoluteSDModule32FirstWNetUserGetInfoOpenSCManagerWOther_ID_StartPattern_SyntaxPdhAddCounterWProcess32NextWQuotation_MarkRCodeNameErrorRegSetValueExWSbox EVENT: %sSetConsoleModeSetFilePointerSetThreadTokenSysAllocStringTranslateNameWVirtualP, xrefs: 00432E85, 00432FB3
    • mspan.ensureSwept: m is not lockedout of memory allocating allArenasreflect: ChanDir of non-chan type reflect: Field index out of boundsreflect: Field of non-struct type reflect: string index out of rangeruntime.SetFinalizer: cannot pass runtime: g is running , xrefs: 0043307A
    • pages/byte preemptoff= s.elemsize= s.sweepgen= span.limit= span.state= sysmonwait= wbuf1=<nil> wbuf2=<nil>) p->status=-byte limit.probeStat.0152587890625762939453125AllocConsoleBidi_ControlCoCreateGuidCoInitializeCreateEventWCreateMutexWCurrentBuildEBCDIC-C, xrefs: 00432EE5, 00433012
    Memory Dump Source
    • Source File: 00000000.00000002.1491953205.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
    • Associated: 00000000.00000002.1491897069.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492053005.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000568000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000059A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005B6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005D6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005F6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000602000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000610000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000622000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492852298.0000000000626000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492866092.0000000000629000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493520914.000000000062F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493536412.0000000000631000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000649000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000652000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000656000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000659000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000065C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494465228.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007BD000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007E7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007EE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000815000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000818000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494907083.000000000081D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1495023982.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_410000_SecuriteInfo.jbxd
    Similarity
    • API ID:
    • String ID: pages at runqsize= runqueue= s.base()= spinning= stopwait= sweepgen sweepgen= targetpc= throwing= until pc=%!Weekday(, bound = , limit = /dev/stdin12207031256103515625: parsing AdditionalBad varintBaltic RimCCSID00858CCSID01140CCSID01141CCSID01142CCSID01143$ pages/byte preemptoff= s.elemsize= s.sweepgen= span.limit= span.state= sysmonwait= wbuf1=<nil> wbuf2=<nil>) p->status=-byte limit.probeStat.0152587890625762939453125AllocConsoleBidi_ControlCoCreateGuidCoInitializeCreateEventWCreateMutexWCurrentBuildEBCDIC-C$MB during sweep; swept Marquesas Standard TimeMauritius Standard TimeNoncharacter_Code_PointQueryServiceLockStatusWQyzylorda Standard TimeSafeArrayCreateVectorExSetEnvironmentVariableWSetInformationJobObjectSetProcessPriorityBoostSingapore Standard TimeSri Lan$MB; allocated MakeAbsoluteSDModule32FirstWNetUserGetInfoOpenSCManagerWOther_ID_StartPattern_SyntaxPdhAddCounterWProcess32NextWQuotation_MarkRCodeNameErrorRegSetValueExWSbox EVENT: %sSetConsoleModeSetFilePointerSetThreadTokenSysAllocStringTranslateNameWVirtualP$mspan.ensureSwept: m is not lockedout of memory allocating allArenasreflect: ChanDir of non-chan type reflect: Field index out of boundsreflect: Field of non-struct type reflect: string index out of rangeruntime.SetFinalizer: cannot pass runtime: g is running $pacer: sweep done at heap size pattern contains path separatorreflect.MakeSlice: negative capreflect.MakeSlice: negative lenreflect: Len of non-array type resetspinning: not a spinning mruntime: cannot allocate memoryruntime: failed to commit pagesruntime: spl
    • API String ID: 0-47897767
    • Opcode ID: 33a2093fbe6d3878d3cf7c6fd7d5d039f674e0d15d463f8b17d2ccb6d969e348
    • Instruction ID: 74545e4468019d27617e7d67629017fb2c07e27d0b6542c528025bf3fb990dbd
    • Opcode Fuzzy Hash: 33a2093fbe6d3878d3cf7c6fd7d5d039f674e0d15d463f8b17d2ccb6d969e348
    • Instruction Fuzzy Hash: 7991FE3221DB80CAEB04DF25F49132A7365F789748F50656AEA8D07B66DF7CC842CB54
    Function 0055D5D0 Relevance: 7.6, APIs: 5, Instructions: 56timethreadCOMMON
    Download Yara Rule
    APIs
    • GetSystemTimeAsFileTime.KERNEL32 ref: 0055D615
    • GetCurrentProcessId.KERNEL32 ref: 0055D620
    • GetCurrentThreadId.KERNEL32 ref: 0055D629
    • GetTickCount.KERNEL32 ref: 0055D631
    • QueryPerformanceCounter.KERNEL32 ref: 0055D63E
    Memory Dump Source
    • Source File: 00000000.00000002.1491953205.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
    • Associated: 00000000.00000002.1491897069.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492053005.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000568000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000059A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005B6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005D6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005F6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000602000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000610000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000622000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492852298.0000000000626000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492866092.0000000000629000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493520914.000000000062F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493536412.0000000000631000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000649000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000652000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000656000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000659000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000065C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494465228.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007BD000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007E7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007EE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000815000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000818000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494907083.000000000081D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1495023982.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_410000_SecuriteInfo.jbxd
    Similarity
    • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
    • String ID:
    • API String ID: 1445889803-0
    • Opcode ID: cfe96e8fbb0aeaac8d248d7b8348d7152b2d17fb7ea3fcbafd2885d3f3f18ed0
    • Instruction ID: 5dccd44ef2bfc716dc5bf8c64ee11742ae7c6c0e62a078e1689b90e70c7d9d0d
    • Opcode Fuzzy Hash: cfe96e8fbb0aeaac8d248d7b8348d7152b2d17fb7ea3fcbafd2885d3f3f18ed0
    • Instruction Fuzzy Hash: 41118C37625B1085FB204B25FC04356A3A4BB487A6F089B359E9D877A4EA3CC496C300
    Function 0041CCDC Relevance: 6.8, Strings: 5, Instructions: 501COMMON
    Download Yara Rule
    Strings
    • malloc during signalnotetsleep not on g0number has no digitsout is not a pointerp mcache not flushedpacer: assist ratio=preempt off reason: reflect.Value.SetIntreflect.makeFuncStubreturn code info: %vruntime: double waitruntime: unknown pc selectgo: bad wakeup, xrefs: 0041D54A
    • !"#$%%&&''((()))*++,,,,,------....//////0001123333333333444444444455666677777888888888889999999999::::::;;;;;;;;;;;;;;;;<<<<<<<<<<<<<<<<=====>>>>>>>>>>>??????????@@@@@@@@@@@@@@@@@@@@@@AAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC, xrefs: 0041D075
    • mallocgc called without a P or outside bootstrappingruntime.SetFinalizer: pointer not in allocated blockruntime: GetQueuedCompletionStatusEx failed (errno= runtime: use of FixAlloc_Alloc before FixAlloc_Initspan set block with unpopped elements found in reset, xrefs: 0041D539
    • mallocgc called with gcphase == _GCmarkterminationrecursive call during initialization - linker skewruntime: unable to acquire - semaphore out of syncx509: RSA public exponent is not a positive numberx509: missing ASN.1 contents; use ParseCertificateGC must be, xrefs: 0041D56C
    • malloc deadlockmisaligned maskmissing addressmissing mcache?ms: gomaxprocs=network is downno medium foundno such processnon-minimal tagpreempt SPWRITErecovery failedrecv 'Stop' cmdruntime error: runtime: frame runtime: max = runtime: min = runtimer: bad pscan , xrefs: 0041D55B
    Memory Dump Source
    • Source File: 00000000.00000002.1491953205.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
    • Associated: 00000000.00000002.1491897069.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492053005.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000568000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000059A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005B6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005D6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005F6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000602000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000610000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000622000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492852298.0000000000626000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492866092.0000000000629000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493520914.000000000062F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493536412.0000000000631000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000649000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000652000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000656000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000659000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000065C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494465228.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007BD000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007E7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007EE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000815000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000818000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494907083.000000000081D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1495023982.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_410000_SecuriteInfo.jbxd
    Similarity
    • API ID:
    • String ID: !"#$%%&&''((()))*++,,,,,------....//////0001123333333333444444444455666677777888888888889999999999::::::;;;;;;;;;;;;;;;;<<<<<<<<<<<<<<<<=====>>>>>>>>>>>??????????@@@@@@@@@@@@@@@@@@@@@@AAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC$malloc deadlockmisaligned maskmissing addressmissing mcache?ms: gomaxprocs=network is downno medium foundno such processnon-minimal tagpreempt SPWRITErecovery failedrecv 'Stop' cmdruntime error: runtime: frame runtime: max = runtime: min = runtimer: bad pscan $malloc during signalnotetsleep not on g0number has no digitsout is not a pointerp mcache not flushedpacer: assist ratio=preempt off reason: reflect.Value.SetIntreflect.makeFuncStubreturn code info: %vruntime: double waitruntime: unknown pc selectgo: bad wakeup$mallocgc called with gcphase == _GCmarkterminationrecursive call during initialization - linker skewruntime: unable to acquire - semaphore out of syncx509: RSA public exponent is not a positive numberx509: missing ASN.1 contents; use ParseCertificateGC must be$mallocgc called without a P or outside bootstrappingruntime.SetFinalizer: pointer not in allocated blockruntime: GetQueuedCompletionStatusEx failed (errno= runtime: use of FixAlloc_Alloc before FixAlloc_Initspan set block with unpopped elements found in reset
    • API String ID: 0-3608212599
    • Opcode ID: bfb2c001423474afee10f2575b9d75373331c4dbb34f2d6bd606ba0550ebfc05
    • Instruction ID: 2542ab00ca0cc97a7e9c1d2f97cd368a26d145a8b06b9920711fdbcc81fc0cf6
    • Opcode Fuzzy Hash: bfb2c001423474afee10f2575b9d75373331c4dbb34f2d6bd606ba0550ebfc05
    • Instruction Fuzzy Hash: 0B22AFB2608B84C2DB24CB16E8843DAA766F785BD4F548127EE9D43799CF7CC485CB09
    Function 004293C0 Relevance: 6.6, Strings: 5, Instructions: 397COMMON
    Download Yara Rule
    Strings
    • DDD, xrefs: 00429849
    • p mcache not flushedpacer: assist ratio=preempt off reason: reflect.Value.SetIntreflect.makeFuncStubreturn code info: %vruntime: double waitruntime: unknown pc selectgo: bad wakeupsemaRoot rotateRighttime: invalid numbertrace: out of memorywirep: already in go, xrefs: 00429A38
    • flushGen for type gfreecnt= pages at runqsize= runqueue= s.base()= spinning= stopwait= sweepgen sweepgen= targetpc= throwing= until pc=%!Weekday(, bound = , limit = /dev/stdin12207031256103515625: parsing AdditionalBad varintBaltic RimCCSID00858CCSID01140, xrefs: 004299F6
    • runtime: p scheddetailsecur32.dllshell32.dllshort writetis620.2533tracealloc(unreachableuserenv.dllwindows-31jwindows-720windows-857windows-858windows-861windows-862windows-869windows-874windows-932windows-949x-mac-greek KiB total, [recovered] allocCount fou, xrefs: 004299DB
    • != sweepgen (default %q) (default %v) MB) workers= called from flushedWork idlethreads= is nil, not nStackRoots= out of range s.spanclass= span.base()= syscalltick= work.nproc= work.nwait= , gp->status=, not pointer-byte block (3814697265625AttachConsole, xrefs: 00429A12
    Memory Dump Source
    • Source File: 00000000.00000002.1491953205.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
    • Associated: 00000000.00000002.1491897069.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492053005.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000568000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000059A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005B6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005D6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005F6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000602000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000610000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000622000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492852298.0000000000626000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492866092.0000000000629000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493520914.000000000062F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493536412.0000000000631000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000649000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000652000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000656000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000659000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000065C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494465228.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007BD000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007E7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007EE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000815000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000818000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494907083.000000000081D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1495023982.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_410000_SecuriteInfo.jbxd
    Similarity
    • API ID:
    • String ID: != sweepgen (default %q) (default %v) MB) workers= called from flushedWork idlethreads= is nil, not nStackRoots= out of range s.spanclass= span.base()= syscalltick= work.nproc= work.nwait= , gp->status=, not pointer-byte block (3814697265625AttachConsole$ flushGen for type gfreecnt= pages at runqsize= runqueue= s.base()= spinning= stopwait= sweepgen sweepgen= targetpc= throwing= until pc=%!Weekday(, bound = , limit = /dev/stdin12207031256103515625: parsing AdditionalBad varintBaltic RimCCSID00858CCSID01140$DDD$p mcache not flushedpacer: assist ratio=preempt off reason: reflect.Value.SetIntreflect.makeFuncStubreturn code info: %vruntime: double waitruntime: unknown pc selectgo: bad wakeupsemaRoot rotateRighttime: invalid numbertrace: out of memorywirep: already in go$runtime: p scheddetailsecur32.dllshell32.dllshort writetis620.2533tracealloc(unreachableuserenv.dllwindows-31jwindows-720windows-857windows-858windows-861windows-862windows-869windows-874windows-932windows-949x-mac-greek KiB total, [recovered] allocCount fou
    • API String ID: 0-3985809305
    • Opcode ID: 89616eaa9f73a49879628a9f593d1f6b20111e4c1a55cae41729b7b53fe5f0f7
    • Instruction ID: db003d9dee03415f5dbf8d047024be341acdf0fa68ab4fc9c269cace4fac79ee
    • Opcode Fuzzy Hash: 89616eaa9f73a49879628a9f593d1f6b20111e4c1a55cae41729b7b53fe5f0f7
    • Instruction Fuzzy Hash: 8F02B472709B50CAEB10DB21F48039A77A5FB45794F94812BDA9D43BA5DF3CC886CB04
    Function 00435800 Relevance: 6.5, Strings: 5, Instructions: 291COMMON
    Download Yara Rule
    Strings
    • pacer: sweep done at heap size pattern contains path separatorreflect.MakeSlice: negative capreflect.MakeSlice: negative lenreflect: Len of non-array type resetspinning: not a spinning mruntime: cannot allocate memoryruntime: failed to commit pagesruntime: spl, xrefs: 004359CD
    • pages at runqsize= runqueue= s.base()= spinning= stopwait= sweepgen sweepgen= targetpc= throwing= until pc=%!Weekday(, bound = , limit = /dev/stdin12207031256103515625: parsing AdditionalBad varintBaltic RimCCSID00858CCSID01140CCSID01141CCSID01142CCSID01143, xrefs: 00435A2F
    • MB during sweep; swept Marquesas Standard TimeMauritius Standard TimeNoncharacter_Code_PointQueryServiceLockStatusWQyzylorda Standard TimeSafeArrayCreateVectorExSetEnvironmentVariableWSetInformationJobObjectSetProcessPriorityBoostSingapore Standard TimeSri Lan, xrefs: 00435A13
    • MB; allocated MakeAbsoluteSDModule32FirstWNetUserGetInfoOpenSCManagerWOther_ID_StartPattern_SyntaxPdhAddCounterWProcess32NextWQuotation_MarkRCodeNameErrorRegSetValueExWSbox EVENT: %sSetConsoleModeSetFilePointerSetThreadTokenSysAllocStringTranslateNameWVirtualP, xrefs: 004359EC
    • pages/byte preemptoff= s.elemsize= s.sweepgen= span.limit= span.state= sysmonwait= wbuf1=<nil> wbuf2=<nil>) p->status=-byte limit.probeStat.0152587890625762939453125AllocConsoleBidi_ControlCoCreateGuidCoInitializeCreateEventWCreateMutexWCurrentBuildEBCDIC-C, xrefs: 00435A50
    Memory Dump Source
    • Source File: 00000000.00000002.1491953205.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
    • Associated: 00000000.00000002.1491897069.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492053005.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000568000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000059A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005B6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005D6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005F6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000602000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000610000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000622000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492852298.0000000000626000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492866092.0000000000629000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493520914.000000000062F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493536412.0000000000631000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000649000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000652000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000656000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000659000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000065C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494465228.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007BD000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007E7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007EE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000815000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000818000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494907083.000000000081D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1495023982.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_410000_SecuriteInfo.jbxd
    Similarity
    • API ID:
    • String ID: pages at runqsize= runqueue= s.base()= spinning= stopwait= sweepgen sweepgen= targetpc= throwing= until pc=%!Weekday(, bound = , limit = /dev/stdin12207031256103515625: parsing AdditionalBad varintBaltic RimCCSID00858CCSID01140CCSID01141CCSID01142CCSID01143$ pages/byte preemptoff= s.elemsize= s.sweepgen= span.limit= span.state= sysmonwait= wbuf1=<nil> wbuf2=<nil>) p->status=-byte limit.probeStat.0152587890625762939453125AllocConsoleBidi_ControlCoCreateGuidCoInitializeCreateEventWCreateMutexWCurrentBuildEBCDIC-C$MB during sweep; swept Marquesas Standard TimeMauritius Standard TimeNoncharacter_Code_PointQueryServiceLockStatusWQyzylorda Standard TimeSafeArrayCreateVectorExSetEnvironmentVariableWSetInformationJobObjectSetProcessPriorityBoostSingapore Standard TimeSri Lan$MB; allocated MakeAbsoluteSDModule32FirstWNetUserGetInfoOpenSCManagerWOther_ID_StartPattern_SyntaxPdhAddCounterWProcess32NextWQuotation_MarkRCodeNameErrorRegSetValueExWSbox EVENT: %sSetConsoleModeSetFilePointerSetThreadTokenSysAllocStringTranslateNameWVirtualP$pacer: sweep done at heap size pattern contains path separatorreflect.MakeSlice: negative capreflect.MakeSlice: negative lenreflect: Len of non-array type resetspinning: not a spinning mruntime: cannot allocate memoryruntime: failed to commit pagesruntime: spl
    • API String ID: 0-2181694682
    • Opcode ID: 155ccad82432297ada4273dcc5abbd2cadaf4a5e8ad6f5225f2864f08a14f738
    • Instruction ID: 003cffb375d8a941611e4988648914eac84984f6b9faa14840d4e5d49c0cc7ff
    • Opcode Fuzzy Hash: 155ccad82432297ada4273dcc5abbd2cadaf4a5e8ad6f5225f2864f08a14f738
    • Instruction Fuzzy Hash: 3DC16832219BC486E720DB16F48039EB765F789B84F54651AEE8E07B6ACF3CC545CB44
    Function 00455EE0 Relevance: 6.1, Strings: 4, Instructions: 1136COMMON
    Download Yara Rule
    Strings
    • selectgo: bad wakeupsemaRoot rotateRighttime: invalid numbertrace: out of memorywirep: already in goworkbuf is not emptywrite of Go pointer ws2_32.dll not found of unexported method previous allocCount=%s flag redefined: %s, levelBits[level] = 1862645149230957, xrefs: 00456C46
    • gp.waiting != nilibm-273_P100-1995ibm-277_P100-1995ibm-278_P100-1995ibm-280_P100-1995ibm-284_P100-1995ibm-285_P100-1995ibm-290_P100-1995ibm-297_P100-1995ibm-420_X120-1999ibm-720_P100-1997ibm-803_P100-1999ibm-838_P100-1995ibm-851_P100-1995ibm-857_P100-1995ibm-8, xrefs: 00456C6A
    • ^E, xrefs: 00456655
    • "i, xrefs: 00456C3A
    Memory Dump Source
    • Source File: 00000000.00000002.1491953205.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
    • Associated: 00000000.00000002.1491897069.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492053005.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000568000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000059A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005B6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005D6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005F6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000602000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000610000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000622000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492852298.0000000000626000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492866092.0000000000629000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493520914.000000000062F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493536412.0000000000631000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000649000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000652000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000656000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000659000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000065C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494465228.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007BD000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007E7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007EE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000815000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000818000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494907083.000000000081D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1495023982.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_410000_SecuriteInfo.jbxd
    Similarity
    • API ID:
    • String ID: ^E$"i$gp.waiting != nilibm-273_P100-1995ibm-277_P100-1995ibm-278_P100-1995ibm-280_P100-1995ibm-284_P100-1995ibm-285_P100-1995ibm-290_P100-1995ibm-297_P100-1995ibm-420_X120-1999ibm-720_P100-1997ibm-803_P100-1999ibm-838_P100-1995ibm-851_P100-1995ibm-857_P100-1995ibm-8$selectgo: bad wakeupsemaRoot rotateRighttime: invalid numbertrace: out of memorywirep: already in goworkbuf is not emptywrite of Go pointer ws2_32.dll not found of unexported method previous allocCount=%s flag redefined: %s, levelBits[level] = 1862645149230957
    • API String ID: 0-737367118
    • Opcode ID: d1176da1860e4261320e56935a398df97abe647eb9d0b9e76a5d6fcfd52ce01e
    • Instruction ID: 6c5dc5a25bad8811aaf8e0aec7ece9eb6ce45df480beb9dee13aeb8bcdb5f1bf
    • Opcode Fuzzy Hash: d1176da1860e4261320e56935a398df97abe647eb9d0b9e76a5d6fcfd52ce01e
    • Instruction Fuzzy Hash: E9B28B72208BC0C2C7209F12E4043AAB7A5F789BD9F96951ADE8D0775ACF7CC589D709
    Function 0044CFA0 Relevance: 5.5, Strings: 4, Instructions: 531COMMON
    Download Yara Rule
    Strings
    • findrunnable: negative nmspinningfreeing stack not in a stack spanfunction running timeout(%ds), %pheapBitsSetType: unexpected shiftindefinite length found (not DER)invalid value %q for flag -%s: %vmin must be a non-zero power of 2misrounded allocation in sysA, xrefs: 0044D885
    • findrunnable: netpoll with spinningfunction havn been stopped(%ds), %pgreyobject: obj not pointer-alignedmheap.freeSpanLocked - invalid freenetwork dropped connection on resetno such multicast network interfaceos/signal: Notify using nil channelpersistentalloc, xrefs: 0044D861
    • findrunnable: wrong pflag %q begins with -get ProductName fail:get system bit fail: in string escape codeinvalid named capturelink has been severednegative shift amountpackage not installedpanic on system stackpreempt at unknown pcread-only file systemreflect., xrefs: 0044D896
    • findrunnable: netpoll with pfound pointer to free objectgcBgMarkWorker: mode not setgcstopm: negative nmspinninginvalid P-521 field encodinginvalid runtime symbol tablejson: Unmarshal(non-pointer mheap.freeSpanLocked - span missing stack in shrinkstackmspan.sw, xrefs: 0044D872
    Memory Dump Source
    • Source File: 00000000.00000002.1491953205.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
    • Associated: 00000000.00000002.1491897069.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492053005.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000568000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000059A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005B6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005D6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005F6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000602000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000610000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000622000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492852298.0000000000626000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492866092.0000000000629000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493520914.000000000062F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493536412.0000000000631000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000649000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000652000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000656000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000659000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000065C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494465228.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007BD000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007E7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007EE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000815000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000818000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494907083.000000000081D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1495023982.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_410000_SecuriteInfo.jbxd
    Similarity
    • API ID:
    • String ID: findrunnable: negative nmspinningfreeing stack not in a stack spanfunction running timeout(%ds), %pheapBitsSetType: unexpected shiftindefinite length found (not DER)invalid value %q for flag -%s: %vmin must be a non-zero power of 2misrounded allocation in sysA$findrunnable: netpoll with pfound pointer to free objectgcBgMarkWorker: mode not setgcstopm: negative nmspinninginvalid P-521 field encodinginvalid runtime symbol tablejson: Unmarshal(non-pointer mheap.freeSpanLocked - span missing stack in shrinkstackmspan.sw$findrunnable: netpoll with spinningfunction havn been stopped(%ds), %pgreyobject: obj not pointer-alignedmheap.freeSpanLocked - invalid freenetwork dropped connection on resetno such multicast network interfaceos/signal: Notify using nil channelpersistentalloc$findrunnable: wrong pflag %q begins with -get ProductName fail:get system bit fail: in string escape codeinvalid named capturelink has been severednegative shift amountpackage not installedpanic on system stackpreempt at unknown pcread-only file systemreflect.
    • API String ID: 0-2898237755
    • Opcode ID: 57b9acf200ecdeb46c64707f39bcd4e6e5cdea2198d5d38a9f4a6faff24134e0
    • Instruction ID: f6f8fcf5b083132bfcb2eedcbe3ce824544d6d6926dfec59c2f7b82ed06b5c65
    • Opcode Fuzzy Hash: 57b9acf200ecdeb46c64707f39bcd4e6e5cdea2198d5d38a9f4a6faff24134e0
    • Instruction Fuzzy Hash: EC327136A09B8085FB60DF66E84039AB365FB85B84F48812BDE8D57759CF7CC485C748
    Function 00415900 Relevance: 5.4, Strings: 4, Instructions: 377COMMON
    Download Yara Rule
    Strings
    • G waiting list is corruptedGetSecurityDescriptorLengthGetUserPreferredUILanguagesPdhGetFormattedCounterValueStartServiceCtrlDispatcherW"2006-01-02T15:04:05Z07:00"address not a stack addressafter object key:value pairchannel number out of rangecommunication err, xrefs: 00415EE6
    • chansend: spurious wakeupcheckdead: no m for timerexplicit tag has no childinconsistent poll.fdMutexinvalid cross-device linkinvalid network interfacejson: Unexpected key typejson: unsupported value: missing stack in newstackmissing traceGCSweepStartno buffer , xrefs: 00415EC2
    • unreachableuserenv.dllwindows-31jwindows-720windows-857windows-858windows-861windows-862windows-869windows-874windows-932windows-949x-mac-greek KiB total, [recovered] allocCount found at *( gcscandone heapMarked= m->gsignal= minTrigger= nDataRoots= nSpanRoo, xrefs: 00415A05
    • "i, xrefs: 00415EDA, 00415F0C
    Memory Dump Source
    • Source File: 00000000.00000002.1491953205.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
    • Associated: 00000000.00000002.1491897069.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492053005.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000568000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000059A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005B6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005D6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005F6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000602000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000610000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000622000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492852298.0000000000626000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492866092.0000000000629000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493520914.000000000062F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493536412.0000000000631000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000649000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000652000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000656000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000659000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000065C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494465228.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007BD000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007E7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007EE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000815000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000818000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494907083.000000000081D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1495023982.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_410000_SecuriteInfo.jbxd
    Similarity
    • API ID:
    • String ID: "i$G waiting list is corruptedGetSecurityDescriptorLengthGetUserPreferredUILanguagesPdhGetFormattedCounterValueStartServiceCtrlDispatcherW"2006-01-02T15:04:05Z07:00"address not a stack addressafter object key:value pairchannel number out of rangecommunication err$chansend: spurious wakeupcheckdead: no m for timerexplicit tag has no childinconsistent poll.fdMutexinvalid cross-device linkinvalid network interfacejson: Unexpected key typejson: unsupported value: missing stack in newstackmissing traceGCSweepStartno buffer $unreachableuserenv.dllwindows-31jwindows-720windows-857windows-858windows-861windows-862windows-869windows-874windows-932windows-949x-mac-greek KiB total, [recovered] allocCount found at *( gcscandone heapMarked= m->gsignal= minTrigger= nDataRoots= nSpanRoo
    • API String ID: 0-1921954148
    • Opcode ID: f4b8d54aec50dfe7d17e57dc4798abebf5c2d647c205bb71669649b1413e1c8e
    • Instruction ID: 5bf16f7c8d4dfbdba811fb319052d06e0e35d4c888567f6d1389d22c1e89a036
    • Opcode Fuzzy Hash: f4b8d54aec50dfe7d17e57dc4798abebf5c2d647c205bb71669649b1413e1c8e
    • Instruction Fuzzy Hash: C2F18C72204F80C6DB109B26E4443DAB7A1F789BE8F94962BDA9C47799CF3CC485C749
    Function 0044A080 Relevance: 5.2, Strings: 4, Instructions: 247COMMON
    Download Yara Rule
    Strings
    • runtime: casgstatus: oldval=runtime: no module data for save on system g not allowedservice receive exit signal:unexpected end of JSON inputunreserving unaligned regionx509: invalid DSA parametersx509: invalid DSA public keyx509: invalid RSA public key cannot , xrefs: 0044A42D
    • newval= nfreed= packed= pointer stack=[ status %!Month(.probe.02.5.4.102.5.4.112.5.4.1748828125API HOOKASMO-708AcceptExArmenianBalineseBopomofoBugineseCancelIoCherokeeClassANYCyrillicDecemberDuployanECMA-114ECMA-118ELOT_928EqualSidEthiopicExtenderFebruaryFull, xrefs: 0044A448
    • casgstatus: waiting for Gwaiting but is Grunnablefully empty unfreed span set block found in resetinvalid memory address or nil pointer dereferenceinvalid or incomplete multibyte or wide characternot enough significant bits after mult128bitPow10panicwrap: unex, xrefs: 0044A3D7
    • casgstatus: bad incoming valuescheckmark found unmarked objectcrypto/rsa: invalid prime valueentersyscallblock inconsistent fmt: unknown base; can't happenin literal null (expecting 'l')in literal null (expecting 'u')in literal true (expecting 'e')in literal t, xrefs: 0044A46F
    Memory Dump Source
    • Source File: 00000000.00000002.1491953205.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
    • Associated: 00000000.00000002.1491897069.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492053005.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000568000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000059A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005B6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005D6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005F6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000602000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000610000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000622000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492852298.0000000000626000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492866092.0000000000629000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493520914.000000000062F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493536412.0000000000631000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000649000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000652000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000656000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000659000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000065C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494465228.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007BD000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007E7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007EE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000815000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000818000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494907083.000000000081D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1495023982.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_410000_SecuriteInfo.jbxd
    Similarity
    • API ID:
    • String ID: newval= nfreed= packed= pointer stack=[ status %!Month(.probe.02.5.4.102.5.4.112.5.4.1748828125API HOOKASMO-708AcceptExArmenianBalineseBopomofoBugineseCancelIoCherokeeClassANYCyrillicDecemberDuployanECMA-114ECMA-118ELOT_928EqualSidEthiopicExtenderFebruaryFull$casgstatus: bad incoming valuescheckmark found unmarked objectcrypto/rsa: invalid prime valueentersyscallblock inconsistent fmt: unknown base; can't happenin literal null (expecting 'l')in literal null (expecting 'u')in literal true (expecting 'e')in literal t$casgstatus: waiting for Gwaiting but is Grunnablefully empty unfreed span set block found in resetinvalid memory address or nil pointer dereferenceinvalid or incomplete multibyte or wide characternot enough significant bits after mult128bitPow10panicwrap: unex$runtime: casgstatus: oldval=runtime: no module data for save on system g not allowedservice receive exit signal:unexpected end of JSON inputunreserving unaligned regionx509: invalid DSA parametersx509: invalid DSA public keyx509: invalid RSA public key cannot
    • API String ID: 0-2186481042
    • Opcode ID: a7a58598a5a307070b847707ee25e9cb43cb60030d0d7c712341af5177184ac9
    • Instruction ID: 686c271a2e5e9d0d75f31b7e9aaa492a08dc7d8c1c21a8a4d96cae8dcfcbe34a
    • Opcode Fuzzy Hash: a7a58598a5a307070b847707ee25e9cb43cb60030d0d7c712341af5177184ac9
    • Instruction Fuzzy Hash: ADA1BD36649B84C6EB00CF22E08039AB765F34AB94F448627EF8D43B55DB7DC5A6CB05
    Function 0042F980 Relevance: 5.2, Strings: 4, Instructions: 240COMMON
    Download Yara Rule
    Strings
    • H_T= H_a= H_g= MB, W_a= and cnt= h_a= h_g= h_t= max= ms, ptr siz= tab= top= u_a= u_g=%s:%d+0330+0430+0530+0545+0630+0845+1030+1245+1345, fp:-09301.0.01562578125<nil>AEligASCIIAcircAdlamAlphaAprilAringBamumBatakBuhidCP273CP280CP284CP285CP500CP868CP870CP871, xrefs: 0042FC25
    • h_t= max= ms, ptr siz= tab= top= u_a= u_g=%s:%d+0330+0430+0530+0545+0630+0845+1030+1245+1345, fp:-09301.0.01562578125<nil>AEligASCIIAcircAdlamAlphaAprilAringBamumBatakBuhidCP273CP280CP284CP285CP500CP868CP870CP871CP918Call DeltaDograEVENTEcircErrorGammaGreek, xrefs: 0042FC05
    • pacer: H_m_prev=public key errorreflect mismatchregexp: Compile(remote I/O errorruntime: g: g=runtime: addr = runtime: base = runtime: gp: gp=runtime: head = runtime: nelems=schedule: in cgostart cache logsystem version: time: bad [0-9]*workbuf is empty{"st, xrefs: 0042FBEA
    • u_a/u_g= unmarked wbuf1.n= wbuf2.n=%02d:%02d(unknown), newval=, oldval=, plugin:, size = , tail = 244140625: status=AuthorityBassa_VahBhaiksukiC:.*\.infClassINETCuneiformDiacriticEditionIDFindCloseGET STATEHex_DigitISO646-USInheritedInstalledInterfaceKhudawad, xrefs: 0042FD70
    Memory Dump Source
    • Source File: 00000000.00000002.1491953205.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
    • Associated: 00000000.00000002.1491897069.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492053005.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000568000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000059A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005B6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005D6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005F6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000602000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000610000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000622000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492852298.0000000000626000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492866092.0000000000629000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493520914.000000000062F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493536412.0000000000631000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000649000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000652000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000656000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000659000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000065C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494465228.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007BD000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007E7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007EE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000815000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000818000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494907083.000000000081D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1495023982.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_410000_SecuriteInfo.jbxd
    Similarity
    • API ID:
    • String ID: H_T= H_a= H_g= MB, W_a= and cnt= h_a= h_g= h_t= max= ms, ptr siz= tab= top= u_a= u_g=%s:%d+0330+0430+0530+0545+0630+0845+1030+1245+1345, fp:-09301.0.01562578125<nil>AEligASCIIAcircAdlamAlphaAprilAringBamumBatakBuhidCP273CP280CP284CP285CP500CP868CP870CP871$ h_t= max= ms, ptr siz= tab= top= u_a= u_g=%s:%d+0330+0430+0530+0545+0630+0845+1030+1245+1345, fp:-09301.0.01562578125<nil>AEligASCIIAcircAdlamAlphaAprilAringBamumBatakBuhidCP273CP280CP284CP285CP500CP868CP870CP871CP918Call DeltaDograEVENTEcircErrorGammaGreek$ u_a/u_g= unmarked wbuf1.n= wbuf2.n=%02d:%02d(unknown), newval=, oldval=, plugin:, size = , tail = 244140625: status=AuthorityBassa_VahBhaiksukiC:.*\.infClassINETCuneiformDiacriticEditionIDFindCloseGET STATEHex_DigitISO646-USInheritedInstalledInterfaceKhudawad$pacer: H_m_prev=public key errorreflect mismatchregexp: Compile(remote I/O errorruntime: g: g=runtime: addr = runtime: base = runtime: gp: gp=runtime: head = runtime: nelems=schedule: in cgostart cache logsystem version: time: bad [0-9]*workbuf is empty{"st
    • API String ID: 0-3914454540
    • Opcode ID: ba45e194dffedbf4641467ee3425dc4d0ce2572eae1d0a2bf1b869681ed5d2dc
    • Instruction ID: 1449c14ba46d972e6f9fb54d5d577d09041f4a4271efb1d8717f8952e49e408d
    • Opcode Fuzzy Hash: ba45e194dffedbf4641467ee3425dc4d0ce2572eae1d0a2bf1b869681ed5d2dc
    • Instruction Fuzzy Hash: 63A1FE32659F848AD602DB35E44231AA72AFF9A7C4F54D377AA4E26766DF3DC042C600
    Function 004256E0 Relevance: 5.2, Strings: 4, Instructions: 211COMMON
    Download Yara Rule
    Strings
    • but progSize nmidlelocked= on zero Value out of range procedure in to finalizer untyped args %02d/%02d/%02d%02d:%02d:%02d%04d/%02d/%02d-thread limit1907348632812595367431640625: extra text: ANSI_X3.4-1968ANSI_X3.4-1986CertCloseStoreCoInitializeExCoUninit, xrefs: 00425829
    • heapBitsSetTypeGCProg: unexpected bit countinterrupted system call should be restartedmult64bitPow10: power of 10 is out of rangemultiple Read calls return no data or errornon in-use span found with specials bit setreflect: nil type passed to Type.Implementsro, xrefs: 00425851
    • runtime: heapBitsSetTypeGCProg: total bits runtime: releaseSudog with non-nil gp.paramruntime:stoplockedm: lockedg (atomicstatus=unfinished open-coded defers in deferreturnunknown runnable goroutine during bootstrap using value obtained using unexported fieldS, xrefs: 0042580E
    • heapBitsSetTypeGCProg: small allocationmath/big: buffer too small to fit valuemismatched count during itab table copymissing argument to repetition operatormspan.sweep: bad span state after sweepout of memory allocating heap arena mapreflect.MakeMapWithSize of, xrefs: 004259F7
    Memory Dump Source
    • Source File: 00000000.00000002.1491953205.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
    • Associated: 00000000.00000002.1491897069.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492053005.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000568000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000059A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005B6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005D6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005F6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000602000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000610000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000622000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492852298.0000000000626000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492866092.0000000000629000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493520914.000000000062F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493536412.0000000000631000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000649000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000652000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000656000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000659000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000065C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494465228.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007BD000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007E7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007EE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000815000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000818000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494907083.000000000081D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1495023982.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_410000_SecuriteInfo.jbxd
    Similarity
    • API ID:
    • String ID: but progSize nmidlelocked= on zero Value out of range procedure in to finalizer untyped args %02d/%02d/%02d%02d:%02d:%02d%04d/%02d/%02d-thread limit1907348632812595367431640625: extra text: ANSI_X3.4-1968ANSI_X3.4-1986CertCloseStoreCoInitializeExCoUninit$heapBitsSetTypeGCProg: small allocationmath/big: buffer too small to fit valuemismatched count during itab table copymissing argument to repetition operatormspan.sweep: bad span state after sweepout of memory allocating heap arena mapreflect.MakeMapWithSize of$heapBitsSetTypeGCProg: unexpected bit countinterrupted system call should be restartedmult64bitPow10: power of 10 is out of rangemultiple Read calls return no data or errornon in-use span found with specials bit setreflect: nil type passed to Type.Implementsro$runtime: heapBitsSetTypeGCProg: total bits runtime: releaseSudog with non-nil gp.paramruntime:stoplockedm: lockedg (atomicstatus=unfinished open-coded defers in deferreturnunknown runnable goroutine during bootstrap using value obtained using unexported fieldS
    • API String ID: 0-2939989768
    • Opcode ID: 7dafe59aee10f2e1d30003cee2d567cef7a9d9d5076c56a5afff076c388eb6a2
    • Instruction ID: 3ff98a969acf07de1335698fca7301dad140a6968a2850294a1bc6c3bb85c800
    • Opcode Fuzzy Hash: 7dafe59aee10f2e1d30003cee2d567cef7a9d9d5076c56a5afff076c388eb6a2
    • Instruction Fuzzy Hash: 7081E262719BA4C6DA20AB16F44039AA765F385B84FC4512BEFCD17B59CF3CC581CB09
    Function 00424A40 Relevance: 4.5, Strings: 3, Instructions: 772COMMON
    Download Yara Rule
    Strings
    • heapBitsSetType: unexpected shiftindefinite length found (not DER)invalid value %q for flag -%s: %vmin must be a non-zero power of 2misrounded allocation in sysAllocreflect.nameFrom: name too long: reflect: Field index out of rangereflect: NumOut of non-func t, xrefs: 0042549E
    • runtime: invalid type runtime: netpoll failedruntime: s.allocCount= s.allocCount > s.nelemsschedule: holding lockssegment length too longshrinkstack at bad timespan has no free stacksstack growth after forksyntax error in patternsystem huge page size (too man, xrefs: 004254CC
    • heapBitsSetType: called with non-pointer typejson.RawMessage: UnmarshalJSON on nil pointermath/big: cannot unmarshal %q into a *big.Intparsing/packing of this section has completedreflect: internal error: invalid method indexruntime.minit: duplicatehandle fail, xrefs: 004254FC
    Memory Dump Source
    • Source File: 00000000.00000002.1491953205.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
    • Associated: 00000000.00000002.1491897069.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492053005.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000568000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000059A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005B6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005D6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005F6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000602000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000610000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000622000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492852298.0000000000626000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492866092.0000000000629000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493520914.000000000062F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493536412.0000000000631000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000649000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000652000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000656000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000659000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000065C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494465228.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007BD000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007E7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007EE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000815000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000818000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494907083.000000000081D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1495023982.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_410000_SecuriteInfo.jbxd
    Similarity
    • API ID:
    • String ID: heapBitsSetType: called with non-pointer typejson.RawMessage: UnmarshalJSON on nil pointermath/big: cannot unmarshal %q into a *big.Intparsing/packing of this section has completedreflect: internal error: invalid method indexruntime.minit: duplicatehandle fail$heapBitsSetType: unexpected shiftindefinite length found (not DER)invalid value %q for flag -%s: %vmin must be a non-zero power of 2misrounded allocation in sysAllocreflect.nameFrom: name too long: reflect: Field index out of rangereflect: NumOut of non-func t$runtime: invalid type runtime: netpoll failedruntime: s.allocCount= s.allocCount > s.nelemsschedule: holding lockssegment length too longshrinkstack at bad timespan has no free stacksstack growth after forksyntax error in patternsystem huge page size (too man
    • API String ID: 0-1430615336
    • Opcode ID: f9f01a31d21bf6a1c64423f9f93fbfa8eebe09e4e72e686432f3b3186047dd56
    • Instruction ID: 7875d5125de310e9a0a2f2d3b7c49bcc4ec033bc1cdc847242ee8f19298c8c92
    • Opcode Fuzzy Hash: f9f01a31d21bf6a1c64423f9f93fbfa8eebe09e4e72e686432f3b3186047dd56
    • Instruction Fuzzy Hash: 4752CDB2718AE482D730CB56F4007AABB61F389BD0F859116DE9E57B88CB7CC455CB08
    Function 0047CB80 Relevance: 4.0, Strings: 3, Instructions: 243COMMON
    Download Yara Rule
    Strings
    • ParseFloatPhoenicianPulseEventRIPEMD-160ResetEventSaurashtraWSACleanupWSASocketWWSAStartupWindows 11[%D %T] %M[:^alnum:][:^alpha:][:^ascii:][:^blank:][:^cntrl:][:^digit:][:^graph:][:^lower:][:^print:][:^punct:][:^space:][:^upper:][:xdigit:]atomicand8complex128, xrefs: 0047CDC1, 0047CE6D, 0047CF0D
    • @gn, xrefs: 0047CE03
    • @gn, xrefs: 0047CEAF, 0047CF4F
    Memory Dump Source
    • Source File: 00000000.00000002.1491953205.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
    • Associated: 00000000.00000002.1491897069.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492053005.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000568000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000059A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005B6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005D6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005F6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000602000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000610000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000622000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492852298.0000000000626000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492866092.0000000000629000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493520914.000000000062F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493536412.0000000000631000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000649000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000652000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000656000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000659000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000065C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494465228.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007BD000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007E7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007EE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000815000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000818000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494907083.000000000081D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1495023982.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_410000_SecuriteInfo.jbxd
    Similarity
    • API ID:
    • String ID: @gn$@gn$ParseFloatPhoenicianPulseEventRIPEMD-160ResetEventSaurashtraWSACleanupWSASocketWWSAStartupWindows 11[%D %T] %M[:^alnum:][:^alpha:][:^ascii:][:^blank:][:^cntrl:][:^digit:][:^graph:][:^lower:][:^print:][:^punct:][:^space:][:^upper:][:xdigit:]atomicand8complex128
    • API String ID: 0-221077113
    • Opcode ID: ce0dc735226b5ae6e4fbbe05d6af15fb2148387f7c76084094f364e3fc6901e6
    • Instruction ID: a2796fc2a89673a6e07da857936e3e1630adb7570f687b73b4a47d7b8e84aa4e
    • Opcode Fuzzy Hash: ce0dc735226b5ae6e4fbbe05d6af15fb2148387f7c76084094f364e3fc6901e6
    • Instruction Fuzzy Hash: 54B19D32208B84CACB25DF16F48039AB765F789B84F84952AEACD13B69DF7CC555CB04
    Function 0047CFE0 Relevance: 4.0, Strings: 3, Instructions: 242COMMON
    Download Yara Rule
    Strings
    • ParseFloatPhoenicianPulseEventRIPEMD-160ResetEventSaurashtraWSACleanupWSASocketWWSAStartupWindows 11[%D %T] %M[:^alnum:][:^alpha:][:^ascii:][:^blank:][:^cntrl:][:^digit:][:^graph:][:^lower:][:^print:][:^punct:][:^space:][:^upper:][:xdigit:]atomicand8complex128, xrefs: 0047D221, 0047D2CD, 0047D36D
    • @gn, xrefs: 0047D263
    • @gn, xrefs: 0047D30F, 0047D3AF
    Memory Dump Source
    • Source File: 00000000.00000002.1491953205.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
    • Associated: 00000000.00000002.1491897069.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492053005.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000568000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000059A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005B6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005D6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005F6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000602000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000610000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000622000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492852298.0000000000626000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492866092.0000000000629000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493520914.000000000062F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493536412.0000000000631000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000649000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000652000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000656000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000659000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000065C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494465228.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007BD000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007E7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007EE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000815000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000818000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494907083.000000000081D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1495023982.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_410000_SecuriteInfo.jbxd
    Similarity
    • API ID:
    • String ID: @gn$@gn$ParseFloatPhoenicianPulseEventRIPEMD-160ResetEventSaurashtraWSACleanupWSASocketWWSAStartupWindows 11[%D %T] %M[:^alnum:][:^alpha:][:^ascii:][:^blank:][:^cntrl:][:^digit:][:^graph:][:^lower:][:^print:][:^punct:][:^space:][:^upper:][:xdigit:]atomicand8complex128
    • API String ID: 0-221077113
    • Opcode ID: 82fcf2a062201d651d822a20c30d1bcc6a9456d882d5c8fe0285575cd3a952cb
    • Instruction ID: 6487a26cf2f72d92f2c13837221242351a2330be8f05adc118968acfc5788e87
    • Opcode Fuzzy Hash: 82fcf2a062201d651d822a20c30d1bcc6a9456d882d5c8fe0285575cd3a952cb
    • Instruction Fuzzy Hash: 64B16972618B84C9CB24DB16F44039AB7B5F789B84F84942AEACD07729DF3CC545CB05
    Function 00447000 Relevance: 4.0, Strings: 3, Instructions: 235COMMON
    Download Yara Rule
    Strings
    • reflect.rflags rip rsi rsp runnableruntime.rwmutexRrwmutexWscavengeshutdownstrconv.thetasymtraceBufunknown(wsaioctlx-mac-ce (forced) -> node= blocked= defersc= in use) lockedg= lockedm= m->curg= marked ms cpu, not in [ of type runtime= s.limi, xrefs: 004472F5
    • runtime.rwmutexRrwmutexWscavengeshutdownstrconv.thetasymtraceBufunknown(wsaioctlx-mac-ce (forced) -> node= blocked= defersc= in use) lockedg= lockedm= m->curg= marked ms cpu, not in [ of type runtime= s.limit= s.state= threads= u_a/u_g= unmarked wbuf1.n= , xrefs: 00447294
    • runtime/internal/runtime: level = runtime: nameOff runtime: pointer runtime: summary[runtime: textOff runtime: typeOff scanobject n == 0select (no cases)stack: frame={sp:swept cached spanthread exhaustiontrigger underflowunknown caller pcunknown func typeunkno, xrefs: 004472CA
    Memory Dump Source
    • Source File: 00000000.00000002.1491953205.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
    • Associated: 00000000.00000002.1491897069.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492053005.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000568000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000059A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005B6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005D6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005F6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000602000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000610000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000622000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492852298.0000000000626000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492866092.0000000000629000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493520914.000000000062F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493536412.0000000000631000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000649000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000652000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000656000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000659000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000065C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494465228.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007BD000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007E7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007EE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000815000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000818000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494907083.000000000081D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1495023982.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_410000_SecuriteInfo.jbxd
    Similarity
    • API ID:
    • String ID: reflect.rflags rip rsi rsp runnableruntime.rwmutexRrwmutexWscavengeshutdownstrconv.thetasymtraceBufunknown(wsaioctlx-mac-ce (forced) -> node= blocked= defersc= in use) lockedg= lockedm= m->curg= marked ms cpu, not in [ of type runtime= s.limi$runtime.rwmutexRrwmutexWscavengeshutdownstrconv.thetasymtraceBufunknown(wsaioctlx-mac-ce (forced) -> node= blocked= defersc= in use) lockedg= lockedm= m->curg= marked ms cpu, not in [ of type runtime= s.limit= s.state= threads= u_a/u_g= unmarked wbuf1.n= $runtime/internal/runtime: level = runtime: nameOff runtime: pointer runtime: summary[runtime: textOff runtime: typeOff scanobject n == 0select (no cases)stack: frame={sp:swept cached spanthread exhaustiontrigger underflowunknown caller pcunknown func typeunkno
    • API String ID: 0-2473934483
    • Opcode ID: 4fa5d066eac75f45784c9f9339ae597751a238c73825b114447067bd952bb982
    • Instruction ID: bdd96232cd8bce53d13e767ebbdd6f0788e821895b7c6f857e806a90633590c4
    • Opcode Fuzzy Hash: 4fa5d066eac75f45784c9f9339ae597751a238c73825b114447067bd952bb982
    • Instruction Fuzzy Hash: 16916072608B80C6EB10DF56E44036AA761F789BD4F98452AEF8D43B19DB7CC456C744
    Function 00484E20 Relevance: 3.1, Strings: 2, Instructions: 552COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1491953205.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
    • Associated: 00000000.00000002.1491897069.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492053005.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000568000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000059A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005B6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005D6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005F6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000602000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000610000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000622000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492852298.0000000000626000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492866092.0000000000629000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493520914.000000000062F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493536412.0000000000631000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000649000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000652000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000656000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000659000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000065C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494465228.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007BD000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007E7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007EE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000815000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000818000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494907083.000000000081D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1495023982.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_410000_SecuriteInfo.jbxd
    Similarity
    • API ID:
    • String ID: @gn$\
    • API String ID: 0-3915152061
    • Opcode ID: ab5c48edcb51b5d735dfd67f47a4f0c1a2f1340c226848b25a0b61c926c4d749
    • Instruction ID: f5e8b6a25d706b3571a3fb4e30a8940c5db351dd92e59b932f91edd1c6c0c1c0
    • Opcode Fuzzy Hash: ab5c48edcb51b5d735dfd67f47a4f0c1a2f1340c226848b25a0b61c926c4d749
    • Instruction Fuzzy Hash: 47328A66708AC4C5CB20EF66E4403AEA762F389BC4F888927DE8D57B59DF7CC4458B04
    Function 00416680 Relevance: 2.9, Strings: 2, Instructions: 413COMMON
    Download Yara Rule
    Strings
    • G waiting list is corruptedGetSecurityDescriptorLengthGetUserPreferredUILanguagesPdhGetFormattedCounterValueStartServiceCtrlDispatcherW"2006-01-02T15:04:05Z07:00"address not a stack addressafter object key:value pairchannel number out of rangecommunication err, xrefs: 00416D0A
    • unreachableuserenv.dllwindows-31jwindows-720windows-857windows-858windows-861windows-862windows-869windows-874windows-932windows-949x-mac-greek KiB total, [recovered] allocCount found at *( gcscandone heapMarked= m->gsignal= minTrigger= nDataRoots= nSpanRoo, xrefs: 00416826
    Memory Dump Source
    • Source File: 00000000.00000002.1491953205.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
    • Associated: 00000000.00000002.1491897069.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492053005.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000568000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000059A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005B6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005D6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005F6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000602000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000610000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000622000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492852298.0000000000626000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492866092.0000000000629000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493520914.000000000062F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493536412.0000000000631000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000649000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000652000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000656000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000659000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000065C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494465228.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007BD000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007E7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007EE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000815000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000818000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494907083.000000000081D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1495023982.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_410000_SecuriteInfo.jbxd
    Similarity
    • API ID:
    • String ID: G waiting list is corruptedGetSecurityDescriptorLengthGetUserPreferredUILanguagesPdhGetFormattedCounterValueStartServiceCtrlDispatcherW"2006-01-02T15:04:05Z07:00"address not a stack addressafter object key:value pairchannel number out of rangecommunication err$unreachableuserenv.dllwindows-31jwindows-720windows-857windows-858windows-861windows-862windows-869windows-874windows-932windows-949x-mac-greek KiB total, [recovered] allocCount found at *( gcscandone heapMarked= m->gsignal= minTrigger= nDataRoots= nSpanRoo
    • API String ID: 0-1099229115
    • Opcode ID: 548201f1c8b5d6d984d7bdaacd79cf760715724b3dc6d14fceafc10e9bc4e623
    • Instruction ID: 59eedc7047202d1c8ae53442685009015faba1a097f0a4b0ef61c1d12aa840d5
    • Opcode Fuzzy Hash: 548201f1c8b5d6d984d7bdaacd79cf760715724b3dc6d14fceafc10e9bc4e623
    • Instruction Fuzzy Hash: DF02AD72604B80C6DB20DF26E4403DAB7A5F789BC8F99902ADA8C47B59CF7DC485C749
    Function 0043EB80 Relevance: 2.6, Strings: 2, Instructions: 146COMMON
    Download Yara Rule
    Strings
    • runtime: inconsistent read deadlineryuFtoaFixed32 called with prec > 9superfluous leading zeros in lengthtoo many Questions to pack (>65535)traceback did not unwind completelytransport endpoint is not connectedx509: decryption password incorrectx509: wrong Ed2, xrefs: 0043ED6D
    • runtime: inconsistent write deadlineruntime: invalid pc-encoded table f=runtime: invalid typeBitsBulkBarrierruntime: marked free object in span runtime: mcall called on m->g0 stackruntime: sudog with non-nil waitlinkruntime: unblock on closing polldescruntime:, xrefs: 0043ED1D
    Memory Dump Source
    • Source File: 00000000.00000002.1491953205.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
    • Associated: 00000000.00000002.1491897069.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492053005.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000568000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000059A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005B6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005D6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005F6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000602000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000610000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000622000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492852298.0000000000626000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492866092.0000000000629000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493520914.000000000062F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493536412.0000000000631000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000649000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000652000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000656000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000659000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000065C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494465228.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007BD000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007E7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007EE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000815000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000818000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494907083.000000000081D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1495023982.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_410000_SecuriteInfo.jbxd
    Similarity
    • API ID:
    • String ID: runtime: inconsistent read deadlineryuFtoaFixed32 called with prec > 9superfluous leading zeros in lengthtoo many Questions to pack (>65535)traceback did not unwind completelytransport endpoint is not connectedx509: decryption password incorrectx509: wrong Ed2$runtime: inconsistent write deadlineruntime: invalid pc-encoded table f=runtime: invalid typeBitsBulkBarrierruntime: marked free object in span runtime: mcall called on m->g0 stackruntime: sudog with non-nil waitlinkruntime: unblock on closing polldescruntime:
    • API String ID: 0-2065250675
    • Opcode ID: 76565c67445d775ff4445d4243035627719b8880ef7d9f40facdff59ce241be8
    • Instruction ID: 1c21ffc8c00ce3a68ed88887905311eaa899aeb56b91b00fc72a68b505bf6e0b
    • Opcode Fuzzy Hash: 76565c67445d775ff4445d4243035627719b8880ef7d9f40facdff59ce241be8
    • Instruction Fuzzy Hash: 2C51E83220AB44C5DB60DB1AE04035BA7A1F749BA4F686626DAAC477E5CF3DC442C748
    Function 0044F4A0 Relevance: 2.6, Strings: 2, Instructions: 135COMMON
    Download Yara Rule
    Strings
    • internal lockOSThread errorinvalid boolean flag %s: %vinvalid profile bucket typekey was rejected by servicemakechan: size out of rangemakeslice: cap out of rangemakeslice: len out of rangemspan.sweep: bad span statenot a XENIX named type fileprogToPointerMask, xrefs: 0044F6FC
    • invalid m->lockedInt = json: cannot unmarshal left over markroot jobsmakechan: bad alignmentmissing type in runfinqnanotime returning zeronew connection come in.no space left on deviceoperation not permittedoperation not supportedpanic during preemptoffprocres, xrefs: 0044F6D8
    Memory Dump Source
    • Source File: 00000000.00000002.1491953205.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
    • Associated: 00000000.00000002.1491897069.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492053005.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000568000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000059A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005B6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005D6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005F6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000602000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000610000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000622000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492852298.0000000000626000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492866092.0000000000629000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493520914.000000000062F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493536412.0000000000631000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000649000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000652000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000656000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000659000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000065C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494465228.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007BD000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007E7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007EE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000815000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000818000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494907083.000000000081D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1495023982.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_410000_SecuriteInfo.jbxd
    Similarity
    • API ID:
    • String ID: internal lockOSThread errorinvalid boolean flag %s: %vinvalid profile bucket typekey was rejected by servicemakechan: size out of rangemakeslice: cap out of rangemakeslice: len out of rangemspan.sweep: bad span statenot a XENIX named type fileprogToPointerMask$invalid m->lockedInt = json: cannot unmarshal left over markroot jobsmakechan: bad alignmentmissing type in runfinqnanotime returning zeronew connection come in.no space left on deviceoperation not permittedoperation not supportedpanic during preemptoffprocres
    • API String ID: 0-1674257381
    • Opcode ID: 32ad5c9e4accb7500a6b1cf22775d4558eafe31bc2f87efc743c72207cfad98f
    • Instruction ID: b748671df531a34430c714847f8f1a82f9c231aeffa4ddef6e6c85d1e380a07c
    • Opcode Fuzzy Hash: 32ad5c9e4accb7500a6b1cf22775d4558eafe31bc2f87efc743c72207cfad98f
    • Instruction Fuzzy Hash: 72517B32504B80C6E710DF31E04139A73A5FB48B88F85963AEA8D2B75ACF7CD54AC759
    Function 00444CE0 Relevance: 1.8, Strings: 1, Instructions: 546COMMON
    Download Yara Rule
    Strings
    • defer with non-empty frameencountered a cycle via %sentersyscall inconsistent forEachP: P did not run fnfreedefer with d.fn != nilinitSpan: unaligned lengthinvalid request descriptorname not unique on networkno CSI structure availableno message of desired type, xrefs: 0044544A
    Memory Dump Source
    • Source File: 00000000.00000002.1491953205.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
    • Associated: 00000000.00000002.1491897069.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492053005.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000568000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000059A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005B6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005D6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005F6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000602000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000610000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000622000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492852298.0000000000626000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492866092.0000000000629000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493520914.000000000062F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493536412.0000000000631000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000649000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000652000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000656000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000659000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000065C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494465228.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007BD000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007E7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007EE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000815000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000818000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494907083.000000000081D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1495023982.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_410000_SecuriteInfo.jbxd
    Similarity
    • API ID:
    • String ID: defer with non-empty frameencountered a cycle via %sentersyscall inconsistent forEachP: P did not run fnfreedefer with d.fn != nilinitSpan: unaligned lengthinvalid request descriptorname not unique on networkno CSI structure availableno message of desired type
    • API String ID: 0-3001345311
    • Opcode ID: 19dc14724c737d57a0cda4c9d146cc8fcb30896643310d25cdd3263439b418a4
    • Instruction ID: 6b968164c7f26e1c554dac0e32a01b0480bdec78dd8bd1e466bb2966e7f10b78
    • Opcode Fuzzy Hash: 19dc14724c737d57a0cda4c9d146cc8fcb30896643310d25cdd3263439b418a4
    • Instruction Fuzzy Hash: 22123662719A80C7FF15CF25E54135AA761F385BC9F80511BEA8E83B1ADB3CC946CB18
    Function 00423E80 Relevance: 1.6, Strings: 1, Instructions: 380COMMON
    Download Yara Rule
    Strings
    • bulkBarrierPreWrite: unaligned argumentscannot free workbufs when work.full != 0crypto/cipher: output smaller than inputrefill of span with free space remainingreflect.Value.SetBytes of non-byte slicereflect.Value.setRunes of non-rune sliceruntime.SetFinalizer, xrefs: 004242DB
    Memory Dump Source
    • Source File: 00000000.00000002.1491953205.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
    • Associated: 00000000.00000002.1491897069.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492053005.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000568000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000059A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005B6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005D6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005F6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000602000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000610000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000622000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492852298.0000000000626000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492866092.0000000000629000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493520914.000000000062F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493536412.0000000000631000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000649000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000652000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000656000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000659000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000065C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494465228.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007BD000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007E7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007EE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000815000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000818000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494907083.000000000081D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1495023982.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_410000_SecuriteInfo.jbxd
    Similarity
    • API ID:
    • String ID: bulkBarrierPreWrite: unaligned argumentscannot free workbufs when work.full != 0crypto/cipher: output smaller than inputrefill of span with free space remainingreflect.Value.SetBytes of non-byte slicereflect.Value.setRunes of non-rune sliceruntime.SetFinalizer
    • API String ID: 0-4212614000
    • Opcode ID: 10af31d9101af4720283543467e065fd959baf10a3fc3e346e0c4b22cee98086
    • Instruction ID: e290b9c5ad08ed35e2abe1efaa5b957cc5f2af38034e3b5875de4fbaecf9c534
    • Opcode Fuzzy Hash: 10af31d9101af4720283543467e065fd959baf10a3fc3e346e0c4b22cee98086
    • Instruction Fuzzy Hash: 6CE18C76709AA4C2CB20DF16B5007AAB7A5F399BC4F949016EF8E53B19DB3CC591CB04
    Function 004362E0 Relevance: 1.6, Strings: 1, Instructions: 350COMMON
    Download Yara Rule
    Strings
    • grew heap, but no adequate free space foundheapBitsSetTypeGCProg: unexpected bit countinterrupted system call should be restartedmult64bitPow10: power of 10 is out of rangemultiple Read calls return no data or errornon in-use span found with specials bit setre, xrefs: 0043686C
    Memory Dump Source
    • Source File: 00000000.00000002.1491953205.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
    • Associated: 00000000.00000002.1491897069.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492053005.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000568000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000059A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005B6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005D6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005F6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000602000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000610000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000622000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492852298.0000000000626000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492866092.0000000000629000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493520914.000000000062F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493536412.0000000000631000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000649000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000652000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000656000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000659000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000065C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494465228.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007BD000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007E7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007EE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000815000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000818000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494907083.000000000081D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1495023982.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_410000_SecuriteInfo.jbxd
    Similarity
    • API ID:
    • String ID: grew heap, but no adequate free space foundheapBitsSetTypeGCProg: unexpected bit countinterrupted system call should be restartedmult64bitPow10: power of 10 is out of rangemultiple Read calls return no data or errornon in-use span found with specials bit setre
    • API String ID: 0-281443137
    • Opcode ID: 59f2ca1986bb74bd45d0ee79f26d1cca4ffa873d25d25ea83bcc19a73881903f
    • Instruction ID: 10f3955ad3ccf96c802424d5ee2bdb1e7275ed10e8f6169382c38161cb7feae5
    • Opcode Fuzzy Hash: 59f2ca1986bb74bd45d0ee79f26d1cca4ffa873d25d25ea83bcc19a73881903f
    • Instruction Fuzzy Hash: 85F16D72609B8582DB209F16E48035AB7A1F789BD4F59A126EFCD07B69CF3CC491CB44
    Function 004848C0 Relevance: 1.6, Strings: 1, Instructions: 347COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1491953205.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
    • Associated: 00000000.00000002.1491897069.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492053005.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000568000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000059A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005B6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005D6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005F6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000602000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000610000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000622000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492852298.0000000000626000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492866092.0000000000629000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493520914.000000000062F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493536412.0000000000631000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000649000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000652000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000656000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000659000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000065C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494465228.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007BD000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007E7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007EE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000815000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000818000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494907083.000000000081D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1495023982.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_410000_SecuriteInfo.jbxd
    Similarity
    • API ID:
    • String ID: @gn
    • API String ID: 0-258860525
    • Opcode ID: 40dc5454ee40fd0495725d63e9c7d7affb27450ac6e52f71bfe2472bf86f319f
    • Instruction ID: 0f2ca68018430e02248ee573d45c59df325bce64eb4a66d5e8563ef2b6f0b28a
    • Opcode Fuzzy Hash: 40dc5454ee40fd0495725d63e9c7d7affb27450ac6e52f71bfe2472bf86f319f
    • Instruction Fuzzy Hash: F0C10922B08A4ACAEB24FF79D84139FA357B3C4B50F868C37CA1E47755E66CD9458708
    Function 0046D200 Relevance: 1.6, Strings: 1, Instructions: 335COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1491953205.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
    • Associated: 00000000.00000002.1491897069.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492053005.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000568000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000059A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005B6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005D6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005F6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000602000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000610000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000622000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492852298.0000000000626000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492866092.0000000000629000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493520914.000000000062F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493536412.0000000000631000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000649000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000652000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000656000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000659000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000065C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494465228.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007BD000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007E7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007EE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000815000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000818000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494907083.000000000081D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1495023982.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_410000_SecuriteInfo.jbxd
    Similarity
    • API ID:
    • String ID: @C
    • API String ID: 0-1618053064
    • Opcode ID: d33605d4dad49e17fe10ff481ed44f17d52d3eac0c06e527b7bb13785ce08273
    • Instruction ID: 98f5201cfa68ff107a04e616cb7b35dae6988112b1e9c159479b32cfba1ac378
    • Opcode Fuzzy Hash: d33605d4dad49e17fe10ff481ed44f17d52d3eac0c06e527b7bb13785ce08273
    • Instruction Fuzzy Hash: 0EF16D72B09B80C5DB209F19E54039BB3A1F785B88F689127DA8D47768EF3DC496C706
    Function 0041F1E0 Relevance: 1.5, Strings: 1, Instructions: 271COMMON
    Download Yara Rule
    Strings
    • concurrent map writesdefer on system stackfindrunnable: wrong pflag %q begins with -get ProductName fail:get system bit fail: in string escape codeinvalid named capturelink has been severednegative shift amountpackage not installedpanic on system stackpreempt , xrefs: 0041F31B, 0041F599
    Memory Dump Source
    • Source File: 00000000.00000002.1491953205.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
    • Associated: 00000000.00000002.1491897069.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492053005.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000568000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000059A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005B6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005D6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005F6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000602000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000610000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000622000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492852298.0000000000626000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492866092.0000000000629000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493520914.000000000062F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493536412.0000000000631000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000649000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000652000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000656000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000659000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000065C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494465228.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007BD000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007E7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007EE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000815000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000818000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494907083.000000000081D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1495023982.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_410000_SecuriteInfo.jbxd
    Similarity
    • API ID:
    • String ID: concurrent map writesdefer on system stackfindrunnable: wrong pflag %q begins with -get ProductName fail:get system bit fail: in string escape codeinvalid named capturelink has been severednegative shift amountpackage not installedpanic on system stackpreempt
    • API String ID: 0-411951369
    • Opcode ID: 76c557f2900e1053ed459ce458edf4780c1c5d857f1581f3dea3f9c2e3d2416d
    • Instruction ID: d12bd5455f3feea11e1de321e63bbe7402ca5fcf7ace005c74fd208de7e9f615
    • Opcode Fuzzy Hash: 76c557f2900e1053ed459ce458edf4780c1c5d857f1581f3dea3f9c2e3d2416d
    • Instruction Fuzzy Hash: 6AB16B73608AA482CB108F56E0403AEBB61F799B94F584127EF8D17B59CB3CD99AC744
    Function 00422BC0 Relevance: 1.5, Strings: 1, Instructions: 234COMMON
    Download Yara Rule
    Strings
    • concurrent map writesdefer on system stackfindrunnable: wrong pflag %q begins with -get ProductName fail:get system bit fail: in string escape codeinvalid named capturelink has been severednegative shift amountpackage not installedpanic on system stackpreempt , xrefs: 00422CE4, 00422EEF
    Memory Dump Source
    • Source File: 00000000.00000002.1491953205.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
    • Associated: 00000000.00000002.1491897069.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492053005.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000568000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000059A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005B6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005D6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005F6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000602000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000610000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000622000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492852298.0000000000626000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492866092.0000000000629000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493520914.000000000062F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493536412.0000000000631000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000649000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000652000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000656000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000659000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000065C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494465228.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007BD000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007E7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007EE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000815000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000818000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494907083.000000000081D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1495023982.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_410000_SecuriteInfo.jbxd
    Similarity
    • API ID:
    • String ID: concurrent map writesdefer on system stackfindrunnable: wrong pflag %q begins with -get ProductName fail:get system bit fail: in string escape codeinvalid named capturelink has been severednegative shift amountpackage not installedpanic on system stackpreempt
    • API String ID: 0-411951369
    • Opcode ID: 2fd6d733b364dbb9d7ab7c026e0a287e8524d1238b54713ea2a315cda69f2c85
    • Instruction ID: bfdf0d496d6ccd03780f85a347e98c9408a279b5dea4ea136a810f135e82ec7b
    • Opcode Fuzzy Hash: 2fd6d733b364dbb9d7ab7c026e0a287e8524d1238b54713ea2a315cda69f2c85
    • Instruction Fuzzy Hash: 76917CB2708BA092DB248F16F6403AEB761F789B84F894017EF8917B59CBBCC951D744
    Function 00415020 Relevance: 1.5, Strings: 1, Instructions: 230COMMON
    Download Yara Rule
    Strings
    • Go pointer stored into non-Go memoryIA5String contains invalid characterSbox_UIDataInteractive_ReleaseMemoryThe operation completed successfullyUnable to determine system directoryaccessing a corrupted shared librarycompressed name in SRV resource datacrypto/c, xrefs: 00415356
    Memory Dump Source
    • Source File: 00000000.00000002.1491953205.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
    • Associated: 00000000.00000002.1491897069.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492053005.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000568000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000059A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005B6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005D6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005F6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000602000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000610000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000622000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492852298.0000000000626000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492866092.0000000000629000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493520914.000000000062F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493536412.0000000000631000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000649000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000652000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000656000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000659000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000065C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494465228.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007BD000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007E7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007EE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000815000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000818000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494907083.000000000081D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1495023982.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_410000_SecuriteInfo.jbxd
    Similarity
    • API ID:
    • String ID: Go pointer stored into non-Go memoryIA5String contains invalid characterSbox_UIDataInteractive_ReleaseMemoryThe operation completed successfullyUnable to determine system directoryaccessing a corrupted shared librarycompressed name in SRV resource datacrypto/c
    • API String ID: 0-85106892
    • Opcode ID: 8ac758605750eb3531dbea61f77ebc898c7851e1dfb866407e28f68cbc89335d
    • Instruction ID: 971710cfb7b8b1ffea6d234e4af7bd2f78ef6d1e5e161010e5790a3bf567d204
    • Opcode Fuzzy Hash: 8ac758605750eb3531dbea61f77ebc898c7851e1dfb866407e28f68cbc89335d
    • Instruction Fuzzy Hash: 5891A172704E84C6CB109B66E0403DAA761F38ABE4F949226DFAD17B99CB3CC595CB44
    Function 0042E5E0 Relevance: 1.5, Strings: 1, Instructions: 207COMMON
    Download Yara Rule
    Strings
    • scanobject n == 0select (no cases)stack: frame={sp:swept cached spanthread exhaustiontrigger underflowunknown caller pcunknown func typeunknown type kindwait for GC cyclewrong medium typewrong moduel type but memory size because dotdotdot in async preempt t, xrefs: 0042E905
    Memory Dump Source
    • Source File: 00000000.00000002.1491953205.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
    • Associated: 00000000.00000002.1491897069.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492053005.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000568000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000059A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005B6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005D6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005F6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000602000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000610000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000622000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492852298.0000000000626000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492866092.0000000000629000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493520914.000000000062F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493536412.0000000000631000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000649000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000652000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000656000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000659000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000065C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494465228.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007BD000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007E7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007EE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000815000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000818000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494907083.000000000081D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1495023982.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_410000_SecuriteInfo.jbxd
    Similarity
    • API ID:
    • String ID: scanobject n == 0select (no cases)stack: frame={sp:swept cached spanthread exhaustiontrigger underflowunknown caller pcunknown func typeunknown type kindwait for GC cyclewrong medium typewrong moduel type but memory size because dotdotdot in async preempt t
    • API String ID: 0-4271461099
    • Opcode ID: d106de35402bc9b2b694f813acc6c8d89b3b806dfba05657a01dabec9180eb63
    • Instruction ID: 48e75e99dd6c25cf6e3f5cb6f60cc94f3ccba4384362b15b7cca9d9e134439ea
    • Opcode Fuzzy Hash: d106de35402bc9b2b694f813acc6c8d89b3b806dfba05657a01dabec9180eb63
    • Instruction Fuzzy Hash: 1D819CB2718BA082DB609F17F44075AA765F389BC4F94942AEF8D47B49CB3CC841CB08
    Function 0045C980 Relevance: 1.4, Strings: 1, Instructions: 175COMMON
    Download Yara Rule
    Strings
    • string concatenation too longsyntax error scanning booleantimeBegin/EndPeriod not foundtoo many open files in systemzero length OBJECT IDENTIFIER (types from different scopes) in prepareForSweep; sweepgen locals stack map entries for /securebox/WsSecBoxCoreDl, xrefs: 0045CBC5
    Memory Dump Source
    • Source File: 00000000.00000002.1491953205.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
    • Associated: 00000000.00000002.1491897069.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492053005.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000568000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000059A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005B6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005D6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005F6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000602000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000610000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000622000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492852298.0000000000626000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492866092.0000000000629000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493520914.000000000062F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493536412.0000000000631000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000649000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000652000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000656000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000659000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000065C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494465228.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007BD000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007E7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007EE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000815000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000818000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494907083.000000000081D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1495023982.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_410000_SecuriteInfo.jbxd
    Similarity
    • API ID:
    • String ID: string concatenation too longsyntax error scanning booleantimeBegin/EndPeriod not foundtoo many open files in systemzero length OBJECT IDENTIFIER (types from different scopes) in prepareForSweep; sweepgen locals stack map entries for /securebox/WsSecBoxCoreDl
    • API String ID: 0-3694000188
    • Opcode ID: f17bbf98f6a9754b78507d4ff280e6d3ef169c0443c7fb07db29d19e7ac7c11d
    • Instruction ID: bdef2d14984627e154117bbf94a863e5e75bc88a174473ae9bb55fea05a3c4af
    • Opcode Fuzzy Hash: f17bbf98f6a9754b78507d4ff280e6d3ef169c0443c7fb07db29d19e7ac7c11d
    • Instruction Fuzzy Hash: D651BE72B08BA485DB20CF52F48169AAB65F384FC5F548017EE8D57F0ACB3CC9569B48
    Function 00482B60 Relevance: 1.4, Strings: 1, Instructions: 154COMMON
    Download Yara Rule
    Strings
    • 00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899, xrefs: 00482CA1
    Memory Dump Source
    • Source File: 00000000.00000002.1491953205.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
    • Associated: 00000000.00000002.1491897069.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492053005.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000568000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000059A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005B6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005D6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005F6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000602000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000610000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000622000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492852298.0000000000626000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492866092.0000000000629000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493520914.000000000062F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493536412.0000000000631000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000649000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000652000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000656000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000659000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000065C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494465228.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007BD000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007E7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007EE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000815000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000818000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494907083.000000000081D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1495023982.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_410000_SecuriteInfo.jbxd
    Similarity
    • API ID:
    • String ID: 00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899
    • API String ID: 0-2272463933
    • Opcode ID: bcc2ffd8d1188f4bec99760f9aa29874b8c623c135af66de0d1d1d653ea37aab
    • Instruction ID: de889255fc9e341b028683061c2ab9a7cec4f8d638bd53e92f72a26c46d3b7bb
    • Opcode Fuzzy Hash: bcc2ffd8d1188f4bec99760f9aa29874b8c623c135af66de0d1d1d653ea37aab
    • Instruction Fuzzy Hash: 2B512572705A8582CB28EF19D6502BE6751F394B84F899E1BDE1A07390CFBCD845C309
    Function 00429BC0 Relevance: 1.4, Strings: 1, Instructions: 143COMMON
    Download Yara Rule
    Strings
    • gcinggreekgscanhchanhttpsicirciexclimageimap2imap3imapsinet4inet6infininit int16int32int64kappalaquolceilldquolientlsquomaccemaccymacgrmactrmdashmheapmicrominusmkdirmonthnablandashnotinntohsocircoeligolineomegaopluspanicpop3spoundprimeradicraquorceilrdquoreqId, xrefs: 00429D2E, 00429D45
    Memory Dump Source
    • Source File: 00000000.00000002.1491953205.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
    • Associated: 00000000.00000002.1491897069.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492053005.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000568000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000059A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005B6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005D6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005F6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000602000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000610000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000622000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492852298.0000000000626000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492866092.0000000000629000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493520914.000000000062F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493536412.0000000000631000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000649000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000652000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000656000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000659000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000065C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494465228.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007BD000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007E7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007EE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000815000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000818000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494907083.000000000081D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1495023982.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_410000_SecuriteInfo.jbxd
    Similarity
    • API ID:
    • String ID: gcinggreekgscanhchanhttpsicirciexclimageimap2imap3imapsinet4inet6infininit int16int32int64kappalaquolceilldquolientlsquomaccemaccymacgrmactrmdashmheapmicrominusmkdirmonthnablandashnotinntohsocircoeligolineomegaopluspanicpop3spoundprimeradicraquorceilrdquoreqId
    • API String ID: 0-1101975639
    • Opcode ID: e6bc6b18a5926dab72a6640d2b42211261562c9d21dc37f82cd83756767d0aae
    • Instruction ID: 7e98264bdb6b769a42b2da61043c833f194bb228df5bff332cf079fe5543a762
    • Opcode Fuzzy Hash: e6bc6b18a5926dab72a6640d2b42211261562c9d21dc37f82cd83756767d0aae
    • Instruction Fuzzy Hash: E8619E31705B40C6E700DB21F4853AA77A9F789788F91822BEA9D477A1DF7DC44AC708
    Function 0042F380 Relevance: 1.3, Strings: 1, Instructions: 91COMMON
    Download Yara Rule
    Strings
    • gcmarknewobject called while doing checkmarkinsufficient data for calculated length typemult128bitPow10: power of 10 is out of rangeout of memory allocating heap arena metadatareflect: funcLayout with interface receiver reflect: slice length out of range in Se, xrefs: 0042F479
    Memory Dump Source
    • Source File: 00000000.00000002.1491953205.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
    • Associated: 00000000.00000002.1491897069.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492053005.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000568000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000059A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005B6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005D6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005F6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000602000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000610000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000622000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492852298.0000000000626000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492866092.0000000000629000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493520914.000000000062F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493536412.0000000000631000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000649000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000652000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000656000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000659000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000065C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494465228.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007BD000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007E7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007EE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000815000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000818000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494907083.000000000081D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1495023982.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_410000_SecuriteInfo.jbxd
    Similarity
    • API ID:
    • String ID: gcmarknewobject called while doing checkmarkinsufficient data for calculated length typemult128bitPow10: power of 10 is out of rangeout of memory allocating heap arena metadatareflect: funcLayout with interface receiver reflect: slice length out of range in Se
    • API String ID: 0-3101483372
    • Opcode ID: d30f255cc3272f1a01bf8ce3bd537cf0a09cb5dd854ef4dff19589df9ab80e27
    • Instruction ID: fb01d70a000d50cb1b0199e5fe87d5d50586702d83525e3d21e5da59ca8e1ca3
    • Opcode Fuzzy Hash: d30f255cc3272f1a01bf8ce3bd537cf0a09cb5dd854ef4dff19589df9ab80e27
    • Instruction Fuzzy Hash: 3C21DEA2715BC986EF00DF29D0803992BA1F7A6FC4F89A576CA4C17755CB6CC194C300
    Function 0047BC60 Relevance: .4, Instructions: 354COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1491953205.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
    • Associated: 00000000.00000002.1491897069.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492053005.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000568000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000059A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005B6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005D6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005F6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000602000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000610000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000622000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492852298.0000000000626000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492866092.0000000000629000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493520914.000000000062F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493536412.0000000000631000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000649000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000652000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000656000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000659000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000065C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494465228.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007BD000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007E7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007EE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000815000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000818000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494907083.000000000081D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1495023982.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_410000_SecuriteInfo.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 1163e774e0c063189e487b3623f167805b8422a012d7b33fd19266925409f013
    • Instruction ID: 6a9791398a81b4b0d34aeab8d4a69558d78b392d975132f422e18fa15c8acda5
    • Opcode Fuzzy Hash: 1163e774e0c063189e487b3623f167805b8422a012d7b33fd19266925409f013
    • Instruction Fuzzy Hash: 98C1341270C1D085DB26CA25A5503FFAA61E385B88F489417EFCF07B96C77CCE419B99
    Function 00482340 Relevance: .3, Instructions: 347COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1491953205.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
    • Associated: 00000000.00000002.1491897069.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492053005.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000568000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000059A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005B6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005D6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005F6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000602000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000610000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000622000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492852298.0000000000626000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492866092.0000000000629000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493520914.000000000062F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493536412.0000000000631000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000649000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000652000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000656000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000659000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000065C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494465228.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007BD000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007E7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007EE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000815000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000818000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494907083.000000000081D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1495023982.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_410000_SecuriteInfo.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: fc8b0e296c8cff94c2afb4a8e1b1160abd4d886ce148276f958b2dc9bcf55d9c
    • Instruction ID: 18e6248fe0714d80a2c607102fde00e6d354d601bb002256a0cffa41a9a247f8
    • Opcode Fuzzy Hash: fc8b0e296c8cff94c2afb4a8e1b1160abd4d886ce148276f958b2dc9bcf55d9c
    • Instruction Fuzzy Hash: DFC1E633B08A9482DB50DF26E60179FA760F385BC4F544912EE8E97B19DBBCC945CB48
    Function 00452A40 Relevance: .3, Instructions: 291COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1491953205.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
    • Associated: 00000000.00000002.1491897069.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492053005.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000568000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000059A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005B6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005D6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005F6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000602000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000610000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000622000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492852298.0000000000626000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492866092.0000000000629000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493520914.000000000062F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493536412.0000000000631000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000649000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000652000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000656000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000659000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000065C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494465228.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007BD000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007E7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007EE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000815000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000818000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494907083.000000000081D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1495023982.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_410000_SecuriteInfo.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 01bb1214cb260d9a2d52ed05ced85b272608c878ac222c17b9cf2a3a5f2b82d8
    • Instruction ID: 84cc92b40af4fad5e98389d6263f69f036a44cffc15c3ac250ef42adc1228aa3
    • Opcode Fuzzy Hash: 01bb1214cb260d9a2d52ed05ced85b272608c878ac222c17b9cf2a3a5f2b82d8
    • Instruction Fuzzy Hash: ABC1A132609A40C6EB00CF61E99135AB361F786799F44503BEE8D87766CFBCD449CB44
    Function 00425C05 Relevance: .3, Instructions: 280COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1491953205.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
    • Associated: 00000000.00000002.1491897069.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492053005.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000568000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000059A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005B6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005D6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005F6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000602000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000610000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000622000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492852298.0000000000626000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492866092.0000000000629000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493520914.000000000062F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493536412.0000000000631000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000649000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000652000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000656000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000659000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000065C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494465228.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007BD000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007E7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007EE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000815000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000818000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494907083.000000000081D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1495023982.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_410000_SecuriteInfo.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: bc1792a1d6f59011fb37bcd6f96201d3c218a16e83454e8cd3c8bdc2cc917018
    • Instruction ID: dc9275bb7ed551d306e060e1814e2db94bbb37dfed03b724271ac67ed399c65c
    • Opcode Fuzzy Hash: bc1792a1d6f59011fb37bcd6f96201d3c218a16e83454e8cd3c8bdc2cc917018
    • Instruction Fuzzy Hash: C7719CA3B14AF493EE00DA92B5009F96614A356FD0BC65513EE2F27B45D67CCA07E30D
    Function 0046FDA9 Relevance: .3, Instructions: 257COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1491953205.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
    • Associated: 00000000.00000002.1491897069.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492053005.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000568000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000059A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005B6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005D6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005F6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000602000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000610000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000622000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492852298.0000000000626000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492866092.0000000000629000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493520914.000000000062F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493536412.0000000000631000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000649000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000652000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000656000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000659000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000065C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494465228.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007BD000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007E7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007EE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000815000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000818000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494907083.000000000081D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1495023982.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_410000_SecuriteInfo.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 74d166c22902ca2ee6fd6a8b018a85eddd984d9429639b7521b5005769b90fa6
    • Instruction ID: 62356c1a73b8988083c3b0393c66c772beb51867b53e874dcac5df827cba5247
    • Opcode Fuzzy Hash: 74d166c22902ca2ee6fd6a8b018a85eddd984d9429639b7521b5005769b90fa6
    • Instruction Fuzzy Hash: A0B10A16D58FDA50E6135678D403B762B146FF35C4F01D73BBAC2F1A63DB162A04BA22
    Function 00469940 Relevance: .3, Instructions: 251COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1491953205.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
    • Associated: 00000000.00000002.1491897069.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492053005.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000568000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000059A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005B6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005D6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005F6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000602000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000610000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000622000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492852298.0000000000626000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492866092.0000000000629000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493520914.000000000062F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493536412.0000000000631000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000649000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000652000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000656000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000659000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000065C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494465228.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007BD000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007E7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007EE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000815000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000818000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494907083.000000000081D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1495023982.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_410000_SecuriteInfo.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 10cc098e9913b817de772a9391bf19a6d4fe9e3cd28fd9a4f3319a9ccc295beb
    • Instruction ID: 7704e60fffb9ff2a63ef61169106a18e8be1751f4e4cb6e40e5ae2fc36c8499a
    • Opcode Fuzzy Hash: 10cc098e9913b817de772a9391bf19a6d4fe9e3cd28fd9a4f3319a9ccc295beb
    • Instruction Fuzzy Hash: C48141B3708F8192CB04CF5591400EAA326F394BC8B999617DB8D5736ADB7DDA2AC305
    Function 004161E0 Relevance: .2, Instructions: 242COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1491953205.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
    • Associated: 00000000.00000002.1491897069.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492053005.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000568000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000059A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005B6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005D6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005F6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000602000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000610000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000622000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492852298.0000000000626000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492866092.0000000000629000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493520914.000000000062F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493536412.0000000000631000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000649000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000652000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000656000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000659000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000065C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494465228.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007BD000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007E7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007EE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000815000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000818000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494907083.000000000081D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1495023982.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_410000_SecuriteInfo.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 72fc7577481e23fe97fac27631f2ffaae940238eabb86ae66440a154fe4a1b44
    • Instruction ID: 1524ba3f4d2cc66d5b0b9601c298b16ae4193c6aca131e0bfc8291250602d46e
    • Opcode Fuzzy Hash: 72fc7577481e23fe97fac27631f2ffaae940238eabb86ae66440a154fe4a1b44
    • Instruction Fuzzy Hash: 1EA1B972204B84C5DB20DF21E0403AAB3A1F749B88F99A52BDA8D17759CF3DC5D6C709
    Function 0044DA40 Relevance: .2, Instructions: 215COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1491953205.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
    • Associated: 00000000.00000002.1491897069.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492053005.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000568000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000059A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005B6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005D6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005F6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000602000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000610000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000622000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492852298.0000000000626000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492866092.0000000000629000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493520914.000000000062F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493536412.0000000000631000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000649000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000652000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000656000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000659000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000065C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494465228.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007BD000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007E7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007EE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000815000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000818000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494907083.000000000081D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1495023982.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_410000_SecuriteInfo.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 6740098d6e978f2ac91f907fb986c430276198204968c1010f573e22ca68d346
    • Instruction ID: 117cd1cb8a09a774190e95049e1fcbd66fb538e8b631b719fa7145c4d6b15366
    • Opcode Fuzzy Hash: 6740098d6e978f2ac91f907fb986c430276198204968c1010f573e22ca68d346
    • Instruction Fuzzy Hash: 7C818E76B1968086D724DF26A440B6ABBA1F389BC4F58502BFF8D47B19CB3CD850CB44
    Function 00438B20 Relevance: .2, Instructions: 193COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1491953205.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
    • Associated: 00000000.00000002.1491897069.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492053005.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000568000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000059A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005B6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005D6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005F6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000602000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000610000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000622000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492852298.0000000000626000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492866092.0000000000629000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493520914.000000000062F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493536412.0000000000631000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000649000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000652000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000656000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000659000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000065C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494465228.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007BD000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007E7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007EE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000815000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000818000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494907083.000000000081D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1495023982.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_410000_SecuriteInfo.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: cd759a50f2731829905dbe64bf52659214fe8f2264a50d91dbf48c4345515943
    • Instruction ID: a576bd91ee05a9654c1b0c7b63b37d2d6732b699f2f3b2f074c53dac7fa9d2fa
    • Opcode Fuzzy Hash: cd759a50f2731829905dbe64bf52659214fe8f2264a50d91dbf48c4345515943
    • Instruction Fuzzy Hash: 6B8168B3618B8482DB108F15F08039AB7A5F78ABD4F54622AEB9D57B99CF3CD051CB44
    Function 00425B80 Relevance: .2, Instructions: 191COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1491953205.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
    • Associated: 00000000.00000002.1491897069.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492053005.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000568000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000059A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005B6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005D6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005F6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000602000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000610000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000622000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492852298.0000000000626000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492866092.0000000000629000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493520914.000000000062F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493536412.0000000000631000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000649000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000652000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000656000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000659000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000065C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494465228.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007BD000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007E7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007EE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000815000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000818000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494907083.000000000081D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1495023982.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_410000_SecuriteInfo.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 043a41fd9e5f0cac1f43c0f7b6ca9808bc8f149826dc38f80f678a1f26f54c30
    • Instruction ID: 7395a145a00477a5d5170a7aa682d7765515c1468e91b177e8d7bffb5e3e68c8
    • Opcode Fuzzy Hash: 043a41fd9e5f0cac1f43c0f7b6ca9808bc8f149826dc38f80f678a1f26f54c30
    • Instruction Fuzzy Hash: F7518DA3B28AF0D3DA01CB64B4007BA6A20E313FD0FD59521DE6E5B786D63DD912D309
    Function 00439FE0 Relevance: .2, Instructions: 175COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1491953205.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
    • Associated: 00000000.00000002.1491897069.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492053005.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000568000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000059A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005B6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005D6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005F6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000602000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000610000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000622000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492852298.0000000000626000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492866092.0000000000629000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493520914.000000000062F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493536412.0000000000631000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000649000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000652000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000656000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000659000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000065C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494465228.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007BD000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007E7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007EE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000815000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000818000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494907083.000000000081D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1495023982.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_410000_SecuriteInfo.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 6672701c4d3360633699b4302890f2c31b66a60cb69ab9b394aa087d749f9a4b
    • Instruction ID: 20c01efe3573179463ec59fb8002c249e4fbfec9beb0dee93db11dfd64128d0a
    • Opcode Fuzzy Hash: 6672701c4d3360633699b4302890f2c31b66a60cb69ab9b394aa087d749f9a4b
    • Instruction Fuzzy Hash: 1561E573758B8482DB108F56E0807AEA362F799BC4F44A12BEE9E47789CE7CC151C749
    Function 00435200 Relevance: .2, Instructions: 171COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1491953205.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
    • Associated: 00000000.00000002.1491897069.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492053005.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000568000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000059A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005B6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005D6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005F6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000602000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000610000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000622000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492852298.0000000000626000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492866092.0000000000629000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493520914.000000000062F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493536412.0000000000631000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000649000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000652000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000656000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000659000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000065C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494465228.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007BD000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007E7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007EE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000815000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000818000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494907083.000000000081D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1495023982.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_410000_SecuriteInfo.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 6eed6556e3ed4859bb1bb7fb5283fdc3431b06c46ef57b63d1f345ade4d0de30
    • Instruction ID: 18b37b1fe611901dc662b1ad3671cbe12d199e32365b6ba46e8e52e39451c2a0
    • Opcode Fuzzy Hash: 6eed6556e3ed4859bb1bb7fb5283fdc3431b06c46ef57b63d1f345ade4d0de30
    • Instruction Fuzzy Hash: D3916172508B80C4E700CB10D8913EA3BE1FB98B88F8AE1BAD64957755CFBE51C9C756
    Function 00419DA0 Relevance: .2, Instructions: 161COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1491953205.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
    • Associated: 00000000.00000002.1491897069.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492053005.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000568000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000059A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005B6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005D6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005F6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000602000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000610000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000622000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492852298.0000000000626000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492866092.0000000000629000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493520914.000000000062F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493536412.0000000000631000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000649000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000652000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000656000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000659000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000065C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494465228.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007BD000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007E7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007EE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000815000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000818000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494907083.000000000081D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1495023982.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_410000_SecuriteInfo.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 959f9a42171b753e23d5c43eab742e4d562b460b36c18528453c20efac523502
    • Instruction ID: 7c75b4bc1751e816c89963185f1910c8533222eb7cb5925c24897619e01b1dc5
    • Opcode Fuzzy Hash: 959f9a42171b753e23d5c43eab742e4d562b460b36c18528453c20efac523502
    • Instruction Fuzzy Hash: 5041C6B6701B5541AE04CA6686300EAA362E74FFD0799E233CF1D777A8C63CD946C348
    Function 0041F5E0 Relevance: .2, Instructions: 159COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1491953205.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
    • Associated: 00000000.00000002.1491897069.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492053005.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000568000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000059A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005B6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005D6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005F6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000602000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000610000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000622000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492852298.0000000000626000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492866092.0000000000629000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493520914.000000000062F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493536412.0000000000631000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000649000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000652000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000656000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000659000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000065C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494465228.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007BD000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007E7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007EE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000815000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000818000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494907083.000000000081D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1495023982.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_410000_SecuriteInfo.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 99dca125a9b3cc6e9bc7a3b683b781caff4a00f9e79047864afa13d69b5259c6
    • Instruction ID: 156132d021de20956f274b1b7edf2e82bb987b72913a03477e239d8292a4567b
    • Opcode Fuzzy Hash: 99dca125a9b3cc6e9bc7a3b683b781caff4a00f9e79047864afa13d69b5259c6
    • Instruction Fuzzy Hash: B961EEB3614B90C6DB20DF15E40039E77A6F784B88F54A526DB8C17B69CB38C89BC784
    Function 0042CB60 Relevance: .2, Instructions: 156COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1491953205.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
    • Associated: 00000000.00000002.1491897069.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492053005.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000568000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000059A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005B6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005D6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005F6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000602000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000610000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000622000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492852298.0000000000626000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492866092.0000000000629000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493520914.000000000062F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493536412.0000000000631000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000649000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000652000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000656000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000659000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000065C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494465228.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007BD000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007E7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007EE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000815000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000818000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494907083.000000000081D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1495023982.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_410000_SecuriteInfo.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: e0db8d099e90e2108d1327f3e2c5c6638d8774f634e6b9db4daf8cb37cfe9a99
    • Instruction ID: 3f99db2d5404014708a76ff14ae7f9c16dcc87b678be6fcf87de2b4fa21ee10c
    • Opcode Fuzzy Hash: e0db8d099e90e2108d1327f3e2c5c6638d8774f634e6b9db4daf8cb37cfe9a99
    • Instruction Fuzzy Hash: 7E512572718B9486D741CB22F0813AEBBA2FB86BD4F848227EA9D53785CF3CC0558704
    Function 0047F140 Relevance: .1, Instructions: 128COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1491953205.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
    • Associated: 00000000.00000002.1491897069.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492053005.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000568000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000059A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005B6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005D6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005F6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000602000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000610000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000622000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492852298.0000000000626000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492866092.0000000000629000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493520914.000000000062F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493536412.0000000000631000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000649000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000652000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000656000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000659000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000065C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494465228.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007BD000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007E7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007EE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000815000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000818000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494907083.000000000081D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1495023982.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_410000_SecuriteInfo.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: d1cd163dedbe848dedaf663847c4aaaf2899c24ad17cf2c2f1d38ab9601a598a
    • Instruction ID: 79ff094583f1ce9653688c5ce890bc177dffde2ccc8c5d0cc60fd57d2434892f
    • Opcode Fuzzy Hash: d1cd163dedbe848dedaf663847c4aaaf2899c24ad17cf2c2f1d38ab9601a598a
    • Instruction Fuzzy Hash: B341D4A2B51A9442EE04C625D6103F59353DB55BE0F98D372DE2E6BBC8F75CD84AC204
    Function 0047F320 Relevance: .1, Instructions: 128COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1491953205.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
    • Associated: 00000000.00000002.1491897069.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492053005.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000568000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000059A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005B6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005D6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005F6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000602000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000610000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000622000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492852298.0000000000626000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492866092.0000000000629000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493520914.000000000062F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493536412.0000000000631000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000649000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000652000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000656000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000659000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000065C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494465228.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007BD000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007E7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007EE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000815000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000818000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494907083.000000000081D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1495023982.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_410000_SecuriteInfo.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 82f3cff22526f7d040fdac87029d5282799ef29342abd62b53c7bc81f9bb6e74
    • Instruction ID: 5a33d270c25f0938c72dfa65e2d61af4d828fe34fae11027548195d9b849f889
    • Opcode Fuzzy Hash: 82f3cff22526f7d040fdac87029d5282799ef29342abd62b53c7bc81f9bb6e74
    • Instruction Fuzzy Hash: 5141F6A3B11AA442DF15C936D6103E6A2529B55FF0F98C332CE3D67BD8E71CC94A8304
    Function 0041D880 Relevance: .1, Instructions: 105COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1491953205.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
    • Associated: 00000000.00000002.1491897069.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492053005.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000568000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000059A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005B6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005D6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005F6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000602000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000610000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000622000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492852298.0000000000626000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492866092.0000000000629000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493520914.000000000062F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493536412.0000000000631000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000649000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000652000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000656000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000659000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000065C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494465228.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007BD000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007E7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007EE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000815000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000818000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494907083.000000000081D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1495023982.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_410000_SecuriteInfo.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: d38df0298ea88bf97cf02cc732460f4e8e46b60cf4dbed94cab8fef278005a0d
    • Instruction ID: ad5da1985bf810127184292020b63430b8d21f48cb488464cdddc74c719837bb
    • Opcode Fuzzy Hash: d38df0298ea88bf97cf02cc732460f4e8e46b60cf4dbed94cab8fef278005a0d
    • Instruction Fuzzy Hash: E131E7B2A15F444BC643EB3A8440356D217FF967D0F588722AE1A77785E739E0D28640
    Function 0081D464 Relevance: .0, Instructions: 29COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1494907083.000000000081D000.00000004.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
    • Associated: 00000000.00000002.1491897069.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1491953205.0000000000411000.00000020.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492053005.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000568000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000059A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005B6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005D6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005F6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000602000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000610000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000622000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492852298.0000000000626000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492866092.0000000000629000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493520914.000000000062F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493536412.0000000000631000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000649000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000652000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000656000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000659000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000065C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494465228.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007BD000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007E7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007EE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000815000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000818000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1495023982.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_410000_SecuriteInfo.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 53238655788e6b6014311150072756eb8d94636d121ada16ea55c5f59977e5fd
    • Instruction ID: de48b6479f6ea9c8dc07648ce6169cea7fa3a288e4bd1f7299ef0278de66643d
    • Opcode Fuzzy Hash: 53238655788e6b6014311150072756eb8d94636d121ada16ea55c5f59977e5fd
    • Instruction Fuzzy Hash: 72F0A9D754EBC04BD3178EB84C662DE3F64F5A3D1534EC09B9381C2297E92928458716
    Function 00474B80 Relevance: .0, Instructions: 14COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1491953205.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
    • Associated: 00000000.00000002.1491897069.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492053005.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000568000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000059A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005B6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005D6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005F6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000602000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000610000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000622000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492852298.0000000000626000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492866092.0000000000629000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493520914.000000000062F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493536412.0000000000631000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000649000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000652000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000656000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000659000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000065C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494465228.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007BD000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007E7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007EE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000815000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000818000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494907083.000000000081D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1495023982.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_410000_SecuriteInfo.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 72f426208a35a0b9c032afdb375f6b02b475aee692e9d08bcc6a3f4dd419824e
    • Instruction ID: ada62d4d3cf5effd800179a838d7e1ad0508245df6364a9de6051185fc3304a4
    • Opcode Fuzzy Hash: 72f426208a35a0b9c032afdb375f6b02b475aee692e9d08bcc6a3f4dd419824e
    • Instruction Fuzzy Hash: 22E0EC25624E8080DA204B19E4413967720F7887B4F540322AEBD077E4CE3CC2268F40
    Function 00472D80 Relevance: .0, Instructions: 10COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1491953205.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
    • Associated: 00000000.00000002.1491897069.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492053005.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000568000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000059A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005B6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005D6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005F6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000602000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000610000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000622000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492852298.0000000000626000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492866092.0000000000629000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493520914.000000000062F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493536412.0000000000631000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000649000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000652000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000656000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000659000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000065C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494465228.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007BD000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007E7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007EE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000815000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000818000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494907083.000000000081D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1495023982.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_410000_SecuriteInfo.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 9a7a960ef939b09454fb67495b4cbb5e96f9c15e506a8e3babf2042b0309e29d
    • Instruction ID: c645e72e5e5492f9aeeb07f51e310ea2fc96dfbde2418eab75651f72637fd79d
    • Opcode Fuzzy Hash: 9a7a960ef939b09454fb67495b4cbb5e96f9c15e506a8e3babf2042b0309e29d
    • Instruction Fuzzy Hash: 9CC08CB0908AA069FB30830062403C0BA898B493C4D40C08491DC002159AAC80814210
    Function 0055DBD0 Relevance: 17.8, APIs: 8, Strings: 2, Instructions: 283memoryCOMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 653 55dbd0-55dbf0 654 55dc03-55dc5a call 55e720 call 55eb50 653->654 655 55dbf2-55dc02 653->655 654->655 660 55dc5c-55dc62 654->660 661 55dd30-55dd32 660->661 662 55dc68-55dc6a 660->662 663 55dc70-55dc73 661->663 664 55dd38-55dd3d 661->664 662->663 665 55dd14-55dd19 662->665 663->655 667 55dc79-55dc98 663->667 664->663 668 55dd43-55dd49 664->668 665->663 666 55dd1f-55dd24 665->666 666->668 669 55dd26-55dd2d 666->669 670 55dca4-55dcc5 call 55da00 667->670 671 55dd4f-55dd6b 668->671 672 55de7e-55de9b call 55ecb0 668->672 669->661 683 55dcc7-55dcd8 670->683 684 55dca0 670->684 674 55ddb5-55ddca 671->674 675 55dd6d 671->675 685 55df00-55df05 672->685 686 55de9d-55dea2 672->686 679 55dd72 674->679 680 55ddcc-55ddfd call 55da00 674->680 675->655 681 55de30-55de33 679->681 682 55dd78-55dd7b 679->682 708 55dda8-55ddaf 680->708 696 55de35-55de65 call 55da00 681->696 697 55de6a-55de79 call 55ecb0 681->697 688 55dd81-55dd84 682->688 689 55de00-55de2a call 55da00 682->689 683->655 692 55dcde 683->692 684->670 690 55dfc0-55dfd0 call 55eba8 685->690 691 55df0b 685->691 693 55dea4-55dea9 686->693 694 55df1f-55df2f signal 686->694 688->697 699 55dd8a-55dda3 call 55da00 688->699 689->708 703 55df31-55df34 690->703 727 55dfd6-55dfe7 signal 690->727 700 55df44-55df49 691->700 701 55df0d-55df12 691->701 702 55dce0-55dcf0 692->702 706 55dfb4-55dfba 693->706 707 55deaf 693->707 694->703 704 55dfa0-55dfaf signal call 55d9d0 694->704 696->708 697->672 699->708 700->706 715 55df4b-55df50 700->715 701->706 712 55df18-55df1d 701->712 718 55dd00-55dd0d 702->718 719 55dcf2-55dcfd VirtualProtect 702->719 713 55df36-55df43 703->713 714 55df8e-55df97 703->714 704->706 722 55deb5-55deba 707->722 723 55df80-55df85 707->723 708->674 708->683 712->694 712->714 715->714 724 55df52-55df62 signal 715->724 718->702 726 55dd0f 718->726 719->718 722->706 728 55dec0-55dec5 722->728 723->724 725 55df87-55df8c 723->725 730 55dff0-55e001 signal 724->730 731 55df68-55df6b 724->731 725->706 725->714 726->655 732 55def3-55def7 727->732 728->714 733 55decb-55dedb signal 728->733 730->732 734 55e026-55e02b 731->734 735 55df71-55df7e 731->735 736 55dee1-55dee4 733->736 737 55e010-55e021 signal 733->737 734->732 736->734 738 55deea-55def1 736->738 737->732 738->732
    APIs
    • VirtualProtect.KERNEL32(0081B590,00007FFB2B31ADA0,?,?,?,00000001,0041124C), ref: 0055DCFD
    Strings
    • Unknown pseudo relocation protocol version %d., xrefs: 0055DE7E
    • Unknown pseudo relocation bit size %d., xrefs: 0055DE6A
    Memory Dump Source
    • Source File: 00000000.00000002.1491953205.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
    • Associated: 00000000.00000002.1491897069.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492053005.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000568000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000059A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005B6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005D6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005F6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000602000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000610000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000622000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492852298.0000000000626000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492866092.0000000000629000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493520914.000000000062F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493536412.0000000000631000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000649000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000652000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000656000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000659000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000065C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494465228.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007BD000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007E7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007EE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000815000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000818000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494907083.000000000081D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1495023982.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_410000_SecuriteInfo.jbxd
    Similarity
    • API ID: ProtectVirtual
    • String ID: Unknown pseudo relocation bit size %d.$ Unknown pseudo relocation protocol version %d.
    • API String ID: 544645111-395989641
    • Opcode ID: 17407ceef2f13b2db1f215f4f551d22339d86053aa0da1fd3c7f77a41be0b62c
    • Instruction ID: af24487e6e8191ce6265d105ec2e622b06cb3d3222373d8bf71e10aa0e68ccb7
    • Opcode Fuzzy Hash: 17407ceef2f13b2db1f215f4f551d22339d86053aa0da1fd3c7f77a41be0b62c
    • Instruction Fuzzy Hash: 85914833B0014186EB389B75D86535D6B72BB947A6F548417CE0A87B94DA3DD88AC321
    Function 0055DA00 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 148memoryCOMMON
    Download Yara Rule
    APIs
    Strings
    • Address %p has no image-section, xrefs: 0055DBBD
    • VirtualProtect failed with code 0x%x, xrefs: 0055DB66
    • VirtualQuery failed for %d bytes at address %p, xrefs: 0055DBA7
    Memory Dump Source
    • Source File: 00000000.00000002.1491953205.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
    • Associated: 00000000.00000002.1491897069.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492053005.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000568000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000059A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005B6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005D6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.00000000005F6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000602000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000610000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492640148.0000000000622000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492852298.0000000000626000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1492866092.0000000000629000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493520914.000000000062F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493536412.0000000000631000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000649000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000064F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000652000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000656000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.0000000000659000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1493551347.000000000065C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494465228.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007BD000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007E7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.00000000007EE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000815000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494565409.0000000000818000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1494907083.000000000081D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1495023982.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_410000_SecuriteInfo.jbxd
    Similarity
    • API ID: Virtual$ErrorLastProtectQuery
    • String ID: VirtualProtect failed with code 0x%x$ VirtualQuery failed for %d bytes at address %p$Address %p has no image-section
    • API String ID: 637304234-2123141913
    • Opcode ID: 8325287b20cfafd34ace7bcb897c8189dc71be87a721f8bdb254ce99e07c26e9
    • Instruction ID: 716954f40c48aea4fd76ec86b7cb32a8d8f6c2b5b36c7958b2df8f15d59fa8a2
    • Opcode Fuzzy Hash: 8325287b20cfafd34ace7bcb897c8189dc71be87a721f8bdb254ce99e07c26e9
    • Instruction Fuzzy Hash: DC512273700B418ADB208F26E85139A7BB6FB98BA6F448126DE4D57754DF38C98AC710