Edit tour

Windows Analysis Report
SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe

Overview

General Information

Sample name:	SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe
Analysis ID:	1530463
MD5:	0cf6e58863853ae6163cf20cfe99379c
SHA1:	4284de670984d557dd6d4e1091c9eeaa089aad05
SHA256:	78a93828c62d7c6883a4121374937fbbeaec7a7f383f7fe756673859b9254821
Tags:	exe
Infos:

Detection

Score:	27
Range:	0 - 100
Whitelisted:	false
Confidence:	20%

Signatures

Potentially malicious time measurement code found

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to call native functions

Creates a DirectInput object (often for capturing keystrokes)

Detected potential crypto function

Found inlined nop instructions (likely shell or obfuscated code)

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

Installs a global mouse hook

Installs a raw input device (often for capturing keystrokes)

PE file contains more sections than normal

PE file contains sections with non-standard names

Potential time zone aware malware

Program does not show much activity (idle)

Queries the volume information (name, serial number etc) of a device

Classification

Process Tree

System is w10x64

SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe (PID: 7316 cmdline: "C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe" MD5: 0CF6E58863853AE6163CF20CFE99379C)

cleanup

Joe Sandbox Signatures

• Compliance
• Software Vulnerabilities
• Networking
• Key, Mouse, Clipboard, Microphone and Screen Capturing
• System Summary
• Data Obfuscation
• Hooking and other Techniques for Hiding and Protection
• Malware Analysis System Evasion
• Anti Debugging
• Language, Device and Operating System Detection

Click to jump to signature section

Show All Signature Results

Source: SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source:

Binary string: /tmp/go-build2872068834/b001/exe/a.out.pdb source: SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	Code function: 4x nop then shr rdi, 0Dh	0_2_00007FF61017B800
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	Code function: 4x nop then cmp rdx, 40h	0_2_00007FF610170960
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	Code function: 4x nop then shr r10, 0Dh	0_2_00007FF61017CC80
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	Code function: 4x nop then cmp rdx, rbx	0_2_00007FF61015BDA0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	Code function: 4x nop then lock or byte ptr [rdx], r8L	0_2_00007FF6101710A0

Source: SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	String found in binary or memory: http://dejavu.sourceforge.net
Source: SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	String found in binary or memory: http://dejavu.sourceforge.net/wiki/index.php/License
Source: SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	String found in binary or memory: http://dejavu.sourceforge.net/wiki/index.php/Licensehttp://dejavu.sourceforge.net/wiki/index.php/Lic
Source: SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	String found in binary or memory: http://dejavu.sourceforge.nethttp://dejavu.sourceforge.netFonts
Source: SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	String found in binary or memory: http://emojione.com/licensingColor
Source: SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	String found in binary or memory: http://emojione.comEmojiOne
Source: SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	String found in binary or memory: http://ocsp.thawte.com0
Source: SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	String found in binary or memory: http://s.symcb.com/pca3-g5.crl0
Source: SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	String found in binary or memory: http://s.symcd.com0_
Source: SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	String found in binary or memory: http://scripts.sil.org/OFL
Source: SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	String found in binary or memory: http://scripts.sil.org/OFLhttp://scripts.sil.org/OFL
Source: SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	String found in binary or memory: http://sw.symcb.com/sw.crl0
Source: SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	String found in binary or memory: http://sw.symcd.com0
Source: SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	String found in binary or memory: http://sw1.symcb.com/sw.crt0
Source: SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	String found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	String found in binary or memory: http://www.ascendercorp.com/
Source: SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	String found in binary or memory: http://www.ascendercorp.com/http://www.ascendercorp.com/http://www.ascendercorp.com/typedesigners.ht
Source: SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	String found in binary or memory: http://www.ascendercorp.com/typedesigners.html
Source: SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	String found in binary or memory: http://www.gimp.org/xmp/
Source: SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	String found in binary or memory: https://api.transmeter.nz2006-01-02T15:04:05Z07:00Time:
Source: SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	String found in binary or memory: https://d.symcb.com/cps0%
Source: SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	String found in binary or memory: https://d.symcb.com/rpa0
Source: SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	String found in binary or memory: https://d.symcb.com/rpa0)
Source: SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	String found in binary or memory: https://github.com/ziglang/zig-bootstrap

Source: SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe

Binary or memory string: DirectInput8Create

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe

Windows user hook set: 0 mouse low level C:\Windows\SYSTEM32\dinput8.dll

Jump to behavior

Source: SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe

Binary or memory string: GetRawInputData

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	Code function: 0_2_00007FF610182D80 RtlAddVectoredContinueHandler,NtWaitForSingleObject,RtlGetCurrentPeb,RtlGetNtVersionNumbers,timeBeginPeriod,timeEndPeriod,WSAGetOverlappedResult,	0_2_00007FF610182D80
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	Code function: 0_2_00007FF610195E00 NtWaitForSingleObject,	0_2_00007FF610195E00
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	Code function: 0_2_00007FF61018C3C0 NtWaitForSingleObject,	0_2_00007FF61018C3C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	Code function: 0_2_00007FF61018C4A0 NtWaitForSingleObject,	0_2_00007FF61018C4A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	Code function: 0_2_00007FF61018C580 NtWaitForSingleObject,	0_2_00007FF61018C580
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	Code function: 0_2_00007FF61018C660 NtWaitForSingleObject,	0_2_00007FF61018C660
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	Code function: 0_2_00007FF6101B9F60 NtWaitForSingleObject,	0_2_00007FF6101B9F60

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	Code function: 0_2_00007FF61018F2A0	0_2_00007FF61018F2A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	Code function: 0_2_00007FF61015D7C0	0_2_00007FF61015D7C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	Code function: 0_2_00007FF610185920	0_2_00007FF610185920
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	Code function: 0_2_00007FF610195960	0_2_00007FF610195960
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	Code function: 0_2_00007FF610175B20	0_2_00007FF610175B20
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	Code function: 0_2_00007FF61015CC20	0_2_00007FF61015CC20
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	Code function: 0_2_00007FF61018FCA0	0_2_00007FF61018FCA0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	Code function: 0_2_00007FF610178D00	0_2_00007FF610178D00
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	Code function: 0_2_00007FF610188FC0	0_2_00007FF610188FC0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	Code function: 0_2_00007FF610178060	0_2_00007FF610178060
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	Code function: 0_2_00007FF61016B140	0_2_00007FF61016B140
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	Code function: 0_2_00007FF61015E2C0	0_2_00007FF61015E2C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	Code function: 0_2_00007FF6101B2320	0_2_00007FF6101B2320
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	Code function: 0_2_00007FF610171300	0_2_00007FF610171300
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	Code function: 0_2_00007FF610199420	0_2_00007FF610199420
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	Code function: 0_2_00007FF6101CC420	0_2_00007FF6101CC420
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	Code function: 0_2_00007FF6101A7440	0_2_00007FF6101A7440
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	Code function: 0_2_00007FF61016B4E0	0_2_00007FF61016B4E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	Code function: 0_2_00007FF6101B54C9	0_2_00007FF6101B54C9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	Code function: 0_2_00007FF6101A15C0	0_2_00007FF6101A15C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	Code function: 0_2_00007FF6101C5660	0_2_00007FF6101C5660
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	Code function: 0_2_00007FF61015A640	0_2_00007FF61015A640
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	Code function: 0_2_00007FF6101C8700	0_2_00007FF6101C8700
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	Code function: 0_2_00007FF610189800	0_2_00007FF610189800
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	Code function: 0_2_00007FF61017B800	0_2_00007FF61017B800
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	Code function: 0_2_00007FF6101C1840	0_2_00007FF6101C1840
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	Code function: 0_2_00007FF61016E960	0_2_00007FF61016E960
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	Code function: 0_2_00007FF61019C980	0_2_00007FF61019C980
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	Code function: 0_2_00007FF6101C6A00	0_2_00007FF6101C6A00
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	Code function: 0_2_00007FF610190A60	0_2_00007FF610190A60
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	Code function: 0_2_00007FF610172A80	0_2_00007FF610172A80
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	Code function: 0_2_00007FF61016AB20	0_2_00007FF61016AB20
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	Code function: 0_2_00007FF61018CBE0	0_2_00007FF61018CBE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	Code function: 0_2_00007FF610165BE0	0_2_00007FF610165BE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	Code function: 0_2_00007FF6101CBC00	0_2_00007FF6101CBC00
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	Code function: 0_2_00007FF61017CC80	0_2_00007FF61017CC80
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	Code function: 0_2_00007FF6101AACC0	0_2_00007FF6101AACC0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	Code function: 0_2_00007FF61017BCC0	0_2_00007FF61017BCC0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	Code function: 0_2_00007FF61019FD20	0_2_00007FF61019FD20
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	Code function: 0_2_00007FF6101C8DC0	0_2_00007FF6101C8DC0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	Code function: 0_2_00007FF6101C3E00	0_2_00007FF6101C3E00
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	Code function: 0_2_00007FF6101C1F80	0_2_00007FF6101C1F80
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	Code function: 0_2_00007FF6101C8FC0	0_2_00007FF6101C8FC0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	Code function: 0_2_00007FF61017E0A0	0_2_00007FF61017E0A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	Code function: 0_2_00007FF6101820C0	0_2_00007FF6101820C0

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	Code function: String function: 00007FF6101882A0 appears 587 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	Code function: String function: 00007FF6101A0880 appears 37 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	Code function: String function: 00007FF610189D40 appears 53 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	Code function: String function: 00007FF61018A560 appears 548 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	Code function: String function: 00007FF610188380 appears 34 times

Source: SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe

Static PE information: Number of sections : 12 > 10

Source: classification engine

Classification label: sus27.evad.winEXE@1/0@0/0

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe

File created: C:\Users\user\AppData\Roaming\fyne

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe

File opened: C:\Windows\system32\f6c90f171ff4f54575ee89dd3874d18bf95e6dcbd1df116ec56bdd9cc6153f36AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

Jump to behavior

Source: SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	String found in binary or memory: github.com/go-text/typesetting/opentype/loader.(*Loader).RawTable
Source: SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	String found in binary or memory: github.com/go-text/typesetting/opentype/loader.(*Loader).HasTable
Source: SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	String found in binary or memory: net/addrselect.go
Source: SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	String found in binary or memory: github.com/go-text/typesetting@v0.1.0/opentype/loader/opentype.go
Source: SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	String found in binary or memory: github.com/go-text/typesetting@v0.1.0/opentype/loader/reader_woff.go
Source: SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	String found in binary or memory: github.com/go-text/typesetting@v0.1.0/opentype/loader/reader.go
Source: SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	String found in binary or memory: github.com/go-text/typesetting@v0.1.0/opentype/loader/reader_otf.go
Source: SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	String found in binary or memory: github.com/go-text/typesetting/opentype/loader.NewTag
Source: SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	String found in binary or memory: github.com/go-text/typesetting/opentype/loader.NewLoader
Source: SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	String found in binary or memory: github.com/go-text/typesetting/opentype/loader.Tag.String
Source: SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	String found in binary or memory: github.com/go-text/typesetting/opentype/loader.(*Loader).findTableBuffer
Source: SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	String found in binary or memory: github.com/go-text/typesetting/opentype/loader.(*Loader).RawTableTo
Source: SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	String found in binary or memory: github.com/go-text/typesetting/opentype/loader.parseOneFont
Source: SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	String found in binary or memory: github.com/go-text/typesetting/opentype/loader.(*Loader).findTableBuffer.func1
Source: SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	String found in binary or memory: github.com/go-text/typesetting/opentype/loader.readWOFFHeader
Source: SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	String found in binary or memory: github.com/go-text/typesetting/opentype/loader.readWOFFEntry
Source: SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	String found in binary or memory: github.com/go-text/typesetting/opentype/loader.readOTFHeader
Source: SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	String found in binary or memory: github.com/go-text/typesetting/opentype/loader.parseOTF
Source: SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	String found in binary or memory: github.com/go-text/typesetting/opentype/loader.readOTFEntry
Source: SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	String found in binary or memory: github.com/go-text/typesetting/opentype/loader.MustNewTag
Source: SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	String found in binary or memory: github.com/go-text/typesetting/opentype/loader.(*Tag).String
Source: SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	String found in binary or memory: github.com/go-text/typesetting/opentype/loader.parseWOFF
Source: SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	String found in binary or memory: github.com/go-text/typesetting/opentype/loader.init
Source: SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	String found in binary or memory: \"/[]?=menu-expand.svgcontent-add.svgcontent-cut.svgfolder-open.svgmedia-music.svgmedia-photo.svgmedia-video.svgmedia-pause.svgvolume-down.svgvolume-mute.svgmediaFastRewindselectionRadiusnot a valid URIRegCreateKeyExWRegDeleteValueWreflectlite.Setbad IHDR leng
Source: SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	String found in binary or memory: d more dataREQUEST_METHODarrow-back.svgarrow-down.svgfile-audio.svgfile-image.svgfile-video.svgfolder-new.svgmail-reply.svgmedia-play.svgmedia-stop.svgvisibility.svgdisabledButtonmenuBackgrounddocumentCreatemoreHorizontalmailAttachmentviewFullScreenscrollBarSm
Source: SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	String found in binary or memory: on zero Valueunknown methodAccept-CharsetDkim-Signatureneed more dataREQUEST_METHODarrow-back.svgarrow-down.svgfile-audio.svgfile-image.svgfile-video.svgfolder-new.svgmail-reply.svgmedia-play.svgmedia-stop.svgvisibility.svgdisabledButtonmenuBackgrounddocument
Source: SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	String found in binary or memory: unknown methodAccept-CharsetDkim-Signatureneed more dataREQUEST_METHODarrow-back.svgarrow-down.svgfile-audio.svgfile-image.svgfile-video.svgfolder-new.svgmail-reply.svgmedia-play.svgmedia-stop.svgvisibility.svgdisabledButtonmenuBackgrounddocumentCreatemoreHori
Source: SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	String found in binary or memory: .github.com/go-text/typesetting/opentype/loader
Source: SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	String found in binary or memory: .github.com/go-text/typesetting/opentype/loader
Source: SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	String found in binary or memory: StrokeWidth!xml:"stroke-width,attr,omitempty"-struct { F uintptr; covs []tables.Coverage }-golang.org/x/text/encoding/traditionalchinese.func(big.Int, big.Int) (big.Int, big.Int).func(bool, func(int32) bool) ([]uint8, error).map[http.connectMethodKey][]http.persistConn.map[http.http2FrameType]http.http2frameParser.struct { F uintptr; R http.http2ClientConn }.struct { F uintptr; .autotmp_60 time.Timer }.struct { F uintptr; snapshot strings.Reader }.struct { F uintptr; .autotmp_1 glfw.window }.struct { F uintptr; .autotmp_5 glfw.window }.func(ast.NodeKind, renderer.NodeRendererFunc).github.com/go-text/typesetting/opentype/loader.func(vg.Canvas, string, text.Style, vg.Point).struct { F uintptr; table tables.GPOSLookup }.struct { F uintptr; table tables.GSUBLookup }.github.com/go-text/typesetting/opentype/tables.struct { F uintptr; num int; ranges []uint8 }
Source: SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	String found in binary or memory: stopm spinning nmidlelocked= needspinning=store64 failedsemaRoot queuebad allocCountbad span statestack overflow untyped args out of range no module data in goroutine .WithDeadline(<not Stringer>getprotobynameunknown mode: data truncatedfile too largelevel 2 haltedlevel 3 haltedtoo many linksno such deviceprotocol errortext file busytoo many usersCryptGenRandomCertCloseStoreCreateProcessWFindFirstFileWFormatMessageWGetConsoleModeGetProcAddressProcess32NextWSetFilePointerNetUserGetInfoGetUserNameExWTranslateNameW procedure in winapi error #unsafe.Pointer on zero Valueunknown methodAccept-CharsetDkim-Signatureneed more dataREQUEST_METHODarrow-back.svgarrow-down.svgfile-audio.svgfile-image.svgfile-video.svgfolder-new.svgmail-reply.svgmedia-play.svgmedia-stop.svgvisibility.svgdisabledButtonmenuBackgrounddocumentCreatemoreHorizontalmailAttachmentviewFullScreenscrollBarSmallSystrayMonitorFyne error: %vRegSetValueExWunknown markerbad RST markernot a PNG fileInstEmptyWidth%%EndComments
Source: SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	String found in binary or memory: morebuf={pc:: no frame (sp=runtime: frame runtimer: bad ptraceback stuckmissing address/etc/mdns.allowunknown network0601021504Z0700invalid booleannon-minimal tagunknown Go typeadvertise errorkey has expirednetwork is downno medium foundno such processGetAdaptersInfoCreateHardLinkWDeviceIoControlFlushViewOfFileGetCommandLineWGetStartupInfoWProcess32FirstWUnmapViewOfFileFailed to load Failed to find invalid argSize<invalid Value>Hanifi_RohingyaPsalter_PahlaviAccept-LanguageX-Forwarded-For()<>@,;:\"/[]?=menu-expand.svgcontent-add.svgcontent-cut.svgfolder-open.svgmedia-music.svgmedia-photo.svgmedia-video.svgmedia-pause.svgvolume-down.svgvolume-mute.svgmediaFastRewindselectionRadiusnot a valid URIRegCreateKeyExWRegDeleteValueWreflectlite.Setbad IHDR lengthbad PLTE lengthbad tRNS lengthbad filter typebad IEND lengthFencedCodeBlockfont load errorImpersonateSelfOpenThreadTokenjstmpllitinterptarinsecurepathzipinsecurepathavx512vpopcntdqinvalid pointerNoWindowContextCreatePopupMenuCreateWindowExWInsertMenuItemWPostQuitMessageround_rectangleGetSecurityInfoSetSecurityInfoFindNextVolumeWFindVolumeCloseGetCommTimeoutsIsWow64Process2QueryDosDeviceWSetCommTimeoutsSetVolumeLabelWRtlDefaultNpAclCLSIDFromStringStringFromGUID2IsWindowUnicodeIsWindowVisibletimeBeginPeriodAddDllDirectory (no semicolon)unknown commandAddTo: bad path^[ ]{0,3}<!\-\-sfnt: not foundCIDFontRevisionExpansionFactor\hookrightarrow\leftrightarrow\longrightarrow\rightharpoonup\Leftrightarrow\Longrightarrow/Subtype /Type1/CIDSystemInfo /Subtype /Image/ColorSpace /%s/Encrypt %d 0 Rnot supported
Source: SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	String found in binary or memory: github.com/go-text/typesetting/opentype/loader.Tag.String
Source: SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	String found in binary or memory: github.com/go-text/typesetting/opentype/loader.(*Loader).findTableBuffer
Source: SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	String found in binary or memory: github.com/go-text/typesetting/opentype/loader.(*Loader).findTableBuffer.func1
Source: SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	String found in binary or memory: github.com/go-text/typesetting/opentype/loader.(*Loader).RawTableTo
Source: SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	String found in binary or memory: github.com/go-text/typesetting/opentype/loader.parseOneFont
Source: SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	String found in binary or memory: github.com/go-text/typesetting/opentype/loader.readOTFHeader
Source: SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	String found in binary or memory: github.com/go-text/typesetting/opentype/loader.readOTFEntry
Source: SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	String found in binary or memory: github.com/go-text/typesetting/opentype/loader.parseOTF
Source: SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	String found in binary or memory: github.com/go-text/typesetting/opentype/loader.readWOFFHeader
Source: SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	String found in binary or memory: github.com/go-text/typesetting/opentype/loader.readWOFFEntry
Source: SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	String found in binary or memory: github.com/go-text/typesetting/opentype/loader.parseWOFF
Source: SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	String found in binary or memory: github.com/go-text/typesetting/opentype/loader.init
Source: SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	String found in binary or memory: github.com/go-text/typesetting/opentype/loader.MustNewTag
Source: SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	String found in binary or memory: github.com/go-text/typesetting/opentype/loader.(*Tag).String
Source: SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	String found in binary or memory: github.com/go-text/typesetting/opentype/loader.(*Loader).RawTable
Source: SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	String found in binary or memory: github.com/go-text/typesetting/opentype/loader.(*Loader).HasTable
Source: SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	String found in binary or memory: github.com/go-text/typesetting/opentype/loader.NewTag
Source: SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	String found in binary or memory: github.com/go-text/typesetting/opentype/loader.NewLoader
Source: SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	String found in binary or memory: net/addrselect.go
Source: SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	String found in binary or memory: github.com/go-text/typesetting@v0.1.0/opentype/loader/opentype.go
Source: SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	String found in binary or memory: github.com/go-text/typesetting@v0.1.0/opentype/loader/reader.go
Source: SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	String found in binary or memory: github.com/go-text/typesetting@v0.1.0/opentype/loader/reader_otf.go
Source: SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	String found in binary or memory: github.com/go-text/typesetting@v0.1.0/opentype/loader/reader_woff.go

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe

File read: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	Section loaded: opengl32.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	Section loaded: glu32.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	Section loaded: dinput8.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	Section loaded: xinput1_4.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	Section loaded: devobj.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	Section loaded: inputhost.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	Section loaded: hid.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	Section loaded: appxdeploymentclient.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	Section loaded: textinputframework.dll	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25E609E4-B259-11CF-BFC7-444553540000}\InProcServer32

Jump to behavior

Source: SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe

Static PE information: Virtual size of .text is bigger than: 0x100000

Source: SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe

Static PE information: Image base 0x140000000 > 0x60000000

Source: SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe

Static file information: File size 24577536 > 1048576

Source: SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	Static PE information: Raw size of .text is bigger than: 0x100000 < 0x584200
Source: SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	Static PE information: Raw size of .rdata is bigger than: 0x100000 < 0x569600
Source: SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	Static PE information: Raw size of .data is bigger than: 0x100000 < 0xc43200

Source: SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:

Binary string: /tmp/go-build2872068834/b001/exe/a.out.pdb source: SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe

Source: SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	Static PE information: section name: .buildid
Source: SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	Static PE information: section name: /4
Source: SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	Static PE information: section name: /18
Source: SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	Static PE information: section name: /33
Source: SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	Static PE information: section name: /45

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe

Code function: 0_2_00007FF6101B8200 rdtscp

0_2_00007FF6101B8200

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe

API coverage: 5.9 %

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe

System information queried: CurrentTimeZoneInformation

Jump to behavior

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe, 00000000.00000002.2231395061.00000219F6EE2000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	Binary or memory string: zJVSk/BwJVmcIGfE7vmLV2H0knZ9P4SNVbfo5azV8fUZVqZa+5Acr5Pr5RzUZ5dd

Anti Debugging

Potentially malicious time measurement code found

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe

Code function: 0_2_00007FF6101B8200 Start: 00007FF6101B8209 End: 00007FF6101B821F

0_2_00007FF6101B8200

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe

Code function: 0_2_00007FF6101B8200 rdtscp

0_2_00007FF6101B8200

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe

Code function: 0_2_00007FF6106AA070 GetStartupInfoA,Sleep,Sleep,_amsg_exit,_initterm,SetUnhandledExceptionFilter,malloc,strlen,malloc,_cexit,

0_2_00007FF6106AA070

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	Queries volume information: C:\Users\user\AppData\Roaming\fyne\nz.transmeter.app VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	Queries volume information: C:\Users\user\AppData\Roaming\fyne VolumeInformation			Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	2 Command and Scripting Interpreter	1 DLL Side-Loading	1 DLL Side-Loading	1 Masquerading	31 Input Capture	1 System Time Discovery	Remote Services	31 Input Capture	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Deobfuscate/Decode Files or Information	LSASS Memory	11 Security Software Discovery	Remote Desktop Protocol	1 Archive Collected Data	Junk Data	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 DLL Side-Loading	Security Account Manager	12 System Information Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	Steganography	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	2 Obfuscated Files or Information	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	4%	Virustotal		Browse

Source	Detection	Scanner	Label	Link
fp2e7a.wpc.phicdn.net	0%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label	Link
http://crl.thawte.com/ThawteTimestampingCA.crl0	0%	URL Reputation	safe
http://crl.thawte.com/ThawteTimestampingCA.crl0	0%	URL Reputation	safe
http://ocsp.thawte.com0	0%	URL Reputation	safe
http://ocsp.thawte.com0	0%	URL Reputation	safe
http://www.gimp.org/xmp/	0%	URL Reputation	safe
http://scripts.sil.org/OFL	0%	URL Reputation	safe
http://www.ascendercorp.com/http://www.ascendercorp.com/http://www.ascendercorp.com/typedesigners.ht	0%	Virustotal		Browse
http://www.ascendercorp.com/	0%	Virustotal		Browse
http://dejavu.sourceforge.net/wiki/index.php/Licensehttp://dejavu.sourceforge.net/wiki/index.php/Lic	0%	Virustotal		Browse
http://www.ascendercorp.com/typedesigners.html	0%	Virustotal		Browse
https://github.com/ziglang/zig-bootstrap	0%	Virustotal		Browse
http://emojione.com/licensingColor	0%	Virustotal		Browse
http://dejavu.sourceforge.net/wiki/index.php/License	0%	Virustotal		Browse
http://dejavu.sourceforge.net	0%	Virustotal		Browse
http://scripts.sil.org/OFLhttp://scripts.sil.org/OFL	0%	Virustotal		Browse

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
fp2e7a.wpc.phicdn.net	192.229.221.95	true	false	0%, Virustotal, Browse	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://www.ascendercorp.com/http://www.ascendercorp.com/http://www.ascendercorp.com/typedesigners.ht	SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	false	0%, Virustotal, Browse	unknown
http://www.ascendercorp.com/	SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	false	0%, Virustotal, Browse	unknown
http://crl.thawte.com/ThawteTimestampingCA.crl0	SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	false	URL Reputation: safe URL Reputation: safe	unknown
http://ocsp.thawte.com0	SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	false	URL Reputation: safe URL Reputation: safe	unknown
http://www.gimp.org/xmp/	SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	false	URL Reputation: safe	unknown
https://api.transmeter.nz2006-01-02T15:04:05Z07:00Time:	SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	false		unknown
https://github.com/ziglang/zig-bootstrap	SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	false	0%, Virustotal, Browse	unknown
http://emojione.comEmojiOne	SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	false		unknown
http://dejavu.sourceforge.net/wiki/index.php/Licensehttp://dejavu.sourceforge.net/wiki/index.php/Lic	SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	false	0%, Virustotal, Browse	unknown
http://www.ascendercorp.com/typedesigners.html	SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	false	0%, Virustotal, Browse	unknown
http://scripts.sil.org/OFLhttp://scripts.sil.org/OFL	SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	false	0%, Virustotal, Browse	unknown
http://scripts.sil.org/OFL	SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	false	URL Reputation: safe	unknown
http://dejavu.sourceforge.net/wiki/index.php/License	SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	false	0%, Virustotal, Browse	unknown
http://emojione.com/licensingColor	SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	false	0%, Virustotal, Browse	unknown
http://dejavu.sourceforge.nethttp://dejavu.sourceforge.netFonts	SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	false		unknown
http://dejavu.sourceforge.net	SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe	false	0%, Virustotal, Browse	unknown

World Map of Contacted IPs

⊘No contacted IP infos

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1530463
Start date and time:	2024-10-10 06:29:15 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 9s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	2
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe
Detection:	SUS
Classification:	sus27.evad.winEXE@1/0@0/0
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 83% Number of executed functions: 13 Number of non-executed functions: 48
Cookbook Comments:	Found application associated with file extension: .exe Stop behavior analysis, all processes terminated

Warnings

Exclude process from analysis (whitelisted): dllhost.exe
Excluded IPs from analysis (whitelisted): 20.190.160.22, 40.126.32.74, 20.190.160.20, 40.126.32.134, 40.126.32.138, 40.126.32.76, 40.126.32.72, 20.190.160.17, 93.184.221.240, 20.12.23.50
Excluded domains from analysis (whitelisted): client.wns.windows.com, prdv4a.aadg.msidentity.com, otelrules.azureedge.net, ctldl.windowsupdate.com.delivery.microsoft.com, slscr.update.microsoft.com, wu.ec.azureedge.net, www.tm.v4.a.prd.aadg.trafficmanager.net, ctldl.windowsupdate.com, wu.azureedge.net, login.msa.msidentity.com, ocsp.digicert.com, login.live.com, ocsp.edge.digicert.com, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, hlb.apr-52dd2-0.edgecastdns.net, sls.update.microsoft.com, wu-b-net.trafficmanager.net, www.tm.lg.prod.aadmsa.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
fp2e7a.wpc.phicdn.net	http://blacksaltys.com	Get hash	malicious	Unknown	Browse	192.229.221.95
	https://embassyatlantahub.com/res444.php?4-68747470733a2f2f632e7468696d65726e65742e636f6d2f623174462f-#m	Get hash	malicious	Unknown	Browse	192.229.221.95
	http://www.cottesloecounselling.com.au/anna-amhrose.html	Get hash	malicious	Unknown	Browse	192.229.221.95
	https://dlce.cc/fbacdcb212bcbb323077d5a99ef04c07	Get hash	malicious	Unknown	Browse	192.229.221.95
	https://dlce.cc/fbacdcb212bcbb323077d5a99ef04c07	Get hash	malicious	Unknown	Browse	192.229.221.95
	2efOvyn28p.exe	Get hash	malicious	Stealc, Vidar	Browse	192.229.221.95
	https://urlr.me/mqbyf	Get hash	malicious	Unknown	Browse	192.229.221.95
	https://link.edgepilot.com/s/66670586/vw0py2v3TkuVLaWS3JAaPg?u=https://bharatgroup.net/	Get hash	malicious	Unknown	Browse	192.229.221.95
	https://subsale24h.com/	Get hash	malicious	Unknown	Browse	192.229.221.95
	https://unscsupply.goshopgaming.com/?bypass-cdn=1	Get hash	malicious	Unknown	Browse	192.229.211.108

File type:	PE32+ executable (GUI) x86-64, for MS Windows
Entropy (8bit):	6.854442945845822
TrID:	Win64 Executable GUI (202006/5) 92.65% Win64 Executable (generic) (12005/4) 5.51% Generic Win/DOS Executable (2004/3) 0.92% DOS Executable Generic (2002/1) 0.92% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe
File size:	24'577'536 bytes
MD5:	0cf6e58863853ae6163cf20cfe99379c
SHA1:	4284de670984d557dd6d4e1091c9eeaa089aad05
SHA256:	78a93828c62d7c6883a4121374937fbbeaec7a7f383f7fe756673859b9254821
SHA512:	cfdf37ea43df46b821cd382372bf253d471e2fb61001e8db49e2ae9e1b823f4c91464ffc47d7e7a0244f00ac91942b537210788c5e479b8d3fcea39794bcaef7
SSDEEP:	393216:NWJ1gXPwcLoYJFKP1JnB3Zdp1uPGiSPWw1J:A1gXJFKPVfp1uVS+w1
TLSH:	E637BE07FA525BE8C46A9834C67153967732BC48AB2A13C77F84B7686E777D08E34390
File Content Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...E..f..w......."......BX.........P.U........@............................. ~...........`........................................

File Icon


Icon Hash:	860404d5d591d555

Static PE Info

General

Entrypoint:	0x14055a050
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x140000000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics:	HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:	0x66909B45 [Fri Jul 12 02:56:05 2024 UTC]
TLS Callbacks:	0x4055a4e0, 0x1, 0x4055a560, 0x1
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	1
File Version Major:	6
File Version Minor:	1
Subsystem Version Major:	6
Subsystem Version Minor:	1
Import Hash:	c882abb81c8df1cca45c830fbfb17df0

Entrypoint Preview

Instruction
dec eax
sub esp, 28h
dec eax
mov eax, dword ptr [0058BF3Dh]
mov dword ptr [eax], 00000001h
call 00007F11B50A89BFh
nop
nop
nop
dec eax
add esp, 28h
ret
nop
inc ecx
push edi
inc ecx
push esi
push esi
push edi
push ebx
dec eax
sub esp, 00000090h
xorps xmm0, xmm0
movaps esp+70h, dqword ptr [xmm0]
movaps esp+60h, dqword ptr [xmm0]
movaps esp+50h, dqword ptr [xmm0]
movaps esp+40h, dqword ptr [xmm0]
movaps esp+30h, dqword ptr [xmm0]
movaps esp+20h, dqword ptr [xmm0]
dec eax
mov dword ptr [esp+00000080h], 00000000h
dec eax
mov esi, dword ptr [0058BEE6h]
cmp dword ptr [esi], 00000000h
je 00007F11B50A89BDh
dec eax
lea ecx, dword ptr [esp+20h]
call dword ptr [0059007Eh]
dec eax
mov eax, dword ptr [00000030h]
dec esp
mov esi, dword ptr [eax+08h]
dec eax
mov edi, dword ptr [0058BEEAh]
xor eax, eax
dec esp
cmpxchg dword ptr [edi], esi
sete bl
je 00007F11B50A89D9h
dec ecx
cmp esi, eax
je 00007F11B50A89D4h
dec esp
mov edi, dword ptr [0059013Ah]
nop
mov ecx, 000003E8h
inc ecx
call edi
xor eax, eax
dec esp
cmpxchg dword ptr [edi], esi
sete bl
je 00007F11B50A89B7h
dec ecx
cmp esi, eax
jne 00007F11B50A8999h
dec esp
mov esi, dword ptr [0058BEB8h]
inc ecx
mov eax, dword ptr [esi]
cmp eax, 01h
jne 00007F11B50A89BEh

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0xae95e8	0x259	.rdata
IMAGE_DIRECTORY_ENTRY_IMPORT	0xae9841	0x8c	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x17c0000	0x1410	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x179d000	0x21a5c	.pdata
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x17c2000	0x1b65c	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0xaf0000	0x1c	.buildid
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0xae6018	0x28	.rdata
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0xaea000	0x730	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x5840f6	0x584200	6eb05eed2eeae6eafddf44bcc1d2fdf7	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x586000	0x5695e0	0x569600	4dee9f1f96b473829b43d0021ea57a7d	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.buildid	0xaf0000	0x5f	0x200	ae5b372deb6a118c0ebd120ea40c9445	False	0.19921875	data	1.3813656052918593	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0xaf1000	0xcab240	0xc43200	53747ba7b5b14b25e3c44763f3b2e50d	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.pdata	0x179d000	0x21a5c	0x21c00	7685a1f0b23f0abbd77242a09edacad8	False	0.4155743634259259	data	5.745936750518542	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.tls	0x17bf000	0x10	0x200	bf619eac0cdf3f68d496ea9344137e8b	False	0.02734375	data	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x17c0000	0x1410	0x1600	dc872626d18820e1fa5d06a5c40bb1a3	False	0.7595880681818182	data	7.04684586071524	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x17c2000	0x1b65c	0x1b800	0212db2ac8a7646e7b1244659c1cb534	False	0.19723899147727272	data	5.438393937858197	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
/4	0x17de000	0x21	0x200	85d33ba7e7f24db7ea62dab6fa35c2d0	False	0.083984375	data	0.4932472998872501	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
/18	0x17df000	0x30	0x200	2e4bd0cd591d66e4563d7290d074399c	False	0.05859375	data	0.1833387916558982	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
/33	0x17e0000	0xd6	0x200	0e9e6ac4c56f2660eb16b4c97f4f9330	False	0.369140625	data	2.8560749639908205	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
/45	0x17e1000	0x4f	0x200	eee64425652dac312de3c9cb5d45fc9e	False	0.146484375	data	0.9348086305266713	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_ICON	0x17c0130	0x101c	PNG image data, 200 x 150, 8-bit/color RGB, non-interlaced	English	United States	0.9080989330746848
RT_GROUP_ICON	0x17c1150	0x14	data	English	United States	1.25
RT_VERSION	0x17c1168	0x188	Alpha compressed COFF	English	United States	0.47959183673469385
RT_MANIFEST	0x17c12f0	0x11b	XML 1.0 document, ASCII text	English	United States	0.657243816254417

Imports

DLL	Import
GDI32.dll	ChoosePixelFormat, CreateBitmap, CreateDCW, CreateDIBSection, CreateRectRgn, DeleteDC, DeleteObject, DescribePixelFormat, GetDeviceCaps, GetDeviceGammaRamp, SetDeviceGammaRamp, SetPixelFormat, SwapBuffers
OPENGL32.dll	wglGetProcAddress
KERNEL32.dll	AddVectoredExceptionHandler, CloseHandle, CreateEventA, CreateFileA, CreateIoCompletionPort, CreateThread, CreateWaitableTimerExW, DeleteCriticalSection, DuplicateHandle, EnterCriticalSection, ExitProcess, FormatMessageW, FreeEnvironmentStringsW, FreeLibrary, GetConsoleMode, GetCurrentThreadId, GetEnvironmentStringsW, GetErrorMode, GetLastError, GetModuleHandleExW, GetModuleHandleW, GetProcAddress, GetProcessAffinityMask, GetQueuedCompletionStatusEx, GetStartupInfoA, GetStdHandle, GetSystemDirectoryA, GetSystemInfo, GetThreadContext, GlobalAlloc, GlobalFree, GlobalLock, GlobalUnlock, InitializeCriticalSection, IsDBCSLeadByteEx, LeaveCriticalSection, LoadLibraryA, LoadLibraryExW, LoadLibraryW, MultiByteToWideChar, PostQueuedCompletionStatus, QueryPerformanceCounter, QueryPerformanceFrequency, RaiseFailFastException, ResumeThread, SetConsoleCtrlHandler, SetErrorMode, SetEvent, SetProcessPriorityBoost, SetThreadContext, SetThreadExecutionState, SetUnhandledExceptionFilter, SetWaitableTimer, Sleep, SuspendThread, SwitchToThread, TlsAlloc, TlsFree, TlsGetValue, TlsSetValue, VerSetConditionMask, VirtualAlloc, VirtualFree, VirtualProtect, VirtualQuery, WaitForMultipleObjects, WaitForSingleObject, WerGetFlags, WerSetFlags, WideCharToMultiByte, WriteConsoleW, WriteFile, __C_specific_handler
msvcrt.dll	___lc_codepage_func, ___mb_cur_max_func, __getmainargs, __initenv, __iob_func, __set_app_type, __setusermatherr, _acmdln, _amsg_exit, _beginthread, _cexit, _commode, _errno, _fmode, _initterm, _lock, _onexit, _unlock, abort, calloc, exit, fprintf, fputc, free, fwrite, getc, islower, isspace, isupper, isxdigit, localeconv, malloc, qsort, realloc, signal, strcmp, strcpy, strcspn, strerror, strlen, strncmp, strncpy, strspn, strstr, strtok, strtol, strtoul, tolower, ungetc, vfprintf, wcscmp, wcscpy, wcslen
SHELL32.dll	DragAcceptFiles, DragFinish, DragQueryFileW, DragQueryPoint
USER32.dll	AdjustWindowRectEx, BringWindowToTop, ChangeDisplaySettingsExW, ClientToScreen, ClipCursor, CloseClipboard, CreateIconIndirect, CreateWindowExW, DefWindowProcW, DestroyIcon, DestroyWindow, DispatchMessageW, EmptyClipboard, EnumDisplayDevicesW, EnumDisplayMonitors, EnumDisplaySettingsExW, EnumDisplaySettingsW, FlashWindow, GetActiveWindow, GetClassLongPtrW, GetClientRect, GetClipboardData, GetCursorPos, GetDC, GetKeyState, GetLayeredWindowAttributes, GetMessageTime, GetMonitorInfoW, GetPropW, GetRawInputData, GetRawInputDeviceInfoA, GetRawInputDeviceList, GetSystemMetrics, GetWindowLongW, GetWindowPlacement, GetWindowRect, IsIconic, IsWindowVisible, IsZoomed, LoadCursorW, LoadImageW, MapVirtualKeyW, MonitorFromWindow, MoveWindow, MsgWaitForMultipleObjects, OffsetRect, OpenClipboard, PeekMessageW, PostMessageW, PtInRect, RegisterClassExW, RegisterDeviceNotificationW, RegisterRawInputDevices, ReleaseCapture, ReleaseDC, RemovePropW, ScreenToClient, SendMessageW, SetCapture, SetClipboardData, SetCursor, SetCursorPos, SetFocus, SetForegroundWindow, SetLayeredWindowAttributes, SetPropW, SetRect, SetWindowLongW, SetWindowPlacement, SetWindowPos, SetWindowTextW, ShowWindow, SystemParametersInfoW, ToUnicode, TrackMouseEvent, TranslateMessage, UnregisterClassW, UnregisterDeviceNotification, WaitMessage, WindowFromPoint

Exports

Name	Ordinal	Address
_cgo_dummy_export	1	0x14179a660
glowDebugCallback_gl21	2	0x140542830
goCharCB	3	0x14052d040
goCharModsCB	4	0x14052d090
goCursorEnterCB	5	0x14052cf10
goCursorPosCB	6	0x14052cea0
goDropCB	7	0x14052d0f0
goErrorCB	8	0x14052cda0
goFramebufferSizeCB	9	0x14052d260
goJoystickCB	10	0x14052cdf0
goKeyCB	11	0x14052cfd0
goMonitorCB	12	0x14052d150
goMouseButtonCB	13	0x14052ce40
goScrollCB	14	0x14052cf60
goWindowCloseCB	15	0x14052d2c0
goWindowContentScaleCB	16	0x14052d430
goWindowFocusCB	17	0x14052d390
goWindowIconifyCB	18	0x14052d3e0
goWindowMaximizeCB	19	0x14052d300
goWindowPosCB	20	0x14052d1a0
goWindowRefreshCB	21	0x14052d350
goWindowSizeCB	22	0x14052d200

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Oct 10, 2024 06:30:20.540833950 CEST	1.1.1.1	192.168.2.5	0xae28	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 10, 2024 06:30:20.540833950 CEST	1.1.1.1	192.168.2.5	0xae28	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false

Statistics

CPU Usage

• SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe

Click to jump to process

Memory Usage

• SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe

Click to jump to process

High Level Behavior Distribution

• File
• Registry

Click to dive into process behavior distribution

Target ID:	0
Start time:	00:30:22
Start date:	10/10/2024
Path:	C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe"
Imagebase:	0x7ff610150000
File size:	24'577'536 bytes
MD5 hash:	0CF6E58863853AE6163CF20CFE99379C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Go lang
Reputation:	low
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage

Dynamic/Packed Code Coverage

Signature Coverage

Execution Coverage:	1.3%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	19.8%
Total number of Nodes:	1390
Total number of Limit Nodes:	118

Executed Functions

Function 00007FF610182D80 Relevance: 45.3, Strings: 36, Instructions: 274
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

kernel32.dll, xrefs: 00007FF610182D9A
nPeriod, xrefs: 00007FF61018312B
SystemFu, xrefs: 00007FF610182EBD
RtlGetNt, xrefs: 00007FF610183054
timeBegin/EndPeriod not foundruntime: sudog with non-nil cgfput: bad status (not Gdead)LockOSThread nesting overflowsemacquire not on the G stackruntime: split stack overflowstring concatenation too longinvalid function symbol tableinvalid length of trace even, xrefs: 00007FF610183325
advapi32.dll, xrefs: 00007FF610182E75
winmm.dll, xrefs: 00007FF6101830CF
WSAGetOverlappedResult not found_cgo_pthread_key_created missingruntime: sudog with non-nil elemruntime: sudog with non-nil nextruntime: sudog with non-nil prevruntime: mcall function returnedruntime: newstack called from g=runtime: stack split at bad timepani, xrefs: 00007FF610183301
ine_get_, xrefs: 00007FF6101832B4
ForSingl, xrefs: 00007FF610182F91
ntdll.dll, xrefs: 00007FF610182F32
tVersion, xrefs: 00007FF610183066
verlappe, xrefs: 00007FF610183240
tlGetCur, xrefs: 00007FF610182FFC
redConti, xrefs: 00007FF610182E00
Numbers, xrefs: 00007FF610183078
Continue, xrefs: 00007FF610182E12
dResult, xrefs: 00007FF610183252
kernel32.dll not foundadvapi32.dll not foundduplicated defer entryruntime.main not on m0set_crosscall2 missingbad g->status in readywirep: invalid p stateassembly checks failedstack not a power of 2minpc or maxpc invalidcompileCallback: type trace: alloc too l, xrefs: 00007FF610183369
rentPeb, xrefs: 00007FF61018300B
dPeriod, xrefs: 00007FF61018317E
WSAGetOv, xrefs: 00007FF61018322E
timeEndP, xrefs: 00007FF61018316F
ws2_32.dll, xrefs: 00007FF6101831E6
Handler, xrefs: 00007FF610182E24
AddVecto, xrefs: 00007FF610182DEE
RtlGetCu, xrefs: 00007FF610182FED
ws2_32.dll not foundpreempt off reason: forcegc: phase errorgopark: bad g statusgo of nil func valuewirep: already in goselectgo: bad wakeupsemaRoot rotateRightreflect.makeFuncStubdodeltimer0: wrong Ptrace: out of memoryinvalid DNS responsegetadaptersaddresses, xrefs: 00007FF610183312
tion036, xrefs: 00007FF610182EE1
eObject, xrefs: 00007FF610182FA3
version, xrefs: 00007FF6101832C3
wine_get, xrefs: 00007FF6101832A5
stemFunc, xrefs: 00007FF610182ECF
advapi32.dll not foundduplicated defer entryruntime.main not on m0set_crosscall2 missingbad g->status in readywirep: invalid p stateassembly checks failedstack not a power of 2minpc or maxpc invalidcompileCallback: type trace: alloc too largenon-Go function at, xrefs: 00007FF610183358
NtWaitFo, xrefs: 00007FF610182F7F
timeBegi, xrefs: 00007FF61018311C

Memory Dump Source

Source File: 00000000.00000002.2233217266.00007FF610151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF610150000, based on PE: true

Associated: 00000000.00000002.2233199274.00007FF610150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2233649860.00007FF6106D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234088231.00007FF610C41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234122898.00007FF610C47000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234150880.00007FF610C48000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234169016.00007FF610C49000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234186046.00007FF610C4A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234202747.00007FF610C4B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234221133.00007FF610C59000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234237758.00007FF610C5A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234256183.00007FF610C61000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610C62000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610C8B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610CEB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF6116EB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235201855.00007FF611840000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235221399.00007FF611841000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235238990.00007FF611844000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235256152.00007FF611845000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235273413.00007FF611846000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235291896.00007FF61184A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235309286.00007FF61184B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235328242.00007FF611855000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235346355.00007FF61185A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235364461.00007FF61185F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235394816.00007FF611878000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235412351.00007FF61187A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF611883000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF61188A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235598308.00007FF6118ED000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235636771.00007FF611910000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235636771.00007FF611930000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff610150000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: AddVecto$Continue$ForSingl$Handler$NtWaitFo$Numbers$RtlGetCu$RtlGetNt$SystemFu$WSAGetOv$WSAGetOverlappedResult not found_cgo_pthread_key_created missingruntime: sudog with non-nil elemruntime: sudog with non-nil nextruntime: sudog with non-nil prevruntime: mcall function returnedruntime: newstack called from g=runtime: stack split at bad timepani$advapi32.dll$advapi32.dll not foundduplicated defer entryruntime.main not on m0set_crosscall2 missingbad g->status in readywirep: invalid p stateassembly checks failedstack not a power of 2minpc or maxpc invalidcompileCallback: type trace: alloc too largenon-Go function at$dPeriod$dResult$eObject$ine_get_$kernel32.dll$kernel32.dll not foundadvapi32.dll not foundduplicated defer entryruntime.main not on m0set_crosscall2 missingbad g->status in readywirep: invalid p stateassembly checks failedstack not a power of 2minpc or maxpc invalidcompileCallback: type trace: alloc too l$nPeriod$ntdll.dll$redConti$rentPeb$stemFunc$tVersion$timeBegi$timeBegin/EndPeriod not foundruntime: sudog with non-nil cgfput: bad status (not Gdead)LockOSThread nesting overflowsemacquire not on the G stackruntime: split stack overflowstring concatenation too longinvalid function symbol tableinvalid length of trace even$timeEndP$tion036$tlGetCur$verlappe$version$wine_get$winmm.dll$ws2_32.dll$ws2_32.dll not foundpreempt off reason: forcegc: phase errorgopark: bad g statusgo of nil func valuewirep: already in goselectgo: bad wakeupsemaRoot rotateRightreflect.makeFuncStubdodeltimer0: wrong Ptrace: out of memoryinvalid DNS responsegetadaptersaddresses
API String ID: 0-3745677394
Opcode ID: 25c362c981f24d6373064dd0b0538ff56f392f2b7730cde17db3a481f0dbb32d
Instruction ID: 24ebd1b7a1b514a91b0efdc3d26824f1c792b840a22bab5082a7f7c93cb0549c
Opcode Fuzzy Hash: 25c362c981f24d6373064dd0b0538ff56f392f2b7730cde17db3a481f0dbb32d
Instruction Fuzzy Hash: 56E1F571A0DF8295EB50CB41F8453AA73A9FB49BA0F04813ADA8C877A9EF7CD151D700

Function 00007FF610175B20 Relevance: 14.5, Strings: 11, Instructions: 756COMMON

Download Yara Rule

Strings

sweep increased allocation countremovespecial on invalid pointerruntime: root level max pages = WSAGetOverlappedResult not found_cgo_pthread_key_created missingruntime: sudog with non-nil elemruntime: sudog with non-nil nextruntime: sudog with non-nil prevrunt, xrefs: 00007FF610176579
mspan.sweep: m is not lockedfound pointer to free objectmheap.freeSpanLocked - span runtime.semasleep unexpectedfatal: morestack on gsignalruntime: casgstatus: oldval=gcstopm: negative nmspinningfindrunnable: netpoll with psave on system g not allowednewproc1, xrefs: 00007FF61017689B
swept cached spanmarkBits overflowruntime: summary[runtime: level = , p.searchAddr = runtime.newosprocruntime/internal/thread exhaustionlocked m0 woke upentersyscallblock spinningthreads=gp.waiting != nilunknown caller pcstack: frame={sp:runtime: nameOff runti, xrefs: 00007FF610176437
mspan.sweep: bad span stateinvalid profile bucket typeruntime: corrupted polldescruntime: netpollinit failedcould not find QPC syscallsruntime: asyncPreemptStack=runtime: thread ID overflowstopTheWorld: holding locksgcstopm: not waiting for gcinternal lockOSTh, xrefs: 00007FF61017688A
nalloc= nfreed=[signal newval= mcount= bytes, stack=[ minLC= maxpc= stack=[ minutes etypes [::1]:53continue_gatewayshutdowninvalid address readfromwsaioctlunixgram2.5.4.102.5.4.112.5.4.17no anodeCancelIoReadFileAcceptExWSAIoctlArmenianBalineseBopomofoBugi, xrefs: 00007FF610176512
previous allocCount=, levelBits[level] = runtime: searchIdx = defer on system stackpanic on system stackasync stack too largestartm: m is spinningstartlockedm: m has pfindrunnable: wrong ppreempt at unknown pcreleasep: invalid argcheckdead: runnable gruntime:, xrefs: 00007FF61017652F
`r/, xrefs: 00007FF61017618A, 00007FF61017639B
mheap.sweepgen=runtime: nelems=workbuf is emptymSpanList.removemSpanList.insertbad special kindbad summary dataruntime: addr = runtime: base = runtime: head = already; errno=runtime stack:invalid g statuscastogscanstatusbad g transitionschedule: in cgorefl, xrefs: 00007FF610176493, 00007FF610176865
sweep: tried to preserve a user arena spanruntime: blocked write on closing polldescacquireSudog: found s.elem != nil in cachefatal error: cgo callback before cgo callon a locked thread with no template threadunexpected signal during runtime executionsync/ato, xrefs: 00007FF610176426
sweepgen= sweepgen , bound = , limit = tracefree(tracegc()exitThreadBad varintGC forced runqueue= stopwait= runqsize= gfreecnt= throwing= spinning=atomicand8float64nanfloat32nanException ptrSize= targetpc= until pc=unknown pcruntime: ggoroutine /etc/hosts, xrefs: 00007FF610176478, 00007FF610176845
mspan.sweep: bad span state after sweepruntime: blocked write on free polldescsuspendG from non-preemptible goroutineruntime: casfrom_Gscanstatus failed gp=stack growth not allowed in system calltraceback: unexpected SPWRITE function cipher: incorrect tag size, xrefs: 00007FF6101764B8

Memory Dump Source

Source File: 00000000.00000002.2233217266.00007FF610151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF610150000, based on PE: true

Associated: 00000000.00000002.2233199274.00007FF610150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2233649860.00007FF6106D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234088231.00007FF610C41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234122898.00007FF610C47000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234150880.00007FF610C48000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234169016.00007FF610C49000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234186046.00007FF610C4A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234202747.00007FF610C4B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234221133.00007FF610C59000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234237758.00007FF610C5A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234256183.00007FF610C61000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610C62000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610C8B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610CEB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF6116EB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235201855.00007FF611840000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235221399.00007FF611841000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235238990.00007FF611844000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235256152.00007FF611845000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235273413.00007FF611846000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235291896.00007FF61184A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235309286.00007FF61184B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235328242.00007FF611855000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235346355.00007FF61185A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235364461.00007FF61185F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235394816.00007FF611878000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235412351.00007FF61187A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF611883000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF61188A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235598308.00007FF6118ED000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235636771.00007FF611910000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235636771.00007FF611930000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff610150000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: mheap.sweepgen=runtime: nelems=workbuf is emptymSpanList.removemSpanList.insertbad special kindbad summary dataruntime: addr = runtime: base = runtime: head = already; errno=runtime stack:invalid g statuscastogscanstatusbad g transitionschedule: in cgorefl$ nalloc= nfreed=[signal newval= mcount= bytes, stack=[ minLC= maxpc= stack=[ minutes etypes [::1]:53continue_gatewayshutdowninvalid address readfromwsaioctlunixgram2.5.4.102.5.4.112.5.4.17no anodeCancelIoReadFileAcceptExWSAIoctlArmenianBalineseBopomofoBugi$ previous allocCount=, levelBits[level] = runtime: searchIdx = defer on system stackpanic on system stackasync stack too largestartm: m is spinningstartlockedm: m has pfindrunnable: wrong ppreempt at unknown pcreleasep: invalid argcheckdead: runnable gruntime:$ sweepgen= sweepgen , bound = , limit = tracefree(tracegc()exitThreadBad varintGC forced runqueue= stopwait= runqsize= gfreecnt= throwing= spinning=atomicand8float64nanfloat32nanException ptrSize= targetpc= until pc=unknown pcruntime: ggoroutine /etc/hosts$`r/$mspan.sweep: bad span state after sweepruntime: blocked write on free polldescsuspendG from non-preemptible goroutineruntime: casfrom_Gscanstatus failed gp=stack growth not allowed in system calltraceback: unexpected SPWRITE function cipher: incorrect tag size$mspan.sweep: bad span stateinvalid profile bucket typeruntime: corrupted polldescruntime: netpollinit failedcould not find QPC syscallsruntime: asyncPreemptStack=runtime: thread ID overflowstopTheWorld: holding locksgcstopm: not waiting for gcinternal lockOSTh$mspan.sweep: m is not lockedfound pointer to free objectmheap.freeSpanLocked - span runtime.semasleep unexpectedfatal: morestack on gsignalruntime: casgstatus: oldval=gcstopm: negative nmspinningfindrunnable: netpoll with psave on system g not allowednewproc1$sweep increased allocation countremovespecial on invalid pointerruntime: root level max pages = WSAGetOverlappedResult not found_cgo_pthread_key_created missingruntime: sudog with non-nil elemruntime: sudog with non-nil nextruntime: sudog with non-nil prevrunt$sweep: tried to preserve a user arena spanruntime: blocked write on closing polldescacquireSudog: found s.elem != nil in cachefatal error: cgo callback before cgo callon a locked thread with no template threadunexpected signal during runtime executionsync/ato$swept cached spanmarkBits overflowruntime: summary[runtime: level = , p.searchAddr = runtime.newosprocruntime/internal/thread exhaustionlocked m0 woke upentersyscallblock spinningthreads=gp.waiting != nilunknown caller pcstack: frame={sp:runtime: nameOff runti
API String ID: 0-1627491132
Opcode ID: 30ba0aaa65ac61afef1677808690317791d309c8e270f8130642784ff5ae1281
Instruction ID: 6bdfcc96d02753beb0a7524a1da6ce04872d60c4f45cb1bc53ec2530304f910c
Opcode Fuzzy Hash: 30ba0aaa65ac61afef1677808690317791d309c8e270f8130642784ff5ae1281
Instruction Fuzzy Hash: 00829032A0CE8696EB608B51E4413BA77A5FB89FA4F448536EA8D83795CF3CE554C700

Function 00007FF61015CC20 Relevance: 12.9, Strings: 10, Instructions: 386
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

out of memory allocating heap arena metadata/cpu/classes/scavenge/background:cpu-secondsruntime: unexpected metric registration for gcmarknewobject called while doing checkmarkactive sweepers found at start of mark phaseno P available, write barriers are forbi, xrefs: 00007FF61015CFD6
, xrefs: 00007FF61015D2AD
arena already initialized to unused region of span bytes failed with errno=runtime: VirtualAlloc of /sched/gomaxprocs:threadsremaining pointer buffersslice bounds out of range_cgo_thread_start missingallgadd: bad status Gidleruntime: program exceeds startm: p , xrefs: 00007FF61015CFE7
out of memory allocating allArenas/memory/classes/heap/objects:bytesruntime.SetFinalizer: cannot pass too many pages allocated in chunk?mspan.ensureSwept: m is not lockedVirtualQuery for stack base failedforEachP: sched.safePointWait != 0schedule: spinning wit, xrefs: 00007FF61015CFC5
out of memory allocating heap arena map/cpu/classes/gc/mark/assist:cpu-seconds/cpu/classes/scavenge/total:cpu-seconds/memory/classes/profiling/buckets:bytesmspan.sweep: bad span state after sweepruntime: blocked write on free polldescsuspendG from non-preempti, xrefs: 00007FF61015CFF8
end outside usable address spaceruntime: failed to release pagesruntime: fixalloc size too largeinvalid limiter event type foundscanstack: goroutine not stoppedscavenger state is already wiredsweep increased allocation countremovespecial on invalid pointerrunt, xrefs: 00007FF61015D2BD
region exceeds uintptr rangeneed padding in bucket (key)/gc/heap/frees-by-size:bytes/gc/heap/tiny/allocs:objects/sched/goroutines:goroutinesgcBgMarkWorker: mode not setmspan.sweep: m is not lockedfound pointer to free objectmheap.freeSpanLocked - span runtime., xrefs: 00007FF61015D263
) not in usable address space: runtime: cannot allocate memorycheckmark found unmarked objectruntime: failed to commit pages/memory/classes/heap/free:bytes/memory/classes/os-stacks:bytespacer: sweep done at heap size non in-use span in unswept listcasgstatus: , xrefs: 00007FF61015D354
memory reservation exceeds address space limittried to park scavenger from another goroutinereleased less than one physical page of memory (bad use of unsafe.Pointer? try -d=checkptr)sysGrow bounds not aligned to pallocChunkBytesruntime: failed to create new , xrefs: 00007FF61015D37E
base outside usable address spaceruntime: memory allocated by OS [misrounded allocation in sysAllocconcurrent map read and map writeruntime: failed to decommit pages/cpu/classes/gc/pause:cpu-seconds/cpu/classes/gc/total:cpu-seconds/gc/limiter/last-enabled:gc-c, xrefs: 00007FF61015D28F

Memory Dump Source

Source File: 00000000.00000002.2233217266.00007FF610151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF610150000, based on PE: true

Associated: 00000000.00000002.2233199274.00007FF610150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2233649860.00007FF6106D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234088231.00007FF610C41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234122898.00007FF610C47000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234150880.00007FF610C48000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234169016.00007FF610C49000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234186046.00007FF610C4A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234202747.00007FF610C4B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234221133.00007FF610C59000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234237758.00007FF610C5A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234256183.00007FF610C61000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610C62000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610C8B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610CEB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF6116EB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235201855.00007FF611840000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235221399.00007FF611841000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235238990.00007FF611844000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235256152.00007FF611845000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235273413.00007FF611846000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235291896.00007FF61184A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235309286.00007FF61184B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235328242.00007FF611855000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235346355.00007FF61185A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235364461.00007FF61185F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235394816.00007FF611878000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235412351.00007FF61187A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF611883000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF61188A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235598308.00007FF6118ED000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235636771.00007FF611910000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235636771.00007FF611930000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff610150000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: $) not in usable address space: runtime: cannot allocate memorycheckmark found unmarked objectruntime: failed to commit pages/memory/classes/heap/free:bytes/memory/classes/os-stacks:bytespacer: sweep done at heap size non in-use span in unswept listcasgstatus: $arena already initialized to unused region of span bytes failed with errno=runtime: VirtualAlloc of /sched/gomaxprocs:threadsremaining pointer buffersslice bounds out of range_cgo_thread_start missingallgadd: bad status Gidleruntime: program exceeds startm: p $base outside usable address spaceruntime: memory allocated by OS [misrounded allocation in sysAllocconcurrent map read and map writeruntime: failed to decommit pages/cpu/classes/gc/pause:cpu-seconds/cpu/classes/gc/total:cpu-seconds/gc/limiter/last-enabled:gc-c$end outside usable address spaceruntime: failed to release pagesruntime: fixalloc size too largeinvalid limiter event type foundscanstack: goroutine not stoppedscavenger state is already wiredsweep increased allocation countremovespecial on invalid pointerrunt$memory reservation exceeds address space limittried to park scavenger from another goroutinereleased less than one physical page of memory (bad use of unsafe.Pointer? try -d=checkptr)sysGrow bounds not aligned to pallocChunkBytesruntime: failed to create new $out of memory allocating allArenas/memory/classes/heap/objects:bytesruntime.SetFinalizer: cannot pass too many pages allocated in chunk?mspan.ensureSwept: m is not lockedVirtualQuery for stack base failedforEachP: sched.safePointWait != 0schedule: spinning wit$out of memory allocating heap arena map/cpu/classes/gc/mark/assist:cpu-seconds/cpu/classes/scavenge/total:cpu-seconds/memory/classes/profiling/buckets:bytesmspan.sweep: bad span state after sweepruntime: blocked write on free polldescsuspendG from non-preempti$out of memory allocating heap arena metadata/cpu/classes/scavenge/background:cpu-secondsruntime: unexpected metric registration for gcmarknewobject called while doing checkmarkactive sweepers found at start of mark phaseno P available, write barriers are forbi$region exceeds uintptr rangeneed padding in bucket (key)/gc/heap/frees-by-size:bytes/gc/heap/tiny/allocs:objects/sched/goroutines:goroutinesgcBgMarkWorker: mode not setmspan.sweep: m is not lockedfound pointer to free objectmheap.freeSpanLocked - span runtime.
API String ID: 0-1376041300
Opcode ID: ec11399766b57ebe5fb6afea625e3d63a2098c03ff5d49b9463fe5fc196a9834
Instruction ID: b5eb26ef8904309d56a8b1335dbfbc12a3612b6a178dcbc6ccc666b17b0b02cf
Opcode Fuzzy Hash: ec11399766b57ebe5fb6afea625e3d63a2098c03ff5d49b9463fe5fc196a9834
Instruction Fuzzy Hash: 73029F36A0CF8596EE609F91E4413AAA765FB86FA0F448232EE9D87795CF3CD141C740

Function 00007FF61015D7C0 Relevance: 8.0, Strings: 6, Instructions: 514COMMON

Download Yara Rule

Strings

mallocgc called without a P or outside bootstrappingruntime.SetFinalizer: pointer not in allocated blockruntime: use of FixAlloc_Alloc before FixAlloc_Initspan set block with unpopped elements found in resetruntime: GetQueuedCompletionStatusEx failed (errno= , xrefs: 00007FF61015DF8C
!"#$%%&&''((()))*++,,,,,------....//////0001123333333333444444444455666677777888888888889999999999::::::;;;;;;;;;;;;;;;;<<<<<<<<<<<<<<<<=====>>>>>>>>>>>??????????@@@@@@@@@@@@@@@@@@@@@@AAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC, xrefs: 00007FF61015DB0D
malloc deadlockruntime error: elem size wrong with GC progscan missed a gmisaligned maskruntime: min = runtime: inUse=runtime: max = recovery failedstopm holding pstartm: m has ppreempt SPWRITEmissing mcache?ms: gomaxprocs=]morebuf={pc:: no frame (sp=runti, xrefs: 00007FF61015DFAE
malloc during signalclose of nil channelinconsistent lockedmnotetsleep not on g0bad system page size to unallocated span/gc/scan/stack:bytes/gc/scan/total:bytes/gc/heap/frees:bytes/gc/gomemlimit:bytesp mcache not flushed markroot jobs donepacer: assist ratio=, xrefs: 00007FF61015DF9D
delayed zeroing on data that may contain pointersruntime.reflect_makemap: unsupported map key typesweeper left outstanding across sweep generationsfully empty unfreed span set block found in resetcasgstatus: waiting for Gwaiting but is Grunnablechacha20poly130, xrefs: 00007FF61015DF47
mallocgc called with gcphase == _GCmarkterminationrecursive call during initialization - linker skewattempt to execute system stack code on user stackcompileCallback: function argument frame too largecrypto/cipher: incorrect nonce length given to GCMchacha20: , xrefs: 00007FF61015DFBF

Memory Dump Source

Source File: 00000000.00000002.2233217266.00007FF610151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF610150000, based on PE: true

Associated: 00000000.00000002.2233199274.00007FF610150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2233649860.00007FF6106D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234088231.00007FF610C41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234122898.00007FF610C47000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234150880.00007FF610C48000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234169016.00007FF610C49000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234186046.00007FF610C4A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234202747.00007FF610C4B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234221133.00007FF610C59000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234237758.00007FF610C5A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234256183.00007FF610C61000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610C62000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610C8B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610CEB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF6116EB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235201855.00007FF611840000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235221399.00007FF611841000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235238990.00007FF611844000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235256152.00007FF611845000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235273413.00007FF611846000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235291896.00007FF61184A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235309286.00007FF61184B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235328242.00007FF611855000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235346355.00007FF61185A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235364461.00007FF61185F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235394816.00007FF611878000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235412351.00007FF61187A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF611883000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF61188A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235598308.00007FF6118ED000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235636771.00007FF611910000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235636771.00007FF611930000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff610150000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: !"#$%%&&''((()))*++,,,,,------....//////0001123333333333444444444455666677777888888888889999999999::::::;;;;;;;;;;;;;;;;<<<<<<<<<<<<<<<<=====>>>>>>>>>>>??????????@@@@@@@@@@@@@@@@@@@@@@AAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC$delayed zeroing on data that may contain pointersruntime.reflect_makemap: unsupported map key typesweeper left outstanding across sweep generationsfully empty unfreed span set block found in resetcasgstatus: waiting for Gwaiting but is Grunnablechacha20poly130$malloc deadlockruntime error: elem size wrong with GC progscan missed a gmisaligned maskruntime: min = runtime: inUse=runtime: max = recovery failedstopm holding pstartm: m has ppreempt SPWRITEmissing mcache?ms: gomaxprocs=]morebuf={pc:: no frame (sp=runti$malloc during signalclose of nil channelinconsistent lockedmnotetsleep not on g0bad system page size to unallocated span/gc/scan/stack:bytes/gc/scan/total:bytes/gc/heap/frees:bytes/gc/gomemlimit:bytesp mcache not flushed markroot jobs donepacer: assist ratio=$mallocgc called with gcphase == _GCmarkterminationrecursive call during initialization - linker skewattempt to execute system stack code on user stackcompileCallback: function argument frame too largecrypto/cipher: incorrect nonce length given to GCMchacha20: $mallocgc called without a P or outside bootstrappingruntime.SetFinalizer: pointer not in allocated blockruntime: use of FixAlloc_Alloc before FixAlloc_Initspan set block with unpopped elements found in resetruntime: GetQueuedCompletionStatusEx failed (errno=
API String ID: 0-422566602
Opcode ID: e449710473363f20e587bf4b9915df02a7e8baeab371d7711497224fe303168c
Instruction ID: 6ed38bd7c37a2acb3618ee0574fcca35a6e3831c3be362398ac7c78dc15441e0
Opcode Fuzzy Hash: e449710473363f20e587bf4b9915df02a7e8baeab371d7711497224fe303168c
Instruction Fuzzy Hash: 7632B066A0CE8291FF609B95E4417BA6765FB46FA4F844132EE8D8B795CF3CD482C700

Function 00007FF610188FC0 Relevance: 6.5, Strings: 5, Instructions: 299
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

, goid= s=nil (scan MB in pacer: % CPU ( zombie, j0 = head = panic: nmsys= locks= dying= allocs m->g0= pad1= pad2= text= minpc= value= (scan)types : type nil keywsarecvwsasendconnectlookup 2.5.4.62.5.4.32.5.4.52.5.4.72.5.4.82.5.4.9abortedCopySidWSARecvW, xrefs: 00007FF61018940F, 00007FF610189497
runtime: gp: gp=runtime: getg: g=forEachP: not done in async preemptbad manualFreeListruntime: textAddr cleantimers: bad p frames elided..., locked to threadruntime.semacreateruntime.semawakeupcontext.Backgroundserver misbehavinginvalid IP address/etc/nss, xrefs: 00007FF6101893F1
invalid g statuscastogscanstatusbad g transitionschedule: in cgoreflect mismatch untyped locals missing stackmapbad symbol tablenon-Go function not in ranges:GODEBUG: value "context canceled.WithValue(type hostLookupOrder=/etc/resolv.confnon-IPv4 addressnon-, xrefs: 00007FF6101894D9
suspendG from non-preemptible goroutineruntime: casfrom_Gscanstatus failed gp=stack growth not allowed in system calltraceback: unexpected SPWRITE function cipher: incorrect tag size given to GCMgo package net: using cgo DNS resolvertags don't match (%d vs %+, xrefs: 00007FF6101894EA
, gp->atomicstatus=marking free object KiB work (eager), [controller reset]mspan.sweep: state=sysMemStat overflowbad sequence numberntdll.dll not foundwinmm.dll not foundruntime: g0 stack [missing deferreturnpanic during mallocpanic holding lockspanic during , xrefs: 00007FF61018942F

Memory Dump Source

Source File: 00000000.00000002.2233217266.00007FF610151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF610150000, based on PE: true

Associated: 00000000.00000002.2233199274.00007FF610150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2233649860.00007FF6106D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234088231.00007FF610C41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234122898.00007FF610C47000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234150880.00007FF610C48000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234169016.00007FF610C49000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234186046.00007FF610C4A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234202747.00007FF610C4B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234221133.00007FF610C59000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234237758.00007FF610C5A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234256183.00007FF610C61000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610C62000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610C8B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610CEB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF6116EB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235201855.00007FF611840000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235221399.00007FF611841000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235238990.00007FF611844000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235256152.00007FF611845000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235273413.00007FF611846000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235291896.00007FF61184A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235309286.00007FF61184B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235328242.00007FF611855000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235346355.00007FF61185A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235364461.00007FF61185F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235394816.00007FF611878000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235412351.00007FF61187A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF611883000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF61188A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235598308.00007FF6118ED000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235636771.00007FF611910000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235636771.00007FF611930000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff610150000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: , goid= s=nil (scan MB in pacer: % CPU ( zombie, j0 = head = panic: nmsys= locks= dying= allocs m->g0= pad1= pad2= text= minpc= value= (scan)types : type nil keywsarecvwsasendconnectlookup 2.5.4.62.5.4.32.5.4.52.5.4.72.5.4.82.5.4.9abortedCopySidWSARecvW$, gp->atomicstatus=marking free object KiB work (eager), [controller reset]mspan.sweep: state=sysMemStat overflowbad sequence numberntdll.dll not foundwinmm.dll not foundruntime: g0 stack [missing deferreturnpanic during mallocpanic holding lockspanic during $invalid g statuscastogscanstatusbad g transitionschedule: in cgoreflect mismatch untyped locals missing stackmapbad symbol tablenon-Go function not in ranges:GODEBUG: value "context canceled.WithValue(type hostLookupOrder=/etc/resolv.confnon-IPv4 addressnon-$runtime: gp: gp=runtime: getg: g=forEachP: not done in async preemptbad manualFreeListruntime: textAddr cleantimers: bad p frames elided..., locked to threadruntime.semacreateruntime.semawakeupcontext.Backgroundserver misbehavinginvalid IP address/etc/nss$suspendG from non-preemptible goroutineruntime: casfrom_Gscanstatus failed gp=stack growth not allowed in system calltraceback: unexpected SPWRITE function cipher: incorrect tag size given to GCMgo package net: using cgo DNS resolvertags don't match (%d vs %+
API String ID: 0-1517158637
Opcode ID: 1d2a5417bad405a48e8d7e9bbc17bbd897f9759ad74d9b57a47e61b6ea87bf1c
Instruction ID: 4574cc0086905b7c0f34cfeb67499b1602d1b7bb824e35d6d9926624abe6bb5c
Opcode Fuzzy Hash: 1d2a5417bad405a48e8d7e9bbc17bbd897f9759ad74d9b57a47e61b6ea87bf1c
Instruction Fuzzy Hash: 76E15332A0CF4192FB50DB95E04276A7B66FB85FA0F584132EA9D83B96CF3CD5419700

Function 00007FF61018FCA0 Relevance: 5.7, Strings: 4, Instructions: 744COMMON

Download Yara Rule

Strings

findrunnable: netpoll with psave on system g not allowednewproc1: newg missing stacknewproc1: new g is not GdeadFixedStack is not power-of-2missing stack in shrinkstack args stack map entries for invalid runtime symbol tableruntime: no module data for [origina, xrefs: 00007FF61019088C
findrunnable: wrong ppreempt at unknown pcreleasep: invalid argcheckdead: runnable gruntime: newstack at runtime: newstack sp=runtime: confused by pcHeader.textStart= timer data corruptionkey is not comparablelocalhost.localdomainsequence tag mismatchtrace/br, xrefs: 00007FF6101908AE
findrunnable: netpoll with spinningpidleput: P has non-empty run queuetraceback did not unwind completelyruntime: createevent failed; errno=crypto/md5: invalid hash state sizesuperfluous leading zeros in length'_' must separate successive digitsencoding/hex: o, xrefs: 00007FF61019087B
findrunnable: negative nmspinningfreeing stack not in a stack spanstackalloc not on scheduler stackruntime: goroutine stack exceeds runtime: text offset out of rangetimer period must be non-negativeruntime: name offset out of rangeruntime: type offset out of r, xrefs: 00007FF61019089D

Memory Dump Source

Source File: 00000000.00000002.2233217266.00007FF610151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF610150000, based on PE: true

Associated: 00000000.00000002.2233199274.00007FF610150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2233649860.00007FF6106D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234088231.00007FF610C41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234122898.00007FF610C47000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234150880.00007FF610C48000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234169016.00007FF610C49000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234186046.00007FF610C4A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234202747.00007FF610C4B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234221133.00007FF610C59000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234237758.00007FF610C5A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234256183.00007FF610C61000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610C62000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610C8B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610CEB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF6116EB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235201855.00007FF611840000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235221399.00007FF611841000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235238990.00007FF611844000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235256152.00007FF611845000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235273413.00007FF611846000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235291896.00007FF61184A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235309286.00007FF61184B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235328242.00007FF611855000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235346355.00007FF61185A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235364461.00007FF61185F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235394816.00007FF611878000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235412351.00007FF61187A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF611883000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF61188A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235598308.00007FF6118ED000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235636771.00007FF611910000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235636771.00007FF611930000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff610150000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: findrunnable: negative nmspinningfreeing stack not in a stack spanstackalloc not on scheduler stackruntime: goroutine stack exceeds runtime: text offset out of rangetimer period must be non-negativeruntime: name offset out of rangeruntime: type offset out of r$findrunnable: netpoll with psave on system g not allowednewproc1: newg missing stacknewproc1: new g is not GdeadFixedStack is not power-of-2missing stack in shrinkstack args stack map entries for invalid runtime symbol tableruntime: no module data for [origina$findrunnable: netpoll with spinningpidleput: P has non-empty run queuetraceback did not unwind completelyruntime: createevent failed; errno=crypto/md5: invalid hash state sizesuperfluous leading zeros in length'_' must separate successive digitsencoding/hex: o$findrunnable: wrong ppreempt at unknown pcreleasep: invalid argcheckdead: runnable gruntime: newstack at runtime: newstack sp=runtime: confused by pcHeader.textStart= timer data corruptionkey is not comparablelocalhost.localdomainsequence tag mismatchtrace/br
API String ID: 0-3153311741
Opcode ID: d65171931f59779970705a251106b487ba6979bb8942aa3fea61fd1d449a41e0
Instruction ID: 83a6534d166454f7fb4ff45b08c03e7c928cbcbf1c37f4d4e48c93112ddc868a
Opcode Fuzzy Hash: d65171931f59779970705a251106b487ba6979bb8942aa3fea61fd1d449a41e0
Instruction Fuzzy Hash: 9C729432A0DF8695FFA19B95E4413BA63A4EB85FA0F448036DA4C87B95CF3CE485D740

Function 00007FF610185920 Relevance: 4.0, Strings: 3, Instructions: 268COMMON

Download Yara Rule

Strings

self-preempt [recovered]bad recoverybad g statusentersyscallwirep: p->m=) p->status=releasep: m= sysmonwait= preemptoff=cas64 failed m->gsignal=-byte limitruntime: sp=abi mismatchcontext.TODOmultipathtcp127.0.0.1:53no such hostCIDR addressunknown portinvalid , xrefs: 00007FF610185D96
runtime.preemptM: duplicatehandle failed; errno=runtime: waitforsingleobject wait_failed; errno=out points to big.Int, but defaultValue does notsyscall: string with NUL passed to StringToUTF16bufio: writer returned negative count from Writeparsing/packing of t, xrefs: 00007FF610185D5D
runtime.preemptM: duplicatehandle faileddeferproc: d.panic != nil after newdefermust be able to track idle limiter eventruntime: SyscallN has too many argumentscrypto/cipher: message too large for GCMcrypto/cipher: output smaller than inputchacha20poly1305: in, xrefs: 00007FF610185D85

Memory Dump Source

Source File: 00000000.00000002.2233217266.00007FF610151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF610150000, based on PE: true

Associated: 00000000.00000002.2233199274.00007FF610150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2233649860.00007FF6106D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234088231.00007FF610C41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234122898.00007FF610C47000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234150880.00007FF610C48000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234169016.00007FF610C49000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234186046.00007FF610C4A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234202747.00007FF610C4B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234221133.00007FF610C59000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234237758.00007FF610C5A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234256183.00007FF610C61000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610C62000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610C8B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610CEB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF6116EB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235201855.00007FF611840000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235221399.00007FF611841000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235238990.00007FF611844000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235256152.00007FF611845000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235273413.00007FF611846000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235291896.00007FF61184A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235309286.00007FF61184B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235328242.00007FF611855000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235346355.00007FF61185A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235364461.00007FF61185F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235394816.00007FF611878000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235412351.00007FF61187A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF611883000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF61188A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235598308.00007FF6118ED000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235636771.00007FF611910000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235636771.00007FF611930000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff610150000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: runtime.preemptM: duplicatehandle failed; errno=runtime: waitforsingleobject wait_failed; errno=out points to big.Int, but defaultValue does notsyscall: string with NUL passed to StringToUTF16bufio: writer returned negative count from Writeparsing/packing of t$runtime.preemptM: duplicatehandle faileddeferproc: d.panic != nil after newdefermust be able to track idle limiter eventruntime: SyscallN has too many argumentscrypto/cipher: message too large for GCMcrypto/cipher: output smaller than inputchacha20poly1305: in$self-preempt [recovered]bad recoverybad g statusentersyscallwirep: p->m=) p->status=releasep: m= sysmonwait= preemptoff=cas64 failed m->gsignal=-byte limitruntime: sp=abi mismatchcontext.TODOmultipathtcp127.0.0.1:53no such hostCIDR addressunknown portinvalid
API String ID: 0-1001307366
Opcode ID: 66dea0b84f719a52b8d7b34791ec59492439e043c99db2ad5537a50729c9f6b5
Instruction ID: 24215fa9a5d153ed577332485c37c7cc63767ce6a64f6dc66b79d922c5cfb5ef
Opcode Fuzzy Hash: 66dea0b84f719a52b8d7b34791ec59492439e043c99db2ad5537a50729c9f6b5
Instruction Fuzzy Hash: BFD15D36A09F8192EB51CB55E4823AA7765FB46FA0F148236DA9C837D9DF3CD582C700

Function 00007FF610178D00 Relevance: 1.6, Strings: 1, Instructions: 332COMMON

Download Yara Rule

Strings

grew heap, but no adequate free space foundroot level max pages doesn't fit in summaryunfinished open-coded defers in deferreturnruntime: releaseSudog with non-nil gp.paramunknown runnable goroutine during bootstrapruntime: casfrom_Gscanstatus bad oldval gp=ru, xrefs: 00007FF610179262

Memory Dump Source

Source File: 00000000.00000002.2233217266.00007FF610151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF610150000, based on PE: true

Associated: 00000000.00000002.2233199274.00007FF610150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2233649860.00007FF6106D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234088231.00007FF610C41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234122898.00007FF610C47000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234150880.00007FF610C48000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234169016.00007FF610C49000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234186046.00007FF610C4A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234202747.00007FF610C4B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234221133.00007FF610C59000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234237758.00007FF610C5A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234256183.00007FF610C61000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610C62000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610C8B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610CEB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF6116EB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235201855.00007FF611840000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235221399.00007FF611841000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235238990.00007FF611844000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235256152.00007FF611845000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235273413.00007FF611846000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235291896.00007FF61184A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235309286.00007FF61184B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235328242.00007FF611855000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235346355.00007FF61185A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235364461.00007FF61185F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235394816.00007FF611878000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235412351.00007FF61187A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF611883000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF61188A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235598308.00007FF6118ED000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235636771.00007FF611910000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235636771.00007FF611930000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff610150000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: grew heap, but no adequate free space foundroot level max pages doesn't fit in summaryunfinished open-coded defers in deferreturnruntime: releaseSudog with non-nil gp.paramunknown runnable goroutine during bootstrapruntime: casfrom_Gscanstatus bad oldval gp=ru
API String ID: 0-3045916205
Opcode ID: f96ba30dc8824358f88242c2e1e5cf6fbfd609d408364d825b0dd1a13564caf1
Instruction ID: 09ce3edb577733f124c740120fe283efc4175157fac1ece8f81931c07153cd97
Opcode Fuzzy Hash: f96ba30dc8824358f88242c2e1e5cf6fbfd609d408364d825b0dd1a13564caf1
Instruction Fuzzy Hash: 31E16E3260DF8695EB609B96E4413AAA761FB85FE0F588135EE8D83B95CF3CD454CB00

Function 00007FF610195960 Relevance: .3, Instructions: 296COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2233217266.00007FF610151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF610150000, based on PE: true

Associated: 00000000.00000002.2233199274.00007FF610150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2233649860.00007FF6106D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234088231.00007FF610C41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234122898.00007FF610C47000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234150880.00007FF610C48000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234169016.00007FF610C49000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234186046.00007FF610C4A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234202747.00007FF610C4B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234221133.00007FF610C59000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234237758.00007FF610C5A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234256183.00007FF610C61000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610C62000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610C8B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610CEB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF6116EB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235201855.00007FF611840000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235221399.00007FF611841000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235238990.00007FF611844000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235256152.00007FF611845000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235273413.00007FF611846000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235291896.00007FF61184A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235309286.00007FF61184B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235328242.00007FF611855000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235346355.00007FF61185A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235364461.00007FF61185F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235394816.00007FF611878000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235412351.00007FF61187A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF611883000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF61188A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235598308.00007FF6118ED000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235636771.00007FF611910000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235636771.00007FF611930000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff610150000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6afbbc9ab1a404aea0e40ac8dee0ed1a90b0ad9758cb92e43e48102795c54532
Instruction ID: 2242bae57468b2223a1782d3069602fb27e872940dc4336b96f4688c40396fbc
Opcode Fuzzy Hash: 6afbbc9ab1a404aea0e40ac8dee0ed1a90b0ad9758cb92e43e48102795c54532
Instruction Fuzzy Hash: 2DD17C32A0CE4296FB408F95E4922BAB7A4FB86F60F548135E68DC77A5DF6CE441C700

Function 00007FF61018F2A0 Relevance: .2, Instructions: 217COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2233217266.00007FF610151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF610150000, based on PE: true

Associated: 00000000.00000002.2233199274.00007FF610150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2233649860.00007FF6106D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234088231.00007FF610C41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234122898.00007FF610C47000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234150880.00007FF610C48000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234169016.00007FF610C49000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234186046.00007FF610C4A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234202747.00007FF610C4B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234221133.00007FF610C59000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234237758.00007FF610C5A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234256183.00007FF610C61000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610C62000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610C8B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610CEB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF6116EB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235201855.00007FF611840000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235221399.00007FF611841000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235238990.00007FF611844000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235256152.00007FF611845000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235273413.00007FF611846000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235291896.00007FF61184A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235309286.00007FF61184B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235328242.00007FF611855000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235346355.00007FF61185A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235364461.00007FF61185F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235394816.00007FF611878000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235412351.00007FF61187A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF611883000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF61188A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235598308.00007FF6118ED000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235636771.00007FF611910000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235636771.00007FF611930000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff610150000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1c34ef30a5c8c028492a7aec91fd8cc93f3bd9139ed12097f4394b216d7ffd09
Instruction ID: bbaa692af10a6feafb8fed9647aeffa92202484386f40619e1ce73e839290298
Opcode Fuzzy Hash: 1c34ef30a5c8c028492a7aec91fd8cc93f3bd9139ed12097f4394b216d7ffd09
Instruction Fuzzy Hash: 3491A231E08E02A6FF549F94E48137963A5AF45F74F54913ACA0CC7795CE2CB985E740

Function 00007FF610178060 Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2233217266.00007FF610151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF610150000, based on PE: true

Associated: 00000000.00000002.2233199274.00007FF610150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2233649860.00007FF6106D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234088231.00007FF610C41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234122898.00007FF610C47000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234150880.00007FF610C48000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234169016.00007FF610C49000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234186046.00007FF610C4A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234202747.00007FF610C4B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234221133.00007FF610C59000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234237758.00007FF610C5A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234256183.00007FF610C61000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610C62000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610C8B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610CEB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF6116EB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235201855.00007FF611840000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235221399.00007FF611841000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235238990.00007FF611844000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235256152.00007FF611845000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235273413.00007FF611846000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235291896.00007FF61184A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235309286.00007FF61184B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235328242.00007FF611855000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235346355.00007FF61185A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235364461.00007FF61185F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235394816.00007FF611878000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235412351.00007FF61187A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF611883000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF61188A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235598308.00007FF6118ED000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235636771.00007FF611910000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235636771.00007FF611930000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff610150000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 00d6594e87fb8031d2f50870ca9dbc537816535ed285a207e4c3f8c8e40483fd
Instruction ID: 5c6676a5db4a9b560c1c8ce7cd0e8287b4bb05e86b151e7d0bcb00c5bbcc42be
Opcode Fuzzy Hash: 00d6594e87fb8031d2f50870ca9dbc537816535ed285a207e4c3f8c8e40483fd
Instruction Fuzzy Hash: D9417F36608F85A1EB448B15E8411EA67A4FB84FA4F958036EF4D93769CE7CD646C700

Function 00007FF610195E00 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2233217266.00007FF610151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF610150000, based on PE: true

Associated: 00000000.00000002.2233199274.00007FF610150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2233649860.00007FF6106D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234088231.00007FF610C41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234122898.00007FF610C47000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234150880.00007FF610C48000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234169016.00007FF610C49000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234186046.00007FF610C4A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234202747.00007FF610C4B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234221133.00007FF610C59000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234237758.00007FF610C5A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234256183.00007FF610C61000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610C62000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610C8B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610CEB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF6116EB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235201855.00007FF611840000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235221399.00007FF611841000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235238990.00007FF611844000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235256152.00007FF611845000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235273413.00007FF611846000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235291896.00007FF61184A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235309286.00007FF61184B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235328242.00007FF611855000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235346355.00007FF61185A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235364461.00007FF61185F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235394816.00007FF611878000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235412351.00007FF61187A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF611883000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF61188A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235598308.00007FF6118ED000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235636771.00007FF611910000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235636771.00007FF611930000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff610150000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6a5007af97247e32ca3394a6c7ae49790ba6805b55db95342021c6b1231998a4
Instruction ID: 714571373fea60243dca9c9b38c72bc6a57e573b103aa2bc957f42e32d29cf82
Opcode Fuzzy Hash: 6a5007af97247e32ca3394a6c7ae49790ba6805b55db95342021c6b1231998a4
Instruction Fuzzy Hash: 09211B36A09F4591EB40CB21E44213A7764FB5AFA0F158632EE9C83796DF3DD292C700

Function 00007FF6101B9B20 Relevance: 1.5, APIs: 1, Instructions: 42COMMON

Download Yara Rule

APIs

GetProcAddressForCaller.KERNELBASE ref: 00007FF6101B9B93

Memory Dump Source

Source File: 00000000.00000002.2233217266.00007FF610151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF610150000, based on PE: true

Associated: 00000000.00000002.2233199274.00007FF610150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2233649860.00007FF6106D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234088231.00007FF610C41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234122898.00007FF610C47000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234150880.00007FF610C48000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234169016.00007FF610C49000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234186046.00007FF610C4A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234202747.00007FF610C4B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234221133.00007FF610C59000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234237758.00007FF610C5A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234256183.00007FF610C61000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610C62000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610C8B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610CEB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF6116EB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235201855.00007FF611840000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235221399.00007FF611841000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235238990.00007FF611844000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235256152.00007FF611845000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235273413.00007FF611846000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235291896.00007FF61184A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235309286.00007FF61184B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235328242.00007FF611855000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235346355.00007FF61185A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235364461.00007FF61185F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235394816.00007FF611878000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235412351.00007FF61187A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF611883000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF61188A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235598308.00007FF6118ED000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235636771.00007FF611910000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235636771.00007FF611930000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff610150000_SecuriteInfo.jbxd

Similarity

API ID: AddressCallerProc
String ID:
API String ID: 2663294120-0
Opcode ID: ae9484ab8339121adab38818ee12098b0ed07cd46f7304dadeff90e65abf235e
Instruction ID: cc7f9e5b8a37cfb72e6d0cfd046c9c1969932853139d6a78c6e94d88e218e5cf
Opcode Fuzzy Hash: ae9484ab8339121adab38818ee12098b0ed07cd46f7304dadeff90e65abf235e
Instruction Fuzzy Hash: 58015B36A04F80C1EB118B5AE9413297374E749BE4F248226DEAD57BA4CB29E1A3C740

Non-executed Functions

Function 00007FF61017BCC0 Relevance: 14.3, Strings: 11, Instructions: 542COMMON

Download Yara Rule

Strings

runtime: summary[runtime: level = , p.searchAddr = runtime.newosprocruntime/internal/thread exhaustionlocked m0 woke upentersyscallblock spinningthreads=gp.waiting != nilunknown caller pcstack: frame={sp:runtime: nameOff runtime: typeOff runtime: textOff 06010, xrefs: 00007FF61017BFBF, 00007FF61017C3F6
, npages = tracealloc( p->status= in status idleprocs= gcwaiting= schedtick= timerslen= mallocing=bad timedivfloat64nan1float64nan2float64nan3float32nan2GOTRACEBACK) at entry+ (targetpc= , plugin: runtime: g : frame.sp=created by .WithCanceli/o timeoutbroken , xrefs: 00007FF61017C4BC
, i = code= addr= m->p= p->m=SCHED curg= ctxt: min= max= (...) base rdtscppopcnt, val netdns.localreturnlisten.onionip+netsocketdomaingophertelnetSTREEThangupkilleduint16uint32uint64structchan<-<-chan ValueCommonArabicBrahmiCarianChakmaCopticGothicHangulHa, xrefs: 00007FF61017C545
runtime: p.searchAddr = range partially overlapsbad defer entry in panicbypassed recovery failedstack trace unavailablebindm in unexpected GOOSrunqsteal: runq overflowdouble traceGCSweepStartfloating point exceptionconnection reset by peerlevel 2 not synchron, xrefs: 00007FF61017C525
bad summary dataruntime: addr = runtime: base = runtime: head = already; errno=runtime stack:invalid g statuscastogscanstatusbad g transitionschedule: in cgoreflect mismatch untyped locals missing stackmapbad symbol tablenon-Go function not in ranges:GODE, xrefs: 00007FF61017C09C, 00007FF61017C7EC
, levelBits[level] = runtime: searchIdx = defer on system stackpanic on system stackasync stack too largestartm: m is spinningstartlockedm: m has pfindrunnable: wrong ppreempt at unknown pcreleasep: invalid argcheckdead: runnable gruntime: newstack at runtime:, xrefs: 00007FF61017C5C5
] = pc=none: p=cas1cas2cas3cas4cas5cas6 at m= sp= sp: lr: fp=) m=ermssse3avx2bmi1bmi2dialbind on unixicmpigmpftpspop3smtpasn1quitint8uintchanfuncpartcallkind != AhomChamKawiLisuMiaoModiNewaThaiTotonameFrom.css.gif.htm.jpg.mjs.svg.xmlxn--graymenuhelpbold, xrefs: 00007FF61017C436
] = (usageinit ms, fault and tab= top=[...], fp:sse41sse42ssse3hostsfilesimap2imap3imapspop3sntohsint16int32int64uint8sliceGreekAdlamBamumBatakBuhidDograKhmerLatinLimbuNushuOghamOriyaOsageRunicTakriTamilUTF-8utf-8%s*%dtext/.avif.html.jpeg.json.wasm.webpbad n, xrefs: 00007FF61017BFF8
, j0 = head = panic: nmsys= locks= dying= allocs m->g0= pad1= pad2= text= minpc= value= (scan)types : type nil keywsarecvwsasendconnectlookup 2.5.4.62.5.4.32.5.4.52.5.4.72.5.4.82.5.4.9abortedCopySidWSARecvWSASendsignal invaliduintptrSwapperChanDir Value>C, xrefs: 00007FF61017C4DA
runtime: npages = runtime: range = {index out of rangeruntime: gp: gp=runtime: getg: g=forEachP: not done in async preemptbad manualFreeListruntime: textAddr cleantimers: bad p frames elided..., locked to threadruntime.semacreateruntime.semawakeupcontext., xrefs: 00007FF61017C06F
runtime: levelShift[level] = doRecordGoroutineProfile gp1=timeBegin/EndPeriod not foundruntime: sudog with non-nil cgfput: bad status (not Gdead)LockOSThread nesting overflowsemacquire not on the G stackruntime: split stack overflowstring concatenation too lon, xrefs: 00007FF61017C5A5

Memory Dump Source

Source File: 00000000.00000002.2233217266.00007FF610151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF610150000, based on PE: true

Associated: 00000000.00000002.2233199274.00007FF610150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2233649860.00007FF6106D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234088231.00007FF610C41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234122898.00007FF610C47000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234150880.00007FF610C48000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234169016.00007FF610C49000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234186046.00007FF610C4A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234202747.00007FF610C4B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234221133.00007FF610C59000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234237758.00007FF610C5A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234256183.00007FF610C61000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610C62000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610C8B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610CEB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF6116EB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235201855.00007FF611840000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235221399.00007FF611841000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235238990.00007FF611844000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235256152.00007FF611845000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235273413.00007FF611846000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235291896.00007FF61184A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235309286.00007FF61184B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235328242.00007FF611855000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235346355.00007FF61185A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235364461.00007FF61185F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235394816.00007FF611878000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235412351.00007FF61187A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF611883000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF61188A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235598308.00007FF6118ED000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235636771.00007FF611910000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235636771.00007FF611930000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff610150000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: , i = code= addr= m->p= p->m=SCHED curg= ctxt: min= max= (...) base rdtscppopcnt, val netdns.localreturnlisten.onionip+netsocketdomaingophertelnetSTREEThangupkilleduint16uint32uint64structchan<-<-chan ValueCommonArabicBrahmiCarianChakmaCopticGothicHangulHa$, j0 = head = panic: nmsys= locks= dying= allocs m->g0= pad1= pad2= text= minpc= value= (scan)types : type nil keywsarecvwsasendconnectlookup 2.5.4.62.5.4.32.5.4.52.5.4.72.5.4.82.5.4.9abortedCopySidWSARecvWSASendsignal invaliduintptrSwapperChanDir Value>C$, levelBits[level] = runtime: searchIdx = defer on system stackpanic on system stackasync stack too largestartm: m is spinningstartlockedm: m has pfindrunnable: wrong ppreempt at unknown pcreleasep: invalid argcheckdead: runnable gruntime: newstack at runtime:$, npages = tracealloc( p->status= in status idleprocs= gcwaiting= schedtick= timerslen= mallocing=bad timedivfloat64nan1float64nan2float64nan3float32nan2GOTRACEBACK) at entry+ (targetpc= , plugin: runtime: g : frame.sp=created by .WithCanceli/o timeoutbroken $] = pc=none: p=cas1cas2cas3cas4cas5cas6 at m= sp= sp: lr: fp=) m=ermssse3avx2bmi1bmi2dialbind on unixicmpigmpftpspop3smtpasn1quitint8uintchanfuncpartcallkind != AhomChamKawiLisuMiaoModiNewaThaiTotonameFrom.css.gif.htm.jpg.mjs.svg.xmlxn--graymenuhelpbold$] = (usageinit ms, fault and tab= top=[...], fp:sse41sse42ssse3hostsfilesimap2imap3imapspop3sntohsint16int32int64uint8sliceGreekAdlamBamumBatakBuhidDograKhmerLatinLimbuNushuOghamOriyaOsageRunicTakriTamilUTF-8utf-8%s*%dtext/.avif.html.jpeg.json.wasm.webpbad n$bad summary dataruntime: addr = runtime: base = runtime: head = already; errno=runtime stack:invalid g statuscastogscanstatusbad g transitionschedule: in cgoreflect mismatch untyped locals missing stackmapbad symbol tablenon-Go function not in ranges:GODE$runtime: levelShift[level] = doRecordGoroutineProfile gp1=timeBegin/EndPeriod not foundruntime: sudog with non-nil cgfput: bad status (not Gdead)LockOSThread nesting overflowsemacquire not on the G stackruntime: split stack overflowstring concatenation too lon$runtime: npages = runtime: range = {index out of rangeruntime: gp: gp=runtime: getg: g=forEachP: not done in async preemptbad manualFreeListruntime: textAddr cleantimers: bad p frames elided..., locked to threadruntime.semacreateruntime.semawakeupcontext.$runtime: p.searchAddr = range partially overlapsbad defer entry in panicbypassed recovery failedstack trace unavailablebindm in unexpected GOOSrunqsteal: runq overflowdouble traceGCSweepStartfloating point exceptionconnection reset by peerlevel 2 not synchron$runtime: summary[runtime: level = , p.searchAddr = runtime.newosprocruntime/internal/thread exhaustionlocked m0 woke upentersyscallblock spinningthreads=gp.waiting != nilunknown caller pcstack: frame={sp:runtime: nameOff runtime: typeOff runtime: textOff 06010
API String ID: 0-1068691519
Opcode ID: 5fe916b6e128f9508ea0b91f435b5366af0e7932e17c9fe4a6e59cc7b20b0fa1
Instruction ID: 25ea43a36e057c6a35d4abb3300a0a6f3c8ff717c3e4460e8c775168486b1a71
Opcode Fuzzy Hash: 5fe916b6e128f9508ea0b91f435b5366af0e7932e17c9fe4a6e59cc7b20b0fa1
Instruction Fuzzy Hash: 56328F36A18E86A1FE209B91E4423EAA325FB44FA0F408136DE4D97B9ADF3CD545C740

Function 00007FF6106AA070 Relevance: 13.7, APIs: 9, Instructions: 179sleepstringCOMMON

Download Yara Rule

APIs

GetStartupInfoA.KERNEL32 ref: 00007FF6106AA0BC
Sleep.KERNEL32 ref: 00007FF6106AA0F5
_amsg_exit.MSVCRT ref: 00007FF6106AA11D
_initterm.MSVCRT ref: 00007FF6106AA163
SetUnhandledExceptionFilter.KERNEL32 ref: 00007FF6106AA1A0
malloc.MSVCRT ref: 00007FF6106AA264
strlen.MSVCRT ref: 00007FF6106AA284
malloc.MSVCRT ref: 00007FF6106AA290

Memory Dump Source

Source File: 00000000.00000002.2233217266.00007FF610151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF610150000, based on PE: true

Associated: 00000000.00000002.2233199274.00007FF610150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2233649860.00007FF6106D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234088231.00007FF610C41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234122898.00007FF610C47000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234150880.00007FF610C48000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234169016.00007FF610C49000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234186046.00007FF610C4A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234202747.00007FF610C4B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234221133.00007FF610C59000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234237758.00007FF610C5A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234256183.00007FF610C61000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610C62000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610C8B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610CEB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF6116EB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235201855.00007FF611840000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235221399.00007FF611841000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235238990.00007FF611844000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235256152.00007FF611845000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235273413.00007FF611846000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235291896.00007FF61184A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235309286.00007FF61184B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235328242.00007FF611855000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235346355.00007FF61185A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235364461.00007FF61185F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235394816.00007FF611878000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235412351.00007FF61187A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF611883000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF61188A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235598308.00007FF6118ED000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235636771.00007FF611910000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235636771.00007FF611930000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff610150000_SecuriteInfo.jbxd

Similarity

API ID: malloc$ExceptionFilterInfoSleepStartupUnhandled_amsg_exit_inittermstrlen
String ID:
API String ID: 4258315806-0
Opcode ID: 98c0ac51aeb6d5c780bab1ecde70b34fc64bb73ac44fd7a404b2ad799f47fdfc
Instruction ID: 71476e8fa1fe47bfb4048caa6127642f3fa8fbeb14fbecbde3ad4241c6dd063c
Opcode Fuzzy Hash: 98c0ac51aeb6d5c780bab1ecde70b34fc64bb73ac44fd7a404b2ad799f47fdfc
Instruction Fuzzy Hash: F4817C30A19E52E5FF50AB15E4553B963A4AF89F60F244036D94DC73B1DF3EE8819B80

Function 00007FF61019FD20 Relevance: 12.9, Strings: 10, Instructions: 369COMMON

Download Yara Rule

Strings

runtime: pcdata is bad ABI descriptiondodeltimer: wrong Padjusttimers: bad psync.Cond is copiedcriterion too short20060102150405Z0700binary.LittleEndianunknown Go type: %villegal instructionbad file descriptordisk quota exceededtoo many open filesdevice not a , xrefs: 00007FF6101A009D, 00007FF6101A0227
untyped locals missing stackmapbad symbol tablenon-Go function not in ranges:GODEBUG: value "context canceled.WithValue(type hostLookupOrder=/etc/resolv.confnon-IPv4 addressnon-IPv6 addressunknown network no colon on linebinary.BigEndianlength too largeinva, xrefs: 00007FF6101A031D
untyped args out of range no module data in goroutine .WithDeadline(<not Stringer>getprotobynameunknown mode: data truncatedfile too largelevel 2 haltedlevel 3 haltedtoo many linksno such deviceprotocol errortext file busytoo many usersCryptGenRandomCertClos, xrefs: 00007FF6101A0197
runtime: frame runtimer: bad ptraceback stuckmissing address/etc/mdns.allowunknown network0601021504Z0700invalid booleannon-minimal tagunknown Go typeadvertise errorkey has expirednetwork is downno medium foundno such processGetAdaptersInfoCreateHardLinkWDevic, xrefs: 00007FF6101A0174, 00007FF6101A02FA
locals stack map entries for abi mismatch detected between runtime: impossible type kind unsafe.Slice: len out of rangesync: inconsistent mutex statesync: unlock of unlocked mutexGODEBUG: unknown cpu feature "subtle.XORBytes: dst too shortasn1: cannot marshal, xrefs: 00007FF6101A0265
and tab= top=[...], fp:sse41sse42ssse3hostsfilesimap2imap3imapspop3sntohsint16int32int64uint8sliceGreekAdlamBamumBatakBuhidDograKhmerLatinLimbuNushuOghamOriyaOsageRunicTakriTamilUTF-8utf-8%s*%dtext/.avif.html.jpeg.json.wasm.webpbad nfocushoverloginShiftSuper, xrefs: 00007FF6101A00BB, 00007FF6101A0245
bad symbol tablenon-Go function not in ranges:GODEBUG: value "context canceled.WithValue(type hostLookupOrder=/etc/resolv.confnon-IPv4 addressnon-IPv6 addressunknown network no colon on linebinary.BigEndianlength too largeinvalid rune %#Udivision by zeroinva, xrefs: 00007FF6101A012A, 00007FF6101A02BB
missing stackmapbad symbol tablenon-Go function not in ranges:GODEBUG: value "context canceled.WithValue(type hostLookupOrder=/etc/resolv.confnon-IPv4 addressnon-IPv6 addressunknown network no colon on linebinary.BigEndianlength too largeinvalid rune %#Udivi, xrefs: 00007FF6101A01D9, 00007FF6101A036F
args stack map entries for invalid runtime symbol tableruntime: no module data for [originating from goroutine cannot unmarshal DNS messagepending ASN.1 child too longasn1: string not valid UTF-8big: misuse of expNNWindowedfile descriptor in bad statedestinat, xrefs: 00007FF6101A00D6
(targetpc= , plugin: runtime: g : frame.sp=created by .WithCanceli/o timeoutbroken pipealarm clockbad messagefile existsbad addressRegCloseKeyCreateFileWDeleteFileWExitProcessFreeLibrarySetFileTimeVirtualLockWSARecvFromclosesocketgetpeernamegetsocknamecrypt32, xrefs: 00007FF6101A00F9, 00007FF6101A0288

Memory Dump Source

Source File: 00000000.00000002.2233217266.00007FF610151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF610150000, based on PE: true

Associated: 00000000.00000002.2233199274.00007FF610150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2233649860.00007FF6106D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234088231.00007FF610C41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234122898.00007FF610C47000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234150880.00007FF610C48000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234169016.00007FF610C49000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234186046.00007FF610C4A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234202747.00007FF610C4B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234221133.00007FF610C59000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234237758.00007FF610C5A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234256183.00007FF610C61000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610C62000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610C8B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610CEB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF6116EB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235201855.00007FF611840000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235221399.00007FF611841000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235238990.00007FF611844000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235256152.00007FF611845000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235273413.00007FF611846000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235291896.00007FF61184A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235309286.00007FF61184B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235328242.00007FF611855000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235346355.00007FF61185A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235364461.00007FF61185F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235394816.00007FF611878000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235412351.00007FF61187A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF611883000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF61188A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235598308.00007FF6118ED000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235636771.00007FF611910000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235636771.00007FF611930000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff610150000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: (targetpc= , plugin: runtime: g : frame.sp=created by .WithCanceli/o timeoutbroken pipealarm clockbad messagefile existsbad addressRegCloseKeyCreateFileWDeleteFileWExitProcessFreeLibrarySetFileTimeVirtualLockWSARecvFromclosesocketgetpeernamegetsocknamecrypt32$ and tab= top=[...], fp:sse41sse42ssse3hostsfilesimap2imap3imapspop3sntohsint16int32int64uint8sliceGreekAdlamBamumBatakBuhidDograKhmerLatinLimbuNushuOghamOriyaOsageRunicTakriTamilUTF-8utf-8%s*%dtext/.avif.html.jpeg.json.wasm.webpbad nfocushoverloginShiftSuper$ args stack map entries for invalid runtime symbol tableruntime: no module data for [originating from goroutine cannot unmarshal DNS messagepending ASN.1 child too longasn1: string not valid UTF-8big: misuse of expNNWindowedfile descriptor in bad statedestinat$ locals stack map entries for abi mismatch detected between runtime: impossible type kind unsafe.Slice: len out of rangesync: inconsistent mutex statesync: unlock of unlocked mutexGODEBUG: unknown cpu feature "subtle.XORBytes: dst too shortasn1: cannot marshal$ untyped args out of range no module data in goroutine .WithDeadline(<not Stringer>getprotobynameunknown mode: data truncatedfile too largelevel 2 haltedlevel 3 haltedtoo many linksno such deviceprotocol errortext file busytoo many usersCryptGenRandomCertClos$ untyped locals missing stackmapbad symbol tablenon-Go function not in ranges:GODEBUG: value "context canceled.WithValue(type hostLookupOrder=/etc/resolv.confnon-IPv4 addressnon-IPv6 addressunknown network no colon on linebinary.BigEndianlength too largeinva$bad symbol tablenon-Go function not in ranges:GODEBUG: value "context canceled.WithValue(type hostLookupOrder=/etc/resolv.confnon-IPv4 addressnon-IPv6 addressunknown network no colon on linebinary.BigEndianlength too largeinvalid rune %#Udivision by zeroinva$missing stackmapbad symbol tablenon-Go function not in ranges:GODEBUG: value "context canceled.WithValue(type hostLookupOrder=/etc/resolv.confnon-IPv4 addressnon-IPv6 addressunknown network no colon on linebinary.BigEndianlength too largeinvalid rune %#Udivi$runtime: frame runtimer: bad ptraceback stuckmissing address/etc/mdns.allowunknown network0601021504Z0700invalid booleannon-minimal tagunknown Go typeadvertise errorkey has expirednetwork is downno medium foundno such processGetAdaptersInfoCreateHardLinkWDevic$runtime: pcdata is bad ABI descriptiondodeltimer: wrong Padjusttimers: bad psync.Cond is copiedcriterion too short20060102150405Z0700binary.LittleEndianunknown Go type: %villegal instructionbad file descriptordisk quota exceededtoo many open filesdevice not a
API String ID: 0-1479805975
Opcode ID: c46760339fd2f599396afd07bed73da93f650bf32e891572605b6857b3fb7b27
Instruction ID: 58bbf9f93d120f1bef9dd3071dfbd3d924547ad1b91e00642272b39938185e19
Opcode Fuzzy Hash: c46760339fd2f599396afd07bed73da93f650bf32e891572605b6857b3fb7b27
Instruction Fuzzy Hash: CB02533660CE86A5FF60DB95E4813AAA365FB44FA0F544136EA4D837A6DF3CE544C700

Function 00007FF61016B4E0 Relevance: 11.9, Strings: 9, Instructions: 645COMMON

Download Yara Rule

Strings

ms clock, nBSSRoots=runtime: P exp.) for minTrigger=GOMEMLIMIT=bad m value, elemsize= freeindex= span.list=, npages = tracealloc( p->status= in status idleprocs= gcwaiting= schedtick= timerslen= mallocing=bad timedivfloat64nan1float64nan2float64nan3float32, xrefs: 00007FF61016BCC5
MB globals, work.nproc= work.nwait= nStackRoots= flushedWork double unlock s.spanclass= MB) workers=min too large-byte block (runtime: val=runtime: seq=fatal error: idlethreads= syscalltick=load64 failedxadd64 failedxchg64 failednil stackbase}sched={pc:, xrefs: 00007FF61016BF85
MB goal, s.state = s.base()= heapGoal=GOMEMLIMIT KiB now, pages at sweepgen= sweepgen , bound = , limit = tracefree(tracegc()exitThreadBad varintGC forced runqueue= stopwait= runqsize= gfreecnt= throwing= spinning=atomicand8float64nanfloat32nanException , xrefs: 00007FF61016BF45
gc done but gcphase != _GCoffruntime: p.gcMarkWorkerMode= scanobject of a noscan objectruntime: marking free object addspecial on invalid pointerruntime: summary max pages = runtime: levelShift[level] = doRecordGoroutineProfile gp1=timeBegin/EndPeriod not foun, xrefs: 00007FF61016C169
ms cpu, (forced) wbuf1.n= wbuf2.n= s.limit= s.state= B work ( B exp.) marked unmarked in use), size = bad prune, tail = recover: not in [ctxt != 0, oldval=, newval= threads=: status= blocked= lockedg=atomicor8 runtime= m->curg=(unknown)traceback} stack=, xrefs: 00007FF61016BECB
failed to set sweep barrierwork.nwait was > work.nproc not in stack roots range [allocated pages below zero?address not a stack addressmspan.sweep: bad span stateinvalid profile bucket typeruntime: corrupted polldescruntime: netpollinit failedcould not find QP, xrefs: 00007FF61016C158
MB stacks, worker mode nDataRoots= nSpanRoots= wbuf1=<nil> wbuf2=<nil> gcscandone runtime: gp= found at *( s.elemsize= B (goal , cons/mark maxTrigger= pages/byte s.sweepgen= allocCount end tracegcbad g0 stackself-preempt [recovered]bad recoverybad g , xrefs: 00007FF61016BF65
., xrefs: 00007FF61016BAB4
gcing MB, got= ... max=scav ptr ] = (usageinit ms, fault and tab= top=[...], fp:sse41sse42ssse3hostsfilesimap2imap3imapspop3sntohsint16int32int64uint8sliceGreekAdlamBamumBatakBuhidDograKhmerLatinLimbuNushuOghamOriyaOsageRunicTakriTamilUTF-8utf-8%s*%dtext/, xrefs: 00007FF61016B59A

Memory Dump Source

Source File: 00000000.00000002.2233217266.00007FF610151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF610150000, based on PE: true

Associated: 00000000.00000002.2233199274.00007FF610150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2233649860.00007FF6106D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234088231.00007FF610C41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234122898.00007FF610C47000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234150880.00007FF610C48000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234169016.00007FF610C49000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234186046.00007FF610C4A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234202747.00007FF610C4B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234221133.00007FF610C59000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234237758.00007FF610C5A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234256183.00007FF610C61000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610C62000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610C8B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610CEB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF6116EB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235201855.00007FF611840000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235221399.00007FF611841000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235238990.00007FF611844000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235256152.00007FF611845000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235273413.00007FF611846000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235291896.00007FF61184A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235309286.00007FF61184B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235328242.00007FF611855000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235346355.00007FF61185A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235364461.00007FF61185F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235394816.00007FF611878000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235412351.00007FF61187A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF611883000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF61188A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235598308.00007FF6118ED000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235636771.00007FF611910000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235636771.00007FF611930000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff610150000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: MB globals, work.nproc= work.nwait= nStackRoots= flushedWork double unlock s.spanclass= MB) workers=min too large-byte block (runtime: val=runtime: seq=fatal error: idlethreads= syscalltick=load64 failedxadd64 failedxchg64 failednil stackbase}sched={pc:$ MB goal, s.state = s.base()= heapGoal=GOMEMLIMIT KiB now, pages at sweepgen= sweepgen , bound = , limit = tracefree(tracegc()exitThreadBad varintGC forced runqueue= stopwait= runqsize= gfreecnt= throwing= spinning=atomicand8float64nanfloat32nanException $ MB stacks, worker mode nDataRoots= nSpanRoots= wbuf1=<nil> wbuf2=<nil> gcscandone runtime: gp= found at *( s.elemsize= B (goal , cons/mark maxTrigger= pages/byte s.sweepgen= allocCount end tracegcbad g0 stackself-preempt [recovered]bad recoverybad g $ ms clock, nBSSRoots=runtime: P exp.) for minTrigger=GOMEMLIMIT=bad m value, elemsize= freeindex= span.list=, npages = tracealloc( p->status= in status idleprocs= gcwaiting= schedtick= timerslen= mallocing=bad timedivfloat64nan1float64nan2float64nan3float32$ ms cpu, (forced) wbuf1.n= wbuf2.n= s.limit= s.state= B work ( B exp.) marked unmarked in use), size = bad prune, tail = recover: not in [ctxt != 0, oldval=, newval= threads=: status= blocked= lockedg=atomicor8 runtime= m->curg=(unknown)traceback} stack=$.$failed to set sweep barrierwork.nwait was > work.nproc not in stack roots range [allocated pages below zero?address not a stack addressmspan.sweep: bad span stateinvalid profile bucket typeruntime: corrupted polldescruntime: netpollinit failedcould not find QP$gc done but gcphase != _GCoffruntime: p.gcMarkWorkerMode= scanobject of a noscan objectruntime: marking free object addspecial on invalid pointerruntime: summary max pages = runtime: levelShift[level] = doRecordGoroutineProfile gp1=timeBegin/EndPeriod not foun$gcing MB, got= ... max=scav ptr ] = (usageinit ms, fault and tab= top=[...], fp:sse41sse42ssse3hostsfilesimap2imap3imapspop3sntohsint16int32int64uint8sliceGreekAdlamBamumBatakBuhidDograKhmerLatinLimbuNushuOghamOriyaOsageRunicTakriTamilUTF-8utf-8%s*%dtext/
API String ID: 0-2179417172
Opcode ID: 7c55ca730704873aed7c9746711b5483d7c4bf4b57c327105f5186bd00b8c946
Instruction ID: d064a5a0519d02a1ed80e3090fe9db1e5dad66a0aed26181d1897e90212b3882
Opcode Fuzzy Hash: 7c55ca730704873aed7c9746711b5483d7c4bf4b57c327105f5186bd00b8c946
Instruction Fuzzy Hash: 53623C36A0DE8696FB50DB55E8823BA6369FB45FA0F448132DA4D837A6DF3CE145C700

Function 00007FF610170960 Relevance: 6.4, Strings: 5, Instructions: 176COMMON

Download Yara Rule

Strings

greyobject: obj not pointer-alignedmismatched begin/end of activeSweepmheap.freeSpanLocked - invalid freeattempt to clear non-empty span setruntime: close polldesc w/o unblockruntime: inconsistent read deadlinefindrunnable: netpoll with spinningpidleput: P has, xrefs: 00007FF610170BEF
runtime: marking free object addspecial on invalid pointerruntime: summary max pages = runtime: levelShift[level] = doRecordGoroutineProfile gp1=timeBegin/EndPeriod not foundruntime: sudog with non-nil cgfput: bad status (not Gdead)LockOSThread nesting overflo, xrefs: 00007FF610170B27
marking free object KiB work (eager), [controller reset]mspan.sweep: state=sysMemStat overflowbad sequence numberntdll.dll not foundwinmm.dll not foundruntime: g0 stack [missing deferreturnpanic during mallocpanic holding lockspanic during panic, g->atomics, xrefs: 00007FF610170BDE
base of ) = <==GOGC] = pc=none: p=cas1cas2cas3cas4cas5cas6 at m= sp= sp: lr: fp=) m=ermssse3avx2bmi1bmi2dialbind on unixicmpigmpftpspop3smtpasn1quitint8uintchanfuncpartcallkind != AhomChamKawiLisuMiaoModiNewaThaiTotonameFrom.css.gif.htm.jpg.mjs.svg.xml, xrefs: 00007FF610170B9B
found at *( s.elemsize= B (goal , cons/mark maxTrigger= pages/byte s.sweepgen= allocCount end tracegcbad g0 stackself-preempt [recovered]bad recoverybad g statusentersyscallwirep: p->m=) p->status=releasep: m= sysmonwait= preemptoff=cas64 failed m->gs, xrefs: 00007FF610170B45

Memory Dump Source

Source File: 00000000.00000002.2233217266.00007FF610151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF610150000, based on PE: true

Associated: 00000000.00000002.2233199274.00007FF610150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2233649860.00007FF6106D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234088231.00007FF610C41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234122898.00007FF610C47000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234150880.00007FF610C48000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234169016.00007FF610C49000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234186046.00007FF610C4A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234202747.00007FF610C4B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234221133.00007FF610C59000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234237758.00007FF610C5A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234256183.00007FF610C61000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610C62000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610C8B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610CEB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF6116EB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235201855.00007FF611840000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235221399.00007FF611841000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235238990.00007FF611844000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235256152.00007FF611845000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235273413.00007FF611846000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235291896.00007FF61184A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235309286.00007FF61184B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235328242.00007FF611855000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235346355.00007FF61185A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235364461.00007FF61185F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235394816.00007FF611878000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235412351.00007FF61187A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF611883000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF61188A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235598308.00007FF6118ED000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235636771.00007FF611910000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235636771.00007FF611930000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff610150000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: found at *( s.elemsize= B (goal , cons/mark maxTrigger= pages/byte s.sweepgen= allocCount end tracegcbad g0 stackself-preempt [recovered]bad recoverybad g statusentersyscallwirep: p->m=) p->status=releasep: m= sysmonwait= preemptoff=cas64 failed m->gs$base of ) = <==GOGC] = pc=none: p=cas1cas2cas3cas4cas5cas6 at m= sp= sp: lr: fp=) m=ermssse3avx2bmi1bmi2dialbind on unixicmpigmpftpspop3smtpasn1quitint8uintchanfuncpartcallkind != AhomChamKawiLisuMiaoModiNewaThaiTotonameFrom.css.gif.htm.jpg.mjs.svg.xml$greyobject: obj not pointer-alignedmismatched begin/end of activeSweepmheap.freeSpanLocked - invalid freeattempt to clear non-empty span setruntime: close polldesc w/o unblockruntime: inconsistent read deadlinefindrunnable: netpoll with spinningpidleput: P has$marking free object KiB work (eager), [controller reset]mspan.sweep: state=sysMemStat overflowbad sequence numberntdll.dll not foundwinmm.dll not foundruntime: g0 stack [missing deferreturnpanic during mallocpanic holding lockspanic during panic, g->atomics$runtime: marking free object addspecial on invalid pointerruntime: summary max pages = runtime: levelShift[level] = doRecordGoroutineProfile gp1=timeBegin/EndPeriod not foundruntime: sudog with non-nil cgfput: bad status (not Gdead)LockOSThread nesting overflo
API String ID: 0-1311871524
Opcode ID: c327a77b9e576fa19080a6dc40b0ed77d00f9745771a7b26d2bc3e184cd3c822
Instruction ID: 011008399197f4a8ccbbe86750f6357577073a9a84d46e8401c934982d687ed4
Opcode Fuzzy Hash: c327a77b9e576fa19080a6dc40b0ed77d00f9745771a7b26d2bc3e184cd3c822
Instruction Fuzzy Hash: 5D71DE66A08F82A6FF019B51E4423B9A764FB45FA0F444136EF9D83B96CF2CE654C700

Function 00007FF61015BDA0 Relevance: 6.3, Strings: 5, Instructions: 80COMMON

Download Yara Rule

Strings

-> node= ms cpu, (forced) wbuf1.n= wbuf2.n= s.limit= s.state= B work ( B exp.) marked unmarked in use), size = bad prune, tail = recover: not in [ctxt != 0, oldval=, newval= threads=: status= blocked= lockedg=atomicor8 runtime= m->curg=(unknown)tracebac, xrefs: 00007FF61015BE85
runtime: lfstack.push invalid packing: node=out of memory allocating heap arena metadata/cpu/classes/scavenge/background:cpu-secondsruntime: unexpected metric registration for gcmarknewobject called while doing checkmarkactive sweepers found at start of mark p, xrefs: 00007FF61015BE25
lfstack.push span.limit= span.state=bad flushGen MB stacks, worker mode nDataRoots= nSpanRoots= wbuf1=<nil> wbuf2=<nil> gcscandone runtime: gp= found at *( s.elemsize= B (goal , cons/mark maxTrigger= pages/byte s.sweepgen= allocCount end tracegcbad g0, xrefs: 00007FF61015BEAF
cnt=gcing MB, got= ... max=scav ptr ] = (usageinit ms, fault and tab= top=[...], fp:sse41sse42ssse3hostsfilesimap2imap3imapspop3sntohsint16int32int64uint8sliceGreekAdlamBamumBatakBuhidDograKhmerLatinLimbuNushuOghamOriyaOsageRunicTakriTamilUTF-8utf-8%s*%d, xrefs: 00007FF61015BE45
packed=BAD RANK status unknown(trigger= npages= nalloc= nfreed=[signal newval= mcount= bytes, stack=[ minLC= maxpc= stack=[ minutes etypes [::1]:53continue_gatewayshutdowninvalid address readfromwsaioctlunixgram2.5.4.102.5.4.112.5.4.17no anodeCancelIoRead, xrefs: 00007FF61015BE65

Memory Dump Source

Source File: 00000000.00000002.2233217266.00007FF610151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF610150000, based on PE: true

Associated: 00000000.00000002.2233199274.00007FF610150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2233649860.00007FF6106D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234088231.00007FF610C41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234122898.00007FF610C47000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234150880.00007FF610C48000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234169016.00007FF610C49000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234186046.00007FF610C4A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234202747.00007FF610C4B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234221133.00007FF610C59000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234237758.00007FF610C5A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234256183.00007FF610C61000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610C62000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610C8B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610CEB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF6116EB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235201855.00007FF611840000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235221399.00007FF611841000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235238990.00007FF611844000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235256152.00007FF611845000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235273413.00007FF611846000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235291896.00007FF61184A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235309286.00007FF61184B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235328242.00007FF611855000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235346355.00007FF61185A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235364461.00007FF61185F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235394816.00007FF611878000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235412351.00007FF61187A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF611883000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF61188A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235598308.00007FF6118ED000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235636771.00007FF611910000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235636771.00007FF611930000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff610150000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: -> node= ms cpu, (forced) wbuf1.n= wbuf2.n= s.limit= s.state= B work ( B exp.) marked unmarked in use), size = bad prune, tail = recover: not in [ctxt != 0, oldval=, newval= threads=: status= blocked= lockedg=atomicor8 runtime= m->curg=(unknown)tracebac$ cnt=gcing MB, got= ... max=scav ptr ] = (usageinit ms, fault and tab= top=[...], fp:sse41sse42ssse3hostsfilesimap2imap3imapspop3sntohsint16int32int64uint8sliceGreekAdlamBamumBatakBuhidDograKhmerLatinLimbuNushuOghamOriyaOsageRunicTakriTamilUTF-8utf-8%s*%d$ packed=BAD RANK status unknown(trigger= npages= nalloc= nfreed=[signal newval= mcount= bytes, stack=[ minLC= maxpc= stack=[ minutes etypes [::1]:53continue_gatewayshutdowninvalid address readfromwsaioctlunixgram2.5.4.102.5.4.112.5.4.17no anodeCancelIoRead$lfstack.push span.limit= span.state=bad flushGen MB stacks, worker mode nDataRoots= nSpanRoots= wbuf1=<nil> wbuf2=<nil> gcscandone runtime: gp= found at *( s.elemsize= B (goal , cons/mark maxTrigger= pages/byte s.sweepgen= allocCount end tracegcbad g0$runtime: lfstack.push invalid packing: node=out of memory allocating heap arena metadata/cpu/classes/scavenge/background:cpu-secondsruntime: unexpected metric registration for gcmarknewobject called while doing checkmarkactive sweepers found at start of mark p
API String ID: 0-2803183959
Opcode ID: 56043d0f2cfa56b9763b09324244c05be8344afcb26b7588ab5eda2fe720084e
Instruction ID: 3de4619e0ee7226fe1be3249e999f82bb5cc0292724fca4f33a612d0823dce04
Opcode Fuzzy Hash: 56043d0f2cfa56b9763b09324244c05be8344afcb26b7588ab5eda2fe720084e
Instruction Fuzzy Hash: D0317436A1CF46A6FE109B90E8821B9A768FB49F90F488531DE5D87756CF3CD5109740

Function 00007FF61016AB20 Relevance: 5.3, Strings: 4, Instructions: 312COMMON

Download Yara Rule

Strings

runtime: p ms clock, nBSSRoots=runtime: P exp.) for minTrigger=GOMEMLIMIT=bad m value, elemsize= freeindex= span.list=, npages = tracealloc( p->status= in status idleprocs= gcwaiting= schedtick= timerslen= mallocing=bad timedivfloat64nan1float64nan2float64, xrefs: 00007FF61016AFDA
p mcache not flushed markroot jobs donepacer: assist ratio=workbuf is not emptybad use of bucket.mpbad use of bucket.bpruntime: double waitws2_32.dll not foundpreempt off reason: forcegc: phase errorgopark: bad g statusgo of nil func valuewirep: already in go, xrefs: 00007FF61016B038
!= sweepgen MB globals, work.nproc= work.nwait= nStackRoots= flushedWork double unlock s.spanclass= MB) workers=min too large-byte block (runtime: val=runtime: seq=fatal error: idlethreads= syscalltick=load64 failedxadd64 failedxchg64 failednil stackbase, xrefs: 00007FF61016B010
flushGen MB goal, s.state = s.base()= heapGoal=GOMEMLIMIT KiB now, pages at sweepgen= sweepgen , bound = , limit = tracefree(tracegc()exitThreadBad varintGC forced runqueue= stopwait= runqsize= gfreecnt= throwing= spinning=atomicand8float64nanfloat32nan, xrefs: 00007FF61016AFF5

Memory Dump Source

Source File: 00000000.00000002.2233217266.00007FF610151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF610150000, based on PE: true

Associated: 00000000.00000002.2233199274.00007FF610150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2233649860.00007FF6106D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234088231.00007FF610C41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234122898.00007FF610C47000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234150880.00007FF610C48000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234169016.00007FF610C49000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234186046.00007FF610C4A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234202747.00007FF610C4B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234221133.00007FF610C59000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234237758.00007FF610C5A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234256183.00007FF610C61000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610C62000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610C8B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610CEB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF6116EB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235201855.00007FF611840000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235221399.00007FF611841000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235238990.00007FF611844000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235256152.00007FF611845000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235273413.00007FF611846000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235291896.00007FF61184A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235309286.00007FF61184B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235328242.00007FF611855000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235346355.00007FF61185A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235364461.00007FF61185F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235394816.00007FF611878000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235412351.00007FF61187A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF611883000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF61188A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235598308.00007FF6118ED000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235636771.00007FF611910000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235636771.00007FF611930000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff610150000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: != sweepgen MB globals, work.nproc= work.nwait= nStackRoots= flushedWork double unlock s.spanclass= MB) workers=min too large-byte block (runtime: val=runtime: seq=fatal error: idlethreads= syscalltick=load64 failedxadd64 failedxchg64 failednil stackbase$ flushGen MB goal, s.state = s.base()= heapGoal=GOMEMLIMIT KiB now, pages at sweepgen= sweepgen , bound = , limit = tracefree(tracegc()exitThreadBad varintGC forced runqueue= stopwait= runqsize= gfreecnt= throwing= spinning=atomicand8float64nanfloat32nan$p mcache not flushed markroot jobs donepacer: assist ratio=workbuf is not emptybad use of bucket.mpbad use of bucket.bpruntime: double waitws2_32.dll not foundpreempt off reason: forcegc: phase errorgopark: bad g statusgo of nil func valuewirep: already in go$runtime: p ms clock, nBSSRoots=runtime: P exp.) for minTrigger=GOMEMLIMIT=bad m value, elemsize= freeindex= span.list=, npages = tracealloc( p->status= in status idleprocs= gcwaiting= schedtick= timerslen= mallocing=bad timedivfloat64nan1float64nan2float64
API String ID: 0-3993034679
Opcode ID: 56d4ca2dfd565013226413e68c2678a8f4e2d89a683b36b22dfa4e2ba73036b0
Instruction ID: 1edd0dcc7eaec44ebc07e0c4aad24e737beb62aeedff01418738824923b04ad0
Opcode Fuzzy Hash: 56d4ca2dfd565013226413e68c2678a8f4e2d89a683b36b22dfa4e2ba73036b0
Instruction Fuzzy Hash: F0E17C32A09F8296FB50CBA5E4822AA7365FB45F70F448136DA5D837A5DF7CE445CB00

Function 00007FF61018CBE0 Relevance: 5.3, Strings: 4, Instructions: 266COMMON

Download Yara Rule

Strings

runtime: casgstatus: oldval=gcstopm: negative nmspinningfindrunnable: netpoll with psave on system g not allowednewproc1: newg missing stacknewproc1: new g is not GdeadFixedStack is not power-of-2missing stack in shrinkstack args stack map entries for invalid , xrefs: 00007FF61018CFA7
newval= mcount= bytes, stack=[ minLC= maxpc= stack=[ minutes etypes [::1]:53continue_gatewayshutdowninvalid address readfromwsaioctlunixgram2.5.4.102.5.4.112.5.4.17no anodeCancelIoReadFileAcceptExWSAIoctlArmenianBalineseBopomofoBugineseCherokeeCyrillicDupl, xrefs: 00007FF61018CFC5
casgstatus: waiting for Gwaiting but is Grunnablechacha20poly1305: bad nonce length passed to Sealchacha20poly1305: bad nonce length passed to Openinvalid or incomplete multibyte or wide characterreflect.Value.Slice: slice of unaddressable arraySOS length inco, xrefs: 00007FF61018CF5B
casgstatus: bad incoming valuesresetspinning: not a spinning mentersyscallblock inconsistent signal_recv: inconsistent stateruntime: split stack overflow: ...additional frames elided...unsafe.String: len out of rangecrypto/ecdh: invalid public keyencoding/hex, xrefs: 00007FF61018CFEF

Memory Dump Source

Source File: 00000000.00000002.2233217266.00007FF610151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF610150000, based on PE: true

Associated: 00000000.00000002.2233199274.00007FF610150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2233649860.00007FF6106D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234088231.00007FF610C41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234122898.00007FF610C47000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234150880.00007FF610C48000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234169016.00007FF610C49000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234186046.00007FF610C4A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234202747.00007FF610C4B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234221133.00007FF610C59000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234237758.00007FF610C5A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234256183.00007FF610C61000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610C62000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610C8B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610CEB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF6116EB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235201855.00007FF611840000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235221399.00007FF611841000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235238990.00007FF611844000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235256152.00007FF611845000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235273413.00007FF611846000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235291896.00007FF61184A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235309286.00007FF61184B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235328242.00007FF611855000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235346355.00007FF61185A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235364461.00007FF61185F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235394816.00007FF611878000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235412351.00007FF61187A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF611883000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF61188A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235598308.00007FF6118ED000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235636771.00007FF611910000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235636771.00007FF611930000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff610150000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: newval= mcount= bytes, stack=[ minLC= maxpc= stack=[ minutes etypes [::1]:53continue_gatewayshutdowninvalid address readfromwsaioctlunixgram2.5.4.102.5.4.112.5.4.17no anodeCancelIoReadFileAcceptExWSAIoctlArmenianBalineseBopomofoBugineseCherokeeCyrillicDupl$casgstatus: bad incoming valuesresetspinning: not a spinning mentersyscallblock inconsistent signal_recv: inconsistent stateruntime: split stack overflow: ...additional frames elided...unsafe.String: len out of rangecrypto/ecdh: invalid public keyencoding/hex$casgstatus: waiting for Gwaiting but is Grunnablechacha20poly1305: bad nonce length passed to Sealchacha20poly1305: bad nonce length passed to Openinvalid or incomplete multibyte or wide characterreflect.Value.Slice: slice of unaddressable arraySOS length inco$runtime: casgstatus: oldval=gcstopm: negative nmspinningfindrunnable: netpoll with psave on system g not allowednewproc1: newg missing stacknewproc1: new g is not GdeadFixedStack is not power-of-2missing stack in shrinkstack args stack map entries for invalid
API String ID: 0-46102773
Opcode ID: 5ee303449469180826746fa8b3b1ce009e7a4ca6762484b9112589c647276da8
Instruction ID: 7c2b410b57ab2f720eb0c4f1b1c6e89869fdcb6ac3631774cd54bb3513b84d95
Opcode Fuzzy Hash: 5ee303449469180826746fa8b3b1ce009e7a4ca6762484b9112589c647276da8
Instruction Fuzzy Hash: 18C19336A09E4596FB50CB65E08636A7B61FB4AFA0F548133EA8C83795CF3DE542D700

Function 00007FF610189800 Relevance: 5.2, Strings: 4, Instructions: 224COMMON

Download Yara Rule

Strings

bad restart PC-thread limitstopm spinning nmidlelocked= needspinning=store64 failedsemaRoot queuebad allocCountbad span statestack overflow untyped args out of range no module data in goroutine .WithDeadline(<not Stringer>getprotobynameunknown mode: data tru, xrefs: 00007FF610189AE5
runtime/internal/thread exhaustionlocked m0 woke upentersyscallblock spinningthreads=gp.waiting != nilunknown caller pcstack: frame={sp:runtime: nameOff runtime: typeOff runtime: textOff 060102150405Z0700integer too large%%!%c(big.Int=%s)permission deniedwrong, xrefs: 00007FF6101899F4
reflect., xrefs: 00007FF610189A1B
runtime., xrefs: 00007FF6101899BB

Memory Dump Source

Source File: 00000000.00000002.2233217266.00007FF610151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF610150000, based on PE: true

Associated: 00000000.00000002.2233199274.00007FF610150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2233649860.00007FF6106D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234088231.00007FF610C41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234122898.00007FF610C47000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234150880.00007FF610C48000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234169016.00007FF610C49000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234186046.00007FF610C4A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234202747.00007FF610C4B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234221133.00007FF610C59000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234237758.00007FF610C5A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234256183.00007FF610C61000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610C62000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610C8B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610CEB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF6116EB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235201855.00007FF611840000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235221399.00007FF611841000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235238990.00007FF611844000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235256152.00007FF611845000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235273413.00007FF611846000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235291896.00007FF61184A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235309286.00007FF61184B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235328242.00007FF611855000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235346355.00007FF61185A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235364461.00007FF61185F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235394816.00007FF611878000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235412351.00007FF61187A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF611883000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF61188A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235598308.00007FF6118ED000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235636771.00007FF611910000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235636771.00007FF611930000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff610150000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: bad restart PC-thread limitstopm spinning nmidlelocked= needspinning=store64 failedsemaRoot queuebad allocCountbad span statestack overflow untyped args out of range no module data in goroutine .WithDeadline(<not Stringer>getprotobynameunknown mode: data tru$reflect.$runtime.$runtime/internal/thread exhaustionlocked m0 woke upentersyscallblock spinningthreads=gp.waiting != nilunknown caller pcstack: frame={sp:runtime: nameOff runtime: typeOff runtime: textOff 060102150405Z0700integer too large%%!%c(big.Int=%s)permission deniedwrong
API String ID: 0-3342706229
Opcode ID: 44cebdfb341399189e94adc77e095006bfeb2946ec34af142254a9e35e2230c5
Instruction ID: c06d8057df547e104ee53042f60bb2fcf89c7e9b05e067e5dfaa258b80d926d2
Opcode Fuzzy Hash: 44cebdfb341399189e94adc77e095006bfeb2946ec34af142254a9e35e2230c5
Instruction Fuzzy Hash: F281B472B08E4196FF548B90A4423BD63A2FB85FA4F5C8136DA9D87794CF3CE9919700

Function 00007FF6101AACC0 Relevance: 4.2, Strings: 3, Instructions: 440COMMON

Download Yara Rule

Strings

sp= sp: lr: fp=) m=ermssse3avx2bmi1bmi2dialbind on unixicmpigmpftpspop3smtpasn1quitint8uintchanfuncpartcallkind != AhomChamKawiLisuMiaoModiNewaThaiTotonameFrom.css.gif.htm.jpg.mjs.svg.xmlxn--graymenuhelpboldBoldQuitMenujpeg, xrefs: 00007FF6101AB312
pc=none: p=cas1cas2cas3cas4cas5cas6 at m= sp= sp: lr: fp=) m=ermssse3avx2bmi1bmi2dialbind on unixicmpigmpftpspop3smtpasn1quitint8uintchanfuncpartcallkind != AhomChamKawiLisuMiaoModiNewaThaiTotonameFrom.css.gif.htm.jpg.mjs.svg.xmlxn--graymenuhelpboldBold, xrefs: 00007FF6101AB332
non-Go function at pc=.localhost.localdomainmissing ']' in addressinvalid address familyoperation was canceledzero length BIT STRINGInt.Scan: invalid verbinvalid number base %dinternal inconsistencyargument list too longaddress already in usenetwork is unreach, xrefs: 00007FF6101AB445

Memory Dump Source

Source File: 00000000.00000002.2233217266.00007FF610151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF610150000, based on PE: true

Associated: 00000000.00000002.2233199274.00007FF610150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2233649860.00007FF6106D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234088231.00007FF610C41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234122898.00007FF610C47000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234150880.00007FF610C48000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234169016.00007FF610C49000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234186046.00007FF610C4A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234202747.00007FF610C4B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234221133.00007FF610C59000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234237758.00007FF610C5A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234256183.00007FF610C61000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610C62000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610C8B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610CEB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF6116EB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235201855.00007FF611840000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235221399.00007FF611841000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235238990.00007FF611844000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235256152.00007FF611845000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235273413.00007FF611846000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235291896.00007FF61184A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235309286.00007FF61184B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235328242.00007FF611855000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235346355.00007FF61185A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235364461.00007FF61185F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235394816.00007FF611878000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235412351.00007FF61187A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF611883000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF61188A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235598308.00007FF6118ED000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235636771.00007FF611910000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235636771.00007FF611930000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff610150000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: pc=none: p=cas1cas2cas3cas4cas5cas6 at m= sp= sp: lr: fp=) m=ermssse3avx2bmi1bmi2dialbind on unixicmpigmpftpspop3smtpasn1quitint8uintchanfuncpartcallkind != AhomChamKawiLisuMiaoModiNewaThaiTotonameFrom.css.gif.htm.jpg.mjs.svg.xmlxn--graymenuhelpboldBold$ sp= sp: lr: fp=) m=ermssse3avx2bmi1bmi2dialbind on unixicmpigmpftpspop3smtpasn1quitint8uintchanfuncpartcallkind != AhomChamKawiLisuMiaoModiNewaThaiTotonameFrom.css.gif.htm.jpg.mjs.svg.xmlxn--graymenuhelpboldBoldQuitMenujpeg$non-Go function at pc=.localhost.localdomainmissing ']' in addressinvalid address familyoperation was canceledzero length BIT STRINGInt.Scan: invalid verbinvalid number base %dinternal inconsistencyargument list too longaddress already in usenetwork is unreach
API String ID: 0-2530365593
Opcode ID: 252ae0ff3c2ae623be827e6aa53b4a45c845b7eea3f55d11c43f8f7c460e9daa
Instruction ID: 01521ab6b811205e254813199735167333f8b9e75282d9f485fdd3066ebb5ce2
Opcode Fuzzy Hash: 252ae0ff3c2ae623be827e6aa53b4a45c845b7eea3f55d11c43f8f7c460e9daa
Instruction Fuzzy Hash: 0022303660CBC1D5FB609B51E4853AEA761FB89B90F544136EA8D87BAACF3CD544CB00

Function 00007FF610171300 Relevance: 3.9, Strings: 3, Instructions: 179COMMON

Download Yara Rule

Strings

MB) workers=min too large-byte block (runtime: val=runtime: seq=fatal error: idlethreads= syscalltick=load64 failedxadd64 failedxchg64 failednil stackbase}sched={pc:, gp->status= pluginpath= : unknown pc called from lame referralempty integerunsupported: , xrefs: 00007FF610171585
pacer: assist ratio=workbuf is not emptybad use of bucket.mpbad use of bucket.bpruntime: double waitws2_32.dll not foundpreempt off reason: forcegc: phase errorgopark: bad g statusgo of nil func valuewirep: already in goselectgo: bad wakeupsemaRoot rotateRight, xrefs: 00007FF610171506
(scan MB in pacer: % CPU ( zombie, j0 = head = panic: nmsys= locks= dying= allocs m->g0= pad1= pad2= text= minpc= value= (scan)types : type nil keywsarecvwsasendconnectlookup 2.5.4.62.5.4.32.5.4.52.5.4.72.5.4.82.5.4.9abortedCopySidWSARecvWSASendsignal i, xrefs: 00007FF610171525

Memory Dump Source

Source File: 00000000.00000002.2233217266.00007FF610151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF610150000, based on PE: true

Associated: 00000000.00000002.2233199274.00007FF610150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2233649860.00007FF6106D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234088231.00007FF610C41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234122898.00007FF610C47000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234150880.00007FF610C48000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234169016.00007FF610C49000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234186046.00007FF610C4A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234202747.00007FF610C4B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234221133.00007FF610C59000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234237758.00007FF610C5A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234256183.00007FF610C61000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610C62000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610C8B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610CEB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF6116EB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235201855.00007FF611840000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235221399.00007FF611841000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235238990.00007FF611844000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235256152.00007FF611845000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235273413.00007FF611846000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235291896.00007FF61184A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235309286.00007FF61184B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235328242.00007FF611855000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235346355.00007FF61185A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235364461.00007FF61185F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235394816.00007FF611878000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235412351.00007FF61187A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF611883000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF61188A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235598308.00007FF6118ED000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235636771.00007FF611910000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235636771.00007FF611930000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff610150000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: (scan MB in pacer: % CPU ( zombie, j0 = head = panic: nmsys= locks= dying= allocs m->g0= pad1= pad2= text= minpc= value= (scan)types : type nil keywsarecvwsasendconnectlookup 2.5.4.62.5.4.32.5.4.52.5.4.72.5.4.82.5.4.9abortedCopySidWSARecvWSASendsignal i$ MB) workers=min too large-byte block (runtime: val=runtime: seq=fatal error: idlethreads= syscalltick=load64 failedxadd64 failedxchg64 failednil stackbase}sched={pc:, gp->status= pluginpath= : unknown pc called from lame referralempty integerunsupported: $pacer: assist ratio=workbuf is not emptybad use of bucket.mpbad use of bucket.bpruntime: double waitws2_32.dll not foundpreempt off reason: forcegc: phase errorgopark: bad g statusgo of nil func valuewirep: already in goselectgo: bad wakeupsemaRoot rotateRight
API String ID: 0-3236778523
Opcode ID: 35924cb4025de42fec3cfb584335521766d1d61abf2dc37a8a8b601091c62e8c
Instruction ID: c235040f54f4ab51819e9245eb35d657ac63a78e4eedbd22910b21e5f1654e5b
Opcode Fuzzy Hash: 35924cb4025de42fec3cfb584335521766d1d61abf2dc37a8a8b601091c62e8c
Instruction Fuzzy Hash: 4D81283291CF5595FA51DB65E0412A9B7A5FF8AFA0F448332EA4E93766CF2CE081C740

Function 00007FF610199420 Relevance: 3.6, Strings: 2, Instructions: 1095COMMON

Download Yara Rule

Strings

gp.waiting != nilunknown caller pcstack: frame={sp:runtime: nameOff runtime: typeOff runtime: textOff 060102150405Z0700integer too large%%!%c(big.Int=%s)permission deniedwrong medium typeno data availableexec format errorLookupAccountSidWDnsRecordListFreeGetCu, xrefs: 00007FF61019A0A5
selectgo: bad wakeupsemaRoot rotateRightreflect.makeFuncStubdodeltimer0: wrong Ptrace: out of memoryinvalid DNS responsegetadaptersaddressesunexpected network: invalid integer typeasn1: syntax error: number has no digitsinvalid request codebad font file format, xrefs: 00007FF61019A07B

Memory Dump Source

Source File: 00000000.00000002.2233217266.00007FF610151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF610150000, based on PE: true

Associated: 00000000.00000002.2233199274.00007FF610150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2233649860.00007FF6106D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234088231.00007FF610C41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234122898.00007FF610C47000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234150880.00007FF610C48000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234169016.00007FF610C49000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234186046.00007FF610C4A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234202747.00007FF610C4B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234221133.00007FF610C59000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234237758.00007FF610C5A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234256183.00007FF610C61000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610C62000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610C8B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610CEB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF6116EB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235201855.00007FF611840000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235221399.00007FF611841000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235238990.00007FF611844000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235256152.00007FF611845000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235273413.00007FF611846000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235291896.00007FF61184A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235309286.00007FF61184B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235328242.00007FF611855000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235346355.00007FF61185A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235364461.00007FF61185F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235394816.00007FF611878000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235412351.00007FF61187A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF611883000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF61188A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235598308.00007FF6118ED000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235636771.00007FF611910000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235636771.00007FF611930000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff610150000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: gp.waiting != nilunknown caller pcstack: frame={sp:runtime: nameOff runtime: typeOff runtime: textOff 060102150405Z0700integer too large%%!%c(big.Int=%s)permission deniedwrong medium typeno data availableexec format errorLookupAccountSidWDnsRecordListFreeGetCu$selectgo: bad wakeupsemaRoot rotateRightreflect.makeFuncStubdodeltimer0: wrong Ptrace: out of memoryinvalid DNS responsegetadaptersaddressesunexpected network: invalid integer typeasn1: syntax error: number has no digitsinvalid request codebad font file format
API String ID: 0-583483709
Opcode ID: 8634b7551b64b0da93f0dd62979e7d5678ef80e6e5195458227be0b86f57c4b1
Instruction ID: 215b3fcf1b33f7140eaff6108c212fdbd86b95c54e6fadd760b49c73266755d2
Opcode Fuzzy Hash: 8634b7551b64b0da93f0dd62979e7d5678ef80e6e5195458227be0b86f57c4b1
Instruction Fuzzy Hash: 15C28932A08F8292EB608F46E4467AA77A9FB48FA0F558136DE9D83795CF3CD454C740

Function 00007FF6101C3E00 Relevance: 2.8, Strings: 2, Instructions: 330COMMON

Download Yara Rule

Strings

reflectlite.Value.IsNilindex out of range [%x]ReadMemStatsSlow (test)chan receive (nil chan)garbage collection scanmakechan: bad alignmentclose of closed channel) must be a power of 2system huge page size (runtime: s.allocCount= s.allocCount > s.nelems/gc/hea, xrefs: 00007FF6101C42ED
reflectlite.Value.Typeinteger divide by zeroCountPagesInUse (test)ReadMetricsSlow (test)trace reader (blocked)send on closed channelcall not at safe pointgetenv before env initinterface conversion: freeIndex is not validoldoverflow is not nils.freeindex > s.ne, xrefs: 00007FF6101C4323

Memory Dump Source

Source File: 00000000.00000002.2233217266.00007FF610151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF610150000, based on PE: true

Associated: 00000000.00000002.2233199274.00007FF610150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2233649860.00007FF6106D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234088231.00007FF610C41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234122898.00007FF610C47000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234150880.00007FF610C48000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234169016.00007FF610C49000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234186046.00007FF610C4A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234202747.00007FF610C4B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234221133.00007FF610C59000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234237758.00007FF610C5A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234256183.00007FF610C61000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610C62000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610C8B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610CEB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF6116EB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235201855.00007FF611840000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235221399.00007FF611841000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235238990.00007FF611844000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235256152.00007FF611845000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235273413.00007FF611846000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235291896.00007FF61184A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235309286.00007FF61184B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235328242.00007FF611855000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235346355.00007FF61185A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235364461.00007FF61185F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235394816.00007FF611878000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235412351.00007FF61187A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF611883000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF61188A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235598308.00007FF6118ED000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235636771.00007FF611910000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235636771.00007FF611930000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff610150000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: reflectlite.Value.IsNilindex out of range [%x]ReadMemStatsSlow (test)chan receive (nil chan)garbage collection scanmakechan: bad alignmentclose of closed channel) must be a power of 2system huge page size (runtime: s.allocCount= s.allocCount > s.nelems/gc/hea$reflectlite.Value.Typeinteger divide by zeroCountPagesInUse (test)ReadMetricsSlow (test)trace reader (blocked)send on closed channelcall not at safe pointgetenv before env initinterface conversion: freeIndex is not validoldoverflow is not nils.freeindex > s.ne
API String ID: 0-227815786
Opcode ID: 2ec79d2b54654f2c6d2d8696764666edc1516fa8e5cdacc8d62f69bb32cb862b
Instruction ID: d905ff5e2647814cf4d07da94c044f4459c1e9479fbdd312ef6711f1b2c5a2e1
Opcode Fuzzy Hash: 2ec79d2b54654f2c6d2d8696764666edc1516fa8e5cdacc8d62f69bb32cb862b
Instruction Fuzzy Hash: A3E12B22A4CF8291FE60CB91F5413BAA7A5FB85FA0F489435EA8D87B55DF3CE4548700

Function 00007FF6101820C0 Relevance: 2.6, Strings: 2, Instructions: 149COMMON

Download Yara Rule

Strings

runtime: inconsistent write deadlineUnable to determine system directoryruntime: VirtualQuery failed; errno=runtime: sudog with non-nil waitlinkruntime: mcall called on m->g0 stackstartm: P required for spinning=true) is not Grunnable or Gscanrunnableruntime:, xrefs: 00007FF61018223D
runtime: inconsistent read deadlinefindrunnable: netpoll with spinningpidleput: P has non-empty run queuetraceback did not unwind completelyruntime: createevent failed; errno=crypto/md5: invalid hash state sizesuperfluous leading zeros in length'_' must separa, xrefs: 00007FF6101822A6

Memory Dump Source

Source File: 00000000.00000002.2233217266.00007FF610151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF610150000, based on PE: true

Associated: 00000000.00000002.2233199274.00007FF610150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2233649860.00007FF6106D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234088231.00007FF610C41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234122898.00007FF610C47000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234150880.00007FF610C48000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234169016.00007FF610C49000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234186046.00007FF610C4A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234202747.00007FF610C4B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234221133.00007FF610C59000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234237758.00007FF610C5A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234256183.00007FF610C61000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610C62000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610C8B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610CEB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF6116EB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235201855.00007FF611840000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235221399.00007FF611841000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235238990.00007FF611844000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235256152.00007FF611845000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235273413.00007FF611846000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235291896.00007FF61184A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235309286.00007FF61184B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235328242.00007FF611855000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235346355.00007FF61185A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235364461.00007FF61185F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235394816.00007FF611878000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235412351.00007FF61187A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF611883000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF61188A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235598308.00007FF6118ED000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235636771.00007FF611910000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235636771.00007FF611930000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff610150000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: runtime: inconsistent read deadlinefindrunnable: netpoll with spinningpidleput: P has non-empty run queuetraceback did not unwind completelyruntime: createevent failed; errno=crypto/md5: invalid hash state sizesuperfluous leading zeros in length'_' must separa$runtime: inconsistent write deadlineUnable to determine system directoryruntime: VirtualQuery failed; errno=runtime: sudog with non-nil waitlinkruntime: mcall called on m->g0 stackstartm: P required for spinning=true) is not Grunnable or Gscanrunnableruntime:
API String ID: 0-2369679140
Opcode ID: 86c6cf755bfedec63f871b92cce58c9d070a42879884477fa7a4cacb85d8d30f
Instruction ID: 3cc41f4958b2a54c0fc1a50ab6da49698995ff09d8fe16b6d86596d276ab0ccd
Opcode Fuzzy Hash: 86c6cf755bfedec63f871b92cce58c9d070a42879884477fa7a4cacb85d8d30f
Instruction Fuzzy Hash: E5510923A0DF4695FE65CB90A0463BA67A1EB85FB0F184536EA9E837D5CF3CD5409700

Function 00007FF61019C980 Relevance: 1.7, Strings: 1, Instructions: 401COMMON

Download Yara Rule

Strings

!"#$%%&&''((()))*++,,,,,------....//////0001123333333333444444444455666677777888888888889999999999::::::;;;;;;;;;;;;;;;;<<<<<<<<<<<<<<<<=====>>>>>>>>>>>??????????@@@@@@@@@@@@@@@@@@@@@@AAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC, xrefs: 00007FF61019CA5A, 00007FF61019CB3A, 00007FF61019CC50, 00007FF61019CD6C

Memory Dump Source

Source File: 00000000.00000002.2233217266.00007FF610151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF610150000, based on PE: true

Associated: 00000000.00000002.2233199274.00007FF610150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2233649860.00007FF6106D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234088231.00007FF610C41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234122898.00007FF610C47000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234150880.00007FF610C48000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234169016.00007FF610C49000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234186046.00007FF610C4A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234202747.00007FF610C4B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234221133.00007FF610C59000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234237758.00007FF610C5A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234256183.00007FF610C61000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610C62000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610C8B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610CEB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF6116EB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235201855.00007FF611840000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235221399.00007FF611841000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235238990.00007FF611844000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235256152.00007FF611845000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235273413.00007FF611846000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235291896.00007FF61184A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235309286.00007FF61184B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235328242.00007FF611855000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235346355.00007FF61185A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235364461.00007FF61185F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235394816.00007FF611878000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235412351.00007FF61187A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF611883000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF61188A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235598308.00007FF6118ED000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235636771.00007FF611910000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235636771.00007FF611930000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff610150000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: !"#$%%&&''((()))*++,,,,,------....//////0001123333333333444444444455666677777888888888889999999999::::::;;;;;;;;;;;;;;;;<<<<<<<<<<<<<<<<=====>>>>>>>>>>>??????????@@@@@@@@@@@@@@@@@@@@@@AAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC
API String ID: 0-2911004680
Opcode ID: d63f89bb412955e5af079325a5c22b77a1b1d5fd0a5dd1b71bc0c74c9146912a
Instruction ID: a803f0118b5b966778501ddad38699b5562eba1156f2f92deb59ac8135064cf7
Opcode Fuzzy Hash: d63f89bb412955e5af079325a5c22b77a1b1d5fd0a5dd1b71bc0c74c9146912a
Instruction Fuzzy Hash: 69F19061A08E8A65FE109B95E5023F9A666FB44FE0F884032EA8E877D5CF7CE445C740

Function 00007FF6101A7440 Relevance: 1.6, Strings: 1, Instructions: 315COMMON

Download Yara Rule

Strings

invalid length of trace eventruntime: traceback stuck. pc=runtime: impossible type kindruntime.semasleep wait_failedcrypto/aes: invalid key size crypto/des: invalid key size crypto/rc4: invalid key size mismatched local address typeinteger not minimally-encode, xrefs: 00007FF6101A7704

Memory Dump Source

Source File: 00000000.00000002.2233217266.00007FF610151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF610150000, based on PE: true

Associated: 00000000.00000002.2233199274.00007FF610150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2233649860.00007FF6106D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234088231.00007FF610C41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234122898.00007FF610C47000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234150880.00007FF610C48000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234169016.00007FF610C49000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234186046.00007FF610C4A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234202747.00007FF610C4B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234221133.00007FF610C59000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234237758.00007FF610C5A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234256183.00007FF610C61000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610C62000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610C8B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610CEB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF6116EB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235201855.00007FF611840000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235221399.00007FF611841000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235238990.00007FF611844000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235256152.00007FF611845000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235273413.00007FF611846000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235291896.00007FF61184A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235309286.00007FF61184B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235328242.00007FF611855000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235346355.00007FF61185A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235364461.00007FF61185F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235394816.00007FF611878000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235412351.00007FF61187A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF611883000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF61188A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235598308.00007FF6118ED000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235636771.00007FF611910000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235636771.00007FF611930000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff610150000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: invalid length of trace eventruntime: traceback stuck. pc=runtime: impossible type kindruntime.semasleep wait_failedcrypto/aes: invalid key size crypto/des: invalid key size crypto/rc4: invalid key size mismatched local address typeinteger not minimally-encode
API String ID: 0-2993922484
Opcode ID: 1836ae96430115e679d0462661d31ee040cefbbede3808bcc55ab55485fae765
Instruction ID: 8b44bbcf9e23869ff617c7684a24049b6a12fb3294e5aeb08c8397969f15f49b
Opcode Fuzzy Hash: 1836ae96430115e679d0462661d31ee040cefbbede3808bcc55ab55485fae765
Instruction Fuzzy Hash: 60D1D022A0CFCAD6FE508B95D4013AA7761FB45FA0F244136EA8E43BA5CF2CD595CB41

Function 00007FF6101C6A00 Relevance: 1.5, Strings: 1, Instructions: 265COMMON

Download Yara Rule

Strings

ParseFloat%!Weekday(contentAddforegroundbackgroundSelect allvisibilitymenuExpandLiberationCreateFile/dev/stdinRIPEMD-160notifyListprofInsertstackLargemSpanInUseGOMAXPROCSstop traceinvalidptrschedtracesemacquiredebug call flushGen MB goal, s.state = s.base()=, xrefs: 00007FF6101C6C46, 00007FF6101C6D1F, 00007FF6101C6DE6

Memory Dump Source

Source File: 00000000.00000002.2233217266.00007FF610151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF610150000, based on PE: true

Associated: 00000000.00000002.2233199274.00007FF610150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2233649860.00007FF6106D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234088231.00007FF610C41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234122898.00007FF610C47000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234150880.00007FF610C48000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234169016.00007FF610C49000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234186046.00007FF610C4A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234202747.00007FF610C4B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234221133.00007FF610C59000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234237758.00007FF610C5A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234256183.00007FF610C61000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610C62000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610C8B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610CEB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF6116EB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235201855.00007FF611840000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235221399.00007FF611841000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235238990.00007FF611844000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235256152.00007FF611845000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235273413.00007FF611846000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235291896.00007FF61184A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235309286.00007FF61184B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235328242.00007FF611855000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235346355.00007FF61185A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235364461.00007FF61185F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235394816.00007FF611878000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235412351.00007FF61187A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF611883000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF61188A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235598308.00007FF6118ED000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235636771.00007FF611910000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235636771.00007FF611930000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff610150000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: ParseFloat%!Weekday(contentAddforegroundbackgroundSelect allvisibilitymenuExpandLiberationCreateFile/dev/stdinRIPEMD-160notifyListprofInsertstackLargemSpanInUseGOMAXPROCSstop traceinvalidptrschedtracesemacquiredebug call flushGen MB goal, s.state = s.base()=
API String ID: 0-3973417152
Opcode ID: 00d01e0276de42b9c3f87868dc3220cd4bee0804cca2e62fd3894b4effa9f591
Instruction ID: b53d1e2b32a2f73a1ec27caa892a19eb63276b4ebc6548b75144b88c15904cff
Opcode Fuzzy Hash: 00d01e0276de42b9c3f87868dc3220cd4bee0804cca2e62fd3894b4effa9f591
Instruction Fuzzy Hash: 81C15C72A08F8595EB609B51F8413AAB3A4FB88FA0F449535EB8D87765DF3CE454C700

Function 00007FF61017E0A0 Relevance: 1.4, Strings: 1, Instructions: 189COMMON

Download Yara Rule

Strings

bad summary dataruntime: addr = runtime: base = runtime: head = already; errno=runtime stack:invalid g statuscastogscanstatusbad g transitionschedule: in cgoreflect mismatch untyped locals missing stackmapbad symbol tablenon-Go function not in ranges:GODE, xrefs: 00007FF61017E367

Memory Dump Source

Source File: 00000000.00000002.2233217266.00007FF610151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF610150000, based on PE: true

Associated: 00000000.00000002.2233199274.00007FF610150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2233649860.00007FF6106D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234088231.00007FF610C41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234122898.00007FF610C47000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234150880.00007FF610C48000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234169016.00007FF610C49000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234186046.00007FF610C4A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234202747.00007FF610C4B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234221133.00007FF610C59000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234237758.00007FF610C5A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234256183.00007FF610C61000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610C62000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610C8B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610CEB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF6116EB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235201855.00007FF611840000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235221399.00007FF611841000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235238990.00007FF611844000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235256152.00007FF611845000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235273413.00007FF611846000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235291896.00007FF61184A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235309286.00007FF61184B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235328242.00007FF611855000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235346355.00007FF61185A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235364461.00007FF61185F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235394816.00007FF611878000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235412351.00007FF61187A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF611883000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF61188A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235598308.00007FF6118ED000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235636771.00007FF611910000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235636771.00007FF611930000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff610150000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: bad summary dataruntime: addr = runtime: base = runtime: head = already; errno=runtime stack:invalid g statuscastogscanstatusbad g transitionschedule: in cgoreflect mismatch untyped locals missing stackmapbad symbol tablenon-Go function not in ranges:GODE
API String ID: 0-1953148292
Opcode ID: 2f3c693474d52ac68f634bf1c593e7638ea16859ddc89ec39470c5d3dfe79e52
Instruction ID: 81068feca8e20b577d584e87c74ab30c276bfab714e948f4cc886bdca1896e0c
Opcode Fuzzy Hash: 2f3c693474d52ac68f634bf1c593e7638ea16859ddc89ec39470c5d3dfe79e52
Instruction Fuzzy Hash: 5471B072A18F8592EE409B95D0413A977A5FB4AFE4F548232EE9D93796CF3CD580C340

Function 00007FF6101CC420 Relevance: 1.4, Strings: 1, Instructions: 160COMMON

Download Yara Rule

Strings

00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899<?xml version="1.0"?><!-- Generated by SVGo and Plotinum VG, xrefs: 00007FF6101CC55B

Memory Dump Source

Source File: 00000000.00000002.2233217266.00007FF610151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF610150000, based on PE: true

Associated: 00000000.00000002.2233199274.00007FF610150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2233649860.00007FF6106D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234088231.00007FF610C41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234122898.00007FF610C47000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234150880.00007FF610C48000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234169016.00007FF610C49000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234186046.00007FF610C4A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234202747.00007FF610C4B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234221133.00007FF610C59000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234237758.00007FF610C5A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234256183.00007FF610C61000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610C62000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610C8B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610CEB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF6116EB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235201855.00007FF611840000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235221399.00007FF611841000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235238990.00007FF611844000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235256152.00007FF611845000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235273413.00007FF611846000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235291896.00007FF61184A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235309286.00007FF61184B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235328242.00007FF611855000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235346355.00007FF61185A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235364461.00007FF61185F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235394816.00007FF611878000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235412351.00007FF61187A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF611883000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF61188A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235598308.00007FF6118ED000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235636771.00007FF611910000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235636771.00007FF611930000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff610150000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: 00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899<?xml version="1.0"?><!-- Generated by SVGo and Plotinum VG
API String ID: 0-4272309662
Opcode ID: 335d65aa143b80ba69ae09960ae173cf32ef29dbe2e789b342e87f483438da5f
Instruction ID: fbb52f65a63cc7c28c47262238b916c95be4bb417718493797c44af7339d55f4
Opcode Fuzzy Hash: 335d65aa143b80ba69ae09960ae173cf32ef29dbe2e789b342e87f483438da5f
Instruction Fuzzy Hash: 2051F622B4CE5E56FE2C8698922367CA651AB84FB4F959139DE0ED77C1CE2CEC41C740

Function 00007FF61016B140 Relevance: 1.4, Strings: 1, Instructions: 158COMMON

Download Yara Rule

Strings

gcing MB, got= ... max=scav ptr ] = (usageinit ms, fault and tab= top=[...], fp:sse41sse42ssse3hostsfilesimap2imap3imapspop3sntohsint16int32int64uint8sliceGreekAdlamBamumBatakBuhidDograKhmerLatinLimbuNushuOghamOriyaOsageRunicTakriTamilUTF-8utf-8%s*%dtext/, xrefs: 00007FF61016B2C8

Memory Dump Source

Source File: 00000000.00000002.2233217266.00007FF610151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF610150000, based on PE: true

Associated: 00000000.00000002.2233199274.00007FF610150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2233649860.00007FF6106D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234088231.00007FF610C41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234122898.00007FF610C47000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234150880.00007FF610C48000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234169016.00007FF610C49000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234186046.00007FF610C4A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234202747.00007FF610C4B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234221133.00007FF610C59000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234237758.00007FF610C5A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234256183.00007FF610C61000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610C62000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610C8B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610CEB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF6116EB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235201855.00007FF611840000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235221399.00007FF611841000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235238990.00007FF611844000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235256152.00007FF611845000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235273413.00007FF611846000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235291896.00007FF61184A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235309286.00007FF61184B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235328242.00007FF611855000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235346355.00007FF61185A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235364461.00007FF61185F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235394816.00007FF611878000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235412351.00007FF61187A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF611883000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF61188A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235598308.00007FF6118ED000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235636771.00007FF611910000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235636771.00007FF611930000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff610150000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: gcing MB, got= ... max=scav ptr ] = (usageinit ms, fault and tab= top=[...], fp:sse41sse42ssse3hostsfilesimap2imap3imapspop3sntohsint16int32int64uint8sliceGreekAdlamBamumBatakBuhidDograKhmerLatinLimbuNushuOghamOriyaOsageRunicTakriTamilUTF-8utf-8%s*%dtext/
API String ID: 0-3739349256
Opcode ID: 3a322f68f5dcba258d1e685d57df3124e461481a84c250d2b47c20bf408274af
Instruction ID: 268934a006f653ee0f054fe8263601802f42722732db309e9d13e51a93ea8ca7
Opcode Fuzzy Hash: 3a322f68f5dcba258d1e685d57df3124e461481a84c250d2b47c20bf408274af
Instruction Fuzzy Hash: 93717E32A09E46A6FB40DBA1E8823BA67A4BB45F60F41C536D94DC37A1DF7DE045C700

Function 00007FF6101710A0 Relevance: 1.3, Strings: 1, Instructions: 75COMMON

Download Yara Rule

Strings

gcmarknewobject called while doing checkmarkactive sweepers found at start of mark phaseno P available, write barriers are forbiddencompileCallback: float results not supportedcannot trace user goroutine on its own stackunsafe.Slice: ptr is nil and len is not , xrefs: 00007FF610171187

Memory Dump Source

Source File: 00000000.00000002.2233217266.00007FF610151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF610150000, based on PE: true

Associated: 00000000.00000002.2233199274.00007FF610150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2233649860.00007FF6106D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234088231.00007FF610C41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234122898.00007FF610C47000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234150880.00007FF610C48000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234169016.00007FF610C49000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234186046.00007FF610C4A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234202747.00007FF610C4B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234221133.00007FF610C59000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234237758.00007FF610C5A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234256183.00007FF610C61000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610C62000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610C8B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610CEB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF6116EB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235201855.00007FF611840000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235221399.00007FF611841000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235238990.00007FF611844000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235256152.00007FF611845000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235273413.00007FF611846000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235291896.00007FF61184A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235309286.00007FF61184B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235328242.00007FF611855000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235346355.00007FF61185A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235364461.00007FF61185F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235394816.00007FF611878000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235412351.00007FF61187A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF611883000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF61188A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235598308.00007FF6118ED000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235636771.00007FF611910000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235636771.00007FF611930000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff610150000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: gcmarknewobject called while doing checkmarkactive sweepers found at start of mark phaseno P available, write barriers are forbiddencompileCallback: float results not supportedcannot trace user goroutine on its own stackunsafe.Slice: ptr is nil and len is not
API String ID: 0-3110597650
Opcode ID: 66ab3be5eb6520d4733e0726f54e12a9b5803f835c0a48eefca03a5fbcf1b4b6
Instruction ID: a29c38c47dd8dc5c825d353afafade3786e7e8713ed3fa0efe7b15f5ddae8320
Opcode Fuzzy Hash: 66ab3be5eb6520d4733e0726f54e12a9b5803f835c0a48eefca03a5fbcf1b4b6
Instruction Fuzzy Hash: BC21DEA3B15E8956EF018E25C4413A86B65E796FE4F8E9076CE0C47B92CE2CC180C310

Function 00007FF6101C1F80 Relevance: .6, Instructions: 606COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2233217266.00007FF610151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF610150000, based on PE: true

Associated: 00000000.00000002.2233199274.00007FF610150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2233649860.00007FF6106D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234088231.00007FF610C41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234122898.00007FF610C47000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234150880.00007FF610C48000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234169016.00007FF610C49000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234186046.00007FF610C4A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234202747.00007FF610C4B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234221133.00007FF610C59000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234237758.00007FF610C5A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234256183.00007FF610C61000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610C62000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610C8B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610CEB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF6116EB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235201855.00007FF611840000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235221399.00007FF611841000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235238990.00007FF611844000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235256152.00007FF611845000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235273413.00007FF611846000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235291896.00007FF61184A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235309286.00007FF61184B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235328242.00007FF611855000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235346355.00007FF61185A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235364461.00007FF61185F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235394816.00007FF611878000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235412351.00007FF61187A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF611883000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF61188A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235598308.00007FF6118ED000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235636771.00007FF611910000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235636771.00007FF611930000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff610150000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6ad4bbeeffcb74c8a2ccb5ce296d24719f6cebb8fe9c821436144fae7ee123d1
Instruction ID: ec8ef162474982d47d87aca7929b6f3de48c41e575112c44cb4d54a7f9469522
Opcode Fuzzy Hash: 6ad4bbeeffcb74c8a2ccb5ce296d24719f6cebb8fe9c821436144fae7ee123d1
Instruction Fuzzy Hash: 6C320662F1CE9293FF604A95D2022BE67A1FB45FE0F484071EE4D97799DE6CE8819300

Function 00007FF6101C5660 Relevance: .4, Instructions: 373COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2233217266.00007FF610151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF610150000, based on PE: true

Associated: 00000000.00000002.2233199274.00007FF610150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2233649860.00007FF6106D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234088231.00007FF610C41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234122898.00007FF610C47000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234150880.00007FF610C48000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234169016.00007FF610C49000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234186046.00007FF610C4A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234202747.00007FF610C4B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234221133.00007FF610C59000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234237758.00007FF610C5A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234256183.00007FF610C61000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610C62000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610C8B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610CEB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF6116EB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235201855.00007FF611840000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235221399.00007FF611841000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235238990.00007FF611844000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235256152.00007FF611845000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235273413.00007FF611846000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235291896.00007FF61184A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235309286.00007FF61184B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235328242.00007FF611855000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235346355.00007FF61185A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235364461.00007FF61185F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235394816.00007FF611878000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235412351.00007FF61187A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF611883000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF61188A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235598308.00007FF6118ED000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235636771.00007FF611910000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235636771.00007FF611930000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff610150000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a1333f5d83c2dd1925072e9f66173095465b6cef118f9379983b8e2b9441fd89
Instruction ID: 45b16fad65c784dcabf6d54b80abebc5cb97165b5e0ea22775f62517e4727187
Opcode Fuzzy Hash: a1333f5d83c2dd1925072e9f66173095465b6cef118f9379983b8e2b9441fd89
Instruction Fuzzy Hash: 7DD14A12F0C9A195FF208692A612B7E7A52A785FA4F885071EE8D57BC6CE7CDCC0D710

Function 00007FF6101CBC00 Relevance: .4, Instructions: 352COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2233217266.00007FF610151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF610150000, based on PE: true

Associated: 00000000.00000002.2233199274.00007FF610150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2233649860.00007FF6106D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234088231.00007FF610C41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234122898.00007FF610C47000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234150880.00007FF610C48000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234169016.00007FF610C49000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234186046.00007FF610C4A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234202747.00007FF610C4B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234221133.00007FF610C59000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234237758.00007FF610C5A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234256183.00007FF610C61000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610C62000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610C8B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610CEB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF6116EB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235201855.00007FF611840000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235221399.00007FF611841000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235238990.00007FF611844000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235256152.00007FF611845000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235273413.00007FF611846000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235291896.00007FF61184A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235309286.00007FF61184B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235328242.00007FF611855000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235346355.00007FF61185A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235364461.00007FF61185F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235394816.00007FF611878000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235412351.00007FF61187A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF611883000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF61188A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235598308.00007FF6118ED000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235636771.00007FF611910000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235636771.00007FF611930000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff610150000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: de528f8d5946d1fc12860a0fc08bf938aa2712733b096b174a15079f20c39510
Instruction ID: 1ee62738166750f0375ab4262c6a84d4358b48d6b1f2cc4226fe5675afd74195
Opcode Fuzzy Hash: de528f8d5946d1fc12860a0fc08bf938aa2712733b096b174a15079f20c39510
Instruction Fuzzy Hash: 97D10623F0CE9992FE50CA56A5426BAA7A4FB85FD0F484031EE8DC7B55CE2CD945CB40

Function 00007FF610165BE0 Relevance: .3, Instructions: 336COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2233217266.00007FF610151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF610150000, based on PE: true

Associated: 00000000.00000002.2233199274.00007FF610150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2233649860.00007FF6106D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234088231.00007FF610C41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234122898.00007FF610C47000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234150880.00007FF610C48000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234169016.00007FF610C49000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234186046.00007FF610C4A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234202747.00007FF610C4B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234221133.00007FF610C59000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234237758.00007FF610C5A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234256183.00007FF610C61000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610C62000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610C8B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610CEB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF6116EB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235201855.00007FF611840000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235221399.00007FF611841000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235238990.00007FF611844000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235256152.00007FF611845000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235273413.00007FF611846000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235291896.00007FF61184A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235309286.00007FF61184B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235328242.00007FF611855000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235346355.00007FF61185A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235364461.00007FF61185F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235394816.00007FF611878000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235412351.00007FF61187A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF611883000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF61188A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235598308.00007FF6118ED000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235636771.00007FF611910000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235636771.00007FF611930000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff610150000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7eddef948b28cd2b1993eb2611c4731c5b1a71f02f37668dbe59ef0cc2ccd1f3
Instruction ID: 22a6e4bab305edc44caad025e159698ccc854cb30c204f0ce43005547023ed36
Opcode Fuzzy Hash: 7eddef948b28cd2b1993eb2611c4731c5b1a71f02f37668dbe59ef0cc2ccd1f3
Instruction Fuzzy Hash: 22D16272B08FC591EA609B96A8017AAB765F789FD0F448036EE8D93B99CF7CD450C700

Function 00007FF6101B2320 Relevance: .3, Instructions: 331COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2233217266.00007FF610151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF610150000, based on PE: true

Associated: 00000000.00000002.2233199274.00007FF610150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2233649860.00007FF6106D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234088231.00007FF610C41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234122898.00007FF610C47000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234150880.00007FF610C48000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234169016.00007FF610C49000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234186046.00007FF610C4A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234202747.00007FF610C4B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234221133.00007FF610C59000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234237758.00007FF610C5A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234256183.00007FF610C61000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610C62000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610C8B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610CEB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF6116EB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235201855.00007FF611840000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235221399.00007FF611841000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235238990.00007FF611844000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235256152.00007FF611845000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235273413.00007FF611846000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235291896.00007FF61184A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235309286.00007FF61184B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235328242.00007FF611855000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235346355.00007FF61185A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235364461.00007FF61185F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235394816.00007FF611878000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235412351.00007FF61187A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF611883000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF61188A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235598308.00007FF6118ED000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235636771.00007FF611910000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235636771.00007FF611930000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff610150000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 48f2b2c521ae1b55f6d96cf9e5ab12a504a28c9276f4a2408df59b7e5d845ac2
Instruction ID: 02c5303a93dd23a7574b35a18a9cd267ee65370f2400883d449bc3a0d8841549
Opcode Fuzzy Hash: 48f2b2c521ae1b55f6d96cf9e5ab12a504a28c9276f4a2408df59b7e5d845ac2
Instruction Fuzzy Hash: 6BF16932A08F8591EAA08B55E4423BA77B5FB85FA0F55C036DA8D87B95DF3CD488C700

Function 00007FF6101C1840 Relevance: .3, Instructions: 330COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2233217266.00007FF610151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF610150000, based on PE: true

Associated: 00000000.00000002.2233199274.00007FF610150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2233649860.00007FF6106D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234088231.00007FF610C41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234122898.00007FF610C47000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234150880.00007FF610C48000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234169016.00007FF610C49000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234186046.00007FF610C4A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234202747.00007FF610C4B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234221133.00007FF610C59000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234237758.00007FF610C5A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234256183.00007FF610C61000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610C62000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610C8B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610CEB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF6116EB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235201855.00007FF611840000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235221399.00007FF611841000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235238990.00007FF611844000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235256152.00007FF611845000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235273413.00007FF611846000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235291896.00007FF61184A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235309286.00007FF61184B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235328242.00007FF611855000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235346355.00007FF61185A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235364461.00007FF61185F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235394816.00007FF611878000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235412351.00007FF61187A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF611883000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF61188A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235598308.00007FF6118ED000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235636771.00007FF611910000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235636771.00007FF611930000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff610150000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b38d7e5531262e03e38e7d63fd134cb9d18fdfa30eb4dd30112dd8ff6b0e700c
Instruction ID: 947293ef2ca8f061b2489ae7341e606684aae17e50c3eb806290028ccdf792eb
Opcode Fuzzy Hash: b38d7e5531262e03e38e7d63fd134cb9d18fdfa30eb4dd30112dd8ff6b0e700c
Instruction Fuzzy Hash: 0EE17332A4CF8195FE609B55E1423BAB365FB86FA0F148031EA8D97B99DF3CD4518B00

Function 00007FF6101C8700 Relevance: .3, Instructions: 324COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2233217266.00007FF610151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF610150000, based on PE: true

Associated: 00000000.00000002.2233199274.00007FF610150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2233649860.00007FF6106D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234088231.00007FF610C41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234122898.00007FF610C47000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234150880.00007FF610C48000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234169016.00007FF610C49000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234186046.00007FF610C4A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234202747.00007FF610C4B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234221133.00007FF610C59000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234237758.00007FF610C5A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234256183.00007FF610C61000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610C62000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610C8B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610CEB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF6116EB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235201855.00007FF611840000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235221399.00007FF611841000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235238990.00007FF611844000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235256152.00007FF611845000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235273413.00007FF611846000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235291896.00007FF61184A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235309286.00007FF61184B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235328242.00007FF611855000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235346355.00007FF61185A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235364461.00007FF61185F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235394816.00007FF611878000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235412351.00007FF61187A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF611883000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF61188A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235598308.00007FF6118ED000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235636771.00007FF611910000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235636771.00007FF611930000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff610150000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b739285d9161dbcf08a7083b34396fa2de3a12f312483158218e686325995c7a
Instruction ID: 9100b057899d733037249cb6cdcbea57e41099ad729e071f3ead9b5151024022
Opcode Fuzzy Hash: b739285d9161dbcf08a7083b34396fa2de3a12f312483158218e686325995c7a
Instruction Fuzzy Hash: CAB1D372F09E85A6FE0A878983463B86696EB44FF4F988171CE4D97786DF2CE5458300

Function 00007FF6101B54C9 Relevance: .3, Instructions: 257COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2233217266.00007FF610151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF610150000, based on PE: true

Associated: 00000000.00000002.2233199274.00007FF610150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2233649860.00007FF6106D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234088231.00007FF610C41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234122898.00007FF610C47000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234150880.00007FF610C48000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234169016.00007FF610C49000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234186046.00007FF610C4A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234202747.00007FF610C4B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234221133.00007FF610C59000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234237758.00007FF610C5A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234256183.00007FF610C61000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610C62000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610C8B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610CEB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF6116EB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235201855.00007FF611840000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235221399.00007FF611841000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235238990.00007FF611844000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235256152.00007FF611845000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235273413.00007FF611846000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235291896.00007FF61184A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235309286.00007FF61184B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235328242.00007FF611855000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235346355.00007FF61185A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235364461.00007FF61185F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235394816.00007FF611878000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235412351.00007FF61187A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF611883000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF61188A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235598308.00007FF6118ED000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235636771.00007FF611910000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235636771.00007FF611930000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff610150000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bbf2c2b77e2e6a2e2985aabbb3e5f39879a37e073dac0e31404cf8ce1dc19dcc
Instruction ID: 48d947bbb6ddb3d664111ab31dde85d07b5745a98a1acd6fc50f300ab1ca4c6a
Opcode Fuzzy Hash: bbf2c2b77e2e6a2e2985aabbb3e5f39879a37e073dac0e31404cf8ce1dc19dcc
Instruction Fuzzy Hash: 0BB13016D1CFCB60E613577D94036762B14AEF39D4B01D73AFAC6F16A3DB162A00B922

Function 00007FF610190A60 Relevance: .2, Instructions: 237COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2233217266.00007FF610151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF610150000, based on PE: true

Associated: 00000000.00000002.2233199274.00007FF610150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2233649860.00007FF6106D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234088231.00007FF610C41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234122898.00007FF610C47000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234150880.00007FF610C48000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234169016.00007FF610C49000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234186046.00007FF610C4A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234202747.00007FF610C4B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234221133.00007FF610C59000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234237758.00007FF610C5A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234256183.00007FF610C61000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610C62000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610C8B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610CEB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF6116EB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235201855.00007FF611840000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235221399.00007FF611841000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235238990.00007FF611844000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235256152.00007FF611845000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235273413.00007FF611846000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235291896.00007FF61184A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235309286.00007FF61184B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235328242.00007FF611855000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235346355.00007FF61185A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235364461.00007FF61185F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235394816.00007FF611878000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235412351.00007FF61187A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF611883000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF61188A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235598308.00007FF6118ED000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235636771.00007FF611910000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235636771.00007FF611930000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff610150000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f81950eb57cdedf7ee696981fb799075b2830386b822a2d81bb46f1d09e277b8
Instruction ID: 63053573068269b30ce0f70e6a1387a062e0c3ff981ba58ce5c3621ca4c8c5ce
Opcode Fuzzy Hash: f81950eb57cdedf7ee696981fb799075b2830386b822a2d81bb46f1d09e277b8
Instruction Fuzzy Hash: 7891FA32B1CA469AFB55CBE6A00197AA7A1FB85FD4F145035FE4D83B45CE3CE4808B40

Function 00007FF61017B800 Relevance: .2, Instructions: 230COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2233217266.00007FF610151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF610150000, based on PE: true

Associated: 00000000.00000002.2233199274.00007FF610150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2233649860.00007FF6106D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234088231.00007FF610C41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234122898.00007FF610C47000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234150880.00007FF610C48000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234169016.00007FF610C49000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234186046.00007FF610C4A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234202747.00007FF610C4B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234221133.00007FF610C59000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234237758.00007FF610C5A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234256183.00007FF610C61000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610C62000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610C8B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610CEB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF6116EB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235201855.00007FF611840000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235221399.00007FF611841000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235238990.00007FF611844000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235256152.00007FF611845000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235273413.00007FF611846000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235291896.00007FF61184A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235309286.00007FF61184B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235328242.00007FF611855000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235346355.00007FF61185A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235364461.00007FF61185F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235394816.00007FF611878000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235412351.00007FF61187A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF611883000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF61188A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235598308.00007FF6118ED000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235636771.00007FF611910000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235636771.00007FF611930000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff610150000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6585207a936aef38389f71132a79df3df0ef6d397a2ddf555b3ca67ec38a48ef
Instruction ID: 724a4b2d2fe6f5affe582f2d18d229706d6bb0160ca39360b7721c7bb942a023
Opcode Fuzzy Hash: 6585207a936aef38389f71132a79df3df0ef6d397a2ddf555b3ca67ec38a48ef
Instruction Fuzzy Hash: 8DA17076618F8592EB108B55E0812AAB7A5F789BE4F545236EF9D43B9ACF3CD050CB00

Function 00007FF61017CC80 Relevance: .2, Instructions: 218COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2233217266.00007FF610151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF610150000, based on PE: true

Associated: 00000000.00000002.2233199274.00007FF610150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2233649860.00007FF6106D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234088231.00007FF610C41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234122898.00007FF610C47000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234150880.00007FF610C48000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234169016.00007FF610C49000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234186046.00007FF610C4A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234202747.00007FF610C4B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234221133.00007FF610C59000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234237758.00007FF610C5A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234256183.00007FF610C61000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610C62000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610C8B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610CEB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF6116EB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235201855.00007FF611840000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235221399.00007FF611841000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235238990.00007FF611844000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235256152.00007FF611845000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235273413.00007FF611846000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235291896.00007FF61184A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235309286.00007FF61184B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235328242.00007FF611855000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235346355.00007FF61185A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235364461.00007FF61185F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235394816.00007FF611878000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235412351.00007FF61187A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF611883000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF61188A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235598308.00007FF6118ED000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235636771.00007FF611910000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235636771.00007FF611930000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff610150000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f00cabc2ffdb691408ec2e75165ad4e240b1fe71801b78f08867384f6dc42d9b
Instruction ID: b62419852b37e9787b163ed3430e8210fdce37cda17770ec9acde064cbef42a5
Opcode Fuzzy Hash: f00cabc2ffdb691408ec2e75165ad4e240b1fe71801b78f08867384f6dc42d9b
Instruction Fuzzy Hash: EF916F72A18B8992EB108B55E4413AEA762F789FD0F045136EF8D97B9ACF3CD151C740

Function 00007FF61016E960 Relevance: .2, Instructions: 179COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2233217266.00007FF610151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF610150000, based on PE: true

Associated: 00000000.00000002.2233199274.00007FF610150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2233649860.00007FF6106D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234088231.00007FF610C41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234122898.00007FF610C47000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234150880.00007FF610C48000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234169016.00007FF610C49000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234186046.00007FF610C4A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234202747.00007FF610C4B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234221133.00007FF610C59000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234237758.00007FF610C5A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234256183.00007FF610C61000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610C62000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610C8B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610CEB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF6116EB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235201855.00007FF611840000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235221399.00007FF611841000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235238990.00007FF611844000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235256152.00007FF611845000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235273413.00007FF611846000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235291896.00007FF61184A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235309286.00007FF61184B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235328242.00007FF611855000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235346355.00007FF61185A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235364461.00007FF61185F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235394816.00007FF611878000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235412351.00007FF61187A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF611883000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF61188A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235598308.00007FF6118ED000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235636771.00007FF611910000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235636771.00007FF611930000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff610150000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7ce2e951a879f108d5a0da5cc528a8fb1bc95aac0e01c85cfbb45601ae8539c0
Instruction ID: 02bb84347d7530eb276a0c4304df72344242db1a881e0feb564a5adcd2344572
Opcode Fuzzy Hash: 7ce2e951a879f108d5a0da5cc528a8fb1bc95aac0e01c85cfbb45601ae8539c0
Instruction Fuzzy Hash: 6571B532A0CF8196FF518B65A4523B967A1BF56FA0F049331E95E937D5CF7CD0918600

Function 00007FF61015A640 Relevance: .2, Instructions: 161COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2233217266.00007FF610151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF610150000, based on PE: true

Associated: 00000000.00000002.2233199274.00007FF610150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2233649860.00007FF6106D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234088231.00007FF610C41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234122898.00007FF610C47000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234150880.00007FF610C48000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234169016.00007FF610C49000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234186046.00007FF610C4A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234202747.00007FF610C4B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234221133.00007FF610C59000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234237758.00007FF610C5A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234256183.00007FF610C61000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610C62000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610C8B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610CEB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF6116EB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235201855.00007FF611840000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235221399.00007FF611841000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235238990.00007FF611844000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235256152.00007FF611845000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235273413.00007FF611846000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235291896.00007FF61184A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235309286.00007FF61184B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235328242.00007FF611855000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235346355.00007FF61185A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235364461.00007FF61185F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235394816.00007FF611878000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235412351.00007FF61187A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF611883000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF61188A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235598308.00007FF6118ED000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235636771.00007FF611910000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235636771.00007FF611930000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff610150000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ad7c876f15eab11cb5793ced8ec262eb1250f0fea8228bfec39d126b129f4331
Instruction ID: fb3efc7e080634790b96e210bd000e52426d23ea23bd703cad85e1460bcb0b75
Opcode Fuzzy Hash: ad7c876f15eab11cb5793ced8ec262eb1250f0fea8228bfec39d126b129f4331
Instruction Fuzzy Hash: C451FA9AB45F5591BE048A938525079B371AB4FFE0799E133CE1DBB7A8DE3CE4028344

Function 00007FF6101A15C0 Relevance: .2, Instructions: 157COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2233217266.00007FF610151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF610150000, based on PE: true

Associated: 00000000.00000002.2233199274.00007FF610150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2233649860.00007FF6106D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234088231.00007FF610C41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234122898.00007FF610C47000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234150880.00007FF610C48000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234169016.00007FF610C49000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234186046.00007FF610C4A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234202747.00007FF610C4B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234221133.00007FF610C59000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234237758.00007FF610C5A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234256183.00007FF610C61000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610C62000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610C8B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610CEB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF6116EB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235201855.00007FF611840000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235221399.00007FF611841000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235238990.00007FF611844000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235256152.00007FF611845000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235273413.00007FF611846000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235291896.00007FF61184A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235309286.00007FF61184B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235328242.00007FF611855000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235346355.00007FF61185A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235364461.00007FF61185F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235394816.00007FF611878000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235412351.00007FF61187A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF611883000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF61188A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235598308.00007FF6118ED000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235636771.00007FF611910000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235636771.00007FF611930000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff610150000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9949fceb29c97a5ff3d2ed4fe2d7fe3b5ef6cadb7309894e7d4fb8f05aa9de24
Instruction ID: 9d47b7aef51c2b383166e2e8190991bde68b62474371aa656ecd7ca0190f7aba
Opcode Fuzzy Hash: 9949fceb29c97a5ff3d2ed4fe2d7fe3b5ef6cadb7309894e7d4fb8f05aa9de24
Instruction Fuzzy Hash: F941E922F88D86DAFE109AB454433B522869B41BF4FDC4674CF2DC73D2DEACA4999510

Function 00007FF6101C8DC0 Relevance: .1, Instructions: 134COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2233217266.00007FF610151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF610150000, based on PE: true

Associated: 00000000.00000002.2233199274.00007FF610150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2233649860.00007FF6106D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234088231.00007FF610C41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234122898.00007FF610C47000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234150880.00007FF610C48000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234169016.00007FF610C49000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234186046.00007FF610C4A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234202747.00007FF610C4B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234221133.00007FF610C59000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234237758.00007FF610C5A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234256183.00007FF610C61000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610C62000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610C8B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610CEB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF6116EB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235201855.00007FF611840000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235221399.00007FF611841000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235238990.00007FF611844000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235256152.00007FF611845000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235273413.00007FF611846000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235291896.00007FF61184A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235309286.00007FF61184B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235328242.00007FF611855000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235346355.00007FF61185A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235364461.00007FF61185F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235394816.00007FF611878000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235412351.00007FF61187A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF611883000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF61188A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235598308.00007FF6118ED000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235636771.00007FF611910000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235636771.00007FF611930000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff610150000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f81c73674328995e41abdd2d448dff1299f24c35ccc3e78014d1270fff2c246
Instruction ID: c5068b226824ef4b78d21fbc993cafc4e554d045725a76071199d0f1e5b121af
Opcode Fuzzy Hash: 6f81c73674328995e41abdd2d448dff1299f24c35ccc3e78014d1270fff2c246
Instruction Fuzzy Hash: FE4149A2F05A9551FF44896596413F492529F95FF0F889336DE2EA7BC8EF6CD8428200

Function 00007FF6101C8FC0 Relevance: .1, Instructions: 134COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2233217266.00007FF610151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF610150000, based on PE: true

Associated: 00000000.00000002.2233199274.00007FF610150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2233649860.00007FF6106D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234088231.00007FF610C41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234122898.00007FF610C47000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234150880.00007FF610C48000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234169016.00007FF610C49000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234186046.00007FF610C4A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234202747.00007FF610C4B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234221133.00007FF610C59000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234237758.00007FF610C5A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234256183.00007FF610C61000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610C62000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610C8B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610CEB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF6116EB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235201855.00007FF611840000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235221399.00007FF611841000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235238990.00007FF611844000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235256152.00007FF611845000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235273413.00007FF611846000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235291896.00007FF61184A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235309286.00007FF61184B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235328242.00007FF611855000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235346355.00007FF61185A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235364461.00007FF61185F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235394816.00007FF611878000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235412351.00007FF61187A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF611883000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF61188A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235598308.00007FF6118ED000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235636771.00007FF611910000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235636771.00007FF611930000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff610150000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e5fd3fa0c349f8e2a5786a3c5f6aac94008baa28ded248d482275702ce66728a
Instruction ID: a5e23dc55dffefb788291faaacbdcdb4fef7b5c740240fb94e4deb3583bacde1
Opcode Fuzzy Hash: e5fd3fa0c349f8e2a5786a3c5f6aac94008baa28ded248d482275702ce66728a
Instruction Fuzzy Hash: 9A4148A2F04E9651FE54896696093F892538B55FF0F5C8332ED3DA7BD8EE5CD9418200

Function 00007FF610172A80 Relevance: .1, Instructions: 106COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2233217266.00007FF610151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF610150000, based on PE: true

Associated: 00000000.00000002.2233199274.00007FF610150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2233649860.00007FF6106D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234088231.00007FF610C41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234122898.00007FF610C47000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234150880.00007FF610C48000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234169016.00007FF610C49000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234186046.00007FF610C4A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234202747.00007FF610C4B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234221133.00007FF610C59000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234237758.00007FF610C5A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234256183.00007FF610C61000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610C62000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610C8B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610CEB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF6116EB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235201855.00007FF611840000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235221399.00007FF611841000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235238990.00007FF611844000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235256152.00007FF611845000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235273413.00007FF611846000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235291896.00007FF61184A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235309286.00007FF61184B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235328242.00007FF611855000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235346355.00007FF61185A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235364461.00007FF61185F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235394816.00007FF611878000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235412351.00007FF61187A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF611883000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF61188A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235598308.00007FF6118ED000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235636771.00007FF611910000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235636771.00007FF611930000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff610150000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 344a08fdb3a7dc300b787eee98faf353a1df37f694ad734ba4c6589fd6c7b48a
Instruction ID: ab2754c326cf00ce99a60b7872740ed2a624aeefab0d9d90780f2382d777d2f2
Opcode Fuzzy Hash: 344a08fdb3a7dc300b787eee98faf353a1df37f694ad734ba4c6589fd6c7b48a
Instruction Fuzzy Hash: E541D4A1E0FE4655EE47DBBB94A21B4820B9F52FF4654C731D82FA72D5DF1DA1438200

Function 00007FF61015E2C0 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2233217266.00007FF610151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF610150000, based on PE: true

Associated: 00000000.00000002.2233199274.00007FF610150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2233649860.00007FF6106D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234088231.00007FF610C41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234122898.00007FF610C47000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234150880.00007FF610C48000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234169016.00007FF610C49000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234186046.00007FF610C4A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234202747.00007FF610C4B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234221133.00007FF610C59000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234237758.00007FF610C5A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234256183.00007FF610C61000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610C62000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610C8B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610CEB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF6116EB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235201855.00007FF611840000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235221399.00007FF611841000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235238990.00007FF611844000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235256152.00007FF611845000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235273413.00007FF611846000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235291896.00007FF61184A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235309286.00007FF61184B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235328242.00007FF611855000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235346355.00007FF61185A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235364461.00007FF61185F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235394816.00007FF611878000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235412351.00007FF61187A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF611883000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF61188A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235598308.00007FF6118ED000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235636771.00007FF611910000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235636771.00007FF611930000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff610150000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a2a8d026b04d227592b48c56c2a5716629ca97d87f6dd987ef2c4ad1c59ff1c3
Instruction ID: 002fb0b6ba45b18784018efc799b1de49a4250c1c6d50add66106277284e3c44
Opcode Fuzzy Hash: a2a8d026b04d227592b48c56c2a5716629ca97d87f6dd987ef2c4ad1c59ff1c3
Instruction Fuzzy Hash: 78212CE1E29F051AEE8786769451321810A5F96FE0F28D332FC1FF6796EF28A0D34100

Function 00007FF61018C3C0 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2233217266.00007FF610151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF610150000, based on PE: true

Associated: 00000000.00000002.2233199274.00007FF610150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2233649860.00007FF6106D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234088231.00007FF610C41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234122898.00007FF610C47000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234150880.00007FF610C48000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234169016.00007FF610C49000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234186046.00007FF610C4A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234202747.00007FF610C4B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234221133.00007FF610C59000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234237758.00007FF610C5A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234256183.00007FF610C61000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610C62000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610C8B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610CEB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF6116EB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235201855.00007FF611840000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235221399.00007FF611841000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235238990.00007FF611844000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235256152.00007FF611845000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235273413.00007FF611846000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235291896.00007FF61184A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235309286.00007FF61184B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235328242.00007FF611855000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235346355.00007FF61185A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235364461.00007FF61185F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235394816.00007FF611878000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235412351.00007FF61187A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF611883000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF61188A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235598308.00007FF6118ED000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235636771.00007FF611910000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235636771.00007FF611930000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff610150000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 96466433a2c03ce00878ad4e07e2657575574b6c1eba3e30b20a25e781da10f8
Instruction ID: 800ba39d9e680cb6cbdc13bb80f6dba0c9d77cbd634a54fd81b898c5a6fd46ae
Opcode Fuzzy Hash: 96466433a2c03ce00878ad4e07e2657575574b6c1eba3e30b20a25e781da10f8
Instruction Fuzzy Hash: F321EA26A09F4991EA40CB21E44617A6764FB5AF90F158632EE9C837A6DF3DD292C700

Function 00007FF61018C4A0 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2233217266.00007FF610151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF610150000, based on PE: true

Associated: 00000000.00000002.2233199274.00007FF610150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2233649860.00007FF6106D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234088231.00007FF610C41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234122898.00007FF610C47000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234150880.00007FF610C48000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234169016.00007FF610C49000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234186046.00007FF610C4A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234202747.00007FF610C4B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234221133.00007FF610C59000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234237758.00007FF610C5A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234256183.00007FF610C61000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610C62000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610C8B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610CEB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF6116EB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235201855.00007FF611840000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235221399.00007FF611841000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235238990.00007FF611844000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235256152.00007FF611845000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235273413.00007FF611846000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235291896.00007FF61184A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235309286.00007FF61184B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235328242.00007FF611855000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235346355.00007FF61185A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235364461.00007FF61185F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235394816.00007FF611878000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235412351.00007FF61187A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF611883000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF61188A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235598308.00007FF6118ED000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235636771.00007FF611910000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235636771.00007FF611930000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff610150000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 22522da0feb235d61bc241b6ab79d047ddd9691d3b3c1eaf56638a5be80ed470
Instruction ID: a201022b2e574fc6a992b628b5c80005fe64ecd4382a10da327cb491cb594ca3
Opcode Fuzzy Hash: 22522da0feb235d61bc241b6ab79d047ddd9691d3b3c1eaf56638a5be80ed470
Instruction Fuzzy Hash: FD212F36A08F4591EB40CB25E44613A7B64FB56F90F158632EE9C83796DF3DE292C700

Function 00007FF61018C580 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2233217266.00007FF610151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF610150000, based on PE: true

Associated: 00000000.00000002.2233199274.00007FF610150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2233649860.00007FF6106D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234088231.00007FF610C41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234122898.00007FF610C47000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234150880.00007FF610C48000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234169016.00007FF610C49000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234186046.00007FF610C4A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234202747.00007FF610C4B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234221133.00007FF610C59000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234237758.00007FF610C5A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234256183.00007FF610C61000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610C62000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610C8B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610CEB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF6116EB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235201855.00007FF611840000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235221399.00007FF611841000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235238990.00007FF611844000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235256152.00007FF611845000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235273413.00007FF611846000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235291896.00007FF61184A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235309286.00007FF61184B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235328242.00007FF611855000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235346355.00007FF61185A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235364461.00007FF61185F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235394816.00007FF611878000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235412351.00007FF61187A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF611883000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF61188A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235598308.00007FF6118ED000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235636771.00007FF611910000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235636771.00007FF611930000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff610150000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4613f57ba95712c84b12882325cc74ac45903a972ad254b4baca0ae642688a08
Instruction ID: 0892a5b029b4d4f1c48a554f764a2bbc752be31e6caa95930a12e68bcc4aed44
Opcode Fuzzy Hash: 4613f57ba95712c84b12882325cc74ac45903a972ad254b4baca0ae642688a08
Instruction Fuzzy Hash: ED212F36A08F4591EB40CB21E44213A7764FB56F90F159632EE9C83795DF3DD192C700

Function 00007FF61018C660 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2233217266.00007FF610151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF610150000, based on PE: true

Associated: 00000000.00000002.2233199274.00007FF610150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2233649860.00007FF6106D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234088231.00007FF610C41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234122898.00007FF610C47000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234150880.00007FF610C48000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234169016.00007FF610C49000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234186046.00007FF610C4A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234202747.00007FF610C4B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234221133.00007FF610C59000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234237758.00007FF610C5A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234256183.00007FF610C61000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610C62000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610C8B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610CEB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF6116EB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235201855.00007FF611840000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235221399.00007FF611841000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235238990.00007FF611844000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235256152.00007FF611845000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235273413.00007FF611846000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235291896.00007FF61184A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235309286.00007FF61184B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235328242.00007FF611855000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235346355.00007FF61185A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235364461.00007FF61185F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235394816.00007FF611878000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235412351.00007FF61187A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF611883000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF61188A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235598308.00007FF6118ED000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235636771.00007FF611910000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235636771.00007FF611930000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff610150000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b104dd7ceb76ec813f41b29759a8ce65ee0d13768ae0a1bb217993d6427874db
Instruction ID: f70314b1d69fbcc2c32be92301d893789efd4daf491eb073cbd6cb5aa17a48b3
Opcode Fuzzy Hash: b104dd7ceb76ec813f41b29759a8ce65ee0d13768ae0a1bb217993d6427874db
Instruction Fuzzy Hash: 8B212C36A08F4591EB40CB21E44213A7764FB5AF90F158632EE9C87796DF3DD292C700

Function 00007FF6101B9F60 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2233217266.00007FF610151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF610150000, based on PE: true

Associated: 00000000.00000002.2233199274.00007FF610150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2233649860.00007FF6106D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234088231.00007FF610C41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234122898.00007FF610C47000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234150880.00007FF610C48000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234169016.00007FF610C49000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234186046.00007FF610C4A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234202747.00007FF610C4B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234221133.00007FF610C59000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234237758.00007FF610C5A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234256183.00007FF610C61000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610C62000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610C8B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610CEB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF6116EB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235201855.00007FF611840000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235221399.00007FF611841000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235238990.00007FF611844000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235256152.00007FF611845000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235273413.00007FF611846000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235291896.00007FF61184A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235309286.00007FF61184B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235328242.00007FF611855000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235346355.00007FF61185A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235364461.00007FF61185F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235394816.00007FF611878000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235412351.00007FF61187A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF611883000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF61188A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235598308.00007FF6118ED000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235636771.00007FF611910000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235636771.00007FF611930000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff610150000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 80dbe5b1d718c49b7bd141de5a06484d8b7aec86736f171f43b741a9e2e9315f
Instruction ID: b8050bc1b71a9795247d45bc694fbaa34857d6dbc0750bccde0a72b8779b89c8
Opcode Fuzzy Hash: 80dbe5b1d718c49b7bd141de5a06484d8b7aec86736f171f43b741a9e2e9315f
Instruction Fuzzy Hash: 1EE0B626614E4485D6205B29E8413967324E788BB8F580322EEBC4B7E4DE28D2628E44

Function 00007FF6101B8200 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2233217266.00007FF610151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF610150000, based on PE: true

Associated: 00000000.00000002.2233199274.00007FF610150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2233649860.00007FF6106D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234088231.00007FF610C41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234122898.00007FF610C47000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234150880.00007FF610C48000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234169016.00007FF610C49000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234186046.00007FF610C4A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234202747.00007FF610C4B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234221133.00007FF610C59000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234237758.00007FF610C5A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234256183.00007FF610C61000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610C62000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610C8B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610CEB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF6116EB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235201855.00007FF611840000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235221399.00007FF611841000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235238990.00007FF611844000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235256152.00007FF611845000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235273413.00007FF611846000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235291896.00007FF61184A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235309286.00007FF61184B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235328242.00007FF611855000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235346355.00007FF61185A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235364461.00007FF61185F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235394816.00007FF611878000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235412351.00007FF61187A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF611883000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF61188A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235598308.00007FF6118ED000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235636771.00007FF611910000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235636771.00007FF611930000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff610150000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b25eacf825189e3e93b19ac92b33b3c670eb686d7544d33950804bb1f4313672
Instruction ID: 47f05c3c21d2b9ef35e9ac9c2825a4ca54640e842983bad4be5be71ba6d003a1
Opcode Fuzzy Hash: b25eacf825189e3e93b19ac92b33b3c670eb686d7544d33950804bb1f4313672
Instruction Fuzzy Hash: F3C08CF0D0FE832CFFA09342B5023686AEA8F48BA4DD0C0F0C25C803649F2CA280C108

Function 00007FF6106AAB30 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 111COMMON

Download Yara Rule

Strings

Mingw-w64 runtime failure:, xrefs: 00007FF6106AAB5B
Address %p has no image-section, xrefs: 00007FF6106AABA0
CCG , xrefs: 00007FF6106AABB7

Memory Dump Source

Source File: 00000000.00000002.2233217266.00007FF610151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF610150000, based on PE: true

Associated: 00000000.00000002.2233199274.00007FF610150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2233649860.00007FF6106D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234088231.00007FF610C41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234122898.00007FF610C47000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234150880.00007FF610C48000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234169016.00007FF610C49000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234186046.00007FF610C4A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234202747.00007FF610C4B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234221133.00007FF610C59000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234237758.00007FF610C5A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234256183.00007FF610C61000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610C62000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610C8B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610CEB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF6116EB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235201855.00007FF611840000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235221399.00007FF611841000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235238990.00007FF611844000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235256152.00007FF611845000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235273413.00007FF611846000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235291896.00007FF61184A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235309286.00007FF61184B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235328242.00007FF611855000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235346355.00007FF61185A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235364461.00007FF61185F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235394816.00007FF611878000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235412351.00007FF61187A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF611883000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF61188A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235598308.00007FF6118ED000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235636771.00007FF611910000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235636771.00007FF611930000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff610150000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: Address %p has no image-section$CCG $Mingw-w64 runtime failure:
API String ID: 0-3495338426
Opcode ID: 688a4f7d76c71375dbaa3942914aff0a147a051046d56fec903d79268bc5a0ae
Instruction ID: 31a9950472a72c4b5ec2a629fe66ad03cb5d6824d2e2619be98d06ef79962735
Opcode Fuzzy Hash: 688a4f7d76c71375dbaa3942914aff0a147a051046d56fec903d79268bc5a0ae
Instruction Fuzzy Hash: 0631CE31A48926A7FE646354A4913BD12919F89FB0F348136DA4FC73E5DF2DA881A3C0

Function 00007FF6106AA990 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 106memoryCOMMON

Download Yara Rule

APIs

VirtualQuery.KERNEL32 ref: 00007FF6106AAA53
VirtualProtect.KERNEL32 ref: 00007FF6106AAAB7
GetLastError.KERNEL32 ref: 00007FF6106AAB14

Strings

Address %p has no image-section, xrefs: 00007FF6106AAAE5
VirtualProtect failed with code 0x%x, xrefs: 00007FF6106AAB1A
VirtualQuery failed for %d bytes at address %p, xrefs: 00007FF6106AAB08

Memory Dump Source

Source File: 00000000.00000002.2233217266.00007FF610151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF610150000, based on PE: true

Associated: 00000000.00000002.2233199274.00007FF610150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2233649860.00007FF6106D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234088231.00007FF610C41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234122898.00007FF610C47000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234150880.00007FF610C48000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234169016.00007FF610C49000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234186046.00007FF610C4A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234202747.00007FF610C4B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234221133.00007FF610C59000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234237758.00007FF610C5A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234256183.00007FF610C61000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610C62000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610C8B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610CEB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF6116EB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235201855.00007FF611840000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235221399.00007FF611841000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235238990.00007FF611844000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235256152.00007FF611845000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235273413.00007FF611846000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235291896.00007FF61184A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235309286.00007FF61184B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235328242.00007FF611855000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235346355.00007FF61185A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235364461.00007FF61185F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235394816.00007FF611878000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235412351.00007FF61187A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF611883000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF61188A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235598308.00007FF6118ED000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235636771.00007FF611910000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235636771.00007FF611930000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff610150000_SecuriteInfo.jbxd

Similarity

API ID: Virtual$ErrorLastProtectQuery
String ID: VirtualProtect failed with code 0x%x$ VirtualQuery failed for %d bytes at address %p$Address %p has no image-section
API String ID: 637304234-2123141913
Opcode ID: 2c0371cb0e6e365c05a6df6054f63aa27f2e9a8a0fcf13ecf5a9ce278bf34a63
Instruction ID: 7a096f42b93279a12ebcef0b8f197626adea517992851b1f16f409b4331dca78
Opcode Fuzzy Hash: 2c0371cb0e6e365c05a6df6054f63aa27f2e9a8a0fcf13ecf5a9ce278bf34a63
Instruction Fuzzy Hash: 6341AF71A19E52A1FE91DB45D8446BD27A0EF88FA0F258032CA4EC77A0DF3CE981D750

Function 00007FF6106AA650 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 139memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNEL32 ref: 00007FF6106AA7CA

Strings

Unknown pseudo relocation bit size %d., xrefs: 00007FF6106AA94B
Unknown pseudo relocation protocol version %d., xrefs: 00007FF6106AA95B

Memory Dump Source

Source File: 00000000.00000002.2233217266.00007FF610151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF610150000, based on PE: true

Associated: 00000000.00000002.2233199274.00007FF610150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2233649860.00007FF6106D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234088231.00007FF610C41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234122898.00007FF610C47000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234150880.00007FF610C48000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234169016.00007FF610C49000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234186046.00007FF610C4A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234202747.00007FF610C4B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234221133.00007FF610C59000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234237758.00007FF610C5A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234256183.00007FF610C61000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610C62000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610C8B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF610CEB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2234274756.00007FF6116EB000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235201855.00007FF611840000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235221399.00007FF611841000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235238990.00007FF611844000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235256152.00007FF611845000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235273413.00007FF611846000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235291896.00007FF61184A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235309286.00007FF61184B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235328242.00007FF611855000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235346355.00007FF61185A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235364461.00007FF61185F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235394816.00007FF611878000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235412351.00007FF61187A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF611883000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF61188A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235433863.00007FF6118E9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235598308.00007FF6118ED000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235636771.00007FF611910000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2235636771.00007FF611930000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff610150000_SecuriteInfo.jbxd

Similarity

API ID: ProtectVirtual
String ID: Unknown pseudo relocation bit size %d.$ Unknown pseudo relocation protocol version %d.
API String ID: 544645111-395989641
Opcode ID: 5bfe78bc8aea5759c4892b4ccba3dfaa9d3e32515f38b1b5f1b2ee47f95b297f
Instruction ID: f88f00cfd4f73bc9c2caab58b8516d0f41e41c1e211e57b6e394b95b8100d10e
Opcode Fuzzy Hash: 5bfe78bc8aea5759c4892b4ccba3dfaa9d3e32515f38b1b5f1b2ee47f95b297f
Instruction Fuzzy Hash: DC519876A18912E6EF50DB22D8406B923B1EF08FB4F148132D91D877A5CF3CE586DB90

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	Driver: Driver Load, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Compliance

Software Vulnerabilities

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Exports

Possible Origin

Network Behavior

DNS Answers

Statistics

CPU Usage

Memory Usage

High Level Behavior Distribution

back

System Behavior

Analysis Process: SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exePID: 7316, Parent PID: 1028

General

File Activities

File Opened

File Created

File Written

Windows Analysis Report
SecuriteInfo.com.Trojan-Dropper.WinGo.Agent.10058.14118.exe

Function 00007FF610182D80 Relevance: 45.3, Strings: 36, Instructions: 274
COMMON

Function 00007FF61015CC20 Relevance: 12.9, Strings: 10, Instructions: 386
COMMON

Function 00007FF610188FC0 Relevance: 6.5, Strings: 5, Instructions: 299
COMMON