Joe Sandbox Cloud Basic Analysis Report
Edit tour

Windows Analysis Report
main.exe

Overview

General Information

Sample name:main.exe
Analysis ID:1670063
MD5:c0d23a00fc27651dcb2efa66d09dd985
SHA1:8142050b328fb24ca4591f89946eb81a6d116226
SHA256:e0b9946aaf7abb1802d3857d9834e63f088e7ab852d2383a2e98341f9f5c2fc1
Tags:exeuser-FelloBoiYuuka
Infos:

Detection

Score:48
Range:0 - 100
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Contains functionality for execution timing, often used to detect debuggers
Detected potential crypto function
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
PE file contains more sections than normal
PE file contains sections with non-standard names
Program does not show much activity (idle)
Sample execution stops while process was sleeping (likely an evasion)

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Process Tree

  • System is w10x64
  • main.exe (PID: 6572 cmdline: "C:\Users\user\Desktop\main.exe" MD5: C0D23A00FC27651DCB2EFA66D09DD985)
    • conhost.exe (PID: 6588 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

  • AV Detection
  • Compliance
  • Software Vulnerabilities
  • System Summary
  • Data Obfuscation
  • Hooking and other Techniques for Hiding and Protection
  • Malware Analysis System Evasion
  • Anti Debugging

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: main.exeVirustotal: Detection: 8%Perma Link
Source: main.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: C:\Users\user\Desktop\main.exeCode function: 4x nop then mov rsi, rdi0_2_00FEA5C0
Source: C:\Users\user\Desktop\main.exeCode function: 4x nop then mov r9, 0000800000000000h0_2_00FE8FE0
Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00FD50600_2_00FD5060
Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00FD90400_2_00FD9040
Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00FCF1A00_2_00FCF1A0
Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00FD9AA00_2_00FD9AA0
Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00FE0AA00_2_00FE0AA0
Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00FDAA800_2_00FDAA80
Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00FE53E00_2_00FE53E0
Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00FD43C00_2_00FD43C0
Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00FD6B400_2_00FD6B40
Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00FC5C200_2_00FC5C20
Source: C:\Users\user\Desktop\main.exeCode function: 0_2_0100CC200_2_0100CC20
Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00FEA5C00_2_00FEA5C0
Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00FF4DB60_2_00FF4DB6
Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00FDF5A00_2_00FDF5A0
Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00FC96A00_2_00FC96A0
Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00FD36800_2_00FD3680
Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00FC4E600_2_00FC4E60
Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00FFB7E00_2_00FFB7E0
Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00FC57C00_2_00FC57C0
Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00FCD7A00_2_00FCD7A0
Source: C:\Users\user\Desktop\main.exeCode function: String function: 00FF5F80 appears 258 times
Source: C:\Users\user\Desktop\main.exeCode function: String function: 00FF81E0 appears 487 times
Source: main.exeStatic PE information: Number of sections : 13 > 10
Source: main.exeStatic PE information: Section: /19 ZLIB complexity 0.9967501280737705
Source: main.exeStatic PE information: Section: /65 ZLIB complexity 0.9986406992280285
Source: main.exeStatic PE information: Section: /78 ZLIB complexity 0.9923107554611651
Source: classification engineClassification label: mal48.winEXE@2/0@0/0
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6588:120:WilError_03
Source: main.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\main.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: main.exeVirustotal: Detection: 8%
Source: unknownProcess created: C:\Users\user\Desktop\main.exe "C:\Users\user\Desktop\main.exe"
Source: C:\Users\user\Desktop\main.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\main.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\main.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\main.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\Desktop\main.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Users\user\Desktop\main.exeSection loaded: umpdc.dllJump to behavior
Source: main.exeStatic file information: File size 2140672 > 1048576
Source: main.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: main.exeStatic PE information: section name: /4
Source: main.exeStatic PE information: section name: /19
Source: main.exeStatic PE information: section name: /32
Source: main.exeStatic PE information: section name: /46
Source: main.exeStatic PE information: section name: /65
Source: main.exeStatic PE information: section name: /78
Source: main.exeStatic PE information: section name: /90
Source: main.exeStatic PE information: section name: .symtab
Source: C:\Users\user\Desktop\main.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Users\user\Desktop\main.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\main.exeCode function: 0_2_01025CC0 rdtsc 0_2_01025CC0
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00FF0D60 GetProcessAffinityMask,GetSystemInfo,0_2_00FF0D60
Source: main.exe, 00000000.00000002.2126305625.0000020686F2C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Users\user\Desktop\main.exeCode function: 0_2_01025CC0 rdtsc 0_2_01025CC0
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Users\user\Desktop\main.exeCode function: 0_2_01008080 AddVectoredExceptionHandler,RtlAddVectoredContinueHandler,RtlAddVectoredContinueHandler,SetUnhandledExceptionFilter,0_2_01008080

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
DLL Side-Loading		1
Process Injection		1
Software Packing		OS Credential Dumping11
Security Software Discovery		Remote Services1
Archive Collected Data		1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading		1
Process Injection		LSASS Memory2
System Information Discovery		Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Deobfuscate/Decode Files or Information		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
DLL Side-Loading		NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script2
Obfuscated Files or Information		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1670063 Sample: main.exe Startdate: 21/04/2025 Architecture: WINDOWS Score: 48 10 Multi AV Scanner detection for submitted file 2->10 6 main.exe 1 2->6         started        process3 process4 8 conhost.exe 6->8         started       

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
main.exe8%VirustotalBrowse
main.exe11%ReversingLabs

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

World Map of Contacted IPs

No contacted IP infos

General Information

Joe Sandbox version:42.0.0 Malachite
Analysis ID:1670063
Start date and time:2025-04-21 04:24:15 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 46s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:default.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:12
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Sample name:main.exe
Detection:MAL
Classification:mal48.winEXE@2/0@0/0
EGA Information:Failed
HCA Information:Failed
Cookbook Comments:
  • Found application associated with file extension: .exe
  • Exclude process from analysis (whitelisted): MpCmdRun.exe, sppsvc.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
  • Excluded IPs from analysis (whitelisted): 52.149.20.212, 184.29.183.29
  • Excluded domains from analysis (whitelisted): fs.microsoft.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, c.pki.goog, fe3cr.delivery.mp.microsoft.com
  • Execution Graph export aborted for target main.exe, PID 6572 because there are no executed function
  • Not all processes where analyzed, report is missing behavior information

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASNs

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

No created / dropped files found

Static File Info

General

File type:PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows
Entropy (8bit):6.634207458831921
TrID:
  • Win64 Executable (generic) (12005/4) 74.95%
  • Generic Win/DOS Executable (2004/3) 12.51%
  • DOS Executable Generic (2002/1) 12.50%
  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.04%
File name:main.exe
File size:2'140'672 bytes
MD5:c0d23a00fc27651dcb2efa66d09dd985
SHA1:8142050b328fb24ca4591f89946eb81a6d116226
SHA256:e0b9946aaf7abb1802d3857d9834e63f088e7ab852d2383a2e98341f9f5c2fc1
SHA512:478c3026ff5af773f17b66dcc5e5a74e32eeeb1d8b1c8520a0d6f0fc14d621b820e90215049f5a7f87ca7cd4bf324849d102a341fdf09b85c47584b2b17fe7a7
SSDEEP:24576:tDsXRtJcnVRKsC/Xw2ui5qZQ+FJkGSU12gERe+O14N5OaftXD25cbOddWL:sJcrKsC/ggl85SU1xGev14eaf5SDdO
TLSH:EDA55A06BCD524BAC6BAE63149A1D2A137327C6803312BC73EC5767E1A76BD42E3D354
File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d........&..w....."..........V.......t........@...............................%...........`... ............................

File Icon

Icon Hash:90cececece8e8eb0

Static PE Info

General

Entrypoint:0x467480
Entrypoint Section:.text
Digitally signed:false
Imagebase:0x400000
Subsystem:windows cui
Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, DEBUG_STRIPPED
DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:0x0 [Thu Jan 1 00:00:00 1970 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:6
OS Version Minor:1
File Version Major:6
File Version Minor:1
Subsystem Version Major:6
Subsystem Version Minor:1
Import Hash:4035d2883e01d64f3e7a9dccb1d63af5
Instruction
jmp 00007F6B74DAEB70h
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
pushfd
dec eax
sub esp, 70h
dec eax
mov dword ptr [esp+50h], edi
dec eax
mov dword ptr [esp+48h], esi
dec eax
mov dword ptr [esp+40h], ebp
dec eax
mov dword ptr [esp+38h], ebx
dec esp
mov dword ptr [esp+30h], esp
dec esp
mov dword ptr [esp+28h], ebp
dec esp
mov dword ptr [esp+20h], esi
dec esp
mov dword ptr [esp+58h], edi
dec ecx
mov edi, eax
dec eax
mov edx, dword ptr [00000028h]
dec eax
cmp edx, 00000000h
jne 00007F6B74DB22DEh
dec eax
mov eax, 00000000h
jmp 00007F6B74DB2360h
dec eax
mov edx, dword ptr [edx+00000000h]
dec eax
cmp edx, 00000000h
jne 00007F6B74DB22D7h
call 00007F6B74DB2418h
dec eax
mov dword ptr [esp+60h], edx
dec eax
mov dword ptr [esp+68h], esp
dec eax
mov ebx, dword ptr [edx+30h]
dec eax
mov ebx, dword ptr [ebx]
dec eax
cmp edx, ebx
je 00007F6B74DB22FFh
dec eax
mov ebp, dword ptr [00000028h]
dec eax
mov dword ptr [ebp+00000000h], ebx
dec eax
mov edi, dword ptr [ebx+38h]
dec eax
sub edi, 08h
dec eax
lea esi, dword ptr [FFFD3D8Eh]
dec eax
mov dword ptr [edi], esi
dec eax
sub edi, 78h
dec eax
mov dword ptr [edi+68h], esp
dec eax
mov esp, edi
dec eax
mov ebx, dword ptr [ecx]
dec eax
mov ecx, dword ptr [ecx+08h]
NameVirtual AddressVirtual Size Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
IMAGE_DIRECTORY_ENTRY_IMPORT0x2390000x476.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
IMAGE_DIRECTORY_ENTRY_BASERELOC0x23a0000x716a.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
IMAGE_DIRECTORY_ENTRY_TLS0x00x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
IMAGE_DIRECTORY_ENTRY_IAT0x1590200x140.data
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

Sections

NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
.text0x10000xaac5d0xaae00441119baab5b6413917108c23c154738False0.43376520208485736data5.92409466828377IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata0xac0000xacc080xace003843ad2f4fa7ea84e92a36e12071fd66False0.38930455757411425data5.221054151382534IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data0x1590000x5e6900x15600974efdc072e129b4c44b395a68e7c036False0.3157437865497076data4.028670607748415IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
/40x1b80000x1190x20028a3e9c96b9bb43e6541a26c8f68899bFalse0.595703125data4.8292159200679565IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
/190x1b90000x1e6370x1e800a4f8e0720b08ba3d092e47b3fea45083False0.9967501280737705data7.993385273055602IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
/320x1d80000x5e9b0x600038d6a71f792620a08ce341965bb4a7f7False0.9840494791666666data7.908415638138461IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
/460x1de0000x300x20040cca7c46fc713b4f088e5d440ca7931False0.103515625data0.8556848540171443IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
/650x1df0000x348910x34a001c220de060aac08d5e84372ed4a09ab7False0.9986406992280285data7.995508726991562IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
/780x2140000x19a9a0x19c005bd8e8e3d5f952408aca0e970703bd12False0.9923107554611651data7.992763813057642IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
/900x22e0000xa2250xa40095f0d8421c1b82f3432d23fe6f3378f1False0.9659394054878049data7.802871246000206IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
.idata0x2390000x4760x6006ea75cb08b9b97cc51b1568be84989b7False0.3346354166666667data3.5662186463330814IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.reloc0x23a0000x716a0x7200d3bd3c20ec889f961661f14b87b90376False0.3246984649122807data5.434804749373522IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
.symtab0x2420000x182bb0x18400f2cb53939378eeadb906a6523a66a287False0.2720078930412371data5.120593102057724IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
DLLImport
kernel32.dllWriteFile, WriteConsoleW, WaitForMultipleObjects, WaitForSingleObject, VirtualQuery, VirtualFree, VirtualAlloc, SwitchToThread, SuspendThread, Sleep, SetWaitableTimer, SetUnhandledExceptionFilter, SetProcessPriorityBoost, SetEvent, SetErrorMode, SetConsoleCtrlHandler, ResumeThread, PostQueuedCompletionStatus, LoadLibraryA, LoadLibraryW, SetThreadContext, GetThreadContext, GetSystemInfo, GetSystemDirectoryA, GetStdHandle, GetQueuedCompletionStatusEx, GetProcessAffinityMask, GetProcAddress, GetEnvironmentStringsW, GetConsoleMode, FreeEnvironmentStringsW, ExitProcess, DuplicateHandle, CreateWaitableTimerExW, CreateThread, CreateIoCompletionPort, CreateEventA, CloseHandle, AddVectoredExceptionHandler

Network Behavior

No network behavior found

Statistics

CPU Usage

050100s020406080100

Click to jump to process

Memory Usage

050100s0.0051015MB

Click to jump to process

Behavior

Click to jump to process

System Behavior

General

Target ID:0
Start time:22:25:11
Start date:20/04/2025
Path:C:\Users\user\Desktop\main.exe
Wow64 process (32bit):false
Commandline:"C:\Users\user\Desktop\main.exe"
Imagebase:0xfc0000
File size:2'140'672 bytes
MD5 hash:C0D23A00FC27651DCB2EFA66D09DD985
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:low
Has exited:false
There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
Show Windows behavior

Section Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
Show Windows behavior

Process Activities

Show Windows behavior

Thread Activities

Show Windows behavior

Memory Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

General

Target ID:1
Start time:22:25:11
Start date:20/04/2025
Path:C:\Windows\System32\conhost.exe
Wow64 process (32bit):false
Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:0x7ff642da0000
File size:862'208 bytes
MD5 hash:0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:high
Has exited:false
Show Windows behavior

File Activities

Show Windows behavior

Section Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
Show Windows behavior

Mutex Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
Show Windows behavior

Thread Activities

Show Windows behavior

Memory Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
Show Windows behavior

Windows UI Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Disassembly

Non-executed Functions

Strings
  • (forced) -> node= blocked= defersc= in use) lockedg= lockedm= m->curg= marked ms cpu, not in [ runtime= s.limit= s.state= threads= u_a/u_g= unmarked wbuf1.n= wbuf2.n=(unknown), newval=, oldval=, size = , tail = 244140625: status=Bassa_VahBhaiksukiCuneifor, xrefs: 00FDB625
  • ms clock, nBSSRoots= p->status= s.nelems= schedtick= span.list= timerslen=, elemsize=, npages = /dev/stderr/dev/stdout30517578125: frame.sp=CloseHandleCreateFileWDeleteFileWDives_AkuruExitProcessFreeLibraryGOTRACEBACKGetFileTypeIdeographicMedefaidrinMoveFil, xrefs: 00FDB20A
  • gcinggscanhchaninit int16int32int64mheapntohspanicscav schedsleepslicesse41sse42ssse3sudogsweeptraceuint8usagewrite Value addr= alloc base code= ctxt: curg= free goid jobs= list= m->p= next= p->m= prev= span=% util(...), i = , not 390625<-chanArabicBrahmiC, xrefs: 00FDAB69, 00FDB72A
  • ms cpu, not in [ runtime= s.limit= s.state= threads= u_a/u_g= unmarked wbuf1.n= wbuf2.n=(unknown), newval=, oldval=, size = , tail = 244140625: status=Bassa_VahBhaiksukiCuneiformDiacriticFindCloseHex_DigitInheritedInterfaceKhudawadiLocalFreeMalayalamMongolia, xrefs: 00FDB425
  • +-./5:<=?CLMNPSUZ[\]`hms + @ P [%v(") )(), ->25: > CcCfCoCsLlLmLoLtLuMcMeMnNdNlNoPcPdPePfPiPoPsScSkSmSoYiZlZpZs")" ][]i)msnss us} G M P ) *( - < > m= n=%: +00+01+03+04+05+06+07+08+09+10+11+12+13+14-01-02-03-04-05-06-08-09-11-12125625???ADTASTBSTCAT, xrefs: 00FDB1D3, 00FDB3A5
  • gc done but gcphase != _GCoffgfput: bad status (not Gdead)invalid length of trace eventio: read/write on closed pipemachine is not on the networkno XENIX semaphores availablenotesleep - waitm out of syncnumerical result out of rangeoperation already in progres, xrefs: 00FDB776
  • ., xrefs: 00FDAF6D
  • MB, W_a= and cnt= h_a= h_g= h_t= max= ms, ptr siz= tab= top= u_a= u_g=+0330+0430+0530+0545+0630+0845+1030+1245+1345, ..., fp:-09301562578125<nil>AdlamBamumBatakBuhidDograErrorGreekKhmerLatinLimbuNushuOghamOriyaOsageRunicSTermTakriTamil] = (arrayclosedefer, xrefs: 00FDB4B3
  • @ P [%v(") )(), ->25: > CcCfCoCsLlLmLoLtLuMcMeMnNdNlNoPcPdPePfPiPoPsScSkSmSoYiZlZpZs")" ][]i)msnss us} G M P ) *( - < > m= n=%: +00+01+03+04+05+06+07+08+09+10+11+12+13+14-01-02-03-04-05-06-08-09-11-12125625???ADTASTBSTCATCDTCETCSTEATEDTEETEOFESTGM, xrefs: 00FDB026
Memory Dump Source
  • Source File: 00000000.00000002.2124398066.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
  • Associated: 00000000.00000002.2124322813.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124524807.000000000106C000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124663432.0000000001119000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124706630.000000000111D000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124743435.000000000111E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124784032.000000000111F000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124824878.0000000001128000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124851517.0000000001129000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000112D000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000115A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001175000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.0000000001178000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.000000000119F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125192678.00000000011F9000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125246417.00000000011FA000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_fc0000_main.jbxd
Similarity
  • API ID:
  • String ID: (forced) -> node= blocked= defersc= in use) lockedg= lockedm= m->curg= marked ms cpu, not in [ runtime= s.limit= s.state= threads= u_a/u_g= unmarked wbuf1.n= wbuf2.n=(unknown), newval=, oldval=, size = , tail = 244140625: status=Bassa_VahBhaiksukiCuneifor$ @ P [%v(") )(), ->25: > CcCfCoCsLlLmLoLtLuMcMeMnNdNlNoPcPdPePfPiPoPsScSkSmSoYiZlZpZs")" ][]i)msnss us} G M P ) *( - < > m= n=%: +00+01+03+04+05+06+07+08+09+10+11+12+13+14-01-02-03-04-05-06-08-09-11-12125625???ADTASTBSTCATCDTCETCSTEATEDTEETEOFESTGM$ MB, W_a= and cnt= h_a= h_g= h_t= max= ms, ptr siz= tab= top= u_a= u_g=+0330+0430+0530+0545+0630+0845+1030+1245+1345, ..., fp:-09301562578125<nil>AdlamBamumBatakBuhidDograErrorGreekKhmerLatinLimbuNushuOghamOriyaOsageRunicSTermTakriTamil] = (arrayclosedefer$ ms clock, nBSSRoots= p->status= s.nelems= schedtick= span.list= timerslen=, elemsize=, npages = /dev/stderr/dev/stdout30517578125: frame.sp=CloseHandleCreateFileWDeleteFileWDives_AkuruExitProcessFreeLibraryGOTRACEBACKGetFileTypeIdeographicMedefaidrinMoveFil$ ms cpu, not in [ runtime= s.limit= s.state= threads= u_a/u_g= unmarked wbuf1.n= wbuf2.n=(unknown), newval=, oldval=, size = , tail = 244140625: status=Bassa_VahBhaiksukiCuneiformDiacriticFindCloseHex_DigitInheritedInterfaceKhudawadiLocalFreeMalayalamMongolia$+-./5:<=?CLMNPSUZ[\]`hms + @ P [%v(") )(), ->25: > CcCfCoCsLlLmLoLtLuMcMeMnNdNlNoPcPdPePfPiPoPsScSkSmSoYiZlZpZs")" ][]i)msnss us} G M P ) *( - < > m= n=%: +00+01+03+04+05+06+07+08+09+10+11+12+13+14-01-02-03-04-05-06-08-09-11-12125625???ADTASTBSTCAT$.$gc done but gcphase != _GCoffgfput: bad status (not Gdead)invalid length of trace eventio: read/write on closed pipemachine is not on the networkno XENIX semaphores availablenotesleep - waitm out of syncnumerical result out of rangeoperation already in progres$gcinggscanhchaninit int16int32int64mheapntohspanicscav schedsleepslicesse41sse42ssse3sudogsweeptraceuint8usagewrite Value addr= alloc base code= ctxt: curg= free goid jobs= list= m->p= next= p->m= prev= span=% util(...), i = , not 390625<-chanArabicBrahmiC
  • API String ID: 0-4101257862
  • Opcode ID: d600365829066c50c1cd5359f4d88e3e485ac5393184b44ae3c920f62d0f4aba
  • Instruction ID: 3a19fa0ad1891d8da86e9fa497865161d5bba622fdf83e504abb92978f031b8d
  • Opcode Fuzzy Hash: d600365829066c50c1cd5359f4d88e3e485ac5393184b44ae3c920f62d0f4aba
  • Instruction Fuzzy Hash: ED623636609B89C5EB109F15F8843EAB3A5F789790F558126EACC07BA9DF7CC185DB00
Strings
  • initialHeapLive= spinningthreads=, p.searchAddr = 0123456789ABCDEFX0123456789abcdefx1192092895507812559604644775390625: missing method DnsRecordListFreeFLE Standard TimeGC assist markingGMT Standard TimeGTB Standard TimeGetCurrentProcessGetShortPathNameWLooku, xrefs: 00FD9E0C
  • gc_trigger underflowgo of nil func valuegopark: bad g statusinconsistent lockedminvalid request codeinvalid write resultis a named type filekey has been revokedmalloc during signalnotetsleep not on g0p mcache not flushedpacer: assist ratio=preempt off reason: , xrefs: 00FD9E8F
  • minTrigger= nDataRoots= nSpanRoots= pages/byte preemptoff= s.elemsize= s.sweepgen= span.limit= span.state= sysmonwait= wbuf1=<nil> wbuf2=<nil>) p->status=-byte limit152587890625762939453125Bidi_ControlGetAddrInfoWGetConsoleCPGetLastErrorGetLengthSidGetStdHa, xrefs: 00FD9E5C
  • """, xrefs: 00FD9AD6, 00FD9B66, 00FD9D6A
  • heap_marked= idlethreads= is nil, not nStackRoots= s.spanclass= span.base()= syscalltick= work.nproc= work.nwait= , gp->status=, not pointer-byte block (3814697265625CertOpenStoreFindNextFileWFreeAddrInfoWGC sweep waitGunjala_GondiMapViewOfFileMasaram_Gondi, xrefs: 00FD9DBA
  • runtime: next_gc=runtime: pointer runtime: summary[runtime: textOff runtime: typeOff scanobject n == 0select (no cases)stack: frame={sp:swept cached spanthread exhaustionunknown caller pcwait for GC cyclewrong medium type but memory size because dotdotdot to, xrefs: 00FD9D93
  • triggerRatio=value method xadd64 failedxchg64 failed}sched={pc: but progSize nmidlelocked= on zero Value out of range procedure in to finalizer untyped args -thread limit1907348632812595367431640625CertCloseStoreCreateProcessWCryptGenRandomFindFirstFile, xrefs: 00FD9E33
  • heap_live= idleprocs= in status mallocing= ms clock, nBSSRoots= p->status= s.nelems= schedtick= span.list= timerslen=, elemsize=, npages = /dev/stderr/dev/stdout30517578125: frame.sp=CloseHandleCreateFileWDeleteFileWDives_AkuruExitProcessFreeLibraryGOTRACE, xrefs: 00FD9DE5
Memory Dump Source
  • Source File: 00000000.00000002.2124398066.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
  • Associated: 00000000.00000002.2124322813.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124524807.000000000106C000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124663432.0000000001119000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124706630.000000000111D000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124743435.000000000111E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124784032.000000000111F000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124824878.0000000001128000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124851517.0000000001129000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000112D000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000115A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001175000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.0000000001178000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.000000000119F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125192678.00000000011F9000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125246417.00000000011FA000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_fc0000_main.jbxd
Similarity
  • API ID:
  • String ID: heap_live= idleprocs= in status mallocing= ms clock, nBSSRoots= p->status= s.nelems= schedtick= span.list= timerslen=, elemsize=, npages = /dev/stderr/dev/stdout30517578125: frame.sp=CloseHandleCreateFileWDeleteFileWDives_AkuruExitProcessFreeLibraryGOTRACE$ heap_marked= idlethreads= is nil, not nStackRoots= s.spanclass= span.base()= syscalltick= work.nproc= work.nwait= , gp->status=, not pointer-byte block (3814697265625CertOpenStoreFindNextFileWFreeAddrInfoWGC sweep waitGunjala_GondiMapViewOfFileMasaram_Gondi$ initialHeapLive= spinningthreads=, p.searchAddr = 0123456789ABCDEFX0123456789abcdefx1192092895507812559604644775390625: missing method DnsRecordListFreeFLE Standard TimeGC assist markingGMT Standard TimeGTB Standard TimeGetCurrentProcessGetShortPathNameWLooku$ minTrigger= nDataRoots= nSpanRoots= pages/byte preemptoff= s.elemsize= s.sweepgen= span.limit= span.state= sysmonwait= wbuf1=<nil> wbuf2=<nil>) p->status=-byte limit152587890625762939453125Bidi_ControlGetAddrInfoWGetConsoleCPGetLastErrorGetLengthSidGetStdHa$"""$gc_trigger underflowgo of nil func valuegopark: bad g statusinconsistent lockedminvalid request codeinvalid write resultis a named type filekey has been revokedmalloc during signalnotetsleep not on g0p mcache not flushedpacer: assist ratio=preempt off reason: $runtime: next_gc=runtime: pointer runtime: summary[runtime: textOff runtime: typeOff scanobject n == 0select (no cases)stack: frame={sp:swept cached spanthread exhaustionunknown caller pcwait for GC cyclewrong medium type but memory size because dotdotdot to$triggerRatio=value method xadd64 failedxchg64 failed}sched={pc: but progSize nmidlelocked= on zero Value out of range procedure in to finalizer untyped args -thread limit1907348632812595367431640625CertCloseStoreCreateProcessWCryptGenRandomFindFirstFile
  • API String ID: 0-978959766
  • Opcode ID: b251cb9a79f4fafe23f399f5c582dbe0c7def6f3420c9d783e92ce17bb2bc433
  • Instruction ID: 082ca0543b125ef9ef449763eb1fb809bdec8386ce0d8c382ca2432cb9448bdf
  • Opcode Fuzzy Hash: b251cb9a79f4fafe23f399f5c582dbe0c7def6f3420c9d783e92ce17bb2bc433
  • Instruction Fuzzy Hash: AA919C3251DF48C5EA46DF65F8813A9B366FB8A790F148313E69E167A5DFBCC0819700
Strings
  • h_t= max= ms, ptr siz= tab= top= u_a= u_g=+0330+0430+0530+0545+0630+0845+1030+1245+1345, ..., fp:-09301562578125<nil>AdlamBamumBatakBuhidDograErrorGreekKhmerLatinLimbuNushuOghamOriyaOsageRunicSTermTakriTamil] = (arrayclosedeferfalsefaultgFreegcinggscanhchan, xrefs: 00FD925C
  • pacer: H_m_prev=reflect mismatchremote I/O errorruntime: g: g=runtime: addr = runtime: base = runtime: gp: gp=runtime: head = runtime: nelems=schedule: in cgotime: bad [0-9]*workbuf is empty initialHeapLive= spinningthreads=, p.searchAddr = 0123456789ABCDEFX, xrefs: 00FD9235
  • """, xrefs: 00FD907C, 00FD91ED
  • H_T= H_a= H_g= MB, W_a= and cnt= h_a= h_g= h_t= max= ms, ptr siz= tab= top= u_a= u_g=+0330+0430+0530+0545+0630+0845+1030+1245+1345, ..., fp:-09301562578125<nil>AdlamBamumBatakBuhidDograErrorGreekKhmerLatinLimbuNushuOghamOriyaOsageRunicSTermTakriTamil] = (, xrefs: 00FD9285
  • u_a/u_g= unmarked wbuf1.n= wbuf2.n=(unknown), newval=, oldval=, size = , tail = 244140625: status=Bassa_VahBhaiksukiCuneiformDiacriticFindCloseHex_DigitInheritedInterfaceKhudawadiLocalFreeMalayalamMongolianMoveFileWNabataeanPalmyreneSamaritanSundaneseWSASendT, xrefs: 00FD943E
Memory Dump Source
  • Source File: 00000000.00000002.2124398066.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
  • Associated: 00000000.00000002.2124322813.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124524807.000000000106C000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124663432.0000000001119000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124706630.000000000111D000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124743435.000000000111E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124784032.000000000111F000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124824878.0000000001128000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124851517.0000000001129000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000112D000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000115A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001175000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.0000000001178000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.000000000119F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125192678.00000000011F9000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125246417.00000000011FA000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_fc0000_main.jbxd
Similarity
  • API ID:
  • String ID: H_T= H_a= H_g= MB, W_a= and cnt= h_a= h_g= h_t= max= ms, ptr siz= tab= top= u_a= u_g=+0330+0430+0530+0545+0630+0845+1030+1245+1345, ..., fp:-09301562578125<nil>AdlamBamumBatakBuhidDograErrorGreekKhmerLatinLimbuNushuOghamOriyaOsageRunicSTermTakriTamil] = ($ h_t= max= ms, ptr siz= tab= top= u_a= u_g=+0330+0430+0530+0545+0630+0845+1030+1245+1345, ..., fp:-09301562578125<nil>AdlamBamumBatakBuhidDograErrorGreekKhmerLatinLimbuNushuOghamOriyaOsageRunicSTermTakriTamil] = (arrayclosedeferfalsefaultgFreegcinggscanhchan$ u_a/u_g= unmarked wbuf1.n= wbuf2.n=(unknown), newval=, oldval=, size = , tail = 244140625: status=Bassa_VahBhaiksukiCuneiformDiacriticFindCloseHex_DigitInheritedInterfaceKhudawadiLocalFreeMalayalamMongolianMoveFileWNabataeanPalmyreneSamaritanSundaneseWSASendT$"""$pacer: H_m_prev=reflect mismatchremote I/O errorruntime: g: g=runtime: addr = runtime: base = runtime: gp: gp=runtime: head = runtime: nelems=schedule: in cgotime: bad [0-9]*workbuf is empty initialHeapLive= spinningthreads=, p.searchAddr = 0123456789ABCDEFX
  • API String ID: 0-1324476943
  • Opcode ID: 4b1a4bfab9fb544a46afcaff22918dd901ecb116d1c3aec4cef5be5c52b74085
  • Instruction ID: 7ff75ae82800a9772f80dd4e18ab01723d35e42f9b11142d2ed6cd8e1699f0ce
  • Opcode Fuzzy Hash: 4b1a4bfab9fb544a46afcaff22918dd901ecb116d1c3aec4cef5be5c52b74085
  • Instruction Fuzzy Hash: 35C14F32519F4889D642DF75A84135AB769FF9A7D0F14C312EA8E26B69DF7CC082DB00
Strings
  • but progSize nmidlelocked= on zero Value out of range procedure in to finalizer untyped args -thread limit1907348632812595367431640625CertCloseStoreCreateProcessWCryptGenRandomFindFirstFileWFormatMessageWGC assist waitGC worker initGetConsoleModeGetProcA, xrefs: 00FD53AC
  • runtime: heapBitsSetTypeGCProg: total bits runtime: releaseSudog with non-nil gp.paramruntime:stoplockedm: lockedg (atomicstatus=unfinished open-coded defers in deferreturnunknown runnable goroutine during bootstrap using value obtained using unexported fieldc, xrefs: 00FD5385
  • ', xrefs: 00FD5409
  • heapBitsSetTypeGCProg: unexpected bit countinterrupted system call should be restartedmultiple Read calls return no data or errornon in-use span found with specials bit setreflect: nil type passed to Type.Implementsroot level max pages doesn't fit in summaryru, xrefs: 00FD53E5
  • heapBitsSetTypeGCProg: small allocationmismatched count during itab table copymspan.sweep: bad span state after sweepout of memory allocating heap arena mapruntime: blocked write on free polldescruntime: casfrom_Gscanstatus failed gp=runtime: function symbol t, xrefs: 00FD53FE
Memory Dump Source
  • Source File: 00000000.00000002.2124398066.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
  • Associated: 00000000.00000002.2124322813.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124524807.000000000106C000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124663432.0000000001119000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124706630.000000000111D000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124743435.000000000111E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124784032.000000000111F000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124824878.0000000001128000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124851517.0000000001129000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000112D000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000115A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001175000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.0000000001178000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.000000000119F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125192678.00000000011F9000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125246417.00000000011FA000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_fc0000_main.jbxd
Similarity
  • API ID:
  • String ID: but progSize nmidlelocked= on zero Value out of range procedure in to finalizer untyped args -thread limit1907348632812595367431640625CertCloseStoreCreateProcessWCryptGenRandomFindFirstFileWFormatMessageWGC assist waitGC worker initGetConsoleModeGetProcA$'$heapBitsSetTypeGCProg: small allocationmismatched count during itab table copymspan.sweep: bad span state after sweepout of memory allocating heap arena mapruntime: blocked write on free polldescruntime: casfrom_Gscanstatus failed gp=runtime: function symbol t$heapBitsSetTypeGCProg: unexpected bit countinterrupted system call should be restartedmultiple Read calls return no data or errornon in-use span found with specials bit setreflect: nil type passed to Type.Implementsroot level max pages doesn't fit in summaryru$runtime: heapBitsSetTypeGCProg: total bits runtime: releaseSudog with non-nil gp.paramruntime:stoplockedm: lockedg (atomicstatus=unfinished open-coded defers in deferreturnunknown runnable goroutine during bootstrap using value obtained using unexported fieldc
  • API String ID: 0-2894404615
  • Opcode ID: 7a28b307d209d353ed81fcad0ae7abf55cec7daea982d0ee4566051b647964b8
  • Instruction ID: 307998e14e266ecc5882d0187d836a95458ef7ed694de8b39ab14c7f33aae0c7
  • Opcode Fuzzy Hash: 7a28b307d209d353ed81fcad0ae7abf55cec7daea982d0ee4566051b647964b8
  • Instruction Fuzzy Hash: E681AF32A19B9882DB109B14E4843AEB766F795BC4F589126DFCD07B68DF7CC485DB00
Strings
  • heapBitsSetType: unexpected shiftmin must be a non-zero power of 2misrounded allocation in sysAllocreflect.nameFrom: name too long: reflect: Field index out of rangereflect: NumOut of non-func type reflect: array index out of rangereflect: chanDir of non-chan , xrefs: 00FD4F8E
  • runtime: invalid type runtime: netpoll failedruntime: s.allocCount= s.allocCount > s.nelemsschedule: holding locksshrinkstack at bad timespan has no free stacksstack growth after forksyntax error in patternsystem huge page size (work.nwait > work.nproc1164153, xrefs: 00FD4FCF
  • -, xrefs: 00FD501B
  • heapBitsSetType: called with non-pointer typereflect: internal error: invalid method indexreflect: nil type passed to Type.AssignableToruntime.minit: duplicatehandle failed; errno=runtime: CreateWaitableTimerEx failed; errno=runtime: failed mSpanList.remove sp, xrefs: 00FD5010
Memory Dump Source
  • Source File: 00000000.00000002.2124398066.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
  • Associated: 00000000.00000002.2124322813.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124524807.000000000106C000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124663432.0000000001119000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124706630.000000000111D000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124743435.000000000111E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124784032.000000000111F000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124824878.0000000001128000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124851517.0000000001129000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000112D000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000115A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001175000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.0000000001178000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.000000000119F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125192678.00000000011F9000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125246417.00000000011FA000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_fc0000_main.jbxd
Similarity
  • API ID:
  • String ID: -$heapBitsSetType: called with non-pointer typereflect: internal error: invalid method indexreflect: nil type passed to Type.AssignableToruntime.minit: duplicatehandle failed; errno=runtime: CreateWaitableTimerEx failed; errno=runtime: failed mSpanList.remove sp$heapBitsSetType: unexpected shiftmin must be a non-zero power of 2misrounded allocation in sysAllocreflect.nameFrom: name too long: reflect: Field index out of rangereflect: NumOut of non-func type reflect: array index out of rangereflect: chanDir of non-chan $runtime: invalid type runtime: netpoll failedruntime: s.allocCount= s.allocCount > s.nelemsschedule: holding locksshrinkstack at bad timespan has no free stacksstack growth after forksyntax error in patternsystem huge page size (work.nwait > work.nproc1164153
  • API String ID: 0-3559874392
  • Opcode ID: 12fee3cb3190c41a71446637e3440d39d04bae5a6a884779b51dc9e958f40a1b
  • Instruction ID: c929673eecb7b8c26cf05eadad44b04a7481d34b7f869f0d9fb0b23dd246f61b
  • Opcode Fuzzy Hash: 12fee3cb3190c41a71446637e3440d39d04bae5a6a884779b51dc9e958f40a1b
  • Instruction Fuzzy Hash: E252CF73608BD482DB21CB56E4503AABBA6F39ABD0F488126DBDD43B58CB7CD551DB00
Strings
  • ", xrefs: 00FFBB82
  • forEachP: sched.safePointWait != 0mspan.ensureSwept: m is not lockedout of memory allocating allArenasreflect.FuncOf: too many argumentsreflect: ChanDir of non-chan type reflect: Field index out of boundsreflect: Field of non-struct type reflect: Method index , xrefs: 00FFBB77
  • forEachP: P did not run fnfreedefer with d.fn != nilinitSpan: unaligned lengthinvalid request descriptorname not unique on networkno CSI structure availableno message of desired typenotewakeup - double wakeupout of memory (stackalloc)persistentalloc: size == 0, xrefs: 00FFBB45
  • forEachP: not donegarbage collectionidentifier removedindex out of rangeinput/output errormultihop attemptedno child processesno locks availableoperation canceledreflect.Value.Elemreflect.Value.Typereflect.Value.Uintreflect: Zero(nil)runtime.semacreateruntime., xrefs: 00FFBB5E
Memory Dump Source
  • Source File: 00000000.00000002.2124398066.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
  • Associated: 00000000.00000002.2124322813.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124524807.000000000106C000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124663432.0000000001119000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124706630.000000000111D000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124743435.000000000111E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124784032.000000000111F000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124824878.0000000001128000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124851517.0000000001129000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000112D000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000115A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001175000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.0000000001178000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.000000000119F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125192678.00000000011F9000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125246417.00000000011FA000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_fc0000_main.jbxd
Similarity
  • API ID:
  • String ID: "$forEachP: P did not run fnfreedefer with d.fn != nilinitSpan: unaligned lengthinvalid request descriptorname not unique on networkno CSI structure availableno message of desired typenotewakeup - double wakeupout of memory (stackalloc)persistentalloc: size == 0$forEachP: not donegarbage collectionidentifier removedindex out of rangeinput/output errormultihop attemptedno child processesno locks availableoperation canceledreflect.Value.Elemreflect.Value.Typereflect.Value.Uintreflect: Zero(nil)runtime.semacreateruntime.$forEachP: sched.safePointWait != 0mspan.ensureSwept: m is not lockedout of memory allocating allArenasreflect.FuncOf: too many argumentsreflect: ChanDir of non-chan type reflect: Field index out of boundsreflect: Field of non-struct type reflect: Method index
  • API String ID: 0-483995264
  • Opcode ID: 8be08e31cdfc22500991172fe6f751643cd580f961b5683fa49868a1d2a85283
  • Instruction ID: 3f2b44b04efdb2f86bba93e5bdf2c7c04bf6e267b9beb569d108f381cb195d10
  • Opcode Fuzzy Hash: 8be08e31cdfc22500991172fe6f751643cd580f961b5683fa49868a1d2a85283
  • Instruction Fuzzy Hash: FBA16736609B49CADB148F15E4803B9B3B4FB89B94F649126DB8D47778DF78C092EB40
Strings
  • unreachableuserenv.dll KiB total, [recovered] allocCount found at *( gcscandone m->gsignal= minTrigger= nDataRoots= nSpanRoots= pages/byte preemptoff= s.elemsize= s.sweepgen= span.limit= span.state= sysmonwait= wbuf1=<nil> wbuf2=<nil>) p->status=-byte limi, xrefs: 00FC552E
  • G waiting list is corruptedaddress not a stack addresschannel number out of rangecommunication error on sendcould not find QPC syscallsgcstopm: not waiting for gcgrowslice: cap out of rangeinternal lockOSThread errorinvalid profile bucket typekey was rejected , xrefs: 00FC54CD
  • chansend: spurious wakeupcheckdead: no m for timerinconsistent poll.fdMutexinvalid cross-device linkmissing stack in newstackmissing traceGCSweepStartno buffer space availableno such device or addressoperation now in progressreflect: Bits of nil Typereleasep: , xrefs: 00FC5498
Memory Dump Source
  • Source File: 00000000.00000002.2124398066.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
  • Associated: 00000000.00000002.2124322813.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124524807.000000000106C000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124663432.0000000001119000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124706630.000000000111D000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124743435.000000000111E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124784032.000000000111F000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124824878.0000000001128000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124851517.0000000001129000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000112D000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000115A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001175000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.0000000001178000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.000000000119F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125192678.00000000011F9000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125246417.00000000011FA000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_fc0000_main.jbxd
Similarity
  • API ID:
  • String ID: G waiting list is corruptedaddress not a stack addresschannel number out of rangecommunication error on sendcould not find QPC syscallsgcstopm: not waiting for gcgrowslice: cap out of rangeinternal lockOSThread errorinvalid profile bucket typekey was rejected $chansend: spurious wakeupcheckdead: no m for timerinconsistent poll.fdMutexinvalid cross-device linkmissing stack in newstackmissing traceGCSweepStartno buffer space availableno such device or addressoperation now in progressreflect: Bits of nil Typereleasep: $unreachableuserenv.dll KiB total, [recovered] allocCount found at *( gcscandone m->gsignal= minTrigger= nDataRoots= nSpanRoots= pages/byte preemptoff= s.elemsize= s.sweepgen= span.limit= span.state= sysmonwait= wbuf1=<nil> wbuf2=<nil>) p->status=-byte limi
  • API String ID: 0-1999833455
  • Opcode ID: 8a849e2f6a4ac055a436269b16c54d20683c8efb1f40f1a3b8be4e0f34faa3d1
  • Instruction ID: dd395e316c1d31bf1d7c2711ee0fee3291c703bef1504eda07371214a77b72ee
  • Opcode Fuzzy Hash: 8a849e2f6a4ac055a436269b16c54d20683c8efb1f40f1a3b8be4e0f34faa3d1
  • Instruction Fuzzy Hash: BC02D132609F81C5DB10CF21E5857AEB7A5F795BA4F948229DADC07BA8CF78C484E740
Strings
  • unreachableuserenv.dll KiB total, [recovered] allocCount found at *( gcscandone m->gsignal= minTrigger= nDataRoots= nSpanRoots= pages/byte preemptoff= s.elemsize= s.sweepgen= span.limit= span.state= sysmonwait= wbuf1=<nil> wbuf2=<nil>) p->status=-byte limi, xrefs: 00FC63CC
  • G waiting list is corruptedaddress not a stack addresschannel number out of rangecommunication error on sendcould not find QPC syscallsgcstopm: not waiting for gcgrowslice: cap out of rangeinternal lockOSThread errorinvalid profile bucket typekey was rejected , xrefs: 00FC6397
Memory Dump Source
  • Source File: 00000000.00000002.2124398066.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
  • Associated: 00000000.00000002.2124322813.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124524807.000000000106C000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124663432.0000000001119000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124706630.000000000111D000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124743435.000000000111E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124784032.000000000111F000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124824878.0000000001128000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124851517.0000000001129000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000112D000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000115A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001175000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.0000000001178000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.000000000119F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125192678.00000000011F9000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125246417.00000000011FA000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_fc0000_main.jbxd
Similarity
  • API ID:
  • String ID: G waiting list is corruptedaddress not a stack addresschannel number out of rangecommunication error on sendcould not find QPC syscallsgcstopm: not waiting for gcgrowslice: cap out of rangeinternal lockOSThread errorinvalid profile bucket typekey was rejected $unreachableuserenv.dll KiB total, [recovered] allocCount found at *( gcscandone m->gsignal= minTrigger= nDataRoots= nSpanRoots= pages/byte preemptoff= s.elemsize= s.sweepgen= span.limit= span.state= sysmonwait= wbuf1=<nil> wbuf2=<nil>) p->status=-byte limi
  • API String ID: 0-4176450806
  • Opcode ID: d26d4a1881309c6128bc7349d5c1f5acd2f12182bf2a00ba16a6dc6d8c548ec1
  • Instruction ID: c015bedf2c6dcc86e350d379d45d25694f6afde2e0dbe4674e32c3953504bcb3
  • Opcode Fuzzy Hash: d26d4a1881309c6128bc7349d5c1f5acd2f12182bf2a00ba16a6dc6d8c548ec1
  • Instruction Fuzzy Hash: 7412AD32608B81C9DB60CB21F5857AEBBA1F795B94F588029DACC47B69CF7DC088D740
Strings
  • (, xrefs: 00FD3B3E
  • bulkBarrierPreWrite: unaligned argumentscannot free workbufs when work.full != 0refill of span with free space remainingreflect.Value.SetBytes of non-byte slicereflect.Value.setRunes of non-rune slicereflect: FieldByName of non-struct type runtime.SetFinalizer, xrefs: 00FD3B33
Memory Dump Source
  • Source File: 00000000.00000002.2124398066.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
  • Associated: 00000000.00000002.2124322813.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124524807.000000000106C000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124663432.0000000001119000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124706630.000000000111D000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124743435.000000000111E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124784032.000000000111F000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124824878.0000000001128000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124851517.0000000001129000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000112D000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000115A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001175000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.0000000001178000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.000000000119F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125192678.00000000011F9000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125246417.00000000011FA000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_fc0000_main.jbxd
Similarity
  • API ID:
  • String ID: ($bulkBarrierPreWrite: unaligned argumentscannot free workbufs when work.full != 0refill of span with free space remainingreflect.Value.SetBytes of non-byte slicereflect.Value.setRunes of non-rune slicereflect: FieldByName of non-struct type runtime.SetFinalizer
  • API String ID: 0-4163640391
  • Opcode ID: ffbc0cf3c5c655ec29622ef4f57e17b4f52e8cfdef871507873da5d4b1e91a3e
  • Instruction ID: 24d843df24360654a21ae4cd9fd112e0f6774b9a5303898de854cb5909895d35
  • Opcode Fuzzy Hash: ffbc0cf3c5c655ec29622ef4f57e17b4f52e8cfdef871507873da5d4b1e91a3e
  • Instruction Fuzzy Hash: 5FC16F77619B84C6D710CF25E44039AB7A2F389BA0F58822BEB9D53798CF38C551DB41
Strings
  • ., xrefs: 00FE0DB5
  • released less than one physical page of memoryruntime: failed to create new OS thread (have runtime: name offset base pointer out of rangeruntime: panic before malloc heap initializedruntime: text offset base pointer out of rangeruntime: type offset base poin, xrefs: 00FE0DAA
Memory Dump Source
  • Source File: 00000000.00000002.2124398066.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
  • Associated: 00000000.00000002.2124322813.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124524807.000000000106C000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124663432.0000000001119000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124706630.000000000111D000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124743435.000000000111E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124784032.000000000111F000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124824878.0000000001128000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124851517.0000000001129000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000112D000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000115A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001175000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.0000000001178000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.000000000119F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125192678.00000000011F9000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125246417.00000000011FA000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_fc0000_main.jbxd
Similarity
  • API ID:
  • String ID: .$released less than one physical page of memoryruntime: failed to create new OS thread (have runtime: name offset base pointer out of rangeruntime: panic before malloc heap initializedruntime: text offset base pointer out of rangeruntime: type offset base poin
  • API String ID: 0-223345315
  • Opcode ID: 002fac27896ed35935f6523e06aa0e50a7bf45bd949de9423a3f05d9aa2da7e6
  • Instruction ID: a022f94845a79a81834d4d0d7897e0c17f59004d005d46d1e30433dcddc450f6
  • Opcode Fuzzy Hash: 002fac27896ed35935f6523e06aa0e50a7bf45bd949de9423a3f05d9aa2da7e6
  • Instruction Fuzzy Hash: B6715E32519F8585D606DF25F8903AAB375FB96780F609312EACE26725EF78C0D6DB00
Strings
  • scanobject n == 0select (no cases)stack: frame={sp:swept cached spanthread exhaustionunknown caller pcwait for GC cyclewrong medium type but memory size because dotdotdot to non-Go memory , locked to thread298023223876953125Arab Standard TimeCaucasian_Albani, xrefs: 00FDF930
Memory Dump Source
  • Source File: 00000000.00000002.2124398066.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
  • Associated: 00000000.00000002.2124322813.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124524807.000000000106C000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124663432.0000000001119000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124706630.000000000111D000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124743435.000000000111E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124784032.000000000111F000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124824878.0000000001128000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124851517.0000000001129000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000112D000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000115A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001175000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.0000000001178000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.000000000119F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125192678.00000000011F9000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125246417.00000000011FA000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_fc0000_main.jbxd
Similarity
  • API ID:
  • String ID: scanobject n == 0select (no cases)stack: frame={sp:swept cached spanthread exhaustionunknown caller pcwait for GC cyclewrong medium type but memory size because dotdotdot to non-Go memory , locked to thread298023223876953125Arab Standard TimeCaucasian_Albani
  • API String ID: 0-3969401349
  • Opcode ID: b49d423777e96be998e3a76fd0c8f0474147d6cf628768514685f37c2597c550
  • Instruction ID: 1174078121281dd371894d815534854648f09f7d4498bbdea9aa680edf55ffd2
  • Opcode Fuzzy Hash: b49d423777e96be998e3a76fd0c8f0474147d6cf628768514685f37c2597c550
  • Instruction Fuzzy Hash: DA916B77A18B8586CB608F15E44079AB7A6F389B94F588427EFCE43B19CF78C448DB40
Strings
  • string concatenation too longsyntax error scanning booleantimeBegin/EndPeriod not foundtoo many open files in system (types from different scopes) in prepareForSweep; sweepgen locals stack map entries for 227373675443232059478759765625Central European Standar, xrefs: 0100CEF9
Memory Dump Source
  • Source File: 00000000.00000002.2124398066.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
  • Associated: 00000000.00000002.2124322813.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124524807.000000000106C000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124663432.0000000001119000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124706630.000000000111D000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124743435.000000000111E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124784032.000000000111F000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124824878.0000000001128000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124851517.0000000001129000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000112D000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000115A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001175000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.0000000001178000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.000000000119F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125192678.00000000011F9000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125246417.00000000011FA000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_fc0000_main.jbxd
Similarity
  • API ID:
  • String ID: string concatenation too longsyntax error scanning booleantimeBegin/EndPeriod not foundtoo many open files in system (types from different scopes) in prepareForSweep; sweepgen locals stack map entries for 227373675443232059478759765625Central European Standar
  • API String ID: 0-538685461
  • Opcode ID: 709b79211e9d780d33848fa5755f06e720f4cc2bca6908c34bb6747c5d125971
  • Instruction ID: 061368afc1f89ab547a919bda44505e1ba585c2b854d5826d0bd27a74372f61a
  • Opcode Fuzzy Hash: 709b79211e9d780d33848fa5755f06e720f4cc2bca6908c34bb6747c5d125971
  • Instruction Fuzzy Hash: BF618732708BC481EA618B16F6803AAB7A1F789BC0F449666DFCD47B58CF38C495CB00
Memory Dump Source
  • Source File: 00000000.00000002.2124398066.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
  • Associated: 00000000.00000002.2124322813.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124524807.000000000106C000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124663432.0000000001119000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124706630.000000000111D000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124743435.000000000111E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124784032.000000000111F000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124824878.0000000001128000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124851517.0000000001129000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000112D000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000115A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001175000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.0000000001178000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.000000000119F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125192678.00000000011F9000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125246417.00000000011FA000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_fc0000_main.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: 59a64bd8db48cf6176e18a91482dccba9c6892559c4a294e2d90ab76792085cd
  • Instruction ID: d91eb31f9b74af73208f9e4049806b1684bfa78de45099e90539162726e41c46
  • Opcode Fuzzy Hash: 59a64bd8db48cf6176e18a91482dccba9c6892559c4a294e2d90ab76792085cd
  • Instruction Fuzzy Hash: AEC11432219B8886DB159F64F840379BBA5FB45BD0F859015EB8E53B79EF78C580EB00
Memory Dump Source
  • Source File: 00000000.00000002.2124398066.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
  • Associated: 00000000.00000002.2124322813.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124524807.000000000106C000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124663432.0000000001119000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124706630.000000000111D000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124743435.000000000111E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124784032.000000000111F000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124824878.0000000001128000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124851517.0000000001129000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000112D000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000115A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001175000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.0000000001178000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.000000000119F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125192678.00000000011F9000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125246417.00000000011FA000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_fc0000_main.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: 6882f75c3ac4995b582bd356fd8fa366e90df0b2f0f9249f816d6b57dc9c3770
  • Instruction ID: ce9559beb02b30eedbdc4b715774e0b9876bc6e01a8b2b1fc12558ee019f062c
  • Opcode Fuzzy Hash: 6882f75c3ac4995b582bd356fd8fa366e90df0b2f0f9249f816d6b57dc9c3770
  • Instruction Fuzzy Hash: 65A1E032A09F42C4DB14CB11E5817AE73A1F798FA4F689529CA8D03B58DF79D4C6E740
Memory Dump Source
  • Source File: 00000000.00000002.2124398066.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
  • Associated: 00000000.00000002.2124322813.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124524807.000000000106C000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124663432.0000000001119000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124706630.000000000111D000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124743435.000000000111E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124784032.000000000111F000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124824878.0000000001128000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124851517.0000000001129000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000112D000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000115A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001175000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.0000000001178000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.000000000119F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125192678.00000000011F9000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125246417.00000000011FA000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_fc0000_main.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: d9bc343eb104bf847d33cacfb0b5b916e2bd8d167b8c1df6d2a0f5def620bfc4
  • Instruction ID: 5f8432f923fdac2cff5712266587d6668118f49ef71d87460dcb933d0ca585b7
  • Opcode Fuzzy Hash: d9bc343eb104bf847d33cacfb0b5b916e2bd8d167b8c1df6d2a0f5def620bfc4
  • Instruction Fuzzy Hash: 2991D236618B8582DB10CF15F4803AAB7A4F789B94F545626EBDE43BA9CF7CC095CB40
Memory Dump Source
  • Source File: 00000000.00000002.2124398066.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
  • Associated: 00000000.00000002.2124322813.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124524807.000000000106C000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124663432.0000000001119000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124706630.000000000111D000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124743435.000000000111E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124784032.000000000111F000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124824878.0000000001128000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124851517.0000000001129000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000112D000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000115A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001175000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.0000000001178000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.000000000119F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125192678.00000000011F9000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125246417.00000000011FA000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_fc0000_main.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: 649f828033e25555279ad32077ea41055e93d138f5311c1d91e7404e1d0172a4
  • Instruction ID: c000d2c747ad17cd98583225cf90ae99d1bee27a64441a7b137b324b2a31a602
  • Opcode Fuzzy Hash: 649f828033e25555279ad32077ea41055e93d138f5311c1d91e7404e1d0172a4
  • Instruction Fuzzy Hash: B6619D73B14B8582DB009F16E4803A9B7A2FB95BC0F485536EA9E03B99DF7CC192D741
Memory Dump Source
  • Source File: 00000000.00000002.2124398066.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
  • Associated: 00000000.00000002.2124322813.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124524807.000000000106C000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124663432.0000000001119000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124706630.000000000111D000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124743435.000000000111E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124784032.000000000111F000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124824878.0000000001128000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124851517.0000000001129000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000112D000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000115A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001175000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.0000000001178000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.000000000119F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125192678.00000000011F9000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125246417.00000000011FA000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_fc0000_main.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: 5673bed24c491b794df659737f793676974e6440121cad3ceb3bfc4d8d3f0346
  • Instruction ID: d8e524e6fd09d0266453eddca1eb0e2d65e19d2312ca2a7bfb6d4dcdd42762e9
  • Opcode Fuzzy Hash: 5673bed24c491b794df659737f793676974e6440121cad3ceb3bfc4d8d3f0346
  • Instruction Fuzzy Hash: 00916C32518BC0C5D710CB21E8943F93BA2FBA5B08FDAD2B6C28963750DBB981C9D701
Memory Dump Source
  • Source File: 00000000.00000002.2124398066.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
  • Associated: 00000000.00000002.2124322813.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124524807.000000000106C000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124663432.0000000001119000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124706630.000000000111D000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124743435.000000000111E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124784032.000000000111F000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124824878.0000000001128000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124851517.0000000001129000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000112D000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000115A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001175000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.0000000001178000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.000000000119F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125192678.00000000011F9000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125246417.00000000011FA000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_fc0000_main.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: 3c7ec844ada5efdbe75ecc9501a188a208f4a18364c40dfd0a85eed4276052cf
  • Instruction ID: 461bd880cc5532c23c531ce2cf69cad5c23cf1dbb34e02a93057b7c0b05cc30f
  • Opcode Fuzzy Hash: 3c7ec844ada5efdbe75ecc9501a188a208f4a18364c40dfd0a85eed4276052cf
  • Instruction Fuzzy Hash: F571CF73A04B92C6D724DF11E541B9DB772F388B94F885126CF8917B55CB38C89AE740
Memory Dump Source
  • Source File: 00000000.00000002.2124398066.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
  • Associated: 00000000.00000002.2124322813.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124524807.000000000106C000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124663432.0000000001119000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124706630.000000000111D000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124743435.000000000111E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124784032.000000000111F000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124824878.0000000001128000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124851517.0000000001129000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000112D000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000115A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001175000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.0000000001178000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.000000000119F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125192678.00000000011F9000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125246417.00000000011FA000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_fc0000_main.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: c2af4666f709a6f9f340ac424075734e029c4bf863475456e23fc41953647645
  • Instruction ID: 5f1ba15e18a2240bf26d47964aa0926b0f0c9224cf6c8da6d36d5095f2a49b97
  • Opcode Fuzzy Hash: c2af4666f709a6f9f340ac424075734e029c4bf863475456e23fc41953647645
  • Instruction Fuzzy Hash: 755106A2B18E44409E08CB6DF9A2279A225E3C9BD4B48B527DF1F877E5DE3CD241D300
Memory Dump Source
  • Source File: 00000000.00000002.2124398066.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
  • Associated: 00000000.00000002.2124322813.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124524807.000000000106C000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124663432.0000000001119000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124706630.000000000111D000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124743435.000000000111E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124784032.000000000111F000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124824878.0000000001128000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124851517.0000000001129000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000112D000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000115A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001175000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.0000000001178000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.000000000119F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125192678.00000000011F9000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125246417.00000000011FA000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_fc0000_main.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: 784a6d67f74b5f14802ba626e91c1e4a7f46947ca65b2fdd66c83bbe15a9e14b
  • Instruction ID: dba6b2a5007c284cf7a93e29a148ef2b08546306ee8ca9c83f53f0bc08d61a67
  • Opcode Fuzzy Hash: 784a6d67f74b5f14802ba626e91c1e4a7f46947ca65b2fdd66c83bbe15a9e14b
  • Instruction Fuzzy Hash: 6D4192B3718B9182DB04CB15E490369BB62F798BD0F489126EBCE47B69DB3CC155C700
Memory Dump Source
  • Source File: 00000000.00000002.2124398066.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
  • Associated: 00000000.00000002.2124322813.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124524807.000000000106C000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124663432.0000000001119000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124706630.000000000111D000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124743435.000000000111E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124784032.000000000111F000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124824878.0000000001128000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124851517.0000000001129000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000112D000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000115A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001175000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.0000000001178000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.000000000119F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125192678.00000000011F9000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125246417.00000000011FA000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_fc0000_main.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: 8921dfb6d5a15b931c270bed33cc1afb1ca4362dc7bc12ff4dd3402fea554da7
  • Instruction ID: d7bd7796e7c2209b79b0d7415d70fe1c261c76b6015ce8f14203a3be2a49bcb5
  • Opcode Fuzzy Hash: 8921dfb6d5a15b931c270bed33cc1afb1ca4362dc7bc12ff4dd3402fea554da7
  • Instruction Fuzzy Hash: 55312AB2914B454BC607DB3A904035AE216FF957D0F58C332EE1A37B85D734E0D28700
Memory Dump Source
  • Source File: 00000000.00000002.2124398066.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
  • Associated: 00000000.00000002.2124322813.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124524807.000000000106C000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124663432.0000000001119000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124706630.000000000111D000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124743435.000000000111E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124784032.000000000111F000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124824878.0000000001128000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124851517.0000000001129000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000112D000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000115A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001175000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.0000000001178000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.000000000119F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125192678.00000000011F9000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125246417.00000000011FA000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_fc0000_main.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: d4957dac4d43d8cbda03923da418d145e84389cae035a5e38d6c5c782a0e7bc2
  • Instruction ID: 32bcef2ef0fc52018b8fa9a7d622c93ec3e57644f54157795965b917cdc0f8f2
  • Opcode Fuzzy Hash: d4957dac4d43d8cbda03923da418d145e84389cae035a5e38d6c5c782a0e7bc2
  • Instruction Fuzzy Hash: 38214C32A18B8586EB54CB14F49036AB7A0F7947A4F245215E7ED43B69DF7CC191CB40
Memory Dump Source
  • Source File: 00000000.00000002.2124398066.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
  • Associated: 00000000.00000002.2124322813.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124524807.000000000106C000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124663432.0000000001119000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124706630.000000000111D000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124743435.000000000111E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124784032.000000000111F000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124824878.0000000001128000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124851517.0000000001129000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000112D000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000115A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001175000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.0000000001178000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.000000000119F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125192678.00000000011F9000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125246417.00000000011FA000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_fc0000_main.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: bd65ba664d19b85fc1a927b2e291319a12e69737491adabc8c95cca888ac4f7c
  • Instruction ID: 2b7892560633de72e35ff88e0467514ed8c2081d079c3ea6c4e030d2c23babbc
  • Opcode Fuzzy Hash: bd65ba664d19b85fc1a927b2e291319a12e69737491adabc8c95cca888ac4f7c
  • Instruction Fuzzy Hash: F721BB32209B85D8EB519F11F89039977B8F788B84F448456DACD477A6CF7CC2A6CB50
Memory Dump Source
  • Source File: 00000000.00000002.2124398066.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
  • Associated: 00000000.00000002.2124322813.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124524807.000000000106C000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124663432.0000000001119000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124706630.000000000111D000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124743435.000000000111E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124784032.000000000111F000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124824878.0000000001128000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124851517.0000000001129000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000112D000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000115A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001175000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.0000000001178000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.000000000119F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125192678.00000000011F9000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125246417.00000000011FA000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_fc0000_main.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: 8eb29548ac85362e57947344ebdc76a866a1a001b3d5189ef350458022afd5fe
  • Instruction ID: 4471d4f71a25c4160ce5a319222c138dd5a7fd8c23dd187948f03f22bc58d7e4
  • Opcode Fuzzy Hash: 8eb29548ac85362e57947344ebdc76a866a1a001b3d5189ef350458022afd5fe
  • Instruction Fuzzy Hash: F1C02BF0E09BB82DFB124300B9003C8BED58B0D3C4E60C4D0D2CC81316F52C41805200
Strings
  • LoadLibr, xrefs: 00FF056D
  • winmm.dll not found markroot jobs done to unallocated span37252902984619140625Arabic Standard TimeAzores Standard TimeCertOpenSystemStoreWCreateProcessAsUserWCryptAcquireContextWEgyptian_HieroglyphsGetAcceptExSockaddrsGetAdaptersAddressesGetCurrentDirectoryWG, xrefs: 00FF0B08
  • eObject, xrefs: 00FF073C
  • Continue, xrefs: 00FF0497
  • version, xrefs: 00FF09AD
  • i32.dll, xrefs: 00FF0617
  • dResult, xrefs: 00FF092D
  • ntdll.dl, xrefs: 00FF06CD
  • dPeriod, xrefs: 00FF084D
  • ws2_32.dll not found of unexported method previous allocCount=, levelBits[level] = 186264514923095703125931322574615478515625AdjustTokenPrivilegesAlaskan Standard TimeAnatolian_HieroglyphsArabian Standard TimeBelarus Standard TimeCentral Standard TimeEastern S, xrefs: 00FF0AD6
  • l32.dll, xrefs: 00FF03D0
  • l, xrefs: 00FF06DC
  • winmm.dl, xrefs: 00FF078F
  • advapi32.dll not foundargument list too longassembly checks failedbad g->status in readybad sweepgen in refillcall not at safe pointcannot allocate memoryduplicated defer entryfreeIndex is not validgetenv before env initheadTailIndex overflowinteger divide by , xrefs: 00FF0B3E
  • kernel32.dll not foundminpc or maxpc invalidnetwork is unreachablenon-Go function at pc=oldoverflow is not nilprotocol not availableprotocol not supportedremote address changedruntime.main not on m0runtime: work.nwait = runtime:scanstack: gp=s.freeindex > s.ne, xrefs: 00FF0B57
  • raryExW, xrefs: 00FF057F
  • wine_get, xrefs: 00FF0989
  • SystemFu, xrefs: 00FF0654
  • _32.dll, xrefs: 00FF08C5
  • timeBegin/EndPeriod not foundtoo many open files in system (types from different scopes) in prepareForSweep; sweepgen locals stack map entries for 227373675443232059478759765625Central European Standard TimeCentral Standard Time (Mexico)E. South America Stand, xrefs: 00FF0AEF
  • WSAGetOverlappedResult not found" not supported for cpu option "bufio: invalid use of UnreadBytebufio: invalid use of UnreadRunebufio: tried to fill full bufferend outside usable address spacenumerical argument out of domainpanic while printing panic valuerefl, xrefs: 00FF0ABD
  • ForSingl, xrefs: 00FF072A
  • WSAGetOv, xrefs: 00FF0909
  • redConti, xrefs: 00FF0485
  • raryExA, xrefs: 00FF0513
  • kernel32, xrefs: 00FF03C1
  • LoadLibr, xrefs: 00FF0501
  • timeEndP, xrefs: 00FF083E
  • , xrefs: 00FF0AC8
  • AddDllDi, xrefs: 00FF040E
  • tion036, xrefs: 00FF0678
  • stemFunc, xrefs: 00FF0666
  • NtWaitFo, xrefs: 00FF0718
  • l, xrefs: 00FF079E
  • Handler, xrefs: 00FF04A9
  • AddVecto, xrefs: 00FF0473
  • ine_get_, xrefs: 00FF099B
  • advapi32, xrefs: 00FF0608
  • rectory, xrefs: 00FF0420
  • timeBegi, xrefs: 00FF07D8
  • ws2_32.d, xrefs: 00FF08B6
  • ntdll.dll not foundnwait > work.nprocspanic during mallocpanic during panicpanic holding lockspanicwrap: no ( in panicwrap: no ) in reflect.Value.Fieldreflect.Value.Floatreflect.Value.Indexreflect.Value.IsNilreflect.Value.Sliceruntime: g0 stack [runtime: pcda, xrefs: 00FF0B25
  • verlappe, xrefs: 00FF091B
  • nPeriod, xrefs: 00FF07EA
Memory Dump Source
  • Source File: 00000000.00000002.2124398066.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
  • Associated: 00000000.00000002.2124322813.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124524807.000000000106C000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124663432.0000000001119000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124706630.000000000111D000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124743435.000000000111E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124784032.000000000111F000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124824878.0000000001128000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124851517.0000000001129000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000112D000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000115A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001175000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.0000000001178000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.000000000119F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125192678.00000000011F9000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125246417.00000000011FA000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_fc0000_main.jbxd
Similarity
  • API ID:
  • String ID: $AddDllDi$AddVecto$Continue$ForSingl$Handler$LoadLibr$LoadLibr$NtWaitFo$SystemFu$WSAGetOv$WSAGetOverlappedResult not found" not supported for cpu option "bufio: invalid use of UnreadBytebufio: invalid use of UnreadRunebufio: tried to fill full bufferend outside usable address spacenumerical argument out of domainpanic while printing panic valuerefl$_32.dll$advapi32$advapi32.dll not foundargument list too longassembly checks failedbad g->status in readybad sweepgen in refillcall not at safe pointcannot allocate memoryduplicated defer entryfreeIndex is not validgetenv before env initheadTailIndex overflowinteger divide by $dPeriod$dResult$eObject$i32.dll$ine_get_$kernel32$kernel32.dll not foundminpc or maxpc invalidnetwork is unreachablenon-Go function at pc=oldoverflow is not nilprotocol not availableprotocol not supportedremote address changedruntime.main not on m0runtime: work.nwait = runtime:scanstack: gp=s.freeindex > s.ne$l$l$l32.dll$nPeriod$ntdll.dl$ntdll.dll not foundnwait > work.nprocspanic during mallocpanic during panicpanic holding lockspanicwrap: no ( in panicwrap: no ) in reflect.Value.Fieldreflect.Value.Floatreflect.Value.Indexreflect.Value.IsNilreflect.Value.Sliceruntime: g0 stack [runtime: pcda$raryExA$raryExW$rectory$redConti$stemFunc$timeBegi$timeBegin/EndPeriod not foundtoo many open files in system (types from different scopes) in prepareForSweep; sweepgen locals stack map entries for 227373675443232059478759765625Central European Standard TimeCentral Standard Time (Mexico)E. South America Stand$timeEndP$tion036$verlappe$version$wine_get$winmm.dl$winmm.dll not found markroot jobs done to unallocated span37252902984619140625Arabic Standard TimeAzores Standard TimeCertOpenSystemStoreWCreateProcessAsUserWCryptAcquireContextWEgyptian_HieroglyphsGetAcceptExSockaddrsGetAdaptersAddressesGetCurrentDirectoryWG$ws2_32.d$ws2_32.dll not found of unexported method previous allocCount=, levelBits[level] = 186264514923095703125931322574615478515625AdjustTokenPrivilegesAlaskan Standard TimeAnatolian_HieroglyphsArabian Standard TimeBelarus Standard TimeCentral Standard TimeEastern S
  • API String ID: 0-3047746292
  • Opcode ID: a72328134450d004753afdfe601a63c58211928ede7d63ee23669cb6bf608577
  • Instruction ID: a6308a9ba4fd5865cf984363513e365b86a888b352de9676b933b22bee07f94d
  • Opcode Fuzzy Hash: a72328134450d004753afdfe601a63c58211928ede7d63ee23669cb6bf608577
  • Instruction Fuzzy Hash: D502E43210AF8985DB60DB01F8843AAB7A5FB84784F508529E7CD47B6ADFBCC194DB44
Strings
  • SCHED StringSyriacTai_LeTangutTeluguThaanaType: UTC+12UTC+13UTC-02UTC-08UTC-09UTC-11WanchoYezidi[]bytechan<-efencego1.16listenobjectpopcntselectsocketstringstructsweep sysmontimersuint16uint32uint64 (scan (scan) MB in Value> allocs dying= locks= m->g0= nmsys, xrefs: 01004146
  • threads= u_a/u_g= unmarked wbuf1.n= wbuf2.n=(unknown), newval=, oldval=, size = , tail = 244140625: status=Bassa_VahBhaiksukiCuneiformDiacriticFindCloseHex_DigitInheritedInterfaceKhudawadiLocalFreeMalayalamMongolianMoveFileWNabataeanPalmyreneSamaritanSundanes, xrefs: 010041E6
  • spinningthreads=, p.searchAddr = 0123456789ABCDEFX0123456789abcdefx1192092895507812559604644775390625: missing method DnsRecordListFreeFLE Standard TimeGC assist markingGMT Standard TimeGTB Standard TimeGetCurrentProcessGetShortPathNameWLookupAccountSidWOld_N, xrefs: 01004210
  • ms: gomaxprocs=network is downno medium foundno such processrecovery failedruntime error: runtime: frame runtime: max = runtime: min = runtimer: bad pscan missed a gstartm: m has pstopm holding p already; errno= mheap.sweepgen= not in ranges: untyped locals ,, xrefs: 01004193
  • idlethreads= is nil, not nStackRoots= s.spanclass= span.base()= syscalltick= work.nproc= work.nwait= , gp->status=, not pointer-byte block (3814697265625CertOpenStoreFindNextFileWFreeAddrInfoWGC sweep waitGunjala_GondiMapViewOfFileMasaram_GondiMende_Kikakui, xrefs: 0100423A
  • gfreecnt= pages at runqsize= runqueue= s.base()= spinning= stopwait= sweepgen sweepgen= targetpc= throwing= until pc=, bound = , limit = /dev/stdin12207031256103515625Bad varintCancelIoExChorasmianCreatePipeDeprecatedDevanagariDnsQuery_WException GC forced, xrefs: 01004485
  • runqsize= runqueue= s.base()= spinning= stopwait= sweepgen sweepgen= targetpc= throwing= until pc=, bound = , limit = /dev/stdin12207031256103515625Bad varintCancelIoExChorasmianCreatePipeDeprecatedDevanagariDnsQuery_WException GC forcedGOMAXPROCSGetIfEntry, xrefs: 01004456
  • gcwaiting= heap_live= idleprocs= in status mallocing= ms clock, nBSSRoots= p->status= s.nelems= schedtick= span.list= timerslen=, elemsize=, npages = /dev/stderr/dev/stdout30517578125: frame.sp=CloseHandleCreateFileWDeleteFileWDives_AkuruExitProcessFreeLib, xrefs: 01004AE9
  • ]i)msnss us} G M P ) *( - < > m= n=%: +00+01+03+04+05+06+07+08+09+10+11+12+13+14-01-02-03-04-05-06-08-09-11-12125625???ADTASTBSTCATCDTCETCSTEATEDTEETEOFESTGMTHDTHSTHanIDTISTJSTKSTLaoMDTMSKMSTMroNDTNSTNaNNkoPC=PDTPKTPSTUTCVaiWAT]:adxaesavxendfinfmagc , xrefs: 0100454E
  • runqueue= s.base()= spinning= stopwait= sweepgen sweepgen= targetpc= throwing= until pc=, bound = , limit = /dev/stdin12207031256103515625Bad varintCancelIoExChorasmianCreatePipeDeprecatedDevanagariDnsQuery_WException GC forcedGOMAXPROCSGetIfEntryGetVersion, xrefs: 01004265
  • unknown wait reasonwinmm.dll not found markroot jobs done to unallocated span37252902984619140625Arabic Standard TimeAzores Standard TimeCertOpenSystemStoreWCreateProcessAsUserWCryptAcquireContextWEgyptian_HieroglyphsGetAcceptExSockaddrsGetAdaptersAddressesGe, xrefs: 01004A23
  • idleprocs= in status mallocing= ms clock, nBSSRoots= p->status= s.nelems= schedtick= span.list= timerslen=, elemsize=, npages = /dev/stderr/dev/stdout30517578125: frame.sp=CloseHandleCreateFileWDeleteFileWDives_AkuruExitProcessFreeLibraryGOTRACEBACKGetFile, xrefs: 010041BC
  • nmidlelocked= on zero Value out of range procedure in to finalizer untyped args -thread limit1907348632812595367431640625CertCloseStoreCreateProcessWCryptGenRandomFindFirstFileWFormatMessageWGC assist waitGC worker initGetConsoleModeGetProcAddressGetUserN, xrefs: 01004B16
  • sysmonwait= wbuf1=<nil> wbuf2=<nil>) p->status=-byte limit152587890625762939453125Bidi_ControlGetAddrInfoWGetConsoleCPGetLastErrorGetLengthSidGetStdHandleGetTempPathWJoin_ControlLoadLibraryWMeetei_MayekPahawh_HmongReadConsoleWRevertToSelfSetEndOfFileSora_Som, xrefs: 01004B6F
  • [\]`hms + @ P [%v(") )(), ->25: > CcCfCoCsLlLmLoLtLuMcMeMnNdNlNoPcPdPePfPiPoPsScSkSmSoYiZlZpZs")" ][]i)msnss us} G M P ) *( - < > m= n=%: +00+01+03+04+05+06+07+08+09+10+11+12+13+14-01-02-03-04-05-06-08-09-11-12125625???ADTASTBSTCATCDTCETCSTEATEDTEE, xrefs: 0100457B
  • P ) *( - < > m= n=%: +00+01+03+04+05+06+07+08+09+10+11+12+13+14-01-02-03-04-05-06-08-09-11-12125625???ADTASTBSTCATCDTCETCSTEATEDTEETEOFESTGMTHDTHSTHanIDTISTJSTKSTLaoMDTMSKMSTMroNDTNSTNaNNkoPC=PDTPKTPSTUTCVaiWAT]:adxaesavxendfinfmagc gp intip4mapnilobjpc, xrefs: 01004385
Memory Dump Source
  • Source File: 00000000.00000002.2124398066.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
  • Associated: 00000000.00000002.2124322813.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124524807.000000000106C000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124663432.0000000001119000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124706630.000000000111D000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124743435.000000000111E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124784032.000000000111F000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124824878.0000000001128000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124851517.0000000001129000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000112D000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000115A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001175000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.0000000001178000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.000000000119F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125192678.00000000011F9000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125246417.00000000011FA000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_fc0000_main.jbxd
Similarity
  • API ID:
  • String ID: P ) *( - < > m= n=%: +00+01+03+04+05+06+07+08+09+10+11+12+13+14-01-02-03-04-05-06-08-09-11-12125625???ADTASTBSTCATCDTCETCSTEATEDTEETEOFESTGMTHDTHSTHanIDTISTJSTKSTLaoMDTMSKMSTMroNDTNSTNaNNkoPC=PDTPKTPSTUTCVaiWAT]:adxaesavxendfinfmagc gp intip4mapnilobjpc$ gcwaiting= heap_live= idleprocs= in status mallocing= ms clock, nBSSRoots= p->status= s.nelems= schedtick= span.list= timerslen=, elemsize=, npages = /dev/stderr/dev/stdout30517578125: frame.sp=CloseHandleCreateFileWDeleteFileWDives_AkuruExitProcessFreeLib$ gfreecnt= pages at runqsize= runqueue= s.base()= spinning= stopwait= sweepgen sweepgen= targetpc= throwing= until pc=, bound = , limit = /dev/stdin12207031256103515625Bad varintCancelIoExChorasmianCreatePipeDeprecatedDevanagariDnsQuery_WException GC forced$ idleprocs= in status mallocing= ms clock, nBSSRoots= p->status= s.nelems= schedtick= span.list= timerslen=, elemsize=, npages = /dev/stderr/dev/stdout30517578125: frame.sp=CloseHandleCreateFileWDeleteFileWDives_AkuruExitProcessFreeLibraryGOTRACEBACKGetFile$ idlethreads= is nil, not nStackRoots= s.spanclass= span.base()= syscalltick= work.nproc= work.nwait= , gp->status=, not pointer-byte block (3814697265625CertOpenStoreFindNextFileWFreeAddrInfoWGC sweep waitGunjala_GondiMapViewOfFileMasaram_GondiMende_Kikakui$ nmidlelocked= on zero Value out of range procedure in to finalizer untyped args -thread limit1907348632812595367431640625CertCloseStoreCreateProcessWCryptGenRandomFindFirstFileWFormatMessageWGC assist waitGC worker initGetConsoleModeGetProcAddressGetUserN$ runqsize= runqueue= s.base()= spinning= stopwait= sweepgen sweepgen= targetpc= throwing= until pc=, bound = , limit = /dev/stdin12207031256103515625Bad varintCancelIoExChorasmianCreatePipeDeprecatedDevanagariDnsQuery_WException GC forcedGOMAXPROCSGetIfEntry$ runqueue= s.base()= spinning= stopwait= sweepgen sweepgen= targetpc= throwing= until pc=, bound = , limit = /dev/stdin12207031256103515625Bad varintCancelIoExChorasmianCreatePipeDeprecatedDevanagariDnsQuery_WException GC forcedGOMAXPROCSGetIfEntryGetVersion$ spinningthreads=, p.searchAddr = 0123456789ABCDEFX0123456789abcdefx1192092895507812559604644775390625: missing method DnsRecordListFreeFLE Standard TimeGC assist markingGMT Standard TimeGTB Standard TimeGetCurrentProcessGetShortPathNameWLookupAccountSidWOld_N$ sysmonwait= wbuf1=<nil> wbuf2=<nil>) p->status=-byte limit152587890625762939453125Bidi_ControlGetAddrInfoWGetConsoleCPGetLastErrorGetLengthSidGetStdHandleGetTempPathWJoin_ControlLoadLibraryWMeetei_MayekPahawh_HmongReadConsoleWRevertToSelfSetEndOfFileSora_Som$ threads= u_a/u_g= unmarked wbuf1.n= wbuf2.n=(unknown), newval=, oldval=, size = , tail = 244140625: status=Bassa_VahBhaiksukiCuneiformDiacriticFindCloseHex_DigitInheritedInterfaceKhudawadiLocalFreeMalayalamMongolianMoveFileWNabataeanPalmyreneSamaritanSundanes$SCHED StringSyriacTai_LeTangutTeluguThaanaType: UTC+12UTC+13UTC-02UTC-08UTC-09UTC-11WanchoYezidi[]bytechan<-efencego1.16listenobjectpopcntselectsocketstringstructsweep sysmontimersuint16uint32uint64 (scan (scan) MB in Value> allocs dying= locks= m->g0= nmsys$[\]`hms + @ P [%v(") )(), ->25: > CcCfCoCsLlLmLoLtLuMcMeMnNdNlNoPcPdPePfPiPoPsScSkSmSoYiZlZpZs")" ][]i)msnss us} G M P ) *( - < > m= n=%: +00+01+03+04+05+06+07+08+09+10+11+12+13+14-01-02-03-04-05-06-08-09-11-12125625???ADTASTBSTCATCDTCETCSTEATEDTEE$]i)msnss us} G M P ) *( - < > m= n=%: +00+01+03+04+05+06+07+08+09+10+11+12+13+14-01-02-03-04-05-06-08-09-11-12125625???ADTASTBSTCATCDTCETCSTEATEDTEETEOFESTGMTHDTHSTHanIDTISTJSTKSTLaoMDTMSKMSTMroNDTNSTNaNNkoPC=PDTPKTPSTUTCVaiWAT]:adxaesavxendfinfmagc $ms: gomaxprocs=network is downno medium foundno such processrecovery failedruntime error: runtime: frame runtime: max = runtime: min = runtimer: bad pscan missed a gstartm: m has pstopm holding p already; errno= mheap.sweepgen= not in ranges: untyped locals ,$unknown wait reasonwinmm.dll not found markroot jobs done to unallocated span37252902984619140625Arabic Standard TimeAzores Standard TimeCertOpenSystemStoreWCreateProcessAsUserWCryptAcquireContextWEgyptian_HieroglyphsGetAcceptExSockaddrsGetAdaptersAddressesGe
  • API String ID: 0-3485911620
  • Opcode ID: 4278c0b025985eb153152e7e7e22c879404475c8e0e5e306964d1d71eec202fa
  • Instruction ID: 97c93228d05e33f47ae29a079df1e9b58f9eef7af576dccb3f78efdbde96ea6d
  • Opcode Fuzzy Hash: 4278c0b025985eb153152e7e7e22c879404475c8e0e5e306964d1d71eec202fa
  • Instruction Fuzzy Hash: B4122736209B8585EB50AF54F8813AEB3A8FB49790F408165EBDC43BA9DF7CC195DB40
Strings
  • QueryPerformanceFrequency overflow 32 bit divider, check nosplit discussion to proceed000102030405060708091011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586, xrefs: 00FF15AF
  • QueryPerformanceFrequency syscall returned zero, running on unsupported hardwarereflect.Value.Interface: cannot return value obtained from unexported field or methodQueryPerformanceFrequency overflow 32 bit divider, check nosplit discussion to proceed000102030, xrefs: 00FF15C8
  • equency, xrefs: 00FF143A
  • could not find QPC syscallsgcstopm: not waiting for gcgrowslice: cap out of rangeinternal lockOSThread errorinvalid profile bucket typekey was rejected by servicemakechan: size out of rangemakeslice: cap out of rangemakeslice: len out of rangemspan.sweep: bad , xrefs: 00FF15E5
  • 0, xrefs: 00FF1609
  • mTimeAsF, xrefs: 00FF1325
  • rmanceFr, xrefs: 00FF142B
  • GetSyste, xrefs: 00FF1316
  • formance, xrefs: 00FF13A5
  • ileTime, xrefs: 00FF1334
  • could not find GetSystemTimeAsFileTime() syscallruntime.preemptM: duplicatehandle failed; errno=runtime: waitforsingleobject unexpected; result=runtime: waitforsingleobject wait_failed; errno=slice bounds out of range [:%x] with capacity %ystrconv: illegal App, xrefs: 00FF15FE
  • formance, xrefs: 00FF141C
  • QueryPer, xrefs: 00FF140D
  • QueryPer, xrefs: 00FF1396
  • Counter, xrefs: 00FF13B4
Memory Dump Source
  • Source File: 00000000.00000002.2124398066.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
  • Associated: 00000000.00000002.2124322813.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124524807.000000000106C000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124663432.0000000001119000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124706630.000000000111D000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124743435.000000000111E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124784032.000000000111F000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124824878.0000000001128000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124851517.0000000001129000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000112D000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000115A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001175000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.0000000001178000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.000000000119F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125192678.00000000011F9000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125246417.00000000011FA000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_fc0000_main.jbxd
Similarity
  • API ID:
  • String ID: 0$Counter$GetSyste$QueryPer$QueryPer$QueryPerformanceFrequency overflow 32 bit divider, check nosplit discussion to proceed000102030405060708091011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586$QueryPerformanceFrequency syscall returned zero, running on unsupported hardwarereflect.Value.Interface: cannot return value obtained from unexported field or methodQueryPerformanceFrequency overflow 32 bit divider, check nosplit discussion to proceed000102030$could not find GetSystemTimeAsFileTime() syscallruntime.preemptM: duplicatehandle failed; errno=runtime: waitforsingleobject unexpected; result=runtime: waitforsingleobject wait_failed; errno=slice bounds out of range [:%x] with capacity %ystrconv: illegal App$could not find QPC syscallsgcstopm: not waiting for gcgrowslice: cap out of rangeinternal lockOSThread errorinvalid profile bucket typekey was rejected by servicemakechan: size out of rangemakeslice: cap out of rangemakeslice: len out of rangemspan.sweep: bad $equency$formance$formance$ileTime$mTimeAsF$rmanceFr
  • API String ID: 0-3618394045
  • Opcode ID: beca862e317929b5293ad80145b1ae5c76a43f6f6e340d26127174507c7886b0
  • Instruction ID: 7a80b4f2af6e0db9d80c9187050af62911c2a1675278f1863dabc51ed7cceb5f
  • Opcode Fuzzy Hash: beca862e317929b5293ad80145b1ae5c76a43f6f6e340d26127174507c7886b0
  • Instruction Fuzzy Hash: AB711832209F89C5DB509B05F8403AAB7A4FB88794F948525E7CD47B68DF7CC154DB40
Strings
  • runtime.SetFinalizer: first argument is runtime.preemptM: duplicatehandle failedruntime: out of memory: cannot allocate runtime: typeBitsBulkBarrier with type 34694469519536141888238489627838134765625MapIter.Next called on exhausted iteratorattempted to add z, xrefs: 00FD87B7
  • to finalizer untyped args -thread limit1907348632812595367431640625CertCloseStoreCreateProcessWCryptGenRandomFindFirstFileWFormatMessageWGC assist waitGC worker initGetConsoleModeGetProcAddressGetUserNameExWMB; allocated NetUserGetInfoOther_ID_StartPattern_, xrefs: 00FD853A, 00FD85E6, 00FD868E
  • , not pointer-byte block (3814697265625CertOpenStoreFindNextFileWFreeAddrInfoWGC sweep waitGunjala_GondiMapViewOfFileMasaram_GondiMende_KikakuiOld_HungarianRegDeleteKeyWRegEnumKeyExWRegEnumValueWRegOpenKeyExWVirtualUnlockWriteConsoleWbad flushGen bad map state, xrefs: 00FD87D6
  • +, xrefs: 00FD8813
  • nil elem type!no module datano such devicepollCache.lockprotocol errorruntime: full=s.allocCount= semaRoot queuestack overflowstopm spinningstore64 failedsync.Cond.Waittext file busytoo many linkstoo many usersunexpected EOFunknown methodunreachable: unsafe.P, xrefs: 00FD877E
  • runtime.SetFinalizer: pointer not in allocated blockruntime: GetQueuedCompletionStatusEx failed (errno= runtime: use of FixAlloc_Alloc before FixAlloc_Initspan set block with unpopped elements found in resetcompileCallback: argument size is larger than uintpt, xrefs: 00FD8765
  • , not a function0123456789ABCDEF0123456789abcdef2384185791015625CreateDirectoryWDnsNameCompare_WDuplicateTokenExFlushFileBuffersGC scavenge waitGC worker (idle)GODEBUG: value "GetComputerNameWGetCurrentThreadGetFullPathNameWGetLongPathNameWImperial_AramaicMero, xrefs: 00FD8719
  • runtime.SetFinalizer: pointer not at beginning of allocated blockstrconv: internal error: extFloat.FixedDecimal called with n == 0bytes.Buffer: UnreadByte: previous operation was not a successful readtoo many concurrent operations on a single file or socket (m, xrefs: 00FD874B
  • runtime.SetFinalizer: first argument is nilruntime: casfrom_Gscanstatus bad oldval gp=runtime: heapBitsSetTypeGCProg: total bits runtime: releaseSudog with non-nil gp.paramruntime:stoplockedm: lockedg (atomicstatus=unfinished open-coded defers in deferreturnun, xrefs: 00FD8808
  • (, xrefs: 00FD87C3
  • runtime.SetFinalizer: second argument is runtime: blocked read on closing polldescruntime: typeBitsBulkBarrier without typestopTheWorld: not stopped (stopwait != 0)strconv: illegal AppendInt/FormatInt base1734723475976807094411924481391906738281258673617379884, xrefs: 00FD86FA
  • because dotdotdot to non-Go memory , locked to thread298023223876953125Arab Standard TimeCaucasian_AlbanianCommandLineToArgvWCreateFileMappingWCuba Standard TimeFiji Standard TimeGetComputerNameExWGetExitCodeProcessGetFileAttributesWGetModuleFileNameWIran Sta, xrefs: 00FD86AD
  • runtime.SetFinalizer: cannot pass runtime: g is running but p is notruntime: unexpected return pc for schedule: spinning with local workslice bounds out of range [%x:%y:]slice bounds out of range [:%x:%y]too many references: cannot spliceunexpected runtime.net, xrefs: 00FD8511, 00FD85BD, 00FD8665
Memory Dump Source
  • Source File: 00000000.00000002.2124398066.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
  • Associated: 00000000.00000002.2124322813.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124524807.000000000106C000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124663432.0000000001119000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124706630.000000000111D000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124743435.000000000111E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124784032.000000000111F000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124824878.0000000001128000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124851517.0000000001129000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000112D000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000115A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001175000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.0000000001178000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.000000000119F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125192678.00000000011F9000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125246417.00000000011FA000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_fc0000_main.jbxd
Similarity
  • API ID:
  • String ID: because dotdotdot to non-Go memory , locked to thread298023223876953125Arab Standard TimeCaucasian_AlbanianCommandLineToArgvWCreateFileMappingWCuba Standard TimeFiji Standard TimeGetComputerNameExWGetExitCodeProcessGetFileAttributesWGetModuleFileNameWIran Sta$ to finalizer untyped args -thread limit1907348632812595367431640625CertCloseStoreCreateProcessWCryptGenRandomFindFirstFileWFormatMessageWGC assist waitGC worker initGetConsoleModeGetProcAddressGetUserNameExWMB; allocated NetUserGetInfoOther_ID_StartPattern_$($+$, not a function0123456789ABCDEF0123456789abcdef2384185791015625CreateDirectoryWDnsNameCompare_WDuplicateTokenExFlushFileBuffersGC scavenge waitGC worker (idle)GODEBUG: value "GetComputerNameWGetCurrentThreadGetFullPathNameWGetLongPathNameWImperial_AramaicMero$, not pointer-byte block (3814697265625CertOpenStoreFindNextFileWFreeAddrInfoWGC sweep waitGunjala_GondiMapViewOfFileMasaram_GondiMende_KikakuiOld_HungarianRegDeleteKeyWRegEnumKeyExWRegEnumValueWRegOpenKeyExWVirtualUnlockWriteConsoleWbad flushGen bad map state$nil elem type!no module datano such devicepollCache.lockprotocol errorruntime: full=s.allocCount= semaRoot queuestack overflowstopm spinningstore64 failedsync.Cond.Waittext file busytoo many linkstoo many usersunexpected EOFunknown methodunreachable: unsafe.P$runtime.SetFinalizer: cannot pass runtime: g is running but p is notruntime: unexpected return pc for schedule: spinning with local workslice bounds out of range [%x:%y:]slice bounds out of range [:%x:%y]too many references: cannot spliceunexpected runtime.net$runtime.SetFinalizer: first argument is nilruntime: casfrom_Gscanstatus bad oldval gp=runtime: heapBitsSetTypeGCProg: total bits runtime: releaseSudog with non-nil gp.paramruntime:stoplockedm: lockedg (atomicstatus=unfinished open-coded defers in deferreturnun$runtime.SetFinalizer: first argument is runtime.preemptM: duplicatehandle failedruntime: out of memory: cannot allocate runtime: typeBitsBulkBarrier with type 34694469519536141888238489627838134765625MapIter.Next called on exhausted iteratorattempted to add z$runtime.SetFinalizer: pointer not at beginning of allocated blockstrconv: internal error: extFloat.FixedDecimal called with n == 0bytes.Buffer: UnreadByte: previous operation was not a successful readtoo many concurrent operations on a single file or socket (m$runtime.SetFinalizer: pointer not in allocated blockruntime: GetQueuedCompletionStatusEx failed (errno= runtime: use of FixAlloc_Alloc before FixAlloc_Initspan set block with unpopped elements found in resetcompileCallback: argument size is larger than uintpt$runtime.SetFinalizer: second argument is runtime: blocked read on closing polldescruntime: typeBitsBulkBarrier without typestopTheWorld: not stopped (stopwait != 0)strconv: illegal AppendInt/FormatInt base1734723475976807094411924481391906738281258673617379884
  • API String ID: 0-3278730115
  • Opcode ID: e7d6f3d9f0581278961ae52c5252959b6f75dc7111738f742cd78d80d82e1e51
  • Instruction ID: d760b4e617bb91fad94e9e0117ad1507995894ff0eace3d634aa3fb59d8bb50c
  • Opcode Fuzzy Hash: e7d6f3d9f0581278961ae52c5252959b6f75dc7111738f742cd78d80d82e1e51
  • Instruction Fuzzy Hash: A8123236609F8186DB609B14F4803AEB7A5F789B94F589126EBCD07B68DF7CC095DB00
Strings
  • runtime: levelShift[level] = runtime: marking free object runtime: p.gcMarkWorkerMode= runtime: split stack overflowruntime: sudog with non-nil cruntime: summary max pages = runtime: unknown pc in defer semacquire not on the G stackstring concatenation too lon, xrefs: 00FE9BD8
  • bad summary databad symbol tablecastogscanstatusgc: unswept spangcshrinkstackoffinteger overflowinvalid argumentinvalid exchangeinvalid g statusinvalid spdelta mSpanList.insertmSpanList.removemessage too longmissing stackmapnewmHandoff.lockno route to hostnon-, xrefs: 00FEA217
  • runtime: summary[runtime: textOff runtime: typeOff scanobject n == 0select (no cases)stack: frame={sp:swept cached spanthread exhaustionunknown caller pcwait for GC cyclewrong medium type but memory size because dotdotdot to non-Go memory , locked to thread2, xrefs: 00FE99B5
  • , j0 = 19531259765625AvestanBengaliBrailleChanDirCopySidCypriotDeseretElbasanElymaicGODEBUGGranthaHanunooIO waitKannadaMakasarMandaicMarchenMultaniMyanmarOsmanyaRadicalSharadaShavianSiddhamSinhalaSogdianSoyomboTagalogTibetanTirhutaUNKNOWNWSARecvWSASendtypes , xrefs: 00FE9AE8
  • runtime: p.searchAddr = span has no free objectsstack trace unavailablestructure needs cleaning bytes failed with errno= to unused region of span2910383045673370361328125AUS Central Standard TimeAUS Eastern Standard TimeAfghanistan Standard TimeExpandEnvironm, xrefs: 00FE9B45
  • ] = ] n=allgallpavx2basebindbmi1bmi2boolcallcas1cas2cas3cas4cas5cas6chandeadermsfilefuncidleint8itabkindpipeprofreadrootsbrksse2sse3tcp4trueudp4uint ... H_T= H_a= H_g= MB, W_a= and cnt= h_a= h_g= h_t= max= ms, ptr siz= tab= top= u_a= u_g=+0330+0430+0530+0, xrefs: 00FE9A0F
  • , ->25: > CcCfCoCsLlLmLoLtLuMcMeMnNdNlNoPcPdPePfPiPoPsScSkSmSoYiZlZpZs")" ][]i)msnss us} G M P ) *( - < > m= n=%: +00+01+03+04+05+06+07+08+09+10+11+12+13+14-01-02-03-04-05-06-08-09-11-12125625???ADTASTBSTCATCDTCETCSTEATEDTEETEOFESTGMTHDTHSTHanIDTIST, xrefs: 00FE9A36, 00FE9A5D
  • ][]i)msnss us} G M P ) *( - < > m= n=%: +00+01+03+04+05+06+07+08+09+10+11+12+13+14-01-02-03-04-05-06-08-09-11-12125625???ADTASTBSTCATCDTCETCSTEATEDTEETEOFESTGMTHDTHSTHanIDTISTJSTKSTLaoMDTMSKMSTMroNDTNSTNaNNkoPC=PDTPKTPSTUTCVaiWAT]:adxaesavxendfinfmag, xrefs: 00FE99E5
  • runtime: level = runtime: nameOff runtime: next_gc=runtime: pointer runtime: summary[runtime: textOff runtime: typeOff scanobject n == 0select (no cases)stack: frame={sp:swept cached spanthread exhaustionunknown caller pcwait for GC cyclewrong medium type but, xrefs: 00FE9A94
  • , i = , not 390625<-chanArabicBrahmiCarianChakmaCommonCopticFormatGOROOTGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLepchaLycianLydianRejangSCHED StringSyriacTai_LeTangutTeluguThaanaType: UTC+12UTC+13UTC-02UTC-08UTC-09UTC-11WanchoYezidi[]bytechan<-efencego, xrefs: 00FE9B6F
  • , levelBits[level] = 186264514923095703125931322574615478515625AdjustTokenPrivilegesAlaskan Standard TimeAnatolian_HieroglyphsArabian Standard TimeBelarus Standard TimeCentral Standard TimeEastern Standard TimeGetProfilesDirectoryWInscriptional_PahlaviLookupPr, xrefs: 00FE9C05
  • , npages = /dev/stderr/dev/stdout30517578125: frame.sp=CloseHandleCreateFileWDeleteFileWDives_AkuruExitProcessFreeLibraryGOTRACEBACKGetFileTypeIdeographicMedefaidrinMoveFileExWNandinagariNetShareAddNetShareDelNew_Tai_LueOld_PersianOld_SogdianOpenProcessPau_Cin, xrefs: 00FE9ABE
Memory Dump Source
  • Source File: 00000000.00000002.2124398066.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
  • Associated: 00000000.00000002.2124322813.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124524807.000000000106C000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124663432.0000000001119000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124706630.000000000111D000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124743435.000000000111E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124784032.000000000111F000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124824878.0000000001128000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124851517.0000000001129000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000112D000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000115A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001175000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.0000000001178000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.000000000119F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125192678.00000000011F9000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125246417.00000000011FA000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_fc0000_main.jbxd
Similarity
  • API ID:
  • String ID: , ->25: > CcCfCoCsLlLmLoLtLuMcMeMnNdNlNoPcPdPePfPiPoPsScSkSmSoYiZlZpZs")" ][]i)msnss us} G M P ) *( - < > m= n=%: +00+01+03+04+05+06+07+08+09+10+11+12+13+14-01-02-03-04-05-06-08-09-11-12125625???ADTASTBSTCATCDTCETCSTEATEDTEETEOFESTGMTHDTHSTHanIDTIST$, i = , not 390625<-chanArabicBrahmiCarianChakmaCommonCopticFormatGOROOTGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLepchaLycianLydianRejangSCHED StringSyriacTai_LeTangutTeluguThaanaType: UTC+12UTC+13UTC-02UTC-08UTC-09UTC-11WanchoYezidi[]bytechan<-efencego$, j0 = 19531259765625AvestanBengaliBrailleChanDirCopySidCypriotDeseretElbasanElymaicGODEBUGGranthaHanunooIO waitKannadaMakasarMandaicMarchenMultaniMyanmarOsmanyaRadicalSharadaShavianSiddhamSinhalaSogdianSoyomboTagalogTibetanTirhutaUNKNOWNWSARecvWSASendtypes $, levelBits[level] = 186264514923095703125931322574615478515625AdjustTokenPrivilegesAlaskan Standard TimeAnatolian_HieroglyphsArabian Standard TimeBelarus Standard TimeCentral Standard TimeEastern Standard TimeGetProfilesDirectoryWInscriptional_PahlaviLookupPr$, npages = /dev/stderr/dev/stdout30517578125: frame.sp=CloseHandleCreateFileWDeleteFileWDives_AkuruExitProcessFreeLibraryGOTRACEBACKGetFileTypeIdeographicMedefaidrinMoveFileExWNandinagariNetShareAddNetShareDelNew_Tai_LueOld_PersianOld_SogdianOpenProcessPau_Cin$] = ] n=allgallpavx2basebindbmi1bmi2boolcallcas1cas2cas3cas4cas5cas6chandeadermsfilefuncidleint8itabkindpipeprofreadrootsbrksse2sse3tcp4trueudp4uint ... H_T= H_a= H_g= MB, W_a= and cnt= h_a= h_g= h_t= max= ms, ptr siz= tab= top= u_a= u_g=+0330+0430+0530+0$][]i)msnss us} G M P ) *( - < > m= n=%: +00+01+03+04+05+06+07+08+09+10+11+12+13+14-01-02-03-04-05-06-08-09-11-12125625???ADTASTBSTCATCDTCETCSTEATEDTEETEOFESTGMTHDTHSTHanIDTISTJSTKSTLaoMDTMSKMSTMroNDTNSTNaNNkoPC=PDTPKTPSTUTCVaiWAT]:adxaesavxendfinfmag$bad summary databad symbol tablecastogscanstatusgc: unswept spangcshrinkstackoffinteger overflowinvalid argumentinvalid exchangeinvalid g statusinvalid spdelta mSpanList.insertmSpanList.removemessage too longmissing stackmapnewmHandoff.lockno route to hostnon-$runtime: level = runtime: nameOff runtime: next_gc=runtime: pointer runtime: summary[runtime: textOff runtime: typeOff scanobject n == 0select (no cases)stack: frame={sp:swept cached spanthread exhaustionunknown caller pcwait for GC cyclewrong medium type but$runtime: levelShift[level] = runtime: marking free object runtime: p.gcMarkWorkerMode= runtime: split stack overflowruntime: sudog with non-nil cruntime: summary max pages = runtime: unknown pc in defer semacquire not on the G stackstring concatenation too lon$runtime: p.searchAddr = span has no free objectsstack trace unavailablestructure needs cleaning bytes failed with errno= to unused region of span2910383045673370361328125AUS Central Standard TimeAUS Eastern Standard TimeAfghanistan Standard TimeExpandEnvironm$runtime: summary[runtime: textOff runtime: typeOff scanobject n == 0select (no cases)stack: frame={sp:swept cached spanthread exhaustionunknown caller pcwait for GC cyclewrong medium type but memory size because dotdotdot to non-Go memory , locked to thread2
  • API String ID: 0-2428282564
  • Opcode ID: cf36e1d8f903ba12c14e7e7e54dce6cd7913594e7725effcb97e488017964d88
  • Instruction ID: 75107c76309123690cae2da2411f250a3b0c914295e7e35176b61cee13f9825f
  • Opcode Fuzzy Hash: cf36e1d8f903ba12c14e7e7e54dce6cd7913594e7725effcb97e488017964d88
  • Instruction Fuzzy Hash: 44123776219BC981DB60AB12F8807EAB365F789B80F408126DBCD47B69DF7CC595DB00
Strings
  • wbuf1=<nil> wbuf2=<nil>) p->status=-byte limit152587890625762939453125Bidi_ControlGetAddrInfoWGetConsoleCPGetLastErrorGetLengthSidGetStdHandleGetTempPathWJoin_ControlLoadLibraryWMeetei_MayekPahawh_HmongReadConsoleWRevertToSelfSetEndOfFileSora_SompengSyloti_N, xrefs: 00FDC0DF
  • runtime: P runtime: p scheddetailsecur32.dllshell32.dllshort writetracealloc(unreachableuserenv.dll KiB total, [recovered] allocCount found at *( gcscandone m->gsignal= minTrigger= nDataRoots= nSpanRoots= pages/byte preemptoff= s.elemsize= s.sweepgen= span, xrefs: 00FDBFE5
  • next= p->m= prev= span=% util(...), i = , not 390625<-chanArabicBrahmiCarianChakmaCommonCopticFormatGOROOTGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLepchaLycianLydianRejangSCHED StringSyriacTai_LeTangutTeluguThaanaType: UTC+12UTC+13UTC-02UTC-08UTC-09UT, xrefs: 00FDC1D8
  • work.full != 0 with GC prog476837158203125<invalid Value>ASCII_Hex_DigitCreateHardLinkWDeviceIoControlDuplicateHandleFailed to find Failed to load FlushViewOfFileGetAdaptersInfoGetCommandLineWGetProcessTimesGetStartupInfoWHanifi_RohingyaImpersonateSelfOpenTh, xrefs: 00FDC14D
  • 8, xrefs: 00FDC2F6
  • wbuf1.n= wbuf2.n=(unknown), newval=, oldval=, size = , tail = 244140625: status=Bassa_VahBhaiksukiCuneiformDiacriticFindCloseHex_DigitInheritedInterfaceKhudawadiLocalFreeMalayalamMongolianMoveFileWNabataeanPalmyreneSamaritanSundaneseWSASendToWriteFileatomicor, xrefs: 00FDC05A
  • runtime: full=s.allocCount= semaRoot queuestack overflowstopm spinningstore64 failedsync.Cond.Waittext file busytoo many linkstoo many usersunexpected EOFunknown methodunreachable: unsafe.Pointerwinapi error #work.full != 0 with GC prog476837158203125<inval, xrefs: 00FDC1B1
  • nBSSRoots= p->status= s.nelems= schedtick= span.list= timerslen=, elemsize=, npages = /dev/stderr/dev/stdout30517578125: frame.sp=CloseHandleCreateFileWDeleteFileWDives_AkuruExitProcessFreeLibraryGOTRACEBACKGetFileTypeIdeographicMedefaidrinMoveFileExWNandina, xrefs: 00FDC24D
  • jobs= list= m->p= next= p->m= prev= span=% util(...), i = , not 390625<-chanArabicBrahmiCarianChakmaCommonCopticFormatGOROOTGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLepchaLycianLydianRejangSCHED StringSyriacTai_LeTangutTeluguThaanaType: UTC+12UTC+13UT, xrefs: 00FDC1FF
  • in gcMark expecting to see gcphase as _GCmarkterminationprofilealloc called without a P or outside bootstrappingstrings: illegal use of non-zero Builder copied by valuegentraceback cannot trace user goroutine on its own stackruntime: checkmarks found unexpecte, xrefs: 00FDC2EB
  • flushedWork heap_marked= idlethreads= is nil, not nStackRoots= s.spanclass= span.base()= syscalltick= work.nproc= work.nwait= , gp->status=, not pointer-byte block (3814697265625CertOpenStoreFindNextFileWFreeAddrInfoWGC sweep waitGunjala_GondiMapViewOfFile, xrefs: 00FDC00C
  • P has cached GC work at end of mark terminationattempting to link in too many shared librariesbufio: reader returned negative count from Readracy sudog adjustment due to parking on channelruntime: CreateIoCompletionPort failed (errno= slice bounds out of range, xrefs: 00FDC134
Memory Dump Source
  • Source File: 00000000.00000002.2124398066.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
  • Associated: 00000000.00000002.2124322813.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124524807.000000000106C000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124663432.0000000001119000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124706630.000000000111D000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124743435.000000000111E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124784032.000000000111F000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124824878.0000000001128000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124851517.0000000001129000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000112D000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000115A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001175000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.0000000001178000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.000000000119F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125192678.00000000011F9000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125246417.00000000011FA000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_fc0000_main.jbxd
Similarity
  • API ID:
  • String ID: flushedWork heap_marked= idlethreads= is nil, not nStackRoots= s.spanclass= span.base()= syscalltick= work.nproc= work.nwait= , gp->status=, not pointer-byte block (3814697265625CertOpenStoreFindNextFileWFreeAddrInfoWGC sweep waitGunjala_GondiMapViewOfFile$ jobs= list= m->p= next= p->m= prev= span=% util(...), i = , not 390625<-chanArabicBrahmiCarianChakmaCommonCopticFormatGOROOTGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLepchaLycianLydianRejangSCHED StringSyriacTai_LeTangutTeluguThaanaType: UTC+12UTC+13UT$ nBSSRoots= p->status= s.nelems= schedtick= span.list= timerslen=, elemsize=, npages = /dev/stderr/dev/stdout30517578125: frame.sp=CloseHandleCreateFileWDeleteFileWDives_AkuruExitProcessFreeLibraryGOTRACEBACKGetFileTypeIdeographicMedefaidrinMoveFileExWNandina$ next= p->m= prev= span=% util(...), i = , not 390625<-chanArabicBrahmiCarianChakmaCommonCopticFormatGOROOTGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLepchaLycianLydianRejangSCHED StringSyriacTai_LeTangutTeluguThaanaType: UTC+12UTC+13UTC-02UTC-08UTC-09UT$ wbuf1.n= wbuf2.n=(unknown), newval=, oldval=, size = , tail = 244140625: status=Bassa_VahBhaiksukiCuneiformDiacriticFindCloseHex_DigitInheritedInterfaceKhudawadiLocalFreeMalayalamMongolianMoveFileWNabataeanPalmyreneSamaritanSundaneseWSASendToWriteFileatomicor$ wbuf1=<nil> wbuf2=<nil>) p->status=-byte limit152587890625762939453125Bidi_ControlGetAddrInfoWGetConsoleCPGetLastErrorGetLengthSidGetStdHandleGetTempPathWJoin_ControlLoadLibraryWMeetei_MayekPahawh_HmongReadConsoleWRevertToSelfSetEndOfFileSora_SompengSyloti_N$8$P has cached GC work at end of mark terminationattempting to link in too many shared librariesbufio: reader returned negative count from Readracy sudog adjustment due to parking on channelruntime: CreateIoCompletionPort failed (errno= slice bounds out of range$in gcMark expecting to see gcphase as _GCmarkterminationprofilealloc called without a P or outside bootstrappingstrings: illegal use of non-zero Builder copied by valuegentraceback cannot trace user goroutine on its own stackruntime: checkmarks found unexpecte$runtime: P runtime: p scheddetailsecur32.dllshell32.dllshort writetracealloc(unreachableuserenv.dll KiB total, [recovered] allocCount found at *( gcscandone m->gsignal= minTrigger= nDataRoots= nSpanRoots= pages/byte preemptoff= s.elemsize= s.sweepgen= span$runtime: full=s.allocCount= semaRoot queuestack overflowstopm spinningstore64 failedsync.Cond.Waittext file busytoo many linkstoo many usersunexpected EOFunknown methodunreachable: unsafe.Pointerwinapi error #work.full != 0 with GC prog476837158203125<inval$work.full != 0 with GC prog476837158203125<invalid Value>ASCII_Hex_DigitCreateHardLinkWDeviceIoControlDuplicateHandleFailed to find Failed to load FlushViewOfFileGetAdaptersInfoGetCommandLineWGetProcessTimesGetStartupInfoWHanifi_RohingyaImpersonateSelfOpenTh
  • API String ID: 0-1513925099
  • Opcode ID: 7b3edbc49799b3d69ed269def12973ac943910e931501ab27f78b949d212b6d7
  • Instruction ID: 7755365f0969809116090162cdb8f68f82ebdbf2d5f2eb6955f117f2bde11734
  • Opcode Fuzzy Hash: 7b3edbc49799b3d69ed269def12973ac943910e931501ab27f78b949d212b6d7
  • Instruction Fuzzy Hash: 9DE10436609B49C5EB00AF51F8843AAB7A9FB45790F558166EBCC037A9DF7CC095EB00
Strings
  • casfrom_Gscanstatus:top gp->status is not in scan stategentraceback callback cannot be used with non-zero skipnewproc: function arguments too large for new goroutineos: invalid use of WriteAt on file opened with O_APPENDreflect.FuncOf: last arg of variadic fun, xrefs: 00FFA6EF
  • 7, xrefs: 00FFA6FA
  • casfrom_Gscanstatus: gp->status is not in scan statemallocgc called without a P or outside bootstrappingruntime.SetFinalizer: pointer not in allocated blockruntime: GetQueuedCompletionStatusEx failed (errno= runtime: use of FixAlloc_Alloc before FixAlloc_Init, xrefs: 00FFA4EF
  • , newval=, oldval=, size = , tail = 244140625: status=Bassa_VahBhaiksukiCuneiformDiacriticFindCloseHex_DigitInheritedInterfaceKhudawadiLocalFreeMalayalamMongolianMoveFileWNabataeanPalmyreneSamaritanSundaneseWSASendToWriteFileatomicor8bad indirbad prunechan sen, xrefs: 00FFA365, 00FFA55A
  • , gp->atomicstatus=14901161193847656257450580596923828125Altai Standard TimeBahia Standard TimeCanadian_AboriginalChina Standard TimeCreateSymbolicLinkWCryptReleaseContextEgypt Standard TimeGC work not flushedGetCurrentProcessIdGetSystemDirectoryWGetTokenInfor, xrefs: 00FFA41A, 00FFA613
  • runtime: g: g=runtime: addr = runtime: base = runtime: gp: gp=runtime: head = runtime: nelems=schedule: in cgotime: bad [0-9]*workbuf is empty initialHeapLive= spinningthreads=, p.searchAddr = 0123456789ABCDEFX0123456789abcdefx1192092895507812559604644775390, xrefs: 00FFA46F, 00FFA66A
  • runtime: casfrom_Gscanstatus bad oldval gp=runtime: heapBitsSetTypeGCProg: total bits runtime: releaseSudog with non-nil gp.paramruntime:stoplockedm: lockedg (atomicstatus=unfinished open-coded defers in deferreturnunknown runnable goroutine during bootstrap u, xrefs: 00FFA50D
  • , oldval=, size = , tail = 244140625: status=Bassa_VahBhaiksukiCuneiformDiacriticFindCloseHex_DigitInheritedInterfaceKhudawadiLocalFreeMalayalamMongolianMoveFileWNabataeanPalmyreneSamaritanSundaneseWSASendToWriteFileatomicor8bad indirbad prunechan sendcomplex6, xrefs: 00FFA33F, 00FFA534
  • , goid=, j0 = 19531259765625AvestanBengaliBrailleChanDirCopySidCypriotDeseretElbasanElymaicGODEBUGGranthaHanunooIO waitKannadaMakasarMandaicMarchenMultaniMyanmarOsmanyaRadicalSharadaShavianSiddhamSinhalaSogdianSoyomboTagalogTibetanTirhutaUNKNOWNWSARecvWSASend, xrefs: 00FFA3F3, 00FFA496, 00FFA5EC, 00FFA693
  • runtime: casfrom_Gscanstatus failed gp=runtime: function symbol table header: stack growth not allowed in system callsuspendG from non-preemptible goroutinetransport endpoint is already connected13877787807814456755295395851135253906256938893903907228377647697, xrefs: 00FFA318
  • , g->atomicstatus=, gp->atomicstatus=14901161193847656257450580596923828125Altai Standard TimeBahia Standard TimeCanadian_AboriginalChina Standard TimeCreateSymbolicLinkWCryptReleaseContextEgypt Standard TimeGC work not flushedGetCurrentProcessIdGetSystemDire, xrefs: 00FFA4BD, 00FFA6BA
  • runtime: gp: gp=runtime: head = runtime: nelems=schedule: in cgotime: bad [0-9]*workbuf is empty initialHeapLive= spinningthreads=, p.searchAddr = 0123456789ABCDEFX0123456789abcdefx1192092895507812559604644775390625: missing method DnsRecordListFreeFLE Standar, xrefs: 00FFA3CB, 00FFA5C5
Memory Dump Source
  • Source File: 00000000.00000002.2124398066.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
  • Associated: 00000000.00000002.2124322813.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124524807.000000000106C000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124663432.0000000001119000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124706630.000000000111D000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124743435.000000000111E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124784032.000000000111F000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124824878.0000000001128000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124851517.0000000001129000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000112D000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000115A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001175000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.0000000001178000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.000000000119F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125192678.00000000011F9000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125246417.00000000011FA000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_fc0000_main.jbxd
Similarity
  • API ID:
  • String ID: , g->atomicstatus=, gp->atomicstatus=14901161193847656257450580596923828125Altai Standard TimeBahia Standard TimeCanadian_AboriginalChina Standard TimeCreateSymbolicLinkWCryptReleaseContextEgypt Standard TimeGC work not flushedGetCurrentProcessIdGetSystemDire$, goid=, j0 = 19531259765625AvestanBengaliBrailleChanDirCopySidCypriotDeseretElbasanElymaicGODEBUGGranthaHanunooIO waitKannadaMakasarMandaicMarchenMultaniMyanmarOsmanyaRadicalSharadaShavianSiddhamSinhalaSogdianSoyomboTagalogTibetanTirhutaUNKNOWNWSARecvWSASend$, gp->atomicstatus=14901161193847656257450580596923828125Altai Standard TimeBahia Standard TimeCanadian_AboriginalChina Standard TimeCreateSymbolicLinkWCryptReleaseContextEgypt Standard TimeGC work not flushedGetCurrentProcessIdGetSystemDirectoryWGetTokenInfor$, newval=, oldval=, size = , tail = 244140625: status=Bassa_VahBhaiksukiCuneiformDiacriticFindCloseHex_DigitInheritedInterfaceKhudawadiLocalFreeMalayalamMongolianMoveFileWNabataeanPalmyreneSamaritanSundaneseWSASendToWriteFileatomicor8bad indirbad prunechan sen$, oldval=, size = , tail = 244140625: status=Bassa_VahBhaiksukiCuneiformDiacriticFindCloseHex_DigitInheritedInterfaceKhudawadiLocalFreeMalayalamMongolianMoveFileWNabataeanPalmyreneSamaritanSundaneseWSASendToWriteFileatomicor8bad indirbad prunechan sendcomplex6$7$casfrom_Gscanstatus: gp->status is not in scan statemallocgc called without a P or outside bootstrappingruntime.SetFinalizer: pointer not in allocated blockruntime: GetQueuedCompletionStatusEx failed (errno= runtime: use of FixAlloc_Alloc before FixAlloc_Init$casfrom_Gscanstatus:top gp->status is not in scan stategentraceback callback cannot be used with non-zero skipnewproc: function arguments too large for new goroutineos: invalid use of WriteAt on file opened with O_APPENDreflect.FuncOf: last arg of variadic fun$runtime: g: g=runtime: addr = runtime: base = runtime: gp: gp=runtime: head = runtime: nelems=schedule: in cgotime: bad [0-9]*workbuf is empty initialHeapLive= spinningthreads=, p.searchAddr = 0123456789ABCDEFX0123456789abcdefx1192092895507812559604644775390$runtime: casfrom_Gscanstatus bad oldval gp=runtime: heapBitsSetTypeGCProg: total bits runtime: releaseSudog with non-nil gp.paramruntime:stoplockedm: lockedg (atomicstatus=unfinished open-coded defers in deferreturnunknown runnable goroutine during bootstrap u$runtime: casfrom_Gscanstatus failed gp=runtime: function symbol table header: stack growth not allowed in system callsuspendG from non-preemptible goroutinetransport endpoint is already connected13877787807814456755295395851135253906256938893903907228377647697$runtime: gp: gp=runtime: head = runtime: nelems=schedule: in cgotime: bad [0-9]*workbuf is empty initialHeapLive= spinningthreads=, p.searchAddr = 0123456789ABCDEFX0123456789abcdefx1192092895507812559604644775390625: missing method DnsRecordListFreeFLE Standar
  • API String ID: 0-2585756822
  • Opcode ID: cd5c569d40181b5a0a69438130f41f1a3e70d06c2cbe97231929604673c549fe
  • Instruction ID: 9da57c66ef6d87dbd1d23a82884681f55515349cd3b25464587fbd061261a832
  • Opcode Fuzzy Hash: cd5c569d40181b5a0a69438130f41f1a3e70d06c2cbe97231929604673c549fe
  • Instruction Fuzzy Hash: 01B1DF36609B4989DB00AF54F88536EB7A8FB88384F518161EBCC43B2ADF7CD195DB10
Strings
  • memory reservation exceeds address space limitpanicwrap: unexpected string after type name: reflect.Value.Slice: slice index out of boundsreflect: nil type passed to Type.ConvertibleToreleased less than one physical page of memoryruntime: failed to create new , xrefs: 00FCC695
  • base outside usable address spaceconcurrent map read and map writefindrunnable: negative nmspinningfreeing stack not in a stack spanheapBitsSetType: unexpected shiftmin must be a non-zero power of 2misrounded allocation in sysAllocreflect.nameFrom: name too lo, xrefs: 00FCC38E
  • out of memory allocating allArenasreflect.FuncOf: too many argumentsreflect: ChanDir of non-chan type reflect: Field index out of boundsreflect: Field of non-struct type reflect: Method index out of rangereflect: string index out of rangeruntime.SetFinalizer: , xrefs: 00FCC56A
  • ., xrefs: 00FCC6A0
  • end outside usable address spacenumerical argument out of domainpanic while printing panic valuereflect.nameFrom: tag too long: reflect: NumIn of non-func type reflect: NumOut of non-func typeremovespecial on invalid pointerresource temporarily unavailablerunt, xrefs: 00FCC3D3
  • out of memory allocating heap arena mapruntime: blocked write on free polldescruntime: casfrom_Gscanstatus failed gp=runtime: function symbol table header: stack growth not allowed in system callsuspendG from non-preemptible goroutinetransport endpoint is alre, xrefs: 00FCC5B7
  • ) not in usable address space: ...additional frames elided....lib section in a.out corrupted11368683772161602973937988281255684341886080801486968994140625Central Brazilian Standard TimeMountain Standard Time (Mexico)W. Central Africa Standard Timebad write ba, xrefs: 00FCC65A
  • out of memory allocating heap arena metadatareflect: FieldByNameFunc of non-struct type reflect: funcLayout with interface receiver runtime: lfstack.push invalid packing: node=bufio.Scanner: Read returned impossible countcannot send after transport endpoint sh, xrefs: 00FCC585
  • runtime: memory allocated by OS [runtime: name offset out of rangeruntime: text offset out of rangeruntime: type offset out of rangeslice bounds out of range [%x:%y]stackalloc not on scheduler stackstoplockedm: inconsistent lockingtimer period must be non-nega, xrefs: 00FCC60C
  • arena already initializedbad status in shrinkstackbad system huge page sizechansend: spurious wakeupcheckdead: no m for timerinconsistent poll.fdMutexinvalid cross-device linkmissing stack in newstackmissing traceGCSweepStartno buffer space availableno such de, xrefs: 00FCC59E
  • , ->25: > CcCfCoCsLlLmLoLtLuMcMeMnNdNlNoPcPdPePfPiPoPsScSkSmSoYiZlZpZs")" ][]i)msnss us} G M P ) *( - < > m= n=%: +00+01+03+04+05+06+07+08+09+10+11+12+13+14-01-02-03-04-05-06-08-09-11-12125625???ADTASTBSTCATCDTCETCSTEATEDTEETEOFESTGMTHDTHSTHanIDTIST, xrefs: 00FCC633
Memory Dump Source
  • Source File: 00000000.00000002.2124398066.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
  • Associated: 00000000.00000002.2124322813.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124524807.000000000106C000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124663432.0000000001119000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124706630.000000000111D000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124743435.000000000111E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124784032.000000000111F000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124824878.0000000001128000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124851517.0000000001129000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000112D000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000115A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001175000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.0000000001178000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.000000000119F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125192678.00000000011F9000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125246417.00000000011FA000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_fc0000_main.jbxd
Similarity
  • API ID:
  • String ID: ) not in usable address space: ...additional frames elided....lib section in a.out corrupted11368683772161602973937988281255684341886080801486968994140625Central Brazilian Standard TimeMountain Standard Time (Mexico)W. Central Africa Standard Timebad write ba$, ->25: > CcCfCoCsLlLmLoLtLuMcMeMnNdNlNoPcPdPePfPiPoPsScSkSmSoYiZlZpZs")" ][]i)msnss us} G M P ) *( - < > m= n=%: +00+01+03+04+05+06+07+08+09+10+11+12+13+14-01-02-03-04-05-06-08-09-11-12125625???ADTASTBSTCATCDTCETCSTEATEDTEETEOFESTGMTHDTHSTHanIDTIST$.$arena already initializedbad status in shrinkstackbad system huge page sizechansend: spurious wakeupcheckdead: no m for timerinconsistent poll.fdMutexinvalid cross-device linkmissing stack in newstackmissing traceGCSweepStartno buffer space availableno such de$base outside usable address spaceconcurrent map read and map writefindrunnable: negative nmspinningfreeing stack not in a stack spanheapBitsSetType: unexpected shiftmin must be a non-zero power of 2misrounded allocation in sysAllocreflect.nameFrom: name too lo$end outside usable address spacenumerical argument out of domainpanic while printing panic valuereflect.nameFrom: tag too long: reflect: NumIn of non-func type reflect: NumOut of non-func typeremovespecial on invalid pointerresource temporarily unavailablerunt$memory reservation exceeds address space limitpanicwrap: unexpected string after type name: reflect.Value.Slice: slice index out of boundsreflect: nil type passed to Type.ConvertibleToreleased less than one physical page of memoryruntime: failed to create new $out of memory allocating allArenasreflect.FuncOf: too many argumentsreflect: ChanDir of non-chan type reflect: Field index out of boundsreflect: Field of non-struct type reflect: Method index out of rangereflect: string index out of rangeruntime.SetFinalizer: $out of memory allocating heap arena mapruntime: blocked write on free polldescruntime: casfrom_Gscanstatus failed gp=runtime: function symbol table header: stack growth not allowed in system callsuspendG from non-preemptible goroutinetransport endpoint is alre$out of memory allocating heap arena metadatareflect: FieldByNameFunc of non-struct type reflect: funcLayout with interface receiver runtime: lfstack.push invalid packing: node=bufio.Scanner: Read returned impossible countcannot send after transport endpoint sh$runtime: memory allocated by OS [runtime: name offset out of rangeruntime: text offset out of rangeruntime: type offset out of rangeslice bounds out of range [%x:%y]stackalloc not on scheduler stackstoplockedm: inconsistent lockingtimer period must be non-nega
  • API String ID: 0-2218669318
  • Opcode ID: 49f4ab894d4f22f99099b8e5d01eaef2cabb3ba6d8870e3f0105ee774c7c0e9f
  • Instruction ID: ed45ac7c59d3cdc57a1405469fa10ce5586f7e9e9fbb31c9e4ba983956e69e38
  • Opcode Fuzzy Hash: 49f4ab894d4f22f99099b8e5d01eaef2cabb3ba6d8870e3f0105ee774c7c0e9f
  • Instruction Fuzzy Hash: 19125736608B81C5DB108F55F58039AB7A9F789B94F58812AEBDC47BA9CF7CC085DB40
Strings
  • !, xrefs: 00FC1532
  • " not supported for cpu option "bufio: invalid use of UnreadBytebufio: invalid use of UnreadRunebufio: tried to fill full bufferend outside usable address spacenumerical argument out of domainpanic while printing panic valuereflect.nameFrom: tag too long: refl, xrefs: 00FC1485
  • cpu., xrefs: 00FC116D
  • GODEBUG: can not disable "GetFileInformationByHandleLine Islands Standard TimeNewfoundland Standard TimePostQueuedCompletionStatusSaint Pierre Standard TimeSetFileInformationByHandleSouth Africa Standard TimeW. Australia Standard TimeWest Pacific Standard Time, xrefs: 00FC16A5
  • GODEBUG: unknown cpu feature "MapIter.Key called before NextPacific Standard Time (Mexico)Turks And Caicos Standard Timeabi mismatch detected between assignment to entry in nil mapcheckdead: inconsistent countsfailed to get system page sizefreedefer with d._pa, xrefs: 00FC13EA
  • GODEBUG: value "GetComputerNameWGetCurrentThreadGetFullPathNameWGetLongPathNameWImperial_AramaicMeroitic_CursiveNetApiBufferFreeOpenProcessTokenOther_AlphabeticRegQueryInfoKeyWRegQueryValueExWRemoveDirectoryWSetFilePointerExTerminateProcessZanabazar_Squarerun, xrefs: 00FC144F
  • " ][]i)msnss us} G M P ) *( - < > m= n=%: +00+01+03+04+05+06+07+08+09+10+11+12+13+14-01-02-03-04-05-06-08-09-11-12125625???ADTASTBSTCATCDTCETCSTEATEDTEETEOFESTGMTHDTHSTHanIDTISTJSTKSTLaoMDTMSKMSTMroNDTNSTNaNNkoPC=PDTPKTPSTUTCVaiWAT]:adxaesavxendfin, xrefs: 00FC141D, 00FC14B6, 00FC1565
  • ", missing CPU supportbytes.Buffer: too largechan receive (nil chan)close of closed channeldevice or resource busyfatal: morestack on g0garbage collection scangcDrain phase incorrectindex out of range [%x]interrupted system callinvalid m->lockedInt = left ov, xrefs: 00FC175D
  • GODEBUG: can not enable "GetFinalPathNameByHandleWGetQueuedCompletionStatusKaliningrad Standard TimeMiddle East Standard TimeNew Zealand Standard TimeNorth Korea Standard TimeTransbaikal Standard TimeUS Mountain Standard TimeUlaanbaatar Standard TimeVladivosto, xrefs: 00FC1727
  • GODEBUG: no value specified for "base outside usable address spaceconcurrent map read and map writefindrunnable: negative nmspinningfreeing stack not in a stack spanheapBitsSetType: unexpected shiftmin must be a non-zero power of 2misrounded allocation in sysA, xrefs: 00FC1527
  • ", required CPU featurebad defer entry in panicbad defer size class: i=bypassed recovery failedcan't scan our own stackconnection reset by peerdouble traceGCSweepStartfunction not implementedgcDrainN phase incorrecthash of unhashable type initSpan: unaligned , xrefs: 00FC16D6
Memory Dump Source
  • Source File: 00000000.00000002.2124398066.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
  • Associated: 00000000.00000002.2124322813.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124524807.000000000106C000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124663432.0000000001119000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124706630.000000000111D000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124743435.000000000111E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124784032.000000000111F000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124824878.0000000001128000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124851517.0000000001129000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000112D000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000115A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001175000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.0000000001178000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.000000000119F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125192678.00000000011F9000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125246417.00000000011FA000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_fc0000_main.jbxd
Similarity
  • API ID:
  • String ID: !$" ][]i)msnss us} G M P ) *( - < > m= n=%: +00+01+03+04+05+06+07+08+09+10+11+12+13+14-01-02-03-04-05-06-08-09-11-12125625???ADTASTBSTCATCDTCETCSTEATEDTEETEOFESTGMTHDTHSTHanIDTISTJSTKSTLaoMDTMSKMSTMroNDTNSTNaNNkoPC=PDTPKTPSTUTCVaiWAT]:adxaesavxendfin$" not supported for cpu option "bufio: invalid use of UnreadBytebufio: invalid use of UnreadRunebufio: tried to fill full bufferend outside usable address spacenumerical argument out of domainpanic while printing panic valuereflect.nameFrom: tag too long: refl$", missing CPU supportbytes.Buffer: too largechan receive (nil chan)close of closed channeldevice or resource busyfatal: morestack on g0garbage collection scangcDrain phase incorrectindex out of range [%x]interrupted system callinvalid m->lockedInt = left ov$", required CPU featurebad defer entry in panicbad defer size class: i=bypassed recovery failedcan't scan our own stackconnection reset by peerdouble traceGCSweepStartfunction not implementedgcDrainN phase incorrecthash of unhashable type initSpan: unaligned $GODEBUG: can not disable "GetFileInformationByHandleLine Islands Standard TimeNewfoundland Standard TimePostQueuedCompletionStatusSaint Pierre Standard TimeSetFileInformationByHandleSouth Africa Standard TimeW. Australia Standard TimeWest Pacific Standard Time$GODEBUG: can not enable "GetFinalPathNameByHandleWGetQueuedCompletionStatusKaliningrad Standard TimeMiddle East Standard TimeNew Zealand Standard TimeNorth Korea Standard TimeTransbaikal Standard TimeUS Mountain Standard TimeUlaanbaatar Standard TimeVladivosto$GODEBUG: no value specified for "base outside usable address spaceconcurrent map read and map writefindrunnable: negative nmspinningfreeing stack not in a stack spanheapBitsSetType: unexpected shiftmin must be a non-zero power of 2misrounded allocation in sysA$GODEBUG: unknown cpu feature "MapIter.Key called before NextPacific Standard Time (Mexico)Turks And Caicos Standard Timeabi mismatch detected between assignment to entry in nil mapcheckdead: inconsistent countsfailed to get system page sizefreedefer with d._pa$GODEBUG: value "GetComputerNameWGetCurrentThreadGetFullPathNameWGetLongPathNameWImperial_AramaicMeroitic_CursiveNetApiBufferFreeOpenProcessTokenOther_AlphabeticRegQueryInfoKeyWRegQueryValueExWRemoveDirectoryWSetFilePointerExTerminateProcessZanabazar_Squarerun$cpu.
  • API String ID: 0-4059744795
  • Opcode ID: 3775b164b659a50583a1a57be85974589543abbf3d0d498d20e74bb543561b86
  • Instruction ID: 94c0ed871b9598597448ddfedee361f8c545ba7cba65d2112f7cdee38c7cd11a
  • Opcode Fuzzy Hash: 3775b164b659a50583a1a57be85974589543abbf3d0d498d20e74bb543561b86
  • Instruction Fuzzy Hash: 3FF19F32608B86C1DB109B11F9857AAB765F786BE0F588115EBCD03B6ADF7CC4A5DB00
Strings
  • work.nwait= , gp->status=, not pointer-byte block (3814697265625CertOpenStoreFindNextFileWFreeAddrInfoWGC sweep waitGunjala_GondiMapViewOfFileMasaram_GondiMende_KikakuiOld_HungarianRegDeleteKeyWRegEnumKeyExWRegEnumValueWRegOpenKeyExWVirtualUnlockWriteConsoleW, xrefs: 00FDBBEC
  • runtime: p.gcMarkWorkerMode= runtime: split stack overflowruntime: sudog with non-nil cruntime: summary max pages = runtime: unknown pc in defer semacquire not on the G stackstring concatenation too longsyntax error scanning booleantimeBegin/EndPeriod not foun, xrefs: 00FDBBC5
  • work.nwait > work.nproc116415321826934814453125582076609134674072265625Azerbaijan Standard TimeBangladesh Standard TimeCape Verde Standard TimeCertFreeCertificateChainCreateToolhelp32SnapshotGetUserProfileDirectoryWMagallanes Standard TimeMontevideo Standard T, xrefs: 00FDBC45
  • runtime: work.nwait= stale NFS file handlestartlockedm: m has pstartm: m is spinningstate not recoverabletimer data corruption/lib/time/zoneinfo.zip4656612873077392578125Aleutian Standard TimeAtlantic Standard TimeCaucasus Standard TimeConvertSidToStringSidWCo, xrefs: 00FDBC6B
  • worker mode != sweepgen MB) workers= called from flushedWork heap_marked= idlethreads= is nil, not nStackRoots= s.spanclass= span.base()= syscalltick= work.nproc= work.nwait= , gp->status=, not pointer-byte block (3814697265625CertOpenStoreFindNextFileWF, xrefs: 00FDBD0A
  • work.nwait was > work.nproc args stack map entries for 18189894035458564758300781259094947017729282379150390625Aus Central W. Standard TimeCanada Central Standard TimeCen. Australia Standard TimeCentral Europe Standard TimeCertCreateCertificateContextFixedStac, xrefs: 00FDBCC5
  • gcBgMarkWorker: blackening not enabledindex out of range [%x] with length %ymakechan: invalid channel element typeruntime: blocked read on free polldescruntime: sudog with non-false isSelect277555756156289135105907917022705078125heapBitsSetTypeGCProg: small al, xrefs: 00FDBD3D
  • work.nproc= work.nwait= , gp->status=, not pointer-byte block (3814697265625CertOpenStoreFindNextFileWFreeAddrInfoWGC sweep waitGunjala_GondiMapViewOfFileMasaram_GondiMende_KikakuiOld_HungarianRegDeleteKeyWRegEnumKeyExWRegEnumValueWRegOpenKeyExWVirtualUnlock, xrefs: 00FDBC12, 00FDBC92
  • GC worker initGetConsoleModeGetProcAddressGetUserNameExWMB; allocated NetUserGetInfoOther_ID_StartPattern_SyntaxProcess32NextWQuotation_MarkRegSetValueExWSetFilePointerTranslateNameWallocfreetracebad allocCountbad span statebad stack sizefile too largefinalize, xrefs: 00FDB899, 00FDBB95
  • &, xrefs: 00FDBD48
  • gcBgMarkWorker: mode not setgcstopm: negative nmspinninginvalid runtime symbol tablemheap.freeSpanLocked - span missing stack in shrinkstackmspan.sweep: m is not lockednewproc1: new g is not Gdeadnewproc1: newg missing stackos: process already finishedprotocol, xrefs: 00FDBCDE
Memory Dump Source
  • Source File: 00000000.00000002.2124398066.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
  • Associated: 00000000.00000002.2124322813.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124524807.000000000106C000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124663432.0000000001119000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124706630.000000000111D000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124743435.000000000111E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124784032.000000000111F000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124824878.0000000001128000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124851517.0000000001129000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000112D000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000115A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001175000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.0000000001178000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.000000000119F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125192678.00000000011F9000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125246417.00000000011FA000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_fc0000_main.jbxd
Similarity
  • API ID:
  • String ID: work.nproc= work.nwait= , gp->status=, not pointer-byte block (3814697265625CertOpenStoreFindNextFileWFreeAddrInfoWGC sweep waitGunjala_GondiMapViewOfFileMasaram_GondiMende_KikakuiOld_HungarianRegDeleteKeyWRegEnumKeyExWRegEnumValueWRegOpenKeyExWVirtualUnlock$ work.nwait= , gp->status=, not pointer-byte block (3814697265625CertOpenStoreFindNextFileWFreeAddrInfoWGC sweep waitGunjala_GondiMapViewOfFileMasaram_GondiMende_KikakuiOld_HungarianRegDeleteKeyWRegEnumKeyExWRegEnumValueWRegOpenKeyExWVirtualUnlockWriteConsoleW$&$GC worker initGetConsoleModeGetProcAddressGetUserNameExWMB; allocated NetUserGetInfoOther_ID_StartPattern_SyntaxProcess32NextWQuotation_MarkRegSetValueExWSetFilePointerTranslateNameWallocfreetracebad allocCountbad span statebad stack sizefile too largefinalize$gcBgMarkWorker: blackening not enabledindex out of range [%x] with length %ymakechan: invalid channel element typeruntime: blocked read on free polldescruntime: sudog with non-false isSelect277555756156289135105907917022705078125heapBitsSetTypeGCProg: small al$gcBgMarkWorker: mode not setgcstopm: negative nmspinninginvalid runtime symbol tablemheap.freeSpanLocked - span missing stack in shrinkstackmspan.sweep: m is not lockednewproc1: new g is not Gdeadnewproc1: newg missing stackos: process already finishedprotocol$runtime: p.gcMarkWorkerMode= runtime: split stack overflowruntime: sudog with non-nil cruntime: summary max pages = runtime: unknown pc in defer semacquire not on the G stackstring concatenation too longsyntax error scanning booleantimeBegin/EndPeriod not foun$runtime: work.nwait= stale NFS file handlestartlockedm: m has pstartm: m is spinningstate not recoverabletimer data corruption/lib/time/zoneinfo.zip4656612873077392578125Aleutian Standard TimeAtlantic Standard TimeCaucasus Standard TimeConvertSidToStringSidWCo$work.nwait > work.nproc116415321826934814453125582076609134674072265625Azerbaijan Standard TimeBangladesh Standard TimeCape Verde Standard TimeCertFreeCertificateChainCreateToolhelp32SnapshotGetUserProfileDirectoryWMagallanes Standard TimeMontevideo Standard T$work.nwait was > work.nproc args stack map entries for 18189894035458564758300781259094947017729282379150390625Aus Central W. Standard TimeCanada Central Standard TimeCen. Australia Standard TimeCentral Europe Standard TimeCertCreateCertificateContextFixedStac$worker mode != sweepgen MB) workers= called from flushedWork heap_marked= idlethreads= is nil, not nStackRoots= s.spanclass= span.base()= syscalltick= work.nproc= work.nwait= , gp->status=, not pointer-byte block (3814697265625CertOpenStoreFindNextFileWF
  • API String ID: 0-3564284095
  • Opcode ID: cde8971d6af02f2f53c33d752c84c8296759d2d07f796fa745fcfb3925539ecb
  • Instruction ID: 51ff05333f46e0f224fae505865290d703599f35dc4455c0d813791f9e7cdf0c
  • Opcode Fuzzy Hash: cde8971d6af02f2f53c33d752c84c8296759d2d07f796fa745fcfb3925539ecb
  • Instruction Fuzzy Hash: 3BD1353660AB44C5DB00EF15E8843AAB7B5F789B94F558162EB8C43768DF7CC186DB40
Strings
  • s=nil zombie, goid=, j0 = 19531259765625AvestanBengaliBrailleChanDirCopySidCypriotDeseretElbasanElymaicGODEBUGGranthaHanunooIO waitKannadaMakasarMandaicMarchenMultaniMyanmarOsmanyaRadicalSharadaShavianSiddhamSinhalaSogdianSoyomboTagalogTibetanTirhutaUNKNOWNW, xrefs: 00FE0465
  • s.elemsize= s.sweepgen= span.limit= span.state= sysmonwait= wbuf1=<nil> wbuf2=<nil>) p->status=-byte limit152587890625762939453125Bidi_ControlGetAddrInfoWGetConsoleCPGetLastErrorGetLengthSidGetStdHandleGetTempPathWJoin_ControlLoadLibraryWMeetei_MayekPahawh_H, xrefs: 00FE0173
  • ... H_T= H_a= H_g= MB, W_a= and cnt= h_a= h_g= h_t= max= ms, ptr siz= tab= top= u_a= u_g=+0330+0430+0530+0545+0630+0845+1030+1245+1345, ..., fp:-09301562578125<nil>AdlamBamumBatakBuhidDograErrorGreekKhmerLatinLimbuNushuOghamOriyaOsageRunicSTermTakriTamil, xrefs: 00FE0397, 00FE03D3
  • s.base()= spinning= stopwait= sweepgen sweepgen= targetpc= throwing= until pc=, bound = , limit = /dev/stdin12207031256103515625Bad varintCancelIoExChorasmianCreatePipeDeprecatedDevanagariDnsQuery_WException GC forcedGOMAXPROCSGetIfEntryGetVersionGlagolitic, xrefs: 00FE00FC
  • =?CLMNPSUZ[\]`hms + @ P [%v(") )(), ->25: > CcCfCoCsLlLmLoLtLuMcMeMnNdNlNoPcPdPePfPiPoPsScSkSmSoYiZlZpZs")" ][]i)msnss us} G M P ) *( - < > m= n=%: +00+01+03+04+05+06+07+08+09+10+11+12+13+14-01-02-03-04-05-06-08-09-11-12125625???ADTASTBSTCATCDTCETC, xrefs: 00FE0093
  • s.spanclass= span.base()= syscalltick= work.nproc= work.nwait= , gp->status=, not pointer-byte block (3814697265625CertOpenStoreFindNextFileWFreeAddrInfoWGC sweep waitGunjala_GondiMapViewOfFileMasaram_GondiMende_KikakuiOld_HungarianRegDeleteKeyWRegEnumKeyExW, xrefs: 00FE014C
  • unknown(wsaioctl (forced) -> node= blocked= defersc= in use) lockedg= lockedm= m->curg= marked ms cpu, not in [ runtime= s.limit= s.state= threads= u_a/u_g= unmarked wbuf1.n= wbuf2.n=(unknown), newval=, oldval=, size = , tail = 244140625: status=Bassa_VahB, xrefs: 00FE040E
  • +-./5:<=?CLMNPSUZ[\]`hms + @ P [%v(") )(), ->25: > CcCfCoCsLlLmLoLtLuMcMeMnNdNlNoPcPdPePfPiPoPsScSkSmSoYiZlZpZs")" ][]i)msnss us} G M P ) *( - < > m= n=%: +00+01+03+04+05+06+07+08+09+10+11+12+13+14-01-02-03-04-05-06-08-09-11-12125625???ADTASTBSTCAT, xrefs: 00FE02DD
  • s.limit= s.state= threads= u_a/u_g= unmarked wbuf1.n= wbuf2.n=(unknown), newval=, oldval=, size = , tail = 244140625: status=Bassa_VahBhaiksukiCuneiformDiacriticFindCloseHex_DigitInheritedInterfaceKhudawadiLocalFreeMalayalamMongolianMoveFileWNabataeanPalmyren, xrefs: 00FE0125
  • ) = ) m=+Inf-Inf3125: p=ACDTACSTAEDTAESTAKDTAKSTAWSTAhomCESTChamDashEESTGOGCLEAFLisuMiaoModiNZDTNZSTNewaSASTThaim=] = ] n=allgallpavx2basebindbmi1bmi2boolcallcas1cas2cas3cas4cas5cas6chandeadermsfilefuncidleint8itabkindpipeprofreadrootsbrksse2sse3tcp4trueudp4, xrefs: 00FE0305
  • <== at fp= is lr: of on pc= sp: sp=) = ) m=+Inf-Inf3125: p=ACDTACSTAEDTAESTAKDTAKSTAWSTAhomCESTChamDashEESTGOGCLEAFLisuMiaoModiNZDTNZSTNewaSASTThaim=] = ] n=allgallpavx2basebindbmi1bmi2boolcallcas1cas2cas3cas4cas5cas6chandeadermsfilefuncidleint8itabkind, xrefs: 00FE0372
Memory Dump Source
  • Source File: 00000000.00000002.2124398066.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
  • Associated: 00000000.00000002.2124322813.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124524807.000000000106C000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124663432.0000000001119000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124706630.000000000111D000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124743435.000000000111E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124784032.000000000111F000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124824878.0000000001128000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124851517.0000000001129000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000112D000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000115A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001175000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.0000000001178000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.000000000119F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125192678.00000000011F9000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125246417.00000000011FA000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_fc0000_main.jbxd
Similarity
  • API ID:
  • String ID: ... H_T= H_a= H_g= MB, W_a= and cnt= h_a= h_g= h_t= max= ms, ptr siz= tab= top= u_a= u_g=+0330+0430+0530+0545+0630+0845+1030+1245+1345, ..., fp:-09301562578125<nil>AdlamBamumBatakBuhidDograErrorGreekKhmerLatinLimbuNushuOghamOriyaOsageRunicSTermTakriTamil$ <== at fp= is lr: of on pc= sp: sp=) = ) m=+Inf-Inf3125: p=ACDTACSTAEDTAESTAKDTAKSTAWSTAhomCESTChamDashEESTGOGCLEAFLisuMiaoModiNZDTNZSTNewaSASTThaim=] = ] n=allgallpavx2basebindbmi1bmi2boolcallcas1cas2cas3cas4cas5cas6chandeadermsfilefuncidleint8itabkind$ s.base()= spinning= stopwait= sweepgen sweepgen= targetpc= throwing= until pc=, bound = , limit = /dev/stdin12207031256103515625Bad varintCancelIoExChorasmianCreatePipeDeprecatedDevanagariDnsQuery_WException GC forcedGOMAXPROCSGetIfEntryGetVersionGlagolitic$ s.elemsize= s.sweepgen= span.limit= span.state= sysmonwait= wbuf1=<nil> wbuf2=<nil>) p->status=-byte limit152587890625762939453125Bidi_ControlGetAddrInfoWGetConsoleCPGetLastErrorGetLengthSidGetStdHandleGetTempPathWJoin_ControlLoadLibraryWMeetei_MayekPahawh_H$ s.limit= s.state= threads= u_a/u_g= unmarked wbuf1.n= wbuf2.n=(unknown), newval=, oldval=, size = , tail = 244140625: status=Bassa_VahBhaiksukiCuneiformDiacriticFindCloseHex_DigitInheritedInterfaceKhudawadiLocalFreeMalayalamMongolianMoveFileWNabataeanPalmyren$ s.spanclass= span.base()= syscalltick= work.nproc= work.nwait= , gp->status=, not pointer-byte block (3814697265625CertOpenStoreFindNextFileWFreeAddrInfoWGC sweep waitGunjala_GondiMapViewOfFileMasaram_GondiMende_KikakuiOld_HungarianRegDeleteKeyWRegEnumKeyExW$ s=nil zombie, goid=, j0 = 19531259765625AvestanBengaliBrailleChanDirCopySidCypriotDeseretElbasanElymaicGODEBUGGranthaHanunooIO waitKannadaMakasarMandaicMarchenMultaniMyanmarOsmanyaRadicalSharadaShavianSiddhamSinhalaSogdianSoyomboTagalogTibetanTirhutaUNKNOWNW$) = ) m=+Inf-Inf3125: p=ACDTACSTAEDTAESTAKDTAKSTAWSTAhomCESTChamDashEESTGOGCLEAFLisuMiaoModiNZDTNZSTNewaSASTThaim=] = ] n=allgallpavx2basebindbmi1bmi2boolcallcas1cas2cas3cas4cas5cas6chandeadermsfilefuncidleint8itabkindpipeprofreadrootsbrksse2sse3tcp4trueudp4$+-./5:<=?CLMNPSUZ[\]`hms + @ P [%v(") )(), ->25: > CcCfCoCsLlLmLoLtLuMcMeMnNdNlNoPcPdPePfPiPoPsScSkSmSoYiZlZpZs")" ][]i)msnss us} G M P ) *( - < > m= n=%: +00+01+03+04+05+06+07+08+09+10+11+12+13+14-01-02-03-04-05-06-08-09-11-12125625???ADTASTBSTCAT$=?CLMNPSUZ[\]`hms + @ P [%v(") )(), ->25: > CcCfCoCsLlLmLoLtLuMcMeMnNdNlNoPcPdPePfPiPoPsScSkSmSoYiZlZpZs")" ][]i)msnss us} G M P ) *( - < > m= n=%: +00+01+03+04+05+06+07+08+09+10+11+12+13+14-01-02-03-04-05-06-08-09-11-12125625???ADTASTBSTCATCDTCETC$unknown(wsaioctl (forced) -> node= blocked= defersc= in use) lockedg= lockedm= m->curg= marked ms cpu, not in [ runtime= s.limit= s.state= threads= u_a/u_g= unmarked wbuf1.n= wbuf2.n=(unknown), newval=, oldval=, size = , tail = 244140625: status=Bassa_VahB
  • API String ID: 0-1133555719
  • Opcode ID: f51c1cb4ba02c1802538016c76e128d0ad8922c14ca7f1f06be09c220da46088
  • Instruction ID: 4bd90af854cedfbcb3455109fdf83fbeeedde2f582617aabcfccf1a580540324
  • Opcode Fuzzy Hash: f51c1cb4ba02c1802538016c76e128d0ad8922c14ca7f1f06be09c220da46088
  • Instruction Fuzzy Hash: 72B12636619B8985DB00AF51F89136EB7A4FB88780F508061EBCD43B69DFBCC185EB11
Strings
  • failed to get system page sizefreedefer with d._panic != nilinappropriate ioctl for deviceinvalid function symbol tableinvalid pointer found on stacknotetsleep - waitm out of syncprotocol wrong type for socketreflect: Elem of invalid type reflect: Len of non-, xrefs: 00FCBE45
  • ) must be a power of 223283064365386962890625<invalid reflect.Value>Argentina Standard TimeAstrakhan Standard TimeCertGetCertificateChainDestroyEnvironmentBlockE. Africa Standard TimeE. Europe Standard TimeFreeEnvironmentStringsWGetEnvironmentVariableWGetSyst, xrefs: 00FCBC85, 00FCBCEE
  • system huge page size (work.nwait > work.nproc116415321826934814453125582076609134674072265625Azerbaijan Standard TimeBangladesh Standard TimeCape Verde Standard TimeCertFreeCertificateChainCreateToolhelp32SnapshotGetUserProfileDirectoryWMagallanes Standard Ti, xrefs: 00FCBC57
  • ) is smaller than minimum page size (2220446049250313080847263336181640625_cgo_notify_runtime_init_done missingall goroutines are asleep - deadlock!cannot exec a shared library directlyfailed to reserve page summary memoryinternal error: unknown network type r, xrefs: 00FCBD55
  • $, xrefs: 00FCBDF0
  • bad system huge page sizechansend: spurious wakeupcheckdead: no m for timerinconsistent poll.fdMutexinvalid cross-device linkmissing stack in newstackmissing traceGCSweepStartno buffer space availableno such device or addressoperation now in progressreflect: B, xrefs: 00FCBCA5
  • bad TinySizeClassdebugPtrmask.lockentersyscallblockexec format errorg already scannedglobalAlloc.mutexlocked m0 woke upmark - bad statusmarkBits overflowno data availablenotetsleepg on g0permission deniedreflect.Value.Intreflect.Value.Lenreflect: New(nil)refle, xrefs: 00FCBE5E
  • ), ->25: > CcCfCoCsLlLmLoLtLuMcMeMnNdNlNoPcPdPePfPiPoPsScSkSmSoYiZlZpZs")" ][]i)msnss us} G M P ) *( - < > m= n=%: +00+01+03+04+05+06+07+08+09+10+11+12+13+14-01-02-03-04-05-06-08-09-11-12125625???ADTASTBSTCATCDTCETCSTEATEDTEETEOFESTGMTHDTHSTHanIDTI, xrefs: 00FCBD7B, 00FCBE0B
  • bad system page sizebad use of bucket.bpbad use of bucket.mpchan send (nil chan)close of nil channelconnection timed outdodeltimer0: wrong Pfloating point errorforcegc: phase errorgc_trigger underflowgo of nil func valuegopark: bad g statusinconsistent lockedm, xrefs: 00FCBD0C, 00FCBD99, 00FCBE2A
  • system page size (tracebackancestorsuse of closed filevalue out of range called using nil *, g->atomicstatus=, gp->atomicstatus=14901161193847656257450580596923828125Altai Standard TimeBahia Standard TimeCanadian_AboriginalChina Standard TimeCreateSymbolicLin, xrefs: 00FCBCC5, 00FCBD2A, 00FCBDB7
  • ) is larger than maximum page size () is not Grunnable or Gscanrunnable0123456789abcdefghijklmnopqrstuvwxyz444089209850062616169452667236328125Go pointer stored into non-Go memoryUnable to determine system directoryaccessing a corrupted shared libraryruntime:, xrefs: 00FCBDE5
Memory Dump Source
  • Source File: 00000000.00000002.2124398066.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
  • Associated: 00000000.00000002.2124322813.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124524807.000000000106C000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124663432.0000000001119000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124706630.000000000111D000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124743435.000000000111E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124784032.000000000111F000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124824878.0000000001128000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124851517.0000000001129000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000112D000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000115A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001175000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.0000000001178000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.000000000119F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125192678.00000000011F9000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125246417.00000000011FA000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_fc0000_main.jbxd
Similarity
  • API ID:
  • String ID: $$), ->25: > CcCfCoCsLlLmLoLtLuMcMeMnNdNlNoPcPdPePfPiPoPsScSkSmSoYiZlZpZs")" ][]i)msnss us} G M P ) *( - < > m= n=%: +00+01+03+04+05+06+07+08+09+10+11+12+13+14-01-02-03-04-05-06-08-09-11-12125625???ADTASTBSTCATCDTCETCSTEATEDTEETEOFESTGMTHDTHSTHanIDTI$) is larger than maximum page size () is not Grunnable or Gscanrunnable0123456789abcdefghijklmnopqrstuvwxyz444089209850062616169452667236328125Go pointer stored into non-Go memoryUnable to determine system directoryaccessing a corrupted shared libraryruntime:$) is smaller than minimum page size (2220446049250313080847263336181640625_cgo_notify_runtime_init_done missingall goroutines are asleep - deadlock!cannot exec a shared library directlyfailed to reserve page summary memoryinternal error: unknown network type r$) must be a power of 223283064365386962890625<invalid reflect.Value>Argentina Standard TimeAstrakhan Standard TimeCertGetCertificateChainDestroyEnvironmentBlockE. Africa Standard TimeE. Europe Standard TimeFreeEnvironmentStringsWGetEnvironmentVariableWGetSyst$bad TinySizeClassdebugPtrmask.lockentersyscallblockexec format errorg already scannedglobalAlloc.mutexlocked m0 woke upmark - bad statusmarkBits overflowno data availablenotetsleepg on g0permission deniedreflect.Value.Intreflect.Value.Lenreflect: New(nil)refle$bad system huge page sizechansend: spurious wakeupcheckdead: no m for timerinconsistent poll.fdMutexinvalid cross-device linkmissing stack in newstackmissing traceGCSweepStartno buffer space availableno such device or addressoperation now in progressreflect: B$bad system page sizebad use of bucket.bpbad use of bucket.mpchan send (nil chan)close of nil channelconnection timed outdodeltimer0: wrong Pfloating point errorforcegc: phase errorgc_trigger underflowgo of nil func valuegopark: bad g statusinconsistent lockedm$failed to get system page sizefreedefer with d._panic != nilinappropriate ioctl for deviceinvalid function symbol tableinvalid pointer found on stacknotetsleep - waitm out of syncprotocol wrong type for socketreflect: Elem of invalid type reflect: Len of non-$system huge page size (work.nwait > work.nproc116415321826934814453125582076609134674072265625Azerbaijan Standard TimeBangladesh Standard TimeCape Verde Standard TimeCertFreeCertificateChainCreateToolhelp32SnapshotGetUserProfileDirectoryWMagallanes Standard Ti$system page size (tracebackancestorsuse of closed filevalue out of range called using nil *, g->atomicstatus=, gp->atomicstatus=14901161193847656257450580596923828125Altai Standard TimeBahia Standard TimeCanadian_AboriginalChina Standard TimeCreateSymbolicLin
  • API String ID: 0-3397825554
  • Opcode ID: 0ada102c97ac0c80e31b3697a2ba6dfa20999781ac2c3535594adae2ce15797d
  • Instruction ID: 02af14c785f5bbb08a0539bdecf39ea3528f05172f480a7c0f71b81590b7f13e
  • Opcode Fuzzy Hash: 0ada102c97ac0c80e31b3697a2ba6dfa20999781ac2c3535594adae2ce15797d
  • Instruction Fuzzy Hash: C7910936619F4994EB00AF10F8863A9B7A8FB58784F808465E7CC477A9DFBCC594E710
Strings
  • runtime.minit: duplicatehandle failed; errno=runtime: CreateWaitableTimerEx failed; errno=runtime: failed mSpanList.remove span.npages=scavengeOne called with unaligned work region (bad use of unsafe.Pointer? try -d=checkptr)compileCallback: float arguments n, xrefs: 00FF2712
  • 0, xrefs: 00FF24D5
  • runtime: CreateWaitableTimerEx failed; errno=runtime: failed mSpanList.remove span.npages=scavengeOne called with unaligned work region (bad use of unsafe.Pointer? try -d=checkptr)compileCallback: float arguments not supportedmemory reservation exceeds addres, xrefs: 00FF26B2
  • runtime: VirtualQuery failed; errno=runtime: bad notifyList size - sync=runtime: invalid pc-encoded table f=runtime: invalid typeBitsBulkBarrierruntime: marked free object in span runtime: mcall called on m->g0 stackruntime: sudog with non-nil waitlinkruntime:, xrefs: 00FF2652
  • runtime: g0 stack [runtime: pcdata is runtime: preempt g0semaRoot rotateLeftskip this directorystopm holding lockssysMemStat overflowtoo many open filesunexpected g statusunknown wait reasonwinmm.dll not found markroot jobs done to unallocated span37252902984, xrefs: 00FF25B3
  • ), ->25: > CcCfCoCsLlLmLoLtLuMcMeMnNdNlNoPcPdPePfPiPoPsScSkSmSoYiZlZpZs")" ][]i)msnss us} G M P ) *( - < > m= n=%: +00+01+03+04+05+06+07+08+09+10+11+12+13+14-01-02-03-04-05-06-08-09-11-12125625???ADTASTBSTCATCDTCETCSTEATEDTEETEOFESTGMTHDTHSTHanIDTI, xrefs: 00FF2605
  • VirtualQuery for stack base faileddoaddtimer: P already set in timerforEachP: sched.safePointWait != 0mspan.ensureSwept: m is not lockedout of memory allocating allArenasreflect.FuncOf: too many argumentsreflect: ChanDir of non-chan type reflect: Field index o, xrefs: 00FF2685
  • bad g0 stackbad recoverycan't happencas64 failedchan receivedumping heapend tracegcentersyscallgcBitsArenasgcpacertracehost is downillegal seekinvalid slotiphlpapi.dllkernel32.dlllfstack.pushmadvdontneedmheapSpecialmspanSpecialnetapi32.dllnot pollableraceFini, xrefs: 00FF2625
  • CreateWaitableTimerEx when creating timer failedbufio: writer returned negative count from Writecould not find GetSystemTimeAsFileTime() syscallruntime.preemptM: duplicatehandle failed; errno=runtime: waitforsingleobject unexpected; result=runtime: waitforsing, xrefs: 00FF26E5
  • runtime.minit: duplicatehandle failedruntime: allocation size out of rangesetprofilebucket: profile already setstartTheWorld: inconsistent mp->nextpvalue too large for defined data type111022302462515654042363166809082031255551115123125782702118158340454101562, xrefs: 00FF2745
  • %, xrefs: 00FF2750
Memory Dump Source
  • Source File: 00000000.00000002.2124398066.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
  • Associated: 00000000.00000002.2124322813.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124524807.000000000106C000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124663432.0000000001119000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124706630.000000000111D000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124743435.000000000111E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124784032.000000000111F000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124824878.0000000001128000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124851517.0000000001129000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000112D000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000115A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001175000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.0000000001178000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.000000000119F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125192678.00000000011F9000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125246417.00000000011FA000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_fc0000_main.jbxd
Similarity
  • API ID:
  • String ID: %$), ->25: > CcCfCoCsLlLmLoLtLuMcMeMnNdNlNoPcPdPePfPiPoPsScSkSmSoYiZlZpZs")" ][]i)msnss us} G M P ) *( - < > m= n=%: +00+01+03+04+05+06+07+08+09+10+11+12+13+14-01-02-03-04-05-06-08-09-11-12125625???ADTASTBSTCATCDTCETCSTEATEDTEETEOFESTGMTHDTHSTHanIDTI$0$CreateWaitableTimerEx when creating timer failedbufio: writer returned negative count from Writecould not find GetSystemTimeAsFileTime() syscallruntime.preemptM: duplicatehandle failed; errno=runtime: waitforsingleobject unexpected; result=runtime: waitforsing$VirtualQuery for stack base faileddoaddtimer: P already set in timerforEachP: sched.safePointWait != 0mspan.ensureSwept: m is not lockedout of memory allocating allArenasreflect.FuncOf: too many argumentsreflect: ChanDir of non-chan type reflect: Field index o$bad g0 stackbad recoverycan't happencas64 failedchan receivedumping heapend tracegcentersyscallgcBitsArenasgcpacertracehost is downillegal seekinvalid slotiphlpapi.dllkernel32.dlllfstack.pushmadvdontneedmheapSpecialmspanSpecialnetapi32.dllnot pollableraceFini$runtime.minit: duplicatehandle failed; errno=runtime: CreateWaitableTimerEx failed; errno=runtime: failed mSpanList.remove span.npages=scavengeOne called with unaligned work region (bad use of unsafe.Pointer? try -d=checkptr)compileCallback: float arguments n$runtime.minit: duplicatehandle failedruntime: allocation size out of rangesetprofilebucket: profile already setstartTheWorld: inconsistent mp->nextpvalue too large for defined data type111022302462515654042363166809082031255551115123125782702118158340454101562$runtime: CreateWaitableTimerEx failed; errno=runtime: failed mSpanList.remove span.npages=scavengeOne called with unaligned work region (bad use of unsafe.Pointer? try -d=checkptr)compileCallback: float arguments not supportedmemory reservation exceeds addres$runtime: VirtualQuery failed; errno=runtime: bad notifyList size - sync=runtime: invalid pc-encoded table f=runtime: invalid typeBitsBulkBarrierruntime: marked free object in span runtime: mcall called on m->g0 stackruntime: sudog with non-nil waitlinkruntime:$runtime: g0 stack [runtime: pcdata is runtime: preempt g0semaRoot rotateLeftskip this directorystopm holding lockssysMemStat overflowtoo many open filesunexpected g statusunknown wait reasonwinmm.dll not found markroot jobs done to unallocated span37252902984
  • API String ID: 0-3957883873
  • Opcode ID: e0eeb469f9c952648a5fc19aece9eb3625d659f8d1d27fe3393514a91044f793
  • Instruction ID: 6bbff8f3940fc2faba101611fa131b374903fa4100bb1a5bfbfaf071e771d6df
  • Opcode Fuzzy Hash: e0eeb469f9c952648a5fc19aece9eb3625d659f8d1d27fe3393514a91044f793
  • Instruction Fuzzy Hash: 46913936519F8985DA10AF14F8843AAB7A4FB857A4F508265E7DC03BB9DF7CC194DB00
Strings
  • untyped args -thread limit1907348632812595367431640625CertCloseStoreCreateProcessWCryptGenRandomFindFirstFileWFormatMessageWGC assist waitGC worker initGetConsoleModeGetProcAddressGetUserNameExWMB; allocated NetUserGetInfoOther_ID_StartPattern_SyntaxProcess3, xrefs: 0100C96F
  • args stack map entries for 18189894035458564758300781259094947017729282379150390625Aus Central W. Standard TimeCanada Central Standard TimeCen. Australia Standard TimeCentral Europe Standard TimeCertCreateCertificateContextFixedStack is not power-of-2GetFileI, xrefs: 0100C84C
  • and cnt= h_a= h_g= h_t= max= ms, ptr siz= tab= top= u_a= u_g=+0330+0430+0530+0545+0630+0845+1030+1245+1345, ..., fp:-09301562578125<nil>AdlamBamumBatakBuhidDograErrorGreekKhmerLatinLimbuNushuOghamOriyaOsageRunicSTermTakriTamil] = (arrayclosedeferfalsefault, xrefs: 0100C825, 0100CA57
  • runtime: frame runtime: max = runtime: min = runtimer: bad pscan missed a gstartm: m has pstopm holding p already; errno= mheap.sweepgen= not in ranges: untyped locals , not a function0123456789ABCDEF0123456789abcdef2384185791015625CreateDirectoryWDnsNameComp, xrefs: 0100C93B, 0100CB5B
  • locals stack map entries for 227373675443232059478759765625Central European Standard TimeCentral Standard Time (Mexico)E. South America Standard TimeEastern Standard Time (Mexico)GODEBUG: unknown cpu feature "MapIter.Key called before NextPacific Standard Tim, xrefs: 0100CA7E
  • runtime: pcdata is runtime: preempt g0semaRoot rotateLeftskip this directorystopm holding lockssysMemStat overflowtoo many open filesunexpected g statusunknown wait reasonwinmm.dll not found markroot jobs done to unallocated span37252902984619140625Arabic Sta, xrefs: 0100C7F9, 0100CA2E
  • bad symbol tablecastogscanstatusgc: unswept spangcshrinkstackoffinteger overflowinvalid argumentinvalid exchangeinvalid g statusinvalid spdelta mSpanList.insertmSpanList.removemessage too longmissing stackmapnewmHandoff.lockno route to hostnon-Go functionobje, xrefs: 0100C8CA, 0100CAF7
  • ), ->25: > CcCfCoCsLlLmLoLtLuMcMeMnNdNlNoPcPdPePfPiPoPsScSkSmSoYiZlZpZs")" ][]i)msnss us} G M P ) *( - < > m= n=%: +00+01+03+04+05+06+07+08+09+10+11+12+13+14-01-02-03-04-05-06-08-09-11-12125625???ADTASTBSTCATCDTCETCSTEATEDTEETEOFESTGMTHDTHSTHanIDTI, xrefs: 0100C8AC, 0100CAD9
  • +-./5:<=?CLMNPSUZ[\]`hms + @ P [%v(") )(), ->25: > CcCfCoCsLlLmLoLtLuMcMeMnNdNlNoPcPdPePfPiPoPsScSkSmSoYiZlZpZs")" ][]i)msnss us} G M P ) *( - < > m= n=%: +00+01+03+04+05+06+07+08+09+10+11+12+13+14-01-02-03-04-05-06-08-09-11-12125625???ADTASTBSTCAT, xrefs: 0100C996, 0100CBBE
  • (targetpc= KiB work, freeindex= gcwaiting= heap_live= idleprocs= in status mallocing= ms clock, nBSSRoots= p->status= s.nelems= schedtick= span.list= timerslen=, elemsize=, npages = /dev/stderr/dev/stdout30517578125: frame.sp=CloseHandleCreateFileWDeleteF, xrefs: 0100C885, 0100CAB2
Memory Dump Source
  • Source File: 00000000.00000002.2124398066.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
  • Associated: 00000000.00000002.2124322813.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124524807.000000000106C000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124663432.0000000001119000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124706630.000000000111D000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124743435.000000000111E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124784032.000000000111F000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124824878.0000000001128000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124851517.0000000001129000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000112D000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000115A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001175000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.0000000001178000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.000000000119F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125192678.00000000011F9000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125246417.00000000011FA000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_fc0000_main.jbxd
Similarity
  • API ID:
  • String ID: (targetpc= KiB work, freeindex= gcwaiting= heap_live= idleprocs= in status mallocing= ms clock, nBSSRoots= p->status= s.nelems= schedtick= span.list= timerslen=, elemsize=, npages = /dev/stderr/dev/stdout30517578125: frame.sp=CloseHandleCreateFileWDeleteF$ and cnt= h_a= h_g= h_t= max= ms, ptr siz= tab= top= u_a= u_g=+0330+0430+0530+0545+0630+0845+1030+1245+1345, ..., fp:-09301562578125<nil>AdlamBamumBatakBuhidDograErrorGreekKhmerLatinLimbuNushuOghamOriyaOsageRunicSTermTakriTamil] = (arrayclosedeferfalsefault$ args stack map entries for 18189894035458564758300781259094947017729282379150390625Aus Central W. Standard TimeCanada Central Standard TimeCen. Australia Standard TimeCentral Europe Standard TimeCertCreateCertificateContextFixedStack is not power-of-2GetFileI$ locals stack map entries for 227373675443232059478759765625Central European Standard TimeCentral Standard Time (Mexico)E. South America Standard TimeEastern Standard Time (Mexico)GODEBUG: unknown cpu feature "MapIter.Key called before NextPacific Standard Tim$ untyped args -thread limit1907348632812595367431640625CertCloseStoreCreateProcessWCryptGenRandomFindFirstFileWFormatMessageWGC assist waitGC worker initGetConsoleModeGetProcAddressGetUserNameExWMB; allocated NetUserGetInfoOther_ID_StartPattern_SyntaxProcess3$), ->25: > CcCfCoCsLlLmLoLtLuMcMeMnNdNlNoPcPdPePfPiPoPsScSkSmSoYiZlZpZs")" ][]i)msnss us} G M P ) *( - < > m= n=%: +00+01+03+04+05+06+07+08+09+10+11+12+13+14-01-02-03-04-05-06-08-09-11-12125625???ADTASTBSTCATCDTCETCSTEATEDTEETEOFESTGMTHDTHSTHanIDTI$+-./5:<=?CLMNPSUZ[\]`hms + @ P [%v(") )(), ->25: > CcCfCoCsLlLmLoLtLuMcMeMnNdNlNoPcPdPePfPiPoPsScSkSmSoYiZlZpZs")" ][]i)msnss us} G M P ) *( - < > m= n=%: +00+01+03+04+05+06+07+08+09+10+11+12+13+14-01-02-03-04-05-06-08-09-11-12125625???ADTASTBSTCAT$bad symbol tablecastogscanstatusgc: unswept spangcshrinkstackoffinteger overflowinvalid argumentinvalid exchangeinvalid g statusinvalid spdelta mSpanList.insertmSpanList.removemessage too longmissing stackmapnewmHandoff.lockno route to hostnon-Go functionobje$runtime: frame runtime: max = runtime: min = runtimer: bad pscan missed a gstartm: m has pstopm holding p already; errno= mheap.sweepgen= not in ranges: untyped locals , not a function0123456789ABCDEF0123456789abcdef2384185791015625CreateDirectoryWDnsNameComp$runtime: pcdata is runtime: preempt g0semaRoot rotateLeftskip this directorystopm holding lockssysMemStat overflowtoo many open filesunexpected g statusunknown wait reasonwinmm.dll not found markroot jobs done to unallocated span37252902984619140625Arabic Sta
  • API String ID: 0-779629231
  • Opcode ID: 74e786b1feb700d6b9a7561853d43551f82669186c011f11081b0957bd0954a5
  • Instruction ID: 3bbf3b5c2949fc485a767d38899c7b287556a8159a83bf88eaba03d6d6610083
  • Opcode Fuzzy Hash: 74e786b1feb700d6b9a7561853d43551f82669186c011f11081b0957bd0954a5
  • Instruction Fuzzy Hash: AD12A236209B8599DB609F15F8903AEB7A8F789780F518165EBCC83B69DF7CC094DB40
Strings
  • runtime:stoplockedm: lockedg (atomicstatus=unfinished open-coded defers in deferreturnunknown runnable goroutine during bootstrap using value obtained using unexported fieldcompileCallback: float results not supportedgcmarknewobject called while doing checkmar, xrefs: 00FFD3E5
  • stoplockedm: not runnableunexpected fault address unexpected key value type using unaddressable value1455191522836685180664062572759576141834259033203125Bougainville Standard TimeCentral Asia Standard TimeCertFreeCertificateContextE. Australia Standard TimeEka, xrefs: 00FFD590
  • , gp->atomicstatus=14901161193847656257450580596923828125Altai Standard TimeBahia Standard TimeCanadian_AboriginalChina Standard TimeCreateSymbolicLinkWCryptReleaseContextEgypt Standard TimeGC work not flushedGetCurrentProcessIdGetSystemDirectoryWGetTokenInfor, xrefs: 00FFD4BE
  • runtime: g: g=runtime: addr = runtime: base = runtime: gp: gp=runtime: head = runtime: nelems=schedule: in cgotime: bad [0-9]*workbuf is empty initialHeapLive= spinningthreads=, p.searchAddr = 0123456789ABCDEFX0123456789abcdefx1192092895507812559604644775390, xrefs: 00FFD510
  • stoplockedm: inconsistent lockingtimer period must be non-negativetoo many levels of symbolic linkswaiting for unsupported file type3552713678800500929355621337890625Other_Default_Ignorable_Code_PointSetFileCompletionNotificationModesVirtualQuery for stack bas, xrefs: 00FFD5A9
  • , goid=, j0 = 19531259765625AvestanBengaliBrailleChanDirCopySidCypriotDeseretElbasanElymaicGODEBUGGranthaHanunooIO waitKannadaMakasarMandaicMarchenMultaniMyanmarOsmanyaRadicalSharadaShavianSiddhamSinhalaSogdianSoyomboTagalogTibetanTirhutaUNKNOWNWSARecvWSASend, xrefs: 00FFD497, 00FFD537
  • !, xrefs: 00FFD5B4
  • , g->atomicstatus=, gp->atomicstatus=14901161193847656257450580596923828125Altai Standard TimeBahia Standard TimeCanadian_AboriginalChina Standard TimeCreateSymbolicLinkWCryptReleaseContextEgypt Standard TimeGC work not flushedGetCurrentProcessIdGetSystemDire, xrefs: 00FFD55E
  • ) is not Grunnable or Gscanrunnable0123456789abcdefghijklmnopqrstuvwxyz444089209850062616169452667236328125Go pointer stored into non-Go memoryUnable to determine system directoryaccessing a corrupted shared libraryruntime: VirtualQuery failed; errno=runtime:, xrefs: 00FFD40D
  • runtime: gp: gp=runtime: head = runtime: nelems=schedule: in cgotime: bad [0-9]*workbuf is empty initialHeapLive= spinningthreads=, p.searchAddr = 0123456789ABCDEFX0123456789abcdefx1192092895507812559604644775390625: missing method DnsRecordListFreeFLE Standar, xrefs: 00FFD470
Memory Dump Source
  • Source File: 00000000.00000002.2124398066.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
  • Associated: 00000000.00000002.2124322813.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124524807.000000000106C000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124663432.0000000001119000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124706630.000000000111D000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124743435.000000000111E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124784032.000000000111F000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124824878.0000000001128000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124851517.0000000001129000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000112D000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000115A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001175000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.0000000001178000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.000000000119F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125192678.00000000011F9000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125246417.00000000011FA000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_fc0000_main.jbxd
Similarity
  • API ID:
  • String ID: !$) is not Grunnable or Gscanrunnable0123456789abcdefghijklmnopqrstuvwxyz444089209850062616169452667236328125Go pointer stored into non-Go memoryUnable to determine system directoryaccessing a corrupted shared libraryruntime: VirtualQuery failed; errno=runtime:$, g->atomicstatus=, gp->atomicstatus=14901161193847656257450580596923828125Altai Standard TimeBahia Standard TimeCanadian_AboriginalChina Standard TimeCreateSymbolicLinkWCryptReleaseContextEgypt Standard TimeGC work not flushedGetCurrentProcessIdGetSystemDire$, goid=, j0 = 19531259765625AvestanBengaliBrailleChanDirCopySidCypriotDeseretElbasanElymaicGODEBUGGranthaHanunooIO waitKannadaMakasarMandaicMarchenMultaniMyanmarOsmanyaRadicalSharadaShavianSiddhamSinhalaSogdianSoyomboTagalogTibetanTirhutaUNKNOWNWSARecvWSASend$, gp->atomicstatus=14901161193847656257450580596923828125Altai Standard TimeBahia Standard TimeCanadian_AboriginalChina Standard TimeCreateSymbolicLinkWCryptReleaseContextEgypt Standard TimeGC work not flushedGetCurrentProcessIdGetSystemDirectoryWGetTokenInfor$runtime: g: g=runtime: addr = runtime: base = runtime: gp: gp=runtime: head = runtime: nelems=schedule: in cgotime: bad [0-9]*workbuf is empty initialHeapLive= spinningthreads=, p.searchAddr = 0123456789ABCDEFX0123456789abcdefx1192092895507812559604644775390$runtime: gp: gp=runtime: head = runtime: nelems=schedule: in cgotime: bad [0-9]*workbuf is empty initialHeapLive= spinningthreads=, p.searchAddr = 0123456789ABCDEFX0123456789abcdefx1192092895507812559604644775390625: missing method DnsRecordListFreeFLE Standar$runtime:stoplockedm: lockedg (atomicstatus=unfinished open-coded defers in deferreturnunknown runnable goroutine during bootstrap using value obtained using unexported fieldcompileCallback: float results not supportedgcmarknewobject called while doing checkmar$stoplockedm: inconsistent lockingtimer period must be non-negativetoo many levels of symbolic linkswaiting for unsupported file type3552713678800500929355621337890625Other_Default_Ignorable_Code_PointSetFileCompletionNotificationModesVirtualQuery for stack bas$stoplockedm: not runnableunexpected fault address unexpected key value type using unaddressable value1455191522836685180664062572759576141834259033203125Bougainville Standard TimeCentral Asia Standard TimeCertFreeCertificateContextE. Australia Standard TimeEka
  • API String ID: 0-3824092405
  • Opcode ID: fdd7fc5901013b539443f6e48733ab2dc1a37f76737a8a7e204e2204cfbef394
  • Instruction ID: fe4a12934b7aa9106718ca3afa7637a90e33ad0ed3dbe3d3cc94234d81a5fcf3
  • Opcode Fuzzy Hash: fdd7fc5901013b539443f6e48733ab2dc1a37f76737a8a7e204e2204cfbef394
  • Instruction Fuzzy Hash: 1361D036619B4989DB40EB15F8853AAB7A4FB88B84F508061EBCD47B29DF7CC185DB10
Strings
  • objectpopcntselectsocketstringstructsweep sysmontimersuint16uint32uint64 (scan (scan) MB in Value> allocs dying= locks= m->g0= nmsys= s=nil zombie, goid=, j0 = 19531259765625AvestanBengaliBrailleChanDirCopySidCypriotDeseretElbasanElymaicGODEBUGGranthaHanuno, xrefs: 00FD3185
  • runtime: pointer runtime: summary[runtime: textOff runtime: typeOff scanobject n == 0select (no cases)stack: frame={sp:swept cached spanthread exhaustionunknown caller pcwait for GC cyclewrong medium type but memory size because dotdotdot to non-Go memory , , xrefs: 00FD2FD2
  • span.limit= span.state= sysmonwait= wbuf1=<nil> wbuf2=<nil>) p->status=-byte limit152587890625762939453125Bidi_ControlGetAddrInfoWGetConsoleCPGetLastErrorGetLengthSidGetStdHandleGetTempPathWJoin_ControlLoadLibraryWMeetei_MayekPahawh_HmongReadConsoleWRevertTo, xrefs: 00FD3079
  • runtime: found in object at *(runtime: impossible type kind socket operation on non-socketsync: inconsistent mutex statesync: unlock of unlocked mutex) not in usable address space: ...additional frames elided....lib section in a.out corrupted11368683772161602, xrefs: 00FD3118
  • span.base()= syscalltick= work.nproc= work.nwait= , gp->status=, not pointer-byte block (3814697265625CertOpenStoreFindNextFileWFreeAddrInfoWGC sweep waitGunjala_GondiMapViewOfFileMasaram_GondiMende_KikakuiOld_HungarianRegDeleteKeyWRegEnumKeyExWRegEnumValueW, xrefs: 00FD3052
  • to unallocated span37252902984619140625Arabic Standard TimeAzores Standard TimeCertOpenSystemStoreWCreateProcessAsUserWCryptAcquireContextWEgyptian_HieroglyphsGetAcceptExSockaddrsGetAdaptersAddressesGetCurrentDirectoryWGetFileAttributesExWGetProcessMemoryInfo, xrefs: 00FD3018
  • found bad pointer in Go heap (incorrect use of unsafe or cgo?)runtime: internal error: misuse of lockOSThread/unlockOSThreadcompileCallback: expected function with one uintptr-sized resultruntime.SetFinalizer: pointer not at beginning of allocated blockstrconv, xrefs: 00FD31CD
  • +-./5:<=?CLMNPSUZ[\]`hms + @ P [%v(") )(), ->25: > CcCfCoCsLlLmLoLtLuMcMeMnNdNlNoPcPdPePfPiPoPsScSkSmSoYiZlZpZs")" ][]i)msnss us} G M P ) *( - < > m= n=%: +00+01+03+04+05+06+07+08+09+10+11+12+13+14-01-02-03-04-05-06-08-09-11-12125625???ADTASTBSTCAT, xrefs: 00FD313F
  • >, xrefs: 00FD31D8
  • to unused region of span2910383045673370361328125AUS Central Standard TimeAUS Eastern Standard TimeAfghanistan Standard TimeExpandEnvironmentStringsWGODEBUG: can not enable "GetFinalPathNameByHandleWGetQueuedCompletionStatusKaliningrad Standard TimeMiddle Eas, xrefs: 00FD30F0
Memory Dump Source
  • Source File: 00000000.00000002.2124398066.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
  • Associated: 00000000.00000002.2124322813.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124524807.000000000106C000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124663432.0000000001119000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124706630.000000000111D000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124743435.000000000111E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124784032.000000000111F000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124824878.0000000001128000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124851517.0000000001129000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000112D000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000115A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001175000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.0000000001178000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.000000000119F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125192678.00000000011F9000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125246417.00000000011FA000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_fc0000_main.jbxd
Similarity
  • API ID:
  • String ID: span.base()= syscalltick= work.nproc= work.nwait= , gp->status=, not pointer-byte block (3814697265625CertOpenStoreFindNextFileWFreeAddrInfoWGC sweep waitGunjala_GondiMapViewOfFileMasaram_GondiMende_KikakuiOld_HungarianRegDeleteKeyWRegEnumKeyExWRegEnumValueW$ span.limit= span.state= sysmonwait= wbuf1=<nil> wbuf2=<nil>) p->status=-byte limit152587890625762939453125Bidi_ControlGetAddrInfoWGetConsoleCPGetLastErrorGetLengthSidGetStdHandleGetTempPathWJoin_ControlLoadLibraryWMeetei_MayekPahawh_HmongReadConsoleWRevertTo$ to unallocated span37252902984619140625Arabic Standard TimeAzores Standard TimeCertOpenSystemStoreWCreateProcessAsUserWCryptAcquireContextWEgyptian_HieroglyphsGetAcceptExSockaddrsGetAdaptersAddressesGetCurrentDirectoryWGetFileAttributesExWGetProcessMemoryInfo$ to unused region of span2910383045673370361328125AUS Central Standard TimeAUS Eastern Standard TimeAfghanistan Standard TimeExpandEnvironmentStringsWGODEBUG: can not enable "GetFinalPathNameByHandleWGetQueuedCompletionStatusKaliningrad Standard TimeMiddle Eas$+-./5:<=?CLMNPSUZ[\]`hms + @ P [%v(") )(), ->25: > CcCfCoCsLlLmLoLtLuMcMeMnNdNlNoPcPdPePfPiPoPsScSkSmSoYiZlZpZs")" ][]i)msnss us} G M P ) *( - < > m= n=%: +00+01+03+04+05+06+07+08+09+10+11+12+13+14-01-02-03-04-05-06-08-09-11-12125625???ADTASTBSTCAT$>$found bad pointer in Go heap (incorrect use of unsafe or cgo?)runtime: internal error: misuse of lockOSThread/unlockOSThreadcompileCallback: expected function with one uintptr-sized resultruntime.SetFinalizer: pointer not at beginning of allocated blockstrconv$objectpopcntselectsocketstringstructsweep sysmontimersuint16uint32uint64 (scan (scan) MB in Value> allocs dying= locks= m->g0= nmsys= s=nil zombie, goid=, j0 = 19531259765625AvestanBengaliBrailleChanDirCopySidCypriotDeseretElbasanElymaicGODEBUGGranthaHanuno$runtime: found in object at *(runtime: impossible type kind socket operation on non-socketsync: inconsistent mutex statesync: unlock of unlocked mutex) not in usable address space: ...additional frames elided....lib section in a.out corrupted11368683772161602$runtime: pointer runtime: summary[runtime: textOff runtime: typeOff scanobject n == 0select (no cases)stack: frame={sp:swept cached spanthread exhaustionunknown caller pcwait for GC cyclewrong medium type but memory size because dotdotdot to non-Go memory ,
  • API String ID: 0-3237121216
  • Opcode ID: 7776400c767a05e63b8ddbb9d108844eb7ee7e14bd893a5f33248e8a72d98f76
  • Instruction ID: 4bc4df024432982371c471ae87e1bbdc54ba45e16f9db28ba1e29ea73df29caa
  • Opcode Fuzzy Hash: 7776400c767a05e63b8ddbb9d108844eb7ee7e14bd893a5f33248e8a72d98f76
  • Instruction Fuzzy Hash: B551D336519F4994DA00AB51F8853AEB7A8FB48780F518061EBCC43B7ADF7CC195EB11
Strings
  • runtime: sudog with non-nil nextruntime: sudog with non-nil prevscanstack: goroutine not stoppedslice bounds out of range [%x::]slice bounds out of range [:%x:]slice bounds out of range [::%x]software caused connection abortsweep increased allocation countuse , xrefs: 00FF9417
  • runtime: sudog with non-nil waitlinkruntime: unblock on closing polldescruntime: wrong goroutine in newstackstrings.Builder.Grow: negative countsyntax error scanning complex numberuncaching span but s.allocCount == 0) is smaller than minimum page size (2220446, xrefs: 00FF93E5
  • runtime: mcall called on m->g0 stackruntime: sudog with non-nil waitlinkruntime: unblock on closing polldescruntime: wrong goroutine in newstackstrings.Builder.Grow: negative countsyntax error scanning complex numberuncaching span but s.allocCount == 0) is sma, xrefs: 00FF94A4
  • runtime: releaseSudog with non-nil gp.paramruntime:stoplockedm: lockedg (atomicstatus=unfinished open-coded defers in deferreturnunknown runnable goroutine during bootstrap using value obtained using unexported fieldcompileCallback: float results not supported, xrefs: 00FF93B0
  • $, xrefs: 00FF94AF
  • runtime: sudog with non-false isSelect277555756156289135105907917022705078125heapBitsSetTypeGCProg: small allocationmismatched count during itab table copymspan.sweep: bad span state after sweepout of memory allocating heap arena mapruntime: blocked write on f, xrefs: 00FF9430
  • runtime: sudog with non-nil elemruntime: sudog with non-nil nextruntime: sudog with non-nil prevscanstack: goroutine not stoppedslice bounds out of range [%x::]slice bounds out of range [:%x:]slice bounds out of range [::%x]software caused connection abortswee, xrefs: 00FF9449
  • runtime: sudog with non-nil prevscanstack: goroutine not stoppedslice bounds out of range [%x::]slice bounds out of range [:%x:]slice bounds out of range [::%x]software caused connection abortsweep increased allocation countuse of closed network connection of , xrefs: 00FF93FE
  • runtime: sudog with non-nil cruntime: summary max pages = runtime: unknown pc in defer semacquire not on the G stackstring concatenation too longsyntax error scanning booleantimeBegin/EndPeriod not foundtoo many open files in system (types from different scope, xrefs: 00FF93C9
Memory Dump Source
  • Source File: 00000000.00000002.2124398066.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
  • Associated: 00000000.00000002.2124322813.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124524807.000000000106C000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124663432.0000000001119000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124706630.000000000111D000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124743435.000000000111E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124784032.000000000111F000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124824878.0000000001128000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124851517.0000000001129000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000112D000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000115A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001175000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.0000000001178000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.000000000119F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125192678.00000000011F9000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125246417.00000000011FA000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_fc0000_main.jbxd
Similarity
  • API ID:
  • String ID: $$runtime: mcall called on m->g0 stackruntime: sudog with non-nil waitlinkruntime: unblock on closing polldescruntime: wrong goroutine in newstackstrings.Builder.Grow: negative countsyntax error scanning complex numberuncaching span but s.allocCount == 0) is sma$runtime: releaseSudog with non-nil gp.paramruntime:stoplockedm: lockedg (atomicstatus=unfinished open-coded defers in deferreturnunknown runnable goroutine during bootstrap using value obtained using unexported fieldcompileCallback: float results not supported$runtime: sudog with non-false isSelect277555756156289135105907917022705078125heapBitsSetTypeGCProg: small allocationmismatched count during itab table copymspan.sweep: bad span state after sweepout of memory allocating heap arena mapruntime: blocked write on f$runtime: sudog with non-nil cruntime: summary max pages = runtime: unknown pc in defer semacquire not on the G stackstring concatenation too longsyntax error scanning booleantimeBegin/EndPeriod not foundtoo many open files in system (types from different scope$runtime: sudog with non-nil elemruntime: sudog with non-nil nextruntime: sudog with non-nil prevscanstack: goroutine not stoppedslice bounds out of range [%x::]slice bounds out of range [:%x:]slice bounds out of range [::%x]software caused connection abortswee$runtime: sudog with non-nil nextruntime: sudog with non-nil prevscanstack: goroutine not stoppedslice bounds out of range [%x::]slice bounds out of range [:%x:]slice bounds out of range [::%x]software caused connection abortsweep increased allocation countuse $runtime: sudog with non-nil prevscanstack: goroutine not stoppedslice bounds out of range [%x::]slice bounds out of range [:%x:]slice bounds out of range [::%x]software caused connection abortsweep increased allocation countuse of closed network connection of $runtime: sudog with non-nil waitlinkruntime: unblock on closing polldescruntime: wrong goroutine in newstackstrings.Builder.Grow: negative countsyntax error scanning complex numberuncaching span but s.allocCount == 0) is smaller than minimum page size (2220446
  • API String ID: 0-2886267719
  • Opcode ID: ec33d1dc1a4ac419a105756c34b497693a89aafbe783f14e278a713ad40b2ac9
  • Instruction ID: 0ab2e6e450865855aa4fba50c65d9048de60082d90031cbe0b07a19484105097
  • Opcode Fuzzy Hash: ec33d1dc1a4ac419a105756c34b497693a89aafbe783f14e278a713ad40b2ac9
  • Instruction Fuzzy Hash: 25A14732609B89C5CB109F10E4843ADB7B9F789B94F949526DB8C577A8CFB8C495DB00
Strings
  • ), xrefs: 00FE72A2
  • sweepgen sweepgen= targetpc= throwing= until pc=, bound = , limit = /dev/stdin12207031256103515625Bad varintCancelIoExChorasmianCreatePipeDeprecatedDevanagariDnsQuery_WException GC forcedGOMAXPROCSGetIfEntryGetVersionGlagoliticKharoshthiLockFileExManichaean, xrefs: 00FE720C
  • mheap.freeSpanLocked - invalid stack freeobjects added out of order or overlappingreflect: FieldByIndex of non-struct type runtime.SetFinalizer: second argument is runtime: blocked read on closing polldescruntime: typeBitsBulkBarrier without typestopTheWorld: , xrefs: 00FE727E
  • ptr siz= tab= top= u_a= u_g=+0330+0430+0530+0545+0630+0845+1030+1245+1345, ..., fp:-09301562578125<nil>AdlamBamumBatakBuhidDograErrorGreekKhmerLatinLimbuNushuOghamOriyaOsageRunicSTermTakriTamil] = (arrayclosedeferfalsefaultgFreegcinggscanhchaninit int16int32, xrefs: 00FE71B9
  • mheap.freeSpanLocked - invalid freenetwork dropped connection on resetpersistentalloc: align is too largepidleput: P has non-empty run queueruntime: close polldesc w/o unblockruntime: createevent failed; errno=traceback did not unwind completelytransport endpo, xrefs: 00FE7265
  • /5:<=?CLMNPSUZ[\]`hms + @ P [%v(") )(), ->25: > CcCfCoCsLlLmLoLtLuMcMeMnNdNlNoPcPdPePfPiPoPsScSkSmSoYiZlZpZs")" ][]i)msnss us} G M P ) *( - < > m= n=%: +00+01+03+04+05+06+07+08+09+10+11+12+13+14-01-02-03-04-05-06-08-09-11-12125625???ADTASTBSTCATCDT, xrefs: 00FE7233
  • mheap.freeSpanLocked - invalid span statemheap.freeSpanLocked - invalid stack freeobjects added out of order or overlappingreflect: FieldByIndex of non-struct type runtime.SetFinalizer: second argument is runtime: blocked read on closing polldescruntime: typeB, xrefs: 00FE7297
  • mheap.freeSpanLocked - span missing stack in shrinkstackmspan.sweep: m is not lockednewproc1: new g is not Gdeadnewproc1: newg missing stackos: process already finishedprotocol driver not attachedreflect: In of non-func typeregion exceeds uintptr rangeruntime., xrefs: 00FE7192
  • allocCount found at *( gcscandone m->gsignal= minTrigger= nDataRoots= nSpanRoots= pages/byte preemptoff= s.elemsize= s.sweepgen= span.limit= span.state= sysmonwait= wbuf1=<nil> wbuf2=<nil>) p->status=-byte limit152587890625762939453125Bidi_ControlGetAddrI, xrefs: 00FE71E5
Memory Dump Source
  • Source File: 00000000.00000002.2124398066.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
  • Associated: 00000000.00000002.2124322813.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124524807.000000000106C000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124663432.0000000001119000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124706630.000000000111D000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124743435.000000000111E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124784032.000000000111F000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124824878.0000000001128000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124851517.0000000001129000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000112D000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000115A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001175000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.0000000001178000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.000000000119F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125192678.00000000011F9000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125246417.00000000011FA000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_fc0000_main.jbxd
Similarity
  • API ID:
  • String ID: allocCount found at *( gcscandone m->gsignal= minTrigger= nDataRoots= nSpanRoots= pages/byte preemptoff= s.elemsize= s.sweepgen= span.limit= span.state= sysmonwait= wbuf1=<nil> wbuf2=<nil>) p->status=-byte limit152587890625762939453125Bidi_ControlGetAddrI$ ptr siz= tab= top= u_a= u_g=+0330+0430+0530+0545+0630+0845+1030+1245+1345, ..., fp:-09301562578125<nil>AdlamBamumBatakBuhidDograErrorGreekKhmerLatinLimbuNushuOghamOriyaOsageRunicSTermTakriTamil] = (arrayclosedeferfalsefaultgFreegcinggscanhchaninit int16int32$ sweepgen sweepgen= targetpc= throwing= until pc=, bound = , limit = /dev/stdin12207031256103515625Bad varintCancelIoExChorasmianCreatePipeDeprecatedDevanagariDnsQuery_WException GC forcedGOMAXPROCSGetIfEntryGetVersionGlagoliticKharoshthiLockFileExManichaean$)$/5:<=?CLMNPSUZ[\]`hms + @ P [%v(") )(), ->25: > CcCfCoCsLlLmLoLtLuMcMeMnNdNlNoPcPdPePfPiPoPsScSkSmSoYiZlZpZs")" ][]i)msnss us} G M P ) *( - < > m= n=%: +00+01+03+04+05+06+07+08+09+10+11+12+13+14-01-02-03-04-05-06-08-09-11-12125625???ADTASTBSTCATCDT$mheap.freeSpanLocked - invalid freenetwork dropped connection on resetpersistentalloc: align is too largepidleput: P has non-empty run queueruntime: close polldesc w/o unblockruntime: createevent failed; errno=traceback did not unwind completelytransport endpo$mheap.freeSpanLocked - invalid span statemheap.freeSpanLocked - invalid stack freeobjects added out of order or overlappingreflect: FieldByIndex of non-struct type runtime.SetFinalizer: second argument is runtime: blocked read on closing polldescruntime: typeB$mheap.freeSpanLocked - invalid stack freeobjects added out of order or overlappingreflect: FieldByIndex of non-struct type runtime.SetFinalizer: second argument is runtime: blocked read on closing polldescruntime: typeBitsBulkBarrier without typestopTheWorld: $mheap.freeSpanLocked - span missing stack in shrinkstackmspan.sweep: m is not lockednewproc1: new g is not Gdeadnewproc1: newg missing stackos: process already finishedprotocol driver not attachedreflect: In of non-func typeregion exceeds uintptr rangeruntime.
  • API String ID: 0-1750835404
  • Opcode ID: 6172b7478c6791e8f009c0f260afa0cad25c79168b8f23e7aaed69fa6ab01929
  • Instruction ID: a581a963c90a892ad544390dc4dd15d53d30613d45134a5f9c00d1a52dd40479
  • Opcode Fuzzy Hash: 6172b7478c6791e8f009c0f260afa0cad25c79168b8f23e7aaed69fa6ab01929
  • Instruction Fuzzy Hash: 10A17A33609B8585DB00AF15F8803AAB7A5F789B94F548126EBCD07B69DF7CC496DB00
Strings
  • , not 390625<-chanArabicBrahmiCarianChakmaCommonCopticFormatGOROOTGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLepchaLycianLydianRejangSCHED StringSyriacTai_LeTangutTeluguThaanaType: UTC+12UTC+13UTC-02UTC-08UTC-09UTC-11WanchoYezidi[]bytechan<-efencego1.16li, xrefs: 00FC735F
  • (types from different scopes) in prepareForSweep; sweepgen locals stack map entries for 227373675443232059478759765625Central European Standard TimeCentral Standard Time (Mexico)E. South America Standard TimeEastern Standard Time (Mexico)GODEBUG: unknown cpu, xrefs: 00FC7515
  • interface conversion: kernel32.dll not foundminpc or maxpc invalidnetwork is unreachablenon-Go function at pc=oldoverflow is not nilprotocol not availableprotocol not supportedremote address changedruntime.main not on m0runtime: work.nwait = runtime:scanstack:, xrefs: 00FC72FC, 00FC7573, 00FC7667
  • : missing method DnsRecordListFreeFLE Standard TimeGC assist markingGMT Standard TimeGTB Standard TimeGetCurrentProcessGetShortPathNameWLookupAccountSidWOld_North_ArabianOld_South_ArabianOther_ID_ContinueRegLoadMUIStringWSentence_TerminalSystemFunction036Unifi, xrefs: 00FC75D6
  • , xrefs: 00FC74BC
  • is lr: of on pc= sp: sp=) = ) m=+Inf-Inf3125: p=ACDTACSTAEDTAESTAKDTAKSTAWSTAhomCESTChamDashEESTGOGCLEAFLisuMiaoModiNZDTNZSTNewaSASTThaim=] = ] n=allgallpavx2basebindbmi1bmi2boolcallcas1cas2cas3cas4cas5cas6chandeadermsfilefuncidleint8itabkindpipeprofread, xrefs: 00FC7334
  • is nil, not nStackRoots= s.spanclass= span.base()= syscalltick= work.nproc= work.nwait= , gp->status=, not pointer-byte block (3814697265625CertOpenStoreFindNextFileWFreeAddrInfoWGC sweep waitGunjala_GondiMapViewOfFileMasaram_GondiMende_KikakuiOld_Hungarian, xrefs: 00FC7693
  • is not mcount= minutes nalloc= newval= nfreed= packed= pointer stack=[ status 48828125AcceptExArmenianBalineseBopomofoBugineseCancelIoCherokeeCyrillicDuployanEthiopicExtenderGeorgianGoStringGujaratiGurmukhiHiraganaJavaneseKatakanaKayah_LiLinear_ALinear_BMaha, xrefs: 00FC759E
  • (types from different packages)28421709430404007434844970703125CertAddCertificateContextToStoreCertVerifyCertificateChainPolicyMapIter.Value called before NextWSAGetOverlappedResult not found" not supported for cpu option "bufio: invalid use of UnreadBytebufi, xrefs: 00FC74B0
Memory Dump Source
  • Source File: 00000000.00000002.2124398066.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
  • Associated: 00000000.00000002.2124322813.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124524807.000000000106C000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124663432.0000000001119000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124706630.000000000111D000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124743435.000000000111E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124784032.000000000111F000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124824878.0000000001128000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124851517.0000000001129000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000112D000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000115A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001175000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.0000000001178000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.000000000119F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125192678.00000000011F9000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125246417.00000000011FA000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_fc0000_main.jbxd
Similarity
  • API ID:
  • String ID: $ (types from different packages)28421709430404007434844970703125CertAddCertificateContextToStoreCertVerifyCertificateChainPolicyMapIter.Value called before NextWSAGetOverlappedResult not found" not supported for cpu option "bufio: invalid use of UnreadBytebufi$ (types from different scopes) in prepareForSweep; sweepgen locals stack map entries for 227373675443232059478759765625Central European Standard TimeCentral Standard Time (Mexico)E. South America Standard TimeEastern Standard Time (Mexico)GODEBUG: unknown cpu$ is lr: of on pc= sp: sp=) = ) m=+Inf-Inf3125: p=ACDTACSTAEDTAESTAKDTAKSTAWSTAhomCESTChamDashEESTGOGCLEAFLisuMiaoModiNZDTNZSTNewaSASTThaim=] = ] n=allgallpavx2basebindbmi1bmi2boolcallcas1cas2cas3cas4cas5cas6chandeadermsfilefuncidleint8itabkindpipeprofread$ is nil, not nStackRoots= s.spanclass= span.base()= syscalltick= work.nproc= work.nwait= , gp->status=, not pointer-byte block (3814697265625CertOpenStoreFindNextFileWFreeAddrInfoWGC sweep waitGunjala_GondiMapViewOfFileMasaram_GondiMende_KikakuiOld_Hungarian$ is not mcount= minutes nalloc= newval= nfreed= packed= pointer stack=[ status 48828125AcceptExArmenianBalineseBopomofoBugineseCancelIoCherokeeCyrillicDuployanEthiopicExtenderGeorgianGoStringGujaratiGurmukhiHiraganaJavaneseKatakanaKayah_LiLinear_ALinear_BMaha$, not 390625<-chanArabicBrahmiCarianChakmaCommonCopticFormatGOROOTGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLepchaLycianLydianRejangSCHED StringSyriacTai_LeTangutTeluguThaanaType: UTC+12UTC+13UTC-02UTC-08UTC-09UTC-11WanchoYezidi[]bytechan<-efencego1.16li$: missing method DnsRecordListFreeFLE Standard TimeGC assist markingGMT Standard TimeGTB Standard TimeGetCurrentProcessGetShortPathNameWLookupAccountSidWOld_North_ArabianOld_South_ArabianOther_ID_ContinueRegLoadMUIStringWSentence_TerminalSystemFunction036Unifi$interface conversion: kernel32.dll not foundminpc or maxpc invalidnetwork is unreachablenon-Go function at pc=oldoverflow is not nilprotocol not availableprotocol not supportedremote address changedruntime.main not on m0runtime: work.nwait = runtime:scanstack:
  • API String ID: 0-2943211360
  • Opcode ID: 25810addf9c9e6c85fc990ea74fe5b0cb3f0ef6b4d9d849c8d274e5ba10cf559
  • Instruction ID: 636f222a0f18a493374920790663b04ce1a4eb62bd971e763eaa822a05fd2ba4
  • Opcode Fuzzy Hash: 25810addf9c9e6c85fc990ea74fe5b0cb3f0ef6b4d9d849c8d274e5ba10cf559
  • Instruction Fuzzy Hash: 8EC19B36208F85C5DB64DB05F48039AB7A4F788794F54852AEACC47B69DF7CC1A4CB40
Strings
  • called using nil *, g->atomicstatus=, gp->atomicstatus=14901161193847656257450580596923828125Altai Standard TimeBahia Standard TimeCanadian_AboriginalChina Standard TimeCreateSymbolicLinkWCryptReleaseContextEgypt Standard TimeGC work not flushedGetCurrentPro, xrefs: 00FC9217
  • pointer stack=[ status 48828125AcceptExArmenianBalineseBopomofoBugineseCancelIoCherokeeCyrillicDuployanEthiopicExtenderGeorgianGoStringGujaratiGurmukhiHiraganaJavaneseKatakanaKayah_LiLinear_ALinear_BMahajaniOl_ChikiPhags_PaReadFileTagbanwaTai_ThamTai_VietTifi, xrefs: 00FC9242
  • 1, xrefs: 00FC9379
  • ./5:<=?CLMNPSUZ[\]`hms + @ P [%v(") )(), ->25: > CcCfCoCsLlLmLoLtLuMcMeMnNdNlNoPcPdPePfPiPoPsScSkSmSoYiZlZpZs")" ][]i)msnss us} G M P ) *( - < > m= n=%: +00+01+03+04+05+06+07+08+09+10+11+12+13+14-01-02-03-04-05-06-08-09-11-12125625???ADTASTBSTCATCD, xrefs: 00FC91AB
  • value method xadd64 failedxchg64 failed}sched={pc: but progSize nmidlelocked= on zero Value out of range procedure in to finalizer untyped args -thread limit1907348632812595367431640625CertCloseStoreCreateProcessWCryptGenRandomFindFirstFileWFormatMessag, xrefs: 00FC9173
  • panicwrap: unexpected string after package name: reflect.Value.Slice: slice of unaddressable arrayruntime: unexpected waitm - semaphore out of syncs.allocCount != s.nelems && freeIndex == s.nelemsslice bounds out of range [::%x] with capacity %ystrconv: intern, xrefs: 00FC936D
  • panicwrap: no ( in panicwrap: no ) in reflect.Value.Fieldreflect.Value.Floatreflect.Value.Indexreflect.Value.IsNilreflect.Value.Sliceruntime: g0 stack [runtime: pcdata is runtime: preempt g0semaRoot rotateLeftskip this directorystopm holding lockssysMemStat ov, xrefs: 00FC93CE
  • panicwrap: no ) in reflect.Value.Fieldreflect.Value.Floatreflect.Value.Indexreflect.Value.IsNilreflect.Value.Sliceruntime: g0 stack [runtime: pcdata is runtime: preempt g0semaRoot rotateLeftskip this directorystopm holding lockssysMemStat overflowtoo many open, xrefs: 00FC9318
  • panicwrap: unexpected string after type name: reflect.Value.Slice: slice index out of boundsreflect: nil type passed to Type.ConvertibleToreleased less than one physical page of memoryruntime: failed to create new OS thread (have runtime: name offset base poin, xrefs: 00FC92C7
Memory Dump Source
  • Source File: 00000000.00000002.2124398066.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
  • Associated: 00000000.00000002.2124322813.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124524807.000000000106C000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124663432.0000000001119000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124706630.000000000111D000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124743435.000000000111E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124784032.000000000111F000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124824878.0000000001128000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124851517.0000000001129000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000112D000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000115A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001175000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.0000000001178000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.000000000119F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125192678.00000000011F9000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125246417.00000000011FA000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_fc0000_main.jbxd
Similarity
  • API ID:
  • String ID: called using nil *, g->atomicstatus=, gp->atomicstatus=14901161193847656257450580596923828125Altai Standard TimeBahia Standard TimeCanadian_AboriginalChina Standard TimeCreateSymbolicLinkWCryptReleaseContextEgypt Standard TimeGC work not flushedGetCurrentPro$ pointer stack=[ status 48828125AcceptExArmenianBalineseBopomofoBugineseCancelIoCherokeeCyrillicDuployanEthiopicExtenderGeorgianGoStringGujaratiGurmukhiHiraganaJavaneseKatakanaKayah_LiLinear_ALinear_BMahajaniOl_ChikiPhags_PaReadFileTagbanwaTai_ThamTai_VietTifi$./5:<=?CLMNPSUZ[\]`hms + @ P [%v(") )(), ->25: > CcCfCoCsLlLmLoLtLuMcMeMnNdNlNoPcPdPePfPiPoPsScSkSmSoYiZlZpZs")" ][]i)msnss us} G M P ) *( - < > m= n=%: +00+01+03+04+05+06+07+08+09+10+11+12+13+14-01-02-03-04-05-06-08-09-11-12125625???ADTASTBSTCATCD$1$panicwrap: no ( in panicwrap: no ) in reflect.Value.Fieldreflect.Value.Floatreflect.Value.Indexreflect.Value.IsNilreflect.Value.Sliceruntime: g0 stack [runtime: pcdata is runtime: preempt g0semaRoot rotateLeftskip this directorystopm holding lockssysMemStat ov$panicwrap: no ) in reflect.Value.Fieldreflect.Value.Floatreflect.Value.Indexreflect.Value.IsNilreflect.Value.Sliceruntime: g0 stack [runtime: pcdata is runtime: preempt g0semaRoot rotateLeftskip this directorystopm holding lockssysMemStat overflowtoo many open$panicwrap: unexpected string after package name: reflect.Value.Slice: slice of unaddressable arrayruntime: unexpected waitm - semaphore out of syncs.allocCount != s.nelems && freeIndex == s.nelemsslice bounds out of range [::%x] with capacity %ystrconv: intern$panicwrap: unexpected string after type name: reflect.Value.Slice: slice index out of boundsreflect: nil type passed to Type.ConvertibleToreleased less than one physical page of memoryruntime: failed to create new OS thread (have runtime: name offset base poin$value method xadd64 failedxchg64 failed}sched={pc: but progSize nmidlelocked= on zero Value out of range procedure in to finalizer untyped args -thread limit1907348632812595367431640625CertCloseStoreCreateProcessWCryptGenRandomFindFirstFileWFormatMessag
  • API String ID: 0-1549365532
  • Opcode ID: 23b74613fca7cfe7a65f4dfbcc3795c08e8c4718bdca7ae2994eece42fd91cb2
  • Instruction ID: 6fdd8b9e02004b7f66e3f67a6edee7e81c7c89180f6213f7ec450f06bffe588d
  • Opcode Fuzzy Hash: 23b74613fca7cfe7a65f4dfbcc3795c08e8c4718bdca7ae2994eece42fd91cb2
  • Instruction Fuzzy Hash: C5B1E236209F8285DA60DF11F8843AEB7A8F789790F548529EACC47B69DF7CC194CB40
Strings
  • memprofi, xrefs: 01006A42
  • memprofi, xrefs: 01006AF5
  • memprofi, xrefs: 01006AE6
  • =, xrefs: 0100692F
  • lera, xrefs: 0100699D
  • memprofi, xrefs: 0100698E
  • GODEBUGGranthaHanunooIO waitKannadaMakasarMandaicMarchenMultaniMyanmarOsmanyaRadicalSharadaShavianSiddhamSinhalaSogdianSoyomboTagalogTibetanTirhutaUNKNOWNWSARecvWSASendtypes value=connectconsolecpuproffloat32float64forcegcgctracehead = invalidpanic: runnings, xrefs: 0100689C
  • memprofi, xrefs: 01006AA6
  • GOTRACEBACKGetFileTypeIdeographicMedefaidrinMoveFileExWNandinagariNetShareAddNetShareDelNew_Tai_LueOld_PersianOld_SogdianOpenProcessPau_Cin_HauRegCloseKeySetFileTimeSignWritingSoft_DottedVirtualLockWSARecvFromWarang_CitiWhite_SpaceassistQueuebad addressbad m v, xrefs: 01006B6F
Memory Dump Source
  • Source File: 00000000.00000002.2124398066.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
  • Associated: 00000000.00000002.2124322813.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124524807.000000000106C000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124663432.0000000001119000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124706630.000000000111D000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124743435.000000000111E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124784032.000000000111F000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124824878.0000000001128000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124851517.0000000001129000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000112D000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000115A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001175000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.0000000001178000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.000000000119F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125192678.00000000011F9000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125246417.00000000011FA000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_fc0000_main.jbxd
Similarity
  • API ID:
  • String ID: =$GODEBUGGranthaHanunooIO waitKannadaMakasarMandaicMarchenMultaniMyanmarOsmanyaRadicalSharadaShavianSiddhamSinhalaSogdianSoyomboTagalogTibetanTirhutaUNKNOWNWSARecvWSASendtypes value=connectconsolecpuproffloat32float64forcegcgctracehead = invalidpanic: runnings$GOTRACEBACKGetFileTypeIdeographicMedefaidrinMoveFileExWNandinagariNetShareAddNetShareDelNew_Tai_LueOld_PersianOld_SogdianOpenProcessPau_Cin_HauRegCloseKeySetFileTimeSignWritingSoft_DottedVirtualLockWSARecvFromWarang_CitiWhite_SpaceassistQueuebad addressbad m v$lera$memprofi$memprofi$memprofi$memprofi$memprofi
  • API String ID: 0-2582884222
  • Opcode ID: 5896955a7077985beaf4e801d9a55d49cc4bec6e213a1ac9e9b06047bd516e12
  • Instruction ID: dd45ee54c4dfd122e7c76ab29f66dd26a0ba3d3acb32c316d35bbac920e1328f
  • Opcode Fuzzy Hash: 5896955a7077985beaf4e801d9a55d49cc4bec6e213a1ac9e9b06047bd516e12
  • Instruction Fuzzy Hash: D8815C76209B81C1EA01DF16F5803AABBA5F389BD0F149915EBCD47BA9DB7DC194CB00
Strings
  • ., xrefs: 00FE3E70
  • (bad use of unsafe.Pointer? try -d=checkptr)compileCallback: float arguments not supportedmemory reservation exceeds address space limitpanicwrap: unexpected string after type name: reflect.Value.Slice: slice index out of boundsreflect: nil type passed to Ty, xrefs: 00FE3E65
  • marked ms cpu, not in [ runtime= s.limit= s.state= threads= u_a/u_g= unmarked wbuf1.n= wbuf2.n=(unknown), newval=, oldval=, size = , tail = 244140625: status=Bassa_VahBhaiksukiCuneiformDiacriticFindCloseHex_DigitInheritedInterfaceKhudawadiLocalFreeMalayala, xrefs: 00FE3F7F
  • found pointer to free objectgcBgMarkWorker: mode not setgcstopm: negative nmspinninginvalid runtime symbol tablemheap.freeSpanLocked - span missing stack in shrinkstackmspan.sweep: m is not lockednewproc1: new g is not Gdeadnewproc1: newg missing stackos: proc, xrefs: 00FE410A
  • , elemsize=, npages = /dev/stderr/dev/stdout30517578125: frame.sp=CloseHandleCreateFileWDeleteFileWDives_AkuruExitProcessFreeLibraryGOTRACEBACKGetFileTypeIdeographicMedefaidrinMoveFileExWNandinagariNetShareAddNetShareDelNew_Tai_LueOld_PersianOld_SogdianOpenPro, xrefs: 00FE3E16
  • runtime: marked free object in span runtime: mcall called on m->g0 stackruntime: sudog with non-nil waitlinkruntime: unblock on closing polldescruntime: wrong goroutine in newstackstrings.Builder.Grow: negative countsyntax error scanning complex numberuncachin, xrefs: 00FE3DEC
  • alloc base code= ctxt: curg= free goid jobs= list= m->p= next= p->m= prev= span=% util(...), i = , not 390625<-chanArabicBrahmiCarianChakmaCommonCopticFormatGOROOTGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLepchaLycianLydianRejangSCHED StringSyriacTa, xrefs: 00FE3F45
  • zombie, goid=, j0 = 19531259765625AvestanBengaliBrailleChanDirCopySidCypriotDeseretElbasanElymaicGODEBUGGranthaHanunooIO waitKannadaMakasarMandaicMarchenMultaniMyanmarOsmanyaRadicalSharadaShavianSiddhamSinhalaSogdianSoyomboTagalogTibetanTirhutaUNKNOWNWSARecvW, xrefs: 00FE4072
  • freeindex= gcwaiting= heap_live= idleprocs= in status mallocing= ms clock, nBSSRoots= p->status= s.nelems= schedtick= span.list= timerslen=, elemsize=, npages = /dev/stderr/dev/stdout30517578125: frame.sp=CloseHandleCreateFileWDeleteFileWDives_AkuruExitPro, xrefs: 00FE3E3D
Memory Dump Source
  • Source File: 00000000.00000002.2124398066.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
  • Associated: 00000000.00000002.2124322813.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124524807.000000000106C000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124663432.0000000001119000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124706630.000000000111D000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124743435.000000000111E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124784032.000000000111F000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124824878.0000000001128000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124851517.0000000001129000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000112D000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000115A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001175000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.0000000001178000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.000000000119F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125192678.00000000011F9000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125246417.00000000011FA000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_fc0000_main.jbxd
Similarity
  • API ID:
  • String ID: (bad use of unsafe.Pointer? try -d=checkptr)compileCallback: float arguments not supportedmemory reservation exceeds address space limitpanicwrap: unexpected string after type name: reflect.Value.Slice: slice index out of boundsreflect: nil type passed to Ty$ alloc base code= ctxt: curg= free goid jobs= list= m->p= next= p->m= prev= span=% util(...), i = , not 390625<-chanArabicBrahmiCarianChakmaCommonCopticFormatGOROOTGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLepchaLycianLydianRejangSCHED StringSyriacTa$ freeindex= gcwaiting= heap_live= idleprocs= in status mallocing= ms clock, nBSSRoots= p->status= s.nelems= schedtick= span.list= timerslen=, elemsize=, npages = /dev/stderr/dev/stdout30517578125: frame.sp=CloseHandleCreateFileWDeleteFileWDives_AkuruExitPro$ marked ms cpu, not in [ runtime= s.limit= s.state= threads= u_a/u_g= unmarked wbuf1.n= wbuf2.n=(unknown), newval=, oldval=, size = , tail = 244140625: status=Bassa_VahBhaiksukiCuneiformDiacriticFindCloseHex_DigitInheritedInterfaceKhudawadiLocalFreeMalayala$ zombie, goid=, j0 = 19531259765625AvestanBengaliBrailleChanDirCopySidCypriotDeseretElbasanElymaicGODEBUGGranthaHanunooIO waitKannadaMakasarMandaicMarchenMultaniMyanmarOsmanyaRadicalSharadaShavianSiddhamSinhalaSogdianSoyomboTagalogTibetanTirhutaUNKNOWNWSARecvW$, elemsize=, npages = /dev/stderr/dev/stdout30517578125: frame.sp=CloseHandleCreateFileWDeleteFileWDives_AkuruExitProcessFreeLibraryGOTRACEBACKGetFileTypeIdeographicMedefaidrinMoveFileExWNandinagariNetShareAddNetShareDelNew_Tai_LueOld_PersianOld_SogdianOpenPro$.$found pointer to free objectgcBgMarkWorker: mode not setgcstopm: negative nmspinninginvalid runtime symbol tablemheap.freeSpanLocked - span missing stack in shrinkstackmspan.sweep: m is not lockednewproc1: new g is not Gdeadnewproc1: newg missing stackos: proc$runtime: marked free object in span runtime: mcall called on m->g0 stackruntime: sudog with non-nil waitlinkruntime: unblock on closing polldescruntime: wrong goroutine in newstackstrings.Builder.Grow: negative countsyntax error scanning complex numberuncachin
  • API String ID: 0-2723407842
  • Opcode ID: a1df0eade576aa3e594ac3e6531cc8c7df869afa35a53ecd6e47feab470d861f
  • Instruction ID: d86210ce5d00f2c58785b52fb5a7de2a3a4ca901cc179ec9f9002e25f8e84f11
  • Opcode Fuzzy Hash: a1df0eade576aa3e594ac3e6531cc8c7df869afa35a53ecd6e47feab470d861f
  • Instruction Fuzzy Hash: AA81593250CB8885DB10AB21F89537EBBA4FB85790F248055EBC843B6ACF7DD185EB11
Strings
Memory Dump Source
  • Source File: 00000000.00000002.2124398066.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
  • Associated: 00000000.00000002.2124322813.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124524807.000000000106C000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124663432.0000000001119000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124706630.000000000111D000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124743435.000000000111E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124784032.000000000111F000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124824878.0000000001128000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124851517.0000000001129000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000112D000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000115A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001175000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.0000000001178000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.000000000119F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125192678.00000000011F9000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125246417.00000000011FA000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_fc0000_main.jbxd
Similarity
  • API ID:
  • String ID: '$'$PowerReg$gisterSu$ication$powrprof$rof.dll$spendRes$umeNotif
  • API String ID: 0-3020224430
  • Opcode ID: 8353a20bbbe343f76cfcf9f1d7b465b37e40a732a5ccc7a6b42b16291d5ac537
  • Instruction ID: 67652fb7e9c10138ad0cb8dbfc0f06e7f17acbfd6106534454d7c6d0c5c3cc5a
  • Opcode Fuzzy Hash: 8353a20bbbe343f76cfcf9f1d7b465b37e40a732a5ccc7a6b42b16291d5ac537
  • Instruction Fuzzy Hash: F141C236609B8589DB60DB51F4803AEB7A4F789784F504525EBCC47B6ADF7CC298CB40
Strings
  • panic during mallocpanic during panicpanic holding lockspanicwrap: no ( in panicwrap: no ) in reflect.Value.Fieldreflect.Value.Floatreflect.Value.Indexreflect.Value.IsNilreflect.Value.Sliceruntime: g0 stack [runtime: pcdata is runtime: preempt g0semaRoot rota, xrefs: 00FF5E5D
  • preempt off reason: reflect.makeFuncStubruntime: double waitruntime: unknown pc semaRoot rotateRighttime: invalid numbertrace: out of memorywirep: already in goworkbuf is not emptywrite of Go pointer ws2_32.dll not found of unexported method previous allocCoun, xrefs: 00FF5D7C
  • recovery failedruntime error: runtime: frame runtime: max = runtime: min = runtimer: bad pscan missed a gstartm: m has pstopm holding p already; errno= mheap.sweepgen= not in ranges: untyped locals , not a function0123456789ABCDEF0123456789abcdef2384185791015, xrefs: 00FF5C45
  • bypassed recovery failedcan't scan our own stackconnection reset by peerdouble traceGCSweepStartfunction not implementedgcDrainN phase incorrecthash of unhashable type initSpan: unaligned baselevel 2 not synchronizedlink number out of rangenot supported by win, xrefs: 00FF5C85
  • panic holding lockspanicwrap: no ( in panicwrap: no ) in reflect.Value.Fieldreflect.Value.Floatreflect.Value.Indexreflect.Value.IsNilreflect.Value.Sliceruntime: g0 stack [runtime: pcdata is runtime: preempt g0semaRoot rotateLeftskip this directorystopm holding, xrefs: 00FF5D0A
  • bad defer entry in panicbad defer size class: i=bypassed recovery failedcan't scan our own stackconnection reset by peerdouble traceGCSweepStartfunction not implementedgcDrainN phase incorrecthash of unhashable type initSpan: unaligned baselevel 2 not synchron, xrefs: 00FF5C9E
  • panic on system stackread-only file systemreflect.Value.Complexreflect.Value.Pointerreleasep: invalid argruntime: confused by runtime: newstack at runtime: newstack sp=runtime: searchIdx = runtime: work.nwait= stale NFS file handlestartlockedm: m has pstartm: , xrefs: 00FF5ECA
  • panic during preemptoffprocresize: invalid argreflect.Value.Interfacereflect.Value.NumMethodreflect.methodValueCallruntime: internal errorruntime: invalid type runtime: netpoll failedruntime: s.allocCount= s.allocCount > s.nelemsschedule: holding locksshrinks, xrefs: 00FF5DF4
Memory Dump Source
  • Source File: 00000000.00000002.2124398066.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
  • Associated: 00000000.00000002.2124322813.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124524807.000000000106C000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124663432.0000000001119000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124706630.000000000111D000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124743435.000000000111E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124784032.000000000111F000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124824878.0000000001128000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124851517.0000000001129000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000112D000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000115A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001175000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.0000000001178000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.000000000119F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125192678.00000000011F9000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125246417.00000000011FA000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_fc0000_main.jbxd
Similarity
  • API ID:
  • String ID: bad defer entry in panicbad defer size class: i=bypassed recovery failedcan't scan our own stackconnection reset by peerdouble traceGCSweepStartfunction not implementedgcDrainN phase incorrecthash of unhashable type initSpan: unaligned baselevel 2 not synchron$bypassed recovery failedcan't scan our own stackconnection reset by peerdouble traceGCSweepStartfunction not implementedgcDrainN phase incorrecthash of unhashable type initSpan: unaligned baselevel 2 not synchronizedlink number out of rangenot supported by win$panic during mallocpanic during panicpanic holding lockspanicwrap: no ( in panicwrap: no ) in reflect.Value.Fieldreflect.Value.Floatreflect.Value.Indexreflect.Value.IsNilreflect.Value.Sliceruntime: g0 stack [runtime: pcdata is runtime: preempt g0semaRoot rota$panic during preemptoffprocresize: invalid argreflect.Value.Interfacereflect.Value.NumMethodreflect.methodValueCallruntime: internal errorruntime: invalid type runtime: netpoll failedruntime: s.allocCount= s.allocCount > s.nelemsschedule: holding locksshrinks$panic holding lockspanicwrap: no ( in panicwrap: no ) in reflect.Value.Fieldreflect.Value.Floatreflect.Value.Indexreflect.Value.IsNilreflect.Value.Sliceruntime: g0 stack [runtime: pcdata is runtime: preempt g0semaRoot rotateLeftskip this directorystopm holding$panic on system stackread-only file systemreflect.Value.Complexreflect.Value.Pointerreleasep: invalid argruntime: confused by runtime: newstack at runtime: newstack sp=runtime: searchIdx = runtime: work.nwait= stale NFS file handlestartlockedm: m has pstartm: $preempt off reason: reflect.makeFuncStubruntime: double waitruntime: unknown pc semaRoot rotateRighttime: invalid numbertrace: out of memorywirep: already in goworkbuf is not emptywrite of Go pointer ws2_32.dll not found of unexported method previous allocCoun$recovery failedruntime error: runtime: frame runtime: max = runtime: min = runtimer: bad pscan missed a gstartm: m has pstopm holding p already; errno= mheap.sweepgen= not in ranges: untyped locals , not a function0123456789ABCDEF0123456789abcdef2384185791015
  • API String ID: 0-2762346938
  • Opcode ID: ef88663cae9f46c8589b48c2fbefae7509519ce86afb31de8cfabb2fd83ae499
  • Instruction ID: fe025bfe5b7d9c29c41e6e60a10673aec26c5a55a18f62bec01bf0c4c5856a49
  • Opcode Fuzzy Hash: ef88663cae9f46c8589b48c2fbefae7509519ce86afb31de8cfabb2fd83ae499
  • Instruction Fuzzy Hash: 59221732509B88C5DB20AB15E8803AAB7B5FB88B94F548156DBCC07B79DF7CC495EB40
Strings
  • runtime:scanstack: gp=s.freeindex > s.nelemsscanstack - bad statussend on closed channelspan has no free spacestack not a power of 2timer goroutine (idle)trace reader (blocked)trace: alloc too largewirep: invalid p state) must be a power of 223283064365386962, xrefs: 00FDE92B
  • , xrefs: 00FDE849
  • , gp->atomicstatus=14901161193847656257450580596923828125Altai Standard TimeBahia Standard TimeCanadian_AboriginalChina Standard TimeCreateSymbolicLinkWCryptReleaseContextEgypt Standard TimeGC work not flushedGetCurrentProcessIdGetSystemDirectoryWGetTokenInfor, xrefs: 00FDE80C, 00FDE8C5, 00FDE97D
  • runtime: gp=runtime: sp=self-preemptshort bufferspanSetSpinesweepWaiterstraceStringswirep: p->m=worker mode != sweepgen MB) workers= called from flushedWork heap_marked= idlethreads= is nil, not nStackRoots= s.spanclass= span.base()= syscalltick= work.npr, xrefs: 00FDE7B9, 00FDE872
  • , goid=, j0 = 19531259765625AvestanBengaliBrailleChanDirCopySidCypriotDeseretElbasanElymaicGODEBUGGranthaHanunooIO waitKannadaMakasarMandaicMarchenMultaniMyanmarOsmanyaRadicalSharadaShavianSiddhamSinhalaSogdianSoyomboTagalogTibetanTirhutaUNKNOWNWSARecvWSASend, xrefs: 00FDE7E5, 00FDE89C, 00FDE956
  • scanstack: goroutine not stoppedslice bounds out of range [%x::]slice bounds out of range [:%x:]slice bounds out of range [::%x]software caused connection abortsweep increased allocation countuse of closed network connection of method on nil interface value142, xrefs: 00FDE83E
  • can't scan our own stackconnection reset by peerdouble traceGCSweepStartfunction not implementedgcDrainN phase incorrecthash of unhashable type initSpan: unaligned baselevel 2 not synchronizedlink number out of rangenot supported by windowsout of streams resou, xrefs: 00FDE785
  • mark - bad statusmarkBits overflowno data availablenotetsleepg on g0permission deniedreflect.Value.Intreflect.Value.Lenreflect: New(nil)reflect: call of runtime.newosprocruntime/internal/runtime: level = runtime: nameOff runtime: next_gc=runtime: pointer runti, xrefs: 00FDE8F7
Memory Dump Source
  • Source File: 00000000.00000002.2124398066.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
  • Associated: 00000000.00000002.2124322813.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124524807.000000000106C000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124663432.0000000001119000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124706630.000000000111D000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124743435.000000000111E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124784032.000000000111F000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124824878.0000000001128000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124851517.0000000001129000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000112D000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000115A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001175000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.0000000001178000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.000000000119F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125192678.00000000011F9000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125246417.00000000011FA000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_fc0000_main.jbxd
Similarity
  • API ID:
  • String ID: $, goid=, j0 = 19531259765625AvestanBengaliBrailleChanDirCopySidCypriotDeseretElbasanElymaicGODEBUGGranthaHanunooIO waitKannadaMakasarMandaicMarchenMultaniMyanmarOsmanyaRadicalSharadaShavianSiddhamSinhalaSogdianSoyomboTagalogTibetanTirhutaUNKNOWNWSARecvWSASend$, gp->atomicstatus=14901161193847656257450580596923828125Altai Standard TimeBahia Standard TimeCanadian_AboriginalChina Standard TimeCreateSymbolicLinkWCryptReleaseContextEgypt Standard TimeGC work not flushedGetCurrentProcessIdGetSystemDirectoryWGetTokenInfor$can't scan our own stackconnection reset by peerdouble traceGCSweepStartfunction not implementedgcDrainN phase incorrecthash of unhashable type initSpan: unaligned baselevel 2 not synchronizedlink number out of rangenot supported by windowsout of streams resou$mark - bad statusmarkBits overflowno data availablenotetsleepg on g0permission deniedreflect.Value.Intreflect.Value.Lenreflect: New(nil)reflect: call of runtime.newosprocruntime/internal/runtime: level = runtime: nameOff runtime: next_gc=runtime: pointer runti$runtime: gp=runtime: sp=self-preemptshort bufferspanSetSpinesweepWaiterstraceStringswirep: p->m=worker mode != sweepgen MB) workers= called from flushedWork heap_marked= idlethreads= is nil, not nStackRoots= s.spanclass= span.base()= syscalltick= work.npr$runtime:scanstack: gp=s.freeindex > s.nelemsscanstack - bad statussend on closed channelspan has no free spacestack not a power of 2timer goroutine (idle)trace reader (blocked)trace: alloc too largewirep: invalid p state) must be a power of 223283064365386962$scanstack: goroutine not stoppedslice bounds out of range [%x::]slice bounds out of range [:%x:]slice bounds out of range [::%x]software caused connection abortsweep increased allocation countuse of closed network connection of method on nil interface value142
  • API String ID: 0-3305313416
  • Opcode ID: d42d4f09a2d5b47de32fc6edf8c1525fde435d1617c64d887b6eb196605aad38
  • Instruction ID: d968012ce1125e0bc73ec056c17e167da3d9f4ba4e5966e9c9541b1d58abbded
  • Opcode Fuzzy Hash: d42d4f09a2d5b47de32fc6edf8c1525fde435d1617c64d887b6eb196605aad38
  • Instruction Fuzzy Hash: 3C122036609B8484DB60EB00F8803AEB7A5F789794F588126EBDC47B69DF7CC194DB40
Strings
  • runtime: function symbol table header: stack growth not allowed in system callsuspendG from non-preemptible goroutinetransport endpoint is already connected13877787807814456755295395851135253906256938893903907228377647697925567626953125MapIter.Key called on ex, xrefs: 0100F565
  • and cnt= h_a= h_g= h_t= max= ms, ptr siz= tab= top= u_a= u_g=+0330+0430+0530+0545+0630+0845+1030+1245+1345, ..., fp:-09301562578125<nil>AdlamBamumBatakBuhidDograErrorGreekKhmerLatinLimbuNushuOghamOriyaOsageRunicSTermTakriTamil] = (arrayclosedeferfalsefault, xrefs: 0100F452
  • ', xrefs: 0100F570
  • abi mismatchadvapi32.dllbad flushGenbad g statusbad g0 stackbad recoverycan't happencas64 failedchan receivedumping heapend tracegcentersyscallgcBitsArenasgcpacertracehost is downillegal seekinvalid slotiphlpapi.dllkernel32.dlllfstack.pushmadvdontneedmheapSpe, xrefs: 0100F490
  • invalid runtime symbol tablemheap.freeSpanLocked - span missing stack in shrinkstackmspan.sweep: m is not lockednewproc1: new g is not Gdeadnewproc1: newg missing stackos: process already finishedprotocol driver not attachedreflect: In of non-func typeregion e, xrefs: 0100F4F0
  • function symbol table not sorted by program counter: reflect.Value.Slice: string slice index out of boundsreflect: non-interface type passed to Type.Implementsgoroutine running on other thread; stack unavailablebytes.Buffer: reader returned negative count fr, xrefs: 0100F0CE
  • minpc or maxpc invalidnetwork is unreachablenon-Go function at pc=oldoverflow is not nilprotocol not availableprotocol not supportedremote address changedruntime.main not on m0runtime: work.nwait = runtime:scanstack: gp=s.freeindex > s.nelemsscanstack - bad st, xrefs: 0100F4A9
  • abi mismatch detected between assignment to entry in nil mapcheckdead: inconsistent countsfailed to get system page sizefreedefer with d._panic != nilinappropriate ioctl for deviceinvalid function symbol tableinvalid pointer found on stacknotetsleep - waitm o, xrefs: 0100F41E
Memory Dump Source
  • Source File: 00000000.00000002.2124398066.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
  • Associated: 00000000.00000002.2124322813.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124524807.000000000106C000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124663432.0000000001119000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124706630.000000000111D000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124743435.000000000111E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124784032.000000000111F000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124824878.0000000001128000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124851517.0000000001129000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000112D000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000115A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001175000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.0000000001178000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.000000000119F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125192678.00000000011F9000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125246417.00000000011FA000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_fc0000_main.jbxd
Similarity
  • API ID:
  • String ID: and cnt= h_a= h_g= h_t= max= ms, ptr siz= tab= top= u_a= u_g=+0330+0430+0530+0545+0630+0845+1030+1245+1345, ..., fp:-09301562578125<nil>AdlamBamumBatakBuhidDograErrorGreekKhmerLatinLimbuNushuOghamOriyaOsageRunicSTermTakriTamil] = (arrayclosedeferfalsefault$'$abi mismatch detected between assignment to entry in nil mapcheckdead: inconsistent countsfailed to get system page sizefreedefer with d._panic != nilinappropriate ioctl for deviceinvalid function symbol tableinvalid pointer found on stacknotetsleep - waitm o$abi mismatchadvapi32.dllbad flushGenbad g statusbad g0 stackbad recoverycan't happencas64 failedchan receivedumping heapend tracegcentersyscallgcBitsArenasgcpacertracehost is downillegal seekinvalid slotiphlpapi.dllkernel32.dlllfstack.pushmadvdontneedmheapSpe$function symbol table not sorted by program counter: reflect.Value.Slice: string slice index out of boundsreflect: non-interface type passed to Type.Implementsgoroutine running on other thread; stack unavailablebytes.Buffer: reader returned negative count fr$invalid runtime symbol tablemheap.freeSpanLocked - span missing stack in shrinkstackmspan.sweep: m is not lockednewproc1: new g is not Gdeadnewproc1: newg missing stackos: process already finishedprotocol driver not attachedreflect: In of non-func typeregion e$minpc or maxpc invalidnetwork is unreachablenon-Go function at pc=oldoverflow is not nilprotocol not availableprotocol not supportedremote address changedruntime.main not on m0runtime: work.nwait = runtime:scanstack: gp=s.freeindex > s.nelemsscanstack - bad st$runtime: function symbol table header: stack growth not allowed in system callsuspendG from non-preemptible goroutinetransport endpoint is already connected13877787807814456755295395851135253906256938893903907228377647697925567626953125MapIter.Key called on ex
  • API String ID: 0-3602738478
  • Opcode ID: f38e6ed6b071b50f3fcfaf9653e9c9aed8764cc22fa72749649fc1edc2ca5b1b
  • Instruction ID: c5e41b934e2448ddc2b100355b1d102418e2d129451efec7b9d5ad7d78884373
  • Opcode Fuzzy Hash: f38e6ed6b071b50f3fcfaf9653e9c9aed8764cc22fa72749649fc1edc2ca5b1b
  • Instruction Fuzzy Hash: 12F11736609B8581DA61AF55F8803AEB7A4F789BC0F548126EBCD07B69DF7CC095DB00
Strings
  • suspendG from non-preemptible goroutinetransport endpoint is already connected13877787807814456755295395851135253906256938893903907228377647697925567626953125MapIter.Key called on exhausted iteratoraddress family not supported by protocolbulkBarrierPreWrite: u, xrefs: 00FF6E08
  • runtime: g: g=runtime: addr = runtime: base = runtime: gp: gp=runtime: head = runtime: nelems=schedule: in cgotime: bad [0-9]*workbuf is empty initialHeapLive= spinningthreads=, p.searchAddr = 0123456789ABCDEFX0123456789abcdefx1192092895507812559604644775390, xrefs: 00FF6D6A
  • , gp->atomicstatus=14901161193847656257450580596923828125Altai Standard TimeBahia Standard TimeCanadian_AboriginalChina Standard TimeCreateSymbolicLinkWCryptReleaseContextEgypt Standard TimeGC work not flushedGetCurrentProcessIdGetSystemDirectoryWGetTokenInfor, xrefs: 00FF6D13
  • , goid=, j0 = 19531259765625AvestanBengaliBrailleChanDirCopySidCypriotDeseretElbasanElymaicGODEBUGGranthaHanunooIO waitKannadaMakasarMandaicMarchenMultaniMyanmarOsmanyaRadicalSharadaShavianSiddhamSinhalaSogdianSoyomboTagalogTibetanTirhutaUNKNOWNWSARecvWSASend, xrefs: 00FF6CE9, 00FF6D93
  • invalid g statusinvalid spdelta mSpanList.insertmSpanList.removemessage too longmissing stackmapnewmHandoff.lockno route to hostnon-Go functionobject is remotepacer: H_m_prev=reflect mismatchremote I/O errorruntime: g: g=runtime: addr = runtime: base = runt, xrefs: 00FF6DEF
  • , g->atomicstatus=, gp->atomicstatus=14901161193847656257450580596923828125Altai Standard TimeBahia Standard TimeCanadian_AboriginalChina Standard TimeCreateSymbolicLinkWCryptReleaseContextEgypt Standard TimeGC work not flushedGetCurrentProcessIdGetSystemDire, xrefs: 00FF6DBA
  • runtime: gp: gp=runtime: head = runtime: nelems=schedule: in cgotime: bad [0-9]*workbuf is empty initialHeapLive= spinningthreads=, p.searchAddr = 0123456789ABCDEFX0123456789abcdefx1192092895507812559604644775390625: missing method DnsRecordListFreeFLE Standar, xrefs: 00FF6CBF
  • ', xrefs: 00FF6E13
Memory Dump Source
  • Source File: 00000000.00000002.2124398066.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
  • Associated: 00000000.00000002.2124322813.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124524807.000000000106C000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124663432.0000000001119000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124706630.000000000111D000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124743435.000000000111E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124784032.000000000111F000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124824878.0000000001128000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124851517.0000000001129000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000112D000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000115A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001175000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.0000000001178000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.000000000119F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125192678.00000000011F9000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125246417.00000000011FA000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_fc0000_main.jbxd
Similarity
  • API ID:
  • String ID: '$, g->atomicstatus=, gp->atomicstatus=14901161193847656257450580596923828125Altai Standard TimeBahia Standard TimeCanadian_AboriginalChina Standard TimeCreateSymbolicLinkWCryptReleaseContextEgypt Standard TimeGC work not flushedGetCurrentProcessIdGetSystemDire$, goid=, j0 = 19531259765625AvestanBengaliBrailleChanDirCopySidCypriotDeseretElbasanElymaicGODEBUGGranthaHanunooIO waitKannadaMakasarMandaicMarchenMultaniMyanmarOsmanyaRadicalSharadaShavianSiddhamSinhalaSogdianSoyomboTagalogTibetanTirhutaUNKNOWNWSARecvWSASend$, gp->atomicstatus=14901161193847656257450580596923828125Altai Standard TimeBahia Standard TimeCanadian_AboriginalChina Standard TimeCreateSymbolicLinkWCryptReleaseContextEgypt Standard TimeGC work not flushedGetCurrentProcessIdGetSystemDirectoryWGetTokenInfor$invalid g statusinvalid spdelta mSpanList.insertmSpanList.removemessage too longmissing stackmapnewmHandoff.lockno route to hostnon-Go functionobject is remotepacer: H_m_prev=reflect mismatchremote I/O errorruntime: g: g=runtime: addr = runtime: base = runt$runtime: g: g=runtime: addr = runtime: base = runtime: gp: gp=runtime: head = runtime: nelems=schedule: in cgotime: bad [0-9]*workbuf is empty initialHeapLive= spinningthreads=, p.searchAddr = 0123456789ABCDEFX0123456789abcdefx1192092895507812559604644775390$runtime: gp: gp=runtime: head = runtime: nelems=schedule: in cgotime: bad [0-9]*workbuf is empty initialHeapLive= spinningthreads=, p.searchAddr = 0123456789ABCDEFX0123456789abcdefx1192092895507812559604644775390625: missing method DnsRecordListFreeFLE Standar$suspendG from non-preemptible goroutinetransport endpoint is already connected13877787807814456755295395851135253906256938893903907228377647697925567626953125MapIter.Key called on exhausted iteratoraddress family not supported by protocolbulkBarrierPreWrite: u
  • API String ID: 0-3119174921
  • Opcode ID: 672c935fbc74daae04121c92aad020d675bcdfd93fd463cda80042796b95e041
  • Instruction ID: be8b9005d297194e90bf21a21c41b29d71752b8cf2062436bc98057df4d23dea
  • Opcode Fuzzy Hash: 672c935fbc74daae04121c92aad020d675bcdfd93fd463cda80042796b95e041
  • Instruction Fuzzy Hash: F4E12C32609B88C5CB209F15F48076ABBA0FB89B94F548165EBCD87B69CF7CC595DB00
Strings
  • allocs dying= locks= m->g0= nmsys= s=nil zombie, goid=, j0 = 19531259765625AvestanBengaliBrailleChanDirCopySidCypriotDeseretElbasanElymaicGODEBUGGranthaHanunooIO waitKannadaMakasarMandaicMarchenMultaniMyanmarOsmanyaRadicalSharadaShavianSiddhamSinhalaSogdianS, xrefs: 01006005
  • ms clock, nBSSRoots= p->status= s.nelems= schedtick= span.list= timerslen=, elemsize=, npages = /dev/stderr/dev/stdout30517578125: frame.sp=CloseHandleCreateFileWDeleteFileWDives_AkuruExitProcessFreeLibraryGOTRACEBACKGetFileTypeIdeographicMedefaidrinMoveFil, xrefs: 01005E05
  • ms, ptr siz= tab= top= u_a= u_g=+0330+0430+0530+0545+0630+0845+1030+1245+1345, ..., fp:-09301562578125<nil>AdlamBamumBatakBuhidDograErrorGreekKhmerLatinLimbuNushuOghamOriyaOsageRunicSTermTakriTamil] = (arrayclosedeferfalsefaultgFreegcinggscanhchaninit int16, xrefs: 01005D4A
  • recursive call during initialization - linker skewruntime: unable to acquire - semaphore out of syncGC must be disabled to protect validity of fn valuefatal: systemstack called from unexpected goroutinepotentially overlapping in-use allocations detectedruntime, xrefs: 010060D3
  • 2, xrefs: 010060DE
  • init int16int32int64mheapntohspanicscav schedsleepslicesse41sse42ssse3sudogsweeptraceuint8usagewrite Value addr= alloc base code= ctxt: curg= free goid jobs= list= m->p= next= p->m= prev= span=% util(...), i = , not 390625<-chanArabicBrahmiCarianChakmaComm, xrefs: 01005C65
  • @ P [%v(") )(), ->25: > CcCfCoCsLlLmLoLtLuMcMeMnNdNlNoPcPdPePfPiPoPsScSkSmSoYiZlZpZs")" ][]i)msnss us} G M P ) *( - < > m= n=%: +00+01+03+04+05+06+07+08+09+10+11+12+13+14-01-02-03-04-05-06-08-09-11-12125625???ADTASTBSTCATCDTCETCSTEATEDTEETEOFESTGM, xrefs: 01005C99
Memory Dump Source
  • Source File: 00000000.00000002.2124398066.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
  • Associated: 00000000.00000002.2124322813.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124524807.000000000106C000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124663432.0000000001119000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124706630.000000000111D000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124743435.000000000111E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124784032.000000000111F000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124824878.0000000001128000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124851517.0000000001129000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000112D000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000115A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001175000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.0000000001178000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.000000000119F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125192678.00000000011F9000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125246417.00000000011FA000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_fc0000_main.jbxd
Similarity
  • API ID:
  • String ID: @ P [%v(") )(), ->25: > CcCfCoCsLlLmLoLtLuMcMeMnNdNlNoPcPdPePfPiPoPsScSkSmSoYiZlZpZs")" ][]i)msnss us} G M P ) *( - < > m= n=%: +00+01+03+04+05+06+07+08+09+10+11+12+13+14-01-02-03-04-05-06-08-09-11-12125625???ADTASTBSTCATCDTCETCSTEATEDTEETEOFESTGM$ allocs dying= locks= m->g0= nmsys= s=nil zombie, goid=, j0 = 19531259765625AvestanBengaliBrailleChanDirCopySidCypriotDeseretElbasanElymaicGODEBUGGranthaHanunooIO waitKannadaMakasarMandaicMarchenMultaniMyanmarOsmanyaRadicalSharadaShavianSiddhamSinhalaSogdianS$ ms clock, nBSSRoots= p->status= s.nelems= schedtick= span.list= timerslen=, elemsize=, npages = /dev/stderr/dev/stdout30517578125: frame.sp=CloseHandleCreateFileWDeleteFileWDives_AkuruExitProcessFreeLibraryGOTRACEBACKGetFileTypeIdeographicMedefaidrinMoveFil$ ms, ptr siz= tab= top= u_a= u_g=+0330+0430+0530+0545+0630+0845+1030+1245+1345, ..., fp:-09301562578125<nil>AdlamBamumBatakBuhidDograErrorGreekKhmerLatinLimbuNushuOghamOriyaOsageRunicSTermTakriTamil] = (arrayclosedeferfalsefaultgFreegcinggscanhchaninit int16$2$init int16int32int64mheapntohspanicscav schedsleepslicesse41sse42ssse3sudogsweeptraceuint8usagewrite Value addr= alloc base code= ctxt: curg= free goid jobs= list= m->p= next= p->m= prev= span=% util(...), i = , not 390625<-chanArabicBrahmiCarianChakmaComm$recursive call during initialization - linker skewruntime: unable to acquire - semaphore out of syncGC must be disabled to protect validity of fn valuefatal: systemstack called from unexpected goroutinepotentially overlapping in-use allocations detectedruntime
  • API String ID: 0-3384527505
  • Opcode ID: 1cda2e2e0eeaf838b59342caaeb9cdac194ccf8204dbee3f711c2bc141210c5d
  • Instruction ID: 628a4c36a90e8e436e4993418bc413507d60069c1ca07b21bf9bc9697ba27032
  • Opcode Fuzzy Hash: 1cda2e2e0eeaf838b59342caaeb9cdac194ccf8204dbee3f711c2bc141210c5d
  • Instruction Fuzzy Hash: 23E11236609F8585DB619B19F8843AEB7A4F788B80F508126EBCD47B69DF3CC195CB40
Strings
  • bad summary databad symbol tablecastogscanstatusgc: unswept spangcshrinkstackoffinteger overflowinvalid argumentinvalid exchangeinvalid g statusinvalid spdelta mSpanList.insertmSpanList.removemessage too longmissing stackmapnewmHandoff.lockno route to hostnon-, xrefs: 00FEA1EF, 00FEA217
  • runtime: npages = runtime: range = {streams pipe errorsystem page size (tracebackancestorsuse of closed filevalue out of range called using nil *, g->atomicstatus=, gp->atomicstatus=14901161193847656257450580596923828125Altai Standard TimeBahia Standard TimeC, xrefs: 00FEA1B6
  • runtime: summary[runtime: textOff runtime: typeOff scanobject n == 0select (no cases)stack: frame={sp:swept cached spanthread exhaustionunknown caller pcwait for GC cyclewrong medium type but memory size because dotdotdot to non-Go memory , locked to thread2, xrefs: 00FEA0CC
  • ), ->25: > CcCfCoCsLlLmLoLtLuMcMeMnNdNlNoPcPdPePfPiPoPsScSkSmSoYiZlZpZs")" ][]i)msnss us} G M P ) *( - < > m= n=%: +00+01+03+04+05+06+07+08+09+10+11+12+13+14-01-02-03-04-05-06-08-09-11-12125625???ADTASTBSTCATCDTCETCSTEATEDTEETEOFESTGMTHDTHSTHanIDTI, xrefs: 00FEA193
  • ] = (arrayclosedeferfalsefaultgFreegcinggscanhchaninit int16int32int64mheapntohspanicscav schedsleepslicesse41sse42ssse3sudogsweeptraceuint8usagewrite Value addr= alloc base code= ctxt: curg= free goid jobs= list= m->p= next= p->m= prev= span=% util(...), , xrefs: 00FEA11C
  • ][]i)msnss us} G M P ) *( - < > m= n=%: +00+01+03+04+05+06+07+08+09+10+11+12+13+14-01-02-03-04-05-06-08-09-11-12125625???ADTASTBSTCATCDTCETCSTEATEDTEETEOFESTGMTHDTHSTHanIDTISTJSTKSTLaoMDTMSKMSTMroNDTNSTNaNNkoPC=PDTPKTPSTUTCVaiWAT]:adxaesavxendfinfmag, xrefs: 00FEA0F2
  • , ->25: > CcCfCoCsLlLmLoLtLuMcMeMnNdNlNoPcPdPePfPiPoPsScSkSmSoYiZlZpZs")" ][]i)msnss us} G M P ) *( - < > m= n=%: +00+01+03+04+05+06+07+08+09+10+11+12+13+14-01-02-03-04-05-06-08-09-11-12125625???ADTASTBSTCATCDTCETCSTEATEDTEETEOFESTGMTHDTHSTHanIDTIST, xrefs: 00FEA145, 00FEA16C
Memory Dump Source
  • Source File: 00000000.00000002.2124398066.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
  • Associated: 00000000.00000002.2124322813.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124524807.000000000106C000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124663432.0000000001119000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124706630.000000000111D000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124743435.000000000111E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124784032.000000000111F000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124824878.0000000001128000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124851517.0000000001129000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000112D000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000115A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001175000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.0000000001178000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.000000000119F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125192678.00000000011F9000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125246417.00000000011FA000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_fc0000_main.jbxd
Similarity
  • API ID:
  • String ID: ), ->25: > CcCfCoCsLlLmLoLtLuMcMeMnNdNlNoPcPdPePfPiPoPsScSkSmSoYiZlZpZs")" ][]i)msnss us} G M P ) *( - < > m= n=%: +00+01+03+04+05+06+07+08+09+10+11+12+13+14-01-02-03-04-05-06-08-09-11-12125625???ADTASTBSTCATCDTCETCSTEATEDTEETEOFESTGMTHDTHSTHanIDTI$, ->25: > CcCfCoCsLlLmLoLtLuMcMeMnNdNlNoPcPdPePfPiPoPsScSkSmSoYiZlZpZs")" ][]i)msnss us} G M P ) *( - < > m= n=%: +00+01+03+04+05+06+07+08+09+10+11+12+13+14-01-02-03-04-05-06-08-09-11-12125625???ADTASTBSTCATCDTCETCSTEATEDTEETEOFESTGMTHDTHSTHanIDTIST$] = (arrayclosedeferfalsefaultgFreegcinggscanhchaninit int16int32int64mheapntohspanicscav schedsleepslicesse41sse42ssse3sudogsweeptraceuint8usagewrite Value addr= alloc base code= ctxt: curg= free goid jobs= list= m->p= next= p->m= prev= span=% util(...), $][]i)msnss us} G M P ) *( - < > m= n=%: +00+01+03+04+05+06+07+08+09+10+11+12+13+14-01-02-03-04-05-06-08-09-11-12125625???ADTASTBSTCATCDTCETCSTEATEDTEETEOFESTGMTHDTHSTHanIDTISTJSTKSTLaoMDTMSKMSTMroNDTNSTNaNNkoPC=PDTPKTPSTUTCVaiWAT]:adxaesavxendfinfmag$bad summary databad symbol tablecastogscanstatusgc: unswept spangcshrinkstackoffinteger overflowinvalid argumentinvalid exchangeinvalid g statusinvalid spdelta mSpanList.insertmSpanList.removemessage too longmissing stackmapnewmHandoff.lockno route to hostnon-$runtime: npages = runtime: range = {streams pipe errorsystem page size (tracebackancestorsuse of closed filevalue out of range called using nil *, g->atomicstatus=, gp->atomicstatus=14901161193847656257450580596923828125Altai Standard TimeBahia Standard TimeC$runtime: summary[runtime: textOff runtime: typeOff scanobject n == 0select (no cases)stack: frame={sp:swept cached spanthread exhaustionunknown caller pcwait for GC cyclewrong medium type but memory size because dotdotdot to non-Go memory , locked to thread2
  • API String ID: 0-1386522064
  • Opcode ID: 8e5b0836f87e6e82b074891a54dabeeb96d3357c050c210f69a8432c333acfca
  • Instruction ID: 307f7277e948f5e562e2bd5298a39952d5ded5868fd44182172e0fd7ca202c09
  • Opcode Fuzzy Hash: 8e5b0836f87e6e82b074891a54dabeeb96d3357c050c210f69a8432c333acfca
  • Instruction Fuzzy Hash: A5B13736619B8980DB209F11F8803EAB368F789780F408625EBDD47BA9DF7CC595DB00
Strings
  • runtime: bad span s.state=shrinking stack in libcallstartlockedm: locked to me363797880709171295166015625CertEnumCertificatesInStoreEaster Island Standard TimeG waiting list is corruptedaddress not a stack addresschannel number out of rangecommunication error , xrefs: 00FE2F85
  • MB; allocated NetUserGetInfoOther_ID_StartPattern_SyntaxProcess32NextWQuotation_MarkRegSetValueExWSetFilePointerTranslateNameWallocfreetracebad allocCountbad span statebad stack sizefile too largefinalizer waitgcstoptheworldgetprotobynameinvalid syntaxis a dir, xrefs: 00FE2E4A
  • pages at runqsize= runqueue= s.base()= spinning= stopwait= sweepgen sweepgen= targetpc= throwing= until pc=, bound = , limit = /dev/stdin12207031256103515625Bad varintCancelIoExChorasmianCreatePipeDeprecatedDevanagariDnsQuery_WException GC forcedGOMAXPROCS, xrefs: 00FE2EA6
  • pages/byte preemptoff= s.elemsize= s.sweepgen= span.limit= span.state= sysmonwait= wbuf1=<nil> wbuf2=<nil>) p->status=-byte limit152587890625762939453125Bidi_ControlGetAddrInfoWGetConsoleCPGetLastErrorGetLengthSidGetStdHandleGetTempPathWJoin_ControlLoadLibr, xrefs: 00FE2ECF
  • pacer: sweep done at heap size pattern contains path separatorreflect: Len of non-array type reflect: NumIn of non-func typeresetspinning: not a spinning mruntime: cannot allocate memoryruntime: failed to commit pagesruntime: split stack overflow: slice bounds, xrefs: 00FE2E1F
  • non in-use span in unswept listpacer: sweep done at heap size pattern contains path separatorreflect: Len of non-array type reflect: NumIn of non-func typeresetspinning: not a spinning mruntime: cannot allocate memoryruntime: failed to commit pagesruntime: spl, xrefs: 00FE300A
  • MB during sweep; swept Marquesas Standard TimeMauritius Standard TimeNoncharacter_Code_PointQyzylorda Standard TimeSetEnvironmentVariableWSingapore Standard TimeSri Lanka Standard TimeTocantins Standard TimeVenezuela Standard TimeVolgograd Standard TimeW. Euro, xrefs: 00FE2E7F
Memory Dump Source
  • Source File: 00000000.00000002.2124398066.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
  • Associated: 00000000.00000002.2124322813.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124524807.000000000106C000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124663432.0000000001119000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124706630.000000000111D000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124743435.000000000111E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124784032.000000000111F000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124824878.0000000001128000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124851517.0000000001129000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000112D000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000115A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001175000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.0000000001178000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.000000000119F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125192678.00000000011F9000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125246417.00000000011FA000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_fc0000_main.jbxd
Similarity
  • API ID:
  • String ID: pages at runqsize= runqueue= s.base()= spinning= stopwait= sweepgen sweepgen= targetpc= throwing= until pc=, bound = , limit = /dev/stdin12207031256103515625Bad varintCancelIoExChorasmianCreatePipeDeprecatedDevanagariDnsQuery_WException GC forcedGOMAXPROCS$ pages/byte preemptoff= s.elemsize= s.sweepgen= span.limit= span.state= sysmonwait= wbuf1=<nil> wbuf2=<nil>) p->status=-byte limit152587890625762939453125Bidi_ControlGetAddrInfoWGetConsoleCPGetLastErrorGetLengthSidGetStdHandleGetTempPathWJoin_ControlLoadLibr$MB during sweep; swept Marquesas Standard TimeMauritius Standard TimeNoncharacter_Code_PointQyzylorda Standard TimeSetEnvironmentVariableWSingapore Standard TimeSri Lanka Standard TimeTocantins Standard TimeVenezuela Standard TimeVolgograd Standard TimeW. Euro$MB; allocated NetUserGetInfoOther_ID_StartPattern_SyntaxProcess32NextWQuotation_MarkRegSetValueExWSetFilePointerTranslateNameWallocfreetracebad allocCountbad span statebad stack sizefile too largefinalizer waitgcstoptheworldgetprotobynameinvalid syntaxis a dir$non in-use span in unswept listpacer: sweep done at heap size pattern contains path separatorreflect: Len of non-array type reflect: NumIn of non-func typeresetspinning: not a spinning mruntime: cannot allocate memoryruntime: failed to commit pagesruntime: spl$pacer: sweep done at heap size pattern contains path separatorreflect: Len of non-array type reflect: NumIn of non-func typeresetspinning: not a spinning mruntime: cannot allocate memoryruntime: failed to commit pagesruntime: split stack overflow: slice bounds$runtime: bad span s.state=shrinking stack in libcallstartlockedm: locked to me363797880709171295166015625CertEnumCertificatesInStoreEaster Island Standard TimeG waiting list is corruptedaddress not a stack addresschannel number out of rangecommunication error
  • API String ID: 0-4261847041
  • Opcode ID: e0b600469dace53f63e1c4a733f4e8c1a14e85a6899592ee24fab440c3803f97
  • Instruction ID: f941f2972b5c0b2bc4842996e897e1d53876997d7d44a3b63f34903c58cc793a
  • Opcode Fuzzy Hash: e0b600469dace53f63e1c4a733f4e8c1a14e85a6899592ee24fab440c3803f97
  • Instruction Fuzzy Hash: 3B916A32619B85C6DB409F16F8803AAB7A4F7847A0F508166EBDD47B68EF7CC185DB00
Strings
  • marking free objectmarkroot: bad indexmissing deferreturnmspan.sweep: state=notesleep not on g0ntdll.dll not foundnwait > work.nprocspanic during mallocpanic during panicpanic holding lockspanicwrap: no ( in panicwrap: no ) in reflect.Value.Fieldreflect.Value, xrefs: 00FDFFD9
  • found at *( gcscandone m->gsignal= minTrigger= nDataRoots= nSpanRoots= pages/byte preemptoff= s.elemsize= s.sweepgen= span.limit= span.state= sysmonwait= wbuf1=<nil> wbuf2=<nil>) p->status=-byte limit152587890625762939453125Bidi_ControlGetAddrInfoWGetConso, xrefs: 00FDFEF3
  • greyobject: obj not pointer-alignedmheap.freeSpanLocked - invalid freenetwork dropped connection on resetpersistentalloc: align is too largepidleput: P has non-empty run queueruntime: close polldesc w/o unblockruntime: createevent failed; errno=traceback did n, xrefs: 00FDFFF2
  • +-./5:<=?CLMNPSUZ[\]`hms + @ P [%v(") )(), ->25: > CcCfCoCsLlLmLoLtLuMcMeMnNdNlNoPcPdPePfPiPoPsScSkSmSoYiZlZpZs")" ][]i)msnss us} G M P ) *( - < > m= n=%: +00+01+03+04+05+06+07+08+09+10+11+12+13+14-01-02-03-04-05-06-08-09-11-12125625???ADTASTBSTCAT, xrefs: 00FDFF1A
  • runtime: marking free object runtime: p.gcMarkWorkerMode= runtime: split stack overflowruntime: sudog with non-nil cruntime: summary max pages = runtime: unknown pc in defer semacquire not on the G stackstring concatenation too longsyntax error scanning boolea, xrefs: 00FDFECB
  • basebindbmi1bmi2boolcallcas1cas2cas3cas4cas5cas6chandeadermsfilefuncidleint8itabkindpipeprofreadrootsbrksse2sse3tcp4trueudp4uint ... H_T= H_a= H_g= MB, W_a= and cnt= h_a= h_g= h_t= max= ms, ptr siz= tab= top= u_a= u_g=+0330+0430+0530+0545+0630+0845+1030+1, xrefs: 00FDFF65
  • #, xrefs: 00FDFFFD
Memory Dump Source
  • Source File: 00000000.00000002.2124398066.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
  • Associated: 00000000.00000002.2124322813.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124524807.000000000106C000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124663432.0000000001119000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124706630.000000000111D000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124743435.000000000111E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124784032.000000000111F000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124824878.0000000001128000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124851517.0000000001129000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000112D000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000115A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001175000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.0000000001178000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.000000000119F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125192678.00000000011F9000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125246417.00000000011FA000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_fc0000_main.jbxd
Similarity
  • API ID:
  • String ID: found at *( gcscandone m->gsignal= minTrigger= nDataRoots= nSpanRoots= pages/byte preemptoff= s.elemsize= s.sweepgen= span.limit= span.state= sysmonwait= wbuf1=<nil> wbuf2=<nil>) p->status=-byte limit152587890625762939453125Bidi_ControlGetAddrInfoWGetConso$#$+-./5:<=?CLMNPSUZ[\]`hms + @ P [%v(") )(), ->25: > CcCfCoCsLlLmLoLtLuMcMeMnNdNlNoPcPdPePfPiPoPsScSkSmSoYiZlZpZs")" ][]i)msnss us} G M P ) *( - < > m= n=%: +00+01+03+04+05+06+07+08+09+10+11+12+13+14-01-02-03-04-05-06-08-09-11-12125625???ADTASTBSTCAT$basebindbmi1bmi2boolcallcas1cas2cas3cas4cas5cas6chandeadermsfilefuncidleint8itabkindpipeprofreadrootsbrksse2sse3tcp4trueudp4uint ... H_T= H_a= H_g= MB, W_a= and cnt= h_a= h_g= h_t= max= ms, ptr siz= tab= top= u_a= u_g=+0330+0430+0530+0545+0630+0845+1030+1$greyobject: obj not pointer-alignedmheap.freeSpanLocked - invalid freenetwork dropped connection on resetpersistentalloc: align is too largepidleput: P has non-empty run queueruntime: close polldesc w/o unblockruntime: createevent failed; errno=traceback did n$marking free objectmarkroot: bad indexmissing deferreturnmspan.sweep: state=notesleep not on g0ntdll.dll not foundnwait > work.nprocspanic during mallocpanic during panicpanic holding lockspanicwrap: no ( in panicwrap: no ) in reflect.Value.Fieldreflect.Value$runtime: marking free object runtime: p.gcMarkWorkerMode= runtime: split stack overflowruntime: sudog with non-nil cruntime: summary max pages = runtime: unknown pc in defer semacquire not on the G stackstring concatenation too longsyntax error scanning boolea
  • API String ID: 0-1416670341
  • Opcode ID: 4bcfeaf6194b2ca87c292f91d3ebf4d3e860069d90b0f6a60e450a7466e243d9
  • Instruction ID: a14b9939931cb0efe32a3da7f7590e8c6972107d7c09e42e1de6f1c8094e2811
  • Opcode Fuzzy Hash: 4bcfeaf6194b2ca87c292f91d3ebf4d3e860069d90b0f6a60e450a7466e243d9
  • Instruction Fuzzy Hash: CC81AC32A19B8586DB109F15F4807ADBBA5F744B94F444162EBCE03B6ACF7CC099DB40
Strings
  • out of range procedure in to finalizer untyped args -thread limit1907348632812595367431640625CertCloseStoreCreateProcessWCryptGenRandomFindFirstFileWFormatMessageWGC assist waitGC worker initGetConsoleModeGetProcAddressGetUserNameExWMB; allocated NetUserG, xrefs: 01019F1A
  • runtime: text offset out of rangeruntime: type offset out of rangeslice bounds out of range [%x:%y]stackalloc not on scheduler stackstoplockedm: inconsistent lockingtimer period must be non-negativetoo many levels of symbolic linkswaiting for unsupported file , xrefs: 01019F76
  • base code= ctxt: curg= free goid jobs= list= m->p= next= p->m= prev= span=% util(...), i = , not 390625<-chanArabicBrahmiCarianChakmaCommonCopticFormatGOROOTGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLepchaLycianLydianRejangSCHED StringSyriacTai_LeTa, xrefs: 01019DC5
  • ., xrefs: 01019F9A
  • runtime: text offset base pointer out of rangeruntime: type offset base pointer out of rangesignal arrived during external code executionslice bounds out of range [:%x] with length %ystopTheWorld: not stopped (status != _Pgcstop)sysGrow bounds not aligned to , xrefs: 01019F8F
  • runtime: textOff runtime: typeOff scanobject n == 0select (no cases)stack: frame={sp:swept cached spanthread exhaustionunknown caller pcwait for GC cyclewrong medium type but memory size because dotdotdot to non-Go memory , locked to thread298023223876953125, xrefs: 01019D9C, 01019EF1
  • not in ranges: untyped locals , not a function0123456789ABCDEF0123456789abcdef2384185791015625CreateDirectoryWDnsNameCompare_WDuplicateTokenExFlushFileBuffersGC scavenge waitGC worker (idle)GODEBUG: value "GetComputerNameWGetCurrentThreadGetFullPathNameWGetL, xrefs: 01019DEC
Memory Dump Source
  • Source File: 00000000.00000002.2124398066.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
  • Associated: 00000000.00000002.2124322813.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124524807.000000000106C000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124663432.0000000001119000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124706630.000000000111D000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124743435.000000000111E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124784032.000000000111F000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124824878.0000000001128000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124851517.0000000001129000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000112D000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000115A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001175000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.0000000001178000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.000000000119F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125192678.00000000011F9000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125246417.00000000011FA000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_fc0000_main.jbxd
Similarity
  • API ID:
  • String ID: base code= ctxt: curg= free goid jobs= list= m->p= next= p->m= prev= span=% util(...), i = , not 390625<-chanArabicBrahmiCarianChakmaCommonCopticFormatGOROOTGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLepchaLycianLydianRejangSCHED StringSyriacTai_LeTa$ not in ranges: untyped locals , not a function0123456789ABCDEF0123456789abcdef2384185791015625CreateDirectoryWDnsNameCompare_WDuplicateTokenExFlushFileBuffersGC scavenge waitGC worker (idle)GODEBUG: value "GetComputerNameWGetCurrentThreadGetFullPathNameWGetL$ out of range procedure in to finalizer untyped args -thread limit1907348632812595367431640625CertCloseStoreCreateProcessWCryptGenRandomFindFirstFileWFormatMessageWGC assist waitGC worker initGetConsoleModeGetProcAddressGetUserNameExWMB; allocated NetUserG$.$runtime: text offset base pointer out of rangeruntime: type offset base pointer out of rangesignal arrived during external code executionslice bounds out of range [:%x] with length %ystopTheWorld: not stopped (status != _Pgcstop)sysGrow bounds not aligned to $runtime: text offset out of rangeruntime: type offset out of rangeslice bounds out of range [%x:%y]stackalloc not on scheduler stackstoplockedm: inconsistent lockingtimer period must be non-negativetoo many levels of symbolic linkswaiting for unsupported file $runtime: textOff runtime: typeOff scanobject n == 0select (no cases)stack: frame={sp:swept cached spanthread exhaustionunknown caller pcwait for GC cyclewrong medium type but memory size because dotdotdot to non-Go memory , locked to thread298023223876953125
  • API String ID: 0-1262201972
  • Opcode ID: ee73d901bb966498d06f57efcb90718e784aa4ba6847a3d09a37189b8477e35d
  • Instruction ID: e050868d3550616b8393757401f8703652205293d8bf9e70a4cbd69787fc0504
  • Opcode Fuzzy Hash: ee73d901bb966498d06f57efcb90718e784aa4ba6847a3d09a37189b8477e35d
  • Instruction Fuzzy Hash: 6C811236209B4885DA40AF54F8913AEB7A4FB89B84F548165EBCD43B69DF7CC195CB00
Strings
  • out of range procedure in to finalizer untyped args -thread limit1907348632812595367431640625CertCloseStoreCreateProcessWCryptGenRandomFindFirstFileWFormatMessageWGC assist waitGC worker initGetConsoleModeGetProcAddressGetUserNameExWMB; allocated NetUserG, xrefs: 01019B95
  • base code= ctxt: curg= free goid jobs= list= m->p= next= p->m= prev= span=% util(...), i = , not 390625<-chanArabicBrahmiCarianChakmaCommonCopticFormatGOROOTGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLepchaLycianLydianRejangSCHED StringSyriacTai_LeTa, xrefs: 01019A45
  • runtime: type offset out of rangeslice bounds out of range [%x:%y]stackalloc not on scheduler stackstoplockedm: inconsistent lockingtimer period must be non-negativetoo many levels of symbolic linkswaiting for unsupported file type35527136788005009293556213378, xrefs: 01019BEF
  • ., xrefs: 01019C13
  • runtime: type offset base pointer out of rangesignal arrived during external code executionslice bounds out of range [:%x] with length %ystopTheWorld: not stopped (status != _Pgcstop)sysGrow bounds not aligned to pallocChunkBytesP has cached GC work at end of, xrefs: 01019C08
  • runtime: typeOff scanobject n == 0select (no cases)stack: frame={sp:swept cached spanthread exhaustionunknown caller pcwait for GC cyclewrong medium type but memory size because dotdotdot to non-Go memory , locked to thread298023223876953125Arab Standard Tim, xrefs: 01019A1C, 01019B67
  • not in ranges: untyped locals , not a function0123456789ABCDEF0123456789abcdef2384185791015625CreateDirectoryWDnsNameCompare_WDuplicateTokenExFlushFileBuffersGC scavenge waitGC worker (idle)GODEBUG: value "GetComputerNameWGetCurrentThreadGetFullPathNameWGetL, xrefs: 01019A6C
Memory Dump Source
  • Source File: 00000000.00000002.2124398066.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
  • Associated: 00000000.00000002.2124322813.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124524807.000000000106C000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124663432.0000000001119000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124706630.000000000111D000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124743435.000000000111E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124784032.000000000111F000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124824878.0000000001128000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124851517.0000000001129000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000112D000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000115A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001175000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.0000000001178000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.000000000119F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125192678.00000000011F9000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125246417.00000000011FA000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_fc0000_main.jbxd
Similarity
  • API ID:
  • String ID: base code= ctxt: curg= free goid jobs= list= m->p= next= p->m= prev= span=% util(...), i = , not 390625<-chanArabicBrahmiCarianChakmaCommonCopticFormatGOROOTGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLepchaLycianLydianRejangSCHED StringSyriacTai_LeTa$ not in ranges: untyped locals , not a function0123456789ABCDEF0123456789abcdef2384185791015625CreateDirectoryWDnsNameCompare_WDuplicateTokenExFlushFileBuffersGC scavenge waitGC worker (idle)GODEBUG: value "GetComputerNameWGetCurrentThreadGetFullPathNameWGetL$ out of range procedure in to finalizer untyped args -thread limit1907348632812595367431640625CertCloseStoreCreateProcessWCryptGenRandomFindFirstFileWFormatMessageWGC assist waitGC worker initGetConsoleModeGetProcAddressGetUserNameExWMB; allocated NetUserG$.$runtime: type offset base pointer out of rangesignal arrived during external code executionslice bounds out of range [:%x] with length %ystopTheWorld: not stopped (status != _Pgcstop)sysGrow bounds not aligned to pallocChunkBytesP has cached GC work at end of$runtime: type offset out of rangeslice bounds out of range [%x:%y]stackalloc not on scheduler stackstoplockedm: inconsistent lockingtimer period must be non-negativetoo many levels of symbolic linkswaiting for unsupported file type35527136788005009293556213378$runtime: typeOff scanobject n == 0select (no cases)stack: frame={sp:swept cached spanthread exhaustionunknown caller pcwait for GC cyclewrong medium type but memory size because dotdotdot to non-Go memory , locked to thread298023223876953125Arab Standard Tim
  • API String ID: 0-7267560
  • Opcode ID: f82887f53a1e549b5b350adc85174e2a9e6ac76fcc378df686420a0908ee0f7d
  • Instruction ID: 697f441d98b6461ac0b62948925dcf08ffbd0193ec3a6d9e48afdd199f2166ad
  • Opcode Fuzzy Hash: f82887f53a1e549b5b350adc85174e2a9e6ac76fcc378df686420a0908ee0f7d
  • Instruction Fuzzy Hash: C8810F36609F4985DA40AF54F8813AEB7A8FB89784F848165EBCC43B29DF7CC195DB00
Strings
  • out of range procedure in to finalizer untyped args -thread limit1907348632812595367431640625CertCloseStoreCreateProcessWCryptGenRandomFindFirstFileWFormatMessageWGC assist waitGC worker initGetConsoleModeGetProcAddressGetUserNameExWMB; allocated NetUserG, xrefs: 0101982E
  • base code= ctxt: curg= free goid jobs= list= m->p= next= p->m= prev= span=% util(...), i = , not 390625<-chanArabicBrahmiCarianChakmaCommonCopticFormatGOROOTGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLepchaLycianLydianRejangSCHED StringSyriacTai_LeTa, xrefs: 010196CE
  • runtime: nameOff runtime: next_gc=runtime: pointer runtime: summary[runtime: textOff runtime: typeOff scanobject n == 0select (no cases)stack: frame={sp:swept cached spanthread exhaustionunknown caller pcwait for GC cyclewrong medium type but memory size bec, xrefs: 010196A5, 01019805
  • !, xrefs: 01019895
  • runtime: name offset base pointer out of rangeruntime: panic before malloc heap initializedruntime: text offset base pointer out of rangeruntime: type offset base pointer out of rangesignal arrived during external code executionslice bounds out of range [:%x, xrefs: 010197DB
  • runtime: name offset out of rangeruntime: text offset out of rangeruntime: type offset out of rangeslice bounds out of range [%x:%y]stackalloc not on scheduler stackstoplockedm: inconsistent lockingtimer period must be non-negativetoo many levels of symbolic l, xrefs: 0101988A
  • not in ranges: untyped locals , not a function0123456789ABCDEF0123456789abcdef2384185791015625CreateDirectoryWDnsNameCompare_WDuplicateTokenExFlushFileBuffersGC scavenge waitGC worker (idle)GODEBUG: value "GetComputerNameWGetCurrentThreadGetFullPathNameWGetL, xrefs: 010196F5
Memory Dump Source
  • Source File: 00000000.00000002.2124398066.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
  • Associated: 00000000.00000002.2124322813.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124524807.000000000106C000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124663432.0000000001119000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124706630.000000000111D000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124743435.000000000111E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124784032.000000000111F000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124824878.0000000001128000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124851517.0000000001129000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000112D000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000115A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001175000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.0000000001178000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.000000000119F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125192678.00000000011F9000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125246417.00000000011FA000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_fc0000_main.jbxd
Similarity
  • API ID:
  • String ID: base code= ctxt: curg= free goid jobs= list= m->p= next= p->m= prev= span=% util(...), i = , not 390625<-chanArabicBrahmiCarianChakmaCommonCopticFormatGOROOTGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLepchaLycianLydianRejangSCHED StringSyriacTai_LeTa$ not in ranges: untyped locals , not a function0123456789ABCDEF0123456789abcdef2384185791015625CreateDirectoryWDnsNameCompare_WDuplicateTokenExFlushFileBuffersGC scavenge waitGC worker (idle)GODEBUG: value "GetComputerNameWGetCurrentThreadGetFullPathNameWGetL$ out of range procedure in to finalizer untyped args -thread limit1907348632812595367431640625CertCloseStoreCreateProcessWCryptGenRandomFindFirstFileWFormatMessageWGC assist waitGC worker initGetConsoleModeGetProcAddressGetUserNameExWMB; allocated NetUserG$!$runtime: name offset base pointer out of rangeruntime: panic before malloc heap initializedruntime: text offset base pointer out of rangeruntime: type offset base pointer out of rangesignal arrived during external code executionslice bounds out of range [:%x$runtime: name offset out of rangeruntime: text offset out of rangeruntime: type offset out of rangeslice bounds out of range [%x:%y]stackalloc not on scheduler stackstoplockedm: inconsistent lockingtimer period must be non-negativetoo many levels of symbolic l$runtime: nameOff runtime: next_gc=runtime: pointer runtime: summary[runtime: textOff runtime: typeOff scanobject n == 0select (no cases)stack: frame={sp:swept cached spanthread exhaustionunknown caller pcwait for GC cyclewrong medium type but memory size bec
  • API String ID: 0-86900441
  • Opcode ID: 06ac1f5052db1eb1e39cc5cbfc6149f4c4b37002cbb68dd6c397ef1296b8a744
  • Instruction ID: 9dfcf4c69a78aa69a254f4d0add2b175d40da24862194dc631e4a1bf26b88665
  • Opcode Fuzzy Hash: 06ac1f5052db1eb1e39cc5cbfc6149f4c4b37002cbb68dd6c397ef1296b8a744
  • Instruction Fuzzy Hash: 3271F236609B89C5DA40AF54F8913AEB7A8FB89784F508065EBCD43B29DF7CC195DB00
Strings
  • runtime: typeBitsBulkBarrier with type 34694469519536141888238489627838134765625MapIter.Next called on exhausted iteratorattempted to add zero-sized address rangecan't call pointer on a non-pointer ValuegcSweep being done but phase is not GCoffmheap.freeSpanL, xrefs: 00FD40A5, 00FD413C
  • but memory size because dotdotdot to non-Go memory , locked to thread298023223876953125Arab Standard TimeCaucasian_AlbanianCommandLineToArgvWCreateFileMappingWCuba Standard TimeFiji Standard TimeGetComputerNameExWGetExitCodeProcessGetFileAttributesWGetModul, xrefs: 00FD4194
  • runtime: invalid typeBitsBulkBarrierruntime: marked free object in span runtime: mcall called on m->g0 stackruntime: sudog with non-nil waitlinkruntime: unblock on closing polldescruntime: wrong goroutine in newstackstrings.Builder.Grow: negative countsyntax e, xrefs: 00FD40F4, 00FD41CA
  • of size (targetpc= KiB work, freeindex= gcwaiting= heap_live= idleprocs= in status mallocing= ms clock, nBSSRoots= p->status= s.nelems= schedtick= span.list= timerslen=, elemsize=, npages = /dev/stderr/dev/stdout30517578125: frame.sp=CloseHandleCreateF, xrefs: 00FD416D
  • with GC prog476837158203125<invalid Value>ASCII_Hex_DigitCreateHardLinkWDeviceIoControlDuplicateHandleFailed to find Failed to load FlushViewOfFileGetAdaptersInfoGetCommandLineWGetProcessTimesGetStartupInfoWHanifi_RohingyaImpersonateSelfOpenThreadTokenOther, xrefs: 00FD40D6
  • ), xrefs: 00FD41F0
  • runtime: typeBitsBulkBarrier without typestopTheWorld: not stopped (stopwait != 0)strconv: illegal AppendInt/FormatInt base173472347597680709441192448139190673828125867361737988403547205962240695953369140625MapIter.Value called on exhausted iteratoracquireSudo, xrefs: 00FD41E5
Memory Dump Source
  • Source File: 00000000.00000002.2124398066.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
  • Associated: 00000000.00000002.2124322813.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124524807.000000000106C000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124663432.0000000001119000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124706630.000000000111D000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124743435.000000000111E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124784032.000000000111F000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124824878.0000000001128000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124851517.0000000001129000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000112D000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000115A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001175000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.0000000001178000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.000000000119F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125192678.00000000011F9000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125246417.00000000011FA000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_fc0000_main.jbxd
Similarity
  • API ID:
  • String ID: but memory size because dotdotdot to non-Go memory , locked to thread298023223876953125Arab Standard TimeCaucasian_AlbanianCommandLineToArgvWCreateFileMappingWCuba Standard TimeFiji Standard TimeGetComputerNameExWGetExitCodeProcessGetFileAttributesWGetModul$ of size (targetpc= KiB work, freeindex= gcwaiting= heap_live= idleprocs= in status mallocing= ms clock, nBSSRoots= p->status= s.nelems= schedtick= span.list= timerslen=, elemsize=, npages = /dev/stderr/dev/stdout30517578125: frame.sp=CloseHandleCreateF$ with GC prog476837158203125<invalid Value>ASCII_Hex_DigitCreateHardLinkWDeviceIoControlDuplicateHandleFailed to find Failed to load FlushViewOfFileGetAdaptersInfoGetCommandLineWGetProcessTimesGetStartupInfoWHanifi_RohingyaImpersonateSelfOpenThreadTokenOther$)$runtime: invalid typeBitsBulkBarrierruntime: marked free object in span runtime: mcall called on m->g0 stackruntime: sudog with non-nil waitlinkruntime: unblock on closing polldescruntime: wrong goroutine in newstackstrings.Builder.Grow: negative countsyntax e$runtime: typeBitsBulkBarrier with type 34694469519536141888238489627838134765625MapIter.Next called on exhausted iteratorattempted to add zero-sized address rangecan't call pointer on a non-pointer ValuegcSweep being done but phase is not GCoffmheap.freeSpanL$runtime: typeBitsBulkBarrier without typestopTheWorld: not stopped (stopwait != 0)strconv: illegal AppendInt/FormatInt base173472347597680709441192448139190673828125867361737988403547205962240695953369140625MapIter.Value called on exhausted iteratoracquireSudo
  • API String ID: 0-3157915452
  • Opcode ID: ec21d3b30e984a6110af91e233cd3a28c2d4f4fbb36c7bcfb95fc7d9681e7124
  • Instruction ID: b6301020349eb2c480a2391e79f8a27f784720443b368a3eaa423136e87751a2
  • Opcode Fuzzy Hash: ec21d3b30e984a6110af91e233cd3a28c2d4f4fbb36c7bcfb95fc7d9681e7124
  • Instruction Fuzzy Hash: 7261E13661AF8985DB10AF55F88436AB7A4F789B84F548026EBCC07B69DF7CC191DB00
Strings
  • freeIndex is not validgetenv before env initheadTailIndex overflowinteger divide by zerointerface conversion: kernel32.dll not foundminpc or maxpc invalidnetwork is unreachablenon-Go function at pc=oldoverflow is not nilprotocol not availableprotocol not suppo, xrefs: 00FCCA08
  • s.allocCount= semaRoot queuestack overflowstopm spinningstore64 failedsync.Cond.Waittext file busytoo many linkstoo many usersunexpected EOFunknown methodunreachable: unsafe.Pointerwinapi error #work.full != 0 with GC prog476837158203125<invalid Value>ASCII, xrefs: 00FCC991
  • runtime: s.allocCount= s.allocCount > s.nelemsschedule: holding locksshrinkstack at bad timespan has no free stacksstack growth after forksyntax error in patternsystem huge page size (work.nwait > work.nproc116415321826934814453125582076609134674072265625Azerb, xrefs: 00FCCA34
  • s.allocCount > s.nelemsschedule: holding locksshrinkstack at bad timespan has no free stacksstack growth after forksyntax error in patternsystem huge page size (work.nwait > work.nproc116415321826934814453125582076609134674072265625Azerbaijan Standard TimeBang, xrefs: 00FCC9EF
  • 1, xrefs: 00FCCA9A
  • s.allocCount != s.nelems && freeIndex == s.nelemsslice bounds out of range [::%x] with capacity %ystrconv: internal error, rest != 0 but needed > 0strconv: num > den<<shift in adjustLastDigitFixedattempt to execute system stack code on user stackcompileCallbac, xrefs: 00FCCA8F
  • s.nelems= schedtick= span.list= timerslen=, elemsize=, npages = /dev/stderr/dev/stdout30517578125: frame.sp=CloseHandleCreateFileWDeleteFileWDives_AkuruExitProcessFreeLibraryGOTRACEBACKGetFileTypeIdeographicMedefaidrinMoveFileExWNandinagariNetShareAddNetShar, xrefs: 00FCC9BB, 00FCCA5B
Memory Dump Source
  • Source File: 00000000.00000002.2124398066.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
  • Associated: 00000000.00000002.2124322813.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124524807.000000000106C000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124663432.0000000001119000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124706630.000000000111D000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124743435.000000000111E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124784032.000000000111F000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124824878.0000000001128000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124851517.0000000001129000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000112D000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000115A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001175000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.0000000001178000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.000000000119F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125192678.00000000011F9000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125246417.00000000011FA000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_fc0000_main.jbxd
Similarity
  • API ID:
  • String ID: s.nelems= schedtick= span.list= timerslen=, elemsize=, npages = /dev/stderr/dev/stdout30517578125: frame.sp=CloseHandleCreateFileWDeleteFileWDives_AkuruExitProcessFreeLibraryGOTRACEBACKGetFileTypeIdeographicMedefaidrinMoveFileExWNandinagariNetShareAddNetShar$1$freeIndex is not validgetenv before env initheadTailIndex overflowinteger divide by zerointerface conversion: kernel32.dll not foundminpc or maxpc invalidnetwork is unreachablenon-Go function at pc=oldoverflow is not nilprotocol not availableprotocol not suppo$runtime: s.allocCount= s.allocCount > s.nelemsschedule: holding locksshrinkstack at bad timespan has no free stacksstack growth after forksyntax error in patternsystem huge page size (work.nwait > work.nproc116415321826934814453125582076609134674072265625Azerb$s.allocCount != s.nelems && freeIndex == s.nelemsslice bounds out of range [::%x] with capacity %ystrconv: internal error, rest != 0 but needed > 0strconv: num > den<<shift in adjustLastDigitFixedattempt to execute system stack code on user stackcompileCallbac$s.allocCount > s.nelemsschedule: holding locksshrinkstack at bad timespan has no free stacksstack growth after forksyntax error in patternsystem huge page size (work.nwait > work.nproc116415321826934814453125582076609134674072265625Azerbaijan Standard TimeBang$s.allocCount= semaRoot queuestack overflowstopm spinningstore64 failedsync.Cond.Waittext file busytoo many linkstoo many usersunexpected EOFunknown methodunreachable: unsafe.Pointerwinapi error #work.full != 0 with GC prog476837158203125<invalid Value>ASCII
  • API String ID: 0-3600493891
  • Opcode ID: 4af12f105b986927497165908cdcec7bf3bdfabcfbad5c8bc2b1ebfc03bb0c22
  • Instruction ID: a33f275a209b9e160fa10f88d45231e1e7a069d90aa22968094e74f407029940
  • Opcode Fuzzy Hash: 4af12f105b986927497165908cdcec7bf3bdfabcfbad5c8bc2b1ebfc03bb0c22
  • Instruction Fuzzy Hash: A0512536119B8484CB00AF11F88136EBBA4FB99794F909056EBCD43B69DF3CC596EB50
Strings
  • of on pc= sp: sp=) = ) m=+Inf-Inf3125: p=ACDTACSTAEDTAESTAKDTAKSTAWSTAhomCESTChamDashEESTGOGCLEAFLisuMiaoModiNZDTNZSTNewaSASTThaim=] = ] n=allgallpavx2basebindbmi1bmi2boolcallcas1cas2cas3cas4cas5cas6chandeadermsfilefuncidleint8itabkindpipeprofreadrootsbrk, xrefs: 00FDCDF2
  • status 48828125AcceptExArmenianBalineseBopomofoBugineseCancelIoCherokeeCyrillicDuployanEthiopicExtenderGeorgianGoStringGujaratiGurmukhiHiraganaJavaneseKatakanaKayah_LiLinear_ALinear_BMahajaniOl_ChikiPhags_PaReadFileTagbanwaTai_ThamTai_VietTifinaghUgariticWSAI, xrefs: 00FDCD5B
  • gcscandone m->gsignal= minTrigger= nDataRoots= nSpanRoots= pages/byte preemptoff= s.elemsize= s.sweepgen= span.limit= span.state= sysmonwait= wbuf1=<nil> wbuf2=<nil>) p->status=-byte limit152587890625762939453125Bidi_ControlGetAddrInfoWGetConsoleCPGetLastE, xrefs: 00FDCD85
  • left over markroot jobsmakechan: bad alignmentmissing type in runfinqnanotime returning zerono space left on deviceoperation not permittedoperation not supportedpanic during preemptoffprocresize: invalid argreflect.Value.Interfacereflect.Value.NumMethodreflect, xrefs: 00FDCE36
  • markroot jobs done to unallocated span37252902984619140625Arabic Standard TimeAzores Standard TimeCertOpenSystemStoreWCreateProcessAsUserWCryptAcquireContextWEgyptian_HieroglyphsGetAcceptExSockaddrsGetAdaptersAddressesGetCurrentDirectoryWGetFileAttributesExW, xrefs: 00FDCE18
  • goid jobs= list= m->p= next= p->m= prev= span=% util(...), i = , not 390625<-chanArabicBrahmiCarianChakmaCommonCopticFormatGOROOTGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLepchaLycianLydianRejangSCHED StringSyriacTai_LeTangutTeluguThaanaType: UTC+12UT, xrefs: 00FDCD34
  • scan missed a gstartm: m has pstopm holding p already; errno= mheap.sweepgen= not in ranges: untyped locals , not a function0123456789ABCDEF0123456789abcdef2384185791015625CreateDirectoryWDnsNameCompare_WDuplicateTokenExFlushFileBuffersGC scavenge waitGC work, xrefs: 00FDCDB5
Memory Dump Source
  • Source File: 00000000.00000002.2124398066.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
  • Associated: 00000000.00000002.2124322813.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124524807.000000000106C000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124663432.0000000001119000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124706630.000000000111D000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124743435.000000000111E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124784032.000000000111F000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124824878.0000000001128000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124851517.0000000001129000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000112D000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000115A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001175000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.0000000001178000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.000000000119F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125192678.00000000011F9000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125246417.00000000011FA000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_fc0000_main.jbxd
Similarity
  • API ID:
  • String ID: gcscandone m->gsignal= minTrigger= nDataRoots= nSpanRoots= pages/byte preemptoff= s.elemsize= s.sweepgen= span.limit= span.state= sysmonwait= wbuf1=<nil> wbuf2=<nil>) p->status=-byte limit152587890625762939453125Bidi_ControlGetAddrInfoWGetConsoleCPGetLastE$ goid jobs= list= m->p= next= p->m= prev= span=% util(...), i = , not 390625<-chanArabicBrahmiCarianChakmaCommonCopticFormatGOROOTGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLepchaLycianLydianRejangSCHED StringSyriacTai_LeTangutTeluguThaanaType: UTC+12UT$ markroot jobs done to unallocated span37252902984619140625Arabic Standard TimeAzores Standard TimeCertOpenSystemStoreWCreateProcessAsUserWCryptAcquireContextWEgyptian_HieroglyphsGetAcceptExSockaddrsGetAdaptersAddressesGetCurrentDirectoryWGetFileAttributesExW$ of on pc= sp: sp=) = ) m=+Inf-Inf3125: p=ACDTACSTAEDTAESTAKDTAKSTAWSTAhomCESTChamDashEESTGOGCLEAFLisuMiaoModiNZDTNZSTNewaSASTThaim=] = ] n=allgallpavx2basebindbmi1bmi2boolcallcas1cas2cas3cas4cas5cas6chandeadermsfilefuncidleint8itabkindpipeprofreadrootsbrk$ status 48828125AcceptExArmenianBalineseBopomofoBugineseCancelIoCherokeeCyrillicDuployanEthiopicExtenderGeorgianGoStringGujaratiGurmukhiHiraganaJavaneseKatakanaKayah_LiLinear_ALinear_BMahajaniOl_ChikiPhags_PaReadFileTagbanwaTai_ThamTai_VietTifinaghUgariticWSAI$left over markroot jobsmakechan: bad alignmentmissing type in runfinqnanotime returning zerono space left on deviceoperation not permittedoperation not supportedpanic during preemptoffprocresize: invalid argreflect.Value.Interfacereflect.Value.NumMethodreflect$scan missed a gstartm: m has pstopm holding p already; errno= mheap.sweepgen= not in ranges: untyped locals , not a function0123456789ABCDEF0123456789abcdef2384185791015625CreateDirectoryWDnsNameCompare_WDuplicateTokenExFlushFileBuffersGC scavenge waitGC work
  • API String ID: 0-4091651803
  • Opcode ID: 61036c60ab7a5e1e92b06cc07d4e031fc361e674713586358d95e239bca07d9a
  • Instruction ID: d4a543d119323fe914018e1fb0289b834321b993d41ab6cf04667a310e5986b0
  • Opcode Fuzzy Hash: 61036c60ab7a5e1e92b06cc07d4e031fc361e674713586358d95e239bca07d9a
  • Instruction Fuzzy Hash: 0C510536119B4699DB00EB14F8813AAB7A8FB49780F448561EBCC43B6ADF7CC595EB10
Strings
  • list= m->p= next= p->m= prev= span=% util(...), i = , not 390625<-chanArabicBrahmiCarianChakmaCommonCopticFormatGOROOTGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLepchaLycianLydianRejangSCHED StringSyriacTai_LeTangutTeluguThaanaType: UTC+12UTC+13UTC-02UT, xrefs: 00FE7405
  • -, xrefs: 00FE7371
  • runtime: failed mSpanList.remove span.npages=scavengeOne called with unaligned work region (bad use of unsafe.Pointer? try -d=checkptr)compileCallback: float arguments not supportedmemory reservation exceeds address space limitpanicwrap: unexpected string aft, xrefs: 00FE7366
  • span.list= timerslen=, elemsize=, npages = /dev/stderr/dev/stdout30517578125: frame.sp=CloseHandleCreateFileWDeleteFileWDives_AkuruExitProcessFreeLibraryGOTRACEBACKGetFileTypeIdeographicMedefaidrinMoveFileExWNandinagariNetShareAddNetShareDelNew_Tai_LueOld_Per, xrefs: 00FE73DB
  • span=% util(...), i = , not 390625<-chanArabicBrahmiCarianChakmaCommonCopticFormatGOROOTGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLepchaLycianLydianRejangSCHED StringSyriacTai_LeTangutTeluguThaanaType: UTC+12UTC+13UTC-02UTC-08UTC-09UTC-11WanchoYezidi[], xrefs: 00FE738D
  • prev= span=% util(...), i = , not 390625<-chanArabicBrahmiCarianChakmaCommonCopticFormatGOROOTGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLepchaLycianLydianRejangSCHED StringSyriacTai_LeTangutTeluguThaanaType: UTC+12UTC+13UTC-02UTC-08UTC-09UTC-11WanchoYe, xrefs: 00FE73B4
  • mSpanList.removemessage too longmissing stackmapnewmHandoff.lockno route to hostnon-Go functionobject is remotepacer: H_m_prev=reflect mismatchremote I/O errorruntime: g: g=runtime: addr = runtime: base = runtime: gp: gp=runtime: head = runtime: nelems=sche, xrefs: 00FE7436
Memory Dump Source
  • Source File: 00000000.00000002.2124398066.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
  • Associated: 00000000.00000002.2124322813.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124524807.000000000106C000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124663432.0000000001119000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124706630.000000000111D000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124743435.000000000111E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124784032.000000000111F000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124824878.0000000001128000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124851517.0000000001129000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000112D000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000115A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001175000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.0000000001178000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.000000000119F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125192678.00000000011F9000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125246417.00000000011FA000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_fc0000_main.jbxd
Similarity
  • API ID:
  • String ID: list= m->p= next= p->m= prev= span=% util(...), i = , not 390625<-chanArabicBrahmiCarianChakmaCommonCopticFormatGOROOTGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLepchaLycianLydianRejangSCHED StringSyriacTai_LeTangutTeluguThaanaType: UTC+12UTC+13UTC-02UT$ prev= span=% util(...), i = , not 390625<-chanArabicBrahmiCarianChakmaCommonCopticFormatGOROOTGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLepchaLycianLydianRejangSCHED StringSyriacTai_LeTangutTeluguThaanaType: UTC+12UTC+13UTC-02UTC-08UTC-09UTC-11WanchoYe$ span.list= timerslen=, elemsize=, npages = /dev/stderr/dev/stdout30517578125: frame.sp=CloseHandleCreateFileWDeleteFileWDives_AkuruExitProcessFreeLibraryGOTRACEBACKGetFileTypeIdeographicMedefaidrinMoveFileExWNandinagariNetShareAddNetShareDelNew_Tai_LueOld_Per$ span=% util(...), i = , not 390625<-chanArabicBrahmiCarianChakmaCommonCopticFormatGOROOTGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLepchaLycianLydianRejangSCHED StringSyriacTai_LeTangutTeluguThaanaType: UTC+12UTC+13UTC-02UTC-08UTC-09UTC-11WanchoYezidi[]$-$mSpanList.removemessage too longmissing stackmapnewmHandoff.lockno route to hostnon-Go functionobject is remotepacer: H_m_prev=reflect mismatchremote I/O errorruntime: g: g=runtime: addr = runtime: base = runtime: gp: gp=runtime: head = runtime: nelems=sche$runtime: failed mSpanList.remove span.npages=scavengeOne called with unaligned work region (bad use of unsafe.Pointer? try -d=checkptr)compileCallback: float arguments not supportedmemory reservation exceeds address space limitpanicwrap: unexpected string aft
  • API String ID: 0-654409658
  • Opcode ID: 584b1867f514b6969be87172fb635f04186ad79352faabd7fb788f2a995de5e5
  • Instruction ID: 66292bd55d5ca2e524312097ab7ff317a7d4427e092ff5a69fda4d4762d5574b
  • Opcode Fuzzy Hash: 584b1867f514b6969be87172fb635f04186ad79352faabd7fb788f2a995de5e5
  • Instruction Fuzzy Hash: AD41A036209F8984CB00AF11F89136AB7A4F788B94F558552EBCD43729DF78C5A1EB10
Strings
  • [signal stack=[cgocheckcs deadlockfs gs no anodepollDescr10 r11 r12 r13 r14 r15 r8 r9 rax rbp rbx rcx rdi reflect.rflags rip rsi rsp runnableruntime.rwmutexRrwmutexWscavengeshut, xrefs: 00FF668E
  • addr= alloc base code= ctxt: curg= free goid jobs= list= m->p= next= p->m= prev= span=% util(...), i = , not 390625<-chanArabicBrahmiCarianChakmaCommonCopticFormatGOROOTGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLepchaLycianLydianRejangSCHED StringSy, xrefs: 00FF6713
  • pc= sp: sp=) = ) m=+Inf-Inf3125: p=ACDTACSTAEDTAESTAKDTAKSTAWSTAhomCESTChamDashEESTGOGCLEAFLisuMiaoModiNZDTNZSTNewaSASTThaim=] = ] n=allgallpavx2basebindbmi1bmi2boolcallcas1cas2cas3cas4cas5cas6chandeadermsfilefuncidleint8itabkindpipeprofreadrootsbrksse2sse3, xrefs: 00FF673A
  • code= ctxt: curg= free goid jobs= list= m->p= next= p->m= prev= span=% util(...), i = , not 390625<-chanArabicBrahmiCarianChakmaCommonCopticFormatGOROOTGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLepchaLycianLydianRejangSCHED StringSyriacTai_LeTangutTe, xrefs: 00FF66E7
  • runtime stack:bad g transitionbad special kindbad summary databad symbol tablecastogscanstatusgc: unswept spangcshrinkstackoffinteger overflowinvalid argumentinvalid exchangeinvalid g statusinvalid spdelta mSpanList.insertmSpanList.removemessage too longmiss, xrefs: 00FF6525
  • ]i)msnss us} G M P ) *( - < > m= n=%: +00+01+03+04+05+06+07+08+09+10+11+12+13+14-01-02-03-04-05-06-08-09-11-12125625???ADTASTBSTCATCDTCETCSTEATEDTEETEOFESTGMTHDTHSTHanIDTISTJSTKSTLaoMDTMSKMSTMroNDTNSTNaNNkoPC=PDTPKTPSTUTCVaiWAT]:adxaesavxendfinfmagc , xrefs: 00FF6765
Memory Dump Source
  • Source File: 00000000.00000002.2124398066.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
  • Associated: 00000000.00000002.2124322813.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124524807.000000000106C000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124663432.0000000001119000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124706630.000000000111D000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124743435.000000000111E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124784032.000000000111F000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124824878.0000000001128000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124851517.0000000001129000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000112D000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000115A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001175000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.0000000001178000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.000000000119F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125192678.00000000011F9000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125246417.00000000011FA000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_fc0000_main.jbxd
Similarity
  • API ID:
  • String ID: runtime stack:bad g transitionbad special kindbad summary databad symbol tablecastogscanstatusgc: unswept spangcshrinkstackoffinteger overflowinvalid argumentinvalid exchangeinvalid g statusinvalid spdelta mSpanList.insertmSpanList.removemessage too longmiss$ addr= alloc base code= ctxt: curg= free goid jobs= list= m->p= next= p->m= prev= span=% util(...), i = , not 390625<-chanArabicBrahmiCarianChakmaCommonCopticFormatGOROOTGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLepchaLycianLydianRejangSCHED StringSy$ code= ctxt: curg= free goid jobs= list= m->p= next= p->m= prev= span=% util(...), i = , not 390625<-chanArabicBrahmiCarianChakmaCommonCopticFormatGOROOTGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLepchaLycianLydianRejangSCHED StringSyriacTai_LeTangutTe$ pc= sp: sp=) = ) m=+Inf-Inf3125: p=ACDTACSTAEDTAESTAKDTAKSTAWSTAhomCESTChamDashEESTGOGCLEAFLisuMiaoModiNZDTNZSTNewaSASTThaim=] = ] n=allgallpavx2basebindbmi1bmi2boolcallcas1cas2cas3cas4cas5cas6chandeadermsfilefuncidleint8itabkindpipeprofreadrootsbrksse2sse3$[signal stack=[cgocheckcs deadlockfs gs no anodepollDescr10 r11 r12 r13 r14 r15 r8 r9 rax rbp rbx rcx rdi reflect.rflags rip rsi rsp runnableruntime.rwmutexRrwmutexWscavengeshut$]i)msnss us} G M P ) *( - < > m= n=%: +00+01+03+04+05+06+07+08+09+10+11+12+13+14-01-02-03-04-05-06-08-09-11-12125625???ADTASTBSTCATCDTCETCSTEATEDTEETEOFESTGMTHDTHSTHanIDTISTJSTKSTLaoMDTMSKMSTMroNDTNSTNaNNkoPC=PDTPKTPSTUTCVaiWAT]:adxaesavxendfinfmagc
  • API String ID: 0-730504977
  • Opcode ID: ff51cd4c1864bf32d4b9fd440daf28b5e917e11d5e3056d5fbd0e14f7f827536
  • Instruction ID: 6d597e9faf996c2d28d472119cc19f9263df50aef30d0885d42facc1cc5f6910
  • Opcode Fuzzy Hash: ff51cd4c1864bf32d4b9fd440daf28b5e917e11d5e3056d5fbd0e14f7f827536
  • Instruction Fuzzy Hash: F6710236609B4985DB00AF15F8853AABBA4FB89794F548065EBCC83B79DF7CC085DB00
Strings
  • runtime: g: g=runtime: addr = runtime: base = runtime: gp: gp=runtime: head = runtime: nelems=schedule: in cgotime: bad [0-9]*workbuf is empty initialHeapLive= spinningthreads=, p.searchAddr = 0123456789ABCDEFX0123456789abcdefx1192092895507812559604644775390, xrefs: 00FFA0FE
  • , gp->atomicstatus=14901161193847656257450580596923828125Altai Standard TimeBahia Standard TimeCanadian_AboriginalChina Standard TimeCreateSymbolicLinkWCryptReleaseContextEgypt Standard TimeGC work not flushedGetCurrentProcessIdGetSystemDirectoryWGetTokenInfor, xrefs: 00FFA0AC
  • , goid=, j0 = 19531259765625AvestanBengaliBrailleChanDirCopySidCypriotDeseretElbasanElymaicGODEBUGGranthaHanunooIO waitKannadaMakasarMandaicMarchenMultaniMyanmarOsmanyaRadicalSharadaShavianSiddhamSinhalaSogdianSoyomboTagalogTibetanTirhutaUNKNOWNWSARecvWSASend, xrefs: 00FFA085, 00FFA125
  • , g->atomicstatus=, gp->atomicstatus=14901161193847656257450580596923828125Altai Standard TimeBahia Standard TimeCanadian_AboriginalChina Standard TimeCreateSymbolicLinkWCryptReleaseContextEgypt Standard TimeGC work not flushedGetCurrentProcessIdGetSystemDire, xrefs: 00FFA14C
  • runtime: gp: gp=runtime: head = runtime: nelems=schedule: in cgotime: bad [0-9]*workbuf is empty initialHeapLive= spinningthreads=, p.searchAddr = 0123456789ABCDEFX0123456789abcdefx1192092895507812559604644775390625: missing method DnsRecordListFreeFLE Standar, xrefs: 00FFA05B
  • bad g->status in readybad sweepgen in refillcall not at safe pointcannot allocate memoryduplicated defer entryfreeIndex is not validgetenv before env initheadTailIndex overflowinteger divide by zerointerface conversion: kernel32.dll not foundminpc or maxpc inv, xrefs: 00FFA17E
Memory Dump Source
  • Source File: 00000000.00000002.2124398066.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
  • Associated: 00000000.00000002.2124322813.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124524807.000000000106C000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124663432.0000000001119000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124706630.000000000111D000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124743435.000000000111E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124784032.000000000111F000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124824878.0000000001128000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124851517.0000000001129000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000112D000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000115A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001175000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.0000000001178000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.000000000119F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125192678.00000000011F9000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125246417.00000000011FA000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_fc0000_main.jbxd
Similarity
  • API ID:
  • String ID: , g->atomicstatus=, gp->atomicstatus=14901161193847656257450580596923828125Altai Standard TimeBahia Standard TimeCanadian_AboriginalChina Standard TimeCreateSymbolicLinkWCryptReleaseContextEgypt Standard TimeGC work not flushedGetCurrentProcessIdGetSystemDire$, goid=, j0 = 19531259765625AvestanBengaliBrailleChanDirCopySidCypriotDeseretElbasanElymaicGODEBUGGranthaHanunooIO waitKannadaMakasarMandaicMarchenMultaniMyanmarOsmanyaRadicalSharadaShavianSiddhamSinhalaSogdianSoyomboTagalogTibetanTirhutaUNKNOWNWSARecvWSASend$, gp->atomicstatus=14901161193847656257450580596923828125Altai Standard TimeBahia Standard TimeCanadian_AboriginalChina Standard TimeCreateSymbolicLinkWCryptReleaseContextEgypt Standard TimeGC work not flushedGetCurrentProcessIdGetSystemDirectoryWGetTokenInfor$bad g->status in readybad sweepgen in refillcall not at safe pointcannot allocate memoryduplicated defer entryfreeIndex is not validgetenv before env initheadTailIndex overflowinteger divide by zerointerface conversion: kernel32.dll not foundminpc or maxpc inv$runtime: g: g=runtime: addr = runtime: base = runtime: gp: gp=runtime: head = runtime: nelems=schedule: in cgotime: bad [0-9]*workbuf is empty initialHeapLive= spinningthreads=, p.searchAddr = 0123456789ABCDEFX0123456789abcdefx1192092895507812559604644775390$runtime: gp: gp=runtime: head = runtime: nelems=schedule: in cgotime: bad [0-9]*workbuf is empty initialHeapLive= spinningthreads=, p.searchAddr = 0123456789ABCDEFX0123456789abcdefx1192092895507812559604644775390625: missing method DnsRecordListFreeFLE Standar
  • API String ID: 0-1720119085
  • Opcode ID: c74aa1c1d460184071884afa84a28eaca3c861890965c538e27c6cb1fa4c0054
  • Instruction ID: b841c99d0502fd463f8730244f06a438c1a17613cdb72d813040e306209b1fb6
  • Opcode Fuzzy Hash: c74aa1c1d460184071884afa84a28eaca3c861890965c538e27c6cb1fa4c0054
  • Instruction Fuzzy Hash: 9C61E136609B8989DB40AF15F88036EB7A4FB89B94F448161EBCC43B69CF7CC095DB00
Strings
  • runtime: g: g=runtime: addr = runtime: base = runtime: gp: gp=runtime: head = runtime: nelems=schedule: in cgotime: bad [0-9]*workbuf is empty initialHeapLive= spinningthreads=, p.searchAddr = 0123456789ABCDEFX0123456789abcdefx1192092895507812559604644775390, xrefs: 00FFFCFE
  • , gp->atomicstatus=14901161193847656257450580596923828125Altai Standard TimeBahia Standard TimeCanadian_AboriginalChina Standard TimeCreateSymbolicLinkWCryptReleaseContextEgypt Standard TimeGC work not flushedGetCurrentProcessIdGetSystemDirectoryWGetTokenInfor, xrefs: 00FFFCAC
  • , goid=, j0 = 19531259765625AvestanBengaliBrailleChanDirCopySidCypriotDeseretElbasanElymaicGODEBUGGranthaHanunooIO waitKannadaMakasarMandaicMarchenMultaniMyanmarOsmanyaRadicalSharadaShavianSiddhamSinhalaSogdianSoyomboTagalogTibetanTirhutaUNKNOWNWSARecvWSASend, xrefs: 00FFFC85, 00FFFD25
  • , g->atomicstatus=, gp->atomicstatus=14901161193847656257450580596923828125Altai Standard TimeBahia Standard TimeCanadian_AboriginalChina Standard TimeCreateSymbolicLinkWCryptReleaseContextEgypt Standard TimeGC work not flushedGetCurrentProcessIdGetSystemDire, xrefs: 00FFFD4C
  • runtime: gp: gp=runtime: head = runtime: nelems=schedule: in cgotime: bad [0-9]*workbuf is empty initialHeapLive= spinningthreads=, p.searchAddr = 0123456789ABCDEFX0123456789abcdefx1192092895507812559604644775390625: missing method DnsRecordListFreeFLE Standar, xrefs: 00FFFC5C
  • bad g statusbad g0 stackbad recoverycan't happencas64 failedchan receivedumping heapend tracegcentersyscallgcBitsArenasgcpacertracehost is downillegal seekinvalid slotiphlpapi.dllkernel32.dlllfstack.pushmadvdontneedmheapSpecialmspanSpecialnetapi32.dllnot poll, xrefs: 00FFFD7E
Memory Dump Source
  • Source File: 00000000.00000002.2124398066.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
  • Associated: 00000000.00000002.2124322813.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124524807.000000000106C000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124663432.0000000001119000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124706630.000000000111D000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124743435.000000000111E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124784032.000000000111F000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124824878.0000000001128000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124851517.0000000001129000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000112D000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000115A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001175000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.0000000001178000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.000000000119F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125192678.00000000011F9000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125246417.00000000011FA000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_fc0000_main.jbxd
Similarity
  • API ID:
  • String ID: , g->atomicstatus=, gp->atomicstatus=14901161193847656257450580596923828125Altai Standard TimeBahia Standard TimeCanadian_AboriginalChina Standard TimeCreateSymbolicLinkWCryptReleaseContextEgypt Standard TimeGC work not flushedGetCurrentProcessIdGetSystemDire$, goid=, j0 = 19531259765625AvestanBengaliBrailleChanDirCopySidCypriotDeseretElbasanElymaicGODEBUGGranthaHanunooIO waitKannadaMakasarMandaicMarchenMultaniMyanmarOsmanyaRadicalSharadaShavianSiddhamSinhalaSogdianSoyomboTagalogTibetanTirhutaUNKNOWNWSARecvWSASend$, gp->atomicstatus=14901161193847656257450580596923828125Altai Standard TimeBahia Standard TimeCanadian_AboriginalChina Standard TimeCreateSymbolicLinkWCryptReleaseContextEgypt Standard TimeGC work not flushedGetCurrentProcessIdGetSystemDirectoryWGetTokenInfor$bad g statusbad g0 stackbad recoverycan't happencas64 failedchan receivedumping heapend tracegcentersyscallgcBitsArenasgcpacertracehost is downillegal seekinvalid slotiphlpapi.dllkernel32.dlllfstack.pushmadvdontneedmheapSpecialmspanSpecialnetapi32.dllnot poll$runtime: g: g=runtime: addr = runtime: base = runtime: gp: gp=runtime: head = runtime: nelems=schedule: in cgotime: bad [0-9]*workbuf is empty initialHeapLive= spinningthreads=, p.searchAddr = 0123456789ABCDEFX0123456789abcdefx1192092895507812559604644775390$runtime: gp: gp=runtime: head = runtime: nelems=schedule: in cgotime: bad [0-9]*workbuf is empty initialHeapLive= spinningthreads=, p.searchAddr = 0123456789ABCDEFX0123456789abcdefx1192092895507812559604644775390625: missing method DnsRecordListFreeFLE Standar
  • API String ID: 0-2590370103
  • Opcode ID: 8bad5a35c774292a9cdf3864a0a65d5a475d4b67751568ad39947420a5f416ab
  • Instruction ID: d2f84b80bc390d51433426116e3b2c6fc375dbc8a9b12bdc716421880b02761f
  • Opcode Fuzzy Hash: 8bad5a35c774292a9cdf3864a0a65d5a475d4b67751568ad39947420a5f416ab
  • Instruction Fuzzy Hash: 2D51F136609B4989DB00EF15F8813AAB7A4FB89B84F518065EBCD43729DF7CC195DB10
Strings
  • runtime: g: g=runtime: addr = runtime: base = runtime: gp: gp=runtime: head = runtime: nelems=schedule: in cgotime: bad [0-9]*workbuf is empty initialHeapLive= spinningthreads=, p.searchAddr = 0123456789ABCDEFX0123456789abcdefx1192092895507812559604644775390, xrefs: 0100007E
  • , gp->atomicstatus=14901161193847656257450580596923828125Altai Standard TimeBahia Standard TimeCanadian_AboriginalChina Standard TimeCreateSymbolicLinkWCryptReleaseContextEgypt Standard TimeGC work not flushedGetCurrentProcessIdGetSystemDirectoryWGetTokenInfor, xrefs: 0100002C
  • , goid=, j0 = 19531259765625AvestanBengaliBrailleChanDirCopySidCypriotDeseretElbasanElymaicGODEBUGGranthaHanunooIO waitKannadaMakasarMandaicMarchenMultaniMyanmarOsmanyaRadicalSharadaShavianSiddhamSinhalaSogdianSoyomboTagalogTibetanTirhutaUNKNOWNWSARecvWSASend, xrefs: 01000005, 010000A5
  • , g->atomicstatus=, gp->atomicstatus=14901161193847656257450580596923828125Altai Standard TimeBahia Standard TimeCanadian_AboriginalChina Standard TimeCreateSymbolicLinkWCryptReleaseContextEgypt Standard TimeGC work not flushedGetCurrentProcessIdGetSystemDire, xrefs: 010000CC
  • runtime: gp: gp=runtime: head = runtime: nelems=schedule: in cgotime: bad [0-9]*workbuf is empty initialHeapLive= spinningthreads=, p.searchAddr = 0123456789ABCDEFX0123456789abcdefx1192092895507812559604644775390625: missing method DnsRecordListFreeFLE Standar, xrefs: 00FFFFDB
  • bad g statusbad g0 stackbad recoverycan't happencas64 failedchan receivedumping heapend tracegcentersyscallgcBitsArenasgcpacertracehost is downillegal seekinvalid slotiphlpapi.dllkernel32.dlllfstack.pushmadvdontneedmheapSpecialmspanSpecialnetapi32.dllnot poll, xrefs: 010000FE
Memory Dump Source
  • Source File: 00000000.00000002.2124398066.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
  • Associated: 00000000.00000002.2124322813.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124524807.000000000106C000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124663432.0000000001119000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124706630.000000000111D000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124743435.000000000111E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124784032.000000000111F000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124824878.0000000001128000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124851517.0000000001129000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000112D000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000115A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001175000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.0000000001178000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.000000000119F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125192678.00000000011F9000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125246417.00000000011FA000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_fc0000_main.jbxd
Similarity
  • API ID:
  • String ID: , g->atomicstatus=, gp->atomicstatus=14901161193847656257450580596923828125Altai Standard TimeBahia Standard TimeCanadian_AboriginalChina Standard TimeCreateSymbolicLinkWCryptReleaseContextEgypt Standard TimeGC work not flushedGetCurrentProcessIdGetSystemDire$, goid=, j0 = 19531259765625AvestanBengaliBrailleChanDirCopySidCypriotDeseretElbasanElymaicGODEBUGGranthaHanunooIO waitKannadaMakasarMandaicMarchenMultaniMyanmarOsmanyaRadicalSharadaShavianSiddhamSinhalaSogdianSoyomboTagalogTibetanTirhutaUNKNOWNWSARecvWSASend$, gp->atomicstatus=14901161193847656257450580596923828125Altai Standard TimeBahia Standard TimeCanadian_AboriginalChina Standard TimeCreateSymbolicLinkWCryptReleaseContextEgypt Standard TimeGC work not flushedGetCurrentProcessIdGetSystemDirectoryWGetTokenInfor$bad g statusbad g0 stackbad recoverycan't happencas64 failedchan receivedumping heapend tracegcentersyscallgcBitsArenasgcpacertracehost is downillegal seekinvalid slotiphlpapi.dllkernel32.dlllfstack.pushmadvdontneedmheapSpecialmspanSpecialnetapi32.dllnot poll$runtime: g: g=runtime: addr = runtime: base = runtime: gp: gp=runtime: head = runtime: nelems=schedule: in cgotime: bad [0-9]*workbuf is empty initialHeapLive= spinningthreads=, p.searchAddr = 0123456789ABCDEFX0123456789abcdefx1192092895507812559604644775390$runtime: gp: gp=runtime: head = runtime: nelems=schedule: in cgotime: bad [0-9]*workbuf is empty initialHeapLive= spinningthreads=, p.searchAddr = 0123456789ABCDEFX0123456789abcdefx1192092895507812559604644775390625: missing method DnsRecordListFreeFLE Standar
  • API String ID: 0-2590370103
  • Opcode ID: 40ecbac3200bf0f97d828988d4392b09ed8431e20d3f8ff0ac2fae83dc6e290c
  • Instruction ID: 30a7301e963571aa46df44f91c55c6b7b430dfbb1fa9ee5caa47dd67cf4bec6b
  • Opcode Fuzzy Hash: 40ecbac3200bf0f97d828988d4392b09ed8431e20d3f8ff0ac2fae83dc6e290c
  • Instruction Fuzzy Hash: 4C51F336609B4989DB00EB15F88136ABBA4FB88784F418161EBCD43B7ADF7CC195DB10
Strings
  • 9, xrefs: 00FD6FF0
  • runtime: checkmarks found unexpected unmarked object obj=bufio.Scanner: SplitFunc returns advance count beyond inputsync/atomic: store of inconsistently typed value into Valueaddr range base and limit are not in the same memory segmentmanual span allocation ca, xrefs: 00FD6FE5
  • +-./5:<=?CLMNPSUZ[\]`hms + @ P [%v(") )(), ->25: > CcCfCoCsLlLmLoLtLuMcMeMnNdNlNoPcPdPePfPiPoPsScSkSmSoYiZlZpZs")" ][]i)msnss us} G M P ) *( - < > m= n=%: +00+01+03+04+05+06+07+08+09+10+11+12+13+14-01-02-03-04-05-06-08-09-11-12125625???ADTASTBSTCAT, xrefs: 00FD7045
  • basebindbmi1bmi2boolcallcas1cas2cas3cas4cas5cas6chandeadermsfilefuncidleint8itabkindpipeprofreadrootsbrksse2sse3tcp4trueudp4uint ... H_T= H_a= H_g= MB, W_a= and cnt= h_a= h_g= h_t= max= ms, ptr siz= tab= top= u_a= u_g=+0330+0430+0530+0545+0630+0845+1030+1, xrefs: 00FD708A
  • checkmark found unmarked objectentersyscallblock inconsistent fmt: unknown base; can't happeninternal error - misuse of itabmalformed time zone informationnon in-use span in unswept listpacer: sweep done at heap size pattern contains path separatorreflect: Len, xrefs: 00FD7100
  • runtime: found obj at *(runtime: p.searchAddr = span has no free objectsstack trace unavailablestructure needs cleaning bytes failed with errno= to unused region of span2910383045673370361328125AUS Central Standard TimeAUS Eastern Standard TimeAfghanistan Sta, xrefs: 00FD701B
Memory Dump Source
  • Source File: 00000000.00000002.2124398066.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
  • Associated: 00000000.00000002.2124322813.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124524807.000000000106C000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124663432.0000000001119000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124706630.000000000111D000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124743435.000000000111E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124784032.000000000111F000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124824878.0000000001128000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124851517.0000000001129000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000112D000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000115A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001175000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.0000000001178000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.000000000119F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125192678.00000000011F9000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125246417.00000000011FA000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_fc0000_main.jbxd
Similarity
  • API ID:
  • String ID: +-./5:<=?CLMNPSUZ[\]`hms + @ P [%v(") )(), ->25: > CcCfCoCsLlLmLoLtLuMcMeMnNdNlNoPcPdPePfPiPoPsScSkSmSoYiZlZpZs")" ][]i)msnss us} G M P ) *( - < > m= n=%: +00+01+03+04+05+06+07+08+09+10+11+12+13+14-01-02-03-04-05-06-08-09-11-12125625???ADTASTBSTCAT$9$basebindbmi1bmi2boolcallcas1cas2cas3cas4cas5cas6chandeadermsfilefuncidleint8itabkindpipeprofreadrootsbrksse2sse3tcp4trueudp4uint ... H_T= H_a= H_g= MB, W_a= and cnt= h_a= h_g= h_t= max= ms, ptr siz= tab= top= u_a= u_g=+0330+0430+0530+0545+0630+0845+1030+1$checkmark found unmarked objectentersyscallblock inconsistent fmt: unknown base; can't happeninternal error - misuse of itabmalformed time zone informationnon in-use span in unswept listpacer: sweep done at heap size pattern contains path separatorreflect: Len$runtime: checkmarks found unexpected unmarked object obj=bufio.Scanner: SplitFunc returns advance count beyond inputsync/atomic: store of inconsistently typed value into Valueaddr range base and limit are not in the same memory segmentmanual span allocation ca$runtime: found obj at *(runtime: p.searchAddr = span has no free objectsstack trace unavailablestructure needs cleaning bytes failed with errno= to unused region of span2910383045673370361328125AUS Central Standard TimeAUS Eastern Standard TimeAfghanistan Sta
  • API String ID: 0-2276304503
  • Opcode ID: 5eef2d8e2b8606dc763a8bfda600d8a694ae9d9fdfee02d3cc15bf347550fbff
  • Instruction ID: e8384cf817fa1d01b2d8b135d778c5887e7c36cdef85d8205bfbe1a521282208
  • Opcode Fuzzy Hash: 5eef2d8e2b8606dc763a8bfda600d8a694ae9d9fdfee02d3cc15bf347550fbff
  • Instruction Fuzzy Hash: 5A515B3221AB8985CB00AF15F8813AEBBA4F785794F448165EBCC03B6ADF7CC154DB10
Strings
  • unexpected g statusunknown wait reasonwinmm.dll not found markroot jobs done to unallocated span37252902984619140625Arabic Standard TimeAzores Standard TimeCertOpenSystemStoreWCreateProcessAsUserWCryptAcquireContextWEgyptian_HieroglyphsGetAcceptExSockaddrsGet, xrefs: 00FF7037
  • runtime: g: g=runtime: addr = runtime: base = runtime: gp: gp=runtime: head = runtime: nelems=schedule: in cgotime: bad [0-9]*workbuf is empty initialHeapLive= spinningthreads=, p.searchAddr = 0123456789ABCDEFX0123456789abcdefx1192092895507812559604644775390, xrefs: 00FF6FB7
  • , gp->atomicstatus=14901161193847656257450580596923828125Altai Standard TimeBahia Standard TimeCanadian_AboriginalChina Standard TimeCreateSymbolicLinkWCryptReleaseContextEgypt Standard TimeGC work not flushedGetCurrentProcessIdGetSystemDirectoryWGetTokenInfor, xrefs: 00FF6F65
  • , goid=, j0 = 19531259765625AvestanBengaliBrailleChanDirCopySidCypriotDeseretElbasanElymaicGODEBUGGranthaHanunooIO waitKannadaMakasarMandaicMarchenMultaniMyanmarOsmanyaRadicalSharadaShavianSiddhamSinhalaSogdianSoyomboTagalogTibetanTirhutaUNKNOWNWSARecvWSASend, xrefs: 00FF6F3D, 00FF6FDE
  • , g->atomicstatus=, gp->atomicstatus=14901161193847656257450580596923828125Altai Standard TimeBahia Standard TimeCanadian_AboriginalChina Standard TimeCreateSymbolicLinkWCryptReleaseContextEgypt Standard TimeGC work not flushedGetCurrentProcessIdGetSystemDire, xrefs: 00FF7005
  • runtime: gp: gp=runtime: head = runtime: nelems=schedule: in cgotime: bad [0-9]*workbuf is empty initialHeapLive= spinningthreads=, p.searchAddr = 0123456789ABCDEFX0123456789abcdefx1192092895507812559604644775390625: missing method DnsRecordListFreeFLE Standar, xrefs: 00FF6F16
Memory Dump Source
  • Source File: 00000000.00000002.2124398066.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
  • Associated: 00000000.00000002.2124322813.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124524807.000000000106C000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124663432.0000000001119000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124706630.000000000111D000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124743435.000000000111E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124784032.000000000111F000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124824878.0000000001128000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124851517.0000000001129000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000112D000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000115A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001175000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.0000000001178000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.000000000119F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125192678.00000000011F9000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125246417.00000000011FA000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_fc0000_main.jbxd
Similarity
  • API ID:
  • String ID: , g->atomicstatus=, gp->atomicstatus=14901161193847656257450580596923828125Altai Standard TimeBahia Standard TimeCanadian_AboriginalChina Standard TimeCreateSymbolicLinkWCryptReleaseContextEgypt Standard TimeGC work not flushedGetCurrentProcessIdGetSystemDire$, goid=, j0 = 19531259765625AvestanBengaliBrailleChanDirCopySidCypriotDeseretElbasanElymaicGODEBUGGranthaHanunooIO waitKannadaMakasarMandaicMarchenMultaniMyanmarOsmanyaRadicalSharadaShavianSiddhamSinhalaSogdianSoyomboTagalogTibetanTirhutaUNKNOWNWSARecvWSASend$, gp->atomicstatus=14901161193847656257450580596923828125Altai Standard TimeBahia Standard TimeCanadian_AboriginalChina Standard TimeCreateSymbolicLinkWCryptReleaseContextEgypt Standard TimeGC work not flushedGetCurrentProcessIdGetSystemDirectoryWGetTokenInfor$runtime: g: g=runtime: addr = runtime: base = runtime: gp: gp=runtime: head = runtime: nelems=schedule: in cgotime: bad [0-9]*workbuf is empty initialHeapLive= spinningthreads=, p.searchAddr = 0123456789ABCDEFX0123456789abcdefx1192092895507812559604644775390$runtime: gp: gp=runtime: head = runtime: nelems=schedule: in cgotime: bad [0-9]*workbuf is empty initialHeapLive= spinningthreads=, p.searchAddr = 0123456789ABCDEFX0123456789abcdefx1192092895507812559604644775390625: missing method DnsRecordListFreeFLE Standar$unexpected g statusunknown wait reasonwinmm.dll not found markroot jobs done to unallocated span37252902984619140625Arabic Standard TimeAzores Standard TimeCertOpenSystemStoreWCreateProcessAsUserWCryptAcquireContextWEgyptian_HieroglyphsGetAcceptExSockaddrsGet
  • API String ID: 0-1741311344
  • Opcode ID: 2821cae0c194b1296261caf76cebf7320c9def1399f8dbcb4378a553a71365fb
  • Instruction ID: c4bb905bfce6c6dbd5e0838cf3706a399d3b1fd0b04198e592dcac1f45d2c866
  • Opcode Fuzzy Hash: 2821cae0c194b1296261caf76cebf7320c9def1399f8dbcb4378a553a71365fb
  • Instruction Fuzzy Hash: AD51E436608B4989DB10AF14F88536EB7A4FB89784F508165EBCC47B2ADF7CC195EB10
Strings
  • packed= pointer stack=[ status 48828125AcceptExArmenianBalineseBopomofoBugineseCancelIoCherokeeCyrillicDuployanEthiopicExtenderGeorgianGoStringGujaratiGurmukhiHiraganaJavaneseKatakanaKayah_LiLinear_ALinear_BMahajaniOl_ChikiPhags_PaReadFileTagbanwaTai_ThamTai_, xrefs: 00FCAE45
  • ,, xrefs: 00FCAE02
  • lfstack.pushmadvdontneedmheapSpecialmspanSpecialnetapi32.dllnot pollableraceFiniLockreleasep: m=runtime: gp=runtime: sp=self-preemptshort bufferspanSetSpinesweepWaiterstraceStringswirep: p->m=worker mode != sweepgen MB) workers= called from flushedWork hea, xrefs: 00FCAE9D
  • cnt= h_a= h_g= h_t= max= ms, ptr siz= tab= top= u_a= u_g=+0330+0430+0530+0545+0630+0845+1030+1245+1345, ..., fp:-09301562578125<nil>AdlamBamumBatakBuhidDograErrorGreekKhmerLatinLimbuNushuOghamOriyaOsageRunicSTermTakriTamil] = (arrayclosedeferfalsefaultgFree, xrefs: 00FCAE1E
  • runtime: lfstack.push invalid packing: node=bufio.Scanner: Read returned impossible countcannot send after transport endpoint shutdownexitsyscall: syscall frame is no longer validheapBitsSetType: called with non-pointer typereflect: internal error: invalid met, xrefs: 00FCADF7
  • -> node= blocked= defersc= in use) lockedg= lockedm= m->curg= marked ms cpu, not in [ runtime= s.limit= s.state= threads= u_a/u_g= unmarked wbuf1.n= wbuf2.n=(unknown), newval=, oldval=, size = , tail = 244140625: status=Bassa_VahBhaiksukiCuneiformDiacriti, xrefs: 00FCAE6C
Memory Dump Source
  • Source File: 00000000.00000002.2124398066.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
  • Associated: 00000000.00000002.2124322813.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124524807.000000000106C000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124663432.0000000001119000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124706630.000000000111D000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124743435.000000000111E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124784032.000000000111F000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124824878.0000000001128000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124851517.0000000001129000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000112D000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000115A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001175000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.0000000001178000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.000000000119F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125192678.00000000011F9000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125246417.00000000011FA000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_fc0000_main.jbxd
Similarity
  • API ID:
  • String ID: -> node= blocked= defersc= in use) lockedg= lockedm= m->curg= marked ms cpu, not in [ runtime= s.limit= s.state= threads= u_a/u_g= unmarked wbuf1.n= wbuf2.n=(unknown), newval=, oldval=, size = , tail = 244140625: status=Bassa_VahBhaiksukiCuneiformDiacriti$ cnt= h_a= h_g= h_t= max= ms, ptr siz= tab= top= u_a= u_g=+0330+0430+0530+0545+0630+0845+1030+1245+1345, ..., fp:-09301562578125<nil>AdlamBamumBatakBuhidDograErrorGreekKhmerLatinLimbuNushuOghamOriyaOsageRunicSTermTakriTamil] = (arrayclosedeferfalsefaultgFree$ packed= pointer stack=[ status 48828125AcceptExArmenianBalineseBopomofoBugineseCancelIoCherokeeCyrillicDuployanEthiopicExtenderGeorgianGoStringGujaratiGurmukhiHiraganaJavaneseKatakanaKayah_LiLinear_ALinear_BMahajaniOl_ChikiPhags_PaReadFileTagbanwaTai_ThamTai_$,$lfstack.pushmadvdontneedmheapSpecialmspanSpecialnetapi32.dllnot pollableraceFiniLockreleasep: m=runtime: gp=runtime: sp=self-preemptshort bufferspanSetSpinesweepWaiterstraceStringswirep: p->m=worker mode != sweepgen MB) workers= called from flushedWork hea$runtime: lfstack.push invalid packing: node=bufio.Scanner: Read returned impossible countcannot send after transport endpoint shutdownexitsyscall: syscall frame is no longer validheapBitsSetType: called with non-pointer typereflect: internal error: invalid met
  • API String ID: 0-3739719963
  • Opcode ID: 7b06e5916dcaa8c49e53ff2adf63aa895929a00ea74876a3981063076f26d54e
  • Instruction ID: 3caff63b810f247f339389c1935d6f2379c48fc57b641663969fa7d6d662bcb0
  • Opcode Fuzzy Hash: 7b06e5916dcaa8c49e53ff2adf63aa895929a00ea74876a3981063076f26d54e
  • Instruction Fuzzy Hash: 55310336609F4984DB10EB11F88536AB7A8FB88788F548525EBCD43B29DF7CC192DB10
Strings
  • stackalloc not on scheduler stackstoplockedm: inconsistent lockingtimer period must be non-negativetoo many levels of symbolic linkswaiting for unsupported file type3552713678800500929355621337890625Other_Default_Ignorable_Code_PointSetFileCompletionNotificati, xrefs: 0100A185
  • out of memory (stackalloc)persistentalloc: size == 0required key not availableruntime: bad span s.state=shrinking stack in libcallstartlockedm: locked to me363797880709171295166015625CertEnumCertificatesInStoreEaster Island Standard TimeG waiting list is corru, xrefs: 0100A152
  • out of memoryruntime: seq=runtime: val=srmount errortimer expiredtraceStackTabtriggerRatio=value method xadd64 failedxchg64 failed}sched={pc: but progSize nmidlelocked= on zero Value out of range procedure in to finalizer untyped args -thread limit19073, xrefs: 0100A111
  • stack size not a power of 2startm: negative nmspinningstopTheWorld: holding lockstime: invalid location nametimer when must be positivetoo many callback functionswork.nwait was > work.nproc args stack map entries for 1818989403545856475830078125909494701772928, xrefs: 0100A16B
  • !, xrefs: 0100A190
Memory Dump Source
  • Source File: 00000000.00000002.2124398066.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
  • Associated: 00000000.00000002.2124322813.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124524807.000000000106C000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124663432.0000000001119000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124706630.000000000111D000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124743435.000000000111E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124784032.000000000111F000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124824878.0000000001128000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124851517.0000000001129000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000112D000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000115A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001175000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.0000000001178000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.000000000119F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125192678.00000000011F9000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125246417.00000000011FA000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_fc0000_main.jbxd
Similarity
  • API ID:
  • String ID: !$out of memory (stackalloc)persistentalloc: size == 0required key not availableruntime: bad span s.state=shrinking stack in libcallstartlockedm: locked to me363797880709171295166015625CertEnumCertificatesInStoreEaster Island Standard TimeG waiting list is corru$out of memoryruntime: seq=runtime: val=srmount errortimer expiredtraceStackTabtriggerRatio=value method xadd64 failedxchg64 failed}sched={pc: but progSize nmidlelocked= on zero Value out of range procedure in to finalizer untyped args -thread limit19073$stack size not a power of 2startm: negative nmspinningstopTheWorld: holding lockstime: invalid location nametimer when must be positivetoo many callback functionswork.nwait was > work.nproc args stack map entries for 1818989403545856475830078125909494701772928$stackalloc not on scheduler stackstoplockedm: inconsistent lockingtimer period must be non-negativetoo many levels of symbolic linkswaiting for unsupported file type3552713678800500929355621337890625Other_Default_Ignorable_Code_PointSetFileCompletionNotificati
  • API String ID: 0-4029036536
  • Opcode ID: 871ad404a00c0403b26ec0f2aef8f14fea10ebf5ce587c4e7e6cbed0ee4aba82
  • Instruction ID: a082444a18e52684d8b234ee8d36cfc6b683138a688d68fc3a5badfa4005f37a
  • Opcode Fuzzy Hash: 871ad404a00c0403b26ec0f2aef8f14fea10ebf5ce587c4e7e6cbed0ee4aba82
  • Instruction Fuzzy Hash: 2F814872209B84C5EB459F15F8803AEB7A5F789B84F548069EBCD47BA9DF38C494CB00
Strings
  • persistentalloc: size == 0required key not availableruntime: bad span s.state=shrinking stack in libcallstartlockedm: locked to me363797880709171295166015625CertEnumCertificatesInStoreEaster Island Standard TimeG waiting list is corruptedaddress not a stack ad, xrefs: 00FCDD05
  • *, xrefs: 00FCDCF4
  • persistentalloc: align is too largepidleput: P has non-empty run queueruntime: close polldesc w/o unblockruntime: createevent failed; errno=traceback did not unwind completelytransport endpoint is not connected) is larger than maximum page size () is not Grunn, xrefs: 00FCDCD0
  • runtime: cannot allocate memoryruntime: failed to commit pagesruntime: split stack overflow: slice bounds out of range [%x:]slice bounds out of range [:%x] (types from different packages)28421709430404007434844970703125CertAddCertificateContextToStoreCertVerif, xrefs: 00FCDCB7
  • persistentalloc: align is not a power of 2reflect: internal error: misaligned offsetruntime: blocked write on closing polldescsync/atomic: store of nil value into Valueunexpected signal during runtime executiongcBgMarkWorker: unexpected gcMarkWorkerModegrew he, xrefs: 00FCDCE9
Memory Dump Source
  • Source File: 00000000.00000002.2124398066.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
  • Associated: 00000000.00000002.2124322813.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124524807.000000000106C000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124663432.0000000001119000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124706630.000000000111D000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124743435.000000000111E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124784032.000000000111F000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124824878.0000000001128000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124851517.0000000001129000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000112D000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000115A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001175000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.0000000001178000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.000000000119F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125192678.00000000011F9000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125246417.00000000011FA000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_fc0000_main.jbxd
Similarity
  • API ID:
  • String ID: *$persistentalloc: align is not a power of 2reflect: internal error: misaligned offsetruntime: blocked write on closing polldescsync/atomic: store of nil value into Valueunexpected signal during runtime executiongcBgMarkWorker: unexpected gcMarkWorkerModegrew he$persistentalloc: align is too largepidleput: P has non-empty run queueruntime: close polldesc w/o unblockruntime: createevent failed; errno=traceback did not unwind completelytransport endpoint is not connected) is larger than maximum page size () is not Grunn$persistentalloc: size == 0required key not availableruntime: bad span s.state=shrinking stack in libcallstartlockedm: locked to me363797880709171295166015625CertEnumCertificatesInStoreEaster Island Standard TimeG waiting list is corruptedaddress not a stack ad$runtime: cannot allocate memoryruntime: failed to commit pagesruntime: split stack overflow: slice bounds out of range [%x:]slice bounds out of range [:%x] (types from different packages)28421709430404007434844970703125CertAddCertificateContextToStoreCertVerif
  • API String ID: 0-2573141607
  • Opcode ID: 87c1576af8778532005c574a631a538e335cb90c255c2ff31a7d446f2ddb121b
  • Instruction ID: 64bbde4132daa65b50a72e47ae6da1e60941e1acd0782b1f20e05caebb08116c
  • Opcode Fuzzy Hash: 87c1576af8778532005c574a631a538e335cb90c255c2ff31a7d446f2ddb121b
  • Instruction Fuzzy Hash: BC812076A09B8685CB049F05F5813ADB7B4F789B94F549026EB8D03B68DF7CC495DB00
Strings
  • %, xrefs: 00FF88D5
  • runtime.main not on m0runtime: work.nwait = runtime:scanstack: gp=s.freeindex > s.nelemsscanstack - bad statussend on closed channelspan has no free spacestack not a power of 2timer goroutine (idle)trace reader (blocked)trace: alloc too largewirep: invalid p s, xrefs: 00FF8917
  • _cgo_thread_start missingallgadd: bad status Gidlearena already initializedbad status in shrinkstackbad system huge page sizechansend: spurious wakeupcheckdead: no m for timerinconsistent poll.fdMutexinvalid cross-device linkmissing stack in newstackmissing tr, xrefs: 00FF88E5
  • _cgo_notify_runtime_init_done missingall goroutines are asleep - deadlock!cannot exec a shared library directlyfailed to reserve page summary memoryinternal error: unknown network type reflect.Value.Bytes of non-byte slicereflect.Value.Bytes of non-rune slicer, xrefs: 00FF88CA
  • nanotime returning zerono space left on deviceoperation not permittedoperation not supportedpanic during preemptoffprocresize: invalid argreflect.Value.Interfacereflect.Value.NumMethodreflect.methodValueCallruntime: internal errorruntime: invalid type runtime, xrefs: 00FF88FE
Memory Dump Source
  • Source File: 00000000.00000002.2124398066.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
  • Associated: 00000000.00000002.2124322813.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124524807.000000000106C000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124663432.0000000001119000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124706630.000000000111D000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124743435.000000000111E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124784032.000000000111F000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124824878.0000000001128000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124851517.0000000001129000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000112D000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000115A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001175000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.0000000001178000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.000000000119F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125192678.00000000011F9000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125246417.00000000011FA000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_fc0000_main.jbxd
Similarity
  • API ID:
  • String ID: %$_cgo_notify_runtime_init_done missingall goroutines are asleep - deadlock!cannot exec a shared library directlyfailed to reserve page summary memoryinternal error: unknown network type reflect.Value.Bytes of non-byte slicereflect.Value.Bytes of non-rune slicer$_cgo_thread_start missingallgadd: bad status Gidlearena already initializedbad status in shrinkstackbad system huge page sizechansend: spurious wakeupcheckdead: no m for timerinconsistent poll.fdMutexinvalid cross-device linkmissing stack in newstackmissing tr$nanotime returning zerono space left on deviceoperation not permittedoperation not supportedpanic during preemptoffprocresize: invalid argreflect.Value.Interfacereflect.Value.NumMethodreflect.methodValueCallruntime: internal errorruntime: invalid type runtime$runtime.main not on m0runtime: work.nwait = runtime:scanstack: gp=s.freeindex > s.nelemsscanstack - bad statussend on closed channelspan has no free spacestack not a power of 2timer goroutine (idle)trace reader (blocked)trace: alloc too largewirep: invalid p s
  • API String ID: 0-3181860013
  • Opcode ID: d418510d28ae2557eafd8dd69d1a881bec9a3cd5619e7cbd122d8a4ea169418e
  • Instruction ID: 897f476e4b77b0af990b343fa0ddd0610ca9a43a2385be07d9a4f9260c4f57f1
  • Opcode Fuzzy Hash: d418510d28ae2557eafd8dd69d1a881bec9a3cd5619e7cbd122d8a4ea169418e
  • Instruction Fuzzy Hash: 16913432609B8989EB019B14F8943E97BB4FB89B84F944066DB8C477B5DF7CC096DB00
Strings
  • sweep sysmontimersuint16uint32uint64 (scan (scan) MB in Value> allocs dying= locks= m->g0= nmsys= s=nil zombie, goid=, j0 = 19531259765625AvestanBengaliBrailleChanDirCopySidCypriotDeseretElbasanElymaicGODEBUGGranthaHanunooIO waitKannadaMakasarMandaicMarchen, xrefs: 00FDD6A5
  • +, xrefs: 00FDD750
  • s.state = schedtracesemacquiresetsockoptstackLargeticks.locktracefree(tracegc()unknown pcws2_32.dll of size (targetpc= KiB work, freeindex= gcwaiting= heap_live= idleprocs= in status mallocing= ms clock, nBSSRoots= p->status= s.nelems= schedtick= span., xrefs: 00FDD70F
  • gc: unswept spangcshrinkstackoffinteger overflowinvalid argumentinvalid exchangeinvalid g statusinvalid spdelta mSpanList.insertmSpanList.removemessage too longmissing stackmapnewmHandoff.lockno route to hostnon-Go functionobject is remotepacer: H_m_prev=refl, xrefs: 00FDD6EA
  • non in-use span found with specials bit setreflect: nil type passed to Type.Implementsroot level max pages doesn't fit in summaryruntime.SetFinalizer: finalizer already setruntime.SetFinalizer: first argument is nilruntime: casfrom_Gscanstatus bad oldval gp=ru, xrefs: 00FDD745
Memory Dump Source
  • Source File: 00000000.00000002.2124398066.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
  • Associated: 00000000.00000002.2124322813.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124524807.000000000106C000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124663432.0000000001119000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124706630.000000000111D000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124743435.000000000111E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124784032.000000000111F000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124824878.0000000001128000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124851517.0000000001129000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000112D000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000115A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001175000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.0000000001178000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.000000000119F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125192678.00000000011F9000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125246417.00000000011FA000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_fc0000_main.jbxd
Similarity
  • API ID:
  • String ID: +$gc: unswept spangcshrinkstackoffinteger overflowinvalid argumentinvalid exchangeinvalid g statusinvalid spdelta mSpanList.insertmSpanList.removemessage too longmissing stackmapnewmHandoff.lockno route to hostnon-Go functionobject is remotepacer: H_m_prev=refl$non in-use span found with specials bit setreflect: nil type passed to Type.Implementsroot level max pages doesn't fit in summaryruntime.SetFinalizer: finalizer already setruntime.SetFinalizer: first argument is nilruntime: casfrom_Gscanstatus bad oldval gp=ru$s.state = schedtracesemacquiresetsockoptstackLargeticks.locktracefree(tracegc()unknown pcws2_32.dll of size (targetpc= KiB work, freeindex= gcwaiting= heap_live= idleprocs= in status mallocing= ms clock, nBSSRoots= p->status= s.nelems= schedtick= span.$sweep sysmontimersuint16uint32uint64 (scan (scan) MB in Value> allocs dying= locks= m->g0= nmsys= s=nil zombie, goid=, j0 = 19531259765625AvestanBengaliBrailleChanDirCopySidCypriotDeseretElbasanElymaicGODEBUGGranthaHanunooIO waitKannadaMakasarMandaicMarchen
  • API String ID: 0-2252032169
  • Opcode ID: 38e6198e854239b3887de693f1f05bddfae874ac8c3b9702a0a3748d4b4ff188
  • Instruction ID: 9ebbb9a98ca1835ddbc45d55f062b2271c45b6a8306771978a7b369238d9586c
  • Opcode Fuzzy Hash: 38e6198e854239b3887de693f1f05bddfae874ac8c3b9702a0a3748d4b4ff188
  • Instruction Fuzzy Hash: 98718C36619B8585DB10AF15F4803AEBB65F789794F584162EBCE03B69CF7CD490EB00
Strings
  • bad summary databad symbol tablecastogscanstatusgc: unswept spangcshrinkstackoffinteger overflowinvalid argumentinvalid exchangeinvalid g statusinvalid spdelta mSpanList.insertmSpanList.removemessage too longmissing stackmapnewmHandoff.lockno route to hostnon-, xrefs: 00FEA56A
  • , p.searchAddr = 0123456789ABCDEFX0123456789abcdefx1192092895507812559604644775390625: missing method DnsRecordListFreeFLE Standard TimeGC assist markingGMT Standard TimeGTB Standard TimeGetCurrentProcessGetShortPathNameWLookupAccountSidWOld_North_ArabianOld_S, xrefs: 00FEA536
  • runtime: max = runtime: min = runtimer: bad pscan missed a gstartm: m has pstopm holding p already; errno= mheap.sweepgen= not in ranges: untyped locals , not a function0123456789ABCDEF0123456789abcdef2384185791015625CreateDirectoryWDnsNameCompare_WDuplicateT, xrefs: 00FEA491
  • runtime: searchIdx = runtime: work.nwait= stale NFS file handlestartlockedm: m has pstartm: m is spinningstate not recoverabletimer data corruption/lib/time/zoneinfo.zip4656612873077392578125Aleutian Standard TimeAtlantic Standard TimeCaucasus Standard TimeCon, xrefs: 00FEA505
  • , npages = /dev/stderr/dev/stdout30517578125: frame.sp=CloseHandleCreateFileWDeleteFileWDives_AkuruExitProcessFreeLibraryGOTRACEBACKGetFileTypeIdeographicMedefaidrinMoveFileExWNandinagariNetShareAddNetShareDelNew_Tai_LueOld_PersianOld_SogdianOpenProcessPau_Cin, xrefs: 00FEA4B8
Memory Dump Source
  • Source File: 00000000.00000002.2124398066.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
  • Associated: 00000000.00000002.2124322813.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124524807.000000000106C000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124663432.0000000001119000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124706630.000000000111D000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124743435.000000000111E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124784032.000000000111F000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124824878.0000000001128000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124851517.0000000001129000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000112D000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000115A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001175000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.0000000001178000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.000000000119F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125192678.00000000011F9000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125246417.00000000011FA000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_fc0000_main.jbxd
Similarity
  • API ID:
  • String ID: , npages = /dev/stderr/dev/stdout30517578125: frame.sp=CloseHandleCreateFileWDeleteFileWDives_AkuruExitProcessFreeLibraryGOTRACEBACKGetFileTypeIdeographicMedefaidrinMoveFileExWNandinagariNetShareAddNetShareDelNew_Tai_LueOld_PersianOld_SogdianOpenProcessPau_Cin$, p.searchAddr = 0123456789ABCDEFX0123456789abcdefx1192092895507812559604644775390625: missing method DnsRecordListFreeFLE Standard TimeGC assist markingGMT Standard TimeGTB Standard TimeGetCurrentProcessGetShortPathNameWLookupAccountSidWOld_North_ArabianOld_S$bad summary databad symbol tablecastogscanstatusgc: unswept spangcshrinkstackoffinteger overflowinvalid argumentinvalid exchangeinvalid g statusinvalid spdelta mSpanList.insertmSpanList.removemessage too longmissing stackmapnewmHandoff.lockno route to hostnon-$runtime: max = runtime: min = runtimer: bad pscan missed a gstartm: m has pstopm holding p already; errno= mheap.sweepgen= not in ranges: untyped locals , not a function0123456789ABCDEF0123456789abcdef2384185791015625CreateDirectoryWDnsNameCompare_WDuplicateT$runtime: searchIdx = runtime: work.nwait= stale NFS file handlestartlockedm: m has pstartm: m is spinningstate not recoverabletimer data corruption/lib/time/zoneinfo.zip4656612873077392578125Aleutian Standard TimeAtlantic Standard TimeCaucasus Standard TimeCon
  • API String ID: 0-3362638965
  • Opcode ID: 75e32c359d4ba2c89d2cd4813b96c85c9dde4496033105ce67559b949e3610bb
  • Instruction ID: 78250a2a6e135a2a6d3b10b5a79aa216aa2949eb42191588393548034974dd8f
  • Opcode Fuzzy Hash: 75e32c359d4ba2c89d2cd4813b96c85c9dde4496033105ce67559b949e3610bb
  • Instruction Fuzzy Hash: 7E714272619F8485DB00AF12F8803AEB765FB89B90F544522EACD03B69DFBCC195DB40
Strings
  • work.nwait > work.nproc116415321826934814453125582076609134674072265625Azerbaijan Standard TimeBangladesh Standard TimeCape Verde Standard TimeCertFreeCertificateChainCreateToolhelp32SnapshotGetUserProfileDirectoryWMagallanes Standard TimeMontevideo Standard T, xrefs: 00FDDD4F
  • runtime: work.nwait= stale NFS file handlestartlockedm: m has pstartm: m is spinningstate not recoverabletimer data corruption/lib/time/zoneinfo.zip4656612873077392578125Aleutian Standard TimeAtlantic Standard TimeCaucasus Standard TimeConvertSidToStringSidWCo, xrefs: 00FDDCF8
  • runtime: work.nwait = runtime:scanstack: gp=s.freeindex > s.nelemsscanstack - bad statussend on closed channelspan has no free spacestack not a power of 2timer goroutine (idle)trace reader (blocked)trace: alloc too largewirep: invalid p state) must be a power , xrefs: 00FDDD75
  • nwait > work.nprocspanic during mallocpanic during panicpanic holding lockspanicwrap: no ( in panicwrap: no ) in reflect.Value.Fieldreflect.Value.Floatreflect.Value.Indexreflect.Value.IsNilreflect.Value.Sliceruntime: g0 stack [runtime: pcdata is runtime: pree, xrefs: 00FDDDCF
  • work.nproc= work.nwait= , gp->status=, not pointer-byte block (3814697265625CertOpenStoreFindNextFileWFreeAddrInfoWGC sweep waitGunjala_GondiMapViewOfFileMasaram_GondiMende_KikakuiOld_HungarianRegDeleteKeyWRegEnumKeyExWRegEnumValueWRegOpenKeyExWVirtualUnlock, xrefs: 00FDDD1E, 00FDDD9B
Memory Dump Source
  • Source File: 00000000.00000002.2124398066.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
  • Associated: 00000000.00000002.2124322813.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124524807.000000000106C000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124663432.0000000001119000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124706630.000000000111D000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124743435.000000000111E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124784032.000000000111F000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124824878.0000000001128000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124851517.0000000001129000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000112D000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000115A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001175000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.0000000001178000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.000000000119F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125192678.00000000011F9000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125246417.00000000011FA000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_fc0000_main.jbxd
Similarity
  • API ID:
  • String ID: work.nproc= work.nwait= , gp->status=, not pointer-byte block (3814697265625CertOpenStoreFindNextFileWFreeAddrInfoWGC sweep waitGunjala_GondiMapViewOfFileMasaram_GondiMende_KikakuiOld_HungarianRegDeleteKeyWRegEnumKeyExWRegEnumValueWRegOpenKeyExWVirtualUnlock$nwait > work.nprocspanic during mallocpanic during panicpanic holding lockspanicwrap: no ( in panicwrap: no ) in reflect.Value.Fieldreflect.Value.Floatreflect.Value.Indexreflect.Value.IsNilreflect.Value.Sliceruntime: g0 stack [runtime: pcdata is runtime: pree$runtime: work.nwait = runtime:scanstack: gp=s.freeindex > s.nelemsscanstack - bad statussend on closed channelspan has no free spacestack not a power of 2timer goroutine (idle)trace reader (blocked)trace: alloc too largewirep: invalid p state) must be a power $runtime: work.nwait= stale NFS file handlestartlockedm: m has pstartm: m is spinningstate not recoverabletimer data corruption/lib/time/zoneinfo.zip4656612873077392578125Aleutian Standard TimeAtlantic Standard TimeCaucasus Standard TimeConvertSidToStringSidWCo$work.nwait > work.nproc116415321826934814453125582076609134674072265625Azerbaijan Standard TimeBangladesh Standard TimeCape Verde Standard TimeCertFreeCertificateChainCreateToolhelp32SnapshotGetUserProfileDirectoryWMagallanes Standard TimeMontevideo Standard T
  • API String ID: 0-1415487120
  • Opcode ID: 106f523c637c36d3267554605edb0b147da271c93dc7caeb4389740851b88f9f
  • Instruction ID: d15e4c8f7b3b7753f1567d2fe4f77684cdc2d9491a7f61166f2639277615cc4b
  • Opcode Fuzzy Hash: 106f523c637c36d3267554605edb0b147da271c93dc7caeb4389740851b88f9f
  • Instruction Fuzzy Hash: 3D812732219B448ADB00AF14F8803AAB7B5F784B94F548166EBCD87769DFBCC456DB00
Strings
  • bad sweepgen in refillcall not at safe pointcannot allocate memoryduplicated defer entryfreeIndex is not validgetenv before env initheadTailIndex overflowinteger divide by zerointerface conversion: kernel32.dll not foundminpc or maxpc invalidnetwork is unreach, xrefs: 00FD6037
  • (, xrefs: 00FD605B
  • out of memoryruntime: seq=runtime: val=srmount errortimer expiredtraceStackTabtriggerRatio=value method xadd64 failedxchg64 failed}sched={pc: but progSize nmidlelocked= on zero Value out of range procedure in to finalizer untyped args -thread limit19073, xrefs: 00FD601E
  • span has no free spacestack not a power of 2timer goroutine (idle)trace reader (blocked)trace: alloc too largewirep: invalid p state) must be a power of 223283064365386962890625<invalid reflect.Value>Argentina Standard TimeAstrakhan Standard TimeCertGetCertif, xrefs: 00FD6005
  • refill of span with free space remainingreflect.Value.SetBytes of non-byte slicereflect.Value.setRunes of non-rune slicereflect: FieldByName of non-struct type runtime.SetFinalizer: first argument is runtime.preemptM: duplicatehandle failedruntime: out of memo, xrefs: 00FD6050
Memory Dump Source
  • Source File: 00000000.00000002.2124398066.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
  • Associated: 00000000.00000002.2124322813.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124524807.000000000106C000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124663432.0000000001119000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124706630.000000000111D000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124743435.000000000111E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124784032.000000000111F000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124824878.0000000001128000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124851517.0000000001129000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000112D000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000115A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001175000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.0000000001178000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.000000000119F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125192678.00000000011F9000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125246417.00000000011FA000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_fc0000_main.jbxd
Similarity
  • API ID:
  • String ID: ($bad sweepgen in refillcall not at safe pointcannot allocate memoryduplicated defer entryfreeIndex is not validgetenv before env initheadTailIndex overflowinteger divide by zerointerface conversion: kernel32.dll not foundminpc or maxpc invalidnetwork is unreach$out of memoryruntime: seq=runtime: val=srmount errortimer expiredtraceStackTabtriggerRatio=value method xadd64 failedxchg64 failed}sched={pc: but progSize nmidlelocked= on zero Value out of range procedure in to finalizer untyped args -thread limit19073$refill of span with free space remainingreflect.Value.SetBytes of non-byte slicereflect.Value.setRunes of non-rune slicereflect: FieldByName of non-struct type runtime.SetFinalizer: first argument is runtime.preemptM: duplicatehandle failedruntime: out of memo$span has no free spacestack not a power of 2timer goroutine (idle)trace reader (blocked)trace: alloc too largewirep: invalid p state) must be a power of 223283064365386962890625<invalid reflect.Value>Argentina Standard TimeAstrakhan Standard TimeCertGetCertif
  • API String ID: 0-367105269
  • Opcode ID: 15d6c01e66a8dd5f675c7459e97f9ede2a69ecf3b80c53238c43c5aedbed8b27
  • Instruction ID: ec470cda471a39058b3226b42ce1568098f4e8585fc507a0f0dd95093cbd4d19
  • Opcode Fuzzy Hash: 15d6c01e66a8dd5f675c7459e97f9ede2a69ecf3b80c53238c43c5aedbed8b27
  • Instruction Fuzzy Hash: EF713772209F8085DB049F05E4903AABB75F784BA4F888112EBDD47BA9DF7CC595DB00
Strings
  • (scan) MB in Value> allocs dying= locks= m->g0= nmsys= s=nil zombie, goid=, j0 = 19531259765625AvestanBengaliBrailleChanDirCopySidCypriotDeseretElbasanElymaicGODEBUGGranthaHanunooIO waitKannadaMakasarMandaicMarchenMultaniMyanmarOsmanyaRadicalSharadaShavianS, xrefs: 01018725
  • goroutine invalidptrmSpanInUsenotifyListowner diedruntime: gs.state = schedtracesemacquiresetsockoptstackLargeticks.locktracefree(tracegc()unknown pcws2_32.dll of size (targetpc= KiB work, freeindex= gcwaiting= heap_live= idleprocs= in status mallocing= , xrefs: 010185F3
  • minutes nalloc= newval= nfreed= packed= pointer stack=[ status 48828125AcceptExArmenianBalineseBopomofoBugineseCancelIoCherokeeCyrillicDuployanEthiopicExtenderGeorgianGoStringGujaratiGurmukhiHiraganaJavaneseKatakanaKayah_LiLinear_ALinear_BMahajaniOl_ChikiPhag, xrefs: 010186F8
  • [%v(") )(), ->25: > CcCfCoCsLlLmLoLtLuMcMeMnNdNlNoPcPdPePfPiPoPsScSkSmSoYiZlZpZs")" ][]i)msnss us} G M P ) *( - < > m= n=%: +00+01+03+04+05+06+07+08+09+10+11+12+13+14-01-02-03-04-05-06-08-09-11-12125625???ADTASTBSTCATCDTCETCSTEATEDTEETEOFESTGMTHDT, xrefs: 0101861A
  • unknown wait reasonwinmm.dll not found markroot jobs done to unallocated span37252902984619140625Arabic Standard TimeAzores Standard TimeCertOpenSystemStoreWCreateProcessAsUserWCryptAcquireContextWEgyptian_HieroglyphsGetAcceptExSockaddrsGetAdaptersAddressesGe, xrefs: 010185B2
Memory Dump Source
  • Source File: 00000000.00000002.2124398066.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
  • Associated: 00000000.00000002.2124322813.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124524807.000000000106C000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124663432.0000000001119000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124706630.000000000111D000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124743435.000000000111E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124784032.000000000111F000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124824878.0000000001128000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124851517.0000000001129000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000112D000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000115A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001175000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.0000000001178000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.000000000119F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125192678.00000000011F9000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125246417.00000000011FA000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_fc0000_main.jbxd
Similarity
  • API ID:
  • String ID: (scan) MB in Value> allocs dying= locks= m->g0= nmsys= s=nil zombie, goid=, j0 = 19531259765625AvestanBengaliBrailleChanDirCopySidCypriotDeseretElbasanElymaicGODEBUGGranthaHanunooIO waitKannadaMakasarMandaicMarchenMultaniMyanmarOsmanyaRadicalSharadaShavianS$ [%v(") )(), ->25: > CcCfCoCsLlLmLoLtLuMcMeMnNdNlNoPcPdPePfPiPoPsScSkSmSoYiZlZpZs")" ][]i)msnss us} G M P ) *( - < > m= n=%: +00+01+03+04+05+06+07+08+09+10+11+12+13+14-01-02-03-04-05-06-08-09-11-12125625???ADTASTBSTCATCDTCETCSTEATEDTEETEOFESTGMTHDT$ minutes nalloc= newval= nfreed= packed= pointer stack=[ status 48828125AcceptExArmenianBalineseBopomofoBugineseCancelIoCherokeeCyrillicDuployanEthiopicExtenderGeorgianGoStringGujaratiGurmukhiHiraganaJavaneseKatakanaKayah_LiLinear_ALinear_BMahajaniOl_ChikiPhag$goroutine invalidptrmSpanInUsenotifyListowner diedruntime: gs.state = schedtracesemacquiresetsockoptstackLargeticks.locktracefree(tracegc()unknown pcws2_32.dll of size (targetpc= KiB work, freeindex= gcwaiting= heap_live= idleprocs= in status mallocing= $unknown wait reasonwinmm.dll not found markroot jobs done to unallocated span37252902984619140625Arabic Standard TimeAzores Standard TimeCertOpenSystemStoreWCreateProcessAsUserWCryptAcquireContextWEgyptian_HieroglyphsGetAcceptExSockaddrsGetAdaptersAddressesGe
  • API String ID: 0-2366872059
  • Opcode ID: c8958ed0fe3a04d02906a490551856ac8951951dfa326ada60c35f24796fcb8c
  • Instruction ID: 12d7e906103500c112f83735f7810a9f69d538ddc5cbc66c1c9a5edcde5bf743
  • Opcode Fuzzy Hash: c8958ed0fe3a04d02906a490551856ac8951951dfa326ada60c35f24796fcb8c
  • Instruction Fuzzy Hash: 80515A36208B4585DB04AB15F8853AEB7A4FB48784F548066EBCE43B6DDF3CD285CB01
Strings
  • defersc= in use) lockedg= lockedm= m->curg= marked ms cpu, not in [ runtime= s.limit= s.state= threads= u_a/u_g= unmarked wbuf1.n= wbuf2.n=(unknown), newval=, oldval=, size = , tail = 244140625: status=Bassa_VahBhaiksukiCuneiformDiacriticFindCloseHex_Digi, xrefs: 00FF40A5
  • siz= tab= top= u_a= u_g=+0330+0430+0530+0545+0630+0845+1030+1245+1345, ..., fp:-09301562578125<nil>AdlamBamumBatakBuhidDograErrorGreekKhmerLatinLimbuNushuOghamOriyaOsageRunicSTermTakriTamil] = (arrayclosedeferfalsefaultgFreegcinggscanhchaninit int16int32int64, xrefs: 00FF407A
  • bad defer size class: i=bypassed recovery failedcan't scan our own stackconnection reset by peerdouble traceGCSweepStartfunction not implementedgcDrainN phase incorrecthash of unhashable type initSpan: unaligned baselevel 2 not synchronizedlink number out of r, xrefs: 00FF4053
  • !"#$%%&&''((()))*++,,,,,------....//////0001123333333333444444444455666677777888888888889999999999::::::;;;;;;;;;;;;;;;;<<<<<<<<<<<<<<<<=====>>>>>>>>>>>??????????@@@@@@@@@@@@@@@@@@@@@@AAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC, xrefs: 00FF3FAD
  • bad defer size classbad font file formatbad system page sizebad use of bucket.bpbad use of bucket.mpchan send (nil chan)close of nil channelconnection timed outdodeltimer0: wrong Pfloating point errorforcegc: phase errorgc_trigger underflowgo of nil func value, xrefs: 00FF40D6
Memory Dump Source
  • Source File: 00000000.00000002.2124398066.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
  • Associated: 00000000.00000002.2124322813.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124524807.000000000106C000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124663432.0000000001119000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124706630.000000000111D000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124743435.000000000111E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124784032.000000000111F000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124824878.0000000001128000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124851517.0000000001129000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000112D000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000115A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001175000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.0000000001178000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.000000000119F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125192678.00000000011F9000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125246417.00000000011FA000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_fc0000_main.jbxd
Similarity
  • API ID:
  • String ID: !"#$%%&&''((()))*++,,,,,------....//////0001123333333333444444444455666677777888888888889999999999::::::;;;;;;;;;;;;;;;;<<<<<<<<<<<<<<<<=====>>>>>>>>>>>??????????@@@@@@@@@@@@@@@@@@@@@@AAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC$ defersc= in use) lockedg= lockedm= m->curg= marked ms cpu, not in [ runtime= s.limit= s.state= threads= u_a/u_g= unmarked wbuf1.n= wbuf2.n=(unknown), newval=, oldval=, size = , tail = 244140625: status=Bassa_VahBhaiksukiCuneiformDiacriticFindCloseHex_Digi$ siz= tab= top= u_a= u_g=+0330+0430+0530+0545+0630+0845+1030+1245+1345, ..., fp:-09301562578125<nil>AdlamBamumBatakBuhidDograErrorGreekKhmerLatinLimbuNushuOghamOriyaOsageRunicSTermTakriTamil] = (arrayclosedeferfalsefaultgFreegcinggscanhchaninit int16int32int64$bad defer size class: i=bypassed recovery failedcan't scan our own stackconnection reset by peerdouble traceGCSweepStartfunction not implementedgcDrainN phase incorrecthash of unhashable type initSpan: unaligned baselevel 2 not synchronizedlink number out of r$bad defer size classbad font file formatbad system page sizebad use of bucket.bpbad use of bucket.mpchan send (nil chan)close of nil channelconnection timed outdodeltimer0: wrong Pfloating point errorforcegc: phase errorgc_trigger underflowgo of nil func value
  • API String ID: 0-3607043156
  • Opcode ID: a9f73bfca8b8bbc130734ab6738a03e769dc3368acb9d720d3f00a590ecc1872
  • Instruction ID: 118eb55af5a540392a8a3c5653ae61ceed652166b719c2dfc1e92f133d6c51b4
  • Opcode Fuzzy Hash: a9f73bfca8b8bbc130734ab6738a03e769dc3368acb9d720d3f00a590ecc1872
  • Instruction Fuzzy Hash: A0519172608B4995DA04DB10E8403BEB361FB95390F948621E79E03BB8EF7CD645EB50
Strings
  • pacer: assist ratio=preempt off reason: reflect.makeFuncStubruntime: double waitruntime: unknown pc semaRoot rotateRighttime: invalid numbertrace: out of memorywirep: already in goworkbuf is not emptywrite of Go pointer ws2_32.dll not found of unexported metho, xrefs: 00FD8DF1
  • +-./5:<=?CLMNPSUZ[\]`hms + @ P [%v(") )(), ->25: > CcCfCoCsLlLmLoLtLuMcMeMnNdNlNoPcPdPePfPiPoPsScSkSmSoYiZlZpZs")" ][]i)msnss us} G M P ) *( - < > m= n=%: +00+01+03+04+05+06+07+08+09+10+11+12+13+14-01-02-03-04-05-06-08-09-11-12125625???ADTASTBSTCAT, xrefs: 00FD8EC5
  • (scan (scan) MB in Value> allocs dying= locks= m->g0= nmsys= s=nil zombie, goid=, j0 = 19531259765625AvestanBengaliBrailleChanDirCopySidCypriotDeseretElbasanElymaicGODEBUGGranthaHanunooIO waitKannadaMakasarMandaicMarchenMultaniMyanmarOsmanyaRadicalSharadaS, xrefs: 00FD8E18
  • ->25: > CcCfCoCsLlLmLoLtLuMcMeMnNdNlNoPcPdPePfPiPoPsScSkSmSoYiZlZpZs")" ][]i)msnss us} G M P ) *( - < > m= n=%: +00+01+03+04+05+06+07+08+09+10+11+12+13+14-01-02-03-04-05-06-08-09-11-12125625???ADTASTBSTCATCDTCETCSTEATEDTEETEOFESTGMTHDTHSTHanIDTISTJS, xrefs: 00FD8E70
  • MB) workers= called from flushedWork heap_marked= idlethreads= is nil, not nStackRoots= s.spanclass= span.base()= syscalltick= work.nproc= work.nwait= , gp->status=, not pointer-byte block (3814697265625CertOpenStoreFindNextFileWFreeAddrInfoWGC sweep wait, xrefs: 00FD8E9B
Memory Dump Source
  • Source File: 00000000.00000002.2124398066.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
  • Associated: 00000000.00000002.2124322813.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124524807.000000000106C000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124663432.0000000001119000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124706630.000000000111D000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124743435.000000000111E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124784032.000000000111F000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124824878.0000000001128000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124851517.0000000001129000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000112D000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000115A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001175000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.0000000001178000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.000000000119F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125192678.00000000011F9000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125246417.00000000011FA000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_fc0000_main.jbxd
Similarity
  • API ID:
  • String ID: (scan (scan) MB in Value> allocs dying= locks= m->g0= nmsys= s=nil zombie, goid=, j0 = 19531259765625AvestanBengaliBrailleChanDirCopySidCypriotDeseretElbasanElymaicGODEBUGGranthaHanunooIO waitKannadaMakasarMandaicMarchenMultaniMyanmarOsmanyaRadicalSharadaS$ MB) workers= called from flushedWork heap_marked= idlethreads= is nil, not nStackRoots= s.spanclass= span.base()= syscalltick= work.nproc= work.nwait= , gp->status=, not pointer-byte block (3814697265625CertOpenStoreFindNextFileWFreeAddrInfoWGC sweep wait$+-./5:<=?CLMNPSUZ[\]`hms + @ P [%v(") )(), ->25: > CcCfCoCsLlLmLoLtLuMcMeMnNdNlNoPcPdPePfPiPoPsScSkSmSoYiZlZpZs")" ][]i)msnss us} G M P ) *( - < > m= n=%: +00+01+03+04+05+06+07+08+09+10+11+12+13+14-01-02-03-04-05-06-08-09-11-12125625???ADTASTBSTCAT$->25: > CcCfCoCsLlLmLoLtLuMcMeMnNdNlNoPcPdPePfPiPoPsScSkSmSoYiZlZpZs")" ][]i)msnss us} G M P ) *( - < > m= n=%: +00+01+03+04+05+06+07+08+09+10+11+12+13+14-01-02-03-04-05-06-08-09-11-12125625???ADTASTBSTCATCDTCETCSTEATEDTEETEOFESTGMTHDTHSTHanIDTISTJS$pacer: assist ratio=preempt off reason: reflect.makeFuncStubruntime: double waitruntime: unknown pc semaRoot rotateRighttime: invalid numbertrace: out of memorywirep: already in goworkbuf is not emptywrite of Go pointer ws2_32.dll not found of unexported metho
  • API String ID: 0-1868380716
  • Opcode ID: c5779dc82f37ebecdfb81727ec4554772246755ef8dcb4454b3fecdadd9f02e3
  • Instruction ID: b71efe4b15b11dfe4623eb6cdf02cfdac31008c82b89fad74ede4e8351216df0
  • Opcode Fuzzy Hash: c5779dc82f37ebecdfb81727ec4554772246755ef8dcb4454b3fecdadd9f02e3
  • Instruction Fuzzy Hash: 0D516A3250DF4889DA01EF25F88136AB769FB957C0F118256AA8E1776ACF3CC092D700
Strings
  • wwwwwwww, xrefs: 00FE1BF2
  • wwwwwwww, xrefs: 00FE1C04
  • bad m valuebad messagebad timedivbroken pipecgocall nilclobberfreeclosesocketcreated by crypt32.dllfile existsfinal tokenfloat32nan2float64nan1float64nan2float64nan3gccheckmarkgetpeernamegetsocknamei/o timeoutmSpanManualmethodargs(mswsock.dllnetpollInitreflect, xrefs: 00FE1D06
  • UUUUUUUU, xrefs: 00FE1B91
  • UUUUUUUU, xrefs: 00FE1BA3
Memory Dump Source
  • Source File: 00000000.00000002.2124398066.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
  • Associated: 00000000.00000002.2124322813.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124524807.000000000106C000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124663432.0000000001119000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124706630.000000000111D000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124743435.000000000111E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124784032.000000000111F000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124824878.0000000001128000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124851517.0000000001129000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000112D000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000115A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001175000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.0000000001178000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.000000000119F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125192678.00000000011F9000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125246417.00000000011FA000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_fc0000_main.jbxd
Similarity
  • API ID:
  • String ID: UUUUUUUU$UUUUUUUU$bad m valuebad messagebad timedivbroken pipecgocall nilclobberfreeclosesocketcreated by crypt32.dllfile existsfinal tokenfloat32nan2float64nan1float64nan2float64nan3gccheckmarkgetpeernamegetsocknamei/o timeoutmSpanManualmethodargs(mswsock.dllnetpollInitreflect$wwwwwwww$wwwwwwww
  • API String ID: 0-208185014
  • Opcode ID: f54e6822e7e3d266965963304868b69099293e9b653cd9f1a8af853468a7af10
  • Instruction ID: a79be13eafc305ed883efca7b17af1b6db40a3bf0cf45215d134a5306b129f7e
  • Opcode Fuzzy Hash: f54e6822e7e3d266965963304868b69099293e9b653cd9f1a8af853468a7af10
  • Instruction Fuzzy Hash: B131A6BAF54AA081EB204B17942035AA2D1F359BF0F54D771EE7D5FB9CDA24C8435680
Strings
  • #, xrefs: 00FEEA3A
  • fully empty unfreed span set block found in resetinvalid memory address or nil pointer dereferenceinvalid or incomplete multibyte or wide characterpanicwrap: unexpected string after package name: reflect.Value.Slice: slice of unaddressable arrayruntime: unexpe, xrefs: 00FEE990
  • span set block with unpopped elements found in resetcompileCallback: argument size is larger than uintptrfunction symbol table not sorted by program counter: reflect.Value.Slice: string slice index out of boundsreflect: non-interface type passed to Type.Implem, xrefs: 00FEE9A9
  • attempt to clear non-empty span setfile type does not support deadlinefindfunc: bad findfunctab entry idxfindrunnable: netpoll with spinninggreyobject: obj not pointer-alignedmheap.freeSpanLocked - invalid freenetwork dropped connection on resetpersistentalloc, xrefs: 00FEEA2F
  • , tail = 244140625: status=Bassa_VahBhaiksukiCuneiformDiacriticFindCloseHex_DigitInheritedInterfaceKhudawadiLocalFreeMalayalamMongolianMoveFileWNabataeanPalmyreneSamaritanSundaneseWSASendToWriteFileatomicor8bad indirbad prunechan sendcomplex64copystackctxt != , xrefs: 00FEE9FB
Memory Dump Source
  • Source File: 00000000.00000002.2124398066.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
  • Associated: 00000000.00000002.2124322813.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124524807.000000000106C000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124663432.0000000001119000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124706630.000000000111D000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124743435.000000000111E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124784032.000000000111F000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124824878.0000000001128000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124851517.0000000001129000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000112D000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000115A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001175000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.0000000001178000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.000000000119F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125192678.00000000011F9000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125246417.00000000011FA000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_fc0000_main.jbxd
Similarity
  • API ID:
  • String ID: #$, tail = 244140625: status=Bassa_VahBhaiksukiCuneiformDiacriticFindCloseHex_DigitInheritedInterfaceKhudawadiLocalFreeMalayalamMongolianMoveFileWNabataeanPalmyreneSamaritanSundaneseWSASendToWriteFileatomicor8bad indirbad prunechan sendcomplex64copystackctxt != $attempt to clear non-empty span setfile type does not support deadlinefindfunc: bad findfunctab entry idxfindrunnable: netpoll with spinninggreyobject: obj not pointer-alignedmheap.freeSpanLocked - invalid freenetwork dropped connection on resetpersistentalloc$fully empty unfreed span set block found in resetinvalid memory address or nil pointer dereferenceinvalid or incomplete multibyte or wide characterpanicwrap: unexpected string after package name: reflect.Value.Slice: slice of unaddressable arrayruntime: unexpe$span set block with unpopped elements found in resetcompileCallback: argument size is larger than uintptrfunction symbol table not sorted by program counter: reflect.Value.Slice: string slice index out of boundsreflect: non-interface type passed to Type.Implem
  • API String ID: 0-1103185271
  • Opcode ID: 47d54ff4bb96ba0c90633cb7eee4681163665404a4bc26ccc5bba3bd3b4aadf8
  • Instruction ID: 8e6194fd8701d4e13639827a9dcaaa581b5eaae60ae8bc906e8c3f0b41799582
  • Opcode Fuzzy Hash: 47d54ff4bb96ba0c90633cb7eee4681163665404a4bc26ccc5bba3bd3b4aadf8
  • Instruction Fuzzy Hash: F9313536609B4589DB00EB11F89136EB7A8FB88780F508965EBCC8372ADF7CC190DB40
Strings
  • already; errno= mheap.sweepgen= not in ranges: untyped locals , not a function0123456789ABCDEF0123456789abcdef2384185791015625CreateDirectoryWDnsNameCompare_WDuplicateTokenExFlushFileBuffersGC scavenge waitGC worker (idle)GODEBUG: value "GetComputerNameWGetC, xrefs: 00FF22D6
  • ., xrefs: 00FF22B5
  • ), ->25: > CcCfCoCsLlLmLoLtLuMcMeMnNdNlNoPcPdPePfPiPoPsScSkSmSoYiZlZpZs")" ][]i)msnss us} G M P ) *( - < > m= n=%: +00+01+03+04+05+06+07+08+09+10+11+12+13+14-01-02-03-04-05-06-08-09-11-12125625???ADTASTBSTCATCDTCETCSTEATEDTEETEOFESTGMTHDTHSTHanIDTI, xrefs: 00FF22FD
  • runtime.newosprocruntime/internal/runtime: level = runtime: nameOff runtime: next_gc=runtime: pointer runtime: summary[runtime: textOff runtime: typeOff scanobject n == 0select (no cases)stack: frame={sp:swept cached spanthread exhaustionunknown caller pcwait , xrefs: 00FF231B
  • runtime: failed to create new OS thread (have runtime: name offset base pointer out of rangeruntime: panic before malloc heap initializedruntime: text offset base pointer out of rangeruntime: type offset base pointer out of rangesignal arrived during external, xrefs: 00FF22AA
Memory Dump Source
  • Source File: 00000000.00000002.2124398066.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
  • Associated: 00000000.00000002.2124322813.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124524807.000000000106C000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124663432.0000000001119000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124706630.000000000111D000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124743435.000000000111E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124784032.000000000111F000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124824878.0000000001128000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124851517.0000000001129000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000112D000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000115A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001175000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.0000000001178000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.000000000119F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125192678.00000000011F9000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125246417.00000000011FA000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_fc0000_main.jbxd
Similarity
  • API ID:
  • String ID: already; errno= mheap.sweepgen= not in ranges: untyped locals , not a function0123456789ABCDEF0123456789abcdef2384185791015625CreateDirectoryWDnsNameCompare_WDuplicateTokenExFlushFileBuffersGC scavenge waitGC worker (idle)GODEBUG: value "GetComputerNameWGetC$), ->25: > CcCfCoCsLlLmLoLtLuMcMeMnNdNlNoPcPdPePfPiPoPsScSkSmSoYiZlZpZs")" ][]i)msnss us} G M P ) *( - < > m= n=%: +00+01+03+04+05+06+07+08+09+10+11+12+13+14-01-02-03-04-05-06-08-09-11-12125625???ADTASTBSTCATCDTCETCSTEATEDTEETEOFESTGMTHDTHSTHanIDTI$.$runtime.newosprocruntime/internal/runtime: level = runtime: nameOff runtime: next_gc=runtime: pointer runtime: summary[runtime: textOff runtime: typeOff scanobject n == 0select (no cases)stack: frame={sp:swept cached spanthread exhaustionunknown caller pcwait $runtime: failed to create new OS thread (have runtime: name offset base pointer out of rangeruntime: panic before malloc heap initializedruntime: text offset base pointer out of rangeruntime: type offset base pointer out of rangesignal arrived during external
  • API String ID: 0-1442797115
  • Opcode ID: 68460b74ab3d3099b5050908574cbb0fa48d3ab9a59bbdc9430212e3b32c33d8
  • Instruction ID: 765d6fa8d62b4c3eaff287649251d543061d33f6bbd3b760fe1c4ae4fbc50e5d
  • Opcode Fuzzy Hash: 68460b74ab3d3099b5050908574cbb0fa48d3ab9a59bbdc9430212e3b32c33d8
  • Instruction Fuzzy Hash: 3D31D436619F4995DA00AF54F8853AAB3B8FB89780F518155EBCC43B69EF7CC194DB00
Strings
  • runtime: summary[runtime: textOff runtime: typeOff scanobject n == 0select (no cases)stack: frame={sp:swept cached spanthread exhaustionunknown caller pcwait for GC cyclewrong medium type but memory size because dotdotdot to non-Go memory , locked to thread2, xrefs: 00FE9C4F
  • ), ->25: > CcCfCoCsLlLmLoLtLuMcMeMnNdNlNoPcPdPePfPiPoPsScSkSmSoYiZlZpZs")" ][]i)msnss us} G M P ) *( - < > m= n=%: +00+01+03+04+05+06+07+08+09+10+11+12+13+14-01-02-03-04-05-06-08-09-11-12125625???ADTASTBSTCATCDTCETCSTEATEDTEETEOFESTGMTHDTHSTHanIDTI, xrefs: 00FE9D25
  • ] = (arrayclosedeferfalsefaultgFreegcinggscanhchaninit int16int32int64mheapntohspanicscav schedsleepslicesse41sse42ssse3sudogsweeptraceuint8usagewrite Value addr= alloc base code= ctxt: curg= free goid jobs= list= m->p= next= p->m= prev= span=% util(...), , xrefs: 00FE9CAF
  • ][]i)msnss us} G M P ) *( - < > m= n=%: +00+01+03+04+05+06+07+08+09+10+11+12+13+14-01-02-03-04-05-06-08-09-11-12125625???ADTASTBSTCATCDTCETCSTEATEDTEETEOFESTGMTHDTHSTHanIDTISTJSTKSTLaoMDTMSKMSTMroNDTNSTNaNNkoPC=PDTPKTPSTUTCVaiWAT]:adxaesavxendfinfmag, xrefs: 00FE9C79
  • , ->25: > CcCfCoCsLlLmLoLtLuMcMeMnNdNlNoPcPdPePfPiPoPsScSkSmSoYiZlZpZs")" ][]i)msnss us} G M P ) *( - < > m= n=%: +00+01+03+04+05+06+07+08+09+10+11+12+13+14-01-02-03-04-05-06-08-09-11-12125625???ADTASTBSTCATCDTCETCSTEATEDTEETEOFESTGMTHDTHSTHanIDTIST, xrefs: 00FE9CD6, 00FE9CFD
Memory Dump Source
  • Source File: 00000000.00000002.2124398066.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
  • Associated: 00000000.00000002.2124322813.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124524807.000000000106C000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124663432.0000000001119000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124706630.000000000111D000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124743435.000000000111E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124784032.000000000111F000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124824878.0000000001128000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124851517.0000000001129000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000112D000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000115A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001175000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.0000000001178000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.000000000119F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125192678.00000000011F9000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125246417.00000000011FA000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_fc0000_main.jbxd
Similarity
  • API ID:
  • String ID: ), ->25: > CcCfCoCsLlLmLoLtLuMcMeMnNdNlNoPcPdPePfPiPoPsScSkSmSoYiZlZpZs")" ][]i)msnss us} G M P ) *( - < > m= n=%: +00+01+03+04+05+06+07+08+09+10+11+12+13+14-01-02-03-04-05-06-08-09-11-12125625???ADTASTBSTCATCDTCETCSTEATEDTEETEOFESTGMTHDTHSTHanIDTI$, ->25: > CcCfCoCsLlLmLoLtLuMcMeMnNdNlNoPcPdPePfPiPoPsScSkSmSoYiZlZpZs")" ][]i)msnss us} G M P ) *( - < > m= n=%: +00+01+03+04+05+06+07+08+09+10+11+12+13+14-01-02-03-04-05-06-08-09-11-12125625???ADTASTBSTCATCDTCETCSTEATEDTEETEOFESTGMTHDTHSTHanIDTIST$] = (arrayclosedeferfalsefaultgFreegcinggscanhchaninit int16int32int64mheapntohspanicscav schedsleepslicesse41sse42ssse3sudogsweeptraceuint8usagewrite Value addr= alloc base code= ctxt: curg= free goid jobs= list= m->p= next= p->m= prev= span=% util(...), $][]i)msnss us} G M P ) *( - < > m= n=%: +00+01+03+04+05+06+07+08+09+10+11+12+13+14-01-02-03-04-05-06-08-09-11-12125625???ADTASTBSTCATCDTCETCSTEATEDTEETEOFESTGMTHDTHSTHanIDTISTJSTKSTLaoMDTMSKMSTMroNDTNSTNaNNkoPC=PDTPKTPSTUTCVaiWAT]:adxaesavxendfinfmag$runtime: summary[runtime: textOff runtime: typeOff scanobject n == 0select (no cases)stack: frame={sp:swept cached spanthread exhaustionunknown caller pcwait for GC cyclewrong medium type but memory size because dotdotdot to non-Go memory , locked to thread2
  • API String ID: 0-2303053659
  • Opcode ID: d9ea0693dc014fbf9e971c131c942fd1b63adf362229a8a52e1b17aca2c7e47d
  • Instruction ID: 14ca9a079630faf3733447d894408e78564ed59603f7721f260c508302c6dc8d
  • Opcode Fuzzy Hash: d9ea0693dc014fbf9e971c131c942fd1b63adf362229a8a52e1b17aca2c7e47d
  • Instruction Fuzzy Hash: 82310336219F9984DB50AF11F8853AAB3A9FB48784F408165EBCC07B6ADF7CC191DB50
Strings
  • runtime: p scheddetailsecur32.dllshell32.dllshort writetracealloc(unreachableuserenv.dll KiB total, [recovered] allocCount found at *( gcscandone m->gsignal= minTrigger= nDataRoots= nSpanRoots= pages/byte preemptoff= s.elemsize= s.sweepgen= span.limit= spa, xrefs: 00FDA685
  • p mcache not flushedpacer: assist ratio=preempt off reason: reflect.makeFuncStubruntime: double waitruntime: unknown pc semaRoot rotateRighttime: invalid numbertrace: out of memorywirep: already in goworkbuf is not emptywrite of Go pointer ws2_32.dll not found, xrefs: 00FDA705
  • != sweepgen MB) workers= called from flushedWork heap_marked= idlethreads= is nil, not nStackRoots= s.spanclass= span.base()= syscalltick= work.nproc= work.nwait= , gp->status=, not pointer-byte block (3814697265625CertOpenStoreFindNextFileWFreeAddrInfoW, xrefs: 00FDA6D4
  • flushGen gfreecnt= pages at runqsize= runqueue= s.base()= spinning= stopwait= sweepgen sweepgen= targetpc= throwing= until pc=, bound = , limit = /dev/stdin12207031256103515625Bad varintCancelIoExChorasmianCreatePipeDeprecatedDevanagariDnsQuery_WException , xrefs: 00FDA6AC
Memory Dump Source
  • Source File: 00000000.00000002.2124398066.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
  • Associated: 00000000.00000002.2124322813.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124524807.000000000106C000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124663432.0000000001119000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124706630.000000000111D000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124743435.000000000111E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124784032.000000000111F000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124824878.0000000001128000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124851517.0000000001129000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000112D000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000115A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001175000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.0000000001178000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.000000000119F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125192678.00000000011F9000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125246417.00000000011FA000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_fc0000_main.jbxd
Similarity
  • API ID:
  • String ID: != sweepgen MB) workers= called from flushedWork heap_marked= idlethreads= is nil, not nStackRoots= s.spanclass= span.base()= syscalltick= work.nproc= work.nwait= , gp->status=, not pointer-byte block (3814697265625CertOpenStoreFindNextFileWFreeAddrInfoW$ flushGen gfreecnt= pages at runqsize= runqueue= s.base()= spinning= stopwait= sweepgen sweepgen= targetpc= throwing= until pc=, bound = , limit = /dev/stdin12207031256103515625Bad varintCancelIoExChorasmianCreatePipeDeprecatedDevanagariDnsQuery_WException $p mcache not flushedpacer: assist ratio=preempt off reason: reflect.makeFuncStubruntime: double waitruntime: unknown pc semaRoot rotateRighttime: invalid numbertrace: out of memorywirep: already in goworkbuf is not emptywrite of Go pointer ws2_32.dll not found$runtime: p scheddetailsecur32.dllshell32.dllshort writetracealloc(unreachableuserenv.dll KiB total, [recovered] allocCount found at *( gcscandone m->gsignal= minTrigger= nDataRoots= nSpanRoots= pages/byte preemptoff= s.elemsize= s.sweepgen= span.limit= spa
  • API String ID: 0-1448921364
  • Opcode ID: ca304168dce0278cab33eff0bf5acae69395c7b6d66e6e6336d8082f4006fbb6
  • Instruction ID: 74fae4d604b5adbe137ae253d639b68477ed0b7b6ad2e3acda29033a90118578
  • Opcode Fuzzy Hash: ca304168dce0278cab33eff0bf5acae69395c7b6d66e6e6336d8082f4006fbb6
  • Instruction Fuzzy Hash: 38129B32609B40CAEB14DF24F8843A9B7B2F385760F688226DA9D437A4DF7DC485DB05
Strings
  • attempted to add zero-sized address rangecan't call pointer on a non-pointer ValuegcSweep being done but phase is not GCoffmheap.freeSpanLocked - invalid span statemheap.freeSpanLocked - invalid stack freeobjects added out of order or overlappingreflect: Field, xrefs: 00FEE16B
  • ), xrefs: 00FEE176
  • , ->25: > CcCfCoCsLlLmLoLtLuMcMeMnNdNlNoPcPdPePfPiPoPsScSkSmSoYiZlZpZs")" ][]i)msnss us} G M P ) *( - < > m= n=%: +00+01+03+04+05+06+07+08+09+10+11+12+13+14-01-02-03-04-05-06-08-09-11-12125625???ADTASTBSTCATCDTCETCSTEATEDTEETEOFESTGMTHDTHSTHanIDTIST, xrefs: 00FEE126
  • runtime: range = {streams pipe errorsystem page size (tracebackancestorsuse of closed filevalue out of range called using nil *, g->atomicstatus=, gp->atomicstatus=14901161193847656257450580596923828125Altai Standard TimeBahia Standard TimeCanadian_Aboriginal, xrefs: 00FEE0FF
Memory Dump Source
  • Source File: 00000000.00000002.2124398066.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
  • Associated: 00000000.00000002.2124322813.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124524807.000000000106C000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124663432.0000000001119000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124706630.000000000111D000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124743435.000000000111E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124784032.000000000111F000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124824878.0000000001128000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124851517.0000000001129000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000112D000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000115A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001175000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.0000000001178000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.000000000119F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125192678.00000000011F9000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125246417.00000000011FA000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_fc0000_main.jbxd
Similarity
  • API ID:
  • String ID: )$, ->25: > CcCfCoCsLlLmLoLtLuMcMeMnNdNlNoPcPdPePfPiPoPsScSkSmSoYiZlZpZs")" ][]i)msnss us} G M P ) *( - < > m= n=%: +00+01+03+04+05+06+07+08+09+10+11+12+13+14-01-02-03-04-05-06-08-09-11-12125625???ADTASTBSTCATCDTCETCSTEATEDTEETEOFESTGMTHDTHSTHanIDTIST$attempted to add zero-sized address rangecan't call pointer on a non-pointer ValuegcSweep being done but phase is not GCoffmheap.freeSpanLocked - invalid span statemheap.freeSpanLocked - invalid stack freeobjects added out of order or overlappingreflect: Field$runtime: range = {streams pipe errorsystem page size (tracebackancestorsuse of closed filevalue out of range called using nil *, g->atomicstatus=, gp->atomicstatus=14901161193847656257450580596923828125Altai Standard TimeBahia Standard TimeCanadian_Aboriginal
  • API String ID: 0-2922364691
  • Opcode ID: 42bda7d735250bb1b100488a76866723b4ba9416fbf998df22cc51904b468468
  • Instruction ID: c3b89afaf08ff6698702a935602c57b4b7717a9c1281b805eec6268a33f39996
  • Opcode Fuzzy Hash: 42bda7d735250bb1b100488a76866723b4ba9416fbf998df22cc51904b468468
  • Instruction Fuzzy Hash: 0BD14733609BD982CA009F66F4402AEB765F799BC4F548822EF8E17B28DF79D941D740
Strings
  • rax rbp rbx rcx rdi reflect.rflags rip rsi rsp runnableruntime.rwmutexRrwmutexWscavengeshutdowntraceBufunknown(wsaioctl (forced) -> node= blocked= defersc= in use) lockedg= lockedm= m->curg= marked ms cpu, not in [ runtime=, xrefs: 00FC6B1B
  • r10 r11 r12 r13 r14 r15 r8 r9 rax rbp rbx rcx rdi reflect.rflags rip rsi rsp runnableruntime.rwmutexRrwmutexWscavengeshutdowntraceBufunknown(wsaioctl (forced) -> node= blocked= defersc= in use), xrefs: 00FC6DA5
  • r8 r9 rax rbp rbx rcx rdi reflect.rflags rip rsi rsp runnableruntime.rwmutexRrwmutexWscavengeshutdowntraceBufunknown(wsaioctl (forced) -> node= blocked= defersc= in use) lockedg= lockedm= m->curg= marked ms cpu, n, xrefs: 00FC6D13
  • cs deadlockfs gs no anodepollDescr10 r11 r12 r13 r14 r15 r8 r9 rax rbp rbx rcx rdi reflect.rflags rip rsi rsp runnableruntime.rwmutexRrwmutexWscavengeshutdowntraceBufunknown(wsai, xrefs: 00FC6FDD
Memory Dump Source
  • Source File: 00000000.00000002.2124398066.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
  • Associated: 00000000.00000002.2124322813.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124524807.000000000106C000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124663432.0000000001119000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124706630.000000000111D000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124743435.000000000111E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124784032.000000000111F000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124824878.0000000001128000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124851517.0000000001129000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000112D000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000115A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001175000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.0000000001178000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.000000000119F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125192678.00000000011F9000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125246417.00000000011FA000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_fc0000_main.jbxd
Similarity
  • API ID:
  • String ID: cs deadlockfs gs no anodepollDescr10 r11 r12 r13 r14 r15 r8 r9 rax rbp rbx rcx rdi reflect.rflags rip rsi rsp runnableruntime.rwmutexRrwmutexWscavengeshutdowntraceBufunknown(wsai$r10 r11 r12 r13 r14 r15 r8 r9 rax rbp rbx rcx rdi reflect.rflags rip rsi rsp runnableruntime.rwmutexRrwmutexWscavengeshutdowntraceBufunknown(wsaioctl (forced) -> node= blocked= defersc= in use)$r8 r9 rax rbp rbx rcx rdi reflect.rflags rip rsi rsp runnableruntime.rwmutexRrwmutexWscavengeshutdowntraceBufunknown(wsaioctl (forced) -> node= blocked= defersc= in use) lockedg= lockedm= m->curg= marked ms cpu, n$rax rbp rbx rcx rdi reflect.rflags rip rsi rsp runnableruntime.rwmutexRrwmutexWscavengeshutdowntraceBufunknown(wsaioctl (forced) -> node= blocked= defersc= in use) lockedg= lockedm= m->curg= marked ms cpu, not in [ runtime=
  • API String ID: 0-2654104317
  • Opcode ID: 9d86f3e12434978c0a287eab4f97a2805650b4846f9c75a15b47469df9f54de2
  • Instruction ID: 20256b967d9e264b67443c26ea6478538824c6ad862567feca4447e2c81486ec
  • Opcode Fuzzy Hash: 9d86f3e12434978c0a287eab4f97a2805650b4846f9c75a15b47469df9f54de2
  • Instruction Fuzzy Hash: 8AD19E36619B4980CA40BB55F88636EB7A8FB84780F518461FBCD03B3ADE7CC195EB51
Strings
  • runtime: base = runtime: gp: gp=runtime: head = runtime: nelems=schedule: in cgotime: bad [0-9]*workbuf is empty initialHeapLive= spinningthreads=, p.searchAddr = 0123456789ABCDEFX0123456789abcdefx1192092895507812559604644775390625: missing method DnsRecordLis, xrefs: 00FEAFE5
  • sysGrow bounds not aligned to pallocChunkBytesP has cached GC work at end of mark terminationattempting to link in too many shared librariesbufio: reader returned negative count from Readracy sudog adjustment due to parking on channelruntime: CreateIoCompletio, xrefs: 00FEB045
  • , limit = /dev/stdin12207031256103515625Bad varintCancelIoExChorasmianCreatePipeDeprecatedDevanagariDnsQuery_WException GC forcedGOMAXPROCSGetIfEntryGetVersionGlagoliticKharoshthiLockFileExManichaeanOld_ItalicOld_PermicOld_TurkicOther_MathPhoenicianSaurashtra, xrefs: 00FEB00F
  • ., xrefs: 00FEB050
Memory Dump Source
  • Source File: 00000000.00000002.2124398066.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
  • Associated: 00000000.00000002.2124322813.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124524807.000000000106C000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124663432.0000000001119000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124706630.000000000111D000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124743435.000000000111E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124784032.000000000111F000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124824878.0000000001128000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124851517.0000000001129000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000112D000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000115A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001175000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.0000000001178000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.000000000119F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125192678.00000000011F9000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125246417.00000000011FA000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_fc0000_main.jbxd
Similarity
  • API ID:
  • String ID: , limit = /dev/stdin12207031256103515625Bad varintCancelIoExChorasmianCreatePipeDeprecatedDevanagariDnsQuery_WException GC forcedGOMAXPROCSGetIfEntryGetVersionGlagoliticKharoshthiLockFileExManichaeanOld_ItalicOld_PermicOld_TurkicOther_MathPhoenicianSaurashtra$.$runtime: base = runtime: gp: gp=runtime: head = runtime: nelems=schedule: in cgotime: bad [0-9]*workbuf is empty initialHeapLive= spinningthreads=, p.searchAddr = 0123456789ABCDEFX0123456789abcdefx1192092895507812559604644775390625: missing method DnsRecordLis$sysGrow bounds not aligned to pallocChunkBytesP has cached GC work at end of mark terminationattempting to link in too many shared librariesbufio: reader returned negative count from Readracy sudog adjustment due to parking on channelruntime: CreateIoCompletio
  • API String ID: 0-160988305
  • Opcode ID: a4c31f60ca8c91157831a1dd76214e84e5c640ee5961500394ffcfc4e36a9ff3
  • Instruction ID: 46fbbabd33c55efdb524a2a4c3e68f13efce1b83533eb67aa95a00a836a7e7a4
  • Opcode Fuzzy Hash: a4c31f60ca8c91157831a1dd76214e84e5c640ee5961500394ffcfc4e36a9ff3
  • Instruction Fuzzy Hash: CBB1FD36209BC485CA20DF16F8803AAB7A4F789B90F548526EBCD43B29DF3CD194DB40
Strings
  • self-preemptshort bufferspanSetSpinesweepWaiterstraceStringswirep: p->m=worker mode != sweepgen MB) workers= called from flushedWork heap_marked= idlethreads= is nil, not nStackRoots= s.spanclass= span.base()= syscalltick= work.nproc= work.nwait= , gp->s, xrefs: 00FF32EF
  • (, xrefs: 00FF32E1
  • runtime.preemptM: duplicatehandle failedruntime: out of memory: cannot allocate runtime: typeBitsBulkBarrier with type 34694469519536141888238489627838134765625MapIter.Next called on exhausted iteratorattempted to add zero-sized address rangecan't call pointe, xrefs: 00FF32D6
  • runtime.preemptM: duplicatehandle failed; errno=runtime: waitforsingleobject unexpected; result=runtime: waitforsingleobject wait_failed; errno=slice bounds out of range [:%x] with capacity %ystrconv: illegal AppendFloat/FormatFloat bitSizecasgstatus: waiting , xrefs: 00FF32A5
Memory Dump Source
  • Source File: 00000000.00000002.2124398066.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
  • Associated: 00000000.00000002.2124322813.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124524807.000000000106C000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124663432.0000000001119000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124706630.000000000111D000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124743435.000000000111E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124784032.000000000111F000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124824878.0000000001128000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124851517.0000000001129000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000112D000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000115A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001175000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.0000000001178000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.000000000119F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125192678.00000000011F9000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125246417.00000000011FA000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_fc0000_main.jbxd
Similarity
  • API ID:
  • String ID: ($runtime.preemptM: duplicatehandle failed; errno=runtime: waitforsingleobject unexpected; result=runtime: waitforsingleobject wait_failed; errno=slice bounds out of range [:%x] with capacity %ystrconv: illegal AppendFloat/FormatFloat bitSizecasgstatus: waiting $runtime.preemptM: duplicatehandle failedruntime: out of memory: cannot allocate runtime: typeBitsBulkBarrier with type 34694469519536141888238489627838134765625MapIter.Next called on exhausted iteratorattempted to add zero-sized address rangecan't call pointe$self-preemptshort bufferspanSetSpinesweepWaiterstraceStringswirep: p->m=worker mode != sweepgen MB) workers= called from flushedWork heap_marked= idlethreads= is nil, not nStackRoots= s.spanclass= span.base()= syscalltick= work.nproc= work.nwait= , gp->s
  • API String ID: 0-3195741968
  • Opcode ID: 3533f67db0086200a13db350d587dd743e37634ae149cdd66058c005b0c4f88f
  • Instruction ID: dd0647dbcbd45a975c38436ae69cf067274a20d6e8cf93e84a91dcab33f3a735
  • Opcode Fuzzy Hash: 3533f67db0086200a13db350d587dd743e37634ae149cdd66058c005b0c4f88f
  • Instruction Fuzzy Hash: FAB13936509F8485C750DB18F8913AEB7A4F789BA4F548125DBDC43BA9DF39C191DB00
Strings
  • min too largenil stackbaseout of memoryruntime: seq=runtime: val=srmount errortimer expiredtraceStackTabtriggerRatio=value method xadd64 failedxchg64 failed}sched={pc: but progSize nmidlelocked= on zero Value out of range procedure in to finalizer untype, xrefs: 00FE21EA
  • runtime: min = runtimer: bad pscan missed a gstartm: m has pstopm holding p already; errno= mheap.sweepgen= not in ranges: untyped locals , not a function0123456789ABCDEF0123456789abcdef2384185791015625CreateDirectoryWDnsNameCompare_WDuplicateTokenExFlushFile, xrefs: 00FE21B7, 00FE220A
  • min must be a non-zero power of 2misrounded allocation in sysAllocreflect.nameFrom: name too long: reflect: Field index out of rangereflect: NumOut of non-func type reflect: array index out of rangereflect: chanDir of non-chan typereflect: slice index out of r, xrefs: 00FE223D
  • !, xrefs: 00FE2248
Memory Dump Source
  • Source File: 00000000.00000002.2124398066.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
  • Associated: 00000000.00000002.2124322813.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124524807.000000000106C000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124663432.0000000001119000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124706630.000000000111D000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124743435.000000000111E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124784032.000000000111F000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124824878.0000000001128000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124851517.0000000001129000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000112D000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000115A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001175000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.0000000001178000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.000000000119F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125192678.00000000011F9000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125246417.00000000011FA000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_fc0000_main.jbxd
Similarity
  • API ID:
  • String ID: !$min must be a non-zero power of 2misrounded allocation in sysAllocreflect.nameFrom: name too long: reflect: Field index out of rangereflect: NumOut of non-func type reflect: array index out of rangereflect: chanDir of non-chan typereflect: slice index out of r$min too largenil stackbaseout of memoryruntime: seq=runtime: val=srmount errortimer expiredtraceStackTabtriggerRatio=value method xadd64 failedxchg64 failed}sched={pc: but progSize nmidlelocked= on zero Value out of range procedure in to finalizer untype$runtime: min = runtimer: bad pscan missed a gstartm: m has pstopm holding p already; errno= mheap.sweepgen= not in ranges: untyped locals , not a function0123456789ABCDEF0123456789abcdef2384185791015625CreateDirectoryWDnsNameCompare_WDuplicateTokenExFlushFile
  • API String ID: 0-2633873219
  • Opcode ID: acdf0b77e51952fe6446db1556d163b0f3788c962baa1bdbed74d6bd5540cdcc
  • Instruction ID: 1b8449e167eb55529d9b2c928bf6e803b775120deb7aaede93b713ab801f1513
  • Opcode Fuzzy Hash: acdf0b77e51952fe6446db1556d163b0f3788c962baa1bdbed74d6bd5540cdcc
  • Instruction Fuzzy Hash: 89918D32309B8581DE509F12E4403AEB765F789BE4F588622EB9E47BA8EF3CC155D700
Strings
  • nil stackbaseout of memoryruntime: seq=runtime: val=srmount errortimer expiredtraceStackTabtriggerRatio=value method xadd64 failedxchg64 failed}sched={pc: but progSize nmidlelocked= on zero Value out of range procedure in to finalizer untyped args -threa, xrefs: 0100B1BE
  • ', xrefs: 0100B1E2
  • stack growth not allowed in system callsuspendG from non-preemptible goroutinetransport endpoint is already connected13877787807814456755295395851135253906256938893903907228377647697925567626953125MapIter.Key called on exhausted iteratoraddress family not supp, xrefs: 0100B1D7
  • racy sudog adjustment due to parking on channelruntime: CreateIoCompletionPort failed (errno= slice bounds out of range [::%x] with length %yCreateWaitableTimerEx when creating timer failedbufio: writer returned negative count from Writecould not find GetSyste, xrefs: 0100B1A5
Memory Dump Source
  • Source File: 00000000.00000002.2124398066.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
  • Associated: 00000000.00000002.2124322813.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124524807.000000000106C000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124663432.0000000001119000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124706630.000000000111D000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124743435.000000000111E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124784032.000000000111F000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124824878.0000000001128000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124851517.0000000001129000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000112D000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000115A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001175000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.0000000001178000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.000000000119F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125192678.00000000011F9000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125246417.00000000011FA000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_fc0000_main.jbxd
Similarity
  • API ID:
  • String ID: '$nil stackbaseout of memoryruntime: seq=runtime: val=srmount errortimer expiredtraceStackTabtriggerRatio=value method xadd64 failedxchg64 failed}sched={pc: but progSize nmidlelocked= on zero Value out of range procedure in to finalizer untyped args -threa$racy sudog adjustment due to parking on channelruntime: CreateIoCompletionPort failed (errno= slice bounds out of range [::%x] with length %yCreateWaitableTimerEx when creating timer failedbufio: writer returned negative count from Writecould not find GetSyste$stack growth not allowed in system callsuspendG from non-preemptible goroutinetransport endpoint is already connected13877787807814456755295395851135253906256938893903907228377647697925567626953125MapIter.Key called on exhausted iteratoraddress family not supp
  • API String ID: 0-3163257253
  • Opcode ID: a955a6619eb2b58be6f680705da7f7b68cf0a1904ac2d78425da053f2cad61a6
  • Instruction ID: 3e9dcc70f15642eb72e18b5dc01a5358842b8b07b6f625f0aca83c492933ffba
  • Opcode Fuzzy Hash: a955a6619eb2b58be6f680705da7f7b68cf0a1904ac2d78425da053f2cad61a6
  • Instruction Fuzzy Hash: 89A1E476609B80C5DA61CF55F4803AEB7A5F789B94F948526EBDD83B98DF38C094CB00
Strings
  • runtime: netpoll failedruntime: s.allocCount= s.allocCount > s.nelemsschedule: holding locksshrinkstack at bad timespan has no free stacksstack growth after forksyntax error in patternsystem huge page size (work.nwait > work.nproc116415321826934814453125582076, xrefs: 00FEFF8A
  • ) *( - < > m= n=%: +00+01+03+04+05+06+07+08+09+10+11+12+13+14-01-02-03-04-05-06-08-09-11-12125625???ADTASTBSTCATCDTCETCSTEATEDTEETEOFESTGMTHDTHSTHanIDTISTJSTKSTLaoMDTMSKMSTMroNDTNSTNaNNkoPC=PDTPKTPSTUTCVaiWAT]:adxaesavxendfinfmagc gp intip4mapnilobjpc=pt, xrefs: 00FEFF67
  • 4, xrefs: 00FEFF49
  • runtime: GetQueuedCompletionStatusEx failed (errno= runtime: use of FixAlloc_Alloc before FixAlloc_Initspan set block with unpopped elements found in resetcompileCallback: argument size is larger than uintptrfunction symbol table not sorted by program counter, xrefs: 00FEFF3E
Memory Dump Source
  • Source File: 00000000.00000002.2124398066.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
  • Associated: 00000000.00000002.2124322813.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124524807.000000000106C000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124663432.0000000001119000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124706630.000000000111D000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124743435.000000000111E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124784032.000000000111F000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124824878.0000000001128000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124851517.0000000001129000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000112D000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000115A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001175000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.0000000001178000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.000000000119F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125192678.00000000011F9000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125246417.00000000011FA000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_fc0000_main.jbxd
Similarity
  • API ID:
  • String ID: ) *( - < > m= n=%: +00+01+03+04+05+06+07+08+09+10+11+12+13+14-01-02-03-04-05-06-08-09-11-12125625???ADTASTBSTCATCDTCETCSTEATEDTEETEOFESTGMTHDTHSTHanIDTISTJSTKSTLaoMDTMSKMSTMroNDTNSTNaNNkoPC=PDTPKTPSTUTCVaiWAT]:adxaesavxendfinfmagc gp intip4mapnilobjpc=pt$4$runtime: GetQueuedCompletionStatusEx failed (errno= runtime: use of FixAlloc_Alloc before FixAlloc_Initspan set block with unpopped elements found in resetcompileCallback: argument size is larger than uintptrfunction symbol table not sorted by program counter$runtime: netpoll failedruntime: s.allocCount= s.allocCount > s.nelemsschedule: holding locksshrinkstack at bad timespan has no free stacksstack growth after forksyntax error in patternsystem huge page size (work.nwait > work.nproc116415321826934814453125582076
  • API String ID: 0-452641536
  • Opcode ID: 6d125a4bc97672210c807c77dde06ad03ee749a7f0adf2c270cdecc5f9ff1231
  • Instruction ID: bae1a67ae47366a8f41c99015a0511605770a0a89adf4f51f96e5fc13182fa1a
  • Opcode Fuzzy Hash: 6d125a4bc97672210c807c77dde06ad03ee749a7f0adf2c270cdecc5f9ff1231
  • Instruction Fuzzy Hash: 15914732208B85C6DB249F15E8803AAB7A1F388794F648525EBDD47BA8DF7CC449DB40
Strings
  • :<=?CLMNPSUZ[\]`hms + @ P [%v(") )(), ->25: > CcCfCoCsLlLmLoLtLuMcMeMnNdNlNoPcPdPePfPiPoPsScSkSmSoYiZlZpZs")" ][]i)msnss us} G M P ) *( - < > m= n=%: +00+01+03+04+05+06+07+08+09+10+11+12+13+14-01-02-03-04-05-06-08-09-11-12125625???ADTASTBSTCATCDTCE, xrefs: 01017EDD
  • runtime., xrefs: 01017E0B
  • panicscav schedsleepslicesse41sse42ssse3sudogsweeptraceuint8usagewrite Value addr= alloc base code= ctxt: curg= free goid jobs= list= m->p= next= p->m= prev= span=% util(...), i = , not 390625<-chanArabicBrahmiCarianChakmaCommonCopticFormatGOROOTGetACPGoth, xrefs: 01017E55
  • gopa, xrefs: 01017E29
Memory Dump Source
  • Source File: 00000000.00000002.2124398066.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
  • Associated: 00000000.00000002.2124322813.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124524807.000000000106C000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124663432.0000000001119000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124706630.000000000111D000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124743435.000000000111E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124784032.000000000111F000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124824878.0000000001128000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124851517.0000000001129000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000112D000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000115A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001175000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.0000000001178000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.000000000119F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125192678.00000000011F9000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125246417.00000000011FA000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_fc0000_main.jbxd
Similarity
  • API ID:
  • String ID: :<=?CLMNPSUZ[\]`hms + @ P [%v(") )(), ->25: > CcCfCoCsLlLmLoLtLuMcMeMnNdNlNoPcPdPePfPiPoPsScSkSmSoYiZlZpZs")" ][]i)msnss us} G M P ) *( - < > m= n=%: +00+01+03+04+05+06+07+08+09+10+11+12+13+14-01-02-03-04-05-06-08-09-11-12125625???ADTASTBSTCATCDTCE$gopa$panicscav schedsleepslicesse41sse42ssse3sudogsweeptraceuint8usagewrite Value addr= alloc base code= ctxt: curg= free goid jobs= list= m->p= next= p->m= prev= span=% util(...), i = , not 390625<-chanArabicBrahmiCarianChakmaCommonCopticFormatGOROOTGetACPGoth$runtime.
  • API String ID: 0-898736453
  • Opcode ID: c7db04ea410c94dc0d70471b0e9b331862dc2057db13cef7c8a676fccce41de8
  • Instruction ID: 2fcd28a1b285d27b3cb19690d448f8e4963477ff91bba576d912d35b3bd4ce76
  • Opcode Fuzzy Hash: c7db04ea410c94dc0d70471b0e9b331862dc2057db13cef7c8a676fccce41de8
  • Instruction Fuzzy Hash: 7981CF36209B8985DA60AF15F88036EB7A4F789B84F548466EBCD43B2DDF7CD590CB40
Strings
  • (, xrefs: 00FE6D10
  • -byte block (3814697265625CertOpenStoreFindNextFileWFreeAddrInfoWGC sweep waitGunjala_GondiMapViewOfFileMasaram_GondiMende_KikakuiOld_HungarianRegDeleteKeyWRegEnumKeyExWRegEnumValueWRegOpenKeyExWVirtualUnlockWriteConsoleWbad flushGen bad map statedebugCall2048, xrefs: 00FE6D2C
  • in use) lockedg= lockedm= m->curg= marked ms cpu, not in [ runtime= s.limit= s.state= threads= u_a/u_g= unmarked wbuf1.n= wbuf2.n=(unknown), newval=, oldval=, size = , tail = 244140625: status=Bassa_VahBhaiksukiCuneiformDiacriticFindCloseHex_DigitInherite, xrefs: 00FE6D53
  • runtime: out of memory: cannot allocate runtime: typeBitsBulkBarrier with type 34694469519536141888238489627838134765625MapIter.Next called on exhausted iteratorattempted to add zero-sized address rangecan't call pointer on a non-pointer ValuegcSweep being do, xrefs: 00FE6D05
Memory Dump Source
  • Source File: 00000000.00000002.2124398066.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
  • Associated: 00000000.00000002.2124322813.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124524807.000000000106C000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124663432.0000000001119000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124706630.000000000111D000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124743435.000000000111E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124784032.000000000111F000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124824878.0000000001128000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124851517.0000000001129000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000112D000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000115A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001175000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.0000000001178000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.000000000119F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125192678.00000000011F9000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125246417.00000000011FA000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_fc0000_main.jbxd
Similarity
  • API ID:
  • String ID: in use) lockedg= lockedm= m->curg= marked ms cpu, not in [ runtime= s.limit= s.state= threads= u_a/u_g= unmarked wbuf1.n= wbuf2.n=(unknown), newval=, oldval=, size = , tail = 244140625: status=Bassa_VahBhaiksukiCuneiformDiacriticFindCloseHex_DigitInherite$($-byte block (3814697265625CertOpenStoreFindNextFileWFreeAddrInfoWGC sweep waitGunjala_GondiMapViewOfFileMasaram_GondiMende_KikakuiOld_HungarianRegDeleteKeyWRegEnumKeyExWRegEnumValueWRegOpenKeyExWVirtualUnlockWriteConsoleWbad flushGen bad map statedebugCall2048$runtime: out of memory: cannot allocate runtime: typeBitsBulkBarrier with type 34694469519536141888238489627838134765625MapIter.Next called on exhausted iteratorattempted to add zero-sized address rangecan't call pointer on a non-pointer ValuegcSweep being do
  • API String ID: 0-3258497298
  • Opcode ID: 4a71726fb967b16af6139c3654042b45f959dfa46cea1d41b888acd8a85a17f5
  • Instruction ID: 28b7d0e5047175bd3731d75f6a6ba0050d789df2cebfa9623cadcb97650b3b57
  • Opcode Fuzzy Hash: 4a71726fb967b16af6139c3654042b45f959dfa46cea1d41b888acd8a85a17f5
  • Instruction Fuzzy Hash: 38710176619B8881DB009F15F8803AAB7A4F798B94F148126EBCD87B69DF7CC095DB40
Strings
  • shrinkstack at bad timespan has no free stacksstack growth after forksyntax error in patternsystem huge page size (work.nwait > work.nproc116415321826934814453125582076609134674072265625Azerbaijan Standard TimeBangladesh Standard TimeCape Verde Standard TimeCe, xrefs: 0100C245
  • missing stack in shrinkstackmspan.sweep: m is not lockednewproc1: new g is not Gdeadnewproc1: newg missing stackos: process already finishedprotocol driver not attachedreflect: In of non-func typeregion exceeds uintptr rangeruntime.semasleep unexpectedruntime:, xrefs: 0100C277
  • shrinking stack in libcallstartlockedm: locked to me363797880709171295166015625CertEnumCertificatesInStoreEaster Island Standard TimeG waiting list is corruptedaddress not a stack addresschannel number out of rangecommunication error on sendcould not find QPC , xrefs: 0100C22C
  • bad status in shrinkstackbad system huge page sizechansend: spurious wakeupcheckdead: no m for timerinconsistent poll.fdMutexinvalid cross-device linkmissing stack in newstackmissing traceGCSweepStartno buffer space availableno such device or addressoperation , xrefs: 0100C25E
Memory Dump Source
  • Source File: 00000000.00000002.2124398066.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
  • Associated: 00000000.00000002.2124322813.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124524807.000000000106C000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124663432.0000000001119000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124706630.000000000111D000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124743435.000000000111E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124784032.000000000111F000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124824878.0000000001128000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124851517.0000000001129000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000112D000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000115A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001175000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.0000000001178000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.000000000119F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125192678.00000000011F9000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125246417.00000000011FA000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_fc0000_main.jbxd
Similarity
  • API ID:
  • String ID: bad status in shrinkstackbad system huge page sizechansend: spurious wakeupcheckdead: no m for timerinconsistent poll.fdMutexinvalid cross-device linkmissing stack in newstackmissing traceGCSweepStartno buffer space availableno such device or addressoperation $missing stack in shrinkstackmspan.sweep: m is not lockednewproc1: new g is not Gdeadnewproc1: newg missing stackos: process already finishedprotocol driver not attachedreflect: In of non-func typeregion exceeds uintptr rangeruntime.semasleep unexpectedruntime:$shrinking stack in libcallstartlockedm: locked to me363797880709171295166015625CertEnumCertificatesInStoreEaster Island Standard TimeG waiting list is corruptedaddress not a stack addresschannel number out of rangecommunication error on sendcould not find QPC $shrinkstack at bad timespan has no free stacksstack growth after forksyntax error in patternsystem huge page size (work.nwait > work.nproc116415321826934814453125582076609134674072265625Azerbaijan Standard TimeBangladesh Standard TimeCape Verde Standard TimeCe
  • API String ID: 0-3704536678
  • Opcode ID: de82a0f4d8397484de70512ad40a66f5243dc2ae1340d76aa8fc64ed20e4bdde
  • Instruction ID: 181567349d8005eebc6a8e12da139e4580255a85519c57325cbfa3d3deb9aa67
  • Opcode Fuzzy Hash: de82a0f4d8397484de70512ad40a66f5243dc2ae1340d76aa8fc64ed20e4bdde
  • Instruction Fuzzy Hash: 7E414836605A4089FB55CB59E5943ADBBA0F789B88F8841A6CBCD47BA6CF38C095D700
Strings
  • span has no free stacksstack growth after forksyntax error in patternsystem huge page size (work.nwait > work.nproc116415321826934814453125582076609134674072265625Azerbaijan Standard TimeBangladesh Standard TimeCape Verde Standard TimeCertFreeCertificateChainC, xrefs: 0100989E
  • bad allocCountbad span statebad stack sizefile too largefinalizer waitgcstoptheworldgetprotobynameinvalid syntaxis a directorylevel 2 haltedlevel 3 haltednil elem type!no module datano such devicepollCache.lockprotocol errorruntime: full=s.allocCount= semaRoot, xrefs: 010098D0
  • out of memoryruntime: seq=runtime: val=srmount errortimer expiredtraceStackTabtriggerRatio=value method xadd64 failedxchg64 failed}sched={pc: but progSize nmidlelocked= on zero Value out of range procedure in to finalizer untyped args -thread limit19073, xrefs: 010098E9
  • bad manualFreeListbufio: buffer fullconnection refusedfaketimeState.lockfile name too longforEachP: not donegarbage collectionidentifier removedindex out of rangeinput/output errormultihop attemptedno child processesno locks availableoperation canceledreflect., xrefs: 010098B7
Memory Dump Source
  • Source File: 00000000.00000002.2124398066.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
  • Associated: 00000000.00000002.2124322813.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124524807.000000000106C000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124663432.0000000001119000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124706630.000000000111D000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124743435.000000000111E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124784032.000000000111F000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124824878.0000000001128000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124851517.0000000001129000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000112D000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000115A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001175000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.0000000001178000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.000000000119F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125192678.00000000011F9000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125246417.00000000011FA000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_fc0000_main.jbxd
Similarity
  • API ID:
  • String ID: bad allocCountbad span statebad stack sizefile too largefinalizer waitgcstoptheworldgetprotobynameinvalid syntaxis a directorylevel 2 haltedlevel 3 haltednil elem type!no module datano such devicepollCache.lockprotocol errorruntime: full=s.allocCount= semaRoot$bad manualFreeListbufio: buffer fullconnection refusedfaketimeState.lockfile name too longforEachP: not donegarbage collectionidentifier removedindex out of rangeinput/output errormultihop attemptedno child processesno locks availableoperation canceledreflect.$out of memoryruntime: seq=runtime: val=srmount errortimer expiredtraceStackTabtriggerRatio=value method xadd64 failedxchg64 failed}sched={pc: but progSize nmidlelocked= on zero Value out of range procedure in to finalizer untyped args -thread limit19073$span has no free stacksstack growth after forksyntax error in patternsystem huge page size (work.nwait > work.nproc116415321826934814453125582076609134674072265625Azerbaijan Standard TimeBangladesh Standard TimeCape Verde Standard TimeCertFreeCertificateChainC
  • API String ID: 0-2752356647
  • Opcode ID: 694ead24e50f7221f6744997424d2a81ad59063b6bc81c64d6fa13228dbc7b1f
  • Instruction ID: 603b8f9f9f06a830ce930d819f80bdecd0ca74d0e83331a89a66dfaf45394d4e
  • Opcode Fuzzy Hash: 694ead24e50f7221f6744997424d2a81ad59063b6bc81c64d6fa13228dbc7b1f
  • Instruction Fuzzy Hash: 76411676209B80C4EB15DF05F49036ABBA4F788B98F458165EBCD47BAADF78C190CB00
Strings
Memory Dump Source
  • Source File: 00000000.00000002.2124398066.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
  • Associated: 00000000.00000002.2124322813.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124524807.000000000106C000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124663432.0000000001119000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124706630.000000000111D000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124743435.000000000111E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124784032.000000000111F000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124824878.0000000001128000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124851517.0000000001129000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000112D000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000115A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001175000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.0000000001178000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.000000000119F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125192678.00000000011F9000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125246417.00000000011FA000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_fc0000_main.jbxd
Similarity
  • API ID:
  • String ID: $ $ $
  • API String ID: 0-3535155489
  • Opcode ID: 0e51c43fc28dc153ad90b31b2915a70820763950e0f3b97e3fdb2cbbb102feb9
  • Instruction ID: 7d304047a65cfd92fd4f5bdc08a0f3fdeae5ab1dde66067ee4a0a167e44f766a
  • Opcode Fuzzy Hash: 0e51c43fc28dc153ad90b31b2915a70820763950e0f3b97e3fdb2cbbb102feb9
  • Instruction Fuzzy Hash: 6841E536209F85D5CB60DB11F4843AEB7A4F3897A4F144625EAEC47BA8DF78C194CB40
Strings
  • (forced) -> node= blocked= defersc= in use) lockedg= lockedm= m->curg= marked ms cpu, not in [ runtime= s.limit= s.state= threads= u_a/u_g= unmarked wbuf1.n= wbuf2.n=(unknown), newval=, oldval=, size = , tail = 244140625: status=Bassa_VahBhaiksukiCuneifor, xrefs: 00FE1105
  • KiB work, freeindex= gcwaiting= heap_live= idleprocs= in status mallocing= ms clock, nBSSRoots= p->status= s.nelems= schedtick= span.list= timerslen=, elemsize=, npages = /dev/stderr/dev/stdout30517578125: frame.sp=CloseHandleCreateFileWDeleteFileWDives_A, xrefs: 00FE102D
  • scav schedsleepslicesse41sse42ssse3sudogsweeptraceuint8usagewrite Value addr= alloc base code= ctxt: curg= free goid jobs= list= m->p= next= p->m= prev= span=% util(...), i = , not 390625<-chanArabicBrahmiCarianChakmaCommonCopticFormatGOROOTGetACPGothicHan, xrefs: 00FE0FF0
  • KiB total, [recovered] allocCount found at *( gcscandone m->gsignal= minTrigger= nDataRoots= nSpanRoots= pages/byte preemptoff= s.elemsize= s.sweepgen= span.limit= span.state= sysmonwait= wbuf1=<nil> wbuf2=<nil>) p->status=-byte limit15258789062576293945, xrefs: 00FE1058
Memory Dump Source
  • Source File: 00000000.00000002.2124398066.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
  • Associated: 00000000.00000002.2124322813.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124524807.000000000106C000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124663432.0000000001119000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124706630.000000000111D000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124743435.000000000111E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124784032.000000000111F000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124824878.0000000001128000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124851517.0000000001129000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000112D000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000115A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001175000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.0000000001178000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.000000000119F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125192678.00000000011F9000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125246417.00000000011FA000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_fc0000_main.jbxd
Similarity
  • API ID:
  • String ID: (forced) -> node= blocked= defersc= in use) lockedg= lockedm= m->curg= marked ms cpu, not in [ runtime= s.limit= s.state= threads= u_a/u_g= unmarked wbuf1.n= wbuf2.n=(unknown), newval=, oldval=, size = , tail = 244140625: status=Bassa_VahBhaiksukiCuneifor$ KiB total, [recovered] allocCount found at *( gcscandone m->gsignal= minTrigger= nDataRoots= nSpanRoots= pages/byte preemptoff= s.elemsize= s.sweepgen= span.limit= span.state= sysmonwait= wbuf1=<nil> wbuf2=<nil>) p->status=-byte limit15258789062576293945$ KiB work, freeindex= gcwaiting= heap_live= idleprocs= in status mallocing= ms clock, nBSSRoots= p->status= s.nelems= schedtick= span.list= timerslen=, elemsize=, npages = /dev/stderr/dev/stdout30517578125: frame.sp=CloseHandleCreateFileWDeleteFileWDives_A$scav schedsleepslicesse41sse42ssse3sudogsweeptraceuint8usagewrite Value addr= alloc base code= ctxt: curg= free goid jobs= list= m->p= next= p->m= prev= span=% util(...), i = , not 390625<-chanArabicBrahmiCarianChakmaCommonCopticFormatGOROOTGetACPGothicHan
  • API String ID: 0-2835056640
  • Opcode ID: ed446b09152ef94248e0507c14ff82a226ec678ee57494d7e39aad302b750c6b
  • Instruction ID: 9e0841cb676cf0ad40217c8cd6430508185141c5cec331ac36259b99eb6613f3
  • Opcode Fuzzy Hash: ed446b09152ef94248e0507c14ff82a226ec678ee57494d7e39aad302b750c6b
  • Instruction Fuzzy Hash: 7C411736618B8980DA00FB52F8A23BAB365FB84780F108455E7CD03769CF7CC195EB10
Strings
  • runtime: panic before malloc heap initializedruntime: text offset base pointer out of rangeruntime: type offset base pointer out of rangesignal arrived during external code executionslice bounds out of range [:%x] with length %ystopTheWorld: not stopped (sta, xrefs: 00FF6425
  • stack trace unavailablestructure needs cleaning bytes failed with errno= to unused region of span2910383045673370361328125AUS Central Standard TimeAUS Eastern Standard TimeAfghanistan Standard TimeExpandEnvironmentStringsWGODEBUG: can not enable "GetFinalPath, xrefs: 00FF6350
  • panic during panicpanic holding lockspanicwrap: no ( in panicwrap: no ) in reflect.Value.Fieldreflect.Value.Floatreflect.Value.Indexreflect.Value.IsNilreflect.Value.Sliceruntime: g0 stack [runtime: pcdata is runtime: preempt g0semaRoot rotateLeftskip this dir, xrefs: 00FF638B
  • ., xrefs: 00FF6430
Memory Dump Source
  • Source File: 00000000.00000002.2124398066.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
  • Associated: 00000000.00000002.2124322813.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124524807.000000000106C000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124663432.0000000001119000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124706630.000000000111D000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124743435.000000000111E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124784032.000000000111F000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124824878.0000000001128000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124851517.0000000001129000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000112D000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000115A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001175000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.0000000001178000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.000000000119F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125192678.00000000011F9000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125246417.00000000011FA000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_fc0000_main.jbxd
Similarity
  • API ID:
  • String ID: .$panic during panicpanic holding lockspanicwrap: no ( in panicwrap: no ) in reflect.Value.Fieldreflect.Value.Floatreflect.Value.Indexreflect.Value.IsNilreflect.Value.Sliceruntime: g0 stack [runtime: pcdata is runtime: preempt g0semaRoot rotateLeftskip this dir$runtime: panic before malloc heap initializedruntime: text offset base pointer out of rangeruntime: type offset base pointer out of rangesignal arrived during external code executionslice bounds out of range [:%x] with length %ystopTheWorld: not stopped (sta$stack trace unavailablestructure needs cleaning bytes failed with errno= to unused region of span2910383045673370361328125AUS Central Standard TimeAUS Eastern Standard TimeAfghanistan Standard TimeExpandEnvironmentStringsWGODEBUG: can not enable "GetFinalPath
  • API String ID: 0-2934381816
  • Opcode ID: c36de348c8290cc12f278890ee85f134d0a557beb9af3a8bccdb436f722e843c
  • Instruction ID: 29d236c1225cb28a0971fa8a81a81046a36dd806ce493e2a9ba3ac2580684f51
  • Opcode Fuzzy Hash: c36de348c8290cc12f278890ee85f134d0a557beb9af3a8bccdb436f722e843c
  • Instruction Fuzzy Hash: CD418A36509A88C9EB00AF15E8953BDBBA0FB84788F144465E78C477B6CFBCC185EB51
Strings
Memory Dump Source
  • Source File: 00000000.00000002.2124398066.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
  • Associated: 00000000.00000002.2124322813.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124524807.000000000106C000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124663432.0000000001119000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124706630.000000000111D000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124743435.000000000111E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124784032.000000000111F000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124824878.0000000001128000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124851517.0000000001129000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000112D000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000115A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001175000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.0000000001178000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.000000000119F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125192678.00000000011F9000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125246417.00000000011FA000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_fc0000_main.jbxd
Similarity
  • API ID:
  • String ID: cras$none$sing$syst
  • API String ID: 0-2613714893
  • Opcode ID: bf497cac01213a4039b3993b1f7b15a0067039ebd50cc0d514161ce2f0ae0bfc
  • Instruction ID: d5b9533d8bd01c34596b49ce35a319bf274653718e9981c02fcc499d48796816
  • Opcode Fuzzy Hash: bf497cac01213a4039b3993b1f7b15a0067039ebd50cc0d514161ce2f0ae0bfc
  • Instruction Fuzzy Hash: 58317072E196B0D5EFA28F18E04536EB7E0F785B84F0884D2EACB47695DB79C482C741
Strings
  • m->p= next= p->m= prev= span=% util(...), i = , not 390625<-chanArabicBrahmiCarianChakmaCommonCopticFormatGOROOTGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLepchaLycianLydianRejangSCHED StringSyriacTai_LeTangutTeluguThaanaType: UTC+12UTC+13UTC-02UTC-08UT, xrefs: 010030F3
  • releasep: m=runtime: gp=runtime: sp=self-preemptshort bufferspanSetSpinesweepWaiterstraceStringswirep: p->m=worker mode != sweepgen MB) workers= called from flushedWork heap_marked= idlethreads= is nil, not nStackRoots= s.spanclass= span.base()= syscallti, xrefs: 010030C8
  • p->status= s.nelems= schedtick= span.list= timerslen=, elemsize=, npages = /dev/stderr/dev/stdout30517578125: frame.sp=CloseHandleCreateFileWDeleteFileWDives_AkuruExitProcessFreeLibraryGOTRACEBACKGetFileTypeIdeographicMedefaidrinMoveFileExWNandinagariNetShar, xrefs: 01003145
  • releasep: invalid argruntime: confused by runtime: newstack at runtime: newstack sp=runtime: searchIdx = runtime: work.nwait= stale NFS file handlestartlockedm: m has pstartm: m is spinningstate not recoverabletimer data corruption/lib/time/zoneinfo.zip4656612, xrefs: 0100318F
Memory Dump Source
  • Source File: 00000000.00000002.2124398066.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
  • Associated: 00000000.00000002.2124322813.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124524807.000000000106C000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124663432.0000000001119000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124706630.000000000111D000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124743435.000000000111E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124784032.000000000111F000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124824878.0000000001128000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124851517.0000000001129000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000112D000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000115A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001175000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.0000000001178000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.000000000119F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125192678.00000000011F9000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125246417.00000000011FA000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_fc0000_main.jbxd
Similarity
  • API ID:
  • String ID: m->p= next= p->m= prev= span=% util(...), i = , not 390625<-chanArabicBrahmiCarianChakmaCommonCopticFormatGOROOTGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLepchaLycianLydianRejangSCHED StringSyriacTai_LeTangutTeluguThaanaType: UTC+12UTC+13UTC-02UTC-08UT$ p->status= s.nelems= schedtick= span.list= timerslen=, elemsize=, npages = /dev/stderr/dev/stdout30517578125: frame.sp=CloseHandleCreateFileWDeleteFileWDives_AkuruExitProcessFreeLibraryGOTRACEBACKGetFileTypeIdeographicMedefaidrinMoveFileExWNandinagariNetShar$releasep: invalid argruntime: confused by runtime: newstack at runtime: newstack sp=runtime: searchIdx = runtime: work.nwait= stale NFS file handlestartlockedm: m has pstartm: m is spinningstate not recoverabletimer data corruption/lib/time/zoneinfo.zip4656612$releasep: m=runtime: gp=runtime: sp=self-preemptshort bufferspanSetSpinesweepWaiterstraceStringswirep: p->m=worker mode != sweepgen MB) workers= called from flushedWork heap_marked= idlethreads= is nil, not nStackRoots= s.spanclass= span.base()= syscallti
  • API String ID: 0-1652108212
  • Opcode ID: cb679a4af6e4ecd7109131f04cdf5a146d4655f87dcee9a61d470ce44781f2c5
  • Instruction ID: 70ca24299fabe5da8fa242a25dd404d08488de78876bf3257e216694b0f35153
  • Opcode Fuzzy Hash: cb679a4af6e4ecd7109131f04cdf5a146d4655f87dcee9a61d470ce44781f2c5
  • Instruction Fuzzy Hash: E241E176219B44C8EA40EF01F88436ABBA8F788784F448161EBCC07B69DF7CC195DB00
Strings
  • runtime: summary max pages = runtime: unknown pc in defer semacquire not on the G stackstring concatenation too longsyntax error scanning booleantimeBegin/EndPeriod not foundtoo many open files in system (types from different scopes) in prepareForSweep; sweepg, xrefs: 00FE86BC
  • +, xrefs: 00FE86FA
  • root level max pages doesn't fit in summaryruntime.SetFinalizer: finalizer already setruntime.SetFinalizer: first argument is nilruntime: casfrom_Gscanstatus bad oldval gp=runtime: heapBitsSetTypeGCProg: total bits runtime: releaseSudog with non-nil gp.paramru, xrefs: 00FE86EF
  • runtime: root level max pages = runtime: setevent failed; errno=runtime: stack split at bad timeruntime: sudog with non-nil elemruntime: sudog with non-nil nextruntime: sudog with non-nil prevscanstack: goroutine not stoppedslice bounds out of range [%x::]slic, xrefs: 00FE8674
Memory Dump Source
  • Source File: 00000000.00000002.2124398066.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
  • Associated: 00000000.00000002.2124322813.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124524807.000000000106C000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124663432.0000000001119000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124706630.000000000111D000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124743435.000000000111E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124784032.000000000111F000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124824878.0000000001128000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124851517.0000000001129000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000112D000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000115A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001175000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.0000000001178000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.000000000119F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125192678.00000000011F9000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125246417.00000000011FA000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_fc0000_main.jbxd
Similarity
  • API ID:
  • String ID: +$root level max pages doesn't fit in summaryruntime.SetFinalizer: finalizer already setruntime.SetFinalizer: first argument is nilruntime: casfrom_Gscanstatus bad oldval gp=runtime: heapBitsSetTypeGCProg: total bits runtime: releaseSudog with non-nil gp.paramru$runtime: root level max pages = runtime: setevent failed; errno=runtime: stack split at bad timeruntime: sudog with non-nil elemruntime: sudog with non-nil nextruntime: sudog with non-nil prevscanstack: goroutine not stoppedslice bounds out of range [%x::]slic$runtime: summary max pages = runtime: unknown pc in defer semacquire not on the G stackstring concatenation too longsyntax error scanning booleantimeBegin/EndPeriod not foundtoo many open files in system (types from different scopes) in prepareForSweep; sweepg
  • API String ID: 0-4112911870
  • Opcode ID: aad7f360f6b32ddb2fd85f95af2ff6fde11afff0e7a5b12a2f4f173fea3e918e
  • Instruction ID: 0580be65fb2db53d9215d7489b8cb907d22c95e456c65973b28333f39c4c396d
  • Opcode Fuzzy Hash: aad7f360f6b32ddb2fd85f95af2ff6fde11afff0e7a5b12a2f4f173fea3e918e
  • Instruction Fuzzy Hash: C3312836219B88D4DA40AB11F8853ADB7A4FB84B84F558461EBCD07B79DF7CC196EB00
Strings
  • !, xrefs: 00FE1E88
  • min too largenil stackbaseout of memoryruntime: seq=runtime: val=srmount errortimer expiredtraceStackTabtriggerRatio=value method xadd64 failedxchg64 failed}sched={pc: but progSize nmidlelocked= on zero Value out of range procedure in to finalizer untype, xrefs: 00FE1E2A
  • runtime: min = runtimer: bad pscan missed a gstartm: m has pstopm holding p already; errno= mheap.sweepgen= not in ranges: untyped locals , not a function0123456789ABCDEF0123456789abcdef2384185791015625CreateDirectoryWDnsNameCompare_WDuplicateTokenExFlushFile, xrefs: 00FE1DF7, 00FE1E4A
  • min must be a non-zero power of 2misrounded allocation in sysAllocreflect.nameFrom: name too long: reflect: Field index out of rangereflect: NumOut of non-func type reflect: array index out of rangereflect: chanDir of non-chan typereflect: slice index out of r, xrefs: 00FE1E7D
Memory Dump Source
  • Source File: 00000000.00000002.2124398066.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
  • Associated: 00000000.00000002.2124322813.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124524807.000000000106C000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124663432.0000000001119000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124706630.000000000111D000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124743435.000000000111E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124784032.000000000111F000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124824878.0000000001128000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124851517.0000000001129000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000112D000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000115A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001175000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.0000000001178000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.000000000119F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125192678.00000000011F9000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125246417.00000000011FA000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_fc0000_main.jbxd
Similarity
  • API ID:
  • String ID: !$min must be a non-zero power of 2misrounded allocation in sysAllocreflect.nameFrom: name too long: reflect: Field index out of rangereflect: NumOut of non-func type reflect: array index out of rangereflect: chanDir of non-chan typereflect: slice index out of r$min too largenil stackbaseout of memoryruntime: seq=runtime: val=srmount errortimer expiredtraceStackTabtriggerRatio=value method xadd64 failedxchg64 failed}sched={pc: but progSize nmidlelocked= on zero Value out of range procedure in to finalizer untype$runtime: min = runtimer: bad pscan missed a gstartm: m has pstopm holding p already; errno= mheap.sweepgen= not in ranges: untyped locals , not a function0123456789ABCDEF0123456789abcdef2384185791015625CreateDirectoryWDnsNameCompare_WDuplicateTokenExFlushFile
  • API String ID: 0-2633873219
  • Opcode ID: b60ed5ad2a1cfb8eb05cd9bf61092937f1025f21e35078d34a84480abab53a93
  • Instruction ID: 27a0b15e70bad23c5fd9b2c86ea760cfba6a72dbcea7cbbf53c68cbc814abc39
  • Opcode Fuzzy Hash: b60ed5ad2a1cfb8eb05cd9bf61092937f1025f21e35078d34a84480abab53a93
  • Instruction Fuzzy Hash: A9316932619F8585DA10AF12F88536EB764FB85B90F444551EBDD03BAADF3CC194EB00
Strings
Memory Dump Source
  • Source File: 00000000.00000002.2124398066.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
  • Associated: 00000000.00000002.2124322813.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124524807.000000000106C000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124663432.0000000001119000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124706630.000000000111D000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124743435.000000000111E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124784032.000000000111F000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124824878.0000000001128000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124851517.0000000001129000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000112D000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000115A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001175000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.0000000001178000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.000000000119F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125192678.00000000011F9000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125246417.00000000011FA000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_fc0000_main.jbxd
Similarity
  • API ID:
  • String ID: -$-$.$e+
  • API String ID: 0-2018474718
  • Opcode ID: 7da7cf9c32224643a443919517bd0cf0c80e181b93600cb73cf4bc03c6cedc81
  • Instruction ID: 5e6332a751fd36d47c27413b760bc15477b670543a64ab4ba21053584b7688e0
  • Opcode Fuzzy Hash: 7da7cf9c32224643a443919517bd0cf0c80e181b93600cb73cf4bc03c6cedc81
  • Instruction Fuzzy Hash: EC214763A0D7848ACB0ACB38A45536EFB10E796784F049319DBD617BC9E76CC18ACB01
Strings
  • newval= nfreed= packed= pointer stack=[ status 48828125AcceptExArmenianBalineseBopomofoBugineseCancelIoCherokeeCyrillicDuployanEthiopicExtenderGeorgianGoStringGujaratiGurmukhiHiraganaJavaneseKatakanaKayah_LiLinear_ALinear_BMahajaniOl_ChikiPhags_PaReadFileTagb, xrefs: 00FFA7B2
  • runtime: castogscanstatus oldval=runtime: failed mSpanList.insert runtime: failed to decommit pagesruntime: goroutine stack exceeds runtime: memory allocated by OS [runtime: name offset out of rangeruntime: text offset out of rangeruntime: type offset out of r, xrefs: 00FFA789
  • castogscanstatusgc: unswept spangcshrinkstackoffinteger overflowinvalid argumentinvalid exchangeinvalid g statusinvalid spdelta mSpanList.insertmSpanList.removemessage too longmissing stackmapnewmHandoff.lockno route to hostnon-Go functionobject is remotepace, xrefs: 00FFA7E5
  • !, xrefs: 00FFA794
Memory Dump Source
  • Source File: 00000000.00000002.2124398066.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
  • Associated: 00000000.00000002.2124322813.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124524807.000000000106C000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124663432.0000000001119000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124706630.000000000111D000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124743435.000000000111E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124784032.000000000111F000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124824878.0000000001128000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124851517.0000000001129000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000112D000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000115A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001175000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.0000000001178000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.000000000119F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125192678.00000000011F9000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125246417.00000000011FA000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_fc0000_main.jbxd
Similarity
  • API ID:
  • String ID: newval= nfreed= packed= pointer stack=[ status 48828125AcceptExArmenianBalineseBopomofoBugineseCancelIoCherokeeCyrillicDuployanEthiopicExtenderGeorgianGoStringGujaratiGurmukhiHiraganaJavaneseKatakanaKayah_LiLinear_ALinear_BMahajaniOl_ChikiPhags_PaReadFileTagb$!$castogscanstatusgc: unswept spangcshrinkstackoffinteger overflowinvalid argumentinvalid exchangeinvalid g statusinvalid spdelta mSpanList.insertmSpanList.removemessage too longmissing stackmapnewmHandoff.lockno route to hostnon-Go functionobject is remotepace$runtime: castogscanstatus oldval=runtime: failed mSpanList.insert runtime: failed to decommit pagesruntime: goroutine stack exceeds runtime: memory allocated by OS [runtime: name offset out of rangeruntime: text offset out of rangeruntime: type offset out of r
  • API String ID: 0-3878934531
  • Opcode ID: 4be3c8791077dbf4b4955fda18784734b5de485121bce4989c6477626b7b04d6
  • Instruction ID: d9b9e7ea8353a6acb0819db5aea597bf4fef46b675978897fc5b05d833732752
  • Opcode Fuzzy Hash: 4be3c8791077dbf4b4955fda18784734b5de485121bce4989c6477626b7b04d6
  • Instruction Fuzzy Hash: FA113636609B45CACA10EB24F8803AEB7A4FB88384F908564E7CC43B29DF7CC546DB51
Strings
  • 3, xrefs: 00FEFBC5
  • runtime: netpoll: PostQueuedCompletionStatus failed (errno= found bad pointer in Go heap (incorrect use of unsafe or cgo?)runtime: internal error: misuse of lockOSThread/unlockOSThreadcompileCallback: expected function with one uintptr-sized resultruntime.SetF, xrefs: 00FEFB75
  • runtime: netpoll: PostQueuedCompletionStatus failedcasfrom_Gscanstatus: gp->status is not in scan statemallocgc called without a P or outside bootstrappingruntime.SetFinalizer: pointer not in allocated blockruntime: GetQueuedCompletionStatusEx failed (errno= r, xrefs: 00FEFBBA
  • ) *( - < > m= n=%: +00+01+03+04+05+06+07+08+09+10+11+12+13+14-01-02-03-04-05-06-08-09-11-12125625???ADTASTBSTCATCDTCETCSTEATEDTEETEOFESTGMTHDTHSTHanIDTISTJSTKSTLaoMDTMSKMSTMroNDTNSTNaNNkoPC=PDTPKTPSTUTCVaiWAT]:adxaesavxendfinfmagc gp intip4mapnilobjpc=pt, xrefs: 00FEFB9C
Memory Dump Source
  • Source File: 00000000.00000002.2124398066.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
  • Associated: 00000000.00000002.2124322813.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124524807.000000000106C000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124663432.0000000001119000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124706630.000000000111D000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124743435.000000000111E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124784032.000000000111F000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124824878.0000000001128000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124851517.0000000001129000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000112D000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000115A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001175000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.0000000001178000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.000000000119F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125192678.00000000011F9000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125246417.00000000011FA000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_fc0000_main.jbxd
Similarity
  • API ID:
  • String ID: ) *( - < > m= n=%: +00+01+03+04+05+06+07+08+09+10+11+12+13+14-01-02-03-04-05-06-08-09-11-12125625???ADTASTBSTCATCDTCETCSTEATEDTEETEOFESTGMTHDTHSTHanIDTISTJSTKSTLaoMDTMSKMSTMroNDTNSTNaNNkoPC=PDTPKTPSTUTCVaiWAT]:adxaesavxendfinfmagc gp intip4mapnilobjpc=pt$3$runtime: netpoll: PostQueuedCompletionStatus failed (errno= found bad pointer in Go heap (incorrect use of unsafe or cgo?)runtime: internal error: misuse of lockOSThread/unlockOSThreadcompileCallback: expected function with one uintptr-sized resultruntime.SetF$runtime: netpoll: PostQueuedCompletionStatus failedcasfrom_Gscanstatus: gp->status is not in scan statemallocgc called without a P or outside bootstrappingruntime.SetFinalizer: pointer not in allocated blockruntime: GetQueuedCompletionStatusEx failed (errno= r
  • API String ID: 0-3766368070
  • Opcode ID: 4a54293a4d1c20907b033aa922ee052b803f61f4831c7767b843601bdb67d948
  • Instruction ID: 31f7a692180728f645a1913bc9e969910a40fc204b15919da2715b3b8c6c7809
  • Opcode Fuzzy Hash: 4a54293a4d1c20907b033aa922ee052b803f61f4831c7767b843601bdb67d948
  • Instruction Fuzzy Hash: E7212732519B85D9EB00AF21F8903AAB3A4FB98794F508125EBCD47B29DF7CC195DB01
Strings
  • 1, xrefs: 00FCB7BD
  • runtime: unable to acquire - semaphore out of syncGC must be disabled to protect validity of fn valuefatal: systemstack called from unexpected goroutinepotentially overlapping in-use allocations detectedruntime: netpoll: PostQueuedCompletionStatus failedcasfro, xrefs: 00FCB799
  • runtime: unexpected waitm - semaphore out of syncs.allocCount != s.nelems && freeIndex == s.nelemsslice bounds out of range [::%x] with capacity %ystrconv: internal error, rest != 0 but needed > 0strconv: num > den<<shift in adjustLastDigitFixedattempt to exec, xrefs: 00FCB7B2
  • notetsleep - waitm out of syncprotocol wrong type for socketreflect: Elem of invalid type reflect: Len of non-array typereflect: Out of non-func type runqputslow: queue is not fullruntime: bad g in cgocallbackruntime: bad pointer in frame runtime: found in ob, xrefs: 00FCB7CB
Memory Dump Source
  • Source File: 00000000.00000002.2124398066.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
  • Associated: 00000000.00000002.2124322813.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124524807.000000000106C000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124663432.0000000001119000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124706630.000000000111D000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124743435.000000000111E000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124784032.000000000111F000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124824878.0000000001128000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124851517.0000000001129000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000112D000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.000000000115A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001172000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2124891533.0000000001175000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.0000000001178000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125059821.000000000119F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125192678.00000000011F9000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2125246417.00000000011FA000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_fc0000_main.jbxd
Similarity
  • API ID:
  • String ID: 1$notetsleep - waitm out of syncprotocol wrong type for socketreflect: Elem of invalid type reflect: Len of non-array typereflect: Out of non-func type runqputslow: queue is not fullruntime: bad g in cgocallbackruntime: bad pointer in frame runtime: found in ob$runtime: unable to acquire - semaphore out of syncGC must be disabled to protect validity of fn valuefatal: systemstack called from unexpected goroutinepotentially overlapping in-use allocations detectedruntime: netpoll: PostQueuedCompletionStatus failedcasfro$runtime: unexpected waitm - semaphore out of syncs.allocCount != s.nelems && freeIndex == s.nelemsslice bounds out of range [::%x] with capacity %ystrconv: internal error, rest != 0 but needed > 0strconv: num > den<<shift in adjustLastDigitFixedattempt to exec
  • API String ID: 0-1337297560
  • Opcode ID: 33fdc6d3e86c76046023de1465be83d7d2b2dc58fea510c709d29d180963dd43
  • Instruction ID: bb981163bb634fd4f3b1c6b7e439b7848c36f0d33ba02450df1b43d569b901c3
  • Opcode Fuzzy Hash: 33fdc6d3e86c76046023de1465be83d7d2b2dc58fea510c709d29d180963dd43
  • Instruction Fuzzy Hash: