Joe Sandbox Cloud Basic Analysis Report
Edit tour

Windows Analysis Report
doh.exe

Overview

General Information

Sample name:doh.exe
Analysis ID:1470764
MD5:820562b1432bd540f32b277ce5e6f749
SHA1:5ae67a12dcefb1d99ede4c5072fde0446afdd0ef
SHA256:4b8235e2898b9c65dd767b1d8bd3ffd20bab614c5eadcf586fc8f28593793f5c
Infos:

Detection

Score:48
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

AI detected suspicious sample
Potentially malicious time measurement code found
Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to call native functions
Detected potential crypto function
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
Installs a raw input device (often for capturing keystrokes)
PE file contains an invalid checksum
PE file contains more sections than normal
PE file contains sections with non-standard names
Potential time zone aware malware
Program does not show much activity (idle)
Uses code obfuscation techniques (call, push, ret)

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Process Tree

  • System is w10x64
  • doh.exe (PID: 7668 cmdline: "C:\Users\user\Desktop\doh.exe" MD5: 820562B1432BD540F32B277CE5E6F749)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

  • AV Detection
  • Compliance
  • Software Vulnerabilities
  • Networking
  • Key, Mouse, Clipboard, Microphone and Screen Capturing
  • System Summary
  • Data Obfuscation
  • Hooking and other Techniques for Hiding and Protection
  • Malware Analysis System Evasion
  • Anti Debugging
  • Language, Device and Operating System Detection

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: Submited SampleIntegrated Neural Analysis Model: Matched 89.8% probability
Source: doh.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: %+vint8uintfuncpartcallkind != eEpPAhomChamKawiLisuMiaoModiNewaThaiToto3125AtoicorscomplivewormOSS or .apk.hqx.cpt.doc.ogg.pdf.rtf.mif.xls.ppt.odc.odb.odf.odg.otg.odi.odp.otp.ods.ots.odt.odm.ott.oth.sxw.stw.sxc.stc.sxd.std.sxi.sti.sxg.sxm.sis.bz2.vcd.pgn.csh.dvi.spl.hdf.jar.ksp.kil.rpm.swf.sit.tar.tcl.tex.man.src.zip.m3u.wav.wma.wax.pdb.xyz.bmp.gif.ief.png.ras.pnm.pbm.pgm.ppm.rgb.xbm.xpm.xwd.css.rtx.tsv.jad.wml.etx.mxu.flv.wmv.wmx.wvx.avi.ice.3gp.aif.asc.bin.cdf.cgm.dcr.dif.dir.djv.dll.dmg.dms.dtd.dxr.eps.exe.htm.ico.ics.ifb.igs.jp2.jpe.jpg.kar.lha.lzh.m4a.m4p.m4u.m4v.mac.mid.mov.mp2.mp3.mp4.mpe.mpg.msh.oda.ogv.pct.pic.pnt.qti.ram.rdf.sgm.skd.skm.skp.skt.smi.snd.svg.tif.txt.wrl.xht.xml.xsl.xul.323.aab.aam.aas.acx.als.amc.ani.asd.asf.asn.asp.asr.asx.avb.awb.axs.bas.bld.bpk.cal.cat.ccn.cco.cer.cgi.clp.cmx.cod.cpp.crd.crl.crt.csm.cur.dcm.dcx.der.dot.dwf.dwg.dxf.ebk.emb.eri.esl.etc.evm.evy.fh4.fh5.fhc.fif.flr.fpx.fvi.gau.gca.gdb.gps.hdm.hlp.hta.htc.hts.htt.ifm.ifs.iii.imy.ins.ips.ipx.isp.itz.ivr.j2k.jam.jpz.jwc.kjx.lak.lcc.lcl.lcr.lgh.lml.log.lsf.lsx.m13.m14.m15.m4b.ma1.ma2.ma3.ma5.map.mbd.mct.mdb.mdz.mel.mht.mil.mio.mmf.mng.mny.moc.mod.mof.mol.mop.mpa.mpc.mpn.mpp.mps.mrl.mrm.msg.mts.mtx.mtz.mvb.mzv.nar.ndb.nif.nmz.npx.nva.nws.oom.p10.p12.p7b.p7c.p7m.p7r.p7s.pac.pae.pan.pcx.pda.pfr.pfx.pko.pma.pmc.pmd.pml.pmr.pmw.pnz.pps.pqf.pqi.prc.prf.pub.pvx.qcp.r3t.rar.rlf.rmf.rmi.rmm.rnx.rte.rtg.rwc.s3m.s3z.sca.scd.sct.sdf.sea.shw.si6.si7.si9.slc.smd.smp.smz.spc.spr.sdp.spt.sst.stk.stl.stm.svf.svh.svr.tad.taz.tbp.tbt.tgz.thm.tki.toc.toy.trk.trm.tsi.tsp.ttf.ttz.uls.ult.uue.vcf.vdo.vib.viv.vmd.vmf.vmi.vms.vox.vqe.vqf.vql.vre.vrt.vrw.vts.wcm.wdb.web.wis.wks.wmd.wmf.wmz.wps.wpt.wri.wrz.wsc.wxl.xaf.xar.xdm.xdw.xla.xlc.xll.xlm.xlt.xlw.xmz.xof.xpi.yz1.zacIHDRPLTEtRNSIDATIENDhtmllangnamesize.com.bat.cmdbitsNameType source: doh.exe, 00000000.00000002.1428052382.000000C002400000.00000004.00001000.00020000.00000000.sdmp, doh.exe, 00000000.00000002.1422770683.00000000707D6000.00000002.00001000.00020000.00000000.sdmp, doh.exe, 00000000.00000002.1426833845.000000C001400000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\rprichard\proj\winpty\src\Release\x64\winpty.pdb source: doh.exe, 00000000.00000002.1428052382.000000C0028DB000.00000004.00001000.00020000.00000000.sdmp, doh.exe, 00000000.00000002.1422770683.000000007096D000.00000002.00001000.00020000.00000000.sdmp
Source: Binary string: C:\rprichard\proj\winpty\src\Release\x64\winpty-agent.pdb source: doh.exe, 00000000.00000002.1426833845.000000C0019F4000.00000004.00001000.00020000.00000000.sdmp, doh.exe, 00000000.00000002.1422770683.0000000070A19000.00000002.00001000.00020000.00000000.sdmp, doh.exe, 00000000.00000002.1426315222.000000C0011F4000.00000004.00001000.00020000.00000000.sdmp
Source: C:\Users\user\Desktop\doh.exeCode function: 4x nop then cmp rdx, 40h0_2_00ECB340
Source: C:\Users\user\Desktop\doh.exeCode function: 4x nop then cmp rsi, 40h0_2_00ED3100
Source: C:\Users\user\Desktop\doh.exeCode function: 4x nop then lock or byte ptr [rdx], r8L0_2_00ECB6C0
Source: C:\Users\user\Desktop\doh.exeCode function: 4x nop then shr r10, 0Dh0_2_00ED5B40
Source: C:\Users\user\Desktop\doh.exeCode function: 4x nop then shr rdi, 0Dh0_2_00ED4DE0
Source: doh.exe, 00000000.00000002.1428052382.000000C002400000.00000004.00001000.00020000.00000000.sdmp, doh.exe, 00000000.00000002.1426833845.000000C001400000.00000004.00001000.00020000.00000000.sdmp, doh.exe, 00000000.00000002.1422722414.0000000070739000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://.css
Source: doh.exe, 00000000.00000002.1428052382.000000C002400000.00000004.00001000.00020000.00000000.sdmp, doh.exe, 00000000.00000002.1426833845.000000C001400000.00000004.00001000.00020000.00000000.sdmp, doh.exe, 00000000.00000002.1422722414.0000000070739000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://.jpg
Source: doh.exe, 00000000.00000002.1428052382.000000C002400000.00000004.00001000.00020000.00000000.sdmp, doh.exe, 00000000.00000002.1426833845.000000C001400000.00000004.00001000.00020000.00000000.sdmp, doh.exe, 00000000.00000002.1422722414.0000000070739000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://html4/loose.dtd
Source: doh.exe, 00000000.00000002.1428052382.000000C002400000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: Unknown profilejstmpllitinterpinvalid pointerPKCS1WithSHA256PKCS1WithSHA384PKCS1WithSHA512ClientAuthType(unknown versionrecord overflowbad certificate#multipartfilesAccept-Language()<>@,;:\"/[]?=tarinsecurepathzipinsecurepathreflectlite.Set (no semicolon)ExcludeClipRectGetEnhMetaFileWGetTextMetricsWPlayEnhMetaFileGdiplusShutdownGetThreadLocaleOleUninitializewglGetCurrentDCDragAcceptFilesCallWindowProcWCreatePopupMenuCreateWindowExWDialogBoxParamWGetActiveWindowGetDpiForWindowGetRawInputDataInsertMenuItemWIsWindowEnabledPostQuitMessageSetActiveWindowSetWinEventHookTrackMouseEventWindowFromPointDrawThemeTextExwinpty_set_size--- contention:not enough data# Lookups = %dmemstr_1e648042-2
Source: C:\Users\user\Desktop\doh.exeMemory allocated: 70240000 page read and writeJump to behavior
Source: C:\Users\user\Desktop\doh.exeMemory allocated: 70240000 page read and writeJump to behavior
Source: C:\Users\user\Desktop\doh.exeMemory allocated: 70241000 page read and writeJump to behavior
Source: C:\Users\user\Desktop\doh.exeMemory allocated: 70739000 page read and writeJump to behavior
Source: C:\Users\user\Desktop\doh.exeMemory allocated: 707D6000 page read and writeJump to behavior
Source: C:\Users\user\Desktop\doh.exeMemory allocated: 70D08000 page read and writeJump to behavior
Source: C:\Users\user\Desktop\doh.exeMemory allocated: 70D22000 page read and writeJump to behavior
Source: C:\Users\user\Desktop\doh.exeMemory allocated: 70D89000 page read and writeJump to behavior
Source: C:\Users\user\Desktop\doh.exeMemory allocated: 70D8A000 page read and writeJump to behavior
Source: C:\Users\user\Desktop\doh.exeCode function: 0_2_00EEB980 NtWaitForSingleObject,0_2_00EEB980
Source: C:\Users\user\Desktop\doh.exeCode function: 0_2_00EDAD20 RtlAddVectoredContinueHandler,NtWaitForSingleObject,RtlGetCurrentPeb,RtlGetNtVersionNumbers,timeBeginPeriod,timeEndPeriod,WSAGetOverlappedResult,0_2_00EDAD20
Source: C:\Users\user\Desktop\doh.exeCode function: 0_2_00F04940 NtWaitForSingleObject,0_2_00F04940
Source: C:\Users\user\Desktop\doh.exeCode function: 0_2_00EE2B60 NtWaitForSingleObject,0_2_00EE2B60
Source: C:\Users\user\Desktop\doh.exeCode function: 0_2_00EE2C40 NtWaitForSingleObject,0_2_00EE2C40
Source: C:\Users\user\Desktop\doh.exeCode function: 0_2_00EE2D20 NtWaitForSingleObject,0_2_00EE2D20
Source: C:\Users\user\Desktop\doh.exeCode function: 0_2_00EE2E00 NtWaitForSingleObject,0_2_00EE2E00
Source: C:\Users\user\Desktop\doh.exeCode function: 0_2_00EE03600_2_00EE0360
Source: C:\Users\user\Desktop\doh.exeCode function: 0_2_00EEB4E00_2_00EEB4E0
Source: C:\Users\user\Desktop\doh.exeCode function: 0_2_00ED25E00_2_00ED25E0
Source: C:\Users\user\Desktop\doh.exeCode function: 0_2_00EBB5A00_2_00EBB5A0
Source: C:\Users\user\Desktop\doh.exeCode function: 0_2_00EE56800_2_00EE5680
Source: C:\Users\user\Desktop\doh.exeCode function: 0_2_00ECF7E00_2_00ECF7E0
Source: C:\Users\user\Desktop\doh.exeCode function: 0_2_00EDD7200_2_00EDD720
Source: C:\Users\user\Desktop\doh.exeCode function: 0_2_00ED19400_2_00ED1940
Source: C:\Users\user\Desktop\doh.exeCode function: 0_2_00EBBFE00_2_00EBBFE0
Source: C:\Users\user\Desktop\doh.exeCode function: 0_2_00EE30200_2_00EE3020
Source: C:\Users\user\Desktop\doh.exeCode function: 0_2_00EF21600_2_00EF2160
Source: C:\Users\user\Desktop\doh.exeCode function: 0_2_00EC61000_2_00EC6100
Source: C:\Users\user\Desktop\doh.exeCode function: 0_2_00ED52A00_2_00ED52A0
Source: C:\Users\user\Desktop\doh.exeCode function: 0_2_00EF23600_2_00EF2360
Source: C:\Users\user\Desktop\doh.exeCode function: 0_2_00F193600_2_00F19360
Source: C:\Users\user\Desktop\doh.exeCode function: 0_2_00EF33200_2_00EF3320
Source: C:\Users\user\Desktop\doh.exeCode function: 0_2_00F1C3200_2_00F1C320
Source: C:\Users\user\Desktop\doh.exeCode function: 0_2_00EB94C00_2_00EB94C0
Source: C:\Users\user\Desktop\doh.exeCode function: 0_2_00EF84000_2_00EF8400
Source: C:\Users\user\Desktop\doh.exeCode function: 0_2_00EC95600_2_00EC9560
Source: C:\Users\user\Desktop\doh.exeCode function: 0_2_00EC66A00_2_00EC66A0
Source: C:\Users\user\Desktop\doh.exeCode function: 0_2_00EE09600_2_00EE0960
Source: C:\Users\user\Desktop\doh.exeCode function: 0_2_00ECB9200_2_00ECB920
Source: C:\Users\user\Desktop\doh.exeCode function: 0_2_00EBCAE00_2_00EBCAE0
Source: C:\Users\user\Desktop\doh.exeCode function: 0_2_00EF4A800_2_00EF4A80
Source: C:\Users\user\Desktop\doh.exeCode function: 0_2_00EC6A400_2_00EC6A40
Source: C:\Users\user\Desktop\doh.exeCode function: 0_2_00EEFA000_2_00EEFA00
Source: C:\Users\user\Desktop\doh.exeCode function: 0_2_00ECCBA00_2_00ECCBA0
Source: C:\Users\user\Desktop\doh.exeCode function: 0_2_00F19B800_2_00F19B80
Source: C:\Users\user\Desktop\doh.exeCode function: 0_2_00ED5B400_2_00ED5B40
Source: C:\Users\user\Desktop\doh.exeCode function: 0_2_00EC2B200_2_00EC2B20
Source: C:\Users\user\Desktop\doh.exeCode function: 0_2_00EE6CE00_2_00EE6CE0
Source: C:\Users\user\Desktop\doh.exeCode function: 0_2_00ED4DE00_2_00ED4DE0
Source: C:\Users\user\Desktop\doh.exeCode function: 0_2_00ED6EA00_2_00ED6EA0
Source: C:\Users\user\Desktop\doh.exeCode function: 0_2_00F1DF600_2_00F1DF60
Source: C:\Users\user\Desktop\doh.exeCode function: 0_2_00EFFF490_2_00EFFF49
Source: C:\Users\user\Desktop\doh.exeCode function: 0_2_00EE5F200_2_00EE5F20
Source: C:\Users\user\Desktop\doh.exeCode function: String function: 00EF2BC0 appears 37 times
Source: C:\Users\user\Desktop\doh.exeCode function: String function: 00EDF960 appears 559 times
Source: doh.exeStatic PE information: Number of sections : 11 > 10
Source: classification engineClassification label: mal48.evad.winEXE@1/0@0/0
Source: C:\Users\user\Desktop\doh.exeFile opened: C:\Windows\system32\bfe5b127a392ee8659a0da15b00cb476da912ebb7b9e4dfc02e624962f2d6a33AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJump to behavior
Source: C:\Users\user\Desktop\doh.exeFile opened: C:\Windows\system32\30df48909b8b2aefec23f959a751b3a7ef86a70ea17a5573012cfeaa54d04442AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJump to behavior
Source: doh.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\doh.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Users\user\Desktop\doh.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\doh.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\doh.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\Desktop\doh.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Users\user\Desktop\doh.exeSection loaded: umpdc.dllJump to behavior
Source: doh.exeStatic file information: File size 5848064 > 1048576
Source: doh.exeStatic PE information: Raw size of .data is bigger than: 0x100000 < 0x453800
Source: doh.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: %+vint8uintfuncpartcallkind != eEpPAhomChamKawiLisuMiaoModiNewaThaiToto3125AtoicorscomplivewormOSS or .apk.hqx.cpt.doc.ogg.pdf.rtf.mif.xls.ppt.odc.odb.odf.odg.otg.odi.odp.otp.ods.ots.odt.odm.ott.oth.sxw.stw.sxc.stc.sxd.std.sxi.sti.sxg.sxm.sis.bz2.vcd.pgn.csh.dvi.spl.hdf.jar.ksp.kil.rpm.swf.sit.tar.tcl.tex.man.src.zip.m3u.wav.wma.wax.pdb.xyz.bmp.gif.ief.png.ras.pnm.pbm.pgm.ppm.rgb.xbm.xpm.xwd.css.rtx.tsv.jad.wml.etx.mxu.flv.wmv.wmx.wvx.avi.ice.3gp.aif.asc.bin.cdf.cgm.dcr.dif.dir.djv.dll.dmg.dms.dtd.dxr.eps.exe.htm.ico.ics.ifb.igs.jp2.jpe.jpg.kar.lha.lzh.m4a.m4p.m4u.m4v.mac.mid.mov.mp2.mp3.mp4.mpe.mpg.msh.oda.ogv.pct.pic.pnt.qti.ram.rdf.sgm.skd.skm.skp.skt.smi.snd.svg.tif.txt.wrl.xht.xml.xsl.xul.323.aab.aam.aas.acx.als.amc.ani.asd.asf.asn.asp.asr.asx.avb.awb.axs.bas.bld.bpk.cal.cat.ccn.cco.cer.cgi.clp.cmx.cod.cpp.crd.crl.crt.csm.cur.dcm.dcx.der.dot.dwf.dwg.dxf.ebk.emb.eri.esl.etc.evm.evy.fh4.fh5.fhc.fif.flr.fpx.fvi.gau.gca.gdb.gps.hdm.hlp.hta.htc.hts.htt.ifm.ifs.iii.imy.ins.ips.ipx.isp.itz.ivr.j2k.jam.jpz.jwc.kjx.lak.lcc.lcl.lcr.lgh.lml.log.lsf.lsx.m13.m14.m15.m4b.ma1.ma2.ma3.ma5.map.mbd.mct.mdb.mdz.mel.mht.mil.mio.mmf.mng.mny.moc.mod.mof.mol.mop.mpa.mpc.mpn.mpp.mps.mrl.mrm.msg.mts.mtx.mtz.mvb.mzv.nar.ndb.nif.nmz.npx.nva.nws.oom.p10.p12.p7b.p7c.p7m.p7r.p7s.pac.pae.pan.pcx.pda.pfr.pfx.pko.pma.pmc.pmd.pml.pmr.pmw.pnz.pps.pqf.pqi.prc.prf.pub.pvx.qcp.r3t.rar.rlf.rmf.rmi.rmm.rnx.rte.rtg.rwc.s3m.s3z.sca.scd.sct.sdf.sea.shw.si6.si7.si9.slc.smd.smp.smz.spc.spr.sdp.spt.sst.stk.stl.stm.svf.svh.svr.tad.taz.tbp.tbt.tgz.thm.tki.toc.toy.trk.trm.tsi.tsp.ttf.ttz.uls.ult.uue.vcf.vdo.vib.viv.vmd.vmf.vmi.vms.vox.vqe.vqf.vql.vre.vrt.vrw.vts.wcm.wdb.web.wis.wks.wmd.wmf.wmz.wps.wpt.wri.wrz.wsc.wxl.xaf.xar.xdm.xdw.xla.xlc.xll.xlm.xlt.xlw.xmz.xof.xpi.yz1.zacIHDRPLTEtRNSIDATIENDhtmllangnamesize.com.bat.cmdbitsNameType source: doh.exe, 00000000.00000002.1428052382.000000C002400000.00000004.00001000.00020000.00000000.sdmp, doh.exe, 00000000.00000002.1422770683.00000000707D6000.00000002.00001000.00020000.00000000.sdmp, doh.exe, 00000000.00000002.1426833845.000000C001400000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\rprichard\proj\winpty\src\Release\x64\winpty.pdb source: doh.exe, 00000000.00000002.1428052382.000000C0028DB000.00000004.00001000.00020000.00000000.sdmp, doh.exe, 00000000.00000002.1422770683.000000007096D000.00000002.00001000.00020000.00000000.sdmp
Source: Binary string: C:\rprichard\proj\winpty\src\Release\x64\winpty-agent.pdb source: doh.exe, 00000000.00000002.1426833845.000000C0019F4000.00000004.00001000.00020000.00000000.sdmp, doh.exe, 00000000.00000002.1422770683.0000000070A19000.00000002.00001000.00020000.00000000.sdmp, doh.exe, 00000000.00000002.1426315222.000000C0011F4000.00000004.00001000.00020000.00000000.sdmp
Source: doh.exeStatic PE information: real checksum: 0x59bc81 should be: 0x59c486
Source: doh.exeStatic PE information: section name: .xdata
Source: C:\Users\user\Desktop\doh.exeCode function: 0_2_0149C54C push rbp; retf 0_2_0149C54F
Source: C:\Users\user\Desktop\doh.exeCode function: 0_2_0149C5AC push rsi; retf 0_2_0149C5B7
Source: C:\Users\user\Desktop\doh.exeCode function: 0_2_0149C5A4 push rbp; retf 0_2_0149C5A7
Source: C:\Users\user\Desktop\doh.exeCode function: 0_2_0149C434 push rbp; retf 0_2_0149C437
Source: C:\Users\user\Desktop\doh.exeCode function: 0_2_0149C4FC push rsi; retf 0_2_0149C507
Source: C:\Users\user\Desktop\doh.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\doh.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\doh.exeCode function: 0_2_00F02C80 rdtscp0_2_00F02C80
Source: C:\Users\user\Desktop\doh.exeSystem information queried: CurrentTimeZoneInformationJump to behavior
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: doh.exe, 00000000.00000002.1428052382.000000C002400000.00000004.00001000.00020000.00000000.sdmp, doh.exe, 00000000.00000002.1422770683.00000000707D6000.00000002.00001000.00020000.00000000.sdmp, doh.exe, 00000000.00000002.1426833845.000000C001400000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: qemu5kfDdc
Source: doh.exe, 00000000.00000002.1426833845.000000C001400000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: short buffermultipathtcp127.0.0.1:53no such hostCIDR addressunknown portinvalid portgetaddrinfowtransmitfileimage/x-iconContent-TypeCookie.Valuecontent-typemax-forwardshttp2debug=1http2debug=2out of range100-continuerecv_goaway_Multi-StatusNot ModifiedUnauthorizedI'm a teapotNot ExtendedproxyconnectPUSH_PROMISECONTINUATIONsweepWaiterstraceStringsspanSetSpinemspanSpecialgcBitsArenasmheapSpecialgcpacertracemadvdontneedharddecommitdumping heapchan receivelfstack.pushbad flushGenbad g0 stackself-preemptbad recoverybad g statusentersyscallcas64 failedabi mismatchreflect.Copyinvalid slothost is downillegal seeknot pollableGetConsoleCPCypro_MinoanMeetei_MayekPahawh_HmongSora_SompengSyloti_NagrisendLoop: %vrecvLoop: %vdial tls: %v152587890625762939453125udfImageDesccallback-vaross-cloudboxHeader info:oss-go-temp-%s://%s%s?%saudio/x-aiffaudio/amr-wbimage/x-calsaudio/melodyaudio/x-epactext/x-vcardGetDC failedwinpty/%s/%sthreadcreateRCodeSuccessRCodeRefusedremote errorc hs traffics hs trafficc ap traffics ap trafficclose notifyMime-VersionX-ImforwardsX-Powered-ByContent Typerandautoseed (sensitive)bad KDF ID: ECH requiredKernel32.dllDeleteObjectSelectObjectGlobalUnlockCreateThreadQueueUserAPC> but have <services.exeCustomSourcecomctl32.dllcomdlg32.dllChooseColorWCreateBitmapExtCreatePenGetTextColorSetTextColorGradientFillSetLastErroroleaut32.dllSysStringLenopengl32.dllPdhOpenQueryExtractIconWEnableWindowGetCursorPosPeekMessageWPostMessageWRedrawWindowSendMessageWSetCursorPosSetWindowPosUpdateWindowWindowFromDCwinspool.drvwinpty_spawnDuration: %vtcmalloc::.*InstAltMatchunexpected )altmatch -> anynotnl -> ECDSA-SHA256ECDSA-SHA384ECDSA-SHA512invalid basecaller errorAMDisbetter!AuthenticAMDCentaurHaulsGenuineIntelTransmetaCPUGenuineTMx86Geode by NSCVIA VIA VIA KVMKVMKVMKVMMicrosoft HvVMwareVMwareXenVMMXenVMMbhyve bhyve HygonGenuineVortex86 SoCSiS SiS SiS RiseRiseRiseGenuine RDCavx5124fmapsavx512bitalguncompressedeccsi_sha256SERIALNUMBERwindows_amd64[kworker/0:2]FindFirstFileDeleteServiceRegEnumKeyExWRegOpenKeyExWStartServiceWCertOpenStoreFindNextFileWFindResourceWGetDriveTypeWMapViewOfFileModule32NextWThread32FirstVirtualUnlockWriteConsoleWRtlGetVersionRtlInitStringCoTaskMemFreeEnumProcessesShellExecuteWExitWindowsExGetClassNameWtimeEndPeriodFreeAddrInfoWgethostbynamegetservbynameWTSFreeMemoryparsing time out of range in duration mysql_close1Authorizationmux: Pack errlame referralAccept-RangesIf-None-MatchLast-Modified[FrameHeader invalid base accept-rangesauthorizationcache-controlcontent-rangeif-none-matchlast-modifiedCache-ControlFQDN too longsocks connectReset ContentLoop DetectedSTREAM_CLOSEDCONNECT_ERRORWINDOW_UPDATEprofMemActiveprofMemFuturetraceStackTabGC sweep waitout of memory is nil, not value method bad map state, not pointerdouble unlockmin too largeload64 failedxadd64 failedxchg64 failednil stackbasedalTLDpSugct?level 3 resetsrmount errortimer expiredexchange fullGetTempPath2WRegDeleteKeyWRegEnumValueWGunjala_GondiMasaram_GondiMende_KikakuiOld_
Source: doh.exeBinary or memory string: QEMUJG
Source: doh.exe, 00000000.00000002.1432507597.00000221E1618000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Users\user\Desktop\doh.exeProcess information queried: ProcessInformationJump to behavior

Anti Debugging

barindex
Source: C:\Users\user\Desktop\doh.exeCode function: 0_2_00F02C80 Start: 00F02C89 End: 00F02C9F0_2_00F02C80
Source: C:\Users\user\Desktop\doh.exeCode function: 0_2_00F02C80 rdtscp0_2_00F02C80
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Users\user\Desktop\doh.exeCode function: 0_2_00EB1180 Sleep,Sleep,SetUnhandledExceptionFilter,malloc,strlen,malloc,memcpy,_cexit,_initterm,GetStartupInfoA,0_2_00EB1180
Source: C:\Users\user\Desktop\doh.exeCode function: 0_2_0149C54C SetUnhandledExceptionFilter,0_2_0149C54C
Source: C:\Users\user\Desktop\doh.exeCode function: 0_2_00F426B0 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,0_2_00F426B0

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
DLL Side-Loading		1
DLL Side-Loading		1
Deobfuscate/Decode Files or Information		11
Input Capture		11
System Time Discovery		Remote Services11
Input Capture		1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
DLL Side-Loading		LSASS Memory11
Security Software Discovery		Remote Desktop Protocol1
Archive Collected Data		Junk DataExfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)3
Obfuscated Files or Information		Security Account Manager1
Process Discovery		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDS2
System Information Discovery		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1470764 Sample: doh.exe Startdate: 10/07/2024 Architecture: WINDOWS Score: 48 8 AI detected suspicious sample 2->8 5 doh.exe 2->5         started        process3 signatures4 10 Potentially malicious time measurement code found 5->10

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://html4/loose.dtd0%Avira URL Cloudsafe
http://.jpg0%Avira URL Cloudsafe
http://.css0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

No contacted domains info
NameSourceMaliciousAntivirus DetectionReputation
http://html4/loose.dtddoh.exe, 00000000.00000002.1428052382.000000C002400000.00000004.00001000.00020000.00000000.sdmp, doh.exe, 00000000.00000002.1426833845.000000C001400000.00000004.00001000.00020000.00000000.sdmp, doh.exe, 00000000.00000002.1422722414.0000000070739000.00000004.00001000.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://.cssdoh.exe, 00000000.00000002.1428052382.000000C002400000.00000004.00001000.00020000.00000000.sdmp, doh.exe, 00000000.00000002.1426833845.000000C001400000.00000004.00001000.00020000.00000000.sdmp, doh.exe, 00000000.00000002.1422722414.0000000070739000.00000004.00001000.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://.jpgdoh.exe, 00000000.00000002.1428052382.000000C002400000.00000004.00001000.00020000.00000000.sdmp, doh.exe, 00000000.00000002.1426833845.000000C001400000.00000004.00001000.00020000.00000000.sdmp, doh.exe, 00000000.00000002.1422722414.0000000070739000.00000004.00001000.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown

World Map of Contacted IPs

No contacted IP infos

General Information

Joe Sandbox version:40.0.0 Tourmaline
Analysis ID:1470764
Start date and time:2024-07-10 14:04:18 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 3m 10s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:default.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:2
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Sample name:doh.exe
Detection:MAL
Classification:mal48.evad.winEXE@1/0@0/0
EGA Information:Failed
HCA Information:
  • Successful, ratio: 94%
  • Number of executed functions: 13
  • Number of non-executed functions: 41
Cookbook Comments:
  • Found application associated with file extension: .exe
  • Stop behavior analysis, all processes terminated
  • Exclude process from analysis (whitelisted): dllhost.exe
  • VT rate limit hit for: doh.exe

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASNs

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

No created / dropped files found

Static File Info

General

File type:PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
Entropy (8bit):7.776381138028892
TrID:
  • Win64 Executable (generic) (12005/4) 74.95%
  • Generic Win/DOS Executable (2004/3) 12.51%
  • DOS Executable Generic (2002/1) 12.50%
  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.04%
File name:doh.exe
File size:5'848'064 bytes
MD5:820562b1432bd540f32b277ce5e6f749
SHA1:5ae67a12dcefb1d99ede4c5072fde0446afdd0ef
SHA256:4b8235e2898b9c65dd767b1d8bd3ffd20bab614c5eadcf586fc8f28593793f5c
SHA512:669a3a6728241f4d3da16c65944038d30d2360507264964d854a977cf220370ab434196fc5b53705362793273cec52e4e4fbd112b273b17695c7117c0e7c6ad8
SSDEEP:98304:6gcKKE5jT3QDvt9yU/Za3GeZ+jEMy6GYmX7WUK87JJSpPAwXeARo8:tcbVgU/Z/3TGX7WbYJSpPAieARB
TLSH:2546010BBCA154BAC4AB923189739092BA31BC441F3613D73A54B77C2F73BD0AAB5754
File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d........................0...8Y...............@..............................0_.......Y...`... ............................

File Icon

Icon Hash:00928e8e8686b000

Static PE Info

General

Entrypoint:0x4014b0
Entrypoint Section:.text
Digitally signed:false
Imagebase:0x400000
Subsystem:windows gui
Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, DEBUG_STRIPPED
DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:0x0 [Thu Jan 1 00:00:00 1970 UTC]
TLS Callbacks:0x4928c0
CLR (.Net) Version:
OS Version Major:6
OS Version Minor:1
File Version Major:6
File Version Minor:1
Subsystem Version Major:6
Subsystem Version Minor:1
Import Hash:ec67d1984e18f70d6dc08fc76cfdd87b
Instruction
dec eax
sub esp, 28h
dec eax
mov eax, dword ptr [0058A1E5h]
mov dword ptr [eax], 00000001h
call 00007FB4C475A4DFh
call 00007FB4C46C8FAAh
nop
nop
dec eax
add esp, 28h
ret
nop dword ptr [eax+00h]
nop word ptr [eax+eax+00000000h]
dec eax
sub esp, 28h
dec eax
mov eax, dword ptr [0058A1B5h]
mov dword ptr [eax], 00000000h
call 00007FB4C475A4AFh
call 00007FB4C46C8F7Ah
nop
nop
dec eax
add esp, 28h
ret
nop dword ptr [eax+00h]
nop word ptr [eax+eax+00000000h]
dec eax
sub esp, 28h
call 00007FB4C475BB44h
dec eax
test eax, eax
sete al
movzx eax, al
neg eax
dec eax
add esp, 28h
ret
nop
nop
nop
nop
nop
nop
nop
push ebp
dec eax
mov ebp, esp
dec eax
lea ecx, dword ptr [00000015h]
pop ebp
jmp 00007FB4C46C92C4h
nop dword ptr [eax+eax+00h]
nop word ptr [eax+eax+00000000h]
push ebp
dec eax
mov ebp, esp
pop ebp
ret
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
push ebp
dec eax
mov ebp, esp
dec eax
sub esp, 10h
dec eax
mov ecx, dword ptr [004E0299h]
dec eax
mov edx, dword ptr [004E028Ah]
dec eax
NameVirtual AddressVirtual Size Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT0x5eb0000x4e.edata
IMAGE_DIRECTORY_ENTRY_IMPORT0x5ec0000xfd8.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
IMAGE_DIRECTORY_ENTRY_EXCEPTION0x58c0000x4704.pdata
IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
IMAGE_DIRECTORY_ENTRY_BASERELOC0x5ef0000x325c.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
IMAGE_DIRECTORY_ENTRY_TLS0x58b2a00x28.rdata
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
IMAGE_DIRECTORY_ENTRY_IAT0x5ec39c0x360.idata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

Sections

NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
.text0x10000x92ee00x93000542ffaba4424b92742ef3acd63a772a9False0.48666527157738093data6.251008728534987IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.data0x940000x4536c00x453800872ad2830d1a570d0b2ece72bfb9fdb1unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rdata0x4e80000xa39700xa3a009b8c38e0a05c27c34957cbdc6f34ebddFalse0.4243026045645531data5.125795048733227IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ
.pdata0x58c0000x47040x4800ce5e7c400e0929867cc5468688be6a03False0.4082573784722222data5.270575296968496IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ
.xdata0x5910000x3c00x4001dc72708017e76cf308559596387d7bbFalse0.3876953125data3.9223394959149416IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ
.bss0x5920000x585f80x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.edata0x5eb0000x4e0x2003efc12982eebe56e22c988e88ae78d15False0.1328125data0.8426867641107897IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ
.idata0x5ec0000xfd80x1000e5870cefdb53eb24b8f5c5f4e13bb3d1False0.33056640625data4.483753026522213IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.CRT0x5ed0000x680x2000155e5f9f54e046ff2dd522a20f338cbFalse0.07421875data0.2804011676589459IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.tls0x5ee0000x100x200bf619eac0cdf3f68d496ea9344137e8bFalse0.02734375data0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.reloc0x5ef0000x325c0x3400f5677e254b04e2c74e41f170d67b5e3dFalse0.3679387019230769data5.391388821727677IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
DLLImport
KERNEL32.dllAddVectoredExceptionHandler, CloseHandle, CreateEventA, CreateFileA, CreateIoCompletionPort, CreateThread, CreateWaitableTimerExW, DeleteCriticalSection, DuplicateHandle, EnterCriticalSection, ExitProcess, FreeEnvironmentStringsW, FreeLibrary, GetConsoleMode, GetCurrentProcess, GetCurrentProcessId, GetCurrentThreadId, GetEnvironmentStringsW, GetErrorMode, GetLastError, GetProcAddress, GetProcessAffinityMask, GetProcessHeap, GetQueuedCompletionStatusEx, GetStartupInfoA, GetStdHandle, GetSystemDirectoryA, GetSystemInfo, GetSystemTimeAsFileTime, GetThreadContext, GetThreadLocale, GetTickCount, HeapAlloc, HeapFree, InitializeCriticalSection, IsBadReadPtr, LeaveCriticalSection, LoadLibraryA, LoadLibraryExW, LoadLibraryW, PostQueuedCompletionStatus, QueryPerformanceCounter, RaiseFailFastException, ResumeThread, RtlAddFunctionTable, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, SetConsoleCtrlHandler, SetErrorMode, SetEvent, SetLastError, SetProcessPriorityBoost, SetThreadContext, SetUnhandledExceptionFilter, SetWaitableTimer, Sleep, SuspendThread, SwitchToThread, TerminateProcess, TlsAlloc, TlsGetValue, UnhandledExceptionFilter, VirtualAlloc, VirtualFree, VirtualProtect, VirtualQuery, WaitForMultipleObjects, WaitForSingleObject, WerGetFlags, WerSetFlags, WriteConsoleW, WriteFile, __C_specific_handler, lstrlenA
msvcrt.dll__getmainargs, __initenv, __iob_func, __lconv_init, __set_app_type, __setusermatherr, _acmdln, _amsg_exit, _beginthread, _cexit, _errno, _fmode, _initterm, _onexit, _stricmp, abort, calloc, exit, fprintf, free, fwrite, malloc, memcpy, memset, realloc, signal, strlen, strncmp, strtol, vfprintf, wcstombs
NameOrdinalAddress
_cgo_dummy_export10x9ea5d0

Network Behavior

No network behavior found

Statistics

CPU Usage

0246810s020406080100

Click to jump to process

Memory Usage

0246810s0.0020406080MB

Click to jump to process

System Behavior

General

Target ID:0
Start time:08:05:16
Start date:10/07/2024
Path:C:\Users\user\Desktop\doh.exe
Wow64 process (32bit):false
Commandline:"C:\Users\user\Desktop\doh.exe"
Imagebase:0xeb0000
File size:5'848'064 bytes
MD5 hash:820562B1432BD540F32B277CE5E6F749
Has elevated privileges:true
Has administrator privileges:true
Programmed in:Go lang
Reputation:low
Has exited:true
Show Windows behavior

File Activities

Show Windows behavior

Section Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
Show Windows behavior

Process Activities

Show Windows behavior

Thread Activities

Show Windows behavior

Memory Activities

Show Windows behavior

System Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Disassembly

Executed Functions

Strings
  • WSAGetOv, xrefs: 00EDB1CE
  • stemFunc, xrefs: 00EDAE6F
  • Numbers, xrefs: 00EDB018
  • tion036, xrefs: 00EDAE81
  • timeEndP, xrefs: 00EDB10F
  • eObject, xrefs: 00EDAF43
  • timeBegi, xrefs: 00EDB0BC
  • advapi32.dll not foundduplicated defer entryruntime.main not on m0set_crosscall2 missingbad g->status in readywirep: invalid p stateassembly checks failedstack not a power of 2minpc or maxpc invalidcompileCallback: type trace: alloc too largeunexpected length , xrefs: 00EDB2F8
  • ws2_32.dll, xrefs: 00EDB186
  • dResult, xrefs: 00EDB1F2
  • NtWaitFo, xrefs: 00EDAF1F
  • timeBegin/EndPeriod not foundruntime: sudog with non-nil cgfput: bad status (not Gdead)LockOSThread nesting overflowsemacquire not on the G stackruntime: split stack overflowstring concatenation too longinvalid function symbol tableinvalid length of trace even, xrefs: 00EDB2C5
  • redConti, xrefs: 00EDADA0
  • ForSingl, xrefs: 00EDAF31
  • verlappe, xrefs: 00EDB1E0
  • dPeriod, xrefs: 00EDB11E
  • ntdll.dll, xrefs: 00EDAED2
  • rentPeb, xrefs: 00EDAFAB
  • SystemFu, xrefs: 00EDAE5D
  • WSAGetOverlappedResult not found_cgo_pthread_key_created missingruntime: sudog with non-nil elemruntime: sudog with non-nil nextruntime: sudog with non-nil prevruntime: mcall function returnedruntime: stack split at bad timeruntime.semasleep wait_abandonedbufi, xrefs: 00EDB2A1
  • tVersion, xrefs: 00EDB006
  • nPeriod, xrefs: 00EDB0CB
  • winmm.dll, xrefs: 00EDB06F
  • ws2_32.dll not foundforcegc: phase errorgopark: bad g statusgo of nil func valuewirep: already in gosemaRoot rotateRightreflect.makeFuncStubdodeltimer0: wrong Ptrace: out of memory37252902984619140625GetAdaptersAddressesGetProcessMemoryInfolink has been severe, xrefs: 00EDB2B2
  • RtlGetCu, xrefs: 00EDAF8D
  • ine_get_, xrefs: 00EDB254
  • Handler, xrefs: 00EDADC4
  • Continue, xrefs: 00EDADB2
  • RtlGetNt, xrefs: 00EDAFF4
  • AddVecto, xrefs: 00EDAD8E
  • version, xrefs: 00EDB263
  • wine_get, xrefs: 00EDB245
  • kernel32.dll not foundadvapi32.dll not foundduplicated defer entryruntime.main not on m0set_crosscall2 missingbad g->status in readywirep: invalid p stateassembly checks failedstack not a power of 2minpc or maxpc invalidcompileCallback: type trace: alloc too l, xrefs: 00EDB309
  • kernel32.dll, xrefs: 00EDAD3A
  • tlGetCur, xrefs: 00EDAF9C
  • advapi32.dll, xrefs: 00EDAE15
Memory Dump Source
  • Source File: 00000000.00000002.1421785188.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true
  • Associated: 00000000.00000002.1421765370.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1421854834.0000000000F44000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1421873470.0000000000F46000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422159841.0000000001391000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422187173.0000000001395000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422208187.0000000001396000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422228822.0000000001398000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001442000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001467000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.000000000146E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001495000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422378893.000000000149C000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422399205.000000000149F000.00000002.00000001.01000000.00000003.sdmpDownload File
Similarity
  • API ID:
  • String ID: AddVecto$Continue$ForSingl$Handler$NtWaitFo$Numbers$RtlGetCu$RtlGetNt$SystemFu$WSAGetOv$WSAGetOverlappedResult not found_cgo_pthread_key_created missingruntime: sudog with non-nil elemruntime: sudog with non-nil nextruntime: sudog with non-nil prevruntime: mcall function returnedruntime: stack split at bad timeruntime.semasleep wait_abandonedbufi$advapi32.dll$advapi32.dll not foundduplicated defer entryruntime.main not on m0set_crosscall2 missingbad g->status in readywirep: invalid p stateassembly checks failedstack not a power of 2minpc or maxpc invalidcompileCallback: type trace: alloc too largeunexpected length $dPeriod$dResult$eObject$ine_get_$kernel32.dll$kernel32.dll not foundadvapi32.dll not foundduplicated defer entryruntime.main not on m0set_crosscall2 missingbad g->status in readywirep: invalid p stateassembly checks failedstack not a power of 2minpc or maxpc invalidcompileCallback: type trace: alloc too l$nPeriod$ntdll.dll$redConti$rentPeb$stemFunc$tVersion$timeBegi$timeBegin/EndPeriod not foundruntime: sudog with non-nil cgfput: bad status (not Gdead)LockOSThread nesting overflowsemacquire not on the G stackruntime: split stack overflowstring concatenation too longinvalid function symbol tableinvalid length of trace even$timeEndP$tion036$tlGetCur$verlappe$version$wine_get$winmm.dll$ws2_32.dll$ws2_32.dll not foundforcegc: phase errorgopark: bad g statusgo of nil func valuewirep: already in gosemaRoot rotateRightreflect.makeFuncStubdodeltimer0: wrong Ptrace: out of memory37252902984619140625GetAdaptersAddressesGetProcessMemoryInfolink has been severe
  • API String ID: 0-218474703
  • Opcode ID: 913c136e843ee84deb05efec22d151f9c0a67b9a48adce991fa17f311462e0e0
  • Instruction ID: 846be83be96a6ec60751969da90928b6eae3da7ecb0ae39617f55275f338524a
  • Opcode Fuzzy Hash: 913c136e843ee84deb05efec22d151f9c0a67b9a48adce991fa17f311462e0e0
  • Instruction Fuzzy Hash: 5DE15672208F8581DB20DB11F88479A73A6F789BC4F188136EA9C57BB9EFB9C551C701
Strings
  • sweep increased allocation countremovespecial on invalid pointerWSAGetOverlappedResult not found_cgo_pthread_key_created missingruntime: sudog with non-nil elemruntime: sudog with non-nil nextruntime: sudog with non-nil prevruntime: mcall function returnedrunt, xrefs: 00ED0109
  • swept cached spanmarkBits overflowruntime.newosprocruntime/internal/thread exhaustionlocked m0 woke upentersyscallblockunknown caller pc1192092895507812559604644775390625unknown type kindSystemFunction036RegLoadMUIStringWAsset %s not foundoperation canceledno , xrefs: 00ED00E7
  • sweep: tried to preserve a user arena spanruntime: blocked write on closing polldescacquireSudog: found s.elem != nil in cachefatal error: cgo callback before cgo callon a locked thread with no template threadunexpected signal during runtime execution17347234, xrefs: 00ED00D6
  • mspan.sweep: bad span state after sweepruntime: blocked write on free polldescsuspendG from non-preemptible goroutinestack growth not allowed in system call277555756156289135105907917022705078125address family not supported by protocolinvalid span in heapArena, xrefs: 00ED00F8
  • mspan.sweep: m is not lockedfound pointer to free objectruntime.semasleep unexpectedfatal: morestack on gsignalgcstopm: negative nmspinningfindrunnable: netpoll with psave on system g not allowednewproc1: newg missing stacknewproc1: new g is not GdeadFixedSta, xrefs: 00ED0370
  • mspan.sweep: bad span stateinvalid profile bucket typeruntime: corrupted polldescruntime: netpollinit failedcould not find QPC syscallsruntime: thread ID overflowstopTheWorld: holding locksgcstopm: not waiting for gcinternal lockOSThread errorrunlock of unlock, xrefs: 00ED035F
Memory Dump Source
  • Source File: 00000000.00000002.1421785188.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true
  • Associated: 00000000.00000002.1421765370.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1421854834.0000000000F44000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1421873470.0000000000F46000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422159841.0000000001391000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422187173.0000000001395000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422208187.0000000001396000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422228822.0000000001398000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001442000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001467000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.000000000146E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001495000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422378893.000000000149C000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422399205.000000000149F000.00000002.00000001.01000000.00000003.sdmpDownload File
Similarity
  • API ID:
  • String ID: mspan.sweep: bad span state after sweepruntime: blocked write on free polldescsuspendG from non-preemptible goroutinestack growth not allowed in system call277555756156289135105907917022705078125address family not supported by protocolinvalid span in heapArena$mspan.sweep: bad span stateinvalid profile bucket typeruntime: corrupted polldescruntime: netpollinit failedcould not find QPC syscallsruntime: thread ID overflowstopTheWorld: holding locksgcstopm: not waiting for gcinternal lockOSThread errorrunlock of unlock$mspan.sweep: m is not lockedfound pointer to free objectruntime.semasleep unexpectedfatal: morestack on gsignalgcstopm: negative nmspinningfindrunnable: netpoll with psave on system g not allowednewproc1: newg missing stacknewproc1: new g is not GdeadFixedSta$sweep increased allocation countremovespecial on invalid pointerWSAGetOverlappedResult not found_cgo_pthread_key_created missingruntime: sudog with non-nil elemruntime: sudog with non-nil nextruntime: sudog with non-nil prevruntime: mcall function returnedrunt$sweep: tried to preserve a user arena spanruntime: blocked write on closing polldescacquireSudog: found s.elem != nil in cachefatal error: cgo callback before cgo callon a locked thread with no template threadunexpected signal during runtime execution17347234$swept cached spanmarkBits overflowruntime.newosprocruntime/internal/thread exhaustionlocked m0 woke upentersyscallblockunknown caller pc1192092895507812559604644775390625unknown type kindSystemFunction036RegLoadMUIStringWAsset %s not foundoperation canceledno
  • API String ID: 0-2068919107
  • Opcode ID: 92987210099dd088e9ddde6a8933fdf1ebab8331ff9ea2ca4b4bae3e462fcb0f
  • Instruction ID: 6197766e560a65fb711c6e2c33d095bfb2ac890f21af78f2189800f6d5d5d2ac
  • Opcode Fuzzy Hash: 92987210099dd088e9ddde6a8933fdf1ebab8331ff9ea2ca4b4bae3e462fcb0f
  • Instruction Fuzzy Hash: A252A273608BC486CB21CB25E4507AEBBA1F386B48F486127DB8D23B55DF39C596CB40
Strings
  • malloc during signalclose of nil channelinconsistent lockedmnotetsleep not on g0bad system page sizep mcache not flushedworkbuf is not emptybad use of bucket.mpbad use of bucket.bpruntime: double waitws2_32.dll not foundforcegc: phase errorgopark: bad g status, xrefs: 00EBC7AA
  • delayed zeroing on data that may contain pointerssweeper left outstanding across sweep generationsfully empty unfreed span set block found in resetcasgstatus: waiting for Gwaiting but is Grunnablenot enough significant bits after mult128bitPow10reflect.Value.S, xrefs: 00EBC74F
  • mallocgc called with gcphase == _GCmarkterminationrecursive call during initialization - linker skewattempt to execute system stack code on user stackcompileCallback: function argument frame too largelimiterEvent.stop: invalid limiter event type foundpotential, xrefs: 00EBC7CC
  • malloc deadlockruntime error: scan missed a gmisaligned maskrecovery failedstopm holding pstartm: m has ppreempt SPWRITEmissing mcache?runtimer: bad ptraceback stuck476837158203125invalid argSize<invalid Value>ImpersonateSelfOpenThreadTokenRegCreateKeyExWRegDe, xrefs: 00EBC7BB
  • mallocgc called without a P or outside bootstrappingruntime.SetFinalizer: pointer not in allocated blockspan set block with unpopped elements found in resetcasfrom_Gscanstatus: gp->status is not in scan statecompileCallback: argument size is larger than uintpt, xrefs: 00EBC799
  • !"#$%%&&''((()))*++,,,,,------....//////0001123333333333444444444455666677777888888888889999999999::::::;;;;;;;;;;;;;;;;<<<<<<<<<<<<<<<<=====>>>>>>>>>>>??????????@@@@@@@@@@@@@@@@@@@@@@AAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC, xrefs: 00EBC33A
Memory Dump Source
  • Source File: 00000000.00000002.1421785188.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true
  • Associated: 00000000.00000002.1421765370.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1421854834.0000000000F44000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1421873470.0000000000F46000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422159841.0000000001391000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422187173.0000000001395000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422208187.0000000001396000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422228822.0000000001398000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001442000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001467000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.000000000146E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001495000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422378893.000000000149C000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422399205.000000000149F000.00000002.00000001.01000000.00000003.sdmpDownload File
Similarity
  • API ID:
  • String ID: !"#$%%&&''((()))*++,,,,,------....//////0001123333333333444444444455666677777888888888889999999999::::::;;;;;;;;;;;;;;;;<<<<<<<<<<<<<<<<=====>>>>>>>>>>>??????????@@@@@@@@@@@@@@@@@@@@@@AAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC$delayed zeroing on data that may contain pointerssweeper left outstanding across sweep generationsfully empty unfreed span set block found in resetcasgstatus: waiting for Gwaiting but is Grunnablenot enough significant bits after mult128bitPow10reflect.Value.S$malloc deadlockruntime error: scan missed a gmisaligned maskrecovery failedstopm holding pstartm: m has ppreempt SPWRITEmissing mcache?runtimer: bad ptraceback stuck476837158203125invalid argSize<invalid Value>ImpersonateSelfOpenThreadTokenRegCreateKeyExWRegDe$malloc during signalclose of nil channelinconsistent lockedmnotetsleep not on g0bad system page sizep mcache not flushedworkbuf is not emptybad use of bucket.mpbad use of bucket.bpruntime: double waitws2_32.dll not foundforcegc: phase errorgopark: bad g status$mallocgc called with gcphase == _GCmarkterminationrecursive call during initialization - linker skewattempt to execute system stack code on user stackcompileCallback: function argument frame too largelimiterEvent.stop: invalid limiter event type foundpotential$mallocgc called without a P or outside bootstrappingruntime.SetFinalizer: pointer not in allocated blockspan set block with unpopped elements found in resetcasfrom_Gscanstatus: gp->status is not in scan statecompileCallback: argument size is larger than uintpt
  • API String ID: 0-1964780927
  • Opcode ID: 57a099b91892dbc1d69465c83fa2dae63d81cd4681798234d2ba16ede57f023c
  • Instruction ID: cc1ab43bbb25f80c8a21479681cbd166a46519d3c8dbdaeb1cce7922b06d9cc1
  • Opcode Fuzzy Hash: 57a099b91892dbc1d69465c83fa2dae63d81cd4681798234d2ba16ede57f023c
  • Instruction Fuzzy Hash: 6F22D272608B94C2DB10CB55E4407EBB765F389B98F686122EF9D277A5CB78C980CB40
Strings
  • memory reservation exceeds address space limittried to park scavenger from another goroutinereleased less than one physical page of memorysysGrow bounds not aligned to pallocChunkBytesstopTheWorld: not stopped (status != _Pgcstop)compileCallback: float argumen, xrefs: 00EBBC57
  • out of memory allocating heap arena mapmspan.sweep: bad span state after sweepruntime: blocked write on free polldescsuspendG from non-preemptible goroutinestack growth not allowed in system call277555756156289135105907917022705078125address family not support, xrefs: 00EBB978
  • out of memory allocating heap arena metadatagcmarknewobject called while doing checkmarkactive sweepers found at start of mark phaseno P available, write barriers are forbiddencompileCallback: float results not supportedcannot trace user goroutine on its own s, xrefs: 00EBB956
  • misrounded allocation in sysAllocconcurrent map read and map writeruntime: failed to decommit pagesmin must be a non-zero power of 2stoplockedm: inconsistent lockingfindrunnable: negative nmspinningfreeing stack not in a stack spanstackalloc not on scheduler s, xrefs: 00EBBC46
  • out of memory allocating allArenasruntime.SetFinalizer: cannot pass too many pages allocated in chunk?mspan.ensureSwept: m is not lockedVirtualQuery for stack base failedforEachP: sched.safePointWait != 0schedule: spinning with local workruntime: g is running , xrefs: 00EBB945
  • arena already initializedremaining pointer buffersslice bounds out of range_cgo_thread_start missingallgadd: bad status Gidlestartm: p has runnable gsstoplockedm: not runnablereleasep: invalid p statecheckdead: no p for timercheckdead: no m for timerunknown si, xrefs: 00EBB967
Memory Dump Source
  • Source File: 00000000.00000002.1421785188.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true
  • Associated: 00000000.00000002.1421765370.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1421854834.0000000000F44000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1421873470.0000000000F46000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422159841.0000000001391000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422187173.0000000001395000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422208187.0000000001396000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422228822.0000000001398000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001442000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001467000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.000000000146E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001495000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422378893.000000000149C000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422399205.000000000149F000.00000002.00000001.01000000.00000003.sdmpDownload File
Similarity
  • API ID:
  • String ID: arena already initializedremaining pointer buffersslice bounds out of range_cgo_thread_start missingallgadd: bad status Gidlestartm: p has runnable gsstoplockedm: not runnablereleasep: invalid p statecheckdead: no p for timercheckdead: no m for timerunknown si$memory reservation exceeds address space limittried to park scavenger from another goroutinereleased less than one physical page of memorysysGrow bounds not aligned to pallocChunkBytesstopTheWorld: not stopped (status != _Pgcstop)compileCallback: float argumen$misrounded allocation in sysAllocconcurrent map read and map writeruntime: failed to decommit pagesmin must be a non-zero power of 2stoplockedm: inconsistent lockingfindrunnable: negative nmspinningfreeing stack not in a stack spanstackalloc not on scheduler s$out of memory allocating allArenasruntime.SetFinalizer: cannot pass too many pages allocated in chunk?mspan.ensureSwept: m is not lockedVirtualQuery for stack base failedforEachP: sched.safePointWait != 0schedule: spinning with local workruntime: g is running $out of memory allocating heap arena mapmspan.sweep: bad span state after sweepruntime: blocked write on free polldescsuspendG from non-preemptible goroutinestack growth not allowed in system call277555756156289135105907917022705078125address family not support$out of memory allocating heap arena metadatagcmarknewobject called while doing checkmarkactive sweepers found at start of mark phaseno P available, write barriers are forbiddencompileCallback: float results not supportedcannot trace user goroutine on its own s
  • API String ID: 0-3209660981
  • Opcode ID: c8c2dddd56479f2c234e5f29071f39cc372558673602c938e65a37636fd256f8
  • Instruction ID: 8b84137359859f46f6c112866366aa74c3e31b9cf7ae77135b8644ac6e305aaa
  • Opcode Fuzzy Hash: c8c2dddd56479f2c234e5f29071f39cc372558673602c938e65a37636fd256f8
  • Instruction Fuzzy Hash: E6F18C32608B8482DB60CB52E4507EAB7A4F389B94F449226EFED67799DF7CC544C740
Strings
  • greyobject: obj not pointer-alignedmismatched begin/end of activeSweepmheap.freeSpanLocked - invalid freeattempt to clear non-empty span setruntime: close polldesc w/o unblockfindrunnable: netpoll with spinningpidleput: P has non-empty run queuetraceback did n, xrefs: 00ECB548
  • baseGOGC+Inf-Infcas1cas2cas3cas4cas5cas63125boolint8uintchanfunccallkind<nil>GreekntohsfalseErrorcloseMarchAprilLocal+0530+0430+0545+0630+0330+0845+1030+1245+1345-0930sse41sse42ssse3defersweepschedhchansudoggscanmheaptracepanicsleepgcingusagefault[...]15625781, xrefs: 00ECB4F8
  • objNaN...125625intmapbindtruepipefileJuneJulyEESTSASTAKSTAKDTACSTACDTAESTAEDTAWSTCESTNZSTNZDT on ermssse3avx2bmi1bmi2allgallprootitab is LEAFbaseGOGC+Inf-Infcas1cas2cas3cas4cas5cas63125boolint8uintchanfunccallkind<nil>GreekntohsfalseErrorcloseMarchAprilLocal+0, xrefs: 00ECB50F
Memory Dump Source
  • Source File: 00000000.00000002.1421785188.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true
  • Associated: 00000000.00000002.1421765370.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1421854834.0000000000F44000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1421873470.0000000000F46000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422159841.0000000001391000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422187173.0000000001395000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422208187.0000000001396000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422228822.0000000001398000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001442000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001467000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.000000000146E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001495000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422378893.000000000149C000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422399205.000000000149F000.00000002.00000001.01000000.00000003.sdmpDownload File
Similarity
  • API ID:
  • String ID: baseGOGC+Inf-Infcas1cas2cas3cas4cas5cas63125boolint8uintchanfunccallkind<nil>GreekntohsfalseErrorcloseMarchAprilLocal+0530+0430+0545+0630+0330+0845+1030+1245+1345-0930sse41sse42ssse3defersweepschedhchansudoggscanmheaptracepanicsleepgcingusagefault[...]15625781$greyobject: obj not pointer-alignedmismatched begin/end of activeSweepmheap.freeSpanLocked - invalid freeattempt to clear non-empty span setruntime: close polldesc w/o unblockfindrunnable: netpoll with spinningpidleput: P has non-empty run queuetraceback did n$objNaN...125625intmapbindtruepipefileJuneJulyEESTSASTAKSTAKDTACSTACDTAESTAEDTAWSTCESTNZSTNZDT on ermssse3avx2bmi1bmi2allgallprootitab is LEAFbaseGOGC+Inf-Infcas1cas2cas3cas4cas5cas63125boolint8uintchanfunccallkind<nil>GreekntohsfalseErrorcloseMarchAprilLocal+0
  • API String ID: 0-325794614
  • Opcode ID: 3202f09ea6b328a0ca02c95b2a6f8d30649581a89526ec908a3e62b3a48cc5a3
  • Instruction ID: 68335d6c07d7bf4a6d87c6a969c8d0786739babb5baf9bcf6705286d48cbbdad
  • Opcode Fuzzy Hash: 3202f09ea6b328a0ca02c95b2a6f8d30649581a89526ec908a3e62b3a48cc5a3
  • Instruction Fuzzy Hash: 215113B2708BC482DB158F11E5417ADB765F345BC8F48612AEF9D23B96DB38C2A6C700
Strings
  • Y", xrefs: 00ED2B7E
  • grew heap, but no adequate free space foundroot level max pages doesn't fit in summaryunfinished open-coded defers in deferreturnruntime: releaseSudog with non-nil gp.paramunknown runnable goroutine during bootstrapmethodValueCallFrameObjs is not in a modulemu, xrefs: 00ED2B42
Memory Dump Source
  • Source File: 00000000.00000002.1421785188.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true
  • Associated: 00000000.00000002.1421765370.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1421854834.0000000000F44000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1421873470.0000000000F46000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422159841.0000000001391000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422187173.0000000001395000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422208187.0000000001396000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422228822.0000000001398000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001442000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001467000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.000000000146E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001495000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422378893.000000000149C000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422399205.000000000149F000.00000002.00000001.01000000.00000003.sdmpDownload File
Similarity
  • API ID:
  • String ID: Y"$grew heap, but no adequate free space foundroot level max pages doesn't fit in summaryunfinished open-coded defers in deferreturnruntime: releaseSudog with non-nil gp.paramunknown runnable goroutine during bootstrapmethodValueCallFrameObjs is not in a modulemu
  • API String ID: 0-380874474
  • Opcode ID: 3e051a9eb7fa4417b186eed1cbba2fe479aaa5620b2be0a6306d62043f323a1e
  • Instruction ID: 1fe3e0d9de7f80dd430fccc8eb37aaed5b2115172895c2341ff8e015dbfd3612
  • Opcode Fuzzy Hash: 3e051a9eb7fa4417b186eed1cbba2fe479aaa5620b2be0a6306d62043f323a1e
  • Instruction Fuzzy Hash: E9E17E36209B8485DB208F15F49039BBBA0F795BD0F58A12AEF8D57B69CF38C456CB40
Strings
  • self-preemptbad recoverybad g statusentersyscallcas64 failedabi mismatch152587890625762939453125not pollableRevertToSelfCreateEventWGetConsoleCPUnlockFileExVirtualQueryasset: Asset(level 3 resetsrmount errortimer expiredexchange fullRegEnumKeyExWRegOpenKeyExWC, xrefs: 00EDDB65
  • runtime.preemptM: duplicatehandle failedmust be able to track idle limiter eventruntime: SyscallN has too many arguments13877787807814456755295395851135253906256938893903907228377647697925567626953125ryuFtoaFixed32 called with negative precMapIter.Key called o, xrefs: 00EDDB50
Memory Dump Source
  • Source File: 00000000.00000002.1421785188.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true
  • Associated: 00000000.00000002.1421765370.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1421854834.0000000000F44000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1421873470.0000000000F46000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422159841.0000000001391000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422187173.0000000001395000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422208187.0000000001396000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422228822.0000000001398000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001442000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001467000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.000000000146E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001495000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422378893.000000000149C000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422399205.000000000149F000.00000002.00000001.01000000.00000003.sdmpDownload File
Similarity
  • API ID:
  • String ID: runtime.preemptM: duplicatehandle failedmust be able to track idle limiter eventruntime: SyscallN has too many arguments13877787807814456755295395851135253906256938893903907228377647697925567626953125ryuFtoaFixed32 called with negative precMapIter.Key called o$self-preemptbad recoverybad g statusentersyscallcas64 failedabi mismatch152587890625762939453125not pollableRevertToSelfCreateEventWGetConsoleCPUnlockFileExVirtualQueryasset: Asset(level 3 resetsrmount errortimer expiredexchange fullRegEnumKeyExWRegOpenKeyExWC
  • API String ID: 0-1517450649
  • Opcode ID: 8a41f3642b4193bfb34d1dad707acff748dba033fd775e024aa19778cdea2ac5
  • Instruction ID: 1ac37eeaf8f34f1b6f3aa554f0f4f3a87a754251e9891a460b133b05792b278d
  • Opcode Fuzzy Hash: 8a41f3642b4193bfb34d1dad707acff748dba033fd775e024aa19778cdea2ac5
  • Instruction Fuzzy Hash: 76B17236609B8081D711CF25F8813AB7764F386F94F199236DAAC637A5DF39C582C740
Strings
  • suspendG from non-preemptible goroutinestack growth not allowed in system call277555756156289135105907917022705078125address family not supported by protocolinvalid span in heapArena for user arenabulkBarrierPreWrite: unaligned argumentsrefill of span with fre, xrefs: 00EE078E
  • invalid g statuscastogscanstatusbad g transitionschedule: in cgoreflect mismatchmissing stackmapbad symbol table23841857910156250123456789ABCDEFDuplicateTokenExGetCurrentThreadRtlVirtualUnwindpermission deniedwrong medium typeno data availableexec format error, xrefs: 00EE077D
Memory Dump Source
  • Source File: 00000000.00000002.1421785188.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true
  • Associated: 00000000.00000002.1421765370.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1421854834.0000000000F44000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1421873470.0000000000F46000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422159841.0000000001391000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422187173.0000000001395000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422208187.0000000001396000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422228822.0000000001398000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001442000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001467000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.000000000146E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001495000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422378893.000000000149C000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422399205.000000000149F000.00000002.00000001.01000000.00000003.sdmpDownload File
Similarity
  • API ID:
  • String ID: invalid g statuscastogscanstatusbad g transitionschedule: in cgoreflect mismatchmissing stackmapbad symbol table23841857910156250123456789ABCDEFDuplicateTokenExGetCurrentThreadRtlVirtualUnwindpermission deniedwrong medium typeno data availableexec format error$suspendG from non-preemptible goroutinestack growth not allowed in system call277555756156289135105907917022705078125address family not supported by protocolinvalid span in heapArena for user arenabulkBarrierPreWrite: unaligned argumentsrefill of span with fre
  • API String ID: 0-3270310653
  • Opcode ID: 10a1b0dd3e9a5b4c47f18180576c8eca6fcec1e1da0e471035a0ff9e07be7a0a
  • Instruction ID: 61c32aad1d3edc276245207c4459a20b97f70189fb58a4e845d4a3850a9ae3ae
  • Opcode Fuzzy Hash: 10a1b0dd3e9a5b4c47f18180576c8eca6fcec1e1da0e471035a0ff9e07be7a0a
  • Instruction Fuzzy Hash: 52B17376608BC4C6D710CB16F0817AABB61F386BD4F14A166EF9D27B99CB78C481CB40
Memory Dump Source
  • Source File: 00000000.00000002.1421785188.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true
  • Associated: 00000000.00000002.1421765370.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1421854834.0000000000F44000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1421873470.0000000000F46000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422159841.0000000001391000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422187173.0000000001395000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422208187.0000000001396000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422228822.0000000001398000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001442000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001467000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.000000000146E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001495000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422378893.000000000149C000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422399205.000000000149F000.00000002.00000001.01000000.00000003.sdmpDownload File
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: f3f70c7ee8872921c861ae7e0cbb482c5ae35b5dcd26fb8c9015db6351e7afd9
  • Instruction ID: 1829377bb2e450855b38289c7b32f96f5957d28bdf837eeb39df528c9c29c565
  • Opcode Fuzzy Hash: f3f70c7ee8872921c861ae7e0cbb482c5ae35b5dcd26fb8c9015db6351e7afd9
  • Instruction Fuzzy Hash: D3C1BF32209B8887DB10DF52F8903ABB7A1F785B84F586126EA8D57B68DB7CC445CB00
Memory Dump Source
  • Source File: 00000000.00000002.1421785188.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true
  • Associated: 00000000.00000002.1421765370.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1421854834.0000000000F44000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1421873470.0000000000F46000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422159841.0000000001391000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422187173.0000000001395000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422208187.0000000001396000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422228822.0000000001398000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001442000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001467000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.000000000146E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001495000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422378893.000000000149C000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422399205.000000000149F000.00000002.00000001.01000000.00000003.sdmpDownload File
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: f896f34c58b9126a50c2bbe63e46d52e2d158454f5b02267ec958f5897f76486
  • Instruction ID: 888f7b9a28e480d7100ebf25ddcff34e5aff0bf9420224bb66f7df9a72efc560
  • Opcode Fuzzy Hash: f896f34c58b9126a50c2bbe63e46d52e2d158454f5b02267ec958f5897f76486
  • Instruction Fuzzy Hash: AE81C573B01A98C7EB149F16E8803A967A1F784B9CF98A039C90D27375DB79C886C740
Memory Dump Source
  • Source File: 00000000.00000002.1421785188.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true
  • Associated: 00000000.00000002.1421765370.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1421854834.0000000000F44000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1421873470.0000000000F46000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422159841.0000000001391000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422187173.0000000001395000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422208187.0000000001396000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422228822.0000000001398000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001442000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001467000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.000000000146E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001495000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422378893.000000000149C000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422399205.000000000149F000.00000002.00000001.01000000.00000003.sdmpDownload File
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: 8f2d5a531bc9a2eb32aacdfd2ef68442e3c2b377b6b5aa201d2d4ba893edb2ce
  • Instruction ID: 978a6666b3827440e504bb90e67bf4d7775eda23a03f92bd585d4ba59390de4b
  • Opcode Fuzzy Hash: 8f2d5a531bc9a2eb32aacdfd2ef68442e3c2b377b6b5aa201d2d4ba893edb2ce
  • Instruction Fuzzy Hash: DF417A77204B8592D7048B1AE8813DB67A0F385B80F95812AEF4EA7729CF79C956C740
Memory Dump Source
  • Source File: 00000000.00000002.1421785188.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true
  • Associated: 00000000.00000002.1421765370.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1421854834.0000000000F44000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1421873470.0000000000F46000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422159841.0000000001391000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422187173.0000000001395000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422208187.0000000001396000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422228822.0000000001398000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001442000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001467000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.000000000146E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001495000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422378893.000000000149C000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422399205.000000000149F000.00000002.00000001.01000000.00000003.sdmpDownload File
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: fa71224a1f444eb187ba419cdc68116e5648f8b733dfef1d9637f9ac15f73c2a
  • Instruction ID: 030290607bf19b6549f2ad3f9024ea7c3a2bde12e9c9f84d68c81b5032b96cb1
  • Opcode Fuzzy Hash: fa71224a1f444eb187ba419cdc68116e5648f8b733dfef1d9637f9ac15f73c2a
  • Instruction Fuzzy Hash: 79211F36608F84C2D700CB22F84536B7764F39AB84F259622EE9C57B65DF39C192C700
APIs
Memory Dump Source
  • Source File: 00000000.00000002.1421785188.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true
  • Associated: 00000000.00000002.1421765370.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1421854834.0000000000F44000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1421873470.0000000000F46000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422159841.0000000001391000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422187173.0000000001395000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422208187.0000000001396000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422228822.0000000001398000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001442000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001467000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.000000000146E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001495000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422378893.000000000149C000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422399205.000000000149F000.00000002.00000001.01000000.00000003.sdmpDownload File
Similarity
  • API ID: AllocVirtual
  • String ID:
  • API String ID: 4275171209-0
  • Opcode ID: ae9484ab8339121adab38818ee12098b0ed07cd46f7304dadeff90e65abf235e
  • Instruction ID: 20decb5199b2fbcac58d3cfe79b216e04311400bb97288e5a633a4d57fdea2e8
  • Opcode Fuzzy Hash: ae9484ab8339121adab38818ee12098b0ed07cd46f7304dadeff90e65abf235e
  • Instruction Fuzzy Hash: C9011B76A10B8082DB119B5AE9413297374E349BE4F244215DFAD57BA4DB29E1A2C740

Non-executed Functions

APIs
Memory Dump Source
  • Source File: 00000000.00000002.1421785188.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true
  • Associated: 00000000.00000002.1421765370.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1421854834.0000000000F44000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1421873470.0000000000F46000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422159841.0000000001391000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422187173.0000000001395000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422208187.0000000001396000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422228822.0000000001398000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001442000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001467000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.000000000146E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001495000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422378893.000000000149C000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422399205.000000000149F000.00000002.00000001.01000000.00000003.sdmpDownload File
Similarity
  • API ID: malloc$ExceptionFilterInfoSleepStartupUnhandled_cexitmemcpystrlen
  • String ID:
  • API String ID: 1640792405-0
  • Opcode ID: 6cd90ad5813dfb0fb839d1f00af3ce7522e97cf1568b8478b2a64732de820c9c
  • Instruction ID: 31ae887653cf38545ec75408d07b2006b7700f8a4729f62b6c9a3be62bc31a7b
  • Opcode Fuzzy Hash: 6cd90ad5813dfb0fb839d1f00af3ce7522e97cf1568b8478b2a64732de820c9c
  • Instruction Fuzzy Hash: A171CF71700B4886EB249F56F8A07EA37A2F745B98F84906ADE58A7371DF3DD940E340
APIs
  • GetSystemTimeAsFileTime.KERNEL32 ref: 00F426F5
  • GetCurrentProcessId.KERNEL32 ref: 00F42700
  • GetCurrentThreadId.KERNEL32 ref: 00F42709
  • GetTickCount.KERNEL32 ref: 00F42711
  • QueryPerformanceCounter.KERNEL32 ref: 00F4271E
Memory Dump Source
  • Source File: 00000000.00000002.1421785188.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true
  • Associated: 00000000.00000002.1421765370.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1421854834.0000000000F44000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1421873470.0000000000F46000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422159841.0000000001391000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422187173.0000000001395000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422208187.0000000001396000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422228822.0000000001398000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001442000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001467000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.000000000146E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001495000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422378893.000000000149C000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422399205.000000000149F000.00000002.00000001.01000000.00000003.sdmpDownload File
Similarity
  • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
  • String ID:
  • API String ID: 1445889803-0
  • Opcode ID: 2c960cf46b28f93f043577aa98753714eda61ce28216e20d16ffe78147c0b9f9
  • Instruction ID: 99cb8bf65a52d67e5e35e5971816defd3c4d7cd80b4ebc120fec2a53aecf2404
  • Opcode Fuzzy Hash: 2c960cf46b28f93f043577aa98753714eda61ce28216e20d16ffe78147c0b9f9
  • Instruction Fuzzy Hash: 84119E36765A1085FB204B25FC083A6B760B749BF0F4856319E9C43BB4EA3CC985C750
Strings
  • findrunnable: netpoll with psave on system g not allowednewproc1: newg missing stacknewproc1: new g is not GdeadFixedStack is not power-of-2missing stack in shrinkstackinvalid runtime symbol table18189894035458564758300781259094947017729282379150390625abi.NewN, xrefs: 00EE6B0C
  • findrunnable: wrong ppreempt at unknown pcreleasep: invalid argcheckdead: runnable gtimer data corruption186264514923095703125931322574615478515625bad type in compare: of unexported methodunexpected value stepreflect.Value.PointerAdjustTokenPrivilegesLookupPr, xrefs: 00EE6B2E
  • findrunnable: negative nmspinningfreeing stack not in a stack spanstackalloc not on scheduler stackruntime: text offset out of rangetimer period must be non-negativeruntime: name offset out of rangeruntime: type offset out of rangeleafCounts[maxBits][maxBits] , xrefs: 00EE6B1D
  • findrunnable: netpoll with spinningpidleput: P has non-empty run queuetraceback did not unwind completelyflate: corrupt input before offset 1776356839400250464677810668945312588817841970012523233890533447265625ryuFtoaFixed32 called with prec > 9file type does , xrefs: 00EE6AFB
Memory Dump Source
  • Source File: 00000000.00000002.1421785188.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true
  • Associated: 00000000.00000002.1421765370.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1421854834.0000000000F44000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1421873470.0000000000F46000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422159841.0000000001391000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422187173.0000000001395000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422208187.0000000001396000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422228822.0000000001398000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001442000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001467000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.000000000146E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001495000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422378893.000000000149C000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422399205.000000000149F000.00000002.00000001.01000000.00000003.sdmpDownload File
Similarity
  • API ID:
  • String ID: findrunnable: negative nmspinningfreeing stack not in a stack spanstackalloc not on scheduler stackruntime: text offset out of rangetimer period must be non-negativeruntime: name offset out of rangeruntime: type offset out of rangeleafCounts[maxBits][maxBits] $findrunnable: netpoll with psave on system g not allowednewproc1: newg missing stacknewproc1: new g is not GdeadFixedStack is not power-of-2missing stack in shrinkstackinvalid runtime symbol table18189894035458564758300781259094947017729282379150390625abi.NewN$findrunnable: netpoll with spinningpidleput: P has non-empty run queuetraceback did not unwind completelyflate: corrupt input before offset 1776356839400250464677810668945312588817841970012523233890533447265625ryuFtoaFixed32 called with prec > 9file type does $findrunnable: wrong ppreempt at unknown pcreleasep: invalid argcheckdead: runnable gtimer data corruption186264514923095703125931322574615478515625bad type in compare: of unexported methodunexpected value stepreflect.Value.PointerAdjustTokenPrivilegesLookupPr
  • API String ID: 0-3637374479
  • Opcode ID: ca87ee161bb5a1984c23974bba4768b94e140c91610d90d02d2cc3f40814c552
  • Instruction ID: ce0d58fccdf1879b0e961829ab6709cf2d389c22c3b1f3500d87f12d9ed5e3eb
  • Opcode Fuzzy Hash: ca87ee161bb5a1984c23974bba4768b94e140c91610d90d02d2cc3f40814c552
  • Instruction Fuzzy Hash: AA629332605BC886DB61CB52F4803EAB360F795BD4F596036DA8D27B69DF78C889C740
Strings
  • gc done but gcphase != _GCoffscanobject of a noscan objectaddspecial on invalid pointertimeBegin/EndPeriod not foundruntime: sudog with non-nil cgfput: bad status (not Gdead)LockOSThread nesting overflowsemacquire not on the G stackruntime: split stack overflo, xrefs: 00EC7336
  • ., xrefs: 00EC6FE7
  • gcingusagefault[...]1562578125int16int32int64uint8arraysliceCommonlistensocketStringFormat[]bytestringSundayMondayFridayAugustUTC-11UTC-02UTC-08UTC-09UTC+12UTC+13 Valuerdtscppopcntsysmontimersselect, not object390625uint16uint32uint64structchan<-<-chanGetACPCo, xrefs: 00EC6AFA
  • failed to set sweep barrierwork.nwait was > work.nprocallocated pages below zero?address not a stack addressmspan.sweep: bad span stateinvalid profile bucket typeruntime: corrupted polldescruntime: netpollinit failedcould not find QPC syscallsruntime: thread I, xrefs: 00EC7325
Memory Dump Source
  • Source File: 00000000.00000002.1421785188.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true
  • Associated: 00000000.00000002.1421765370.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1421854834.0000000000F44000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1421873470.0000000000F46000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422159841.0000000001391000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422187173.0000000001395000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422208187.0000000001396000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422228822.0000000001398000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001442000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001467000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.000000000146E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001495000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422378893.000000000149C000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422399205.000000000149F000.00000002.00000001.01000000.00000003.sdmpDownload File
Similarity
  • API ID:
  • String ID: .$failed to set sweep barrierwork.nwait was > work.nprocallocated pages below zero?address not a stack addressmspan.sweep: bad span stateinvalid profile bucket typeruntime: corrupted polldescruntime: netpollinit failedcould not find QPC syscallsruntime: thread I$gc done but gcphase != _GCoffscanobject of a noscan objectaddspecial on invalid pointertimeBegin/EndPeriod not foundruntime: sudog with non-nil cgfput: bad status (not Gdead)LockOSThread nesting overflowsemacquire not on the G stackruntime: split stack overflo$gcingusagefault[...]1562578125int16int32int64uint8arraysliceCommonlistensocketStringFormat[]bytestringSundayMondayFridayAugustUTC-11UTC-02UTC-08UTC-09UTC+12UTC+13 Valuerdtscppopcntsysmontimersselect, not object390625uint16uint32uint64structchan<-<-chanGetACPCo
  • API String ID: 0-2648160205
  • Opcode ID: d5d3c5f545fa95aaaf99ccf2c636243e86604aa10f9175397d79e988ded3049f
  • Instruction ID: d49986de476e440675603aec09e470702333f772eae7766c7836b387f1864c22
  • Opcode Fuzzy Hash: d5d3c5f545fa95aaaf99ccf2c636243e86604aa10f9175397d79e988ded3049f
  • Instruction Fuzzy Hash: 7732BC36209B8486EB11CF25F8857EA73A1F38AB84F549226EA8D67775DF3DC446C700
Strings
  • reflect., xrefs: 00EE0B7B
  • runtime/internal/thread exhaustionlocked m0 woke upentersyscallblockunknown caller pc1192092895507812559604644775390625unknown type kindSystemFunction036RegLoadMUIStringWAsset %s not foundoperation canceledno child processesconnection refusedRFS specific error, xrefs: 00EE0B54
  • runtime., xrefs: 00EE0B1B
  • bad restart PCstopm spinningstore64 failedsemaRoot queuebad allocCountbad span statestack overflowno module data1907348632812595367431640625unsafe.Pointerunreachable: Module32FirstWRegSetValueExWadvertise errorkey has expirednetwork is downno medium foundno s, xrefs: 00EE0C4E
Memory Dump Source
  • Source File: 00000000.00000002.1421785188.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true
  • Associated: 00000000.00000002.1421765370.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1421854834.0000000000F44000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1421873470.0000000000F46000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422159841.0000000001391000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422187173.0000000001395000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422208187.0000000001396000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422228822.0000000001398000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001442000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001467000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.000000000146E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001495000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422378893.000000000149C000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422399205.000000000149F000.00000002.00000001.01000000.00000003.sdmpDownload File
Similarity
  • API ID:
  • String ID: bad restart PCstopm spinningstore64 failedsemaRoot queuebad allocCountbad span statestack overflowno module data1907348632812595367431640625unsafe.Pointerunreachable: Module32FirstWRegSetValueExWadvertise errorkey has expirednetwork is downno medium foundno s$reflect.$runtime.$runtime/internal/thread exhaustionlocked m0 woke upentersyscallblockunknown caller pc1192092895507812559604644775390625unknown type kindSystemFunction036RegLoadMUIStringWAsset %s not foundoperation canceledno child processesconnection refusedRFS specific error
  • API String ID: 0-3048837318
  • Opcode ID: 14c694164f96a27cbf35b3b3a8f32b5e53b075f0ec4bff7808f5312c50128d27
  • Instruction ID: 12bf203a0a86e26623a9405a0314605af9beb2d537ae01f57a13ba608950a4bb
  • Opcode Fuzzy Hash: 14c694164f96a27cbf35b3b3a8f32b5e53b075f0ec4bff7808f5312c50128d27
  • Instruction Fuzzy Hash: C971C87370578886DB24CF62E4803AEA3A1F385B98F68A135DB9D67754CBB8C9D1C710
Strings
  • mheap.freeSpanLocked - invalid free of user arena chunkcasfrom_Gscanstatus:top gp->status is not in scan state is currently not supported for use in system callbacksreflect: internal error: invalid use of makeMethodValuestrings: illegal use of non-zero Builder, xrefs: 00ED33A5
  • mheap.freeSpanLocked - invalid freeattempt to clear non-empty span setruntime: close polldesc w/o unblockfindrunnable: netpoll with spinningpidleput: P has non-empty run queuetraceback did not unwind completelyflate: corrupt input before offset 177635683940025, xrefs: 00ED3394
  • mheap.freeSpanLocked - invalid stack freemheap.freeSpanLocked - invalid span stateattempted to add zero-sized address rangeruntime: blocked read on closing polldescstopTheWorld: not stopped (stopwait != 0)34694469519536141888238489627838134765625strconv: illeg, xrefs: 00ED3365
Memory Dump Source
  • Source File: 00000000.00000002.1421785188.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true
  • Associated: 00000000.00000002.1421765370.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1421854834.0000000000F44000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1421873470.0000000000F46000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422159841.0000000001391000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422187173.0000000001395000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422208187.0000000001396000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422228822.0000000001398000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001442000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001467000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.000000000146E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001495000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422378893.000000000149C000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422399205.000000000149F000.00000002.00000001.01000000.00000003.sdmpDownload File
Similarity
  • API ID:
  • String ID: mheap.freeSpanLocked - invalid free of user arena chunkcasfrom_Gscanstatus:top gp->status is not in scan state is currently not supported for use in system callbacksreflect: internal error: invalid use of makeMethodValuestrings: illegal use of non-zero Builder$mheap.freeSpanLocked - invalid freeattempt to clear non-empty span setruntime: close polldesc w/o unblockfindrunnable: netpoll with spinningpidleput: P has non-empty run queuetraceback did not unwind completelyflate: corrupt input before offset 177635683940025$mheap.freeSpanLocked - invalid stack freemheap.freeSpanLocked - invalid span stateattempted to add zero-sized address rangeruntime: blocked read on closing polldescstopTheWorld: not stopped (stopwait != 0)34694469519536141888238489627838134765625strconv: illeg
  • API String ID: 0-1931146768
  • Opcode ID: 8db59af2e34fe92adf449d0769e61261182afb3ba30e17cf2b3f719ac2e0e2b9
  • Instruction ID: a8f11bc1fb0f9a13a2513863095922e62adb709e9e537faf1181f156766fa819
  • Opcode Fuzzy Hash: 8db59af2e34fe92adf449d0769e61261182afb3ba30e17cf2b3f719ac2e0e2b9
  • Instruction Fuzzy Hash: 0B61E572609B8486DB10CF21E8903AD7774F38AB84F586523EB8D27765CF38C686C741
Strings
  • reflect.makeFuncStubdodeltimer0: wrong Ptrace: out of memory37252902984619140625GetAdaptersAddressesGetProcessMemoryInfolink has been severedpackage not installedblock device requiredstate not recoverableread-only file systemstale NFS file handleReadDirectoryC, xrefs: 00EF21E6
  • reflect mismatchmissing stackmapbad symbol table23841857910156250123456789ABCDEFDuplicateTokenExGetCurrentThreadRtlVirtualUnwindpermission deniedwrong medium typeno data availableexec format errorLookupAccountSidWDnsRecordListFreeGetCurrentProcessGetShortPathN, xrefs: 00EF22DF, 00EF2325
  • reflect.methodValueCallflate: internal error: 23283064365386962890625reflect.Value.Interfacereflect.Value.NumMethodDestroyEnvironmentBlockconnection reset by peerlevel 2 not synchronizedlink number out of rangeout of streams resourcesfunction not implementedst, xrefs: 00EF21CC
Memory Dump Source
  • Source File: 00000000.00000002.1421785188.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true
  • Associated: 00000000.00000002.1421765370.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1421854834.0000000000F44000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1421873470.0000000000F46000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422159841.0000000001391000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422187173.0000000001395000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422208187.0000000001396000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422228822.0000000001398000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001442000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001467000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.000000000146E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001495000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422378893.000000000149C000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422399205.000000000149F000.00000002.00000001.01000000.00000003.sdmpDownload File
Similarity
  • API ID:
  • String ID: reflect mismatchmissing stackmapbad symbol table23841857910156250123456789ABCDEFDuplicateTokenExGetCurrentThreadRtlVirtualUnwindpermission deniedwrong medium typeno data availableexec format errorLookupAccountSidWDnsRecordListFreeGetCurrentProcessGetShortPathN$reflect.makeFuncStubdodeltimer0: wrong Ptrace: out of memory37252902984619140625GetAdaptersAddressesGetProcessMemoryInfolink has been severedpackage not installedblock device requiredstate not recoverableread-only file systemstale NFS file handleReadDirectoryC$reflect.methodValueCallflate: internal error: 23283064365386962890625reflect.Value.Interfacereflect.Value.NumMethodDestroyEnvironmentBlockconnection reset by peerlevel 2 not synchronizedlink number out of rangeout of streams resourcesfunction not implementedst
  • API String ID: 0-2605967365
  • Opcode ID: e7139f78a62432c33be34e941f8ce7784c0da18a875c54f7a072d8257ac5d5eb
  • Instruction ID: 482b087fc19a30bd8e5d75f3294272704297bffcdc93e857b23c9c4e46b6020c
  • Opcode Fuzzy Hash: e7139f78a62432c33be34e941f8ce7784c0da18a875c54f7a072d8257ac5d5eb
  • Instruction Fuzzy Hash: 1451C673305A48C6CB20DB15E48127EB761F389BA4F58A216DF9D677A4CB38D941CB40
Strings
  • bad summary datainvalid g statuscastogscanstatusbad g transitionschedule: in cgoreflect mismatchmissing stackmapbad symbol table23841857910156250123456789ABCDEFDuplicateTokenExGetCurrentThreadRtlVirtualUnwindpermission deniedwrong medium typeno data availablee, xrefs: 00ED551C, 00ED5822
  • HZ, xrefs: 00ED585E
Memory Dump Source
  • Source File: 00000000.00000002.1421785188.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true
  • Associated: 00000000.00000002.1421765370.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1421854834.0000000000F44000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1421873470.0000000000F46000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422159841.0000000001391000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422187173.0000000001395000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422208187.0000000001396000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422228822.0000000001398000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001442000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001467000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.000000000146E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001495000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422378893.000000000149C000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422399205.000000000149F000.00000002.00000001.01000000.00000003.sdmpDownload File
Similarity
  • API ID:
  • String ID: HZ$bad summary datainvalid g statuscastogscanstatusbad g transitionschedule: in cgoreflect mismatchmissing stackmapbad symbol table23841857910156250123456789ABCDEFDuplicateTokenExGetCurrentThreadRtlVirtualUnwindpermission deniedwrong medium typeno data availablee
  • API String ID: 0-4033222446
  • Opcode ID: 79411a12522074817329672471b4a633a5658ed4f19508f8dd3b8a098b92607f
  • Instruction ID: 107c64388558913a03b91eaac794f59fb8c57fa3c80764f038fa38a0abecfbc7
  • Opcode Fuzzy Hash: 79411a12522074817329672471b4a633a5658ed4f19508f8dd3b8a098b92607f
  • Instruction Fuzzy Hash: 2ED19A77718F8482DB20CB15F8403AAA366F785BC4F949522DE9E67B59CF38C95AC700
Strings
  • p mcache not flushedworkbuf is not emptybad use of bucket.mpbad use of bucket.bpruntime: double waitws2_32.dll not foundforcegc: phase errorgopark: bad g statusgo of nil func valuewirep: already in gosemaRoot rotateRightreflect.makeFuncStubdodeltimer0: wrong P, xrefs: 00EC659C
  • }, xrefs: 00EC631E
Memory Dump Source
  • Source File: 00000000.00000002.1421785188.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true
  • Associated: 00000000.00000002.1421765370.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1421854834.0000000000F44000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1421873470.0000000000F46000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422159841.0000000001391000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422187173.0000000001395000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422208187.0000000001396000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422228822.0000000001398000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001442000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001467000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.000000000146E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001495000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422378893.000000000149C000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422399205.000000000149F000.00000002.00000001.01000000.00000003.sdmpDownload File
Similarity
  • API ID:
  • String ID: }$p mcache not flushedworkbuf is not emptybad use of bucket.mpbad use of bucket.bpruntime: double waitws2_32.dll not foundforcegc: phase errorgopark: bad g statusgo of nil func valuewirep: already in gosemaRoot rotateRightreflect.makeFuncStubdodeltimer0: wrong P
  • API String ID: 0-3408124229
  • Opcode ID: 7ce67cd30776c4afea9e957d039d2e9a3e9adb1918ec19a54d17929abe9afdf3
  • Instruction ID: 79011df22bfa19a653f6d6e16330122bd96783a1e7642f955f627e465a07fa98
  • Opcode Fuzzy Hash: 7ce67cd30776c4afea9e957d039d2e9a3e9adb1918ec19a54d17929abe9afdf3
  • Instruction Fuzzy Hash: 6CD1B336209B8086DB14CF25F58079B7761F38A7A0F54522AEAAD53BB5DF79C442C740
Strings
  • invalid runtime symbol table18189894035458564758300781259094947017729282379150390625abi.NewName: name too long: operation already in progressno XENIX semaphores availabletoo many open files in systemmachine is not on the networkprotocol family not supportednum, xrefs: 00EF4DFF
  • no module data1907348632812595367431640625unsafe.Pointerunreachable: Module32FirstWRegSetValueExWadvertise errorkey has expirednetwork is downno medium foundno such processGetAdaptersInfoCreateHardLinkWDeviceIoControlDuplicateHandleFlushViewOfFileGetCommandLi, xrefs: 00EF4B9A
Memory Dump Source
  • Source File: 00000000.00000002.1421785188.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true
  • Associated: 00000000.00000002.1421765370.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1421854834.0000000000F44000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1421873470.0000000000F46000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422159841.0000000001391000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422187173.0000000001395000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422208187.0000000001396000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422228822.0000000001398000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001442000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001467000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.000000000146E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001495000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422378893.000000000149C000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422399205.000000000149F000.00000002.00000001.01000000.00000003.sdmpDownload File
Similarity
  • API ID:
  • String ID: invalid runtime symbol table18189894035458564758300781259094947017729282379150390625abi.NewName: name too long: operation already in progressno XENIX semaphores availabletoo many open files in systemmachine is not on the networkprotocol family not supportednum$no module data1907348632812595367431640625unsafe.Pointerunreachable: Module32FirstWRegSetValueExWadvertise errorkey has expirednetwork is downno medium foundno such processGetAdaptersInfoCreateHardLinkWDeviceIoControlDuplicateHandleFlushViewOfFileGetCommandLi
  • API String ID: 0-3540023404
  • Opcode ID: 124061ee71bea01a577938d3187a1e17ea7731a43b6c4ed75eee0406f1a2cff1
  • Instruction ID: 841bd41ea0729ab8fcb4f69ec806b03e9741c8bb7d586792d3ca5d3d9c8f31c5
  • Opcode Fuzzy Hash: 124061ee71bea01a577938d3187a1e17ea7731a43b6c4ed75eee0406f1a2cff1
  • Instruction Fuzzy Hash: F9B19E73709B8886CB14CF15F58066AB7A5F789BD4F549126EF8D17BA8CB38D851CB00
Strings
  • missing stackmapbad symbol table23841857910156250123456789ABCDEFDuplicateTokenExGetCurrentThreadRtlVirtualUnwindpermission deniedwrong medium typeno data availableexec format errorLookupAccountSidWDnsRecordListFreeGetCurrentProcessGetShortPathNameWWSAEnumProto, xrefs: 00EF2685, 00EF26C5
  • bad symbol table23841857910156250123456789ABCDEFDuplicateTokenExGetCurrentThreadRtlVirtualUnwindpermission deniedwrong medium typeno data availableexec format errorLookupAccountSidWDnsRecordListFreeGetCurrentProcessGetShortPathNameWWSAEnumProtocolsW0123456789A, xrefs: 00EF2668, 00EF26A5
Memory Dump Source
  • Source File: 00000000.00000002.1421785188.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true
  • Associated: 00000000.00000002.1421765370.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1421854834.0000000000F44000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1421873470.0000000000F46000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422159841.0000000001391000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422187173.0000000001395000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422208187.0000000001396000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422228822.0000000001398000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001442000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001467000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.000000000146E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001495000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422378893.000000000149C000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422399205.000000000149F000.00000002.00000001.01000000.00000003.sdmpDownload File
Similarity
  • API ID:
  • String ID: bad symbol table23841857910156250123456789ABCDEFDuplicateTokenExGetCurrentThreadRtlVirtualUnwindpermission deniedwrong medium typeno data availableexec format errorLookupAccountSidWDnsRecordListFreeGetCurrentProcessGetShortPathNameWWSAEnumProtocolsW0123456789A$missing stackmapbad symbol table23841857910156250123456789ABCDEFDuplicateTokenExGetCurrentThreadRtlVirtualUnwindpermission deniedwrong medium typeno data availableexec format errorLookupAccountSidWDnsRecordListFreeGetCurrentProcessGetShortPathNameWWSAEnumProto
  • API String ID: 0-4028483906
  • Opcode ID: 60c2a07d7b21248c4233d13512a7eba8cde05d473495ab312aa009d12abde8cf
  • Instruction ID: f66d60cb55428edb32a424f81bc784cd279236a8361104ea3c9a13565add54c1
  • Opcode Fuzzy Hash: 60c2a07d7b21248c4233d13512a7eba8cde05d473495ab312aa009d12abde8cf
  • Instruction Fuzzy Hash: 2E9115B3704A9886CB10DF25E0807AAB7B1F389BC4F59A126DF5D67794EB78C941CB00
Strings
  • casgstatus: bad incoming valuesresetspinning: not a spinning munsafe.String: len out of range11368683772161602973937988281255684341886080801486968994140625reflect: Len of non-array type Asset %s can't read by error: %vresource temporarily unavailablesoftware c, xrefs: 00EE33CE
  • casgstatus: waiting for Gwaiting but is Grunnablenot enough significant bits after mult128bitPow10reflect.Value.Slice: slice of unaddressable arraycgo argument has Go pointer to unpinned Go pointerruntime: unable to acquire - semaphore out of syncmallocgc call, xrefs: 00EE339B
Memory Dump Source
  • Source File: 00000000.00000002.1421785188.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true
  • Associated: 00000000.00000002.1421765370.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1421854834.0000000000F44000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1421873470.0000000000F46000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422159841.0000000001391000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422187173.0000000001395000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422208187.0000000001396000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422228822.0000000001398000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001442000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001467000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.000000000146E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001495000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422378893.000000000149C000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422399205.000000000149F000.00000002.00000001.01000000.00000003.sdmpDownload File
Similarity
  • API ID:
  • String ID: casgstatus: bad incoming valuesresetspinning: not a spinning munsafe.String: len out of range11368683772161602973937988281255684341886080801486968994140625reflect: Len of non-array type Asset %s can't read by error: %vresource temporarily unavailablesoftware c$casgstatus: waiting for Gwaiting but is Grunnablenot enough significant bits after mult128bitPow10reflect.Value.Slice: slice of unaddressable arraycgo argument has Go pointer to unpinned Go pointerruntime: unable to acquire - semaphore out of syncmallocgc call
  • API String ID: 0-2503374546
  • Opcode ID: 2d48caacf26c8ce882d16eb4e3972875459c41af87a9b36d1ae2c2f3d4360a34
  • Instruction ID: f6e0a1f696906dd18a8ab747ad0275f35568d7dd2291ce9412b02f33544932bc
  • Opcode Fuzzy Hash: 2d48caacf26c8ce882d16eb4e3972875459c41af87a9b36d1ae2c2f3d4360a34
  • Instruction Fuzzy Hash: 7CA1D236205AC8C6D710CB36E48935EBB61F38AB84F649226DF9C53B65DF3AD542C700
Strings
  • !"#$%%&&''((()))*++,,,,,------....//////0001123333333333444444444455666677777888888888889999999999::::::;;;;;;;;;;;;;;;;<<<<<<<<<<<<<<<<=====>>>>>>>>>>>??????????@@@@@@@@@@@@@@@@@@@@@@AAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC, xrefs: 00EEFADA, 00EEFBBA, 00EEFCD0, 00EEFDEC
Memory Dump Source
  • Source File: 00000000.00000002.1421785188.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true
  • Associated: 00000000.00000002.1421765370.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1421854834.0000000000F44000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1421873470.0000000000F46000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422159841.0000000001391000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422187173.0000000001395000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422208187.0000000001396000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422228822.0000000001398000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001442000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001467000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.000000000146E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001495000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422378893.000000000149C000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422399205.000000000149F000.00000002.00000001.01000000.00000003.sdmpDownload File
Similarity
  • API ID:
  • String ID: !"#$%%&&''((()))*++,,,,,------....//////0001123333333333444444444455666677777888888888889999999999::::::;;;;;;;;;;;;;;;;<<<<<<<<<<<<<<<<=====>>>>>>>>>>>??????????@@@@@@@@@@@@@@@@@@@@@@AAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC
  • API String ID: 0-2911004680
  • Opcode ID: 82beb91e0acdae05525a43a281b4f2143a369b99a9ff1fbe6577f2737d53e04a
  • Instruction ID: 5cc0bff84f4b50dd9b1b78f2b18a16aae64b47b1ce2496c2d85c415702c83c08
  • Opcode Fuzzy Hash: 82beb91e0acdae05525a43a281b4f2143a369b99a9ff1fbe6577f2737d53e04a
  • Instruction Fuzzy Hash: 67E1DD62704BC882DA108B56E8003FAA766F789BE0F886532EF4E27B95CF7CC541D740
Strings
  • invalid length of trace eventruntime: impossible type kindruntime.semasleep wait_failed45474735088646411895751953125socket operation on non-socketinappropriate ioctl for deviceprotocol wrong type for socketEastern Standard Time (Mexico)Turks And Caicos Standar, xrefs: 00EF86C4
Memory Dump Source
  • Source File: 00000000.00000002.1421785188.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true
  • Associated: 00000000.00000002.1421765370.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1421854834.0000000000F44000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1421873470.0000000000F46000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422159841.0000000001391000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422187173.0000000001395000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422208187.0000000001396000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422228822.0000000001398000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001442000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001467000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.000000000146E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001495000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422378893.000000000149C000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422399205.000000000149F000.00000002.00000001.01000000.00000003.sdmpDownload File
Similarity
  • API ID:
  • String ID: invalid length of trace eventruntime: impossible type kindruntime.semasleep wait_failed45474735088646411895751953125socket operation on non-socketinappropriate ioctl for deviceprotocol wrong type for socketEastern Standard Time (Mexico)Turks And Caicos Standar
  • API String ID: 0-34949647
  • Opcode ID: 64c7766aa963424a99d345d5c542e6722bbd3d19ace67744863788357eaa8d2f
  • Instruction ID: 7305b89afb622896b490b4a9e84448d6144d5f3fd11d941ece38ab50813be5e2
  • Opcode Fuzzy Hash: 64c7766aa963424a99d345d5c542e6722bbd3d19ace67744863788357eaa8d2f
  • Instruction Fuzzy Hash: 80D10372618BCCC2DB548B15E5503BAB761F399BC0FA46126EF8A27B94CF38C491DB41
Strings
  • bad summary datainvalid g statuscastogscanstatusbad g transitionschedule: in cgoreflect mismatchmissing stackmapbad symbol table23841857910156250123456789ABCDEFDuplicateTokenExGetCurrentThreadRtlVirtualUnwindpermission deniedwrong medium typeno data availablee, xrefs: 00ED7167
Memory Dump Source
  • Source File: 00000000.00000002.1421785188.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true
  • Associated: 00000000.00000002.1421765370.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1421854834.0000000000F44000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1421873470.0000000000F46000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422159841.0000000001391000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422187173.0000000001395000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422208187.0000000001396000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422228822.0000000001398000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001442000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001467000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.000000000146E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001495000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422378893.000000000149C000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422399205.000000000149F000.00000002.00000001.01000000.00000003.sdmpDownload File
Similarity
  • API ID:
  • String ID: bad summary datainvalid g statuscastogscanstatusbad g transitionschedule: in cgoreflect mismatchmissing stackmapbad symbol table23841857910156250123456789ABCDEFDuplicateTokenExGetCurrentThreadRtlVirtualUnwindpermission deniedwrong medium typeno data availablee
  • API String ID: 0-2963862340
  • Opcode ID: 903804f1ae7b500779998effc9513662165cef203a4be3312271d07f02a4dea6
  • Instruction ID: b83682237dff60f60cc6b40bbde2bf145bd1fb9c2218172f6320133eb826231d
  • Opcode Fuzzy Hash: 903804f1ae7b500779998effc9513662165cef203a4be3312271d07f02a4dea6
  • Instruction Fuzzy Hash: C161EEB3714B8882DB009F15E44039A7769F78ABD4F94A226EF9D27799DB3CC586C340
Strings
  • 00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899, xrefs: 00F19CBB
Memory Dump Source
  • Source File: 00000000.00000002.1421785188.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true
  • Associated: 00000000.00000002.1421765370.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1421854834.0000000000F44000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1421873470.0000000000F46000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422159841.0000000001391000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422187173.0000000001395000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422208187.0000000001396000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422228822.0000000001398000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001442000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001467000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.000000000146E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001495000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422378893.000000000149C000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422399205.000000000149F000.00000002.00000001.01000000.00000003.sdmpDownload File
Similarity
  • API ID:
  • String ID: 00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899
  • API String ID: 0-2272463933
  • Opcode ID: 54a3424b6fcfd55530ba662fa1001b38b8c70e710daeeb85dc2e627bf83b17a1
  • Instruction ID: 602f1a6172e54d5ca876b8cc800c12f66acc4e75b6aa2791eed9eced9c102ef9
  • Opcode Fuzzy Hash: 54a3424b6fcfd55530ba662fa1001b38b8c70e710daeeb85dc2e627bf83b17a1
  • Instruction Fuzzy Hash: AB415833B0C65582DB1CC719A4317E8B295E3D4BA4F99421ACA8B07780CAA9CDC5F3C4
Strings
  • gcingusagefault[...]1562578125int16int32int64uint8arraysliceCommonlistensocketStringFormat[]bytestringSundayMondayFridayAugustUTC-11UTC-02UTC-08UTC-09UTC+12UTC+13 Valuerdtscppopcntsysmontimersselect, not object390625uint16uint32uint64structchan<-<-chanGetACPCo, xrefs: 00EC6828
Memory Dump Source
  • Source File: 00000000.00000002.1421785188.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true
  • Associated: 00000000.00000002.1421765370.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1421854834.0000000000F44000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1421873470.0000000000F46000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422159841.0000000001391000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422187173.0000000001395000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422208187.0000000001396000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422228822.0000000001398000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001442000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001467000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.000000000146E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001495000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422378893.000000000149C000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422399205.000000000149F000.00000002.00000001.01000000.00000003.sdmpDownload File
Similarity
  • API ID:
  • String ID: gcingusagefault[...]1562578125int16int32int64uint8arraysliceCommonlistensocketStringFormat[]bytestringSundayMondayFridayAugustUTC-11UTC-02UTC-08UTC-09UTC+12UTC+13 Valuerdtscppopcntsysmontimersselect, not object390625uint16uint32uint64structchan<-<-chanGetACPCo
  • API String ID: 0-3679710651
  • Opcode ID: a5d39162fa0e263be63559b22544aba1e44810fbf43a6dbdfe5aa7ba9f08010b
  • Instruction ID: 45d15acd34090383733f40b55d60701c18a2e3701fa612ecd3b4eb32aee23892
  • Opcode Fuzzy Hash: a5d39162fa0e263be63559b22544aba1e44810fbf43a6dbdfe5aa7ba9f08010b
  • Instruction Fuzzy Hash: D3618632205B40C6DB10DF21E8857AB77A5F789B84F91A23AEA4E67771DF7AC046C700
Strings
  • gcmarknewobject called while doing checkmarkactive sweepers found at start of mark phaseno P available, write barriers are forbiddencompileCallback: float results not supportedcannot trace user goroutine on its own stackunsafe.Slice: ptr is nil and len is not , xrefs: 00ECB7A7
Memory Dump Source
  • Source File: 00000000.00000002.1421785188.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true
  • Associated: 00000000.00000002.1421765370.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1421854834.0000000000F44000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1421873470.0000000000F46000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422159841.0000000001391000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422187173.0000000001395000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422208187.0000000001396000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422228822.0000000001398000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001442000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001467000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.000000000146E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001495000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422378893.000000000149C000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422399205.000000000149F000.00000002.00000001.01000000.00000003.sdmpDownload File
Similarity
  • API ID:
  • String ID: gcmarknewobject called while doing checkmarkactive sweepers found at start of mark phaseno P available, write barriers are forbiddencompileCallback: float results not supportedcannot trace user goroutine on its own stackunsafe.Slice: ptr is nil and len is not
  • API String ID: 0-3110597650
  • Opcode ID: d9beba29aa0a7702b63b46a10b73257851dd3c8472ab017f09bb981e0c1f3d1e
  • Instruction ID: aec212c7cfdf625ea3d62498568c8c101c9192430e8533f250d64c59eec396c9
  • Opcode Fuzzy Hash: d9beba29aa0a7702b63b46a10b73257851dd3c8472ab017f09bb981e0c1f3d1e
  • Instruction Fuzzy Hash: 9E21D2A3B11B8946EF059F15C4813E86B65F39AFC8F8EA07ACF0D17B56CA28C555C350
Memory Dump Source
  • Source File: 00000000.00000002.1421785188.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true
  • Associated: 00000000.00000002.1421765370.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1421854834.0000000000F44000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1421873470.0000000000F46000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422159841.0000000001391000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422187173.0000000001395000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422208187.0000000001396000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422228822.0000000001398000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001442000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001467000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.000000000146E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001495000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422378893.000000000149C000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422399205.000000000149F000.00000002.00000001.01000000.00000003.sdmpDownload File
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: 465a507e25516a174957f9c0cd9d46c8fbe77567b2ba00f0ca7df3a370aa1c1e
  • Instruction ID: eacedec7cf57b41c938ae5fd5c8ee8f20881ddcb2f28425181370125344ec0ab
  • Opcode Fuzzy Hash: 465a507e25516a174957f9c0cd9d46c8fbe77567b2ba00f0ca7df3a370aa1c1e
  • Instruction Fuzzy Hash: 24228A33A58BC482D621CB21E8407EAB360F3A9B94F549216DBDD17B5ADF38D5D0EB40
Memory Dump Source
  • Source File: 00000000.00000002.1421785188.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true
  • Associated: 00000000.00000002.1421765370.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1421854834.0000000000F44000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1421873470.0000000000F46000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422159841.0000000001391000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422187173.0000000001395000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422208187.0000000001396000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422228822.0000000001398000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001442000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001467000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.000000000146E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001495000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422378893.000000000149C000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422399205.000000000149F000.00000002.00000001.01000000.00000003.sdmpDownload File
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: d0b21b16030f1c2ddf6b96a3032b4b83741bc62503bd902c6f933ee9d3676161
  • Instruction ID: 2396af47a99c45b4f58dad4707f2b854f66004cc2ecace1f84c20665fd9e6faf
  • Opcode Fuzzy Hash: d0b21b16030f1c2ddf6b96a3032b4b83741bc62503bd902c6f933ee9d3676161
  • Instruction Fuzzy Hash: 87E18A76A04B8486CB14CB16E8403ADBBA6F389FD0F589126CE9E47759DB78C8D1E740
Memory Dump Source
  • Source File: 00000000.00000002.1421785188.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true
  • Associated: 00000000.00000002.1421765370.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1421854834.0000000000F44000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1421873470.0000000000F46000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422159841.0000000001391000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422187173.0000000001395000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422208187.0000000001396000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422228822.0000000001398000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001442000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001467000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.000000000146E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001495000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422378893.000000000149C000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422399205.000000000149F000.00000002.00000001.01000000.00000003.sdmpDownload File
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: 4f373c9709c9e843291e86c2fd865c0f5134b8da86d6694b20275b236cbeacd3
  • Instruction ID: c6e25b2edfb0104684d9209d9f43c123a3f46580a02e3dfc252b1a50f68aa764
  • Opcode Fuzzy Hash: 4f373c9709c9e843291e86c2fd865c0f5134b8da86d6694b20275b236cbeacd3
  • Instruction Fuzzy Hash: 22C10733B1CA9482CA14CF16E4117EAA765F795FD4F485421EE8E87B18CBBCC985D780
Memory Dump Source
  • Source File: 00000000.00000002.1421785188.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true
  • Associated: 00000000.00000002.1421765370.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1421854834.0000000000F44000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1421873470.0000000000F46000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422159841.0000000001391000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422187173.0000000001395000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422208187.0000000001396000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422228822.0000000001398000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001442000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001467000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.000000000146E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001495000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422378893.000000000149C000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422399205.000000000149F000.00000002.00000001.01000000.00000003.sdmpDownload File
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: c67308d6362845d91e147e24a21617949b2890182545b3697b83ea411505fd18
  • Instruction ID: d0ecbda356706c610d9f27fe4ce25236ca48de167eebc385cfa9a660766276a3
  • Opcode Fuzzy Hash: c67308d6362845d91e147e24a21617949b2890182545b3697b83ea411505fd18
  • Instruction Fuzzy Hash: C5C16A76708BC481CA60DB57E940B9AA761F399FD0F48912AEF9D67B58CF39C452CB00
Memory Dump Source
  • Source File: 00000000.00000002.1421785188.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true
  • Associated: 00000000.00000002.1421765370.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1421854834.0000000000F44000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1421873470.0000000000F46000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422159841.0000000001391000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422187173.0000000001395000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422208187.0000000001396000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422228822.0000000001398000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001442000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001467000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.000000000146E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001495000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422378893.000000000149C000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422399205.000000000149F000.00000002.00000001.01000000.00000003.sdmpDownload File
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: 433bf4eda2d75ff9c3a603e8788eef434ad78b31bf0830bd7521cbfc094a05dc
  • Instruction ID: efd1eca55a66010507b2b90b4ebdb4b6473867f7c0da2d577a4ca6844a663f17
  • Opcode Fuzzy Hash: 433bf4eda2d75ff9c3a603e8788eef434ad78b31bf0830bd7521cbfc094a05dc
  • Instruction Fuzzy Hash: 69B1FA16E18FDA60E61356789403B762A106FF36D4F01D73ABAC2F16B3D7566A00B922
Memory Dump Source
  • Source File: 00000000.00000002.1421785188.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true
  • Associated: 00000000.00000002.1421765370.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1421854834.0000000000F44000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1421873470.0000000000F46000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422159841.0000000001391000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422187173.0000000001395000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422208187.0000000001396000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422228822.0000000001398000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001442000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001467000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.000000000146E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001495000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422378893.000000000149C000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422399205.000000000149F000.00000002.00000001.01000000.00000003.sdmpDownload File
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: 0b59a16cd16aa69f895ffc02acc94636e2ac1b15c322ea4d718835ba6bd60621
  • Instruction ID: 3bd833dbd49582a6bcc2caea813fee7d63fb051f909250e4ab287273f895d3eb
  • Opcode Fuzzy Hash: 0b59a16cd16aa69f895ffc02acc94636e2ac1b15c322ea4d718835ba6bd60621
  • Instruction Fuzzy Hash: 2D81F8767186C986CB24CF67B410BAAB761F795BC4F586025FF8967F15CA3CD8408B40
Memory Dump Source
  • Source File: 00000000.00000002.1421785188.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true
  • Associated: 00000000.00000002.1421765370.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1421854834.0000000000F44000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1421873470.0000000000F46000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422159841.0000000001391000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422187173.0000000001395000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422208187.0000000001396000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422228822.0000000001398000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001442000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001467000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.000000000146E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001495000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422378893.000000000149C000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422399205.000000000149F000.00000002.00000001.01000000.00000003.sdmpDownload File
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: d4a974972457b2ead2ae3d824d6b1a049e7cb29ae9b5c88b964a7a4f88c97649
  • Instruction ID: b8eca27898c16c3b2cceb3bfc97ecd35d74dbd7537c29c8256b3ba46d714ef66
  • Opcode Fuzzy Hash: d4a974972457b2ead2ae3d824d6b1a049e7cb29ae9b5c88b964a7a4f88c97649
  • Instruction Fuzzy Hash: A0A15777618F8482DB108B15E48029EB7A5F789BE4F542226EFED57BA9CF38C055CB40
Memory Dump Source
  • Source File: 00000000.00000002.1421785188.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true
  • Associated: 00000000.00000002.1421765370.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1421854834.0000000000F44000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1421873470.0000000000F46000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422159841.0000000001391000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422187173.0000000001395000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422208187.0000000001396000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422228822.0000000001398000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001442000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001467000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.000000000146E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001495000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422378893.000000000149C000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422399205.000000000149F000.00000002.00000001.01000000.00000003.sdmpDownload File
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: b66b69242e1af821c5e38f6f879b51914e606c6202975de5977db363f7815630
  • Instruction ID: 838192f129be58cca80678a4a7cbe2432d4167fa7bb23f41837e5e3127326fad
  • Opcode Fuzzy Hash: b66b69242e1af821c5e38f6f879b51914e606c6202975de5977db363f7815630
  • Instruction Fuzzy Hash: EC818273A18B8482DB109B55E5803AEB762F799FC0F446127EF9D67B5ACB38C191C740
Memory Dump Source
  • Source File: 00000000.00000002.1421785188.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true
  • Associated: 00000000.00000002.1421765370.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1421854834.0000000000F44000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1421873470.0000000000F46000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422159841.0000000001391000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422187173.0000000001395000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422208187.0000000001396000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422228822.0000000001398000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001442000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001467000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.000000000146E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001495000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422378893.000000000149C000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422399205.000000000149F000.00000002.00000001.01000000.00000003.sdmpDownload File
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: b5cd7fa83b4831512f4e8963a04dc7694d6cbeca2d28446a6ab9114294d05c30
  • Instruction ID: 2c59ccdb13b81981471c9945cf5cfdbdfc34c1786fee2e45b0637b23232a57db
  • Opcode Fuzzy Hash: b5cd7fa83b4831512f4e8963a04dc7694d6cbeca2d28446a6ab9114294d05c30
  • Instruction Fuzzy Hash: 03612832604B8086DB01CF35E1457AA7761F796BD4F05A326EA5D237D6CF3AC092C704
Memory Dump Source
  • Source File: 00000000.00000002.1421785188.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true
  • Associated: 00000000.00000002.1421765370.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1421854834.0000000000F44000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1421873470.0000000000F46000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422159841.0000000001391000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422187173.0000000001395000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422208187.0000000001396000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422228822.0000000001398000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001442000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001467000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.000000000146E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001495000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422378893.000000000149C000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422399205.000000000149F000.00000002.00000001.01000000.00000003.sdmpDownload File
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: a7adbbbc2307511e2dca4f20d66e281f9d53cc5ebb2a0c892f390a37d2ca3cb6
  • Instruction ID: 1b2e882279dbdd02c27fc892aa48fcc8b21f31bbe5ef86ec1bfbd08fe422e6e3
  • Opcode Fuzzy Hash: a7adbbbc2307511e2dca4f20d66e281f9d53cc5ebb2a0c892f390a37d2ca3cb6
  • Instruction Fuzzy Hash: E24106A5742A9881AE158F6795600EAA361E74AFD4398F233CF1E77B6AC63CD402C354
Memory Dump Source
  • Source File: 00000000.00000002.1421785188.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true
  • Associated: 00000000.00000002.1421765370.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1421854834.0000000000F44000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1421873470.0000000000F46000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422159841.0000000001391000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422187173.0000000001395000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422208187.0000000001396000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422228822.0000000001398000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001442000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001467000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.000000000146E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001495000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422378893.000000000149C000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422399205.000000000149F000.00000002.00000001.01000000.00000003.sdmpDownload File
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: 4872dbdf246f9021fbc46d48a0ab1f1dc3d73c711787ac6b0052670c47232002
  • Instruction ID: 8114bb806836ebab088a3bd54e6afddf001cb7f45598d2b3b7dbb80b816f2116
  • Opcode Fuzzy Hash: 4872dbdf246f9021fbc46d48a0ab1f1dc3d73c711787ac6b0052670c47232002
  • Instruction Fuzzy Hash: B2412B22B81A4C8BDB11DE3498413BA62869380778FCCA674DF3D573C2E67CCAD59510
Memory Dump Source
  • Source File: 00000000.00000002.1421785188.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true
  • Associated: 00000000.00000002.1421765370.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1421854834.0000000000F44000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1421873470.0000000000F46000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422159841.0000000001391000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422187173.0000000001395000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422208187.0000000001396000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422228822.0000000001398000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001442000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001467000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.000000000146E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001495000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422378893.000000000149C000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422399205.000000000149F000.00000002.00000001.01000000.00000003.sdmpDownload File
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: e2d90e2c3b58f744f4d91d4557045c49bccd297f0a4127c5d3b370c972c6e05a
  • Instruction ID: a8f718411e4e9cdf295ae9c669389b4e2f24b13c86d90423ee6c662a6c24c0bb
  • Opcode Fuzzy Hash: e2d90e2c3b58f744f4d91d4557045c49bccd297f0a4127c5d3b370c972c6e05a
  • Instruction Fuzzy Hash: 15510672909FA485C612DB26E54175AB7A4FB8ABC0F059329EE8E73725CF39C0938740
Memory Dump Source
  • Source File: 00000000.00000002.1421785188.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true
  • Associated: 00000000.00000002.1421765370.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1421854834.0000000000F44000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1421873470.0000000000F46000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422159841.0000000001391000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422187173.0000000001395000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422208187.0000000001396000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422228822.0000000001398000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001442000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001467000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.000000000146E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001495000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422378893.000000000149C000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422399205.000000000149F000.00000002.00000001.01000000.00000003.sdmpDownload File
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: 1c47916c3ae3d62a6a52e26f9e91f4ef5c093a7174d1565b79668bc4a0f2eb7f
  • Instruction ID: b62ebd7277a16374c0b8a4d7421704e8c806997d7da47e4a2ed7c0d4ec2e0e25
  • Opcode Fuzzy Hash: 1c47916c3ae3d62a6a52e26f9e91f4ef5c093a7174d1565b79668bc4a0f2eb7f
  • Instruction Fuzzy Hash: E531F6B2A0BE4449CD0BDB3A9561BA582165F93BE4E74E722D82F761E4DB1B9443C200
Memory Dump Source
  • Source File: 00000000.00000002.1421785188.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true
  • Associated: 00000000.00000002.1421765370.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1421854834.0000000000F44000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1421873470.0000000000F46000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422159841.0000000001391000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422187173.0000000001395000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422208187.0000000001396000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422228822.0000000001398000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001442000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001467000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.000000000146E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001495000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422378893.000000000149C000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422399205.000000000149F000.00000002.00000001.01000000.00000003.sdmpDownload File
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: b9c3dd010f62b2f8d72f48bd261f86e5ad340bd59685abcad5fa4d8341e15363
  • Instruction ID: 527c09b7aef2480da36a7748b6dbd10efa976ccca6e371a8dd9236182baa1db7
  • Opcode Fuzzy Hash: b9c3dd010f62b2f8d72f48bd261f86e5ad340bd59685abcad5fa4d8341e15363
  • Instruction Fuzzy Hash: 431133F1E35F450ADA47C739A451352C2075F9ABD0F38D332AC1BB6756EB2590C34100
Memory Dump Source
  • Source File: 00000000.00000002.1421785188.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true
  • Associated: 00000000.00000002.1421765370.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1421854834.0000000000F44000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1421873470.0000000000F46000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422159841.0000000001391000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422187173.0000000001395000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422208187.0000000001396000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422228822.0000000001398000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001442000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001467000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.000000000146E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001495000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422378893.000000000149C000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422399205.000000000149F000.00000002.00000001.01000000.00000003.sdmpDownload File
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: 7d765f397dba444204781d3060f5e491d9dbc8f2eadfeaaeeab376448d9d7910
  • Instruction ID: 409356958ea2c5a8eff02298436c4daa7047d9405aad9d73ac345205af293978
  • Opcode Fuzzy Hash: 7d765f397dba444204781d3060f5e491d9dbc8f2eadfeaaeeab376448d9d7910
  • Instruction Fuzzy Hash: BB213E36608F84C2D600DF22F84636A7764F39AB80F259626EF9C57B65DF39C192C700
Memory Dump Source
  • Source File: 00000000.00000002.1421785188.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true
  • Associated: 00000000.00000002.1421765370.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1421854834.0000000000F44000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1421873470.0000000000F46000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422159841.0000000001391000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422187173.0000000001395000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422208187.0000000001396000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422228822.0000000001398000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001442000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001467000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.000000000146E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001495000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422378893.000000000149C000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422399205.000000000149F000.00000002.00000001.01000000.00000003.sdmpDownload File
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: 9213e263b25970be24d485808dd7925acd8ce6d20269f4628c9615aaebe1f88f
  • Instruction ID: f800a6b6ef698b50557e779852d9cad077dc9d4b7d637bc21d6df60d9356ecae
  • Opcode Fuzzy Hash: 9213e263b25970be24d485808dd7925acd8ce6d20269f4628c9615aaebe1f88f
  • Instruction Fuzzy Hash: CE211D36608B84C2D700CF26F88536A7764F39AB84F259626EF9C57B65DF39C192C700
Memory Dump Source
  • Source File: 00000000.00000002.1421785188.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true
  • Associated: 00000000.00000002.1421765370.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1421854834.0000000000F44000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1421873470.0000000000F46000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422159841.0000000001391000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422187173.0000000001395000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422208187.0000000001396000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422228822.0000000001398000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001442000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001467000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.000000000146E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001495000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422378893.000000000149C000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422399205.000000000149F000.00000002.00000001.01000000.00000003.sdmpDownload File
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: 7e6441b425fc768deac61aa31634cc968e01f885e34257f5a5cdec8949ebd1ce
  • Instruction ID: 356573b8757be1af9f50cc7392c0e4c5c217d4be98218faf554dd7e7e285ddc4
  • Opcode Fuzzy Hash: 7e6441b425fc768deac61aa31634cc968e01f885e34257f5a5cdec8949ebd1ce
  • Instruction Fuzzy Hash: B5210B36608F8882D701CF22F88536A7764F39AB84F259626EF9C57B65DF39D192C700
Memory Dump Source
  • Source File: 00000000.00000002.1421785188.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true
  • Associated: 00000000.00000002.1421765370.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1421854834.0000000000F44000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1421873470.0000000000F46000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422159841.0000000001391000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422187173.0000000001395000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422208187.0000000001396000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422228822.0000000001398000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001442000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001467000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.000000000146E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001495000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422378893.000000000149C000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422399205.000000000149F000.00000002.00000001.01000000.00000003.sdmpDownload File
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: 17f2f974d65d94fe4be12340ec2abe6e3a4d96846af31d120d091417402154e6
  • Instruction ID: 508031f2fd2077ee33bc1cdfa57b1919d1dbf1499cd2f77d63f4e6a8ef402c6a
  • Opcode Fuzzy Hash: 17f2f974d65d94fe4be12340ec2abe6e3a4d96846af31d120d091417402154e6
  • Instruction Fuzzy Hash: 34214D36608B84C2D701CF22F88636A7764F39AB80F259626EF9C57B65DF39C192C740
Memory Dump Source
  • Source File: 00000000.00000002.1421785188.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true
  • Associated: 00000000.00000002.1421765370.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1421854834.0000000000F44000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1421873470.0000000000F46000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422159841.0000000001391000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422187173.0000000001395000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422208187.0000000001396000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422228822.0000000001398000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001442000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001467000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.000000000146E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001495000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422378893.000000000149C000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422399205.000000000149F000.00000002.00000001.01000000.00000003.sdmpDownload File
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: 0664b3d01b3f63eae82a0c121e795f6885d4f4479b1ad2563cf3ff7423a453f9
  • Instruction ID: c4da380dc4750fb94b760a8d52d01e27f56bab5057a55d9c3f5cdc724b6d0b0a
  • Opcode Fuzzy Hash: 0664b3d01b3f63eae82a0c121e795f6885d4f4479b1ad2563cf3ff7423a453f9
  • Instruction Fuzzy Hash: EAE0B636614A4485D6205B29E8413967324E788BB8F580322EFBC0B7E4CE28D2628E44
Memory Dump Source
  • Source File: 00000000.00000002.1421785188.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true
  • Associated: 00000000.00000002.1421765370.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1421854834.0000000000F44000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1421873470.0000000000F46000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422159841.0000000001391000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422187173.0000000001395000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422208187.0000000001396000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422228822.0000000001398000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001442000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001467000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.000000000146E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001495000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422378893.000000000149C000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422399205.000000000149F000.00000002.00000001.01000000.00000003.sdmpDownload File
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: 703132f9d451a363d6f389d292d524855938688d0d388e7064e6d4e900244eb8
  • Instruction ID: c61b1cb6b7485ebb459d38b4a317baa25a1aa05eed8359fe440e78da978dda1c
  • Opcode Fuzzy Hash: 703132f9d451a363d6f389d292d524855938688d0d388e7064e6d4e900244eb8
  • Instruction Fuzzy Hash: 05C02BF1D07BC25CFF50C300710834939C58F043E0E80C0C48248002A4D67C8380B134
Memory Dump Source
  • Source File: 00000000.00000002.1422378893.000000000149C000.00000004.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true
  • Associated: 00000000.00000002.1421765370.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1421785188.0000000000EB1000.00000020.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1421854834.0000000000F44000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1421873470.0000000000F46000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422159841.0000000001391000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422187173.0000000001395000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422208187.0000000001396000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422228822.0000000001398000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001442000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001467000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.000000000146E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001495000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422399205.000000000149F000.00000002.00000001.01000000.00000003.sdmpDownload File
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: 7c307f67adb8aff98d3f095286b2b700dfcb55a183617c16c72d4ace8312b7d4
  • Instruction ID: 038cc99b61fe1a58f79dc842e8ffe6d2d7c0790616e2838ebdfb41b054369831
  • Opcode Fuzzy Hash: 7c307f67adb8aff98d3f095286b2b700dfcb55a183617c16c72d4ace8312b7d4
  • Instruction Fuzzy Hash:
APIs
  • VirtualProtect.KERNEL32(0149A270,00007FFBCB55ADA0,?,?,?,00000001,00EB124C), ref: 00F42DDD
Strings
  • Unknown pseudo relocation protocol version %d., xrefs: 00F42F5E
  • Unknown pseudo relocation bit size %d., xrefs: 00F42F4A
Memory Dump Source
  • Source File: 00000000.00000002.1421785188.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true
  • Associated: 00000000.00000002.1421765370.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1421854834.0000000000F44000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1421873470.0000000000F46000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422159841.0000000001391000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422187173.0000000001395000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422208187.0000000001396000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422228822.0000000001398000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001442000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001467000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.000000000146E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001495000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422378893.000000000149C000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422399205.000000000149F000.00000002.00000001.01000000.00000003.sdmpDownload File
Similarity
  • API ID: ProtectVirtual
  • String ID: Unknown pseudo relocation bit size %d.$ Unknown pseudo relocation protocol version %d.
  • API String ID: 544645111-395989641
  • Opcode ID: 1b1476fa8d7434b5acfbcf627e4e22a65e6369ca07b1b7e31b5c8beddfefbe09
  • Instruction ID: b3a558f8a684f47a23f627cf34130838077b15b985b45447d7aa0b5fb899eb13
  • Opcode Fuzzy Hash: 1b1476fa8d7434b5acfbcf627e4e22a65e6369ca07b1b7e31b5c8beddfefbe09
  • Instruction Fuzzy Hash: 28916732F1024046EB649779C84035E7F62BB947B8FE48225EF19977A8DA3DC982E301
APIs
Strings
  • Address %p has no image-section, xrefs: 00F42C9D
  • VirtualQuery failed for %d bytes at address %p, xrefs: 00F42C87
  • VirtualProtect failed with code 0x%x, xrefs: 00F42C46
Memory Dump Source
  • Source File: 00000000.00000002.1421785188.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true
  • Associated: 00000000.00000002.1421765370.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1421854834.0000000000F44000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1421873470.0000000000F46000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422159841.0000000001391000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422187173.0000000001395000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422208187.0000000001396000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422228822.0000000001398000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001442000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001467000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.000000000146E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422283019.0000000001495000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422378893.000000000149C000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1422399205.000000000149F000.00000002.00000001.01000000.00000003.sdmpDownload File
Similarity
  • API ID: Virtual$ErrorLastProtectQuery
  • String ID: VirtualProtect failed with code 0x%x$ VirtualQuery failed for %d bytes at address %p$Address %p has no image-section
  • API String ID: 637304234-2123141913
  • Opcode ID: 890526df270f1d2c80d5ad5804d4259fe30554934d11c1c4b3f60bb02d016eaa
  • Instruction ID: 8f979030fa16b8d9a69976c1ca1f06ab2e22deb745478d25c76bfd9735293e8f
  • Opcode Fuzzy Hash: 890526df270f1d2c80d5ad5804d4259fe30554934d11c1c4b3f60bb02d016eaa
  • Instruction Fuzzy Hash: 6651E373B01A5086DB658F26EC407AE7B61F794BA4F948225FE4D47364DB3CC986D300