Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Doc.exe

Overview

General Information

Sample name:Doc.exe
Analysis ID:1523125
MD5:2746a7120bce30e9230a2e71a9ad909f
SHA1:506c97a2e62a2c962dbd283b2344e73cac4f8271
SHA256:4480d314657f84b2f829fb85fe6603c288bd9262e00e752e475c2a315dd2013f
Tags:user-lontze7
Infos:

Detection

Sliver
Score:76
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected Sliver Implants
AI detected suspicious sample
Machine Learning detection for sample
Potentially malicious time measurement code found
Contains functionality for execution timing, often used to detect debuggers
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
Installs a raw input device (often for capturing keystrokes)
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sigma detected: Communication To Uncommon Destination Ports
Yara signature match

Classification

Process Tree

  • System is w10x64
  • Doc.exe (PID: 7440 cmdline: "C:\Users\user\Desktop\Doc.exe" MD5: 2746A7120BCE30E9230A2E71A9AD909F)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
SliverAccording to VK9 Seecurity, Sliver is a Command and Control (C2) system made for penetration testers, red teams, and advanced persistent threats. It generates implants (slivers) that can run on virtually every architecture out there, and securely manage these connections through a central server. Sliver supports multiple callback protocols including DNS, TCP, and HTTP(S) to make egress simple, even when those pesky blue teams block your domains. You can even have multiple operators (players) simultaneously commanding your sliver army.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.sliver

Malware Configuration

No configs have been found

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
Doc.exeMulti_Trojan_Bishopsliver_42298c4aunknownunknown
  • 0xbe9097:$a1: ).RequestResend
  • 0xbdd4b8:$a2: ).GetPrivInfo
Doc.exeINDICATOR_TOOL_SliverDetects Sliver implant cross-platform adversary emulation/red teamditekSHen
  • 0x96267b:$s3: .WGTCPForwarder
  • 0x963728:$s3: .WGTCPForwarder
  • 0x964b89:$s3: .WGTCPForwarder
  • 0x965d0d:$s3: .WGTCPForwarder
  • 0x967a4d:$s3: .WGTCPForwarder
  • 0x968608:$s3: .WGTCPForwarder
  • 0x95e9e3:$s6: .BackdoorReq
  • 0x9625d9:$s7: .ProcessDumpReq
  • 0x965216:$s8: .InvokeSpawnDllReq
  • 0x95a397:$s9: .SpawnDll
  • 0x95eb1b:$s9: .SpawnDll

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.2912183689.000000C000188000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_SliverYara detected Sliver ImplantsJoe Security
    00000000.00000002.2910387662.00000000015C5000.00000002.00000001.01000000.00000003.sdmpMulti_Trojan_Bishopsliver_42298c4aunknownunknown
    • 0x74c97:$a1: ).RequestResend
    • 0x690b8:$a2: ).GetPrivInfo
    00000000.00000000.1668971259.00000000015C5000.00000002.00000001.01000000.00000003.sdmpMulti_Trojan_Bishopsliver_42298c4aunknownunknown
    • 0x74c97:$a1: ).RequestResend
    • 0x690b8:$a2: ).GetPrivInfo
    Process Memory Space: Doc.exe PID: 7440JoeSecurity_SliverYara detected Sliver ImplantsJoe Security
      Process Memory Space: Doc.exe PID: 7440Multi_Trojan_Bishopsliver_42298c4aunknownunknown
      • 0x9626e:$a1: ).RequestResend
      • 0xccaf4:$a1: ).RequestResend
      • 0x8a68f:$a2: ).GetPrivInfo
      • 0xc1548:$a2: ).GetPrivInfo

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      0.2.Doc.exe.a50000.0.unpackMulti_Trojan_Bishopsliver_42298c4aunknownunknown
      • 0xbe9097:$a1: ).RequestResend
      • 0xbdd4b8:$a2: ).GetPrivInfo
      0.2.Doc.exe.a50000.0.unpackINDICATOR_TOOL_SliverDetects Sliver implant cross-platform adversary emulation/red teamditekSHen
      • 0x96267b:$s3: .WGTCPForwarder
      • 0x963728:$s3: .WGTCPForwarder
      • 0x964b89:$s3: .WGTCPForwarder
      • 0x965d0d:$s3: .WGTCPForwarder
      • 0x967a4d:$s3: .WGTCPForwarder
      • 0x968608:$s3: .WGTCPForwarder
      • 0x95e9e3:$s6: .BackdoorReq
      • 0x9625d9:$s7: .ProcessDumpReq
      • 0x965216:$s8: .InvokeSpawnDllReq
      • 0x95a397:$s9: .SpawnDll
      • 0x95eb1b:$s9: .SpawnDll
      0.0.Doc.exe.a50000.0.unpackMulti_Trojan_Bishopsliver_42298c4aunknownunknown
      • 0xbe9097:$a1: ).RequestResend
      • 0xbdd4b8:$a2: ).GetPrivInfo
      0.0.Doc.exe.a50000.0.unpackINDICATOR_TOOL_SliverDetects Sliver implant cross-platform adversary emulation/red teamditekSHen
      • 0x96267b:$s3: .WGTCPForwarder
      • 0x963728:$s3: .WGTCPForwarder
      • 0x964b89:$s3: .WGTCPForwarder
      • 0x965d0d:$s3: .WGTCPForwarder
      • 0x967a4d:$s3: .WGTCPForwarder
      • 0x968608:$s3: .WGTCPForwarder
      • 0x95e9e3:$s6: .BackdoorReq
      • 0x9625d9:$s7: .ProcessDumpReq
      • 0x965216:$s8: .InvokeSpawnDllReq
      • 0x95a397:$s9: .SpawnDll
      • 0x95eb1b:$s9: .SpawnDll

      Sigma Signatures

      System Summary

      barindex
      Sigma detected: Communication To Uncommon Destination Ports
      Source: Network ConnectionAuthor: Florian Roth (Nextron Systems): Data: DestinationIp: 128.65.199.135, DestinationIsIpv6: false, DestinationPort: 8888, EventID: 3, Image: C:\Users\user\Desktop\Doc.exe, Initiated: true, ProcessId: 7440, Protocol: tcp, SourceIp: 192.168.2.4, SourceIsIpv6: false, SourcePort: 49730

      Suricata Signatures

      No Suricata rule has matched

      Joe Sandbox Signatures

      Click to jump to signature section

      Show All Signature Results

      AV Detection

      barindex
      Multi AV Scanner detection for submitted file
      Source: Doc.exeReversingLabs: Detection: 47%
      AI detected suspicious sample
      Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.9% probability
      Machine Learning detection for sample
      Source: Doc.exeJoe Sandbox ML: detected
      Source: Doc.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
      Source: C:\Users\user\Desktop\Doc.exeCode function: 4x nop then mov rdi, 0000800000000000h0_2_00A77120
      Source: C:\Users\user\Desktop\Doc.exeCode function: 4x nop then mov rsi, r90_2_00A77EC0
      Source: global trafficTCP traffic: 192.168.2.4:49730 -> 128.65.199.135:8888
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: global trafficDNS traffic detected: DNS query: sam.mr
      Source: Doc.exe, 00000000.00000002.2912183689.000000C000242000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: GetRawInputDatamemstr_5efe563f-6

      System Summary

      barindex
      Malicious sample detected (through community Yara rule)
      Source: Doc.exe, type: SAMPLEMatched rule: Multi_Trojan_Bishopsliver_42298c4a Author: unknown
      Source: Doc.exe, type: SAMPLEMatched rule: Detects Sliver implant cross-platform adversary emulation/red team Author: ditekSHen
      Source: 0.2.Doc.exe.a50000.0.unpack, type: UNPACKEDPEMatched rule: Multi_Trojan_Bishopsliver_42298c4a Author: unknown
      Source: 0.2.Doc.exe.a50000.0.unpack, type: UNPACKEDPEMatched rule: Detects Sliver implant cross-platform adversary emulation/red team Author: ditekSHen
      Source: 0.0.Doc.exe.a50000.0.unpack, type: UNPACKEDPEMatched rule: Multi_Trojan_Bishopsliver_42298c4a Author: unknown
      Source: 0.0.Doc.exe.a50000.0.unpack, type: UNPACKEDPEMatched rule: Detects Sliver implant cross-platform adversary emulation/red team Author: ditekSHen
      Source: 00000000.00000002.2910387662.00000000015C5000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Multi_Trojan_Bishopsliver_42298c4a Author: unknown
      Source: 00000000.00000000.1668971259.00000000015C5000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Multi_Trojan_Bishopsliver_42298c4a Author: unknown
      Source: Process Memory Space: Doc.exe PID: 7440, type: MEMORYSTRMatched rule: Multi_Trojan_Bishopsliver_42298c4a Author: unknown
      Source: C:\Users\user\Desktop\Doc.exeCode function: 0_2_00A560A00_2_00A560A0
      Source: C:\Users\user\Desktop\Doc.exeCode function: 0_2_00A968C00_2_00A968C0
      Source: C:\Users\user\Desktop\Doc.exeCode function: 0_2_00A940000_2_00A94000
      Source: C:\Users\user\Desktop\Doc.exeCode function: 0_2_00A569800_2_00A56980
      Source: C:\Users\user\Desktop\Doc.exeCode function: 0_2_00A749800_2_00A74980
      Source: C:\Users\user\Desktop\Doc.exeCode function: 0_2_00A5D1200_2_00A5D120
      Source: C:\Users\user\Desktop\Doc.exeCode function: 0_2_00A791200_2_00A79120
      Source: C:\Users\user\Desktop\Doc.exeCode function: 0_2_00A771200_2_00A77120
      Source: C:\Users\user\Desktop\Doc.exeCode function: 0_2_00A981000_2_00A98100
      Source: C:\Users\user\Desktop\Doc.exeCode function: 0_2_00A96AA00_2_00A96AA0
      Source: C:\Users\user\Desktop\Doc.exeCode function: 0_2_00A6E2600_2_00A6E260
      Source: C:\Users\user\Desktop\Doc.exeCode function: 0_2_00A5BBA00_2_00A5BBA0
      Source: C:\Users\user\Desktop\Doc.exeCode function: 0_2_00A833C00_2_00A833C0
      Source: C:\Users\user\Desktop\Doc.exeCode function: 0_2_00A64B400_2_00A64B40
      Source: C:\Users\user\Desktop\Doc.exeCode function: 0_2_00A6BCA00_2_00A6BCA0
      Source: C:\Users\user\Desktop\Doc.exeCode function: 0_2_00A73CC00_2_00A73CC0
      Source: C:\Users\user\Desktop\Doc.exeCode function: 0_2_00A775A00_2_00A775A0
      Source: C:\Users\user\Desktop\Doc.exeCode function: 0_2_00A6F5200_2_00A6F520
      Source: C:\Users\user\Desktop\Doc.exeCode function: 0_2_00A5C5600_2_00A5C560
      Source: C:\Users\user\Desktop\Doc.exeCode function: 0_2_00A805600_2_00A80560
      Source: C:\Users\user\Desktop\Doc.exeCode function: 0_2_00A77EC00_2_00A77EC0
      Source: C:\Users\user\Desktop\Doc.exeCode function: 0_2_00A63E600_2_00A63E60
      Source: C:\Users\user\Desktop\Doc.exeCode function: 0_2_00A56E400_2_00A56E40
      Source: C:\Users\user\Desktop\Doc.exeCode function: 0_2_00A68F800_2_00A68F80
      Source: C:\Users\user\Desktop\Doc.exeCode function: 0_2_00A85FE00_2_00A85FE0
      Source: C:\Users\user\Desktop\Doc.exeCode function: 0_2_00A597400_2_00A59740
      Source: C:\Users\user\Desktop\Doc.exeCode function: String function: 00A82BC0 appears 305 times
      Source: C:\Users\user\Desktop\Doc.exeCode function: String function: 00A97340 appears 37 times
      Source: Doc.exe, type: SAMPLEMatched rule: Multi_Trojan_Bishopsliver_42298c4a reference_sample = 3b45aae401ac64c055982b5f3782a3c4c892bdb9f9a5531657d50c27497c8007, os = multi, severity = x86, creation_date = 2021-10-20, scan_context = file, memory, license = Elastic License v2, threat_name = Multi.Trojan.Bishopsliver, fingerprint = 0734b090ea10abedef4d9ed48d45c834dd5cf8e424886a5be98e484f69c5e12a, id = 42298c4a-fcea-4c5a-b213-32db00e4eb5a, last_modified = 2022-01-14
      Source: Doc.exe, type: SAMPLEMatched rule: INDICATOR_TOOL_Sliver author = ditekSHen, description = Detects Sliver implant cross-platform adversary emulation/red team
      Source: 0.2.Doc.exe.a50000.0.unpack, type: UNPACKEDPEMatched rule: Multi_Trojan_Bishopsliver_42298c4a reference_sample = 3b45aae401ac64c055982b5f3782a3c4c892bdb9f9a5531657d50c27497c8007, os = multi, severity = x86, creation_date = 2021-10-20, scan_context = file, memory, license = Elastic License v2, threat_name = Multi.Trojan.Bishopsliver, fingerprint = 0734b090ea10abedef4d9ed48d45c834dd5cf8e424886a5be98e484f69c5e12a, id = 42298c4a-fcea-4c5a-b213-32db00e4eb5a, last_modified = 2022-01-14
      Source: 0.2.Doc.exe.a50000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_TOOL_Sliver author = ditekSHen, description = Detects Sliver implant cross-platform adversary emulation/red team
      Source: 0.0.Doc.exe.a50000.0.unpack, type: UNPACKEDPEMatched rule: Multi_Trojan_Bishopsliver_42298c4a reference_sample = 3b45aae401ac64c055982b5f3782a3c4c892bdb9f9a5531657d50c27497c8007, os = multi, severity = x86, creation_date = 2021-10-20, scan_context = file, memory, license = Elastic License v2, threat_name = Multi.Trojan.Bishopsliver, fingerprint = 0734b090ea10abedef4d9ed48d45c834dd5cf8e424886a5be98e484f69c5e12a, id = 42298c4a-fcea-4c5a-b213-32db00e4eb5a, last_modified = 2022-01-14
      Source: 0.0.Doc.exe.a50000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_TOOL_Sliver author = ditekSHen, description = Detects Sliver implant cross-platform adversary emulation/red team
      Source: 00000000.00000002.2910387662.00000000015C5000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Multi_Trojan_Bishopsliver_42298c4a reference_sample = 3b45aae401ac64c055982b5f3782a3c4c892bdb9f9a5531657d50c27497c8007, os = multi, severity = x86, creation_date = 2021-10-20, scan_context = file, memory, license = Elastic License v2, threat_name = Multi.Trojan.Bishopsliver, fingerprint = 0734b090ea10abedef4d9ed48d45c834dd5cf8e424886a5be98e484f69c5e12a, id = 42298c4a-fcea-4c5a-b213-32db00e4eb5a, last_modified = 2022-01-14
      Source: 00000000.00000000.1668971259.00000000015C5000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Multi_Trojan_Bishopsliver_42298c4a reference_sample = 3b45aae401ac64c055982b5f3782a3c4c892bdb9f9a5531657d50c27497c8007, os = multi, severity = x86, creation_date = 2021-10-20, scan_context = file, memory, license = Elastic License v2, threat_name = Multi.Trojan.Bishopsliver, fingerprint = 0734b090ea10abedef4d9ed48d45c834dd5cf8e424886a5be98e484f69c5e12a, id = 42298c4a-fcea-4c5a-b213-32db00e4eb5a, last_modified = 2022-01-14
      Source: Process Memory Space: Doc.exe PID: 7440, type: MEMORYSTRMatched rule: Multi_Trojan_Bishopsliver_42298c4a reference_sample = 3b45aae401ac64c055982b5f3782a3c4c892bdb9f9a5531657d50c27497c8007, os = multi, severity = x86, creation_date = 2021-10-20, scan_context = file, memory, license = Elastic License v2, threat_name = Multi.Trojan.Bishopsliver, fingerprint = 0734b090ea10abedef4d9ed48d45c834dd5cf8e424886a5be98e484f69c5e12a, id = 42298c4a-fcea-4c5a-b213-32db00e4eb5a, last_modified = 2022-01-14
      Source: classification engineClassification label: mal76.troj.evad.winEXE@1/1@1/1
      Source: C:\Users\user\Desktop\Doc.exeFile opened: C:\Windows\system32\eaa1ef2ba13537e2451fafb30d9a808a4b8b3ea2665bc603f76bcaf634144697AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJump to behavior
      Source: Doc.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
      Source: C:\Users\user\Desktop\Doc.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
      Source: Doc.exeReversingLabs: Detection: 47%
      Source: C:\Users\user\Desktop\Doc.exeFile read: C:\Users\user\Desktop\Doc.exeJump to behavior
      Source: C:\Users\user\Desktop\Doc.exeSection loaded: apphelp.dllJump to behavior
      Source: C:\Users\user\Desktop\Doc.exeSection loaded: cryptbase.dllJump to behavior
      Source: C:\Users\user\Desktop\Doc.exeSection loaded: winmm.dllJump to behavior
      Source: C:\Users\user\Desktop\Doc.exeSection loaded: powrprof.dllJump to behavior
      Source: C:\Users\user\Desktop\Doc.exeSection loaded: umpdc.dllJump to behavior
      Source: C:\Users\user\Desktop\Doc.exeSection loaded: mswsock.dllJump to behavior
      Source: C:\Users\user\Desktop\Doc.exeSection loaded: dnsapi.dllJump to behavior
      Source: C:\Users\user\Desktop\Doc.exeSection loaded: iphlpapi.dllJump to behavior
      Source: C:\Users\user\Desktop\Doc.exeSection loaded: rasadhlp.dllJump to behavior
      Source: C:\Users\user\Desktop\Doc.exeSection loaded: fwpuclnt.dllJump to behavior
      Source: C:\Users\user\Desktop\Doc.exeSection loaded: userenv.dllJump to behavior
      Source: C:\Users\user\Desktop\Doc.exeSection loaded: profapi.dllJump to behavior
      Source: C:\Users\user\Desktop\Doc.exeSection loaded: netapi32.dllJump to behavior
      Source: C:\Users\user\Desktop\Doc.exeSection loaded: wkscli.dllJump to behavior
      Source: C:\Users\user\Desktop\Doc.exeSection loaded: netutils.dllJump to behavior
      Source: C:\Users\user\Desktop\Doc.exeSection loaded: samcli.dllJump to behavior
      Source: C:\Users\user\Desktop\Doc.exeSection loaded: samlib.dllJump to behavior
      Source: Doc.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
      Source: Doc.exeStatic file information: File size 15875584 > 1048576
      Source: Doc.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x942e00
      Source: Doc.exeStatic PE information: Raw size of .rdata is bigger than: 0x100000 < 0x578200
      Source: Doc.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
      Source: Doc.exeStatic PE information: section name: .symtab
      Source: C:\Users\user\Desktop\Doc.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Doc.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Doc.exeCode function: 0_2_00AAB800 rdtscp0_2_00AAB800
      Source: Doc.exeBinary or memory string: oKDoTiK.AyxenSVcj
      Source: Doc.exe, 00000000.00000002.2913602213.000002216080C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

      Anti Debugging

      barindex
      Potentially malicious time measurement code found
      Source: C:\Users\user\Desktop\Doc.exeCode function: 0_2_00AAB800 Start: 00AAB809 End: 00AAB81F0_2_00AAB800
      Source: C:\Users\user\Desktop\Doc.exeCode function: 0_2_00AAB800 rdtscp0_2_00AAB800
      Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Users\user\Desktop\Doc.exe VolumeInformationJump to behavior

      Stealing of Sensitive Information

      barindex
      Yara detected Sliver Implants
      Source: Yara matchFile source: 00000000.00000002.2912183689.000000C000188000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: Process Memory Space: Doc.exe PID: 7440, type: MEMORYSTR

      Remote Access Functionality

      barindex
      Yara detected Sliver Implants
      Source: Yara matchFile source: 00000000.00000002.2912183689.000000C000188000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: Process Memory Space: Doc.exe PID: 7440, type: MEMORYSTR

      Mitre Att&ck Matrix

      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
      Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
      DLL Side-Loading      		1
      DLL Side-Loading      		1
      Deobfuscate/Decode Files or Information      		11
      Input Capture      		11
      Security Software Discovery      		Remote Services11
      Input Capture      		1
      Encrypted Channel      		Exfiltration Over Other Network MediumAbuse Accessibility Features
      CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
      DLL Side-Loading      		LSASS Memory11
      System Information Discovery      		Remote Desktop Protocol1
      Archive Collected Data      		1
      Non-Standard Port      		Exfiltration Over BluetoothNetwork Denial of Service
      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)2
      Obfuscated Files or Information      		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive1
      Non-Application Layer Protocol      		Automated ExfiltrationData Encrypted for Impact
      Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
      Application Layer Protocol      		Traffic DuplicationData Destruction

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      Doc.exe47%ReversingLabsWin64.Trojan.SliverMarte
      Doc.exe100%Joe Sandbox ML

      Dropped Files

      No Antivirus matches

      Unpacked PE Files

      No Antivirus matches

      Domains

      SourceDetectionScannerLabelLink
      sam.mr0%VirustotalBrowse

      URLs

      No Antivirus matches

      Domains and IPs

      Contacted Domains

      NameIPActiveMaliciousAntivirus DetectionReputation
      sam.mr
      		128.65.199.135
      		truefalseunknown

      World Map of Contacted IPs

      • No. of IPs < 25%
      • 25% < No. of IPs < 50%
      • 50% < No. of IPs < 75%
      • 75% < No. of IPs

      Public IPs

      IPDomainCountryFlagASNASN NameMalicious
      128.65.199.135
      		sam.mrSwitzerland
      		29222INFOMANIAK-ASCHfalse

      General Information

      Joe Sandbox version:41.0.0 Charoite
      Analysis ID:1523125
      Start date and time:2024-10-01 06:38:06 +02:00
      Joe Sandbox product:CloudBasic
      Overall analysis duration:0h 4m 38s
      Hypervisor based Inspection enabled:false
      Report type:full
      Cookbook file name:default.jbs
      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
      Number of analysed new started processes analysed:5
      Number of new started drivers analysed:0
      Number of existing processes analysed:0
      Number of existing drivers analysed:0
      Number of injected processes analysed:0
      Technologies:
      • HCA enabled
      • EGA enabled
      • AMSI enabled
      Analysis Mode:default
      Analysis stop reason:Timeout
      Sample name:Doc.exe
      Detection:MAL
      Classification:mal76.troj.evad.winEXE@1/1@1/1
      EGA Information:Failed
      HCA Information:Failed
      Cookbook Comments:
      • Found application associated with file extension: .exe

      Warnings

      • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
      • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
      • Execution Graph export aborted for target Doc.exe, PID 7440 because there are no executed function
      • Not all processes where analyzed, report is missing behavior information

      Simulations

      Behavior and APIs

      No simulations

      Joe Sandbox View / Context

      IPs

      No context

      Domains

      No context

      ASNs

      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
      INFOMANIAK-ASCHNowe zam#U00f3wienie zakupu pdf.exeGet hashmaliciousFormBookBrowse
      • 84.16.66.164
      TT Application copy.exeGet hashmaliciousFormBookBrowse
      • 128.65.195.180
      eqqjbbjMlt.elfGet hashmaliciousUnknownBrowse
      • 84.16.66.164
      hNX3ktCRra.elfGet hashmaliciousUnknownBrowse
      • 84.16.66.164
      xP1455Elxv.elfGet hashmaliciousMirai, MoobotBrowse
      • 185.176.232.182
      https://i.printboxalgerie.com/chsbb/ch/Get hashmaliciousUnknownBrowse
      • 185.125.25.41
      http://sbb.smartisedesign.com/Get hashmaliciousUnknownBrowse
      • 185.125.25.5
      c5018a3915e8a9de41e083f7936c2d232b9a73ba41c8c07fb7b2d90d5f5d8e8e_dump.exeGet hashmaliciousSystemBCBrowse
      • 83.166.138.62
      TL6bE5Uq4y.exeGet hashmaliciousPureLog Stealer, SystemBCBrowse
      • 83.166.143.44
      3Lf408k9mg.exeGet hashmaliciousPureLog Stealer, SystemBCBrowse
      • 83.166.157.24

      JA3 Fingerprints

      No context

      Dropped Files

      No context

      Created / dropped Files

      \Device\Mup\user-PC\PIPE\samr

      Download File
      Process:C:\Users\user\Desktop\Doc.exe
      File Type:GLS_BINARY_LSB_FIRST
      Category:dropped
      Size (bytes):160
      Entropy (8bit):4.438743916256937
      Encrypted:false
      SSDEEP:3:rmHfvtH//STGlA1yqGlYUGk+ldyHGlgZty:rmHcKtGFlqty
      MD5:E467C82627F5E1524FDB4415AF19FC73
      SHA1:B86E3AA40E9FBED0494375A702EABAF1F2E56F8E
      SHA-256:116CD35961A2345CE210751D677600AADA539A66F046811FA70E1093E01F2540
      SHA-512:2A969893CC713D6388FDC768C009055BE1B35301A811A7E313D1AEEC1F75C88CCDDCD8308017A852093B1310811E90B9DA76B6330AACCF5982437D84F553183A
      Malicious:false
      Reputation:moderate, very likely benign file
      Preview:................................xW4.4.....#Eg.......]..........+.H`........xW4.4.....#Eg......3.qq..7I......6........xW4.4.....#Eg......,..l..@E............

      Static File Info

      General

      File type:PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
      Entropy (8bit):6.12525593465114
      TrID:
      • Win64 Executable (generic) (12005/4) 74.95%
      • Generic Win/DOS Executable (2004/3) 12.51%
      • DOS Executable Generic (2002/1) 12.50%
      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.04%
      File name:Doc.exe
      File size:15'875'584 bytes
      MD5:2746a7120bce30e9230a2e71a9ad909f
      SHA1:506c97a2e62a2c962dbd283b2344e73cac4f8271
      SHA256:4480d314657f84b2f829fb85fe6603c288bd9262e00e752e475c2a315dd2013f
      SHA512:0552f8a0bc9af0b03ab4a0d1b1afc08038aa0fce2b563daf865020414cc5a8c985a55589d8f2af891dd5b302f423bbe05fbfc6889171f74e33728b6b4027fc04
      SSDEEP:98304:43pEB59UU/DVSk8V57vYJDysmvezaIaFiP5wvEx5S/8/yKTqEc:gpEBIIV2YJOsmvaaIaFU5wsxgU/yH
      TLSH:DFF62C03E89611D5C4E9D1B089258272B970386C1B7933DB3BA5F7B42B327E05FBA791
      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d........<........"...........................@..............................`............`... ............................

      File Icon

      Icon Hash:90cececece8e8eb0

      Static PE Info

      General

      Entrypoint:0x45d0a0
      Entrypoint Section:.text
      Digitally signed:false
      Imagebase:0x400000
      Subsystem:windows gui
      Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, DEBUG_STRIPPED
      DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
      Time Stamp:0x0 [Thu Jan 1 00:00:00 1970 UTC]
      TLS Callbacks:
      CLR (.Net) Version:
      OS Version Major:6
      OS Version Minor:1
      File Version Major:6
      File Version Minor:1
      Subsystem Version Major:6
      Subsystem Version Minor:1
      Import Hash:f0ea7b7844bbc5bfa9bb32efdcea957c

      Entrypoint Preview

      Instruction
      jmp 00007FC730B89460h
      int3
      int3
      int3
      int3
      int3
      int3
      int3
      int3
      int3
      int3
      int3
      int3
      int3
      int3
      int3
      int3
      int3
      int3
      int3
      int3
      int3
      int3
      int3
      int3
      int3
      int3
      int3
      pushfd
      cld
      dec eax
      sub esp, 000000E0h
      dec eax
      mov dword ptr [esp], edi
      dec eax
      mov dword ptr [esp+08h], esi
      dec eax
      mov dword ptr [esp+10h], ebp
      dec eax
      mov dword ptr [esp+18h], ebx
      dec esp
      mov dword ptr [esp+20h], esp
      dec esp
      mov dword ptr [esp+28h], ebp
      dec esp
      mov dword ptr [esp+30h], esi
      dec esp
      mov dword ptr [esp+38h], edi
      movups dqword ptr [esp+40h], xmm6
      movups dqword ptr [esp+50h], xmm7
      inc esp
      movups dqword ptr [esp+60h], xmm0
      inc esp
      movups dqword ptr [esp+70h], xmm1
      inc esp
      movups dqword ptr [esp+00000080h], xmm2
      inc esp
      movups dqword ptr [esp+00000090h], xmm3
      inc esp
      movups dqword ptr [esp+000000A0h], xmm4
      inc esp
      movups dqword ptr [esp+000000B0h], xmm5
      inc esp
      movups dqword ptr [esp+000000C0h], xmm6
      inc esp
      movups dqword ptr [esp+000000D0h], xmm7
      dec eax
      sub esp, 30h
      dec ecx
      mov ebp, ecx
      dec ecx
      mov edi, eax
      dec eax
      mov edx, dword ptr [00EFBB93h]
      dec eax
      mov edx, dword ptr [edx]
      dec eax
      cmp edx, 00000000h
      jne 00007FC730B8D12Eh
      dec eax
      mov eax, 00000000h
      jmp 00007FC730B8D1F3h
      dec eax
      mov edx, dword ptr [edx]
      dec eax

      Data Directories

      NameVirtual AddressVirtual Size Is in Section
      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
      IMAGE_DIRECTORY_ENTRY_IMPORT0xf6d0000x490.idata
      IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
      IMAGE_DIRECTORY_ENTRY_BASERELOC0xf6e0000x26c52.reloc
      IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
      IMAGE_DIRECTORY_ENTRY_IAT0xebd0400x148.data
      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

      Sections

      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
      .text0x10000x942dfd0x942e0024cfd1142cf5ef1cde557551d4e6c91bunknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
      .rdata0x9440000x5781580x578200c6f09c58d59d65f22427926bde3132aaunknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
      .data0xebd0000xaf3500x4120005d8eb8b115b53897dd83f07f2f22bc9False0.3883419805662188data4.776804623524716IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
      .idata0xf6d0000x4900x600894ab5241150f06ca87878224acaf6bfFalse0.3372395833333333data3.6172927131939767IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
      .reloc0xf6e0000x26c520x26e00e427021ec6a780efd307ada8663fb660False0.14090760651125403data5.443966304282102IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
      .symtab0xf950000x40x20007b5472d347d42780469fb2654b7fc54False0.02734375data0.020393135236084953IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

      Imports

      DLLImport
      kernel32.dllWriteFile, WriteConsoleW, WaitForMultipleObjects, WaitForSingleObject, VirtualQuery, VirtualFree, VirtualAlloc, TlsAlloc, SwitchToThread, SuspendThread, SetWaitableTimer, SetUnhandledExceptionFilter, SetProcessPriorityBoost, SetEvent, SetErrorMode, SetConsoleCtrlHandler, ResumeThread, PostQueuedCompletionStatus, LoadLibraryA, LoadLibraryW, SetThreadContext, GetThreadContext, GetSystemInfo, GetSystemDirectoryA, GetStdHandle, GetQueuedCompletionStatusEx, GetProcessAffinityMask, GetProcAddress, GetEnvironmentStringsW, GetConsoleMode, FreeEnvironmentStringsW, ExitProcess, DuplicateHandle, CreateWaitableTimerExW, CreateThread, CreateIoCompletionPort, CreateFileA, CreateEventA, CloseHandle, AddVectoredExceptionHandler

      Network Behavior

      Network Port Distribution

      TCP Packets

      TimestampSource PortDest PortSource IPDest IP
      Oct 1, 2024 06:38:57.439121008 CEST497308888192.168.2.4128.65.199.135
      Oct 1, 2024 06:38:57.443926096 CEST888849730128.65.199.135192.168.2.4
      Oct 1, 2024 06:38:57.444096088 CEST497308888192.168.2.4128.65.199.135
      Oct 1, 2024 06:38:57.444324017 CEST497308888192.168.2.4128.65.199.135
      Oct 1, 2024 06:38:57.449073076 CEST888849730128.65.199.135192.168.2.4
      Oct 1, 2024 06:38:58.116525888 CEST888849730128.65.199.135192.168.2.4
      Oct 1, 2024 06:38:58.131820917 CEST497308888192.168.2.4128.65.199.135
      Oct 1, 2024 06:38:58.136795044 CEST888849730128.65.199.135192.168.2.4
      Oct 1, 2024 06:38:58.165620089 CEST497308888192.168.2.4128.65.199.135
      Oct 1, 2024 06:38:58.165620089 CEST497308888192.168.2.4128.65.199.135
      Oct 1, 2024 06:38:58.170499086 CEST888849730128.65.199.135192.168.2.4
      Oct 1, 2024 06:38:58.170511007 CEST888849730128.65.199.135192.168.2.4
      Oct 1, 2024 06:39:13.185779095 CEST497308888192.168.2.4128.65.199.135
      Oct 1, 2024 06:39:13.190579891 CEST888849730128.65.199.135192.168.2.4
      Oct 1, 2024 06:39:28.197055101 CEST497308888192.168.2.4128.65.199.135
      Oct 1, 2024 06:39:28.202380896 CEST888849730128.65.199.135192.168.2.4
      Oct 1, 2024 06:39:43.212713003 CEST497308888192.168.2.4128.65.199.135
      Oct 1, 2024 06:39:43.217746019 CEST888849730128.65.199.135192.168.2.4
      Oct 1, 2024 06:39:58.229110003 CEST497308888192.168.2.4128.65.199.135
      Oct 1, 2024 06:39:58.234149933 CEST888849730128.65.199.135192.168.2.4
      Oct 1, 2024 06:40:13.244899988 CEST497308888192.168.2.4128.65.199.135
      Oct 1, 2024 06:40:13.249845028 CEST888849730128.65.199.135192.168.2.4
      Oct 1, 2024 06:40:28.260337114 CEST497308888192.168.2.4128.65.199.135
      Oct 1, 2024 06:40:28.265764952 CEST888849730128.65.199.135192.168.2.4
      Oct 1, 2024 06:40:43.275983095 CEST497308888192.168.2.4128.65.199.135
      Oct 1, 2024 06:40:43.280924082 CEST888849730128.65.199.135192.168.2.4
      Oct 1, 2024 06:40:58.167192936 CEST497308888192.168.2.4128.65.199.135
      Oct 1, 2024 06:40:58.167192936 CEST497308888192.168.2.4128.65.199.135
      Oct 1, 2024 06:40:58.173755884 CEST888849730128.65.199.135192.168.2.4
      Oct 1, 2024 06:40:58.173770905 CEST888849730128.65.199.135192.168.2.4

      UDP Packets

      TimestampSource PortDest PortSource IPDest IP
      Oct 1, 2024 06:38:57.397265911 CEST6527653192.168.2.41.1.1.1
      Oct 1, 2024 06:38:57.435512066 CEST53652761.1.1.1192.168.2.4

      DNS Queries

      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
      Oct 1, 2024 06:38:57.397265911 CEST192.168.2.41.1.1.10x5d2aStandard query (0)sam.mrA (IP address)IN (0x0001)false

      DNS Answers

      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
      Oct 1, 2024 06:38:57.435512066 CEST1.1.1.1192.168.2.40x5d2aNo error (0)sam.mr128.65.199.135A (IP address)IN (0x0001)false

      Statistics

      CPU Usage

      Click to jump to process

      Memory Usage

      Click to jump to process

      High Level Behavior Distribution

      Click to dive into process behavior distribution

      System Behavior

      General

      Target ID:0
      Start time:00:38:56
      Start date:01/10/2024
      Path:C:\Users\user\Desktop\Doc.exe
      Wow64 process (32bit):false
      Commandline:"C:\Users\user\Desktop\Doc.exe"
      Imagebase:0xa50000
      File size:15'875'584 bytes
      MD5 hash:2746A7120BCE30E9230A2E71A9AD909F
      Has elevated privileges:true
      Has administrator privileges:true
      Programmed in:Go lang
      Yara matches:
      • Rule: JoeSecurity_Sliver, Description: Yara detected Sliver Implants, Source: 00000000.00000002.2912183689.000000C000188000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
      • Rule: Multi_Trojan_Bishopsliver_42298c4a, Description: unknown, Source: 00000000.00000002.2910387662.00000000015C5000.00000002.00000001.01000000.00000003.sdmp, Author: unknown
      • Rule: Multi_Trojan_Bishopsliver_42298c4a, Description: unknown, Source: 00000000.00000000.1668971259.00000000015C5000.00000002.00000001.01000000.00000003.sdmp, Author: unknown
      Reputation:low
      Has exited:false

      Disassembly

      Reset < >

        Non-executed Functions

        Function 00A5C560 Relevance: 8.0, Strings: 6, Instructions: 510COMMON
        Download Yara Rule
        Strings
        • mallocgc called without a P or outside bootstrappingruntime.SetFinalizer: pointer not in allocated blockspan set block with unpopped elements found in resetcompileCallback: argument size is larger than uintptrgcControllerState.findRunnable: blackening not enab, xrefs: 00A5CD3F
        • !"#$%%&&''((()))*++,,,,,------....//////0001123333333333444444444455666677777888888888889999999999::::::;;;;;;;;;;;;;;;;<<<<<<<<<<<<<<<<=====>>>>>>>>>>>??????????@@@@@@@@@@@@@@@@@@@@@@AAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC, xrefs: 00A5C8CD
        • malloc deadlockmisaligned maskmissing mcache?preempt SPWRITErecovery failedruntime error: runtimer: bad pscan missed a gstartm: m has pstopm holding psync.Mutex.Locktraceback stuck, not a function0123456789ABCDEF0123456789abcdefGC scavenge waitGC worker (idle), xrefs: 00A5CD65
        • delayed zeroing on data that may contain pointersfully empty unfreed span set block found in resetinvalid memory address or nil pointer dereferencepanicwrap: unexpected string after package name: runtime.reflect_makemap: unsupported map key typeruntime: unexpe, xrefs: 00A5CCF7
        • malloc during signalnotetsleep not on g0p mcache not flushedreflect.makeFuncStubruntime: double waitselectgo: bad wakeupsemaRoot rotateRighttrace: out of memorywirep: already in goworkbuf is not emptyws2_32.dll not foundExtensionRangeOptionsasync stack too lar, xrefs: 00A5CD50
        • mallocgc called with gcphase == _GCmarkterminationrecursive call during initialization - linker skewruntime: unable to acquire - semaphore out of syncfatal: systemstack called from unexpected goroutinelimiterEvent.stop: invalid limiter event type foundpotentia, xrefs: 00A5CD76
        Memory Dump Source
        • Source File: 00000000.00000002.2909639961.0000000000A51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A50000, based on PE: true
        • Associated: 00000000.00000002.2909617835.0000000000A50000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.0000000001394000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.00000000015BD000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.00000000015C5000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910936888.000000000190D000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910954066.000000000191B000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910966422.000000000191C000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910978367.000000000191D000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910998753.000000000193F000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911011367.0000000001945000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.0000000001948000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.000000000197B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.0000000001981000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.00000000019A8000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.00000000019B0000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911088322.00000000019BD000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911099132.00000000019BE000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_a50000_Doc.jbxd
        Yara matches
        Similarity
        • API ID:
        • String ID: !"#$%%&&''((()))*++,,,,,------....//////0001123333333333444444444455666677777888888888889999999999::::::;;;;;;;;;;;;;;;;<<<<<<<<<<<<<<<<=====>>>>>>>>>>>??????????@@@@@@@@@@@@@@@@@@@@@@AAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC$delayed zeroing on data that may contain pointersfully empty unfreed span set block found in resetinvalid memory address or nil pointer dereferencepanicwrap: unexpected string after package name: runtime.reflect_makemap: unsupported map key typeruntime: unexpe$malloc deadlockmisaligned maskmissing mcache?preempt SPWRITErecovery failedruntime error: runtimer: bad pscan missed a gstartm: m has pstopm holding psync.Mutex.Locktraceback stuck, not a function0123456789ABCDEF0123456789abcdefGC scavenge waitGC worker (idle)$malloc during signalnotetsleep not on g0p mcache not flushedreflect.makeFuncStubruntime: double waitselectgo: bad wakeupsemaRoot rotateRighttrace: out of memorywirep: already in goworkbuf is not emptyws2_32.dll not foundExtensionRangeOptionsasync stack too lar$mallocgc called with gcphase == _GCmarkterminationrecursive call during initialization - linker skewruntime: unable to acquire - semaphore out of syncfatal: systemstack called from unexpected goroutinelimiterEvent.stop: invalid limiter event type foundpotentia$mallocgc called without a P or outside bootstrappingruntime.SetFinalizer: pointer not in allocated blockspan set block with unpopped elements found in resetcompileCallback: argument size is larger than uintptrgcControllerState.findRunnable: blackening not enab
        • API String ID: 0-101214207
        • Opcode ID: dc9822e10e7479fa64547e2a63327ba921544ef04f110d9f9c759d2f68e8d780
        • Instruction ID: 8d702c74f8e9df261f775cf709de5575ca0af7a579c7cfcdf82f143e45217449
        • Opcode Fuzzy Hash: dc9822e10e7479fa64547e2a63327ba921544ef04f110d9f9c759d2f68e8d780
        • Instruction Fuzzy Hash: 6E22C472608B9486DB10CF55E4407AABB71F349BE5F445116EF8D07B99DF78C988CB40
        Function 00A5BBA0 Relevance: 6.6, Strings: 5, Instructions: 349COMMON
        Download Yara Rule
        Strings
        • out of memory allocating heap arena mapruntime: blocked write on free polldescstack growth not allowed in system callsuspendG from non-preemptible goroutinetrailing backslash at end of expressionbulkBarrierPreWrite: unaligned argumentscannot free workbufs when, xrefs: 00A5BF68
        • out of memory allocating allArenasruntime.SetFinalizer: cannot pass runtime: g is running but p is notschedule: spinning with local workslice bounds out of range [%x:%y:]slice bounds out of range [:%x:%y]attempt to clear non-empty span setfindrunnable: netpoll, xrefs: 00A5BF35
        • misrounded allocation in sysAllocruntime: failed to decommit pagesruntime: name offset out of rangeruntime: text offset out of rangeruntime: type offset out of rangeslice bounds out of range [%x:%y]stackalloc not on scheduler stackstoplockedm: inconsistent loc, xrefs: 00A5C23A
        • memory reservation exceeds address space limitpanicwrap: unexpected string after type name: released less than one physical page of memoryruntime: name offset base pointer out of rangeruntime: text offset base pointer out of rangeruntime: type offset base poin, xrefs: 00A5C24B
        • out of memory allocating heap arena metadataspan on userArena.faultList has invalid sizeunsafe.Slice: ptr is nil and len is not zeroexitsyscall: syscall frame is no longer validproduced a trigger greater than the heap goaltransitioning GC to the same state as , xrefs: 00A5BF46
        Memory Dump Source
        • Source File: 00000000.00000002.2909639961.0000000000A51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A50000, based on PE: true
        • Associated: 00000000.00000002.2909617835.0000000000A50000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.0000000001394000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.00000000015BD000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.00000000015C5000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910936888.000000000190D000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910954066.000000000191B000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910966422.000000000191C000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910978367.000000000191D000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910998753.000000000193F000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911011367.0000000001945000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.0000000001948000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.000000000197B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.0000000001981000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.00000000019A8000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.00000000019B0000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911088322.00000000019BD000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911099132.00000000019BE000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_a50000_Doc.jbxd
        Yara matches
        Similarity
        • API ID:
        • String ID: memory reservation exceeds address space limitpanicwrap: unexpected string after type name: released less than one physical page of memoryruntime: name offset base pointer out of rangeruntime: text offset base pointer out of rangeruntime: type offset base poin$misrounded allocation in sysAllocruntime: failed to decommit pagesruntime: name offset out of rangeruntime: text offset out of rangeruntime: type offset out of rangeslice bounds out of range [%x:%y]stackalloc not on scheduler stackstoplockedm: inconsistent loc$out of memory allocating allArenasruntime.SetFinalizer: cannot pass runtime: g is running but p is notschedule: spinning with local workslice bounds out of range [%x:%y:]slice bounds out of range [:%x:%y]attempt to clear non-empty span setfindrunnable: netpoll$out of memory allocating heap arena mapruntime: blocked write on free polldescstack growth not allowed in system callsuspendG from non-preemptible goroutinetrailing backslash at end of expressionbulkBarrierPreWrite: unaligned argumentscannot free workbufs when$out of memory allocating heap arena metadataspan on userArena.faultList has invalid sizeunsafe.Slice: ptr is nil and len is not zeroexitsyscall: syscall frame is no longer validproduced a trigger greater than the heap goaltransitioning GC to the same state as
        • API String ID: 0-1643033615
        • Opcode ID: a4248ebfdf85c730763d02c1d949f8fe23a6c1c6c497fabfc3e01d5e6279d09d
        • Instruction ID: e436fc90fcdf92c4033a24756886d749ea47e362986357757227bad9c724c895
        • Opcode Fuzzy Hash: a4248ebfdf85c730763d02c1d949f8fe23a6c1c6c497fabfc3e01d5e6279d09d
        • Instruction Fuzzy Hash: 86F1A832619B8482DB60CB52F4503EAB7A5F789BA5F448226EFAD53789DF3CC448C750
        Function 00A68F80 Relevance: 5.5, Strings: 4, Instructions: 545COMMON
        Download Yara Rule
        Strings
        • gcinggnamegroupgscanhchanhost@hostshttpsimap2imap3imapsint16int32int64json=kind=labelmatchmheapmkdirmonthmtimename=ndr:"no IPntohsoneofpanicparsepop3srangerouterune schedsleepslicesse41sse42ssse3startsudogsweeptext/tls: traceuint8unameusageutf-8valueweak=write, xrefs: 00A69057, 00A6906D
        • failed to set sweep barriergcstopm: not waiting for gcgrowslice: len out of rangeinternal lockOSThread errorinvalid profile bucket typemakechan: size out of rangemakeslice: cap out of rangemakeslice: len out of rangemspan.sweep: bad span stateprogToPointerMask, xrefs: 00A6996C
        • ., xrefs: 00A69666
        • gc done but gcphase != _GCoffgfput: bad status (not Gdead)invalid character class rangeinvalid function symbol tableinvalid length of trace eventneed padding in bucket (elem)notesleep - waitm out of syncruntime.semasleep wait_failedruntime: impossible type kin, xrefs: 00A6997D
        Memory Dump Source
        • Source File: 00000000.00000002.2909639961.0000000000A51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A50000, based on PE: true
        • Associated: 00000000.00000002.2909617835.0000000000A50000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.0000000001394000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.00000000015BD000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.00000000015C5000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910936888.000000000190D000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910954066.000000000191B000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910966422.000000000191C000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910978367.000000000191D000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910998753.000000000193F000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911011367.0000000001945000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.0000000001948000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.000000000197B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.0000000001981000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.00000000019A8000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.00000000019B0000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911088322.00000000019BD000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911099132.00000000019BE000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_a50000_Doc.jbxd
        Yara matches
        Similarity
        • API ID:
        • String ID: .$failed to set sweep barriergcstopm: not waiting for gcgrowslice: len out of rangeinternal lockOSThread errorinvalid profile bucket typemakechan: size out of rangemakeslice: cap out of rangemakeslice: len out of rangemspan.sweep: bad span stateprogToPointerMask$gc done but gcphase != _GCoffgfput: bad status (not Gdead)invalid character class rangeinvalid function symbol tableinvalid length of trace eventneed padding in bucket (elem)notesleep - waitm out of syncruntime.semasleep wait_failedruntime: impossible type kin$gcinggnamegroupgscanhchanhost@hostshttpsimap2imap3imapsint16int32int64json=kind=labelmatchmheapmkdirmonthmtimename=ndr:"no IPntohsoneofpanicparsepop3srangerouterune schedsleepslicesse41sse42ssse3startsudogsweeptext/tls: traceuint8unameusageutf-8valueweak=write
        • API String ID: 0-2811292124
        • Opcode ID: 24df6d184603f0f74b90c3d3122a1cef708b311acbefd7efad755e766bd14afa
        • Instruction ID: 77537b10f341a3f027eefa210b8815172fccb9d3f97979353f922b709af59e72
        • Opcode Fuzzy Hash: 24df6d184603f0f74b90c3d3122a1cef708b311acbefd7efad755e766bd14afa
        • Instruction Fuzzy Hash: F142BC36604B8486EB51CF25E8A03EA73B5F78AB84F859226DA8D53765DF3CC089C741
        Function 00A968C0 Relevance: 3.9, Strings: 3, Instructions: 124COMMON
        Download Yara Rule
        Strings
        • reflect.methodValueCallruntime: internal errorruntime: netpoll faileds.allocCount > s.nelemsschedule: holding locksshrinkstack at bad timespan has no free stacksstack growth after forkwork.nwait > work.nprocbad defer entry in panicbypassed recovery failedcan't, xrefs: 00A9692C
        • reflect.makeFuncStubruntime: double waitselectgo: bad wakeupsemaRoot rotateRighttrace: out of memorywirep: already in goworkbuf is not emptyws2_32.dll not foundExtensionRangeOptionsasync stack too largecheckdead: runnable gconcurrent map writesdefer on system , xrefs: 00A96946
        • reflect mismatchschedule: in cgossh: MAC failureworkbuf is empty0123456789ABCDEFX: missing method GC assist markingbad TinySizeClassentersyscallblockg already scannedgp.waiting != nilkey align too biglocked m0 woke upmark - bad statusmarkBits overflowmissing c, xrefs: 00A96A3E, 00A96A78
        Memory Dump Source
        • Source File: 00000000.00000002.2909639961.0000000000A51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A50000, based on PE: true
        • Associated: 00000000.00000002.2909617835.0000000000A50000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.0000000001394000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.00000000015BD000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.00000000015C5000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910936888.000000000190D000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910954066.000000000191B000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910966422.000000000191C000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910978367.000000000191D000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910998753.000000000193F000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911011367.0000000001945000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.0000000001948000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.000000000197B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.0000000001981000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.00000000019A8000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.00000000019B0000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911088322.00000000019BD000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911099132.00000000019BE000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_a50000_Doc.jbxd
        Yara matches
        Similarity
        • API ID:
        • String ID: reflect mismatchschedule: in cgossh: MAC failureworkbuf is empty0123456789ABCDEFX: missing method GC assist markingbad TinySizeClassentersyscallblockg already scannedgp.waiting != nilkey align too biglocked m0 woke upmark - bad statusmarkBits overflowmissing c$reflect.makeFuncStubruntime: double waitselectgo: bad wakeupsemaRoot rotateRighttrace: out of memorywirep: already in goworkbuf is not emptyws2_32.dll not foundExtensionRangeOptionsasync stack too largecheckdead: runnable gconcurrent map writesdefer on system $reflect.methodValueCallruntime: internal errorruntime: netpoll faileds.allocCount > s.nelemsschedule: holding locksshrinkstack at bad timespan has no free stacksstack growth after forkwork.nwait > work.nprocbad defer entry in panicbypassed recovery failedcan't
        • API String ID: 0-3319628484
        • Opcode ID: 4957cf3d78e42e66b0b0c988f00bb0416d37dff60ac6a057461d698bfa66a338
        • Instruction ID: 240fc8a4225e9c0bc4cecc421dc0f42855815e478498ee47802b719e76c90f1c
        • Opcode Fuzzy Hash: 4957cf3d78e42e66b0b0c988f00bb0416d37dff60ac6a057461d698bfa66a338
        • Instruction Fuzzy Hash: D0518177715A40C6CF10DF19E18025EB7A1F788BE4F589226EB9E57BA9CB38C851CB40
        Function 00A56E40 Relevance: 2.9, Strings: 2, Instructions: 418COMMON
        Download Yara Rule
        Strings
        • G waiting list is corruptedaddress not a stack addresscould not find QPC syscallsexpression nests too deeplyfailed to set sweep barriergcstopm: not waiting for gcgrowslice: len out of rangeinternal lockOSThread errorinvalid profile bucket typemakechan: size ou, xrefs: 00A573A4
        • unreachableabi mismatchbad flushGenbad g statusbad g0 stackbad recoverycan't happencas64 failedchan receivedumping heapentersyscallgcBitsArenaslfstack.pushmheapSpecialmspanSpecialself-preemptspanSetSpinesweepWaiterstraceStringsunexpected ) is nil, not , not po, xrefs: 00A56FF0
        Memory Dump Source
        • Source File: 00000000.00000002.2909639961.0000000000A51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A50000, based on PE: true
        • Associated: 00000000.00000002.2909617835.0000000000A50000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.0000000001394000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.00000000015BD000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.00000000015C5000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910936888.000000000190D000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910954066.000000000191B000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910966422.000000000191C000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910978367.000000000191D000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910998753.000000000193F000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911011367.0000000001945000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.0000000001948000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.000000000197B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.0000000001981000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.00000000019A8000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.00000000019B0000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911088322.00000000019BD000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911099132.00000000019BE000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_a50000_Doc.jbxd
        Yara matches
        Similarity
        • API ID:
        • String ID: G waiting list is corruptedaddress not a stack addresscould not find QPC syscallsexpression nests too deeplyfailed to set sweep barriergcstopm: not waiting for gcgrowslice: len out of rangeinternal lockOSThread errorinvalid profile bucket typemakechan: size ou$unreachableabi mismatchbad flushGenbad g statusbad g0 stackbad recoverycan't happencas64 failedchan receivedumping heapentersyscallgcBitsArenaslfstack.pushmheapSpecialmspanSpecialself-preemptspanSetSpinesweepWaiterstraceStringsunexpected ) is nil, not , not po
        • API String ID: 0-3976933040
        • Opcode ID: db2c784a8364adf6e9ba033fc70bc8f551065c4600c69ecc502df92a1f948c4f
        • Instruction ID: b995a344c6e0a9e034bb508ec745100515ac6ca7961c317b8fed4d583272bb87
        • Opcode Fuzzy Hash: db2c784a8364adf6e9ba033fc70bc8f551065c4600c69ecc502df92a1f948c4f
        • Instruction Fuzzy Hash: A102CD72718B8486DB60DB26E5403AEB7A1F789BC1F989025DF8C57B5ACF39C449C740
        Function 00A560A0 Relevance: 2.9, Strings: 2, Instructions: 381COMMON
        Download Yara Rule
        Strings
        • G waiting list is corruptedaddress not a stack addresscould not find QPC syscallsexpression nests too deeplyfailed to set sweep barriergcstopm: not waiting for gcgrowslice: len out of rangeinternal lockOSThread errorinvalid profile bucket typemakechan: size ou, xrefs: 00A56686
        • unreachableabi mismatchbad flushGenbad g statusbad g0 stackbad recoverycan't happencas64 failedchan receivedumping heapentersyscallgcBitsArenaslfstack.pushmheapSpecialmspanSpecialself-preemptspanSetSpinesweepWaiterstraceStringsunexpected ) is nil, not , not po, xrefs: 00A5619B
        Memory Dump Source
        • Source File: 00000000.00000002.2909639961.0000000000A51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A50000, based on PE: true
        • Associated: 00000000.00000002.2909617835.0000000000A50000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.0000000001394000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.00000000015BD000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.00000000015C5000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910936888.000000000190D000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910954066.000000000191B000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910966422.000000000191C000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910978367.000000000191D000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910998753.000000000193F000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911011367.0000000001945000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.0000000001948000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.000000000197B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.0000000001981000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.00000000019A8000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.00000000019B0000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911088322.00000000019BD000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911099132.00000000019BE000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_a50000_Doc.jbxd
        Yara matches
        Similarity
        • API ID:
        • String ID: G waiting list is corruptedaddress not a stack addresscould not find QPC syscallsexpression nests too deeplyfailed to set sweep barriergcstopm: not waiting for gcgrowslice: len out of rangeinternal lockOSThread errorinvalid profile bucket typemakechan: size ou$unreachableabi mismatchbad flushGenbad g statusbad g0 stackbad recoverycan't happencas64 failedchan receivedumping heapentersyscallgcBitsArenaslfstack.pushmheapSpecialmspanSpecialself-preemptspanSetSpinesweepWaiterstraceStringsunexpected ) is nil, not , not po
        • API String ID: 0-3976933040
        • Opcode ID: 384d41ce52dbb7c07d581ac62edcfa66ea89263c151f378d1289e750c60351c0
        • Instruction ID: 978642fe0d994e8e787b0b471d78f9f25f914e10e5ecba6889b74e6df1d772d6
        • Opcode Fuzzy Hash: 384d41ce52dbb7c07d581ac62edcfa66ea89263c151f378d1289e750c60351c0
        • Instruction Fuzzy Hash: A5F1BE72214B84C6DB10DB25E5403AEB7A1F78ABE5F949225DE9C47BA9CF38C488C750
        Function 00A80560 Relevance: 2.7, Strings: 2, Instructions: 249COMMON
        Download Yara Rule
        Strings
        • runtime.preemptM: duplicatehandle failedruntime: SyscallN has too many argumentsattempted to add zero-sized address rangegcSweep being done but phase is not GCoffmheap.freeSpanLocked - invalid span statemheap.freeSpanLocked - invalid stack freeobjects added ou, xrefs: 00A809AE
        • self-preemptspanSetSpinesweepWaiterstraceStringsunexpected ) is nil, not , not pointerGC sweep waitbad map statedalTLDpSugct?double unlockfilter methodinvalid UTF-8load64 failedmin too largenil stackbaseout of memoryprofMemActiveprofMemFuturetraceStackTabvalue, xrefs: 00A809BF
        Memory Dump Source
        • Source File: 00000000.00000002.2909639961.0000000000A51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A50000, based on PE: true
        • Associated: 00000000.00000002.2909617835.0000000000A50000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.0000000001394000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.00000000015BD000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.00000000015C5000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910936888.000000000190D000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910954066.000000000191B000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910966422.000000000191C000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910978367.000000000191D000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910998753.000000000193F000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911011367.0000000001945000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.0000000001948000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.000000000197B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.0000000001981000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.00000000019A8000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.00000000019B0000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911088322.00000000019BD000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911099132.00000000019BE000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_a50000_Doc.jbxd
        Yara matches
        Similarity
        • API ID:
        • String ID: runtime.preemptM: duplicatehandle failedruntime: SyscallN has too many argumentsattempted to add zero-sized address rangegcSweep being done but phase is not GCoffmheap.freeSpanLocked - invalid span statemheap.freeSpanLocked - invalid stack freeobjects added ou$self-preemptspanSetSpinesweepWaiterstraceStringsunexpected ) is nil, not , not pointerGC sweep waitbad map statedalTLDpSugct?double unlockfilter methodinvalid UTF-8load64 failedmin too largenil stackbaseout of memoryprofMemActiveprofMemFuturetraceStackTabvalue
        • API String ID: 0-1298296546
        • Opcode ID: 37e8d7791b9945cb27d47092351326421f0a96a2049a037e6164a0e6dfc31099
        • Instruction ID: 9586f4eed99fac0b28900344a0655c75ddd89ae1cc9eed4f37413747fac614c8
        • Opcode Fuzzy Hash: 37e8d7791b9945cb27d47092351326421f0a96a2049a037e6164a0e6dfc31099
        • Instruction Fuzzy Hash: 2FC16D36605F8086CB61DF25E4913AAB770F78AB95F558236DBAC83B95DF38C085CB40
        Function 00A833C0 Relevance: 2.7, Strings: 2, Instructions: 246COMMON
        Download Yara Rule
        Strings
        • invalid g statusmSpanList.insertmSpanList.removemissing stackmapreflect mismatchschedule: in cgossh: MAC failureworkbuf is empty0123456789ABCDEFX: missing method GC assist markingbad TinySizeClassentersyscallblockg already scannedgp.waiting != nilkey align too, xrefs: 00A837D6
        • suspendG from non-preemptible goroutinetrailing backslash at end of expressionbulkBarrierPreWrite: unaligned argumentscannot free workbufs when work.full != 0deferproc: d.panic != nil after newdeferfailed to acquire lock to reset capacityinvalid span in heapAr, xrefs: 00A837E7
        Memory Dump Source
        • Source File: 00000000.00000002.2909639961.0000000000A51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A50000, based on PE: true
        • Associated: 00000000.00000002.2909617835.0000000000A50000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.0000000001394000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.00000000015BD000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.00000000015C5000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910936888.000000000190D000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910954066.000000000191B000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910966422.000000000191C000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910978367.000000000191D000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910998753.000000000193F000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911011367.0000000001945000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.0000000001948000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.000000000197B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.0000000001981000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.00000000019A8000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.00000000019B0000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911088322.00000000019BD000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911099132.00000000019BE000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_a50000_Doc.jbxd
        Yara matches
        Similarity
        • API ID:
        • String ID: invalid g statusmSpanList.insertmSpanList.removemissing stackmapreflect mismatchschedule: in cgossh: MAC failureworkbuf is empty0123456789ABCDEFX: missing method GC assist markingbad TinySizeClassentersyscallblockg already scannedgp.waiting != nilkey align too$suspendG from non-preemptible goroutinetrailing backslash at end of expressionbulkBarrierPreWrite: unaligned argumentscannot free workbufs when work.full != 0deferproc: d.panic != nil after newdeferfailed to acquire lock to reset capacityinvalid span in heapAr
        • API String ID: 0-3430136995
        • Opcode ID: 8cb2508e9f288d5cdb3b516743ca32e29e5f23447a8def1ec3d39d3926681770
        • Instruction ID: 246e0e6e62884b9d84bd67b48c585ecec4f828e360683db95ecd240a34e7bccd
        • Opcode Fuzzy Hash: 8cb2508e9f288d5cdb3b516743ca32e29e5f23447a8def1ec3d39d3926681770
        • Instruction Fuzzy Hash: C0A17D77609B8086CB14EB26E04076ABB71F78AFD0F588166EF9913B99DB38C541CB40
        Function 00A85FE0 Relevance: 2.7, Strings: 2, Instructions: 237COMMON
        Download Yara Rule
        Strings
        • casgstatus: waiting for Gwaiting but is Grunnabledelayed zeroing on data that may contain pointersfully empty unfreed span set block found in resetinvalid memory address or nil pointer dereferencepanicwrap: unexpected string after package name: runtime.reflect, xrefs: 00A86365
        • casgstatus: bad incoming valuescheckmark found unmarked objectinternal error - misuse of itabnon in-use span in unswept listresetspinning: not a spinning mruntime: cannot allocate memoryruntime: failed to commit pagesslice bounds out of range [%x:]slice bounds, xrefs: 00A86394
        Memory Dump Source
        • Source File: 00000000.00000002.2909639961.0000000000A51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A50000, based on PE: true
        • Associated: 00000000.00000002.2909617835.0000000000A50000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.0000000001394000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.00000000015BD000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.00000000015C5000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910936888.000000000190D000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910954066.000000000191B000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910966422.000000000191C000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910978367.000000000191D000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910998753.000000000193F000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911011367.0000000001945000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.0000000001948000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.000000000197B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.0000000001981000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.00000000019A8000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.00000000019B0000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911088322.00000000019BD000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911099132.00000000019BE000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_a50000_Doc.jbxd
        Yara matches
        Similarity
        • API ID:
        • String ID: casgstatus: bad incoming valuescheckmark found unmarked objectinternal error - misuse of itabnon in-use span in unswept listresetspinning: not a spinning mruntime: cannot allocate memoryruntime: failed to commit pagesslice bounds out of range [%x:]slice bounds$casgstatus: waiting for Gwaiting but is Grunnabledelayed zeroing on data that may contain pointersfully empty unfreed span set block found in resetinvalid memory address or nil pointer dereferencepanicwrap: unexpected string after package name: runtime.reflect
        • API String ID: 0-2061123795
        • Opcode ID: 5349c83920afde1ba41cc9577ecd095c9a4e4ac229a2a3e6958cbc2b5622050f
        • Instruction ID: 0b9f37e98fcbdeb3a9620105b065f1f5611e387581e47f1cc335c84f5ad61858
        • Opcode Fuzzy Hash: 5349c83920afde1ba41cc9577ecd095c9a4e4ac229a2a3e6958cbc2b5622050f
        • Instruction Fuzzy Hash: DCA1A336A09B80C6EB04DB25E08539ABB71F74AB84F548222DF9D43B56DF39C455CB41
        Function 00A94000 Relevance: 1.6, Strings: 1, Instructions: 391COMMON
        Download Yara Rule
        Strings
        • !"#$%%&&''((()))*++,,,,,------....//////0001123333333333444444444455666677777888888888889999999999::::::;;;;;;;;;;;;;;;;<<<<<<<<<<<<<<<<=====>>>>>>>>>>>??????????@@@@@@@@@@@@@@@@@@@@@@AAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC, xrefs: 00A940F0, 00A941D0, 00A942F0, 00A943EE
        Memory Dump Source
        • Source File: 00000000.00000002.2909639961.0000000000A51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A50000, based on PE: true
        • Associated: 00000000.00000002.2909617835.0000000000A50000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.0000000001394000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.00000000015BD000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.00000000015C5000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910936888.000000000190D000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910954066.000000000191B000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910966422.000000000191C000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910978367.000000000191D000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910998753.000000000193F000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911011367.0000000001945000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.0000000001948000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.000000000197B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.0000000001981000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.00000000019A8000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.00000000019B0000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911088322.00000000019BD000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911099132.00000000019BE000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_a50000_Doc.jbxd
        Yara matches
        Similarity
        • API ID:
        • String ID: !"#$%%&&''((()))*++,,,,,------....//////0001123333333333444444444455666677777888888888889999999999::::::;;;;;;;;;;;;;;;;<<<<<<<<<<<<<<<<=====>>>>>>>>>>>??????????@@@@@@@@@@@@@@@@@@@@@@AAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC
        • API String ID: 0-2911004680
        • Opcode ID: 8b853f89a8ec5f8743531fbcdd3a3767a9f099eb0b5e0de27691410b7e27ee43
        • Instruction ID: e21e49e1f628a5e5ff4bae53723d1cd6ba5227c46df077cc923a4a8197be748f
        • Opcode Fuzzy Hash: 8b853f89a8ec5f8743531fbcdd3a3767a9f099eb0b5e0de27691410b7e27ee43
        • Instruction Fuzzy Hash: 91E1C6B2704B8486DE14CB42E6107E9A6A3F799BD0F448122EB5E07B99EF7CC496C740
        Function 00A775A0 Relevance: 1.6, Strings: 1, Instructions: 346COMMON
        Download Yara Rule
        Strings
        • bad summary databad symbol tablecastogscanstatusgc: unswept spaninteger overflowinvalid checksuminvalid g statusmSpanList.insertmSpanList.removemissing stackmapreflect mismatchschedule: in cgossh: MAC failureworkbuf is empty0123456789ABCDEFX: missing method GC, xrefs: 00A77845, 00A77B67
        Memory Dump Source
        • Source File: 00000000.00000002.2909639961.0000000000A51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A50000, based on PE: true
        • Associated: 00000000.00000002.2909617835.0000000000A50000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.0000000001394000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.00000000015BD000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.00000000015C5000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910936888.000000000190D000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910954066.000000000191B000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910966422.000000000191C000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910978367.000000000191D000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910998753.000000000193F000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911011367.0000000001945000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.0000000001948000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.000000000197B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.0000000001981000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.00000000019A8000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.00000000019B0000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911088322.00000000019BD000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911099132.00000000019BE000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_a50000_Doc.jbxd
        Yara matches
        Similarity
        • API ID:
        • String ID: bad summary databad symbol tablecastogscanstatusgc: unswept spaninteger overflowinvalid checksuminvalid g statusmSpanList.insertmSpanList.removemissing stackmapreflect mismatchschedule: in cgossh: MAC failureworkbuf is empty0123456789ABCDEFX: missing method GC
        • API String ID: 0-3708075424
        • Opcode ID: 3a3a3506e7dbc5eb8cd70c2191694e89a984e4fbd361a095f5ee938ccd7827fa
        • Instruction ID: 6a11b3855293e6d286b89418689558743474d601918696df878ea6f3437a7a76
        • Opcode Fuzzy Hash: 3a3a3506e7dbc5eb8cd70c2191694e89a984e4fbd361a095f5ee938ccd7827fa
        • Instruction Fuzzy Hash: 8AD18A77718BC482DB20CB56E8407AEA325F399BC0F548126EE9E57B59DF78C545CB00
        Function 00A74980 Relevance: 1.6, Strings: 1, Instructions: 324COMMON
        Download Yara Rule
        Strings
        • grew heap, but no adequate free space foundmethodValueCallFrameObjs is not in a modulenon in-use span found with specials bit setroot level max pages doesn't fit in summaryruntime.SetFinalizer: finalizer already setruntime.SetFinalizer: first argument is nilru, xrefs: 00A74EC9
        Memory Dump Source
        • Source File: 00000000.00000002.2909639961.0000000000A51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A50000, based on PE: true
        • Associated: 00000000.00000002.2909617835.0000000000A50000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.0000000001394000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.00000000015BD000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.00000000015C5000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910936888.000000000190D000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910954066.000000000191B000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910966422.000000000191C000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910978367.000000000191D000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910998753.000000000193F000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911011367.0000000001945000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.0000000001948000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.000000000197B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.0000000001981000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.00000000019A8000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.00000000019B0000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911088322.00000000019BD000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911099132.00000000019BE000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_a50000_Doc.jbxd
        Yara matches
        Similarity
        • API ID:
        • String ID: grew heap, but no adequate free space foundmethodValueCallFrameObjs is not in a modulenon in-use span found with specials bit setroot level max pages doesn't fit in summaryruntime.SetFinalizer: finalizer already setruntime.SetFinalizer: first argument is nilru
        • API String ID: 0-3933224645
        • Opcode ID: a0725d7db35165822b1e66cf7cd792ad72f914dbf8f27466009bbb908dbe0227
        • Instruction ID: 610ecfcd412b21688693a4b097044f13a68693512c285b3d26b5d00fc38d7fca
        • Opcode Fuzzy Hash: a0725d7db35165822b1e66cf7cd792ad72f914dbf8f27466009bbb908dbe0227
        • Instruction Fuzzy Hash: DCE14B72309B8485DB60CB25E8903AAB765F78ABD0F59D126EE8D43B69DF38C454CB40
        Function 00A96AA0 Relevance: 1.5, Strings: 1, Instructions: 243COMMON
        Download Yara Rule
        Strings
        • bad symbol tablecastogscanstatusgc: unswept spaninteger overflowinvalid checksuminvalid g statusmSpanList.insertmSpanList.removemissing stackmapreflect mismatchschedule: in cgossh: MAC failureworkbuf is empty0123456789ABCDEFX: missing method GC assist markingb, xrefs: 00A96DB3, 00A96DE6
        Memory Dump Source
        • Source File: 00000000.00000002.2909639961.0000000000A51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A50000, based on PE: true
        • Associated: 00000000.00000002.2909617835.0000000000A50000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.0000000001394000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.00000000015BD000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.00000000015C5000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910936888.000000000190D000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910954066.000000000191B000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910966422.000000000191C000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910978367.000000000191D000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910998753.000000000193F000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911011367.0000000001945000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.0000000001948000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.000000000197B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.0000000001981000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.00000000019A8000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.00000000019B0000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911088322.00000000019BD000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911099132.00000000019BE000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_a50000_Doc.jbxd
        Yara matches
        Similarity
        • API ID:
        • String ID: bad symbol tablecastogscanstatusgc: unswept spaninteger overflowinvalid checksuminvalid g statusmSpanList.insertmSpanList.removemissing stackmapreflect mismatchschedule: in cgossh: MAC failureworkbuf is empty0123456789ABCDEFX: missing method GC assist markingb
        • API String ID: 0-989636611
        • Opcode ID: 19ed0b6d3609e1f77d6902ec1ff44e29f780319e9d096894a8f20d4ac6a51e70
        • Instruction ID: c277f6444f62003042c11f62220cfea9bcdfd17f6023f644e74ab466eb79e459
        • Opcode Fuzzy Hash: 19ed0b6d3609e1f77d6902ec1ff44e29f780319e9d096894a8f20d4ac6a51e70
        • Instruction Fuzzy Hash: A991DE76708A9086CF14DF25E14039AB7B2FB89BC0FA99111EF9D57B58EB78C941CB40
        Function 00A63E60 Relevance: 1.5, Strings: 1, Instructions: 219COMMON
        Download Yara Rule
        Strings
        • bulkBarrierPreWrite: unaligned argumentscannot free workbufs when work.full != 0deferproc: d.panic != nil after newdeferfailed to acquire lock to reset capacityinvalid span in heapArena for user arenamarkWorkerStop: unknown mark worker modemust be able to trac, xrefs: 00A6414F
        Memory Dump Source
        • Source File: 00000000.00000002.2909639961.0000000000A51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A50000, based on PE: true
        • Associated: 00000000.00000002.2909617835.0000000000A50000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.0000000001394000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.00000000015BD000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.00000000015C5000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910936888.000000000190D000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910954066.000000000191B000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910966422.000000000191C000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910978367.000000000191D000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910998753.000000000193F000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911011367.0000000001945000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.0000000001948000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.000000000197B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.0000000001981000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.00000000019A8000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.00000000019B0000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911088322.00000000019BD000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911099132.00000000019BE000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_a50000_Doc.jbxd
        Yara matches
        Similarity
        • API ID:
        • String ID: bulkBarrierPreWrite: unaligned argumentscannot free workbufs when work.full != 0deferproc: d.panic != nil after newdeferfailed to acquire lock to reset capacityinvalid span in heapArena for user arenamarkWorkerStop: unknown mark worker modemust be able to trac
        • API String ID: 0-2536305361
        • Opcode ID: 59260dfba2759dab297a6696fca30260bbf64318a5f8e175db3f4a63adf324fc
        • Instruction ID: 380c64e68f030ed86ab4179251af273954a48386ce0d89c6c776b3f66ce9809e
        • Opcode Fuzzy Hash: 59260dfba2759dab297a6696fca30260bbf64318a5f8e175db3f4a63adf324fc
        • Instruction Fuzzy Hash: 9D71ACB7A09B94C2DB149F56E50039EA7B6F799BC0F549426EF8807B19DF78C4A1C700
        Function 00A79120 Relevance: 1.4, Strings: 1, Instructions: 172COMMON
        Download Yara Rule
        Strings
        • bad summary databad symbol tablecastogscanstatusgc: unswept spaninteger overflowinvalid checksuminvalid g statusmSpanList.insertmSpanList.removemissing stackmapreflect mismatchschedule: in cgossh: MAC failureworkbuf is empty0123456789ABCDEFX: missing method GC, xrefs: 00A793A6
        Memory Dump Source
        • Source File: 00000000.00000002.2909639961.0000000000A51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A50000, based on PE: true
        • Associated: 00000000.00000002.2909617835.0000000000A50000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.0000000001394000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.00000000015BD000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.00000000015C5000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910936888.000000000190D000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910954066.000000000191B000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910966422.000000000191C000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910978367.000000000191D000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910998753.000000000193F000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911011367.0000000001945000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.0000000001948000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.000000000197B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.0000000001981000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.00000000019A8000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.00000000019B0000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911088322.00000000019BD000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911099132.00000000019BE000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_a50000_Doc.jbxd
        Yara matches
        Similarity
        • API ID:
        • String ID: bad summary databad symbol tablecastogscanstatusgc: unswept spaninteger overflowinvalid checksuminvalid g statusmSpanList.insertmSpanList.removemissing stackmapreflect mismatchschedule: in cgossh: MAC failureworkbuf is empty0123456789ABCDEFX: missing method GC
        • API String ID: 0-3708075424
        • Opcode ID: de26168e64273df489025a003655d08637440ed7238d38393a291c92008ef4c6
        • Instruction ID: 4a11d3c5961ad32830629f1c56f9a27cc348e672a96ab2b6a161914dbe3b5459
        • Opcode Fuzzy Hash: de26168e64273df489025a003655d08637440ed7238d38393a291c92008ef4c6
        • Instruction Fuzzy Hash: 8051CFB7610B8882DB109F55E4403DEA761F78ABE0F449226EFAD1779ACB78C494C740
        Function 00A64B40 Relevance: .3, Instructions: 327COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000000.00000002.2909639961.0000000000A51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A50000, based on PE: true
        • Associated: 00000000.00000002.2909617835.0000000000A50000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.0000000001394000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.00000000015BD000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.00000000015C5000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910936888.000000000190D000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910954066.000000000191B000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910966422.000000000191C000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910978367.000000000191D000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910998753.000000000193F000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911011367.0000000001945000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.0000000001948000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.000000000197B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.0000000001981000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.00000000019A8000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.00000000019B0000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911088322.00000000019BD000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911099132.00000000019BE000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_a50000_Doc.jbxd
        Yara matches
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: c649b3c172b4b247aa5a07cff3016b675e172a6289f4f4fc084141e5b176f78f
        • Instruction ID: 76e356067f3ec2e8a50007f69dda471c8950a803f2b35f8dac9807bba45728ff
        • Opcode Fuzzy Hash: c649b3c172b4b247aa5a07cff3016b675e172a6289f4f4fc084141e5b176f78f
        • Instruction Fuzzy Hash: 74C145B6709BC485CA609B56F9407AAA775F38AFD0F488126EF9D67B58CF38C450CB40
        Function 00A56980 Relevance: .3, Instructions: 260COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000000.00000002.2909639961.0000000000A51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A50000, based on PE: true
        • Associated: 00000000.00000002.2909617835.0000000000A50000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.0000000001394000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.00000000015BD000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.00000000015C5000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910936888.000000000190D000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910954066.000000000191B000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910966422.000000000191C000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910978367.000000000191D000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910998753.000000000193F000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911011367.0000000001945000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.0000000001948000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.000000000197B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.0000000001981000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.00000000019A8000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.00000000019B0000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911088322.00000000019BD000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911099132.00000000019BE000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_a50000_Doc.jbxd
        Yara matches
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: a491cfc45f28e1e04a7c273c520a2207ac9ca6a6ce5fd626d260b69c24e846f8
        • Instruction ID: edbfdf88c095b6a6bc6d793bd2938463416513c3e054f9396c8ad2d816fd18d9
        • Opcode Fuzzy Hash: a491cfc45f28e1e04a7c273c520a2207ac9ca6a6ce5fd626d260b69c24e846f8
        • Instruction Fuzzy Hash: C7B1DE32705B88C6DB10CB15E6403AAB371FB86BC5F989526DE8E07B55DF39C499C390
        Function 00A77120 Relevance: .2, Instructions: 207COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000000.00000002.2909639961.0000000000A51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A50000, based on PE: true
        • Associated: 00000000.00000002.2909617835.0000000000A50000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.0000000001394000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.00000000015BD000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.00000000015C5000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910936888.000000000190D000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910954066.000000000191B000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910966422.000000000191C000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910978367.000000000191D000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910998753.000000000193F000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911011367.0000000001945000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.0000000001948000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.000000000197B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.0000000001981000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.00000000019A8000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.00000000019B0000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911088322.00000000019BD000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911099132.00000000019BE000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_a50000_Doc.jbxd
        Yara matches
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: c3710b85e2aa183e942ef7525d24f65d15c9b52c3346dcc053194677c1546739
        • Instruction ID: 4fd421fbffb91fb5f4d62cc40a95c0b507625ecc5ab9793850f7fdb3f0666c5a
        • Opcode Fuzzy Hash: c3710b85e2aa183e942ef7525d24f65d15c9b52c3346dcc053194677c1546739
        • Instruction Fuzzy Hash: 69913573618B8482DB108F15F58029EB7A5F78ABE4F549226EBAD53B99CF3CC051CB00
        Function 00A77EC0 Relevance: .2, Instructions: 193COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000000.00000002.2909639961.0000000000A51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A50000, based on PE: true
        • Associated: 00000000.00000002.2909617835.0000000000A50000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.0000000001394000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.00000000015BD000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.00000000015C5000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910936888.000000000190D000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910954066.000000000191B000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910966422.000000000191C000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910978367.000000000191D000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910998753.000000000193F000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911011367.0000000001945000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.0000000001948000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.000000000197B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.0000000001981000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.00000000019A8000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.00000000019B0000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911088322.00000000019BD000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911099132.00000000019BE000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_a50000_Doc.jbxd
        Yara matches
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: a2c13c0e08c090ead6c863d3c153435ef87806bdb93740d8c0f93cf94ecc983c
        • Instruction ID: d555bd232626bddb411b6c34ed5b173386d167d9a81ca223ac63994469a6750e
        • Opcode Fuzzy Hash: a2c13c0e08c090ead6c863d3c153435ef87806bdb93740d8c0f93cf94ecc983c
        • Instruction Fuzzy Hash: 37719E73758B8882DB108F15E8847AAA762F796BC0F58D126EB8D53B9ACF7CC445C740
        Function 00A6BCA0 Relevance: .2, Instructions: 183COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000000.00000002.2909639961.0000000000A51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A50000, based on PE: true
        • Associated: 00000000.00000002.2909617835.0000000000A50000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.0000000001394000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.00000000015BD000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.00000000015C5000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910936888.000000000190D000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910954066.000000000191B000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910966422.000000000191C000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910978367.000000000191D000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910998753.000000000193F000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911011367.0000000001945000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.0000000001948000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.000000000197B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.0000000001981000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.00000000019A8000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.00000000019B0000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911088322.00000000019BD000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911099132.00000000019BE000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_a50000_Doc.jbxd
        Yara matches
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 78e268227c8e683a70fb2228ba6c31f6ac92274c0d2b22dd66da21b7126f3107
        • Instruction ID: 0fdd1322ce125acb07bd363460f837798c9507e28a0b645369378f737b531b11
        • Opcode Fuzzy Hash: 78e268227c8e683a70fb2228ba6c31f6ac92274c0d2b22dd66da21b7126f3107
        • Instruction Fuzzy Hash: D0612832618B8486DB45DF35E5403AAB772F796BD0F489322EA9D93B96DF38C094C710
        Function 00A59740 Relevance: .2, Instructions: 161COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000000.00000002.2909639961.0000000000A51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A50000, based on PE: true
        • Associated: 00000000.00000002.2909617835.0000000000A50000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.0000000001394000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.00000000015BD000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.00000000015C5000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910936888.000000000190D000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910954066.000000000191B000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910966422.000000000191C000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910978367.000000000191D000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910998753.000000000193F000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911011367.0000000001945000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.0000000001948000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.000000000197B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.0000000001981000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.00000000019A8000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.00000000019B0000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911088322.00000000019BD000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911099132.00000000019BE000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_a50000_Doc.jbxd
        Yara matches
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 68253e6a18bad8b2dc1d2c0a64ffd8fca0d9170c77df7e6c8b348a012eec285f
        • Instruction ID: 1c7bd56612b0f3c4727f6b6fcded76afe0a3b95a57675c0880f5e82a07233ede
        • Opcode Fuzzy Hash: 68253e6a18bad8b2dc1d2c0a64ffd8fca0d9170c77df7e6c8b348a012eec285f
        • Instruction Fuzzy Hash: A141C3A6B11A5581AE048F6685200AAA372F74FFD1799A233CF2D7B768C63CD54AC344
        Function 00A98100 Relevance: .2, Instructions: 155COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000000.00000002.2909639961.0000000000A51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A50000, based on PE: true
        • Associated: 00000000.00000002.2909617835.0000000000A50000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.0000000001394000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.00000000015BD000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.00000000015C5000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910936888.000000000190D000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910954066.000000000191B000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910966422.000000000191C000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910978367.000000000191D000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910998753.000000000193F000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911011367.0000000001945000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.0000000001948000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.000000000197B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.0000000001981000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.00000000019A8000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.00000000019B0000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911088322.00000000019BD000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911099132.00000000019BE000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_a50000_Doc.jbxd
        Yara matches
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: c8dd43a2ddb58c2c63f327fd5de1ab3b235b750cba0dd5d5acba9b7a411f7cb0
        • Instruction ID: 2b1f998e0e7547888f916ae96d492570a8888b123c4642881f7f1b913dc46ae4
        • Opcode Fuzzy Hash: c8dd43a2ddb58c2c63f327fd5de1ab3b235b750cba0dd5d5acba9b7a411f7cb0
        • Instruction Fuzzy Hash: AA41E332B04E00CAEF14DF6694813AAA3D1E78A794F984A35DB7D837C7DE7CC4958604
        Function 00A6E260 Relevance: .1, Instructions: 130COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000000.00000002.2909639961.0000000000A51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A50000, based on PE: true
        • Associated: 00000000.00000002.2909617835.0000000000A50000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.0000000001394000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.00000000015BD000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.00000000015C5000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910936888.000000000190D000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910954066.000000000191B000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910966422.000000000191C000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910978367.000000000191D000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910998753.000000000193F000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911011367.0000000001945000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.0000000001948000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.000000000197B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.0000000001981000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.00000000019A8000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.00000000019B0000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911088322.00000000019BD000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911099132.00000000019BE000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_a50000_Doc.jbxd
        Yara matches
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 869957726db35e167b9812d6f0eca1502367366697d6696a68d53c2d048c9f05
        • Instruction ID: 86c002fc19f6964cbb2d98bfd39f801afe0e268f6ca4a7e7e569a87adb42939a
        • Opcode Fuzzy Hash: 869957726db35e167b9812d6f0eca1502367366697d6696a68d53c2d048c9f05
        • Instruction Fuzzy Hash: 6B51DF76618F8489D712DF22A44036AA7B5FBDABC0F08D736AE4D6B725CF38C0918740
        Function 00A6F520 Relevance: .1, Instructions: 108COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000000.00000002.2909639961.0000000000A51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A50000, based on PE: true
        • Associated: 00000000.00000002.2909617835.0000000000A50000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.0000000001394000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.00000000015BD000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.00000000015C5000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910936888.000000000190D000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910954066.000000000191B000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910966422.000000000191C000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910978367.000000000191D000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910998753.000000000193F000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911011367.0000000001945000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.0000000001948000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.000000000197B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.0000000001981000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.00000000019A8000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.00000000019B0000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911088322.00000000019BD000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911099132.00000000019BE000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_a50000_Doc.jbxd
        Yara matches
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 3337b0d68ccc3f6f47928605295d9fbf2e1cab173e2648fc5f8af4e38c4f042e
        • Instruction ID: 27590d0d744af477e6504b76fca32374437004c44f330fa9794283080d24f327
        • Opcode Fuzzy Hash: 3337b0d68ccc3f6f47928605295d9fbf2e1cab173e2648fc5f8af4e38c4f042e
        • Instruction Fuzzy Hash: C6411A72A1BE444ECD07DB3AA5613949227AF93BE4F94C3325D3B772F8EB198446C640
        Function 00A5D120 Relevance: .1, Instructions: 99COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000000.00000002.2909639961.0000000000A51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A50000, based on PE: true
        • Associated: 00000000.00000002.2909617835.0000000000A50000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.0000000001394000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.00000000015BD000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.00000000015C5000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910936888.000000000190D000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910954066.000000000191B000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910966422.000000000191C000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910978367.000000000191D000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910998753.000000000193F000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911011367.0000000001945000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.0000000001948000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.000000000197B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.0000000001981000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.00000000019A8000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.00000000019B0000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911088322.00000000019BD000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911099132.00000000019BE000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_a50000_Doc.jbxd
        Yara matches
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: c45e0e09dd4ac134194b0c70a725079613fcf64121eba0825f65a6ad8c904832
        • Instruction ID: cccf8fca8ebe7372b9e6b1fe58a6d822222ce43e1b8bbbd3bbec45c7adf96429
        • Opcode Fuzzy Hash: c45e0e09dd4ac134194b0c70a725079613fcf64121eba0825f65a6ad8c904832
        • Instruction Fuzzy Hash: 572136B1E25F444ECA47DB3A8800355821ABFA6BC0F58C722BD2F77796E739D0C28240
        Function 00A73CC0 Relevance: .1, Instructions: 78COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000000.00000002.2909639961.0000000000A51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A50000, based on PE: true
        • Associated: 00000000.00000002.2909617835.0000000000A50000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.0000000001394000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.00000000015BD000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.00000000015C5000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910936888.000000000190D000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910954066.000000000191B000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910966422.000000000191C000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910978367.000000000191D000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910998753.000000000193F000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911011367.0000000001945000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.0000000001948000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.000000000197B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.0000000001981000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.00000000019A8000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.00000000019B0000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911088322.00000000019BD000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911099132.00000000019BE000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_a50000_Doc.jbxd
        Yara matches
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 71a12e9eabb772fc0575310b57828dabed6ab1fb65e52157f2d878c7b04d1e74
        • Instruction ID: f94bdf56e2fdc685de4eb5faa93571a4ebbd7030f157af19f0952c15da09f455
        • Opcode Fuzzy Hash: 71a12e9eabb772fc0575310b57828dabed6ab1fb65e52157f2d878c7b04d1e74
        • Instruction Fuzzy Hash: E031837A314B8981DF54CB15E5913EE6761EB84BC4F85C422DE4F07729DE38D64AC740
        Function 00AAB800 Relevance: .0, Instructions: 11COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000000.00000002.2909639961.0000000000A51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A50000, based on PE: true
        • Associated: 00000000.00000002.2909617835.0000000000A50000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.0000000001394000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.00000000015BD000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.00000000015C5000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910936888.000000000190D000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910954066.000000000191B000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910966422.000000000191C000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910978367.000000000191D000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910998753.000000000193F000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911011367.0000000001945000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.0000000001948000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.000000000197B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.0000000001981000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.00000000019A8000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.00000000019B0000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911088322.00000000019BD000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911099132.00000000019BE000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_a50000_Doc.jbxd
        Yara matches
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 5cdc4b02c8c3180fca5d9155587ceb4aaead5442fb6a21de0a8b01193261578d
        • Instruction ID: 654816def89702f6ef39936236810fb5440284a54afdf29b68f6905c1f29391b
        • Opcode Fuzzy Hash: 5cdc4b02c8c3180fca5d9155587ceb4aaead5442fb6a21de0a8b01193261578d
        • Instruction Fuzzy Hash: EFC02BF0917BC628FF90C30871003403AC98F4E3C8DC0C080C2980127ED72C92844264
        Function 00A675C0 Relevance: 12.9, Strings: 10, Instructions: 351COMMON
        Download Yara Rule
        Strings
        • runtime.SetFinalizer: first argument is nilruntime: releaseSudog with non-nil gp.paramunfinished open-coded defers in deferreturnunknown runnable goroutine during bootstrapactive sweepers found at start of mark phasecompileCallback: float results not supported, xrefs: 00A67C6A
        • runtime.SetFinalizer: cannot pass runtime: g is running but p is notschedule: spinning with local workslice bounds out of range [%x:%y:]slice bounds out of range [:%x:%y]attempt to clear non-empty span setfindrunnable: netpoll with spinninggreyobject: obj not , xrefs: 00A67A76, 00A67ACD, 00A67B37
        • because dotdotdotGC worker (active)bad lfnode addressbad manualFreeListchunk out of ordercleantimers: bad pcompression methoddimension overflowelem align too bigforEachP: not donegarbage collectionindex out of rangeruntime.semacreateruntime.semawakeupstopping, xrefs: 00A67AFC
        • to finalizer GC assist waitGC worker initbad allocCountbad restart PCbad span statefinalizer waitkey size wrongnil elem type!no module datanot a PNG filesemaRoot queuestack overflowstopm spinningstore64 failedsync.Cond.WaituserArenaStatework.full != 0bad IEND, xrefs: 00A67A61, 00A67AB8, 00A67B22
        • runtime.SetFinalizer: first argument was allocated into an arenaruntime.SetFinalizer: pointer not at beginning of allocated blockuser arena chunk size is not a mutliple of the physical page sizecannot convert slice with length %y to array or pointer to array w, xrefs: 00A67C13
        • runtime.SetFinalizer: first argument is runtime.preemptM: duplicatehandle failedruntime: SyscallN has too many argumentsattempted to add zero-sized address rangegcSweep being done but phase is not GCoffmheap.freeSpanLocked - invalid span statemheap.freeSpanLoc, xrefs: 00A67C55
        • , not pointerGC sweep waitbad map statedalTLDpSugct?double unlockfilter methodinvalid UTF-8load64 failedmin too largenil stackbaseout of memoryprofMemActiveprofMemFuturetraceStackTabvalue method xadd64 failedxchg64 failed to finalizer GC assist waitGC worker i, xrefs: 00A67C46
        • , not a function0123456789ABCDEF0123456789abcdefGC scavenge waitGC worker (idle)GODEBUG: value "bad g transitionbad special kindbad summary databad symbol tablecastogscanstatusgc: unswept spaninteger overflowinvalid checksuminvalid g statusmSpanList.insertmSpa, xrefs: 00A67B5D
        • runtime.SetFinalizer: second argument is runtime: blocked read on closing polldescruntime: typeBitsBulkBarrier without typestopTheWorld: not stopped (stopwait != 0)acquireSudog: found s.elem != nil in cachefatal error: cgo callback before cgo callnon-empty ma, xrefs: 00A67B6C
        • runtime.SetFinalizer: pointer not in allocated blockspan set block with unpopped elements found in resetcompileCallback: argument size is larger than uintptrgcControllerState.findRunnable: blackening not enabledno goroutines (main called runtime.Goexit) - dead, xrefs: 00A67C02
        Memory Dump Source
        • Source File: 00000000.00000002.2909639961.0000000000A51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A50000, based on PE: true
        • Associated: 00000000.00000002.2909617835.0000000000A50000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.0000000001394000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.00000000015BD000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.00000000015C5000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910936888.000000000190D000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910954066.000000000191B000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910966422.000000000191C000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910978367.000000000191D000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910998753.000000000193F000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911011367.0000000001945000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.0000000001948000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.000000000197B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.0000000001981000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.00000000019A8000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.00000000019B0000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911088322.00000000019BD000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911099132.00000000019BE000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_a50000_Doc.jbxd
        Yara matches
        Similarity
        • API ID:
        • String ID: because dotdotdotGC worker (active)bad lfnode addressbad manualFreeListchunk out of ordercleantimers: bad pcompression methoddimension overflowelem align too bigforEachP: not donegarbage collectionindex out of rangeruntime.semacreateruntime.semawakeupstopping$ to finalizer GC assist waitGC worker initbad allocCountbad restart PCbad span statefinalizer waitkey size wrongnil elem type!no module datanot a PNG filesemaRoot queuestack overflowstopm spinningstore64 failedsync.Cond.WaituserArenaStatework.full != 0bad IEND$, not a function0123456789ABCDEF0123456789abcdefGC scavenge waitGC worker (idle)GODEBUG: value "bad g transitionbad special kindbad summary databad symbol tablecastogscanstatusgc: unswept spaninteger overflowinvalid checksuminvalid g statusmSpanList.insertmSpa$, not pointerGC sweep waitbad map statedalTLDpSugct?double unlockfilter methodinvalid UTF-8load64 failedmin too largenil stackbaseout of memoryprofMemActiveprofMemFuturetraceStackTabvalue method xadd64 failedxchg64 failed to finalizer GC assist waitGC worker i$runtime.SetFinalizer: cannot pass runtime: g is running but p is notschedule: spinning with local workslice bounds out of range [%x:%y:]slice bounds out of range [:%x:%y]attempt to clear non-empty span setfindrunnable: netpoll with spinninggreyobject: obj not $runtime.SetFinalizer: first argument is nilruntime: releaseSudog with non-nil gp.paramunfinished open-coded defers in deferreturnunknown runnable goroutine during bootstrapactive sweepers found at start of mark phasecompileCallback: float results not supported$runtime.SetFinalizer: first argument is runtime.preemptM: duplicatehandle failedruntime: SyscallN has too many argumentsattempted to add zero-sized address rangegcSweep being done but phase is not GCoffmheap.freeSpanLocked - invalid span statemheap.freeSpanLoc$runtime.SetFinalizer: first argument was allocated into an arenaruntime.SetFinalizer: pointer not at beginning of allocated blockuser arena chunk size is not a mutliple of the physical page sizecannot convert slice with length %y to array or pointer to array w$runtime.SetFinalizer: pointer not in allocated blockspan set block with unpopped elements found in resetcompileCallback: argument size is larger than uintptrgcControllerState.findRunnable: blackening not enabledno goroutines (main called runtime.Goexit) - dead$runtime.SetFinalizer: second argument is runtime: blocked read on closing polldescruntime: typeBitsBulkBarrier without typestopTheWorld: not stopped (stopwait != 0)acquireSudog: found s.elem != nil in cachefatal error: cgo callback before cgo callnon-empty ma
        • API String ID: 0-4046867270
        • Opcode ID: 186f30ab73b2713b0e4bd8876e5781fbd02778fdb59a9bd02849a828c84ce641
        • Instruction ID: 20f523ccc4adc5150b70133628d4c8a0b9c4dc039e59dec56bcddc64ac06d716
        • Opcode Fuzzy Hash: 186f30ab73b2713b0e4bd8876e5781fbd02778fdb59a9bd02849a828c84ce641
        • Instruction Fuzzy Hash: 88F19B32629B84C2EB609F21E4403AEB7B1F785B84F488536DA8D17BA9DF3CC495C710
        Function 00A57A60 Relevance: 12.7, Strings: 10, Instructions: 194COMMON
        Download Yara Rule
        Strings
        • call from unknown functioncorrupted semaphore ticketforEachP: P did not run fnfreedefer with d.fn != nilnegative idle mark workersnotewakeup - double wakeupout of memory (stackalloc)persistentalloc: size == 0shrinking stack in libcallssh: invalid packet length, xrefs: 00A57AAD, 00A57AB9
        • l655, xrefs: 00A57C95
        • debugCal, xrefs: 00A57B52
        • runtime., xrefs: 00A57CB6
        • debugCal, xrefs: 00A57C0E
        • call not at safe pointcompileCallabck: type duplicated defer entryfreeIndex is not validgetenv before env initheadTailIndex overflowinteger divide by zerointerface conversion: kernel32.dll not foundminpc or maxpc invalidnon-positive dimensionoldoverflow is not, xrefs: 00A57D62, 00A57D6E
        • call from within the Go runtimecasgstatus: bad incoming valuescheckmark found unmarked objectinternal error - misuse of itabnon in-use span in unswept listresetspinning: not a spinning mruntime: cannot allocate memoryruntime: failed to commit pagesslice bounds, xrefs: 00A57CDB, 00A57CE7
        • debugCal, xrefs: 00A57C50
        • debugCal, xrefs: 00A57BB8
        • debugCal, xrefs: 00A57AF3
        Memory Dump Source
        • Source File: 00000000.00000002.2909639961.0000000000A51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A50000, based on PE: true
        • Associated: 00000000.00000002.2909617835.0000000000A50000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.0000000001394000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.00000000015BD000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.00000000015C5000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910936888.000000000190D000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910954066.000000000191B000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910966422.000000000191C000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910978367.000000000191D000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910998753.000000000193F000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911011367.0000000001945000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.0000000001948000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.000000000197B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.0000000001981000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.00000000019A8000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.00000000019B0000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911088322.00000000019BD000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911099132.00000000019BE000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_a50000_Doc.jbxd
        Yara matches
        Similarity
        • API ID:
        • String ID: call from unknown functioncorrupted semaphore ticketforEachP: P did not run fnfreedefer with d.fn != nilnegative idle mark workersnotewakeup - double wakeupout of memory (stackalloc)persistentalloc: size == 0shrinking stack in libcallssh: invalid packet length$call from within the Go runtimecasgstatus: bad incoming valuescheckmark found unmarked objectinternal error - misuse of itabnon in-use span in unswept listresetspinning: not a spinning mruntime: cannot allocate memoryruntime: failed to commit pagesslice bounds$call not at safe pointcompileCallabck: type duplicated defer entryfreeIndex is not validgetenv before env initheadTailIndex overflowinteger divide by zerointerface conversion: kernel32.dll not foundminpc or maxpc invalidnon-positive dimensionoldoverflow is not$debugCal$debugCal$debugCal$debugCal$debugCal$l655$runtime.
        • API String ID: 0-3127990129
        • Opcode ID: f8a861cd29758a3460a84f11cc37019ce85a517da09731ef57493a58b250f50b
        • Instruction ID: a236cad5a0e2cea9425c649de8e6e405880e1ba0f37767be24b6050b44a45c54
        • Opcode Fuzzy Hash: f8a861cd29758a3460a84f11cc37019ce85a517da09731ef57493a58b250f50b
        • Instruction Fuzzy Hash: F9716D72A0DA8085DE25DF15E14033D77A1F795BD6F99C426DF4A23724EB78C988C702
        Function 00A584E0 Relevance: 11.4, Strings: 9, Instructions: 167COMMON
        Download Yara Rule
        Strings
        • (types from different packages)WSAGetOverlappedResult not found" not supported for cpu option "invalid limiter event type foundremovespecial on invalid pointerruntime.semasleep wait_abandonedruntime: failed to release pagesruntime: fixalloc size too largerunt, xrefs: 00A58715
        • is nil, not , not pointerGC sweep waitbad map statedalTLDpSugct?double unlockfilter methodinvalid UTF-8load64 failedmin too largenil stackbaseout of memoryprofMemActiveprofMemFuturetraceStackTabvalue method xadd64 failedxchg64 failed to finalizer GC assist wa, xrefs: 00A58844
        • interface conversion: kernel32.dll not foundminpc or maxpc invalidnon-positive dimensionoldoverflow is not nilruntime.main not on m0s.freeindex > s.nelemsscanstack - bad statussend on closed channelspan has no free spacestack not a power of 2trace reader (bloc, xrefs: 00A585BD, 00A58774, 00A58859
        • is on %04x&gt;&lt;) = +Inf-Inf-inf...:.bat.cmd.com.css.exe.gif.htm.jpg.mjs.pdf.png.svg.xml000001000x%x100010803125: %s:464:88*ABRTACDTACSTAEDTAESTAKDTAKSTALRMAWSTAhomArgsAtoiCASECESTCHARCOWSCZARCallChamDATADashEESTEnumFOZYGOGCGrayHKCCHKCRHKCUHKLMHKPDHORNHigh, xrefs: 00A585F2
        • , not , val .local.onion.proto0x%08x390625; and <-chanACARIDALIYOSARGALSASLOPEAnswerArabicAugustBIOGASBOINGSBOSQUEBinaryBitBltBrahmiCANCELCHAKRACHINASCINQUECarianChakmaClosedCommonCopticDREARYEMETINEndDocExpectFieldsFormatFridayGAMMEDGOAWAYGOWANSGUIROSGetACPGo, xrefs: 00A5861D
        • (types from different scopes)GODEBUG: unknown cpu feature "assignment to entry in nil mapcheckdead: inconsistent countsfailed to get system page sizefreedefer with d._panic != nilinvalid pointer found on stackndr:"varying,X-subStringArray"notetsleep - waitm o, xrefs: 00A58734
        • : missing method GC assist markingbad TinySizeClassentersyscallblockg already scannedgp.waiting != nilkey align too biglocked m0 woke upmark - bad statusmarkBits overflowmissing closing )missing closing ]notetsleepg on g0runtime.newosprocruntime/internal/scano, xrefs: 00A587D7
        • is not pointer00000000BAD RANK_UNKNOWNdeadlockpollDescrwmutexRrwmutexWscavengetraceBufatomicor8bad prunechan sendctxt != 0hchanLeafinterfacemSpanDeadmap_entrypanicwaitpclmulqdqpreemptedprofBlockrwxrwxrwxstackpooltracebackwbufSpansBad varintGOMAXPROCSGOMEMLIM, xrefs: 00A5879F
        • interfacemSpanDeadmap_entrypanicwaitpclmulqdqpreemptedprofBlockrwxrwxrwxstackpooltracebackwbufSpansBad varintGOMAXPROCSGOMEMLIMITatomicand8debug callexitThreadfloat32nanfloat64nanmSpanInUsenotifyListprofInsertsemacquirestackLargeunknown pcassistQueuebad m valu, xrefs: 00A5851B
        Memory Dump Source
        • Source File: 00000000.00000002.2909639961.0000000000A51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A50000, based on PE: true
        • Associated: 00000000.00000002.2909617835.0000000000A50000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.0000000001394000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.00000000015BD000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.00000000015C5000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910936888.000000000190D000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910954066.000000000191B000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910966422.000000000191C000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910978367.000000000191D000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910998753.000000000193F000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911011367.0000000001945000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.0000000001948000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.000000000197B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.0000000001981000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.00000000019A8000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.00000000019B0000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911088322.00000000019BD000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911099132.00000000019BE000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_a50000_Doc.jbxd
        Yara matches
        Similarity
        • API ID:
        • String ID: (types from different packages)WSAGetOverlappedResult not found" not supported for cpu option "invalid limiter event type foundremovespecial on invalid pointerruntime.semasleep wait_abandonedruntime: failed to release pagesruntime: fixalloc size too largerunt$ (types from different scopes)GODEBUG: unknown cpu feature "assignment to entry in nil mapcheckdead: inconsistent countsfailed to get system page sizefreedefer with d._panic != nilinvalid pointer found on stackndr:"varying,X-subStringArray"notetsleep - waitm o$ is on %04x&gt;&lt;) = +Inf-Inf-inf...:.bat.cmd.com.css.exe.gif.htm.jpg.mjs.pdf.png.svg.xml000001000x%x100010803125: %s:464:88*ABRTACDTACSTAEDTAESTAKDTAKSTALRMAWSTAhomArgsAtoiCASECESTCHARCOWSCZARCallChamDATADashEESTEnumFOZYGOGCGrayHKCCHKCRHKCUHKLMHKPDHORNHigh$ is nil, not , not pointerGC sweep waitbad map statedalTLDpSugct?double unlockfilter methodinvalid UTF-8load64 failedmin too largenil stackbaseout of memoryprofMemActiveprofMemFuturetraceStackTabvalue method xadd64 failedxchg64 failed to finalizer GC assist wa$ is not pointer00000000BAD RANK_UNKNOWNdeadlockpollDescrwmutexRrwmutexWscavengetraceBufatomicor8bad prunechan sendctxt != 0hchanLeafinterfacemSpanDeadmap_entrypanicwaitpclmulqdqpreemptedprofBlockrwxrwxrwxstackpooltracebackwbufSpansBad varintGOMAXPROCSGOMEMLIM$, not , val .local.onion.proto0x%08x390625; and <-chanACARIDALIYOSARGALSASLOPEAnswerArabicAugustBIOGASBOINGSBOSQUEBinaryBitBltBrahmiCANCELCHAKRACHINASCINQUECarianChakmaClosedCommonCopticDREARYEMETINEndDocExpectFieldsFormatFridayGAMMEDGOAWAYGOWANSGUIROSGetACPGo$: missing method GC assist markingbad TinySizeClassentersyscallblockg already scannedgp.waiting != nilkey align too biglocked m0 woke upmark - bad statusmarkBits overflowmissing closing )missing closing ]notetsleepg on g0runtime.newosprocruntime/internal/scano$interface conversion: kernel32.dll not foundminpc or maxpc invalidnon-positive dimensionoldoverflow is not nilruntime.main not on m0s.freeindex > s.nelemsscanstack - bad statussend on closed channelspan has no free spacestack not a power of 2trace reader (bloc$interfacemSpanDeadmap_entrypanicwaitpclmulqdqpreemptedprofBlockrwxrwxrwxstackpooltracebackwbufSpansBad varintGOMAXPROCSGOMEMLIMITatomicand8debug callexitThreadfloat32nanfloat64nanmSpanInUsenotifyListprofInsertsemacquirestackLargeunknown pcassistQueuebad m valu
        • API String ID: 0-657713465
        • Opcode ID: 0d235fe17ae666898919c2c6f2202caddabddc4a8229135da0e2cea48c8bce93
        • Instruction ID: 897d8b288869334d380bfa57173d8f99eebd936af7d3153d085962f3a9191188
        • Opcode Fuzzy Hash: 0d235fe17ae666898919c2c6f2202caddabddc4a8229135da0e2cea48c8bce93
        • Instruction Fuzzy Hash: BE91E176208BC595DB60DB15F9803DAB3A1F789B84F548026DACC5BB69EF7DC099CB00
        Function 00A51060 Relevance: 9.1, Strings: 7, Instructions: 306COMMON
        Download Yara Rule
        Strings
        • GODEBUG: unknown cpu feature "assignment to entry in nil mapcheckdead: inconsistent countsfailed to get system page sizefreedefer with d._panic != nilinvalid pointer found on stackndr:"varying,X-subStringArray"notetsleep - waitm out of syncrunqputslow: queue i, xrefs: 00A514B5
        • GODEBUG: can not enable "PLTE, color type mismatch_cgo_thread_start missingallgadd: bad status Gidlearena already initializedbad status in shrinkstackbad system huge page sizechansend: spurious wakeupcheckdead: no m for timercheckdead: no p for timermissing st, xrefs: 00A5132C
        • " not supported for cpu option "invalid limiter event type foundremovespecial on invalid pointerruntime.semasleep wait_abandonedruntime: failed to release pagesruntime: fixalloc size too largeruntime: mcall function returnedruntime: stack split at bad timerunt, xrefs: 00A51234
        • GODEBUG: value "bad g transitionbad special kindbad summary databad symbol tablecastogscanstatusgc: unswept spaninteger overflowinvalid checksuminvalid g statusmSpanList.insertmSpanList.removemissing stackmapreflect mismatchschedule: in cgossh: MAC failurework, xrefs: 00A51211
        • ", missing CPU supportchan receive (nil chan)close of closed channelfatal: morestack on g0garbage collection scangcDrain phase incorrectindex out of range [%x]invalid escape sequenceleft over markroot jobsmakechan: bad alignmentmissing type in runfinqnanotim, xrefs: 00A5134C
        • cpu., xrefs: 00A510F3
        • GODEBUG: no value specified for "concurrent map read and map writefindrunnable: negative nmspinningfreeing stack not in a stack spanmin must be a non-zero power of 2misrounded allocation in sysAllocruntime: failed to decommit pagesruntime: name offset out of r, xrefs: 00A51288
        Memory Dump Source
        • Source File: 00000000.00000002.2909639961.0000000000A51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A50000, based on PE: true
        • Associated: 00000000.00000002.2909617835.0000000000A50000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.0000000001394000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.00000000015BD000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.00000000015C5000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910936888.000000000190D000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910954066.000000000191B000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910966422.000000000191C000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910978367.000000000191D000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910998753.000000000193F000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911011367.0000000001945000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.0000000001948000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.000000000197B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.0000000001981000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.00000000019A8000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.00000000019B0000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911088322.00000000019BD000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911099132.00000000019BE000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_a50000_Doc.jbxd
        Yara matches
        Similarity
        • API ID:
        • String ID: " not supported for cpu option "invalid limiter event type foundremovespecial on invalid pointerruntime.semasleep wait_abandonedruntime: failed to release pagesruntime: fixalloc size too largeruntime: mcall function returnedruntime: stack split at bad timerunt$", missing CPU supportchan receive (nil chan)close of closed channelfatal: morestack on g0garbage collection scangcDrain phase incorrectindex out of range [%x]invalid escape sequenceleft over markroot jobsmakechan: bad alignmentmissing type in runfinqnanotim$GODEBUG: can not enable "PLTE, color type mismatch_cgo_thread_start missingallgadd: bad status Gidlearena already initializedbad status in shrinkstackbad system huge page sizechansend: spurious wakeupcheckdead: no m for timercheckdead: no p for timermissing st$GODEBUG: no value specified for "concurrent map read and map writefindrunnable: negative nmspinningfreeing stack not in a stack spanmin must be a non-zero power of 2misrounded allocation in sysAllocruntime: failed to decommit pagesruntime: name offset out of r$GODEBUG: unknown cpu feature "assignment to entry in nil mapcheckdead: inconsistent countsfailed to get system page sizefreedefer with d._panic != nilinvalid pointer found on stackndr:"varying,X-subStringArray"notetsleep - waitm out of syncrunqputslow: queue i$GODEBUG: value "bad g transitionbad special kindbad summary databad symbol tablecastogscanstatusgc: unswept spaninteger overflowinvalid checksuminvalid g statusmSpanList.insertmSpanList.removemissing stackmapreflect mismatchschedule: in cgossh: MAC failurework$cpu.
        • API String ID: 0-511654176
        • Opcode ID: 2e5840b56debf27a28e7eeaafedd2f9ebfc36fafddc84d32f65f4dc373ab0eb6
        • Instruction ID: 32672b4aac850c58e332c4821895cc5c7270eff35a3e823d17f2aa2a21702c78
        • Opcode Fuzzy Hash: 2e5840b56debf27a28e7eeaafedd2f9ebfc36fafddc84d32f65f4dc373ab0eb6
        • Instruction Fuzzy Hash: 9CC1A176708B84C1DB109B61E1503BEAB75F78ABD1F544522EF8E0BB69EB38C849C750
        Function 00A59080 Relevance: 8.9, Strings: 7, Instructions: 170COMMON
        Download Yara Rule
        Strings
        • pointer00000000BAD RANK_UNKNOWNdeadlockpollDescrwmutexRrwmutexWscavengetraceBufatomicor8bad prunechan sendctxt != 0hchanLeafinterfacemSpanDeadmap_entrypanicwaitpclmulqdqpreemptedprofBlockrwxrwxrwxstackpooltracebackwbufSpansBad varintGOMAXPROCSGOMEMLIMITatomic, xrefs: 00A59321
        • panicwrap: no ) in runtime: preempt g0semaRoot rotateLeftstopm holding lockssysMemStat overflowtoo much pixel dataunexpected g statusunknown wait reasonwinmm.dll not foundbad system page sizebad use of bucket.bpbad use of bucket.mpchan send (nil chan)close of , xrefs: 00A5937F
        • panicwrap: no ( in panicwrap: no ) in runtime: preempt g0semaRoot rotateLeftstopm holding lockssysMemStat overflowtoo much pixel dataunexpected g statusunknown wait reasonwinmm.dll not foundbad system page sizebad use of bucket.bpbad use of bucket.mpchan send , xrefs: 00A593C2
        • panicwrap: unexpected string after type name: released less than one physical page of memoryruntime: name offset base pointer out of rangeruntime: text offset base pointer out of rangeruntime: type offset base pointer out of rangeslice bounds out of range [:%x, xrefs: 00A591E8
        • ), xrefs: 00A591AE
        • value method xadd64 failedxchg64 failed to finalizer GC assist waitGC worker initbad allocCountbad restart PCbad span statefinalizer waitkey size wrongnil elem type!no module datanot a PNG filesemaRoot queuestack overflowstopm spinningstore64 failedsync.Cond.W, xrefs: 00A59253
        • panicwrap: unexpected string after package name: runtime.reflect_makemap: unsupported map key typeruntime: unexpected waitm - semaphore out of syncs.allocCount != s.nelems && freeIndex == s.nelemsslice bounds out of range [::%x] with capacity %ysweeper left ou, xrefs: 00A59118
        Memory Dump Source
        • Source File: 00000000.00000002.2909639961.0000000000A51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A50000, based on PE: true
        • Associated: 00000000.00000002.2909617835.0000000000A50000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.0000000001394000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.00000000015BD000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.00000000015C5000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910936888.000000000190D000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910954066.000000000191B000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910966422.000000000191C000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910978367.000000000191D000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910998753.000000000193F000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911011367.0000000001945000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.0000000001948000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.000000000197B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.0000000001981000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.00000000019A8000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.00000000019B0000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911088322.00000000019BD000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911099132.00000000019BE000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_a50000_Doc.jbxd
        Yara matches
        Similarity
        • API ID:
        • String ID: pointer00000000BAD RANK_UNKNOWNdeadlockpollDescrwmutexRrwmutexWscavengetraceBufatomicor8bad prunechan sendctxt != 0hchanLeafinterfacemSpanDeadmap_entrypanicwaitpclmulqdqpreemptedprofBlockrwxrwxrwxstackpooltracebackwbufSpansBad varintGOMAXPROCSGOMEMLIMITatomic$)$panicwrap: no ( in panicwrap: no ) in runtime: preempt g0semaRoot rotateLeftstopm holding lockssysMemStat overflowtoo much pixel dataunexpected g statusunknown wait reasonwinmm.dll not foundbad system page sizebad use of bucket.bpbad use of bucket.mpchan send $panicwrap: no ) in runtime: preempt g0semaRoot rotateLeftstopm holding lockssysMemStat overflowtoo much pixel dataunexpected g statusunknown wait reasonwinmm.dll not foundbad system page sizebad use of bucket.bpbad use of bucket.mpchan send (nil chan)close of $panicwrap: unexpected string after package name: runtime.reflect_makemap: unsupported map key typeruntime: unexpected waitm - semaphore out of syncs.allocCount != s.nelems && freeIndex == s.nelemsslice bounds out of range [::%x] with capacity %ysweeper left ou$panicwrap: unexpected string after type name: released less than one physical page of memoryruntime: name offset base pointer out of rangeruntime: text offset base pointer out of rangeruntime: type offset base pointer out of rangeslice bounds out of range [:%x$value method xadd64 failedxchg64 failed to finalizer GC assist waitGC worker initbad allocCountbad restart PCbad span statefinalizer waitkey size wrongnil elem type!no module datanot a PNG filesemaRoot queuestack overflowstopm spinningstore64 failedsync.Cond.W
        • API String ID: 0-1423911815
        • Opcode ID: 4ede7bd6d3781e361ebe0a2e8d17b0d54d92073836f944e8da15a252024941be
        • Instruction ID: 456cc54c63700ea581b2627c50bb66b703a14f0d16518855a89b7b25d3b475bd
        • Opcode Fuzzy Hash: 4ede7bd6d3781e361ebe0a2e8d17b0d54d92073836f944e8da15a252024941be
        • Instruction Fuzzy Hash: 6A814932319BC084CB64DB11F95539AB7A1F789780F448226EA9D4BB6AEF7CC549CB10
        Function 00A7DEE0 Relevance: 8.8, Strings: 7, Instructions: 68COMMON
        Download Yara Rule
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.2909639961.0000000000A51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A50000, based on PE: true
        • Associated: 00000000.00000002.2909617835.0000000000A50000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.0000000001394000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.00000000015BD000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.00000000015C5000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910936888.000000000190D000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910954066.000000000191B000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910966422.000000000191C000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910978367.000000000191D000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910998753.000000000193F000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911011367.0000000001945000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.0000000001948000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.000000000197B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.0000000001981000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.00000000019A8000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.00000000019B0000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911088322.00000000019BD000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911099132.00000000019BE000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_a50000_Doc.jbxd
        Yara matches
        Similarity
        • API ID:
        • String ID: PowerReg$gisterSu$ication$powrprof$rof.dll$spendRes$umeNotif
        • API String ID: 0-941992356
        • Opcode ID: a6f352c4b5de64d74899d98ba607e93fe7a5268e9d9c108a70cb656326fc446e
        • Instruction ID: 242a06075646e010d1221a2e4a50db63d57f837f1d7fbdcb541e94943f92cdf1
        • Opcode Fuzzy Hash: a6f352c4b5de64d74899d98ba607e93fe7a5268e9d9c108a70cb656326fc446e
        • Instruction Fuzzy Hash: 8B31E5B6208B8085D620DB11F44439AB7A5F789BC4F988129EBDC47B6ADF7DC159CB40
        Function 00A677A4 Relevance: 6.4, Strings: 5, Instructions: 113COMMON
        Download Yara Rule
        Strings
        • runtime.SetFinalizer: cannot pass runtime: g is running but p is notschedule: spinning with local workslice bounds out of range [%x:%y:]slice bounds out of range [:%x:%y]attempt to clear non-empty span setfindrunnable: netpoll with spinninggreyobject: obj not , xrefs: 00A67A76, 00A67ACD, 00A67B37
        • because dotdotdotGC worker (active)bad lfnode addressbad manualFreeListchunk out of ordercleantimers: bad pcompression methoddimension overflowelem align too bigforEachP: not donegarbage collectionindex out of rangeruntime.semacreateruntime.semawakeupstopping, xrefs: 00A67AFC
        • to finalizer GC assist waitGC worker initbad allocCountbad restart PCbad span statefinalizer waitkey size wrongnil elem type!no module datanot a PNG filesemaRoot queuestack overflowstopm spinningstore64 failedsync.Cond.WaituserArenaStatework.full != 0bad IEND, xrefs: 00A67A61, 00A67AB8, 00A67B22
        • , not a function0123456789ABCDEF0123456789abcdefGC scavenge waitGC worker (idle)GODEBUG: value "bad g transitionbad special kindbad summary databad symbol tablecastogscanstatusgc: unswept spaninteger overflowinvalid checksuminvalid g statusmSpanList.insertmSpa, xrefs: 00A67B5D
        • runtime.SetFinalizer: second argument is runtime: blocked read on closing polldescruntime: typeBitsBulkBarrier without typestopTheWorld: not stopped (stopwait != 0)acquireSudog: found s.elem != nil in cachefatal error: cgo callback before cgo callnon-empty ma, xrefs: 00A67B6C
        Memory Dump Source
        • Source File: 00000000.00000002.2909639961.0000000000A51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A50000, based on PE: true
        • Associated: 00000000.00000002.2909617835.0000000000A50000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.0000000001394000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.00000000015BD000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.00000000015C5000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910936888.000000000190D000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910954066.000000000191B000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910966422.000000000191C000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910978367.000000000191D000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910998753.000000000193F000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911011367.0000000001945000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.0000000001948000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.000000000197B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.0000000001981000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.00000000019A8000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.00000000019B0000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911088322.00000000019BD000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911099132.00000000019BE000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_a50000_Doc.jbxd
        Yara matches
        Similarity
        • API ID:
        • String ID: because dotdotdotGC worker (active)bad lfnode addressbad manualFreeListchunk out of ordercleantimers: bad pcompression methoddimension overflowelem align too bigforEachP: not donegarbage collectionindex out of rangeruntime.semacreateruntime.semawakeupstopping$ to finalizer GC assist waitGC worker initbad allocCountbad restart PCbad span statefinalizer waitkey size wrongnil elem type!no module datanot a PNG filesemaRoot queuestack overflowstopm spinningstore64 failedsync.Cond.WaituserArenaStatework.full != 0bad IEND$, not a function0123456789ABCDEF0123456789abcdefGC scavenge waitGC worker (idle)GODEBUG: value "bad g transitionbad special kindbad summary databad symbol tablecastogscanstatusgc: unswept spaninteger overflowinvalid checksuminvalid g statusmSpanList.insertmSpa$runtime.SetFinalizer: cannot pass runtime: g is running but p is notschedule: spinning with local workslice bounds out of range [%x:%y:]slice bounds out of range [:%x:%y]attempt to clear non-empty span setfindrunnable: netpoll with spinninggreyobject: obj not $runtime.SetFinalizer: second argument is runtime: blocked read on closing polldescruntime: typeBitsBulkBarrier without typestopTheWorld: not stopped (stopwait != 0)acquireSudog: found s.elem != nil in cachefatal error: cgo callback before cgo callnon-empty ma
        • API String ID: 0-3085556167
        • Opcode ID: 20b1689eed6b6cac0cebcba26699c86b69a19d60366db5d46ad9138fe03168ad
        • Instruction ID: fa7e90b0c3f7c33ce9e903e22f88c0e35e26e7fd765ed9108c89c3fdaf117e5b
        • Opcode Fuzzy Hash: 20b1689eed6b6cac0cebcba26699c86b69a19d60366db5d46ad9138fe03168ad
        • Instruction Fuzzy Hash: 3041AD36219BC491DB60AF61E5417EEA7B1F780BC4F489436DA8D9BB68DF38C846C350
        Function 00A677AA Relevance: 6.4, Strings: 5, Instructions: 113COMMON
        Download Yara Rule
        Strings
        • runtime.SetFinalizer: cannot pass runtime: g is running but p is notschedule: spinning with local workslice bounds out of range [%x:%y:]slice bounds out of range [:%x:%y]attempt to clear non-empty span setfindrunnable: netpoll with spinninggreyobject: obj not , xrefs: 00A67A76, 00A67ACD, 00A67B37
        • because dotdotdotGC worker (active)bad lfnode addressbad manualFreeListchunk out of ordercleantimers: bad pcompression methoddimension overflowelem align too bigforEachP: not donegarbage collectionindex out of rangeruntime.semacreateruntime.semawakeupstopping, xrefs: 00A67AFC
        • to finalizer GC assist waitGC worker initbad allocCountbad restart PCbad span statefinalizer waitkey size wrongnil elem type!no module datanot a PNG filesemaRoot queuestack overflowstopm spinningstore64 failedsync.Cond.WaituserArenaStatework.full != 0bad IEND, xrefs: 00A67A61, 00A67AB8, 00A67B22
        • , not a function0123456789ABCDEF0123456789abcdefGC scavenge waitGC worker (idle)GODEBUG: value "bad g transitionbad special kindbad summary databad symbol tablecastogscanstatusgc: unswept spaninteger overflowinvalid checksuminvalid g statusmSpanList.insertmSpa, xrefs: 00A67B5D
        • runtime.SetFinalizer: second argument is runtime: blocked read on closing polldescruntime: typeBitsBulkBarrier without typestopTheWorld: not stopped (stopwait != 0)acquireSudog: found s.elem != nil in cachefatal error: cgo callback before cgo callnon-empty ma, xrefs: 00A67B6C
        Memory Dump Source
        • Source File: 00000000.00000002.2909639961.0000000000A51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A50000, based on PE: true
        • Associated: 00000000.00000002.2909617835.0000000000A50000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.0000000001394000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.00000000015BD000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.00000000015C5000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910936888.000000000190D000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910954066.000000000191B000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910966422.000000000191C000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910978367.000000000191D000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910998753.000000000193F000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911011367.0000000001945000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.0000000001948000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.000000000197B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.0000000001981000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.00000000019A8000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.00000000019B0000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911088322.00000000019BD000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911099132.00000000019BE000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_a50000_Doc.jbxd
        Yara matches
        Similarity
        • API ID:
        • String ID: because dotdotdotGC worker (active)bad lfnode addressbad manualFreeListchunk out of ordercleantimers: bad pcompression methoddimension overflowelem align too bigforEachP: not donegarbage collectionindex out of rangeruntime.semacreateruntime.semawakeupstopping$ to finalizer GC assist waitGC worker initbad allocCountbad restart PCbad span statefinalizer waitkey size wrongnil elem type!no module datanot a PNG filesemaRoot queuestack overflowstopm spinningstore64 failedsync.Cond.WaituserArenaStatework.full != 0bad IEND$, not a function0123456789ABCDEF0123456789abcdefGC scavenge waitGC worker (idle)GODEBUG: value "bad g transitionbad special kindbad summary databad symbol tablecastogscanstatusgc: unswept spaninteger overflowinvalid checksuminvalid g statusmSpanList.insertmSpa$runtime.SetFinalizer: cannot pass runtime: g is running but p is notschedule: spinning with local workslice bounds out of range [%x:%y:]slice bounds out of range [:%x:%y]attempt to clear non-empty span setfindrunnable: netpoll with spinninggreyobject: obj not $runtime.SetFinalizer: second argument is runtime: blocked read on closing polldescruntime: typeBitsBulkBarrier without typestopTheWorld: not stopped (stopwait != 0)acquireSudog: found s.elem != nil in cachefatal error: cgo callback before cgo callnon-empty ma
        • API String ID: 0-3085556167
        • Opcode ID: 9ed2fdef0bfaa932d9252a55c3cb0a904605b8ca07cae347a8bb5386c13ce1d0
        • Instruction ID: 4d85bb0ce535a1a12e77a95bc1d500850564972365502c7a06cec41edd04b81b
        • Opcode Fuzzy Hash: 9ed2fdef0bfaa932d9252a55c3cb0a904605b8ca07cae347a8bb5386c13ce1d0
        • Instruction Fuzzy Hash: D241AC36219BC491DB60AF61E5417EEA7B1F780BC4F489436DA8D9BB68DF38C846C350
        Function 00A677B6 Relevance: 6.4, Strings: 5, Instructions: 113COMMON
        Download Yara Rule
        Strings
        • runtime.SetFinalizer: cannot pass runtime: g is running but p is notschedule: spinning with local workslice bounds out of range [%x:%y:]slice bounds out of range [:%x:%y]attempt to clear non-empty span setfindrunnable: netpoll with spinninggreyobject: obj not , xrefs: 00A67A76, 00A67ACD, 00A67B37
        • because dotdotdotGC worker (active)bad lfnode addressbad manualFreeListchunk out of ordercleantimers: bad pcompression methoddimension overflowelem align too bigforEachP: not donegarbage collectionindex out of rangeruntime.semacreateruntime.semawakeupstopping, xrefs: 00A67AFC
        • to finalizer GC assist waitGC worker initbad allocCountbad restart PCbad span statefinalizer waitkey size wrongnil elem type!no module datanot a PNG filesemaRoot queuestack overflowstopm spinningstore64 failedsync.Cond.WaituserArenaStatework.full != 0bad IEND, xrefs: 00A67A61, 00A67AB8, 00A67B22
        • , not a function0123456789ABCDEF0123456789abcdefGC scavenge waitGC worker (idle)GODEBUG: value "bad g transitionbad special kindbad summary databad symbol tablecastogscanstatusgc: unswept spaninteger overflowinvalid checksuminvalid g statusmSpanList.insertmSpa, xrefs: 00A67B5D
        • runtime.SetFinalizer: second argument is runtime: blocked read on closing polldescruntime: typeBitsBulkBarrier without typestopTheWorld: not stopped (stopwait != 0)acquireSudog: found s.elem != nil in cachefatal error: cgo callback before cgo callnon-empty ma, xrefs: 00A67B6C
        Memory Dump Source
        • Source File: 00000000.00000002.2909639961.0000000000A51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A50000, based on PE: true
        • Associated: 00000000.00000002.2909617835.0000000000A50000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.0000000001394000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.00000000015BD000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.00000000015C5000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910936888.000000000190D000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910954066.000000000191B000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910966422.000000000191C000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910978367.000000000191D000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910998753.000000000193F000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911011367.0000000001945000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.0000000001948000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.000000000197B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.0000000001981000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.00000000019A8000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.00000000019B0000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911088322.00000000019BD000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911099132.00000000019BE000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_a50000_Doc.jbxd
        Yara matches
        Similarity
        • API ID:
        • String ID: because dotdotdotGC worker (active)bad lfnode addressbad manualFreeListchunk out of ordercleantimers: bad pcompression methoddimension overflowelem align too bigforEachP: not donegarbage collectionindex out of rangeruntime.semacreateruntime.semawakeupstopping$ to finalizer GC assist waitGC worker initbad allocCountbad restart PCbad span statefinalizer waitkey size wrongnil elem type!no module datanot a PNG filesemaRoot queuestack overflowstopm spinningstore64 failedsync.Cond.WaituserArenaStatework.full != 0bad IEND$, not a function0123456789ABCDEF0123456789abcdefGC scavenge waitGC worker (idle)GODEBUG: value "bad g transitionbad special kindbad summary databad symbol tablecastogscanstatusgc: unswept spaninteger overflowinvalid checksuminvalid g statusmSpanList.insertmSpa$runtime.SetFinalizer: cannot pass runtime: g is running but p is notschedule: spinning with local workslice bounds out of range [%x:%y:]slice bounds out of range [:%x:%y]attempt to clear non-empty span setfindrunnable: netpoll with spinninggreyobject: obj not $runtime.SetFinalizer: second argument is runtime: blocked read on closing polldescruntime: typeBitsBulkBarrier without typestopTheWorld: not stopped (stopwait != 0)acquireSudog: found s.elem != nil in cachefatal error: cgo callback before cgo callnon-empty ma
        • API String ID: 0-3085556167
        • Opcode ID: 20b1689eed6b6cac0cebcba26699c86b69a19d60366db5d46ad9138fe03168ad
        • Instruction ID: fa7e90b0c3f7c33ce9e903e22f88c0e35e26e7fd765ed9108c89c3fdaf117e5b
        • Opcode Fuzzy Hash: 20b1689eed6b6cac0cebcba26699c86b69a19d60366db5d46ad9138fe03168ad
        • Instruction Fuzzy Hash: 3041AD36219BC491DB60AF61E5417EEA7B1F780BC4F489436DA8D9BB68DF38C846C350
        Function 00A677B0 Relevance: 6.4, Strings: 5, Instructions: 113COMMON
        Download Yara Rule
        Strings
        • runtime.SetFinalizer: cannot pass runtime: g is running but p is notschedule: spinning with local workslice bounds out of range [%x:%y:]slice bounds out of range [:%x:%y]attempt to clear non-empty span setfindrunnable: netpoll with spinninggreyobject: obj not , xrefs: 00A67A76, 00A67ACD, 00A67B37
        • because dotdotdotGC worker (active)bad lfnode addressbad manualFreeListchunk out of ordercleantimers: bad pcompression methoddimension overflowelem align too bigforEachP: not donegarbage collectionindex out of rangeruntime.semacreateruntime.semawakeupstopping, xrefs: 00A67AFC
        • to finalizer GC assist waitGC worker initbad allocCountbad restart PCbad span statefinalizer waitkey size wrongnil elem type!no module datanot a PNG filesemaRoot queuestack overflowstopm spinningstore64 failedsync.Cond.WaituserArenaStatework.full != 0bad IEND, xrefs: 00A67A61, 00A67AB8, 00A67B22
        • , not a function0123456789ABCDEF0123456789abcdefGC scavenge waitGC worker (idle)GODEBUG: value "bad g transitionbad special kindbad summary databad symbol tablecastogscanstatusgc: unswept spaninteger overflowinvalid checksuminvalid g statusmSpanList.insertmSpa, xrefs: 00A67B5D
        • runtime.SetFinalizer: second argument is runtime: blocked read on closing polldescruntime: typeBitsBulkBarrier without typestopTheWorld: not stopped (stopwait != 0)acquireSudog: found s.elem != nil in cachefatal error: cgo callback before cgo callnon-empty ma, xrefs: 00A67B6C
        Memory Dump Source
        • Source File: 00000000.00000002.2909639961.0000000000A51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A50000, based on PE: true
        • Associated: 00000000.00000002.2909617835.0000000000A50000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.0000000001394000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.00000000015BD000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.00000000015C5000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910936888.000000000190D000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910954066.000000000191B000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910966422.000000000191C000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910978367.000000000191D000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910998753.000000000193F000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911011367.0000000001945000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.0000000001948000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.000000000197B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.0000000001981000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.00000000019A8000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.00000000019B0000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911088322.00000000019BD000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911099132.00000000019BE000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_a50000_Doc.jbxd
        Yara matches
        Similarity
        • API ID:
        • String ID: because dotdotdotGC worker (active)bad lfnode addressbad manualFreeListchunk out of ordercleantimers: bad pcompression methoddimension overflowelem align too bigforEachP: not donegarbage collectionindex out of rangeruntime.semacreateruntime.semawakeupstopping$ to finalizer GC assist waitGC worker initbad allocCountbad restart PCbad span statefinalizer waitkey size wrongnil elem type!no module datanot a PNG filesemaRoot queuestack overflowstopm spinningstore64 failedsync.Cond.WaituserArenaStatework.full != 0bad IEND$, not a function0123456789ABCDEF0123456789abcdefGC scavenge waitGC worker (idle)GODEBUG: value "bad g transitionbad special kindbad summary databad symbol tablecastogscanstatusgc: unswept spaninteger overflowinvalid checksuminvalid g statusmSpanList.insertmSpa$runtime.SetFinalizer: cannot pass runtime: g is running but p is notschedule: spinning with local workslice bounds out of range [%x:%y:]slice bounds out of range [:%x:%y]attempt to clear non-empty span setfindrunnable: netpoll with spinninggreyobject: obj not $runtime.SetFinalizer: second argument is runtime: blocked read on closing polldescruntime: typeBitsBulkBarrier without typestopTheWorld: not stopped (stopwait != 0)acquireSudog: found s.elem != nil in cachefatal error: cgo callback before cgo callnon-empty ma
        • API String ID: 0-3085556167
        • Opcode ID: 0d45b19a180e132f09058cd869586747cdbb48ca80ca82958487f665328a685d
        • Instruction ID: 6480771fd66ef046c11abd624237fa1459100612511c9eccb1bbe368809cfd05
        • Opcode Fuzzy Hash: 0d45b19a180e132f09058cd869586747cdbb48ca80ca82958487f665328a685d
        • Instruction Fuzzy Hash: 6D41AD36219BC491DB60AF61E5417EEA7B1F780BC4F489436DA8D9BB68DF38C846C350
        Function 00A677BC Relevance: 6.4, Strings: 5, Instructions: 113COMMON
        Download Yara Rule
        Strings
        • runtime.SetFinalizer: cannot pass runtime: g is running but p is notschedule: spinning with local workslice bounds out of range [%x:%y:]slice bounds out of range [:%x:%y]attempt to clear non-empty span setfindrunnable: netpoll with spinninggreyobject: obj not , xrefs: 00A67A76, 00A67ACD, 00A67B37
        • because dotdotdotGC worker (active)bad lfnode addressbad manualFreeListchunk out of ordercleantimers: bad pcompression methoddimension overflowelem align too bigforEachP: not donegarbage collectionindex out of rangeruntime.semacreateruntime.semawakeupstopping, xrefs: 00A67AFC
        • to finalizer GC assist waitGC worker initbad allocCountbad restart PCbad span statefinalizer waitkey size wrongnil elem type!no module datanot a PNG filesemaRoot queuestack overflowstopm spinningstore64 failedsync.Cond.WaituserArenaStatework.full != 0bad IEND, xrefs: 00A67A61, 00A67AB8, 00A67B22
        • , not a function0123456789ABCDEF0123456789abcdefGC scavenge waitGC worker (idle)GODEBUG: value "bad g transitionbad special kindbad summary databad symbol tablecastogscanstatusgc: unswept spaninteger overflowinvalid checksuminvalid g statusmSpanList.insertmSpa, xrefs: 00A67B5D
        • runtime.SetFinalizer: second argument is runtime: blocked read on closing polldescruntime: typeBitsBulkBarrier without typestopTheWorld: not stopped (stopwait != 0)acquireSudog: found s.elem != nil in cachefatal error: cgo callback before cgo callnon-empty ma, xrefs: 00A67B6C
        Memory Dump Source
        • Source File: 00000000.00000002.2909639961.0000000000A51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A50000, based on PE: true
        • Associated: 00000000.00000002.2909617835.0000000000A50000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.0000000001394000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.00000000015BD000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.00000000015C5000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910936888.000000000190D000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910954066.000000000191B000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910966422.000000000191C000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910978367.000000000191D000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910998753.000000000193F000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911011367.0000000001945000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.0000000001948000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.000000000197B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.0000000001981000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.00000000019A8000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.00000000019B0000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911088322.00000000019BD000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911099132.00000000019BE000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_a50000_Doc.jbxd
        Yara matches
        Similarity
        • API ID:
        • String ID: because dotdotdotGC worker (active)bad lfnode addressbad manualFreeListchunk out of ordercleantimers: bad pcompression methoddimension overflowelem align too bigforEachP: not donegarbage collectionindex out of rangeruntime.semacreateruntime.semawakeupstopping$ to finalizer GC assist waitGC worker initbad allocCountbad restart PCbad span statefinalizer waitkey size wrongnil elem type!no module datanot a PNG filesemaRoot queuestack overflowstopm spinningstore64 failedsync.Cond.WaituserArenaStatework.full != 0bad IEND$, not a function0123456789ABCDEF0123456789abcdefGC scavenge waitGC worker (idle)GODEBUG: value "bad g transitionbad special kindbad summary databad symbol tablecastogscanstatusgc: unswept spaninteger overflowinvalid checksuminvalid g statusmSpanList.insertmSpa$runtime.SetFinalizer: cannot pass runtime: g is running but p is notschedule: spinning with local workslice bounds out of range [%x:%y:]slice bounds out of range [:%x:%y]attempt to clear non-empty span setfindrunnable: netpoll with spinninggreyobject: obj not $runtime.SetFinalizer: second argument is runtime: blocked read on closing polldescruntime: typeBitsBulkBarrier without typestopTheWorld: not stopped (stopwait != 0)acquireSudog: found s.elem != nil in cachefatal error: cgo callback before cgo callnon-empty ma
        • API String ID: 0-3085556167
        • Opcode ID: 20b1689eed6b6cac0cebcba26699c86b69a19d60366db5d46ad9138fe03168ad
        • Instruction ID: fa7e90b0c3f7c33ce9e903e22f88c0e35e26e7fd765ed9108c89c3fdaf117e5b
        • Opcode Fuzzy Hash: 20b1689eed6b6cac0cebcba26699c86b69a19d60366db5d46ad9138fe03168ad
        • Instruction Fuzzy Hash: 3041AD36219BC491DB60AF61E5417EEA7B1F780BC4F489436DA8D9BB68DF38C846C350
        Function 00A6779E Relevance: 6.4, Strings: 5, Instructions: 113COMMON
        Download Yara Rule
        Strings
        • runtime.SetFinalizer: cannot pass runtime: g is running but p is notschedule: spinning with local workslice bounds out of range [%x:%y:]slice bounds out of range [:%x:%y]attempt to clear non-empty span setfindrunnable: netpoll with spinninggreyobject: obj not , xrefs: 00A67A76, 00A67ACD, 00A67B37
        • because dotdotdotGC worker (active)bad lfnode addressbad manualFreeListchunk out of ordercleantimers: bad pcompression methoddimension overflowelem align too bigforEachP: not donegarbage collectionindex out of rangeruntime.semacreateruntime.semawakeupstopping, xrefs: 00A67AFC
        • to finalizer GC assist waitGC worker initbad allocCountbad restart PCbad span statefinalizer waitkey size wrongnil elem type!no module datanot a PNG filesemaRoot queuestack overflowstopm spinningstore64 failedsync.Cond.WaituserArenaStatework.full != 0bad IEND, xrefs: 00A67A61, 00A67AB8, 00A67B22
        • , not a function0123456789ABCDEF0123456789abcdefGC scavenge waitGC worker (idle)GODEBUG: value "bad g transitionbad special kindbad summary databad symbol tablecastogscanstatusgc: unswept spaninteger overflowinvalid checksuminvalid g statusmSpanList.insertmSpa, xrefs: 00A67B5D
        • runtime.SetFinalizer: second argument is runtime: blocked read on closing polldescruntime: typeBitsBulkBarrier without typestopTheWorld: not stopped (stopwait != 0)acquireSudog: found s.elem != nil in cachefatal error: cgo callback before cgo callnon-empty ma, xrefs: 00A67B6C
        Memory Dump Source
        • Source File: 00000000.00000002.2909639961.0000000000A51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A50000, based on PE: true
        • Associated: 00000000.00000002.2909617835.0000000000A50000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.0000000001394000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.00000000015BD000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.00000000015C5000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910936888.000000000190D000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910954066.000000000191B000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910966422.000000000191C000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910978367.000000000191D000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910998753.000000000193F000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911011367.0000000001945000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.0000000001948000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.000000000197B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.0000000001981000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.00000000019A8000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.00000000019B0000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911088322.00000000019BD000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911099132.00000000019BE000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_a50000_Doc.jbxd
        Yara matches
        Similarity
        • API ID:
        • String ID: because dotdotdotGC worker (active)bad lfnode addressbad manualFreeListchunk out of ordercleantimers: bad pcompression methoddimension overflowelem align too bigforEachP: not donegarbage collectionindex out of rangeruntime.semacreateruntime.semawakeupstopping$ to finalizer GC assist waitGC worker initbad allocCountbad restart PCbad span statefinalizer waitkey size wrongnil elem type!no module datanot a PNG filesemaRoot queuestack overflowstopm spinningstore64 failedsync.Cond.WaituserArenaStatework.full != 0bad IEND$, not a function0123456789ABCDEF0123456789abcdefGC scavenge waitGC worker (idle)GODEBUG: value "bad g transitionbad special kindbad summary databad symbol tablecastogscanstatusgc: unswept spaninteger overflowinvalid checksuminvalid g statusmSpanList.insertmSpa$runtime.SetFinalizer: cannot pass runtime: g is running but p is notschedule: spinning with local workslice bounds out of range [%x:%y:]slice bounds out of range [:%x:%y]attempt to clear non-empty span setfindrunnable: netpoll with spinninggreyobject: obj not $runtime.SetFinalizer: second argument is runtime: blocked read on closing polldescruntime: typeBitsBulkBarrier without typestopTheWorld: not stopped (stopwait != 0)acquireSudog: found s.elem != nil in cachefatal error: cgo callback before cgo callnon-empty ma
        • API String ID: 0-3085556167
        • Opcode ID: 56d71a48bdc7b089b65c61ca2aa2f2cf4ede9f0884009a31d9b43e4f4f4baca6
        • Instruction ID: 932e1697ea4cca58d6992c4b87e0a053184bed4d55acaa4545daf968a8d940f7
        • Opcode Fuzzy Hash: 56d71a48bdc7b089b65c61ca2aa2f2cf4ede9f0884009a31d9b43e4f4f4baca6
        • Instruction Fuzzy Hash: A441AC36219AC491DB60AF61E5417EEA7B1F780BC4F489436DA8D9BB68DF38C846C350
        Function 00A67798 Relevance: 6.4, Strings: 5, Instructions: 113COMMON
        Download Yara Rule
        Strings
        • runtime.SetFinalizer: cannot pass runtime: g is running but p is notschedule: spinning with local workslice bounds out of range [%x:%y:]slice bounds out of range [:%x:%y]attempt to clear non-empty span setfindrunnable: netpoll with spinninggreyobject: obj not , xrefs: 00A67A76, 00A67ACD, 00A67B37
        • because dotdotdotGC worker (active)bad lfnode addressbad manualFreeListchunk out of ordercleantimers: bad pcompression methoddimension overflowelem align too bigforEachP: not donegarbage collectionindex out of rangeruntime.semacreateruntime.semawakeupstopping, xrefs: 00A67AFC
        • to finalizer GC assist waitGC worker initbad allocCountbad restart PCbad span statefinalizer waitkey size wrongnil elem type!no module datanot a PNG filesemaRoot queuestack overflowstopm spinningstore64 failedsync.Cond.WaituserArenaStatework.full != 0bad IEND, xrefs: 00A67A61, 00A67AB8, 00A67B22
        • , not a function0123456789ABCDEF0123456789abcdefGC scavenge waitGC worker (idle)GODEBUG: value "bad g transitionbad special kindbad summary databad symbol tablecastogscanstatusgc: unswept spaninteger overflowinvalid checksuminvalid g statusmSpanList.insertmSpa, xrefs: 00A67B5D
        • runtime.SetFinalizer: second argument is runtime: blocked read on closing polldescruntime: typeBitsBulkBarrier without typestopTheWorld: not stopped (stopwait != 0)acquireSudog: found s.elem != nil in cachefatal error: cgo callback before cgo callnon-empty ma, xrefs: 00A67B6C
        Memory Dump Source
        • Source File: 00000000.00000002.2909639961.0000000000A51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A50000, based on PE: true
        • Associated: 00000000.00000002.2909617835.0000000000A50000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.0000000001394000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.00000000015BD000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.00000000015C5000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910936888.000000000190D000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910954066.000000000191B000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910966422.000000000191C000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910978367.000000000191D000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910998753.000000000193F000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911011367.0000000001945000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.0000000001948000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.000000000197B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.0000000001981000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.00000000019A8000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.00000000019B0000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911088322.00000000019BD000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911099132.00000000019BE000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_a50000_Doc.jbxd
        Yara matches
        Similarity
        • API ID:
        • String ID: because dotdotdotGC worker (active)bad lfnode addressbad manualFreeListchunk out of ordercleantimers: bad pcompression methoddimension overflowelem align too bigforEachP: not donegarbage collectionindex out of rangeruntime.semacreateruntime.semawakeupstopping$ to finalizer GC assist waitGC worker initbad allocCountbad restart PCbad span statefinalizer waitkey size wrongnil elem type!no module datanot a PNG filesemaRoot queuestack overflowstopm spinningstore64 failedsync.Cond.WaituserArenaStatework.full != 0bad IEND$, not a function0123456789ABCDEF0123456789abcdefGC scavenge waitGC worker (idle)GODEBUG: value "bad g transitionbad special kindbad summary databad symbol tablecastogscanstatusgc: unswept spaninteger overflowinvalid checksuminvalid g statusmSpanList.insertmSpa$runtime.SetFinalizer: cannot pass runtime: g is running but p is notschedule: spinning with local workslice bounds out of range [%x:%y:]slice bounds out of range [:%x:%y]attempt to clear non-empty span setfindrunnable: netpoll with spinninggreyobject: obj not $runtime.SetFinalizer: second argument is runtime: blocked read on closing polldescruntime: typeBitsBulkBarrier without typestopTheWorld: not stopped (stopwait != 0)acquireSudog: found s.elem != nil in cachefatal error: cgo callback before cgo callnon-empty ma
        • API String ID: 0-3085556167
        • Opcode ID: 480d54051c87adccc3e1c0a914048aaa3107a311504b801e7f6c8c6a29b56351
        • Instruction ID: e684355e0d112f14ce3011973e9d33f5698cddf4806c954a922aca27f1e69f58
        • Opcode Fuzzy Hash: 480d54051c87adccc3e1c0a914048aaa3107a311504b801e7f6c8c6a29b56351
        • Instruction Fuzzy Hash: 9D41AD36219BC491DB60AF61E5417EEA7B1F780BC4F489436DA8D9BB68DF38C846C350
        Function 00A677C2 Relevance: 6.4, Strings: 5, Instructions: 113COMMON
        Download Yara Rule
        Strings
        • runtime.SetFinalizer: cannot pass runtime: g is running but p is notschedule: spinning with local workslice bounds out of range [%x:%y:]slice bounds out of range [:%x:%y]attempt to clear non-empty span setfindrunnable: netpoll with spinninggreyobject: obj not , xrefs: 00A67A76, 00A67ACD, 00A67B37
        • because dotdotdotGC worker (active)bad lfnode addressbad manualFreeListchunk out of ordercleantimers: bad pcompression methoddimension overflowelem align too bigforEachP: not donegarbage collectionindex out of rangeruntime.semacreateruntime.semawakeupstopping, xrefs: 00A67AFC
        • to finalizer GC assist waitGC worker initbad allocCountbad restart PCbad span statefinalizer waitkey size wrongnil elem type!no module datanot a PNG filesemaRoot queuestack overflowstopm spinningstore64 failedsync.Cond.WaituserArenaStatework.full != 0bad IEND, xrefs: 00A67A61, 00A67AB8, 00A67B22
        • , not a function0123456789ABCDEF0123456789abcdefGC scavenge waitGC worker (idle)GODEBUG: value "bad g transitionbad special kindbad summary databad symbol tablecastogscanstatusgc: unswept spaninteger overflowinvalid checksuminvalid g statusmSpanList.insertmSpa, xrefs: 00A67B5D
        • runtime.SetFinalizer: second argument is runtime: blocked read on closing polldescruntime: typeBitsBulkBarrier without typestopTheWorld: not stopped (stopwait != 0)acquireSudog: found s.elem != nil in cachefatal error: cgo callback before cgo callnon-empty ma, xrefs: 00A67B6C
        Memory Dump Source
        • Source File: 00000000.00000002.2909639961.0000000000A51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A50000, based on PE: true
        • Associated: 00000000.00000002.2909617835.0000000000A50000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.0000000001394000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.00000000015BD000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.00000000015C5000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910936888.000000000190D000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910954066.000000000191B000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910966422.000000000191C000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910978367.000000000191D000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910998753.000000000193F000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911011367.0000000001945000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.0000000001948000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.000000000197B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.0000000001981000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.00000000019A8000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.00000000019B0000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911088322.00000000019BD000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911099132.00000000019BE000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_a50000_Doc.jbxd
        Yara matches
        Similarity
        • API ID:
        • String ID: because dotdotdotGC worker (active)bad lfnode addressbad manualFreeListchunk out of ordercleantimers: bad pcompression methoddimension overflowelem align too bigforEachP: not donegarbage collectionindex out of rangeruntime.semacreateruntime.semawakeupstopping$ to finalizer GC assist waitGC worker initbad allocCountbad restart PCbad span statefinalizer waitkey size wrongnil elem type!no module datanot a PNG filesemaRoot queuestack overflowstopm spinningstore64 failedsync.Cond.WaituserArenaStatework.full != 0bad IEND$, not a function0123456789ABCDEF0123456789abcdefGC scavenge waitGC worker (idle)GODEBUG: value "bad g transitionbad special kindbad summary databad symbol tablecastogscanstatusgc: unswept spaninteger overflowinvalid checksuminvalid g statusmSpanList.insertmSpa$runtime.SetFinalizer: cannot pass runtime: g is running but p is notschedule: spinning with local workslice bounds out of range [%x:%y:]slice bounds out of range [:%x:%y]attempt to clear non-empty span setfindrunnable: netpoll with spinninggreyobject: obj not $runtime.SetFinalizer: second argument is runtime: blocked read on closing polldescruntime: typeBitsBulkBarrier without typestopTheWorld: not stopped (stopwait != 0)acquireSudog: found s.elem != nil in cachefatal error: cgo callback before cgo callnon-empty ma
        • API String ID: 0-3085556167
        • Opcode ID: 9d41ddb371067b3e70e30a04c0c7ab468dde5f9f151078df286275c50b06c1f9
        • Instruction ID: a8c88d1a962168850a29be54e9965779ed5141f28dc031b75d462a0c47b5e89a
        • Opcode Fuzzy Hash: 9d41ddb371067b3e70e30a04c0c7ab468dde5f9f151078df286275c50b06c1f9
        • Instruction Fuzzy Hash: B241AC36219AC491DB60AF61E5417EEA7B1F780BC4F489436DA8D9BB68DF38C846C350
        Function 00A677C8 Relevance: 6.4, Strings: 5, Instructions: 112COMMON
        Download Yara Rule
        Strings
        • runtime.SetFinalizer: cannot pass runtime: g is running but p is notschedule: spinning with local workslice bounds out of range [%x:%y:]slice bounds out of range [:%x:%y]attempt to clear non-empty span setfindrunnable: netpoll with spinninggreyobject: obj not , xrefs: 00A67A76, 00A67ACD, 00A67B37
        • because dotdotdotGC worker (active)bad lfnode addressbad manualFreeListchunk out of ordercleantimers: bad pcompression methoddimension overflowelem align too bigforEachP: not donegarbage collectionindex out of rangeruntime.semacreateruntime.semawakeupstopping, xrefs: 00A67AFC
        • to finalizer GC assist waitGC worker initbad allocCountbad restart PCbad span statefinalizer waitkey size wrongnil elem type!no module datanot a PNG filesemaRoot queuestack overflowstopm spinningstore64 failedsync.Cond.WaituserArenaStatework.full != 0bad IEND, xrefs: 00A67A61, 00A67AB8, 00A67B22
        • , not a function0123456789ABCDEF0123456789abcdefGC scavenge waitGC worker (idle)GODEBUG: value "bad g transitionbad special kindbad summary databad symbol tablecastogscanstatusgc: unswept spaninteger overflowinvalid checksuminvalid g statusmSpanList.insertmSpa, xrefs: 00A67B5D
        • runtime.SetFinalizer: second argument is runtime: blocked read on closing polldescruntime: typeBitsBulkBarrier without typestopTheWorld: not stopped (stopwait != 0)acquireSudog: found s.elem != nil in cachefatal error: cgo callback before cgo callnon-empty ma, xrefs: 00A67B6C
        Memory Dump Source
        • Source File: 00000000.00000002.2909639961.0000000000A51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A50000, based on PE: true
        • Associated: 00000000.00000002.2909617835.0000000000A50000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.0000000001394000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.00000000015BD000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.00000000015C5000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910936888.000000000190D000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910954066.000000000191B000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910966422.000000000191C000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910978367.000000000191D000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910998753.000000000193F000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911011367.0000000001945000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.0000000001948000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.000000000197B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.0000000001981000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.00000000019A8000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.00000000019B0000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911088322.00000000019BD000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911099132.00000000019BE000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_a50000_Doc.jbxd
        Yara matches
        Similarity
        • API ID:
        • String ID: because dotdotdotGC worker (active)bad lfnode addressbad manualFreeListchunk out of ordercleantimers: bad pcompression methoddimension overflowelem align too bigforEachP: not donegarbage collectionindex out of rangeruntime.semacreateruntime.semawakeupstopping$ to finalizer GC assist waitGC worker initbad allocCountbad restart PCbad span statefinalizer waitkey size wrongnil elem type!no module datanot a PNG filesemaRoot queuestack overflowstopm spinningstore64 failedsync.Cond.WaituserArenaStatework.full != 0bad IEND$, not a function0123456789ABCDEF0123456789abcdefGC scavenge waitGC worker (idle)GODEBUG: value "bad g transitionbad special kindbad summary databad symbol tablecastogscanstatusgc: unswept spaninteger overflowinvalid checksuminvalid g statusmSpanList.insertmSpa$runtime.SetFinalizer: cannot pass runtime: g is running but p is notschedule: spinning with local workslice bounds out of range [%x:%y:]slice bounds out of range [:%x:%y]attempt to clear non-empty span setfindrunnable: netpoll with spinninggreyobject: obj not $runtime.SetFinalizer: second argument is runtime: blocked read on closing polldescruntime: typeBitsBulkBarrier without typestopTheWorld: not stopped (stopwait != 0)acquireSudog: found s.elem != nil in cachefatal error: cgo callback before cgo callnon-empty ma
        • API String ID: 0-3085556167
        • Opcode ID: 28fffa2c1dd1854180ad2fa18f51cb6449259c1e0171f171a58a0336ffce68e4
        • Instruction ID: 1841cd7d414cbebd7555d37ca2fe1424a117304a785c124d6530c96859c474a8
        • Opcode Fuzzy Hash: 28fffa2c1dd1854180ad2fa18f51cb6449259c1e0171f171a58a0336ffce68e4
        • Instruction Fuzzy Hash: 9141BE36219BC491DB60AF61E5417EEA7A1F780BC4F489436DA8D9BB68DF38C446C350
        Function 00A67823 Relevance: 6.4, Strings: 5, Instructions: 106COMMON
        Download Yara Rule
        Strings
        • runtime.SetFinalizer: cannot pass runtime: g is running but p is notschedule: spinning with local workslice bounds out of range [%x:%y:]slice bounds out of range [:%x:%y]attempt to clear non-empty span setfindrunnable: netpoll with spinninggreyobject: obj not , xrefs: 00A67A76, 00A67ACD, 00A67B37
        • because dotdotdotGC worker (active)bad lfnode addressbad manualFreeListchunk out of ordercleantimers: bad pcompression methoddimension overflowelem align too bigforEachP: not donegarbage collectionindex out of rangeruntime.semacreateruntime.semawakeupstopping, xrefs: 00A67AFC
        • to finalizer GC assist waitGC worker initbad allocCountbad restart PCbad span statefinalizer waitkey size wrongnil elem type!no module datanot a PNG filesemaRoot queuestack overflowstopm spinningstore64 failedsync.Cond.WaituserArenaStatework.full != 0bad IEND, xrefs: 00A67A61, 00A67AB8, 00A67B22
        • , not a function0123456789ABCDEF0123456789abcdefGC scavenge waitGC worker (idle)GODEBUG: value "bad g transitionbad special kindbad summary databad symbol tablecastogscanstatusgc: unswept spaninteger overflowinvalid checksuminvalid g statusmSpanList.insertmSpa, xrefs: 00A67B5D
        • runtime.SetFinalizer: second argument is runtime: blocked read on closing polldescruntime: typeBitsBulkBarrier without typestopTheWorld: not stopped (stopwait != 0)acquireSudog: found s.elem != nil in cachefatal error: cgo callback before cgo callnon-empty ma, xrefs: 00A67B6C
        Memory Dump Source
        • Source File: 00000000.00000002.2909639961.0000000000A51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A50000, based on PE: true
        • Associated: 00000000.00000002.2909617835.0000000000A50000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.0000000001394000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.00000000015BD000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.00000000015C5000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910936888.000000000190D000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910954066.000000000191B000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910966422.000000000191C000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910978367.000000000191D000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910998753.000000000193F000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911011367.0000000001945000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.0000000001948000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.000000000197B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.0000000001981000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.00000000019A8000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.00000000019B0000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911088322.00000000019BD000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911099132.00000000019BE000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_a50000_Doc.jbxd
        Yara matches
        Similarity
        • API ID:
        • String ID: because dotdotdotGC worker (active)bad lfnode addressbad manualFreeListchunk out of ordercleantimers: bad pcompression methoddimension overflowelem align too bigforEachP: not donegarbage collectionindex out of rangeruntime.semacreateruntime.semawakeupstopping$ to finalizer GC assist waitGC worker initbad allocCountbad restart PCbad span statefinalizer waitkey size wrongnil elem type!no module datanot a PNG filesemaRoot queuestack overflowstopm spinningstore64 failedsync.Cond.WaituserArenaStatework.full != 0bad IEND$, not a function0123456789ABCDEF0123456789abcdefGC scavenge waitGC worker (idle)GODEBUG: value "bad g transitionbad special kindbad summary databad symbol tablecastogscanstatusgc: unswept spaninteger overflowinvalid checksuminvalid g statusmSpanList.insertmSpa$runtime.SetFinalizer: cannot pass runtime: g is running but p is notschedule: spinning with local workslice bounds out of range [%x:%y:]slice bounds out of range [:%x:%y]attempt to clear non-empty span setfindrunnable: netpoll with spinninggreyobject: obj not $runtime.SetFinalizer: second argument is runtime: blocked read on closing polldescruntime: typeBitsBulkBarrier without typestopTheWorld: not stopped (stopwait != 0)acquireSudog: found s.elem != nil in cachefatal error: cgo callback before cgo callnon-empty ma
        • API String ID: 0-3085556167
        • Opcode ID: ce7c6fa83448cff6fd61b02423b61d572357fa93ce6463b1fde29193961928eb
        • Instruction ID: 0c778487c575f7398b9b388eac8f08c1c97b797c819819df0a0797bd9bc85820
        • Opcode Fuzzy Hash: ce7c6fa83448cff6fd61b02423b61d572357fa93ce6463b1fde29193961928eb
        • Instruction Fuzzy Hash: 7F41BD36219BC4D1DB60AF51E5407EEA7A0F780BC4F489436DA8D97B68DF38C445C350
        Function 00A67805 Relevance: 6.4, Strings: 5, Instructions: 106COMMON
        Download Yara Rule
        Strings
        • runtime.SetFinalizer: cannot pass runtime: g is running but p is notschedule: spinning with local workslice bounds out of range [%x:%y:]slice bounds out of range [:%x:%y]attempt to clear non-empty span setfindrunnable: netpoll with spinninggreyobject: obj not , xrefs: 00A67A76, 00A67ACD, 00A67B37
        • because dotdotdotGC worker (active)bad lfnode addressbad manualFreeListchunk out of ordercleantimers: bad pcompression methoddimension overflowelem align too bigforEachP: not donegarbage collectionindex out of rangeruntime.semacreateruntime.semawakeupstopping, xrefs: 00A67AFC
        • to finalizer GC assist waitGC worker initbad allocCountbad restart PCbad span statefinalizer waitkey size wrongnil elem type!no module datanot a PNG filesemaRoot queuestack overflowstopm spinningstore64 failedsync.Cond.WaituserArenaStatework.full != 0bad IEND, xrefs: 00A67A61, 00A67AB8, 00A67B22
        • , not a function0123456789ABCDEF0123456789abcdefGC scavenge waitGC worker (idle)GODEBUG: value "bad g transitionbad special kindbad summary databad symbol tablecastogscanstatusgc: unswept spaninteger overflowinvalid checksuminvalid g statusmSpanList.insertmSpa, xrefs: 00A67B5D
        • runtime.SetFinalizer: second argument is runtime: blocked read on closing polldescruntime: typeBitsBulkBarrier without typestopTheWorld: not stopped (stopwait != 0)acquireSudog: found s.elem != nil in cachefatal error: cgo callback before cgo callnon-empty ma, xrefs: 00A67B6C
        Memory Dump Source
        • Source File: 00000000.00000002.2909639961.0000000000A51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A50000, based on PE: true
        • Associated: 00000000.00000002.2909617835.0000000000A50000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.0000000001394000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.00000000015BD000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.00000000015C5000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910936888.000000000190D000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910954066.000000000191B000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910966422.000000000191C000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910978367.000000000191D000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910998753.000000000193F000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911011367.0000000001945000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.0000000001948000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.000000000197B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.0000000001981000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.00000000019A8000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.00000000019B0000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911088322.00000000019BD000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911099132.00000000019BE000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_a50000_Doc.jbxd
        Yara matches
        Similarity
        • API ID:
        • String ID: because dotdotdotGC worker (active)bad lfnode addressbad manualFreeListchunk out of ordercleantimers: bad pcompression methoddimension overflowelem align too bigforEachP: not donegarbage collectionindex out of rangeruntime.semacreateruntime.semawakeupstopping$ to finalizer GC assist waitGC worker initbad allocCountbad restart PCbad span statefinalizer waitkey size wrongnil elem type!no module datanot a PNG filesemaRoot queuestack overflowstopm spinningstore64 failedsync.Cond.WaituserArenaStatework.full != 0bad IEND$, not a function0123456789ABCDEF0123456789abcdefGC scavenge waitGC worker (idle)GODEBUG: value "bad g transitionbad special kindbad summary databad symbol tablecastogscanstatusgc: unswept spaninteger overflowinvalid checksuminvalid g statusmSpanList.insertmSpa$runtime.SetFinalizer: cannot pass runtime: g is running but p is notschedule: spinning with local workslice bounds out of range [%x:%y:]slice bounds out of range [:%x:%y]attempt to clear non-empty span setfindrunnable: netpoll with spinninggreyobject: obj not $runtime.SetFinalizer: second argument is runtime: blocked read on closing polldescruntime: typeBitsBulkBarrier without typestopTheWorld: not stopped (stopwait != 0)acquireSudog: found s.elem != nil in cachefatal error: cgo callback before cgo callnon-empty ma
        • API String ID: 0-3085556167
        • Opcode ID: e3029704b66e82293be65cc54ae32b2e7c29bee9795703e84d057461b9faa674
        • Instruction ID: 8193dba193fec809871dd768a7306e46e87ab67dbf18efe0b7b889695a7b2c33
        • Opcode Fuzzy Hash: e3029704b66e82293be65cc54ae32b2e7c29bee9795703e84d057461b9faa674
        • Instruction Fuzzy Hash: CE418C36219AC491DB60AF51E5417EEA7A0F784BC4F489436DA8D9BB68DF38C845C350
        Function 00A6780B Relevance: 6.4, Strings: 5, Instructions: 106COMMON
        Download Yara Rule
        Strings
        • runtime.SetFinalizer: cannot pass runtime: g is running but p is notschedule: spinning with local workslice bounds out of range [%x:%y:]slice bounds out of range [:%x:%y]attempt to clear non-empty span setfindrunnable: netpoll with spinninggreyobject: obj not , xrefs: 00A67A76, 00A67ACD, 00A67B37
        • because dotdotdotGC worker (active)bad lfnode addressbad manualFreeListchunk out of ordercleantimers: bad pcompression methoddimension overflowelem align too bigforEachP: not donegarbage collectionindex out of rangeruntime.semacreateruntime.semawakeupstopping, xrefs: 00A67AFC
        • to finalizer GC assist waitGC worker initbad allocCountbad restart PCbad span statefinalizer waitkey size wrongnil elem type!no module datanot a PNG filesemaRoot queuestack overflowstopm spinningstore64 failedsync.Cond.WaituserArenaStatework.full != 0bad IEND, xrefs: 00A67A61, 00A67AB8, 00A67B22
        • , not a function0123456789ABCDEF0123456789abcdefGC scavenge waitGC worker (idle)GODEBUG: value "bad g transitionbad special kindbad summary databad symbol tablecastogscanstatusgc: unswept spaninteger overflowinvalid checksuminvalid g statusmSpanList.insertmSpa, xrefs: 00A67B5D
        • runtime.SetFinalizer: second argument is runtime: blocked read on closing polldescruntime: typeBitsBulkBarrier without typestopTheWorld: not stopped (stopwait != 0)acquireSudog: found s.elem != nil in cachefatal error: cgo callback before cgo callnon-empty ma, xrefs: 00A67B6C
        Memory Dump Source
        • Source File: 00000000.00000002.2909639961.0000000000A51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A50000, based on PE: true
        • Associated: 00000000.00000002.2909617835.0000000000A50000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.0000000001394000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.00000000015BD000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.00000000015C5000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910936888.000000000190D000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910954066.000000000191B000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910966422.000000000191C000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910978367.000000000191D000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910998753.000000000193F000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911011367.0000000001945000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.0000000001948000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.000000000197B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.0000000001981000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.00000000019A8000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.00000000019B0000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911088322.00000000019BD000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911099132.00000000019BE000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_a50000_Doc.jbxd
        Yara matches
        Similarity
        • API ID:
        • String ID: because dotdotdotGC worker (active)bad lfnode addressbad manualFreeListchunk out of ordercleantimers: bad pcompression methoddimension overflowelem align too bigforEachP: not donegarbage collectionindex out of rangeruntime.semacreateruntime.semawakeupstopping$ to finalizer GC assist waitGC worker initbad allocCountbad restart PCbad span statefinalizer waitkey size wrongnil elem type!no module datanot a PNG filesemaRoot queuestack overflowstopm spinningstore64 failedsync.Cond.WaituserArenaStatework.full != 0bad IEND$, not a function0123456789ABCDEF0123456789abcdefGC scavenge waitGC worker (idle)GODEBUG: value "bad g transitionbad special kindbad summary databad symbol tablecastogscanstatusgc: unswept spaninteger overflowinvalid checksuminvalid g statusmSpanList.insertmSpa$runtime.SetFinalizer: cannot pass runtime: g is running but p is notschedule: spinning with local workslice bounds out of range [%x:%y:]slice bounds out of range [:%x:%y]attempt to clear non-empty span setfindrunnable: netpoll with spinninggreyobject: obj not $runtime.SetFinalizer: second argument is runtime: blocked read on closing polldescruntime: typeBitsBulkBarrier without typestopTheWorld: not stopped (stopwait != 0)acquireSudog: found s.elem != nil in cachefatal error: cgo callback before cgo callnon-empty ma
        • API String ID: 0-3085556167
        • Opcode ID: ce7c6fa83448cff6fd61b02423b61d572357fa93ce6463b1fde29193961928eb
        • Instruction ID: 0c778487c575f7398b9b388eac8f08c1c97b797c819819df0a0797bd9bc85820
        • Opcode Fuzzy Hash: ce7c6fa83448cff6fd61b02423b61d572357fa93ce6463b1fde29193961928eb
        • Instruction Fuzzy Hash: 7F41BD36219BC4D1DB60AF51E5407EEA7A0F780BC4F489436DA8D97B68DF38C445C350
        Function 00A67817 Relevance: 6.4, Strings: 5, Instructions: 106COMMON
        Download Yara Rule
        Strings
        • runtime.SetFinalizer: cannot pass runtime: g is running but p is notschedule: spinning with local workslice bounds out of range [%x:%y:]slice bounds out of range [:%x:%y]attempt to clear non-empty span setfindrunnable: netpoll with spinninggreyobject: obj not , xrefs: 00A67A76, 00A67ACD, 00A67B37
        • because dotdotdotGC worker (active)bad lfnode addressbad manualFreeListchunk out of ordercleantimers: bad pcompression methoddimension overflowelem align too bigforEachP: not donegarbage collectionindex out of rangeruntime.semacreateruntime.semawakeupstopping, xrefs: 00A67AFC
        • to finalizer GC assist waitGC worker initbad allocCountbad restart PCbad span statefinalizer waitkey size wrongnil elem type!no module datanot a PNG filesemaRoot queuestack overflowstopm spinningstore64 failedsync.Cond.WaituserArenaStatework.full != 0bad IEND, xrefs: 00A67A61, 00A67AB8, 00A67B22
        • , not a function0123456789ABCDEF0123456789abcdefGC scavenge waitGC worker (idle)GODEBUG: value "bad g transitionbad special kindbad summary databad symbol tablecastogscanstatusgc: unswept spaninteger overflowinvalid checksuminvalid g statusmSpanList.insertmSpa, xrefs: 00A67B5D
        • runtime.SetFinalizer: second argument is runtime: blocked read on closing polldescruntime: typeBitsBulkBarrier without typestopTheWorld: not stopped (stopwait != 0)acquireSudog: found s.elem != nil in cachefatal error: cgo callback before cgo callnon-empty ma, xrefs: 00A67B6C
        Memory Dump Source
        • Source File: 00000000.00000002.2909639961.0000000000A51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A50000, based on PE: true
        • Associated: 00000000.00000002.2909617835.0000000000A50000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.0000000001394000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.00000000015BD000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.00000000015C5000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910936888.000000000190D000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910954066.000000000191B000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910966422.000000000191C000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910978367.000000000191D000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910998753.000000000193F000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911011367.0000000001945000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.0000000001948000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.000000000197B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.0000000001981000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.00000000019A8000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.00000000019B0000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911088322.00000000019BD000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911099132.00000000019BE000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_a50000_Doc.jbxd
        Yara matches
        Similarity
        • API ID:
        • String ID: because dotdotdotGC worker (active)bad lfnode addressbad manualFreeListchunk out of ordercleantimers: bad pcompression methoddimension overflowelem align too bigforEachP: not donegarbage collectionindex out of rangeruntime.semacreateruntime.semawakeupstopping$ to finalizer GC assist waitGC worker initbad allocCountbad restart PCbad span statefinalizer waitkey size wrongnil elem type!no module datanot a PNG filesemaRoot queuestack overflowstopm spinningstore64 failedsync.Cond.WaituserArenaStatework.full != 0bad IEND$, not a function0123456789ABCDEF0123456789abcdefGC scavenge waitGC worker (idle)GODEBUG: value "bad g transitionbad special kindbad summary databad symbol tablecastogscanstatusgc: unswept spaninteger overflowinvalid checksuminvalid g statusmSpanList.insertmSpa$runtime.SetFinalizer: cannot pass runtime: g is running but p is notschedule: spinning with local workslice bounds out of range [%x:%y:]slice bounds out of range [:%x:%y]attempt to clear non-empty span setfindrunnable: netpoll with spinninggreyobject: obj not $runtime.SetFinalizer: second argument is runtime: blocked read on closing polldescruntime: typeBitsBulkBarrier without typestopTheWorld: not stopped (stopwait != 0)acquireSudog: found s.elem != nil in cachefatal error: cgo callback before cgo callnon-empty ma
        • API String ID: 0-3085556167
        • Opcode ID: e3029704b66e82293be65cc54ae32b2e7c29bee9795703e84d057461b9faa674
        • Instruction ID: 8193dba193fec809871dd768a7306e46e87ab67dbf18efe0b7b889695a7b2c33
        • Opcode Fuzzy Hash: e3029704b66e82293be65cc54ae32b2e7c29bee9795703e84d057461b9faa674
        • Instruction Fuzzy Hash: CE418C36219AC491DB60AF51E5417EEA7A0F784BC4F489436DA8D9BB68DF38C845C350
        Function 00A67811 Relevance: 6.4, Strings: 5, Instructions: 106COMMON
        Download Yara Rule
        Strings
        • runtime.SetFinalizer: cannot pass runtime: g is running but p is notschedule: spinning with local workslice bounds out of range [%x:%y:]slice bounds out of range [:%x:%y]attempt to clear non-empty span setfindrunnable: netpoll with spinninggreyobject: obj not , xrefs: 00A67A76, 00A67ACD, 00A67B37
        • because dotdotdotGC worker (active)bad lfnode addressbad manualFreeListchunk out of ordercleantimers: bad pcompression methoddimension overflowelem align too bigforEachP: not donegarbage collectionindex out of rangeruntime.semacreateruntime.semawakeupstopping, xrefs: 00A67AFC
        • to finalizer GC assist waitGC worker initbad allocCountbad restart PCbad span statefinalizer waitkey size wrongnil elem type!no module datanot a PNG filesemaRoot queuestack overflowstopm spinningstore64 failedsync.Cond.WaituserArenaStatework.full != 0bad IEND, xrefs: 00A67A61, 00A67AB8, 00A67B22
        • , not a function0123456789ABCDEF0123456789abcdefGC scavenge waitGC worker (idle)GODEBUG: value "bad g transitionbad special kindbad summary databad symbol tablecastogscanstatusgc: unswept spaninteger overflowinvalid checksuminvalid g statusmSpanList.insertmSpa, xrefs: 00A67B5D
        • runtime.SetFinalizer: second argument is runtime: blocked read on closing polldescruntime: typeBitsBulkBarrier without typestopTheWorld: not stopped (stopwait != 0)acquireSudog: found s.elem != nil in cachefatal error: cgo callback before cgo callnon-empty ma, xrefs: 00A67B6C
        Memory Dump Source
        • Source File: 00000000.00000002.2909639961.0000000000A51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A50000, based on PE: true
        • Associated: 00000000.00000002.2909617835.0000000000A50000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.0000000001394000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.00000000015BD000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.00000000015C5000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910936888.000000000190D000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910954066.000000000191B000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910966422.000000000191C000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910978367.000000000191D000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910998753.000000000193F000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911011367.0000000001945000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.0000000001948000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.000000000197B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.0000000001981000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.00000000019A8000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.00000000019B0000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911088322.00000000019BD000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911099132.00000000019BE000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_a50000_Doc.jbxd
        Yara matches
        Similarity
        • API ID:
        • String ID: because dotdotdotGC worker (active)bad lfnode addressbad manualFreeListchunk out of ordercleantimers: bad pcompression methoddimension overflowelem align too bigforEachP: not donegarbage collectionindex out of rangeruntime.semacreateruntime.semawakeupstopping$ to finalizer GC assist waitGC worker initbad allocCountbad restart PCbad span statefinalizer waitkey size wrongnil elem type!no module datanot a PNG filesemaRoot queuestack overflowstopm spinningstore64 failedsync.Cond.WaituserArenaStatework.full != 0bad IEND$, not a function0123456789ABCDEF0123456789abcdefGC scavenge waitGC worker (idle)GODEBUG: value "bad g transitionbad special kindbad summary databad symbol tablecastogscanstatusgc: unswept spaninteger overflowinvalid checksuminvalid g statusmSpanList.insertmSpa$runtime.SetFinalizer: cannot pass runtime: g is running but p is notschedule: spinning with local workslice bounds out of range [%x:%y:]slice bounds out of range [:%x:%y]attempt to clear non-empty span setfindrunnable: netpoll with spinninggreyobject: obj not $runtime.SetFinalizer: second argument is runtime: blocked read on closing polldescruntime: typeBitsBulkBarrier without typestopTheWorld: not stopped (stopwait != 0)acquireSudog: found s.elem != nil in cachefatal error: cgo callback before cgo callnon-empty ma
        • API String ID: 0-3085556167
        • Opcode ID: 8def15daa32ac21819fa39e0150d6e50fe4ce55b2250a204ad02e9bed867f8ea
        • Instruction ID: e4f806a7bf0ae404d6422370f75f543da02bbc6dbc207784e3f7aead2028a62f
        • Opcode Fuzzy Hash: 8def15daa32ac21819fa39e0150d6e50fe4ce55b2250a204ad02e9bed867f8ea
        • Instruction Fuzzy Hash: C141BD36219BC4D1DB60AF51E5407EEA7A0F780BC4F489436DA8D97B68DF38C845C350
        Function 00A6781D Relevance: 6.4, Strings: 5, Instructions: 106COMMON
        Download Yara Rule
        Strings
        • runtime.SetFinalizer: cannot pass runtime: g is running but p is notschedule: spinning with local workslice bounds out of range [%x:%y:]slice bounds out of range [:%x:%y]attempt to clear non-empty span setfindrunnable: netpoll with spinninggreyobject: obj not , xrefs: 00A67A76, 00A67ACD, 00A67B37
        • because dotdotdotGC worker (active)bad lfnode addressbad manualFreeListchunk out of ordercleantimers: bad pcompression methoddimension overflowelem align too bigforEachP: not donegarbage collectionindex out of rangeruntime.semacreateruntime.semawakeupstopping, xrefs: 00A67AFC
        • to finalizer GC assist waitGC worker initbad allocCountbad restart PCbad span statefinalizer waitkey size wrongnil elem type!no module datanot a PNG filesemaRoot queuestack overflowstopm spinningstore64 failedsync.Cond.WaituserArenaStatework.full != 0bad IEND, xrefs: 00A67A61, 00A67AB8, 00A67B22
        • , not a function0123456789ABCDEF0123456789abcdefGC scavenge waitGC worker (idle)GODEBUG: value "bad g transitionbad special kindbad summary databad symbol tablecastogscanstatusgc: unswept spaninteger overflowinvalid checksuminvalid g statusmSpanList.insertmSpa, xrefs: 00A67B5D
        • runtime.SetFinalizer: second argument is runtime: blocked read on closing polldescruntime: typeBitsBulkBarrier without typestopTheWorld: not stopped (stopwait != 0)acquireSudog: found s.elem != nil in cachefatal error: cgo callback before cgo callnon-empty ma, xrefs: 00A67B6C
        Memory Dump Source
        • Source File: 00000000.00000002.2909639961.0000000000A51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A50000, based on PE: true
        • Associated: 00000000.00000002.2909617835.0000000000A50000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.0000000001394000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.00000000015BD000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.00000000015C5000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910936888.000000000190D000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910954066.000000000191B000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910966422.000000000191C000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910978367.000000000191D000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910998753.000000000193F000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911011367.0000000001945000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.0000000001948000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.000000000197B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.0000000001981000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.00000000019A8000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.00000000019B0000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911088322.00000000019BD000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911099132.00000000019BE000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_a50000_Doc.jbxd
        Yara matches
        Similarity
        • API ID:
        • String ID: because dotdotdotGC worker (active)bad lfnode addressbad manualFreeListchunk out of ordercleantimers: bad pcompression methoddimension overflowelem align too bigforEachP: not donegarbage collectionindex out of rangeruntime.semacreateruntime.semawakeupstopping$ to finalizer GC assist waitGC worker initbad allocCountbad restart PCbad span statefinalizer waitkey size wrongnil elem type!no module datanot a PNG filesemaRoot queuestack overflowstopm spinningstore64 failedsync.Cond.WaituserArenaStatework.full != 0bad IEND$, not a function0123456789ABCDEF0123456789abcdefGC scavenge waitGC worker (idle)GODEBUG: value "bad g transitionbad special kindbad summary databad symbol tablecastogscanstatusgc: unswept spaninteger overflowinvalid checksuminvalid g statusmSpanList.insertmSpa$runtime.SetFinalizer: cannot pass runtime: g is running but p is notschedule: spinning with local workslice bounds out of range [%x:%y:]slice bounds out of range [:%x:%y]attempt to clear non-empty span setfindrunnable: netpoll with spinninggreyobject: obj not $runtime.SetFinalizer: second argument is runtime: blocked read on closing polldescruntime: typeBitsBulkBarrier without typestopTheWorld: not stopped (stopwait != 0)acquireSudog: found s.elem != nil in cachefatal error: cgo callback before cgo callnon-empty ma
        • API String ID: 0-3085556167
        • Opcode ID: e3029704b66e82293be65cc54ae32b2e7c29bee9795703e84d057461b9faa674
        • Instruction ID: 8193dba193fec809871dd768a7306e46e87ab67dbf18efe0b7b889695a7b2c33
        • Opcode Fuzzy Hash: e3029704b66e82293be65cc54ae32b2e7c29bee9795703e84d057461b9faa674
        • Instruction Fuzzy Hash: CE418C36219AC491DB60AF51E5417EEA7A0F784BC4F489436DA8D9BB68DF38C845C350
        Function 00A677FF Relevance: 6.4, Strings: 5, Instructions: 106COMMON
        Download Yara Rule
        Strings
        • runtime.SetFinalizer: cannot pass runtime: g is running but p is notschedule: spinning with local workslice bounds out of range [%x:%y:]slice bounds out of range [:%x:%y]attempt to clear non-empty span setfindrunnable: netpoll with spinninggreyobject: obj not , xrefs: 00A67A76, 00A67ACD, 00A67B37
        • because dotdotdotGC worker (active)bad lfnode addressbad manualFreeListchunk out of ordercleantimers: bad pcompression methoddimension overflowelem align too bigforEachP: not donegarbage collectionindex out of rangeruntime.semacreateruntime.semawakeupstopping, xrefs: 00A67AFC
        • to finalizer GC assist waitGC worker initbad allocCountbad restart PCbad span statefinalizer waitkey size wrongnil elem type!no module datanot a PNG filesemaRoot queuestack overflowstopm spinningstore64 failedsync.Cond.WaituserArenaStatework.full != 0bad IEND, xrefs: 00A67A61, 00A67AB8, 00A67B22
        • , not a function0123456789ABCDEF0123456789abcdefGC scavenge waitGC worker (idle)GODEBUG: value "bad g transitionbad special kindbad summary databad symbol tablecastogscanstatusgc: unswept spaninteger overflowinvalid checksuminvalid g statusmSpanList.insertmSpa, xrefs: 00A67B5D
        • runtime.SetFinalizer: second argument is runtime: blocked read on closing polldescruntime: typeBitsBulkBarrier without typestopTheWorld: not stopped (stopwait != 0)acquireSudog: found s.elem != nil in cachefatal error: cgo callback before cgo callnon-empty ma, xrefs: 00A67B6C
        Memory Dump Source
        • Source File: 00000000.00000002.2909639961.0000000000A51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A50000, based on PE: true
        • Associated: 00000000.00000002.2909617835.0000000000A50000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.0000000001394000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.00000000015BD000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.00000000015C5000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910936888.000000000190D000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910954066.000000000191B000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910966422.000000000191C000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910978367.000000000191D000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910998753.000000000193F000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911011367.0000000001945000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.0000000001948000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.000000000197B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.0000000001981000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.00000000019A8000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.00000000019B0000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911088322.00000000019BD000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911099132.00000000019BE000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_a50000_Doc.jbxd
        Yara matches
        Similarity
        • API ID:
        • String ID: because dotdotdotGC worker (active)bad lfnode addressbad manualFreeListchunk out of ordercleantimers: bad pcompression methoddimension overflowelem align too bigforEachP: not donegarbage collectionindex out of rangeruntime.semacreateruntime.semawakeupstopping$ to finalizer GC assist waitGC worker initbad allocCountbad restart PCbad span statefinalizer waitkey size wrongnil elem type!no module datanot a PNG filesemaRoot queuestack overflowstopm spinningstore64 failedsync.Cond.WaituserArenaStatework.full != 0bad IEND$, not a function0123456789ABCDEF0123456789abcdefGC scavenge waitGC worker (idle)GODEBUG: value "bad g transitionbad special kindbad summary databad symbol tablecastogscanstatusgc: unswept spaninteger overflowinvalid checksuminvalid g statusmSpanList.insertmSpa$runtime.SetFinalizer: cannot pass runtime: g is running but p is notschedule: spinning with local workslice bounds out of range [%x:%y:]slice bounds out of range [:%x:%y]attempt to clear non-empty span setfindrunnable: netpoll with spinninggreyobject: obj not $runtime.SetFinalizer: second argument is runtime: blocked read on closing polldescruntime: typeBitsBulkBarrier without typestopTheWorld: not stopped (stopwait != 0)acquireSudog: found s.elem != nil in cachefatal error: cgo callback before cgo callnon-empty ma
        • API String ID: 0-3085556167
        • Opcode ID: 228b276f11dca8996c6b3cc7813882409041e3e95cbc8022311e6af9cf4b1c42
        • Instruction ID: c7bd5e9f14486a6d125747ec5b0f4bc82730d1f5266d60b988c9841650aeeeb2
        • Opcode Fuzzy Hash: 228b276f11dca8996c6b3cc7813882409041e3e95cbc8022311e6af9cf4b1c42
        • Instruction Fuzzy Hash: 9E41BD36219BC4D1DB60AF51E5407EEA7A0F780BC4F489436DA8D97B68DF38C445C350
        Function 00A677F9 Relevance: 6.4, Strings: 5, Instructions: 106COMMON
        Download Yara Rule
        Strings
        • runtime.SetFinalizer: cannot pass runtime: g is running but p is notschedule: spinning with local workslice bounds out of range [%x:%y:]slice bounds out of range [:%x:%y]attempt to clear non-empty span setfindrunnable: netpoll with spinninggreyobject: obj not , xrefs: 00A67A76, 00A67ACD, 00A67B37
        • because dotdotdotGC worker (active)bad lfnode addressbad manualFreeListchunk out of ordercleantimers: bad pcompression methoddimension overflowelem align too bigforEachP: not donegarbage collectionindex out of rangeruntime.semacreateruntime.semawakeupstopping, xrefs: 00A67AFC
        • to finalizer GC assist waitGC worker initbad allocCountbad restart PCbad span statefinalizer waitkey size wrongnil elem type!no module datanot a PNG filesemaRoot queuestack overflowstopm spinningstore64 failedsync.Cond.WaituserArenaStatework.full != 0bad IEND, xrefs: 00A67A61, 00A67AB8, 00A67B22
        • , not a function0123456789ABCDEF0123456789abcdefGC scavenge waitGC worker (idle)GODEBUG: value "bad g transitionbad special kindbad summary databad symbol tablecastogscanstatusgc: unswept spaninteger overflowinvalid checksuminvalid g statusmSpanList.insertmSpa, xrefs: 00A67B5D
        • runtime.SetFinalizer: second argument is runtime: blocked read on closing polldescruntime: typeBitsBulkBarrier without typestopTheWorld: not stopped (stopwait != 0)acquireSudog: found s.elem != nil in cachefatal error: cgo callback before cgo callnon-empty ma, xrefs: 00A67B6C
        Memory Dump Source
        • Source File: 00000000.00000002.2909639961.0000000000A51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A50000, based on PE: true
        • Associated: 00000000.00000002.2909617835.0000000000A50000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.0000000001394000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.00000000015BD000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.00000000015C5000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910936888.000000000190D000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910954066.000000000191B000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910966422.000000000191C000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910978367.000000000191D000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910998753.000000000193F000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911011367.0000000001945000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.0000000001948000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.000000000197B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.0000000001981000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.00000000019A8000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.00000000019B0000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911088322.00000000019BD000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911099132.00000000019BE000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_a50000_Doc.jbxd
        Yara matches
        Similarity
        • API ID:
        • String ID: because dotdotdotGC worker (active)bad lfnode addressbad manualFreeListchunk out of ordercleantimers: bad pcompression methoddimension overflowelem align too bigforEachP: not donegarbage collectionindex out of rangeruntime.semacreateruntime.semawakeupstopping$ to finalizer GC assist waitGC worker initbad allocCountbad restart PCbad span statefinalizer waitkey size wrongnil elem type!no module datanot a PNG filesemaRoot queuestack overflowstopm spinningstore64 failedsync.Cond.WaituserArenaStatework.full != 0bad IEND$, not a function0123456789ABCDEF0123456789abcdefGC scavenge waitGC worker (idle)GODEBUG: value "bad g transitionbad special kindbad summary databad symbol tablecastogscanstatusgc: unswept spaninteger overflowinvalid checksuminvalid g statusmSpanList.insertmSpa$runtime.SetFinalizer: cannot pass runtime: g is running but p is notschedule: spinning with local workslice bounds out of range [%x:%y:]slice bounds out of range [:%x:%y]attempt to clear non-empty span setfindrunnable: netpoll with spinninggreyobject: obj not $runtime.SetFinalizer: second argument is runtime: blocked read on closing polldescruntime: typeBitsBulkBarrier without typestopTheWorld: not stopped (stopwait != 0)acquireSudog: found s.elem != nil in cachefatal error: cgo callback before cgo callnon-empty ma
        • API String ID: 0-3085556167
        • Opcode ID: 18079060157b2f74b509579926625fbbb82bd605daad94e33dbe9c1d66561070
        • Instruction ID: f328095666df3fde2df81a0af24bfa7099fd6685af2dec2f41736cab243e8c78
        • Opcode Fuzzy Hash: 18079060157b2f74b509579926625fbbb82bd605daad94e33dbe9c1d66561070
        • Instruction Fuzzy Hash: 71419D36219BC4D1DB60AF51E5417EEA7A0F784BC4F489436DA8D97B68DF38C845C350
        Function 00A515C0 Relevance: 5.4, Strings: 4, Instructions: 445COMMON
        Download Yara Rule
        Strings
        • avx2basebindbitsbmi1bmi2boolcallcap cas1cas2cas3cas4cas5cas6casechancx16datedef=dialelseenumermsetagexecfailfilefromftpsfuncgotogziphosthourhttpicmpidleigmpint8itabkindlazylinklistnamenoneopenpathpipepop3quitreadrootseeksizesmtpspansse2sse3synctRNStar, xrefs: 00A51AB5, 00A51AD2
        • sse41sse42ssse3startsudogsweeptext/tls: traceuint8unameusageutf-8valueweak=writexxxxx Value%s: %s%s: %v%v: %v, not , val .local.onion.proto0x%08x390625; and <-chanACARIDALIYOSARGALSASLOPEAnswerArabicAugustBIOGASBOINGSBOSQUEBinaryBitBltBrahmiCANCELCHAKRACHINASC, xrefs: 00A5189F, 00A518BC
        • popcntproto2proto3rdrandrdseedrdtscpreadatrealmsremoverenamereturnrune1 secondselectsendtoserversetenvsint32sint64socketsocks5stringstructswitchsyntaxsysmontelnettimersuint16uint32uint64unusedustar ustar, xrefs: 00A517F1, 00A5180F
        • pclmulqdqpreemptedprofBlockrwxrwxrwxstackpooltracebackwbufSpansBad varintGOMAXPROCSGOMEMLIMITatomicand8debug callexitThreadfloat32nanfloat64nanmSpanInUsenotifyListprofInsertsemacquirestackLargeunknown pcassistQueuebad m valuebad timedivcgocall nilfloat32nan2fl, xrefs: 00A51646
        Memory Dump Source
        • Source File: 00000000.00000002.2909639961.0000000000A51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A50000, based on PE: true
        • Associated: 00000000.00000002.2909617835.0000000000A50000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.0000000001394000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.00000000015BD000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.00000000015C5000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910936888.000000000190D000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910954066.000000000191B000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910966422.000000000191C000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910978367.000000000191D000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910998753.000000000193F000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911011367.0000000001945000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.0000000001948000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.000000000197B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.0000000001981000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.00000000019A8000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.00000000019B0000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911088322.00000000019BD000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911099132.00000000019BE000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_a50000_Doc.jbxd
        Yara matches
        Similarity
        • API ID:
        • String ID: avx2basebindbitsbmi1bmi2boolcallcap cas1cas2cas3cas4cas5cas6casechancx16datedef=dialelseenumermsetagexecfailfilefromftpsfuncgotogziphosthourhttpicmpidleigmpint8itabkindlazylinklistnamenoneopenpathpipepop3quitreadrootseeksizesmtpspansse2sse3synctRNStar$pclmulqdqpreemptedprofBlockrwxrwxrwxstackpooltracebackwbufSpansBad varintGOMAXPROCSGOMEMLIMITatomicand8debug callexitThreadfloat32nanfloat64nanmSpanInUsenotifyListprofInsertsemacquirestackLargeunknown pcassistQueuebad m valuebad timedivcgocall nilfloat32nan2fl$popcntproto2proto3rdrandrdseedrdtscpreadatrealmsremoverenamereturnrune1 secondselectsendtoserversetenvsint32sint64socketsocks5stringstructswitchsyntaxsysmontelnettimersuint16uint32uint64unusedustar ustar$sse41sse42ssse3startsudogsweeptext/tls: traceuint8unameusageutf-8valueweak=writexxxxx Value%s: %s%s: %v%v: %v, not , val .local.onion.proto0x%08x390625; and <-chanACARIDALIYOSARGALSASLOPEAnswerArabicAugustBIOGASBOINGSBOSQUEBinaryBitBltBrahmiCANCELCHAKRACHINASC
        • API String ID: 0-719224210
        • Opcode ID: a5de56e5f2956aad604c5be4a10da7ef0b832d35a1c06ccceb76862ceaa18d82
        • Instruction ID: 725ad1bc403560b69c5ed611a6f641ff3bfdf6ccd32bd6e6200322d716744a3d
        • Opcode Fuzzy Hash: a5de56e5f2956aad604c5be4a10da7ef0b832d35a1c06ccceb76862ceaa18d82
        • Instruction Fuzzy Hash: D132B836210A89E2EB00DF21E8557E93BB1F785B89FC54626DA5D87725EF38C14EC381
        Function 00A6C620 Relevance: 5.3, Strings: 4, Instructions: 314COMMON
        Download Yara Rule
        Strings
        • mark - bad statusmarkBits overflowmissing closing )missing closing ]notetsleepg on g0runtime.newosprocruntime/internal/scanobject n == 0select (no cases)swept cached spansync.RWMutex.Lockthread exhaustionunknown caller pcwait for GC cycle because dotdotdotGC w, xrefs: 00A6C824
        • scanstack: goroutine not stoppedscavenger state is already wiredslice bounds out of range [%x::]slice bounds out of range [:%x:]slice bounds out of range [::%x]sweep increased allocation countGODEBUG: no value specified for "concurrent map read and map writefi, xrefs: 00A6CB67
        • scanstack - bad statussend on closed channelspan has no free spacestack not a power of 2trace reader (blocked)trace: alloc too largeunexpected length codewirep: invalid p state", missing CPU supportchan receive (nil chan)close of closed channelfatal: morestac, xrefs: 00A6CB80
        • can't scan our own stackdouble traceGCSweepStartgcDrainN phase incorrecthash of unhashable type invalid interlace methodpageAlloc: out of memoryqueuefinalizer during GCrange partially overlapsrunqsteal: runq overflowspan has no free objectsupdate during transi, xrefs: 00A6CB45
        Memory Dump Source
        • Source File: 00000000.00000002.2909639961.0000000000A51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A50000, based on PE: true
        • Associated: 00000000.00000002.2909617835.0000000000A50000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.0000000001394000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.00000000015BD000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.00000000015C5000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910936888.000000000190D000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910954066.000000000191B000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910966422.000000000191C000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910978367.000000000191D000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910998753.000000000193F000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911011367.0000000001945000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.0000000001948000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.000000000197B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.0000000001981000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.00000000019A8000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.00000000019B0000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911088322.00000000019BD000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911099132.00000000019BE000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_a50000_Doc.jbxd
        Yara matches
        Similarity
        • API ID:
        • String ID: can't scan our own stackdouble traceGCSweepStartgcDrainN phase incorrecthash of unhashable type invalid interlace methodpageAlloc: out of memoryqueuefinalizer during GCrange partially overlapsrunqsteal: runq overflowspan has no free objectsupdate during transi$mark - bad statusmarkBits overflowmissing closing )missing closing ]notetsleepg on g0runtime.newosprocruntime/internal/scanobject n == 0select (no cases)swept cached spansync.RWMutex.Lockthread exhaustionunknown caller pcwait for GC cycle because dotdotdotGC w$scanstack - bad statussend on closed channelspan has no free spacestack not a power of 2trace reader (blocked)trace: alloc too largeunexpected length codewirep: invalid p state", missing CPU supportchan receive (nil chan)close of closed channelfatal: morestac$scanstack: goroutine not stoppedscavenger state is already wiredslice bounds out of range [%x::]slice bounds out of range [:%x:]slice bounds out of range [::%x]sweep increased allocation countGODEBUG: no value specified for "concurrent map read and map writefi
        • API String ID: 0-2201561079
        • Opcode ID: f47121f8243b17a58c1009406edd726af0939e48ee3ab469f520f592ede4c030
        • Instruction ID: 790d83088323d8123405b8d6affe10fc7c41d31c3eeefd4dc442348db4dc04b0
        • Opcode Fuzzy Hash: f47121f8243b17a58c1009406edd726af0939e48ee3ab469f520f592ede4c030
        • Instruction Fuzzy Hash: E9D15672708BC486DB24DB65E1807EEB7B1F799BA4F489126DA9C53B59CF38C441CB40
        Function 00A69A60 Relevance: 5.2, Strings: 4, Instructions: 198COMMON
        Download Yara Rule
        Strings
        • gcBgMarkWorker: blackening not enabledindex out of range [%x] with length %yinternal error: exit hook invoked exitm changed unexpectedly in cgocallbackgmakechan: invalid channel element typeruntime: blocked read on free polldescruntime: sudog with non-false is, xrefs: 00A69DE0
        • work.nwait > work.nprocbad defer entry in panicbypassed recovery failedcan't scan our own stackdouble traceGCSweepStartgcDrainN phase incorrecthash of unhashable type invalid interlace methodpageAlloc: out of memoryqueuefinalizer during GCrange partially overl, xrefs: 00A69DAA
        • GC worker initbad allocCountbad restart PCbad span statefinalizer waitkey size wrongnil elem type!no module datanot a PNG filesemaRoot queuestack overflowstopm spinningstore64 failedsync.Cond.WaituserArenaStatework.full != 0bad IEND lengthbad IHDR lengthbad PL, xrefs: 00A69A95, 00A69AAC
        • work.nwait was > work.nprocFixedStack is not power-of-2comparing uncomparable type fatal: morestack on gsignalfindrunnable: netpoll with pfound pointer to free objectgcBgMarkWorker: mode not setgcstopm: negative nmspinninginvalid runtime symbol tablemissing s, xrefs: 00A69DBB
        Memory Dump Source
        • Source File: 00000000.00000002.2909639961.0000000000A51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A50000, based on PE: true
        • Associated: 00000000.00000002.2909617835.0000000000A50000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.0000000001394000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.00000000015BD000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.00000000015C5000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910936888.000000000190D000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910954066.000000000191B000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910966422.000000000191C000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910978367.000000000191D000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910998753.000000000193F000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911011367.0000000001945000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.0000000001948000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.000000000197B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.0000000001981000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.00000000019A8000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.00000000019B0000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911088322.00000000019BD000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911099132.00000000019BE000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_a50000_Doc.jbxd
        Yara matches
        Similarity
        • API ID:
        • String ID: GC worker initbad allocCountbad restart PCbad span statefinalizer waitkey size wrongnil elem type!no module datanot a PNG filesemaRoot queuestack overflowstopm spinningstore64 failedsync.Cond.WaituserArenaStatework.full != 0bad IEND lengthbad IHDR lengthbad PL$gcBgMarkWorker: blackening not enabledindex out of range [%x] with length %yinternal error: exit hook invoked exitm changed unexpectedly in cgocallbackgmakechan: invalid channel element typeruntime: blocked read on free polldescruntime: sudog with non-false is$work.nwait > work.nprocbad defer entry in panicbypassed recovery failedcan't scan our own stackdouble traceGCSweepStartgcDrainN phase incorrecthash of unhashable type invalid interlace methodpageAlloc: out of memoryqueuefinalizer during GCrange partially overl$work.nwait was > work.nprocFixedStack is not power-of-2comparing uncomparable type fatal: morestack on gsignalfindrunnable: netpoll with pfound pointer to free objectgcBgMarkWorker: mode not setgcstopm: negative nmspinninginvalid runtime symbol tablemissing s
        • API String ID: 0-1962062076
        • Opcode ID: 008f3bc98e5f345925bb0d8452fa083d12a872bbcf768cab88acaf5311196a6c
        • Instruction ID: a92b55e279899418676f82f1b7530371508cbf11bf8307f5a8f0b557add27374
        • Opcode Fuzzy Hash: 008f3bc98e5f345925bb0d8452fa083d12a872bbcf768cab88acaf5311196a6c
        • Instruction Fuzzy Hash: C191BC32215B84C6DB40DF25F48439A77B9F78ABD4F544226EA9C43BA8DF39C49AC740
        Function 00A94E40 Relevance: 5.2, Strings: 4, Instructions: 180COMMON
        Download Yara Rule
        Strings
        • stack size not a power of 2stopTheWorld: holding lockstimer when must be positivetoo many callback functionswork.nwait was > work.nprocFixedStack is not power-of-2comparing uncomparable type fatal: morestack on gsignalfindrunnable: netpoll with pfound pointer, xrefs: 00A950DC
        • out of memoryprofMemActiveprofMemFuturetraceStackTabvalue method xadd64 failedxchg64 failed to finalizer GC assist waitGC worker initbad allocCountbad restart PCbad span statefinalizer waitkey size wrongnil elem type!no module datanot a PNG filesemaRoot queues, xrefs: 00A94FBD
        • out of memory (stackalloc)persistentalloc: size == 0shrinking stack in libcallssh: invalid packet lengthstartlockedm: locked to meuse of invalid sweepLockerwakep: negative nmspinningCurveP256CurveP384CurveP521G waiting list is corruptedaddress not a stack addr, xrefs: 00A94EE4
        • stackalloc not on scheduler stackstoplockedm: inconsistent lockingtimer period must be non-negativeVirtualQuery for stack base faileddoaddtimer: P already set in timerforEachP: sched.safePointWait != 0invalid nested repetition operatorinvalid or unsupported Pe, xrefs: 00A950ED
        Memory Dump Source
        • Source File: 00000000.00000002.2909639961.0000000000A51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A50000, based on PE: true
        • Associated: 00000000.00000002.2909617835.0000000000A50000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.0000000001394000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.00000000015BD000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.00000000015C5000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910936888.000000000190D000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910954066.000000000191B000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910966422.000000000191C000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910978367.000000000191D000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910998753.000000000193F000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911011367.0000000001945000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.0000000001948000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.000000000197B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.0000000001981000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.00000000019A8000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.00000000019B0000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911088322.00000000019BD000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911099132.00000000019BE000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_a50000_Doc.jbxd
        Yara matches
        Similarity
        • API ID:
        • String ID: out of memory (stackalloc)persistentalloc: size == 0shrinking stack in libcallssh: invalid packet lengthstartlockedm: locked to meuse of invalid sweepLockerwakep: negative nmspinningCurveP256CurveP384CurveP521G waiting list is corruptedaddress not a stack addr$out of memoryprofMemActiveprofMemFuturetraceStackTabvalue method xadd64 failedxchg64 failed to finalizer GC assist waitGC worker initbad allocCountbad restart PCbad span statefinalizer waitkey size wrongnil elem type!no module datanot a PNG filesemaRoot queues$stack size not a power of 2stopTheWorld: holding lockstimer when must be positivetoo many callback functionswork.nwait was > work.nprocFixedStack is not power-of-2comparing uncomparable type fatal: morestack on gsignalfindrunnable: netpoll with pfound pointer$stackalloc not on scheduler stackstoplockedm: inconsistent lockingtimer period must be non-negativeVirtualQuery for stack base faileddoaddtimer: P already set in timerforEachP: sched.safePointWait != 0invalid nested repetition operatorinvalid or unsupported Pe
        • API String ID: 0-1500535864
        • Opcode ID: 6db8fa64df1efbb3773e3396d0ba04a65db8e56877b4a145caec94a450694326
        • Instruction ID: c4362dfffedb5a0f587be9b1ed42ece8fac8ab393d5e01c39fdf03cff20a25ca
        • Opcode Fuzzy Hash: 6db8fa64df1efbb3773e3396d0ba04a65db8e56877b4a145caec94a450694326
        • Instruction Fuzzy Hash: 09618C36704B908AEF10DB11E0913AEB7A5F789B80F544526EB8E47B69DF38C846C750
        Function 00A5D3A0 Relevance: 5.2, Strings: 4, Instructions: 163COMMON
        Download Yara Rule
        Strings
        • persistentalloc: align is not a power of 2runtime: blocked write on closing polldescsweep: tried to preserve a user arena spanunexpected signal during runtime executiongcBgMarkWorker: unexpected gcMarkWorkerModegrew heap, but no adequate free space foundmethod, xrefs: 00A5D610
        • persistentalloc: size == 0shrinking stack in libcallssh: invalid packet lengthstartlockedm: locked to meuse of invalid sweepLockerwakep: negative nmspinningCurveP256CurveP384CurveP521G waiting list is corruptedaddress not a stack addresscould not find QPC sysc, xrefs: 00A5D625
        • persistentalloc: align is too largepidleput: P has non-empty run queueruntime: close polldesc w/o unblockruntime: inconsistent read deadlinessh: invalid packet length multipletraceback did not unwind completely0123456789abcdefghijklmnopqrstuvwxyzGo pointer sto, xrefs: 00A5D5FF
        • runtime: cannot allocate memoryruntime: failed to commit pagesslice bounds out of range [%x:]slice bounds out of range [:%x]unsafe.String: len out of rangewriteBytes with unfinished bits (types from different packages)WSAGetOverlappedResult not found" not supp, xrefs: 00A5D5DE
        Memory Dump Source
        • Source File: 00000000.00000002.2909639961.0000000000A51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A50000, based on PE: true
        • Associated: 00000000.00000002.2909617835.0000000000A50000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.0000000001394000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.00000000015BD000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.00000000015C5000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910936888.000000000190D000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910954066.000000000191B000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910966422.000000000191C000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910978367.000000000191D000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910998753.000000000193F000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911011367.0000000001945000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.0000000001948000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.000000000197B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.0000000001981000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.00000000019A8000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.00000000019B0000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911088322.00000000019BD000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911099132.00000000019BE000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_a50000_Doc.jbxd
        Yara matches
        Similarity
        • API ID:
        • String ID: persistentalloc: align is not a power of 2runtime: blocked write on closing polldescsweep: tried to preserve a user arena spanunexpected signal during runtime executiongcBgMarkWorker: unexpected gcMarkWorkerModegrew heap, but no adequate free space foundmethod$persistentalloc: align is too largepidleput: P has non-empty run queueruntime: close polldesc w/o unblockruntime: inconsistent read deadlinessh: invalid packet length multipletraceback did not unwind completely0123456789abcdefghijklmnopqrstuvwxyzGo pointer sto$persistentalloc: size == 0shrinking stack in libcallssh: invalid packet lengthstartlockedm: locked to meuse of invalid sweepLockerwakep: negative nmspinningCurveP256CurveP384CurveP521G waiting list is corruptedaddress not a stack addresscould not find QPC sysc$runtime: cannot allocate memoryruntime: failed to commit pagesslice bounds out of range [%x:]slice bounds out of range [:%x]unsafe.String: len out of rangewriteBytes with unfinished bits (types from different packages)WSAGetOverlappedResult not found" not supp
        • API String ID: 0-479432679
        • Opcode ID: a40b7d1a6fd6d53848b6456d03b7f85f267e5096eee88c86434239630e70422d
        • Instruction ID: 195c61cdd4cb5c581a1815402362657295addaa880272483ef1f9c5fcb7d4af1
        • Opcode Fuzzy Hash: a40b7d1a6fd6d53848b6456d03b7f85f267e5096eee88c86434239630e70422d
        • Instruction Fuzzy Hash: 0C615672605B8482DB20DF05E58039AB775F788BD8F989526EF8E17B28DF38C589C741
        Function 00A658E0 Relevance: 5.1, Strings: 4, Instructions: 131COMMON
        Download Yara Rule
        Strings
        • span has no free spacestack not a power of 2trace reader (blocked)trace: alloc too largeunexpected length codewirep: invalid p state", missing CPU supportchan receive (nil chan)close of closed channelfatal: morestack on g0garbage collection scangcDrain phase, xrefs: 00A65AB1
        • bad sweepgen in refillcall not at safe pointcompileCallabck: type duplicated defer entryfreeIndex is not validgetenv before env initheadTailIndex overflowinteger divide by zerointerface conversion: kernel32.dll not foundminpc or maxpc invalidnon-positive dimen, xrefs: 00A65AE5
        • out of memoryprofMemActiveprofMemFuturetraceStackTabvalue method xadd64 failedxchg64 failed to finalizer GC assist waitGC worker initbad allocCountbad restart PCbad span statefinalizer waitkey size wrongnil elem type!no module datanot a PNG filesemaRoot queues, xrefs: 00A65AC5
        • refill of span with free space remainingruntime.SetFinalizer: first argument is runtime.preemptM: duplicatehandle failedruntime: SyscallN has too many argumentsattempted to add zero-sized address rangegcSweep being done but phase is not GCoffmheap.freeSpanLock, xrefs: 00A65AF6
        Memory Dump Source
        • Source File: 00000000.00000002.2909639961.0000000000A51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A50000, based on PE: true
        • Associated: 00000000.00000002.2909617835.0000000000A50000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.0000000001394000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.00000000015BD000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910387662.00000000015C5000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910936888.000000000190D000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910954066.000000000191B000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910966422.000000000191C000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910978367.000000000191D000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2910998753.000000000193F000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911011367.0000000001945000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.0000000001948000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.000000000197B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.0000000001981000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.00000000019A8000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911022579.00000000019B0000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911088322.00000000019BD000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2911099132.00000000019BE000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_a50000_Doc.jbxd
        Yara matches
        Similarity
        • API ID:
        • String ID: bad sweepgen in refillcall not at safe pointcompileCallabck: type duplicated defer entryfreeIndex is not validgetenv before env initheadTailIndex overflowinteger divide by zerointerface conversion: kernel32.dll not foundminpc or maxpc invalidnon-positive dimen$out of memoryprofMemActiveprofMemFuturetraceStackTabvalue method xadd64 failedxchg64 failed to finalizer GC assist waitGC worker initbad allocCountbad restart PCbad span statefinalizer waitkey size wrongnil elem type!no module datanot a PNG filesemaRoot queues$refill of span with free space remainingruntime.SetFinalizer: first argument is runtime.preemptM: duplicatehandle failedruntime: SyscallN has too many argumentsattempted to add zero-sized address rangegcSweep being done but phase is not GCoffmheap.freeSpanLock$span has no free spacestack not a power of 2trace reader (blocked)trace: alloc too largeunexpected length codewirep: invalid p state", missing CPU supportchan receive (nil chan)close of closed channelfatal: morestack on g0garbage collection scangcDrain phase
        • API String ID: 0-3123902989
        • Opcode ID: 20b029167fad7b8202ac85be021f60e8e21880a9cf659ace3fab8a93b1df4ec1
        • Instruction ID: da6374bae56b277dcb2b93f65e47e4738fbf51335d1cf7a1c4a1cce930c769a1
        • Opcode Fuzzy Hash: 20b029167fad7b8202ac85be021f60e8e21880a9cf659ace3fab8a93b1df4ec1
        • Instruction Fuzzy Hash: D0518A72614B9486CB10DF15E8903AE77B5FB89B84F888122EB8D07B69DF3CC949C750