Edit tour

Windows Analysis Report
MDE_File_Sample_a180428075a5fd23e3c8a51395fe04afb13da029.zip

Overview

General Information

Sample name:	MDE_File_Sample_a180428075a5fd23e3c8a51395fe04afb13da029.zip
Analysis ID:	1545603
MD5:	c66f729c7ea4996b377039d99d7f6c28
SHA1:	29e5576d99dd1c66f228db18c2fff1e85a021519
SHA256:	e6a72ab4e6f7887f0fd3c3290a7e32523f0a7bdd3386cdc326bef65d0d03552e
Infos:

Detection

Score:	23
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Potentially malicious time measurement code found

Contains functionality for execution timing, often used to detect debuggers

Detected potential crypto function

Found inlined nop instructions (likely shell or obfuscated code)

Found potential string decryption / allocating functions

Program does not show much activity (idle)

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64_ra

rundll32.exe (PID: 4584 cmdline: C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding MD5: EF3179D498793BF4234F708D3BE28633)

Keygen.exe (PID: 1236 cmdline: "C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_a180428075a5fd23e3c8a51395fe04afb13da029.zip\Keygen.exe" MD5: B4AD50848588BDDE39F4F81F6671628B)

conhost.exe (PID: 4300 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Keygen.exe (PID: 5580 cmdline: "C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_a180428075a5fd23e3c8a51395fe04afb13da029.zip\Keygen.exe" MD5: B4AD50848588BDDE39F4F81F6671628B)

conhost.exe (PID: 6068 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Keygen.exe (PID: 6304 cmdline: "C:\Users\user\Desktop\MDE_File_Sample_a180428075a5fd23e3c8a51395fe04afb13da029\Keygen.exe" MD5: B4AD50848588BDDE39F4F81F6671628B)

conhost.exe (PID: 6312 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Keygen.exe (PID: 6456 cmdline: "C:\Users\user\Desktop\MDE_File_Sample_a180428075a5fd23e3c8a51395fe04afb13da029\Keygen.exe" MD5: B4AD50848588BDDE39F4F81F6671628B)

conhost.exe (PID: 6464 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Keygen.exe (PID: 6552 cmdline: "C:\Users\user\Desktop\MDE_File_Sample_a180428075a5fd23e3c8a51395fe04afb13da029\Keygen.exe" MD5: B4AD50848588BDDE39F4F81F6671628B)

conhost.exe (PID: 6560 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Keygen.exe (PID: 4704 cmdline: "C:\Users\user\Desktop\MDE_File_Sample_a180428075a5fd23e3c8a51395fe04afb13da029\Keygen.exe" MD5: B4AD50848588BDDE39F4F81F6671628B)

conhost.exe (PID: 6268 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Keygen.exe (PID: 1036 cmdline: "C:\Users\user\Desktop\MDE_File_Sample_a180428075a5fd23e3c8a51395fe04afb13da029\Keygen.exe" MD5: B4AD50848588BDDE39F4F81F6671628B)

conhost.exe (PID: 400 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Keygen.exe (PID: 5044 cmdline: "C:\Users\user\Desktop\Keygen.exe" MD5: B4AD50848588BDDE39F4F81F6671628B)

conhost.exe (PID: 2312 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_a180428075a5fd23e3c8a51395fe04afb13da029.zip\Keygen.exe	Code function: 4x nop then mov rsi, r9		4_2_001058E0
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_a180428075a5fd23e3c8a51395fe04afb13da029.zip\Keygen.exe	Code function: 4x nop then mov rdi, 0000800000000000h		4_2_00104B20

Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_a180428075a5fd23e3c8a51395fe04afb13da029.zip\Keygen.exe	Code function: 4_2_000E5420	4_2_000E5420
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_a180428075a5fd23e3c8a51395fe04afb13da029.zip\Keygen.exe	Code function: 4_2_0011F480	4_2_0011F480
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_a180428075a5fd23e3c8a51395fe04afb13da029.zip\Keygen.exe	Code function: 4_2_000FBCA0	4_2_000FBCA0
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_a180428075a5fd23e3c8a51395fe04afb13da029.zip\Keygen.exe	Code function: 4_2_000EBCE0	4_2_000EBCE0
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_a180428075a5fd23e3c8a51395fe04afb13da029.zip\Keygen.exe	Code function: 4_2_000E84E0	4_2_000E84E0
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_a180428075a5fd23e3c8a51395fe04afb13da029.zip\Keygen.exe	Code function: 4_2_001058E0	4_2_001058E0
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_a180428075a5fd23e3c8a51395fe04afb13da029.zip\Keygen.exe	Code function: 4_2_000E5D00	4_2_000E5D00
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_a180428075a5fd23e3c8a51395fe04afb13da029.zip\Keygen.exe	Code function: 4_2_000EB120	4_2_000EB120
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_a180428075a5fd23e3c8a51395fe04afb13da029.zip\Keygen.exe	Code function: 4_2_000E6180	4_2_000E6180
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_a180428075a5fd23e3c8a51395fe04afb13da029.zip\Keygen.exe	Code function: 4_2_00112DA0	4_2_00112DA0
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_a180428075a5fd23e3c8a51395fe04afb13da029.zip\Keygen.exe	Code function: 4_2_000F69C0	4_2_000F69C0
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_a180428075a5fd23e3c8a51395fe04afb13da029.zip\Keygen.exe	Code function: 4_2_001231C0	4_2_001231C0
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_a180428075a5fd23e3c8a51395fe04afb13da029.zip\Keygen.exe	Code function: 4_2_000F1AA0	4_2_000F1AA0
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_a180428075a5fd23e3c8a51395fe04afb13da029.zip\Keygen.exe	Code function: 4_2_001016C0	4_2_001016C0
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_a180428075a5fd23e3c8a51395fe04afb13da029.zip\Keygen.exe	Code function: 4_2_000F96E0	4_2_000F96E0
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_a180428075a5fd23e3c8a51395fe04afb13da029.zip\Keygen.exe	Code function: 4_2_00121F00	4_2_00121F00
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_a180428075a5fd23e3c8a51395fe04afb13da029.zip\Keygen.exe	Code function: 4_2_00104B20	4_2_00104B20
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_a180428075a5fd23e3c8a51395fe04afb13da029.zip\Keygen.exe	Code function: 4_2_00106B40	4_2_00106B40
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_a180428075a5fd23e3c8a51395fe04afb13da029.zip\Keygen.exe	Code function: 4_2_00110340	4_2_00110340
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_a180428075a5fd23e3c8a51395fe04afb13da029.zip\Keygen.exe	Code function: 4_2_000EA760	4_2_000EA760
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_a180428075a5fd23e3c8a51395fe04afb13da029.zip\Keygen.exe	Code function: 4_2_000FCF60	4_2_000FCF60
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_a180428075a5fd23e3c8a51395fe04afb13da029.zip\Keygen.exe	Code function: 4_2_000F2780	4_2_000F2780
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_a180428075a5fd23e3c8a51395fe04afb13da029.zip\Keygen.exe	Code function: 4_2_00102380	4_2_00102380
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_a180428075a5fd23e3c8a51395fe04afb13da029.zip\Keygen.exe	Code function: 4_2_00104FC0	4_2_00104FC0
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_a180428075a5fd23e3c8a51395fe04afb13da029.zip\Keygen.exe	Code function: 4_2_0010D7C0	4_2_0010D7C0

Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_a180428075a5fd23e3c8a51395fe04afb13da029.zip\Keygen.exe	Code function: String function: 0010FB40 appears 323 times
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_a180428075a5fd23e3c8a51395fe04afb13da029.zip\Keygen.exe	Code function: String function: 001227A0 appears 37 times

Source: classification engine

Classification label: sus23.evad.winZIP@17/0@0/0

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6268:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6560:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6464:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6068:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:400:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4300:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2312:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6312:120:WilError_03

Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_a180428075a5fd23e3c8a51395fe04afb13da029.zip\Keygen.exe	File opened: C:\Windows\system32\75548224bf2c1f17b00f8cd347c64b71799871b3bfe9225e88bc706be3015896AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_a180428075a5fd23e3c8a51395fe04afb13da029.zip\Keygen.exe	File opened: C:\Windows\system32\611ba3cdcb11afb68755104e56c2d8371ca6161be2276ecf333fd9678d55f3f0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA	Jump to behavior
Source: C:\Users\user\Desktop\MDE_File_Sample_a180428075a5fd23e3c8a51395fe04afb13da029\Keygen.exe	File opened: C:\Windows\system32\44e9a29dc1e6355c0dd1b46c1774409c1f74fc07cdc7cb46efe2188d65a3ff93AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA	Jump to behavior
Source: C:\Users\user\Desktop\MDE_File_Sample_a180428075a5fd23e3c8a51395fe04afb13da029\Keygen.exe	File opened: C:\Windows\system32\c5011dd4c2e8318e06c30dad8a094386c6b420e29733e535ceb384ad8e38aa6aAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA	Jump to behavior
Source: C:\Users\user\Desktop\MDE_File_Sample_a180428075a5fd23e3c8a51395fe04afb13da029\Keygen.exe	File opened: C:\Windows\system32\8744d673472c9b5ef703c1165ea8a5888e74937694e2934cdc70314e5bf78a03AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA	Jump to behavior
Source: C:\Users\user\Desktop\MDE_File_Sample_a180428075a5fd23e3c8a51395fe04afb13da029\Keygen.exe	File opened: C:\Windows\system32\a5269e9b68e367e606b74f36daa107168983bc0cf72574dcf5c3bef023d3966bAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA	Jump to behavior
Source: C:\Users\user\Desktop\MDE_File_Sample_a180428075a5fd23e3c8a51395fe04afb13da029\Keygen.exe	File opened: C:\Windows\system32\22d0dbef0aa1a35dab6a9a96574958792fa3c11f3b75bd91a77ecf72056efda5AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA	Jump to behavior
Source: C:\Users\user\Desktop\Keygen.exe	File opened: C:\Windows\system32\d88ebffa1635166688494eb95ff40d260bfe7af1927a4226313c5efff0fa6c69AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA	Jump to behavior

Source: C:\Windows\System32\rundll32.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown

Process created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

Source: unknown	Process created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_a180428075a5fd23e3c8a51395fe04afb13da029.zip\Keygen.exe "C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_a180428075a5fd23e3c8a51395fe04afb13da029.zip\Keygen.exe"
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_a180428075a5fd23e3c8a51395fe04afb13da029.zip\Keygen.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_a180428075a5fd23e3c8a51395fe04afb13da029.zip\Keygen.exe "C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_a180428075a5fd23e3c8a51395fe04afb13da029.zip\Keygen.exe"
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_a180428075a5fd23e3c8a51395fe04afb13da029.zip\Keygen.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Users\user\Desktop\MDE_File_Sample_a180428075a5fd23e3c8a51395fe04afb13da029\Keygen.exe "C:\Users\user\Desktop\MDE_File_Sample_a180428075a5fd23e3c8a51395fe04afb13da029\Keygen.exe"
Source: C:\Users\user\Desktop\MDE_File_Sample_a180428075a5fd23e3c8a51395fe04afb13da029\Keygen.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Users\user\Desktop\MDE_File_Sample_a180428075a5fd23e3c8a51395fe04afb13da029\Keygen.exe "C:\Users\user\Desktop\MDE_File_Sample_a180428075a5fd23e3c8a51395fe04afb13da029\Keygen.exe"
Source: C:\Users\user\Desktop\MDE_File_Sample_a180428075a5fd23e3c8a51395fe04afb13da029\Keygen.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Users\user\Desktop\MDE_File_Sample_a180428075a5fd23e3c8a51395fe04afb13da029\Keygen.exe "C:\Users\user\Desktop\MDE_File_Sample_a180428075a5fd23e3c8a51395fe04afb13da029\Keygen.exe"
Source: C:\Users\user\Desktop\MDE_File_Sample_a180428075a5fd23e3c8a51395fe04afb13da029\Keygen.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Users\user\Desktop\MDE_File_Sample_a180428075a5fd23e3c8a51395fe04afb13da029\Keygen.exe "C:\Users\user\Desktop\MDE_File_Sample_a180428075a5fd23e3c8a51395fe04afb13da029\Keygen.exe"
Source: C:\Users\user\Desktop\MDE_File_Sample_a180428075a5fd23e3c8a51395fe04afb13da029\Keygen.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Users\user\Desktop\MDE_File_Sample_a180428075a5fd23e3c8a51395fe04afb13da029\Keygen.exe "C:\Users\user\Desktop\MDE_File_Sample_a180428075a5fd23e3c8a51395fe04afb13da029\Keygen.exe"
Source: C:\Users\user\Desktop\MDE_File_Sample_a180428075a5fd23e3c8a51395fe04afb13da029\Keygen.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Users\user\Desktop\Keygen.exe "C:\Users\user\Desktop\Keygen.exe"
Source: C:\Users\user\Desktop\Keygen.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_a180428075a5fd23e3c8a51395fe04afb13da029.zip\Keygen.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_a180428075a5fd23e3c8a51395fe04afb13da029.zip\Keygen.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_a180428075a5fd23e3c8a51395fe04afb13da029.zip\Keygen.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_a180428075a5fd23e3c8a51395fe04afb13da029.zip\Keygen.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_a180428075a5fd23e3c8a51395fe04afb13da029.zip\Keygen.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_a180428075a5fd23e3c8a51395fe04afb13da029.zip\Keygen.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_a180428075a5fd23e3c8a51395fe04afb13da029.zip\Keygen.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_a180428075a5fd23e3c8a51395fe04afb13da029.zip\Keygen.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_a180428075a5fd23e3c8a51395fe04afb13da029.zip\Keygen.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\Desktop\MDE_File_Sample_a180428075a5fd23e3c8a51395fe04afb13da029\Keygen.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\MDE_File_Sample_a180428075a5fd23e3c8a51395fe04afb13da029\Keygen.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\MDE_File_Sample_a180428075a5fd23e3c8a51395fe04afb13da029\Keygen.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\MDE_File_Sample_a180428075a5fd23e3c8a51395fe04afb13da029\Keygen.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\Desktop\MDE_File_Sample_a180428075a5fd23e3c8a51395fe04afb13da029\Keygen.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\Desktop\MDE_File_Sample_a180428075a5fd23e3c8a51395fe04afb13da029\Keygen.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\MDE_File_Sample_a180428075a5fd23e3c8a51395fe04afb13da029\Keygen.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\MDE_File_Sample_a180428075a5fd23e3c8a51395fe04afb13da029\Keygen.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\Desktop\MDE_File_Sample_a180428075a5fd23e3c8a51395fe04afb13da029\Keygen.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\Desktop\MDE_File_Sample_a180428075a5fd23e3c8a51395fe04afb13da029\Keygen.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\MDE_File_Sample_a180428075a5fd23e3c8a51395fe04afb13da029\Keygen.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\MDE_File_Sample_a180428075a5fd23e3c8a51395fe04afb13da029\Keygen.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\Desktop\MDE_File_Sample_a180428075a5fd23e3c8a51395fe04afb13da029\Keygen.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\Desktop\MDE_File_Sample_a180428075a5fd23e3c8a51395fe04afb13da029\Keygen.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\MDE_File_Sample_a180428075a5fd23e3c8a51395fe04afb13da029\Keygen.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\MDE_File_Sample_a180428075a5fd23e3c8a51395fe04afb13da029\Keygen.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\Desktop\MDE_File_Sample_a180428075a5fd23e3c8a51395fe04afb13da029\Keygen.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\Desktop\MDE_File_Sample_a180428075a5fd23e3c8a51395fe04afb13da029\Keygen.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\MDE_File_Sample_a180428075a5fd23e3c8a51395fe04afb13da029\Keygen.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\MDE_File_Sample_a180428075a5fd23e3c8a51395fe04afb13da029\Keygen.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\Desktop\MDE_File_Sample_a180428075a5fd23e3c8a51395fe04afb13da029\Keygen.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\Desktop\Keygen.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Keygen.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\Keygen.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\Keygen.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\Desktop\Keygen.exe	Section loaded: umpdc.dll	Jump to behavior

Source: MDE_File_Sample_a180428075a5fd23e3c8a51395fe04afb13da029.zip

Static file information: File size 1118749 > 1048576

Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_a180428075a5fd23e3c8a51395fe04afb13da029.zip\Keygen.exe

Code function: 4_2_000F4388 push rdx; retf

4_2_000F438B

Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_a180428075a5fd23e3c8a51395fe04afb13da029.zip\Keygen.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_a180428075a5fd23e3c8a51395fe04afb13da029.zip\Keygen.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_a180428075a5fd23e3c8a51395fe04afb13da029.zip\Keygen.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_a180428075a5fd23e3c8a51395fe04afb13da029.zip\Keygen.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MDE_File_Sample_a180428075a5fd23e3c8a51395fe04afb13da029\Keygen.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MDE_File_Sample_a180428075a5fd23e3c8a51395fe04afb13da029\Keygen.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MDE_File_Sample_a180428075a5fd23e3c8a51395fe04afb13da029\Keygen.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MDE_File_Sample_a180428075a5fd23e3c8a51395fe04afb13da029\Keygen.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MDE_File_Sample_a180428075a5fd23e3c8a51395fe04afb13da029\Keygen.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MDE_File_Sample_a180428075a5fd23e3c8a51395fe04afb13da029\Keygen.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MDE_File_Sample_a180428075a5fd23e3c8a51395fe04afb13da029\Keygen.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MDE_File_Sample_a180428075a5fd23e3c8a51395fe04afb13da029\Keygen.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MDE_File_Sample_a180428075a5fd23e3c8a51395fe04afb13da029\Keygen.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MDE_File_Sample_a180428075a5fd23e3c8a51395fe04afb13da029\Keygen.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Keygen.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Keygen.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_a180428075a5fd23e3c8a51395fe04afb13da029.zip\Keygen.exe

Code function: 4_2_00134600 rdtscp

4_2_00134600

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: Keygen.exe, 00000004.00000002.1222885370.00000000000E1000.00000040.00000001.01000000.00000006.sdmp	Binary or memory string: HgFSPvd9fLU
Source: Keygen.exe, 00000004.00000002.1225280053.00000268D423D000.00000004.00000020.00020000.00000000.sdmp, Keygen.exe, 00000006.00000002.1249958428.000001BCE0263000.00000004.00000020.00020000.00000000.sdmp, Keygen.exe, 0000000E.00000002.1339564342.0000022D61607000.00000004.00000020.00020000.00000000.sdmp, Keygen.exe, 00000010.00000002.1444017001.0000028816613000.00000004.00000020.00020000.00000000.sdmp, Keygen.exe, 00000012.00000002.1452965431.00000216D1B13000.00000004.00000020.00020000.00000000.sdmp, Keygen.exe, 0000001C.00000002.2152799450.0000019939958000.00000004.00000020.00020000.00000000.sdmp, Keygen.exe, 0000001E.00000002.2185757771.00000170B1473000.00000004.00000020.00020000.00000000.sdmp, Keygen.exe, 00000021.00000002.2271446351.0000021B0659C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Anti Debugging

Potentially malicious time measurement code found

Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_a180428075a5fd23e3c8a51395fe04afb13da029.zip\Keygen.exe

Code function: 4_2_00134600 Start: 00134609 End: 0013461F

4_2_00134600

Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_a180428075a5fd23e3c8a51395fe04afb13da029.zip\Keygen.exe

Code function: 4_2_00134600 rdtscp

4_2_00134600

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 DLL Side-Loading	1 Process Injection	1 Rundll32	OS Credential Dumping	11 Security Software Discovery	Remote Services	1 Archive Collected Data	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 DLL Side-Loading	1 Process Injection	LSASS Memory	1 System Information Discovery	Remote Desktop Protocol	Data from Removable Media	Junk Data	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 Deobfuscate/Decode Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Steganography	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 DLL Side-Loading	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	3 Obfuscated Files or Information	LSA Secrets	Internet Connection Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1545603
Start date and time:	2024-10-30 17:55:34 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 18s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	35
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	MDE_File_Sample_a180428075a5fd23e3c8a51395fe04afb13da029.zip
Detection:	SUS
Classification:	sus23.evad.winZIP@17/0@0/0
EGA Information:	Failed
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .zip

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, SgrmBroker.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe
Excluded domains from analysis (whitelisted): www.bing.com, fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, login.live.com, evoke-windowsservices-tas.msedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Execution Graph export aborted for target Keygen.exe, PID 1236 because there are no executed function
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: MDE_File_Sample_a180428075a5fd23e3c8a51395fe04afb13da029.zip

File type:	Zip archive data, at least v2.0 to extract, compression method=deflate
Entropy (8bit):	7.999830396323533
TrID:	ZIP compressed archive (8000/1) 100.00%
File name:	MDE_File_Sample_a180428075a5fd23e3c8a51395fe04afb13da029.zip
File size:	1'118'749 bytes
MD5:	c66f729c7ea4996b377039d99d7f6c28
SHA1:	29e5576d99dd1c66f228db18c2fff1e85a021519
SHA256:	e6a72ab4e6f7887f0fd3c3290a7e32523f0a7bdd3386cdc326bef65d0d03552e
SHA512:	264a56820c5f90b5f62d1a5d748ea14bfea6e00e762b4305936b0746e0219870ea466c5d43961495d866c85289238f5cff905eb666d1e1dc05236edb4417e7ef
SSDEEP:	24576:IJIQJ0Q5x2C+PSrlmItTELKQYmm4UeIwArlFLhY55BkL2:IJIE5YSrkwELp1ItzLhj2
TLSH:	DD3533185666FABFD838BA5D5C20842D8AA7536D097FF27ED305648015CFBC8E41793C
File Content Preview:	PK..........^YO.G._....p....$.Keygen.exe.. .........E..{...E..{...>..{.*...:...s.>va.{......h........rs..{".?..m.......A..Z..b..%..NP.......f.x.u.]7..8........W.....y1..s....6...o?....>S..'..L.$.c-H{. ....u2...G.F..24.O.s..0..e.@.....@..w.Wk.}g..+Y.....

File Icon


Icon Hash:	1c1c1e4e4ececedc

Target ID:	0
Start time:	12:56:16
Start date:	30/10/2024
Path:	C:\Windows\System32\rundll32.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Imagebase:	0x7ff796b00000
File size:	71'680 bytes
MD5 hash:	EF3179D498793BF4234F708D3BE28633
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	12:56:21
Start date:	30/10/2024
Path:	C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_a180428075a5fd23e3c8a51395fe04afb13da029.zip\Keygen.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_a180428075a5fd23e3c8a51395fe04afb13da029.zip\Keygen.exe"
Imagebase:	0xe0000
File size:	1'142'784 bytes
MD5 hash:	B4AD50848588BDDE39F4F81F6671628B
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	Go lang
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	5
Start time:	12:56:22
Start date:	30/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff772470000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	12:56:24
Start date:	30/10/2024
Path:	C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_a180428075a5fd23e3c8a51395fe04afb13da029.zip\Keygen.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_a180428075a5fd23e3c8a51395fe04afb13da029.zip\Keygen.exe"
Imagebase:	0xdd0000
File size:	1'142'784 bytes
MD5 hash:	B4AD50848588BDDE39F4F81F6671628B
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	Go lang
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	12:56:24
Start date:	30/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff772470000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	14
Start time:	12:56:33
Start date:	30/10/2024
Path:	C:\Users\user\Desktop\MDE_File_Sample_a180428075a5fd23e3c8a51395fe04afb13da029\Keygen.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Desktop\MDE_File_Sample_a180428075a5fd23e3c8a51395fe04afb13da029\Keygen.exe"
Imagebase:	0x340000
File size:	1'142'784 bytes
MD5 hash:	B4AD50848588BDDE39F4F81F6671628B
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	Go lang
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	15
Start time:	12:56:33
Start date:	30/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff772470000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	16
Start time:	12:56:44
Start date:	30/10/2024
Path:	C:\Users\user\Desktop\MDE_File_Sample_a180428075a5fd23e3c8a51395fe04afb13da029\Keygen.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Desktop\MDE_File_Sample_a180428075a5fd23e3c8a51395fe04afb13da029\Keygen.exe"
Imagebase:	0x340000
File size:	1'142'784 bytes
MD5 hash:	B4AD50848588BDDE39F4F81F6671628B
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	Go lang
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	17
Start time:	12:56:44
Start date:	30/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff772470000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	18
Start time:	12:56:44
Start date:	30/10/2024
Path:	C:\Users\user\Desktop\MDE_File_Sample_a180428075a5fd23e3c8a51395fe04afb13da029\Keygen.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Desktop\MDE_File_Sample_a180428075a5fd23e3c8a51395fe04afb13da029\Keygen.exe"
Imagebase:	0x340000
File size:	1'142'784 bytes
MD5 hash:	B4AD50848588BDDE39F4F81F6671628B
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	Go lang
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	19
Start time:	12:56:44
Start date:	30/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff772470000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	28
Start time:	12:57:54
Start date:	30/10/2024
Path:	C:\Users\user\Desktop\MDE_File_Sample_a180428075a5fd23e3c8a51395fe04afb13da029\Keygen.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Desktop\MDE_File_Sample_a180428075a5fd23e3c8a51395fe04afb13da029\Keygen.exe"
Imagebase:	0x340000
File size:	1'142'784 bytes
MD5 hash:	B4AD50848588BDDE39F4F81F6671628B
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	Go lang
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	29
Start time:	12:57:54
Start date:	30/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff772470000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	30
Start time:	12:57:58
Start date:	30/10/2024
Path:	C:\Users\user\Desktop\MDE_File_Sample_a180428075a5fd23e3c8a51395fe04afb13da029\Keygen.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Desktop\MDE_File_Sample_a180428075a5fd23e3c8a51395fe04afb13da029\Keygen.exe"
Imagebase:	0x340000
File size:	1'142'784 bytes
MD5 hash:	B4AD50848588BDDE39F4F81F6671628B
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	Go lang
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	31
Start time:	12:57:58
Start date:	30/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff772470000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	33
Start time:	12:58:06
Start date:	30/10/2024
Path:	C:\Users\user\Desktop\Keygen.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Desktop\Keygen.exe"
Imagebase:	0xb60000
File size:	1'142'784 bytes
MD5 hash:	B4AD50848588BDDE39F4F81F6671628B
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	Go lang
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	34
Start time:	12:58:06
Start date:	30/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff772470000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Function 000EB120 Relevance: 9.3, Strings: 7, Instructions: 512COMMON

Download Yara Rule

Strings

malloc deadlockmisaligned maskmissing mcache?preempt SPWRITErecovery failedruntime error: runtimer: bad pscan missed a gstartm: m has pstopm holding psync.Mutex.Locktraceback stuck, not a function0123456789abcdefGC scavenge waitGC worker (idle)GODEBUG: value ", xrefs: 000EB925
mallocgc called without a P or outside bootstrappingruntime.SetFinalizer: pointer not in allocated blockspan set block with unpopped elements found in resetcompileCallback: argument size is larger than uintptrgcControllerState.findRunnable: blackening not enab, xrefs: 000EB8FF
delayed zeroing on data that may contain pointersfully empty unfreed span set block found in resetinvalid memory address or nil pointer dereferencepanicwrap: unexpected string after package name: runtime: unexpected waitm - semaphore out of syncs.allocCount !=, xrefs: 000EB8B7
!"#$%%&&''((()))*++,,,,,------....//////0001123333333333444444444455666677777888888888889999999999::::::;;;;;;;;;;;;;;;;<<<<<<<<<<<<<<<<=====>>>>>>>>>>>??????????@@@@@@@@@@@@@@@@@@@@@@AAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC, xrefs: 000EB48D
mallocgc called with gcphase == _GCmarkterminationrecursive call during initialization - linker skewruntime: unable to acquire - semaphore out of syncfatal: systemstack called from unexpected goroutinelimiterEvent.stop: invalid limiter event type foundpotentia, xrefs: 000EB936
R,QO, xrefs: 000EB852
malloc during signalnotetsleep not on g0p mcache not flushedreflect.makeFuncStubruntime: double waitsemaRoot rotateRighttrace: out of memorywirep: already in goworkbuf is not emptyws2_32.dll not foundasync stack too largecheckdead: runnable gconcurrent map wri, xrefs: 000EB910

Memory Dump Source

Source File: 00000004.00000002.1222885370.00000000000E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000004.00000002.1222859789.00000000000E0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.0000000000404000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.000000000042B000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.0000000000431000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.000000000043A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1223665680.000000000043F000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_e0000_Keygen.jbxd

Similarity

API ID:
String ID: !"#$%%&&''((()))*++,,,,,------....//////0001123333333333444444444455666677777888888888889999999999::::::;;;;;;;;;;;;;;;;<<<<<<<<<<<<<<<<=====>>>>>>>>>>>??????????@@@@@@@@@@@@@@@@@@@@@@AAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC$R,QO$delayed zeroing on data that may contain pointersfully empty unfreed span set block found in resetinvalid memory address or nil pointer dereferencepanicwrap: unexpected string after package name: runtime: unexpected waitm - semaphore out of syncs.allocCount !=$malloc deadlockmisaligned maskmissing mcache?preempt SPWRITErecovery failedruntime error: runtimer: bad pscan missed a gstartm: m has pstopm holding psync.Mutex.Locktraceback stuck, not a function0123456789abcdefGC scavenge waitGC worker (idle)GODEBUG: value "$malloc during signalnotetsleep not on g0p mcache not flushedreflect.makeFuncStubruntime: double waitsemaRoot rotateRighttrace: out of memorywirep: already in goworkbuf is not emptyws2_32.dll not foundasync stack too largecheckdead: runnable gconcurrent map wri$mallocgc called with gcphase == _GCmarkterminationrecursive call during initialization - linker skewruntime: unable to acquire - semaphore out of syncfatal: systemstack called from unexpected goroutinelimiterEvent.stop: invalid limiter event type foundpotentia$mallocgc called without a P or outside bootstrappingruntime.SetFinalizer: pointer not in allocated blockspan set block with unpopped elements found in resetcompileCallback: argument size is larger than uintptrgcControllerState.findRunnable: blackening not enab
API String ID: 0-3586407233
Opcode ID: 0ce40730cf4cc91940823083135d02b41a9ab769d11f01be9a054d8291e9cbbe
Instruction ID: 25f38f83a1724ef0b7299ec4a2215d2709081a739c3a3a5b737318c85e4dad0c
Opcode Fuzzy Hash: 0ce40730cf4cc91940823083135d02b41a9ab769d11f01be9a054d8291e9cbbe
Instruction Fuzzy Hash: D822C0B2608BD48ADB60DB16E0407AFB7A5F785BD4F485126EF8D27B95CB78C844CB00

Function 000EA760 Relevance: 6.6, Strings: 5, Instructions: 349COMMON

Download Yara Rule

Strings

out of memory allocating heap arena metadataspan on userArena.faultList has invalid sizeunsafe.Slice: ptr is nil and len is not zeroexitsyscall: syscall frame is no longer validproduced a trigger greater than the heap goaltransitioning GC to the same state as , xrefs: 000EAB06
memory reservation exceeds address space limitpanicwrap: unexpected string after type name: released less than one physical page of memoryruntime: name offset base pointer out of rangeruntime: text offset base pointer out of rangeruntime: type offset base poin, xrefs: 000EAE0B
misrounded allocation in sysAllocruntime: failed to decommit pagesruntime: name offset out of rangeruntime: text offset out of rangeruntime: type offset out of rangeslice bounds out of range [%x:%y]stackalloc not on scheduler stackstoplockedm: inconsistent loc, xrefs: 000EADFA
out of memory allocating allArenasruntime.SetFinalizer: cannot pass runtime: g is running but p is notschedule: spinning with local workslice bounds out of range [%x:%y:]slice bounds out of range [:%x:%y]attempt to clear non-empty span setfindrunnable: netpoll, xrefs: 000EAAF5
out of memory allocating heap arena mapruntime: blocked write on free polldescstack growth not allowed in system callsuspendG from non-preemptible goroutinebulkBarrierPreWrite: unaligned argumentscannot free workbufs when work.full != 0failed to acquire lock t, xrefs: 000EAB28

Memory Dump Source

Source File: 00000004.00000002.1222885370.00000000000E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000004.00000002.1222859789.00000000000E0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.0000000000404000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.000000000042B000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.0000000000431000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.000000000043A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1223665680.000000000043F000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_e0000_Keygen.jbxd

Similarity

API ID:
String ID: memory reservation exceeds address space limitpanicwrap: unexpected string after type name: released less than one physical page of memoryruntime: name offset base pointer out of rangeruntime: text offset base pointer out of rangeruntime: type offset base poin$misrounded allocation in sysAllocruntime: failed to decommit pagesruntime: name offset out of rangeruntime: text offset out of rangeruntime: type offset out of rangeslice bounds out of range [%x:%y]stackalloc not on scheduler stackstoplockedm: inconsistent loc$out of memory allocating allArenasruntime.SetFinalizer: cannot pass runtime: g is running but p is notschedule: spinning with local workslice bounds out of range [%x:%y:]slice bounds out of range [:%x:%y]attempt to clear non-empty span setfindrunnable: netpoll$out of memory allocating heap arena mapruntime: blocked write on free polldescstack growth not allowed in system callsuspendG from non-preemptible goroutinebulkBarrierPreWrite: unaligned argumentscannot free workbufs when work.full != 0failed to acquire lock t$out of memory allocating heap arena metadataspan on userArena.faultList has invalid sizeunsafe.Slice: ptr is nil and len is not zeroexitsyscall: syscall frame is no longer validproduced a trigger greater than the heap goaltransitioning GC to the same state as
API String ID: 0-3773051866
Opcode ID: 40dd76eba4d6151403181751151a75fbff1c175b63ad36bb4f339405fedd2d14
Instruction ID: 0433a481f76e07f54340bb914e744b8d7f753b8202443122b8db606bd3e9c57b
Opcode Fuzzy Hash: 40dd76eba4d6151403181751151a75fbff1c175b63ad36bb4f339405fedd2d14
Instruction Fuzzy Hash: 03F1AC32708BC486DB608B52E4403AAB7A5F39AB90F448222EFED67789DF7CD445C741

Function 000F69C0 Relevance: 5.5, Strings: 4, Instructions: 545COMMON

Download Yara Rule

Strings

failed to set sweep barriergcstopm: not waiting for gcgrowslice: len out of rangeinternal lockOSThread errorinvalid profile bucket typemakechan: size out of rangemakeslice: cap out of rangemakeslice: len out of rangemspan.sweep: bad span stateprogToPointerMask, xrefs: 000F73AC
gc done but gcphase != _GCoffgfput: bad status (not Gdead)invalid function symbol tableinvalid length of trace eventnotesleep - waitm out of syncruntime.semasleep wait_failedruntime: impossible type kindruntime: split stack overflowruntime: sudog with non-nil , xrefs: 000F73BD
gcinggnamegscanhchanhttpsimap2imap3imapsint16int32int64mheapmonthmtimentohspanicpop3sschedsleepslicesse41sse42ssse3sudogsweeptraceuint8unameusagewrite Value%s: %v, not 390625; and <-chanAnswerArabicAugustBrahmiCarianChakmaCommonCopticFormatFridayGetACPGothicHa, xrefs: 000F6A97, 000F6AAD
., xrefs: 000F70A6

Memory Dump Source

Source File: 00000004.00000002.1222885370.00000000000E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000004.00000002.1222859789.00000000000E0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.0000000000404000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.000000000042B000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.0000000000431000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.000000000043A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1223665680.000000000043F000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_e0000_Keygen.jbxd

Similarity

API ID:
String ID: .$failed to set sweep barriergcstopm: not waiting for gcgrowslice: len out of rangeinternal lockOSThread errorinvalid profile bucket typemakechan: size out of rangemakeslice: cap out of rangemakeslice: len out of rangemspan.sweep: bad span stateprogToPointerMask$gc done but gcphase != _GCoffgfput: bad status (not Gdead)invalid function symbol tableinvalid length of trace eventnotesleep - waitm out of syncruntime.semasleep wait_failedruntime: impossible type kindruntime: split stack overflowruntime: sudog with non-nil $gcinggnamegscanhchanhttpsimap2imap3imapsint16int32int64mheapmonthmtimentohspanicpop3sschedsleepslicesse41sse42ssse3sudogsweeptraceuint8unameusagewrite Value%s: %v, not 390625; and <-chanAnswerArabicAugustBrahmiCarianChakmaCommonCopticFormatFridayGetACPGothicHa
API String ID: 0-2430345980
Opcode ID: 5c613234390541f7f69f85d6e831bd332e35fded33b6c6c6bd768e1b40cccbdc
Instruction ID: 3864c57599f3c4608d1be27903e69c89fc334b5371610a057677b1d5d0ca0ebb
Opcode Fuzzy Hash: 5c613234390541f7f69f85d6e831bd332e35fded33b6c6c6bd768e1b40cccbdc
Instruction Fuzzy Hash: 79428C72618B8485EB51CF25F8813AA73A4F79AB84F849227DB8D53B65DF3CC185C740

Function 000E6180 Relevance: 2.9, Strings: 2, Instructions: 418COMMON

Download Yara Rule

Strings

G waiting list is corruptedaddress not a stack addresscould not find QPC syscallsfailed to set sweep barriergcstopm: not waiting for gcgrowslice: len out of rangeinternal lockOSThread errorinvalid profile bucket typemakechan: size out of rangemakeslice: cap ou, xrefs: 000E66E4
unreachableabi mismatchbad flushGenbad g statusbad g0 stackbad recoverycan't happencas64 failedchan receivedumping heapentersyscallgcBitsArenaslfstack.pushmheapSpecialmspanSpecialself-preemptspanSetSpinesweepWaiterstraceStrings is nil, not , not pointerGC swee, xrefs: 000E6330

Memory Dump Source

Source File: 00000004.00000002.1222885370.00000000000E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000004.00000002.1222859789.00000000000E0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.0000000000404000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.000000000042B000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.0000000000431000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.000000000043A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1223665680.000000000043F000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_e0000_Keygen.jbxd

Similarity

API ID:
String ID: G waiting list is corruptedaddress not a stack addresscould not find QPC syscallsfailed to set sweep barriergcstopm: not waiting for gcgrowslice: len out of rangeinternal lockOSThread errorinvalid profile bucket typemakechan: size out of rangemakeslice: cap ou$unreachableabi mismatchbad flushGenbad g statusbad g0 stackbad recoverycan't happencas64 failedchan receivedumping heapentersyscallgcBitsArenaslfstack.pushmheapSpecialmspanSpecialself-preemptspanSetSpinesweepWaiterstraceStrings is nil, not , not pointerGC swee
API String ID: 0-3448506067
Opcode ID: 0b9170af7c3d9150c12c0583d6c936c96e6012339bf26788d39933967163e8fb
Instruction ID: 3f14b189aa70498297af173da26f9e2fa209dd821d0d49cf6eac5d3b2f850b23
Opcode Fuzzy Hash: 0b9170af7c3d9150c12c0583d6c936c96e6012339bf26788d39933967163e8fb
Instruction Fuzzy Hash: 3002CE72704BC48ADB64DB26F44039AB7A1F7A9BC4F988026DB8C57B5ACF7AC445C740

Function 000E5420 Relevance: 2.9, Strings: 2, Instructions: 381COMMON

Download Yara Rule

Strings

G waiting list is corruptedaddress not a stack addresscould not find QPC syscallsfailed to set sweep barriergcstopm: not waiting for gcgrowslice: len out of rangeinternal lockOSThread errorinvalid profile bucket typemakechan: size out of rangemakeslice: cap ou, xrefs: 000E5A06
unreachableabi mismatchbad flushGenbad g statusbad g0 stackbad recoverycan't happencas64 failedchan receivedumping heapentersyscallgcBitsArenaslfstack.pushmheapSpecialmspanSpecialself-preemptspanSetSpinesweepWaiterstraceStrings is nil, not , not pointerGC swee, xrefs: 000E551B

Memory Dump Source

Source File: 00000004.00000002.1222885370.00000000000E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000004.00000002.1222859789.00000000000E0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.0000000000404000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.000000000042B000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.0000000000431000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.000000000043A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1223665680.000000000043F000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_e0000_Keygen.jbxd

Similarity

API ID:
String ID: G waiting list is corruptedaddress not a stack addresscould not find QPC syscallsfailed to set sweep barriergcstopm: not waiting for gcgrowslice: len out of rangeinternal lockOSThread errorinvalid profile bucket typemakechan: size out of rangemakeslice: cap ou$unreachableabi mismatchbad flushGenbad g statusbad g0 stackbad recoverycan't happencas64 failedchan receivedumping heapentersyscallgcBitsArenaslfstack.pushmheapSpecialmspanSpecialself-preemptspanSetSpinesweepWaiterstraceStrings is nil, not , not pointerGC swee
API String ID: 0-3448506067
Opcode ID: 127b9afbcb799df9c381d01c17f9c170c2ecf90393269e96e3c383de67fe3e64
Instruction ID: 27237dcfbc4add1bb48f8a5f9577b32ed302d8705d65380b525f72f380eebeda
Opcode Fuzzy Hash: 127b9afbcb799df9c381d01c17f9c170c2ecf90393269e96e3c383de67fe3e64
Instruction Fuzzy Hash: 70F1B072204FC4CAD7609B26E84039EB7A1F799BE9F985625DB9C27B95CF38C484C740

Function 0010D7C0 Relevance: 2.7, Strings: 2, Instructions: 249COMMON

Download Yara Rule

Strings

self-preemptspanSetSpinesweepWaiterstraceStrings is nil, not , not pointerGC sweep waitbad map statedouble unlockload64 failedmin too largenil stackbaseout of memoryprofMemActiveprofMemFuturetraceStackTabvalue method xadd64 failedxchg64 failed to finalizer GC , xrefs: 0010DC1F
runtime.preemptM: duplicatehandle failedruntime: SyscallN has too many argumentsattempted to add zero-sized address rangegcSweep being done but phase is not GCoffmheap.freeSpanLocked - invalid span statemheap.freeSpanLocked - invalid stack freeobjects added ou, xrefs: 0010DC0E

Memory Dump Source

Source File: 00000004.00000002.1222885370.00000000000E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000004.00000002.1222859789.00000000000E0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.0000000000404000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.000000000042B000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.0000000000431000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.000000000043A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1223665680.000000000043F000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_e0000_Keygen.jbxd

Similarity

API ID:
String ID: runtime.preemptM: duplicatehandle failedruntime: SyscallN has too many argumentsattempted to add zero-sized address rangegcSweep being done but phase is not GCoffmheap.freeSpanLocked - invalid span statemheap.freeSpanLocked - invalid stack freeobjects added ou$self-preemptspanSetSpinesweepWaiterstraceStrings is nil, not , not pointerGC sweep waitbad map statedouble unlockload64 failedmin too largenil stackbaseout of memoryprofMemActiveprofMemFuturetraceStackTabvalue method xadd64 failedxchg64 failed to finalizer GC
API String ID: 0-1158451341
Opcode ID: 39c79877e9a31b81c3305d2b87120d74a903e949c1da3e140a07cc8a90e14fc8
Instruction ID: 607866c39d6bc02e5a4c8b3ec2e7d35dc67d10e3148df82408fd3b701d1fecb7
Opcode Fuzzy Hash: 39c79877e9a31b81c3305d2b87120d74a903e949c1da3e140a07cc8a90e14fc8
Instruction Fuzzy Hash: 09C17C36608F80C5CB20DB25F4413AA7764F38AB94F559236EBAC83B95DF78C181CB40

Function 00110340 Relevance: 2.7, Strings: 2, Instructions: 246COMMON

Download Yara Rule

Strings

invalid g statusmSpanList.insertmSpanList.removemissing stackmapreflect mismatchschedule: in cgoworkbuf is empty0123456789ABCDEFX: missing method GC assist markingbad TinySizeClassentersyscallblockg already scannedlocked m0 woke upmark - bad statusmarkBits ove, xrefs: 00110756
suspendG from non-preemptible goroutinebulkBarrierPreWrite: unaligned argumentscannot free workbufs when work.full != 0failed to acquire lock to reset capacityinvalid span in heapArena for user arenamarkWorkerStop: unknown mark worker modemust be able to track, xrefs: 00110767

Memory Dump Source

Source File: 00000004.00000002.1222885370.00000000000E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000004.00000002.1222859789.00000000000E0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.0000000000404000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.000000000042B000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.0000000000431000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.000000000043A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1223665680.000000000043F000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_e0000_Keygen.jbxd

Similarity

API ID:
String ID: invalid g statusmSpanList.insertmSpanList.removemissing stackmapreflect mismatchschedule: in cgoworkbuf is empty0123456789ABCDEFX: missing method GC assist markingbad TinySizeClassentersyscallblockg already scannedlocked m0 woke upmark - bad statusmarkBits ove$suspendG from non-preemptible goroutinebulkBarrierPreWrite: unaligned argumentscannot free workbufs when work.full != 0failed to acquire lock to reset capacityinvalid span in heapArena for user arenamarkWorkerStop: unknown mark worker modemust be able to track
API String ID: 0-3158150390
Opcode ID: 0cba9a2e314c4c51e801b9d48b9dfc5e5442fa2f5774285093a8b3255133b80b
Instruction ID: da8e746b4f366000c114e7093fd8d0f132b4f9b13ee687d1df192cb49d95a8e3
Opcode Fuzzy Hash: 0cba9a2e314c4c51e801b9d48b9dfc5e5442fa2f5774285093a8b3255133b80b
Instruction Fuzzy Hash: 0EA19276A19B80C6C719CB16E04179ABB61F39ABD0F059176EF9D03B99DB78C4C1CB40

Function 00112DA0 Relevance: 2.7, Strings: 2, Instructions: 237COMMON

Download Yara Rule

Strings

casgstatus: waiting for Gwaiting but is Grunnabledelayed zeroing on data that may contain pointersfully empty unfreed span set block found in resetinvalid memory address or nil pointer dereferencepanicwrap: unexpected string after package name: runtime: unexpe, xrefs: 00113125
casgstatus: bad incoming valuescheckmark found unmarked objectinternal error - misuse of itabnon in-use span in unswept listresetspinning: not a spinning mruntime: cannot allocate memoryruntime: failed to commit pagesslice bounds out of range [%x:]slice bounds, xrefs: 00113154

Memory Dump Source

Source File: 00000004.00000002.1222885370.00000000000E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000004.00000002.1222859789.00000000000E0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.0000000000404000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.000000000042B000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.0000000000431000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.000000000043A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1223665680.000000000043F000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_e0000_Keygen.jbxd

Similarity

API ID:
String ID: casgstatus: bad incoming valuescheckmark found unmarked objectinternal error - misuse of itabnon in-use span in unswept listresetspinning: not a spinning mruntime: cannot allocate memoryruntime: failed to commit pagesslice bounds out of range [%x:]slice bounds$casgstatus: waiting for Gwaiting but is Grunnabledelayed zeroing on data that may contain pointersfully empty unfreed span set block found in resetinvalid memory address or nil pointer dereferencepanicwrap: unexpected string after package name: runtime: unexpe
API String ID: 0-1735315471
Opcode ID: 3692a841b3e3912d69ce52cc7fc0d2b87b59c37784b2cd6aa3cc0beaf0dff6f2
Instruction ID: 804960c1378f6504388372dfa8accc71e1bedff45632abc9eabbe25a3f05c8e2
Opcode Fuzzy Hash: 3692a841b3e3912d69ce52cc7fc0d2b87b59c37784b2cd6aa3cc0beaf0dff6f2
Instruction Fuzzy Hash: 76A1B436709B80C6DB18DB25E48539ABB71F35AB80F148136EF9C43759DB3AD492CB40

Function 0011F480 Relevance: 1.6, Strings: 1, Instructions: 391COMMON

Download Yara Rule

Strings

!"#$%%&&''((()))*++,,,,,------....//////0001123333333333444444444455666677777888888888889999999999::::::;;;;;;;;;;;;;;;;<<<<<<<<<<<<<<<<=====>>>>>>>>>>>??????????@@@@@@@@@@@@@@@@@@@@@@AAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC, xrefs: 0011F570, 0011F650, 0011F770, 0011F86E

Memory Dump Source

Source File: 00000004.00000002.1222885370.00000000000E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000004.00000002.1222859789.00000000000E0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.0000000000404000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.000000000042B000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.0000000000431000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.000000000043A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1223665680.000000000043F000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_e0000_Keygen.jbxd

Similarity

API ID:
String ID: !"#$%%&&''((()))*++,,,,,------....//////0001123333333333444444444455666677777888888888889999999999::::::;;;;;;;;;;;;;;;;<<<<<<<<<<<<<<<<=====>>>>>>>>>>>??????????@@@@@@@@@@@@@@@@@@@@@@AAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC
API String ID: 0-2911004680
Opcode ID: c18345e5bd09c3b1a3191381f42e9ba181a5c6a840b749ef5ca9ba325d820466
Instruction ID: d9f31d557bd4d4f419392ca7618c8d7e3bf3794b0ca26803271820bfb4935840
Opcode Fuzzy Hash: c18345e5bd09c3b1a3191381f42e9ba181a5c6a840b749ef5ca9ba325d820466
Instruction Fuzzy Hash: B8E1EFA2304B8482DF089B41E5103E9B667FB95BD0F84953AEB5E43B98DB7CC586C740

Function 00104FC0 Relevance: 1.6, Strings: 1, Instructions: 346COMMON

Download Yara Rule

Strings

bad summary databad symbol tablecastogscanstatusgc: unswept spaninteger overflowinvalid g statusmSpanList.insertmSpanList.removemissing stackmapreflect mismatchschedule: in cgoworkbuf is empty0123456789ABCDEFX: missing method GC assist markingbad TinySizeClass, xrefs: 00105265, 00105587

Memory Dump Source

Source File: 00000004.00000002.1222885370.00000000000E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000004.00000002.1222859789.00000000000E0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.0000000000404000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.000000000042B000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.0000000000431000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.000000000043A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1223665680.000000000043F000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_e0000_Keygen.jbxd

Similarity

API ID:
String ID: bad summary databad symbol tablecastogscanstatusgc: unswept spaninteger overflowinvalid g statusmSpanList.insertmSpanList.removemissing stackmapreflect mismatchschedule: in cgoworkbuf is empty0123456789ABCDEFX: missing method GC assist markingbad TinySizeClass
API String ID: 0-1042481552
Opcode ID: 3c3361f5b790965a5134912bd997601d634406eae7d9569254f93812790eec4d
Instruction ID: 1a1901b8c46be33ec5e6ab2c37a5f4a02afd3d8126482e987d2d386abe7c60f5
Opcode Fuzzy Hash: 3c3361f5b790965a5134912bd997601d634406eae7d9569254f93812790eec4d
Instruction Fuzzy Hash: 1CD18876718FC882DB20CB56E4407AAA366F399BC0F544112EE9E57B98DFB8C945CB00

Function 00102380 Relevance: 1.6, Strings: 1, Instructions: 324COMMON

Download Yara Rule

Strings

grew heap, but no adequate free space foundmethodValueCallFrameObjs is not in a modulenon in-use span found with specials bit setroot level max pages doesn't fit in summaryruntime.SetFinalizer: finalizer already setruntime.SetFinalizer: first argument is nilru, xrefs: 001028C9

Memory Dump Source

Source File: 00000004.00000002.1222885370.00000000000E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000004.00000002.1222859789.00000000000E0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.0000000000404000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.000000000042B000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.0000000000431000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.000000000043A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1223665680.000000000043F000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_e0000_Keygen.jbxd

Similarity

API ID:
String ID: grew heap, but no adequate free space foundmethodValueCallFrameObjs is not in a modulenon in-use span found with specials bit setroot level max pages doesn't fit in summaryruntime.SetFinalizer: finalizer already setruntime.SetFinalizer: first argument is nilru
API String ID: 0-3933224645
Opcode ID: 7b3bd38dfcd5e6500c69d6769aa9970c537fffb60a98cb74bee2f38c01899455
Instruction ID: b8618618d8f12cc88dc8545d7291deaed8c45ddeebb4fe227f0db83b2abb9ec7
Opcode Fuzzy Hash: 7b3bd38dfcd5e6500c69d6769aa9970c537fffb60a98cb74bee2f38c01899455
Instruction Fuzzy Hash: 73E17876309B8481DB648B26E49439AB7A0F789BC0F589126EFCD43BA9CF78C454CB40

Function 000E5D00 Relevance: 1.5, Strings: 1, Instructions: 260COMMON

Download Yara Rule

Strings

\"-, xrefs: 000E60F0

Memory Dump Source

Source File: 00000004.00000002.1222885370.00000000000E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000004.00000002.1222859789.00000000000E0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.0000000000404000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.000000000042B000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.0000000000431000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.000000000043A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1223665680.000000000043F000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_e0000_Keygen.jbxd

Similarity

API ID:
String ID: \"-
API String ID: 0-2022315155
Opcode ID: 5e9adab2ae05cc1aee7a55b7f4e0bb03906af040b50f83f2df21acccc6409797
Instruction ID: 2152280244f198a1fb9743c198c4237432291e0ec72392528c4c1b339c801f71
Opcode Fuzzy Hash: 5e9adab2ae05cc1aee7a55b7f4e0bb03906af040b50f83f2df21acccc6409797
Instruction Fuzzy Hash: F0B1DB72209BC48ADB24DB12E94436AB3A0F755BC8F589936DB8D27B54CF3AD485C380

Function 00121F00 Relevance: 1.5, Strings: 1, Instructions: 240COMMON

Download Yara Rule

Strings

bad symbol tablecastogscanstatusgc: unswept spaninteger overflowinvalid g statusmSpanList.insertmSpanList.removemissing stackmapreflect mismatchschedule: in cgoworkbuf is empty0123456789ABCDEFX: missing method GC assist markingbad TinySizeClassentersyscallbloc, xrefs: 001221FF, 00122231

Memory Dump Source

Source File: 00000004.00000002.1222885370.00000000000E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000004.00000002.1222859789.00000000000E0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.0000000000404000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.000000000042B000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.0000000000431000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.000000000043A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1223665680.000000000043F000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_e0000_Keygen.jbxd

Similarity

API ID:
String ID: bad symbol tablecastogscanstatusgc: unswept spaninteger overflowinvalid g statusmSpanList.insertmSpanList.removemissing stackmapreflect mismatchschedule: in cgoworkbuf is empty0123456789ABCDEFX: missing method GC assist markingbad TinySizeClassentersyscallbloc
API String ID: 0-4040004750
Opcode ID: 0532ae5fcc4e56a7e2b819de191e62b27de4f7bf0f19814a916d6892e1c64696
Instruction ID: d0738a9c0bc628d79da30fbe4ebe6360a510382680eeed35973afafb807a46b8
Opcode Fuzzy Hash: 0532ae5fcc4e56a7e2b819de191e62b27de4f7bf0f19814a916d6892e1c64696
Instruction Fuzzy Hash: 2F91EEB2708AA096CB18DF25F44035EB762F799BD0FA59111EF9D47B58EB38C961CB00

Function 000F1AA0 Relevance: 1.5, Strings: 1, Instructions: 219COMMON

Download Yara Rule

Strings

bulkBarrierPreWrite: unaligned argumentscannot free workbufs when work.full != 0failed to acquire lock to reset capacityinvalid span in heapArena for user arenamarkWorkerStop: unknown mark worker modemust be able to track idle limiter eventrefill of span with , xrefs: 000F1D8F

Memory Dump Source

Source File: 00000004.00000002.1222885370.00000000000E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000004.00000002.1222859789.00000000000E0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.0000000000404000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.000000000042B000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.0000000000431000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.000000000043A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1223665680.000000000043F000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_e0000_Keygen.jbxd

Similarity

API ID:
String ID: bulkBarrierPreWrite: unaligned argumentscannot free workbufs when work.full != 0failed to acquire lock to reset capacityinvalid span in heapArena for user arenamarkWorkerStop: unknown mark worker modemust be able to track idle limiter eventrefill of span with
API String ID: 0-296158057
Opcode ID: 847c3401ebf7f19d5a10a9f2146c19f6b9ac7d67361642c98d279f95f07e454d
Instruction ID: 1f36086785a4e88bab5aef3b03fe4c747732eb7a637a98d6455100cfda280e14
Opcode Fuzzy Hash: 847c3401ebf7f19d5a10a9f2146c19f6b9ac7d67361642c98d279f95f07e454d
Instruction Fuzzy Hash: EF719CB6719A98C2DB549F16E1403EEA3A6F754BC0F589026EF8D07F19DF78C4A19B00

Function 00106B40 Relevance: 1.4, Strings: 1, Instructions: 172COMMON

Download Yara Rule

Strings

bad summary databad symbol tablecastogscanstatusgc: unswept spaninteger overflowinvalid g statusmSpanList.insertmSpanList.removemissing stackmapreflect mismatchschedule: in cgoworkbuf is empty0123456789ABCDEFX: missing method GC assist markingbad TinySizeClass, xrefs: 00106DC5

Memory Dump Source

Source File: 00000004.00000002.1222885370.00000000000E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000004.00000002.1222859789.00000000000E0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.0000000000404000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.000000000042B000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.0000000000431000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.000000000043A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1223665680.000000000043F000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_e0000_Keygen.jbxd

Similarity

API ID:
String ID: bad summary databad symbol tablecastogscanstatusgc: unswept spaninteger overflowinvalid g statusmSpanList.insertmSpanList.removemissing stackmapreflect mismatchschedule: in cgoworkbuf is empty0123456789ABCDEFX: missing method GC assist markingbad TinySizeClass
API String ID: 0-1042481552
Opcode ID: 66c921d0d0b653540e91424f7ac47645080a4f3ea67a075ac1192d456161559e
Instruction ID: 149e894424da609984548417046a88c3bf6f2d4ef0497cc09904414d98573772
Opcode Fuzzy Hash: 66c921d0d0b653540e91424f7ac47645080a4f3ea67a075ac1192d456161559e
Instruction Fuzzy Hash: 2351EDB7710B8882DB009B55E4403AAA761F799BE0F405226EFED537DACFB8C4A4C740

Function 000F2780 Relevance: .3, Instructions: 327COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1222885370.00000000000E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000004.00000002.1222859789.00000000000E0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.0000000000404000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.000000000042B000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.0000000000431000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.000000000043A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1223665680.000000000043F000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_e0000_Keygen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2c2a3f05d3ef31f0f860c81089b96b705aa5696314158361d8a4069c2e505398
Instruction ID: c3260cf82be9220caf6147e04fa117260aeeae8333e21011e3b45264c3378fbf
Opcode Fuzzy Hash: 2c2a3f05d3ef31f0f860c81089b96b705aa5696314158361d8a4069c2e505398
Instruction Fuzzy Hash: F6C135A2709BC881CA609B56E8407AEA761F389FD0F488126EF9D67F59CF38C451DB40

Function 00104B20 Relevance: .2, Instructions: 212COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1222885370.00000000000E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000004.00000002.1222859789.00000000000E0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.0000000000404000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.000000000042B000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.0000000000431000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.000000000043A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1223665680.000000000043F000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_e0000_Keygen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2cda723befe3cda6e93e68a4c597ce140072c93118b7db26f39aa56ca164c86d
Instruction ID: 588bc28a9dc889ebd5a809dbfd8a138c67571b82f80c3998a6b09af6d2e0cfa7
Opcode Fuzzy Hash: 2cda723befe3cda6e93e68a4c597ce140072c93118b7db26f39aa56ca164c86d
Instruction Fuzzy Hash: 6F9148B7608B8482DB208B25F08035AB7A5F79ABD4F145226EBDD53BA9CF7CD455CB00

Function 001058E0 Relevance: .2, Instructions: 193COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1222885370.00000000000E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000004.00000002.1222859789.00000000000E0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.0000000000404000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.000000000042B000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.0000000000431000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.000000000043A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1223665680.000000000043F000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_e0000_Keygen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cb3a3cb08139b95a1facce878e4de9ebee409a303723032536c36b6fa4adb477
Instruction ID: 16465501675fdc7cc7210e30b054ca7e32754b33a7fe5f43a26b560ae10807c8
Opcode Fuzzy Hash: cb3a3cb08139b95a1facce878e4de9ebee409a303723032536c36b6fa4adb477
Instruction Fuzzy Hash: 12718AB3718F8882DB148B55E48076AB762F7A6BC4F585126EB8D53B99CBBCC051CB40

Function 000F96E0 Relevance: .2, Instructions: 183COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1222885370.00000000000E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000004.00000002.1222859789.00000000000E0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.0000000000404000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.000000000042B000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.0000000000431000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.000000000043A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1223665680.000000000043F000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_e0000_Keygen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4ff5c23298a466f7bf83b2bfbd052dc5787362836c6ccc5445dfe7073b5cfc08
Instruction ID: ebacd08a2c69e3b2737dce3e767044b1af8d4cb9131142f5dd8122fd82518669
Opcode Fuzzy Hash: 4ff5c23298a466f7bf83b2bfbd052dc5787362836c6ccc5445dfe7073b5cfc08
Instruction Fuzzy Hash: A7614772608B8886DB45DF3AE0403AAB7A1F796BD0F489326EB9D13B85DF78C0559700

Function 000E84E0 Relevance: .2, Instructions: 160COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1222885370.00000000000E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000004.00000002.1222859789.00000000000E0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.0000000000404000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.000000000042B000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.0000000000431000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.000000000043A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1223665680.000000000043F000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_e0000_Keygen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 31610b3f983b36cee895bb0a9679f4d4e4270a49540830401f3dcc64fe4d8fe6
Instruction ID: 92303ee2fe75d27a0d276d0aea85aca9449a5aab8436b07c577a3ed02326b30d
Opcode Fuzzy Hash: 31610b3f983b36cee895bb0a9679f4d4e4270a49540830401f3dcc64fe4d8fe6
Instruction Fuzzy Hash: A441EAE6742AD44ADE148F27892406EE3A1A74EFD0358E233CF1D77769DD28D4419348

Function 001231C0 Relevance: .2, Instructions: 155COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1222885370.00000000000E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000004.00000002.1222859789.00000000000E0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.0000000000404000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.000000000042B000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.0000000000431000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.000000000043A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1223665680.000000000043F000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_e0000_Keygen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2163e047a05b6d0b4cf9d84b5245bad7053461184a569b15fb8de7fe13e49e03
Instruction ID: d47884b02b9831f05e6428a3e7adc0e66fa080d4f2f2542ebf5cfab0fbbdf7ee
Opcode Fuzzy Hash: 2163e047a05b6d0b4cf9d84b5245bad7053461184a569b15fb8de7fe13e49e03
Instruction Fuzzy Hash: E541B722B04A60CBDF14DF66B04136AA791F798794F884A35DB7D433C6D76CC6B58604

Function 000FBCA0 Relevance: .1, Instructions: 130COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1222885370.00000000000E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000004.00000002.1222859789.00000000000E0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.0000000000404000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.000000000042B000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.0000000000431000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.000000000043A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1223665680.000000000043F000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_e0000_Keygen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a020457cad4c3f9a5295bfdd2d0ef0fb3d91220a4c4bd74b153ce3556cbb397b
Instruction ID: ca57ac754a99e07bd4e88a4f6d47424e887395ef8d493ce62f6e9af37d5f05cb
Opcode Fuzzy Hash: a020457cad4c3f9a5295bfdd2d0ef0fb3d91220a4c4bd74b153ce3556cbb397b
Instruction Fuzzy Hash: D951B462609F4885D316DF22E4403AA77A5FBDABC0F08C736AB4D67B15DF38C0919B40

Function 000FCF60 Relevance: .1, Instructions: 107COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1222885370.00000000000E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000004.00000002.1222859789.00000000000E0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.0000000000404000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.000000000042B000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.0000000000431000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.000000000043A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1223665680.000000000043F000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_e0000_Keygen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0e40471d7a3f95ccc51268bfd37023b46ea2706c0f0645250804ebe0768f17a8
Instruction ID: 5b5af5a6b7952d49b3e58226760ad13a6b2b1808cd261912a9066fdc14940bcc
Opcode Fuzzy Hash: 0e40471d7a3f95ccc51268bfd37023b46ea2706c0f0645250804ebe0768f17a8
Instruction Fuzzy Hash: 683138A2B0BE0C49DD07D77A956232492079F93BE0F94C7236F3B76AE4DF1990829200

Function 000EBCE0 Relevance: .1, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1222885370.00000000000E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000004.00000002.1222859789.00000000000E0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.0000000000404000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.000000000042B000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.0000000000431000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.000000000043A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1223665680.000000000043F000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_e0000_Keygen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 40c1f894ade52ff7599d2b5c4d5fb4fc696d2f9268ca64be8ab6dd4f7c7a8732
Instruction ID: 000f79ef97b0b523fea1f545bb25b27e99c34f38628bbb75290ba0645435f01a
Opcode Fuzzy Hash: 40c1f894ade52ff7599d2b5c4d5fb4fc696d2f9268ca64be8ab6dd4f7c7a8732
Instruction Fuzzy Hash: C92109B2F55E444FCA47EB3A8410316920AAF567D0F58CB22AD1F77795E738D0D24240

Function 001016C0 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1222885370.00000000000E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000004.00000002.1222859789.00000000000E0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.0000000000404000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.000000000042B000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.0000000000431000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.000000000043A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1223665680.000000000043F000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_e0000_Keygen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 40525984fa05c37f08da929c38198079e93645d3f725c5e994c1fe71625f67c8
Instruction ID: 69e1ed3a81f9d3ce98e8d9a456dcb54b306f2da422d76ad84d5bcfffc558061a
Opcode Fuzzy Hash: 40525984fa05c37f08da929c38198079e93645d3f725c5e994c1fe71625f67c8
Instruction Fuzzy Hash: E53184BA314B8991DB489B15E4813EA6BA1E385BC0FC59036EF4E1376ADF7CC149C700

Function 00134600 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1222885370.00000000000E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000004.00000002.1222859789.00000000000E0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.0000000000404000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.000000000042B000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.0000000000431000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.000000000043A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1223665680.000000000043F000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_e0000_Keygen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a12c11d5bba1f9d5206843c5f07bd1a645c42e12640ad9b3560a032853b53941
Instruction ID: d4cce471006d45f24e1979d80aa3ba47ebef0bb757070869040cb5f5bc54c0fd
Opcode Fuzzy Hash: a12c11d5bba1f9d5206843c5f07bd1a645c42e12640ad9b3560a032853b53941
Instruction Fuzzy Hash: 33C02BF0A0BBC15AFB14C74075423043AC18F063C4EC0C0C4D34800224D72CA2849108

Function 000F5200 Relevance: 14.1, Strings: 11, Instructions: 351COMMON

Download Yara Rule

Strings

runtime.SetFinalizer: second argument is runtime: blocked read on closing polldescruntime: typeBitsBulkBarrier without typestopTheWorld: not stopped (stopwait != 0)acquireSudog: found s.elem != nil in cachefatal error: cgo callback before cgo callnon-empty ma, xrefs: 000F57AC
runtime.SetFinalizer: first argument is nilruntime: releaseSudog with non-nil gp.paramunfinished open-coded defers in deferreturnunknown runnable goroutine during bootstrapactive sweepers found at start of mark phasecompileCallback: float results not supported, xrefs: 000F58AA
runtime.SetFinalizer: first argument is runtime.preemptM: duplicatehandle failedruntime: SyscallN has too many argumentsattempted to add zero-sized address rangegcSweep being done but phase is not GCoffmheap.freeSpanLocked - invalid span statemheap.freeSpanLoc, xrefs: 000F5895
to finalizer GC assist waitGC worker initbad allocCountbad restart PCbad span statefinalizer waitnil elem type!no module datasemaRoot queuestack overflowstopm spinningstore64 failedsync.Cond.WaituserArenaStatework.full != 0double scavengeforce gc (idle)invali, xrefs: 000F56A1, 000F56F8, 000F5762
, not pointerGC sweep waitbad map statedouble unlockload64 failedmin too largenil stackbaseout of memoryprofMemActiveprofMemFuturetraceStackTabvalue method xadd64 failedxchg64 failed to finalizer GC assist waitGC worker initbad allocCountbad restart PCbad span, xrefs: 000F5886
, not a function0123456789abcdefGC scavenge waitGC worker (idle)GODEBUG: value "bad g transitionbad special kindbad summary databad symbol tablecastogscanstatusgc: unswept spaninteger overflowinvalid g statusmSpanList.insertmSpanList.removemissing stackmaprefl, xrefs: 000F579D
because dotdotdotGC worker (active)bad lfnode addressbad manualFreeListforEachP: not donegarbage collectionindex out of rangeruntime.semacreateruntime.semawakeupstopping the worldsync.RWMutex.RLock called using nil *GC mark terminationGC work not flushedadjus, xrefs: 000F573C
runtime.SetFinalizer: first argument was allocated into an arenaruntime.SetFinalizer: pointer not at beginning of allocated blockuser arena chunk size is not a mutliple of the physical page sizecannot convert slice with length %y to array or pointer to array w, xrefs: 000F5853
runtime.SetFinalizer: pointer not at beginning of allocated blockuser arena chunk size is not a mutliple of the physical page sizecannot convert slice with length %y to array or pointer to array with length %xQueryPerformanceFrequency syscall returned zero, ru, xrefs: 000F57BD
runtime.SetFinalizer: cannot pass runtime: g is running but p is notschedule: spinning with local workslice bounds out of range [%x:%y:]slice bounds out of range [:%x:%y]attempt to clear non-empty span setfindrunnable: netpoll with spinninggreyobject: obj not , xrefs: 000F56B6, 000F570D, 000F5777
runtime.SetFinalizer: pointer not in allocated blockspan set block with unpopped elements found in resetcompileCallback: argument size is larger than uintptrgcControllerState.findRunnable: blackening not enabledno goroutines (main called runtime.Goexit) - dead, xrefs: 000F5842

Memory Dump Source

Source File: 00000004.00000002.1222885370.00000000000E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000004.00000002.1222859789.00000000000E0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.0000000000404000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.000000000042B000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.0000000000431000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.000000000043A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1223665680.000000000043F000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_e0000_Keygen.jbxd

Similarity

API ID:
String ID: because dotdotdotGC worker (active)bad lfnode addressbad manualFreeListforEachP: not donegarbage collectionindex out of rangeruntime.semacreateruntime.semawakeupstopping the worldsync.RWMutex.RLock called using nil *GC mark terminationGC work not flushedadjus$ to finalizer GC assist waitGC worker initbad allocCountbad restart PCbad span statefinalizer waitnil elem type!no module datasemaRoot queuestack overflowstopm spinningstore64 failedsync.Cond.WaituserArenaStatework.full != 0double scavengeforce gc (idle)invali$, not a function0123456789abcdefGC scavenge waitGC worker (idle)GODEBUG: value "bad g transitionbad special kindbad summary databad symbol tablecastogscanstatusgc: unswept spaninteger overflowinvalid g statusmSpanList.insertmSpanList.removemissing stackmaprefl$, not pointerGC sweep waitbad map statedouble unlockload64 failedmin too largenil stackbaseout of memoryprofMemActiveprofMemFuturetraceStackTabvalue method xadd64 failedxchg64 failed to finalizer GC assist waitGC worker initbad allocCountbad restart PCbad span$runtime.SetFinalizer: cannot pass runtime: g is running but p is notschedule: spinning with local workslice bounds out of range [%x:%y:]slice bounds out of range [:%x:%y]attempt to clear non-empty span setfindrunnable: netpoll with spinninggreyobject: obj not $runtime.SetFinalizer: first argument is nilruntime: releaseSudog with non-nil gp.paramunfinished open-coded defers in deferreturnunknown runnable goroutine during bootstrapactive sweepers found at start of mark phasecompileCallback: float results not supported$runtime.SetFinalizer: first argument is runtime.preemptM: duplicatehandle failedruntime: SyscallN has too many argumentsattempted to add zero-sized address rangegcSweep being done but phase is not GCoffmheap.freeSpanLocked - invalid span statemheap.freeSpanLoc$runtime.SetFinalizer: first argument was allocated into an arenaruntime.SetFinalizer: pointer not at beginning of allocated blockuser arena chunk size is not a mutliple of the physical page sizecannot convert slice with length %y to array or pointer to array w$runtime.SetFinalizer: pointer not at beginning of allocated blockuser arena chunk size is not a mutliple of the physical page sizecannot convert slice with length %y to array or pointer to array with length %xQueryPerformanceFrequency syscall returned zero, ru$runtime.SetFinalizer: pointer not in allocated blockspan set block with unpopped elements found in resetcompileCallback: argument size is larger than uintptrgcControllerState.findRunnable: blackening not enabledno goroutines (main called runtime.Goexit) - dead$runtime.SetFinalizer: second argument is runtime: blocked read on closing polldescruntime: typeBitsBulkBarrier without typestopTheWorld: not stopped (stopwait != 0)acquireSudog: found s.elem != nil in cachefatal error: cgo callback before cgo callnon-empty ma
API String ID: 0-55148310
Opcode ID: fff59a52451d3fe33aa46015cdba36cc42d4a76ffa6a945f099bce444d219a89
Instruction ID: 73d2896f40e93ec9103bb628c0489868afed2602466ddcda6caf00b7afb6ee82
Opcode Fuzzy Hash: fff59a52451d3fe33aa46015cdba36cc42d4a76ffa6a945f099bce444d219a89
Instruction Fuzzy Hash: DDF19D32209F8886DB609B11F8403AEB7A1F785B81F888526DB8C57F99DF7CD495DB10

Function 000E6CE0 Relevance: 12.7, Strings: 10, Instructions: 189COMMON

Download Yara Rule

Strings

debugCal, xrefs: 000E6DD2
debugCal, xrefs: 000E6E38
debugCal, xrefs: 000E6D73
debugCal, xrefs: 000E6E8E
debugCal, xrefs: 000E6ED0
runtime., xrefs: 000E6F36
l655, xrefs: 000E6F15
call not at safe pointcompileCallabck: type duplicated defer entryfreeIndex is not validgetenv before env initheadTailIndex overflowinteger divide by zerointerface conversion: kernel32.dll not foundminpc or maxpc invalidoldoverflow is not nilruntime.main not o, xrefs: 000E6FD2, 000E6FDE
call from unknown functioncorrupted semaphore ticketforEachP: P did not run fnfreedefer with d.fn != nilnegative idle mark workersnotewakeup - double wakeupout of memory (stackalloc)persistentalloc: size == 0shrinking stack in libcallstartlockedm: locked to me, xrefs: 000E6D2D, 000E6D39
call from within the Go runtimecasgstatus: bad incoming valuescheckmark found unmarked objectinternal error - misuse of itabnon in-use span in unswept listresetspinning: not a spinning mruntime: cannot allocate memoryruntime: failed to commit pagesslice bounds, xrefs: 000E6F5B, 000E6F67

Memory Dump Source

Source File: 00000004.00000002.1222885370.00000000000E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000004.00000002.1222859789.00000000000E0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.0000000000404000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.000000000042B000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.0000000000431000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.000000000043A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1223665680.000000000043F000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_e0000_Keygen.jbxd

Similarity

API ID:
String ID: call from unknown functioncorrupted semaphore ticketforEachP: P did not run fnfreedefer with d.fn != nilnegative idle mark workersnotewakeup - double wakeupout of memory (stackalloc)persistentalloc: size == 0shrinking stack in libcallstartlockedm: locked to me$call from within the Go runtimecasgstatus: bad incoming valuescheckmark found unmarked objectinternal error - misuse of itabnon in-use span in unswept listresetspinning: not a spinning mruntime: cannot allocate memoryruntime: failed to commit pagesslice bounds$call not at safe pointcompileCallabck: type duplicated defer entryfreeIndex is not validgetenv before env initheadTailIndex overflowinteger divide by zerointerface conversion: kernel32.dll not foundminpc or maxpc invalidoldoverflow is not nilruntime.main not o$debugCal$debugCal$debugCal$debugCal$debugCal$l655$runtime.
API String ID: 0-1115702827
Opcode ID: 4fc162f66422775c97f3da3ee66cff166f4f607b986190ebc4215871d1c093de
Instruction ID: aa812d756c60bef04a346cc5dd59130b3f301cf3f5959cb44d7fe1b3c4bed625
Opcode Fuzzy Hash: 4fc162f66422775c97f3da3ee66cff166f4f607b986190ebc4215871d1c093de
Instruction Fuzzy Hash: 6A718D76A16AC0CDCEB49B16F1503397BE1E3B4BD4F48C426D64A13764EB7AC894CB02

Function 000E7520 Relevance: 11.4, Strings: 9, Instructions: 167COMMON

Download Yara Rule

Strings

is not pointerBAD RANKdeadlockpollDescrwmutexRrwmutexWscavengetraceBufatomicor8bad prunechan sendctxt != 0hchanLeafinterfacemSpanDeadpanicwaitpclmulqdqpreemptedprofBlockstackpooltracebackwbufSpansBad varintGOMAXPROCSGOMEMLIMITatomicand8debug callexitThreadfl, xrefs: 000E77DF
(types from different scopes)GODEBUG: unknown cpu feature "assignment to entry in nil mapcheckdead: inconsistent countsfailed to get system page sizefreedefer with d._panic != nilinvalid pointer found on stacknotetsleep - waitm out of syncrunqputslow: queue i, xrefs: 000E7774
: missing method GC assist markingbad TinySizeClassentersyscallblockg already scannedlocked m0 woke upmark - bad statusmarkBits overflownotetsleepg on g0runtime.newosprocruntime/internal/scanobject n == 0select (no cases)swept cached spansync.RWMutex.Lockthrea, xrefs: 000E7817
interfacemSpanDeadpanicwaitpclmulqdqpreemptedprofBlockstackpooltracebackwbufSpansBad varintGOMAXPROCSGOMEMLIMITatomicand8debug callexitThreadfloat32nanfloat64nanmSpanInUsenotifyListprofInsertsemacquirestackLargeunknown pcassistQueuebad m valuebad timedivcgocal, xrefs: 000E755B
(types from different packages)WSAGetOverlappedResult not found" not supported for cpu option "invalid limiter event type foundremovespecial on invalid pointerruntime.semasleep wait_abandonedruntime: failed to release pagesruntime: fixalloc size too largerunt, xrefs: 000E7755
is nil, not , not pointerGC sweep waitbad map statedouble unlockload64 failedmin too largenil stackbaseout of memoryprofMemActiveprofMemFuturetraceStackTabvalue method xadd64 failedxchg64 failed to finalizer GC assist waitGC worker initbad allocCountbad resta, xrefs: 000E7884
interface conversion: kernel32.dll not foundminpc or maxpc invalidoldoverflow is not nilruntime.main not on m0s.freeindex > s.nelemsscanstack - bad statussend on closed channelspan has no free spacestack not a power of 2trace reader (blocked)trace: alloc too l, xrefs: 000E75FD, 000E77B4, 000E7899
is on +Inf-Inf3125ACDTACSTAEDTAESTAKDTAKSTAWSTAhomAtoiCESTChamDashEESTGOGCJulyJuneLEAFLisuMiaoModeModiNZDTNZSTNameNewaSASTSTARSizeThaiallgallpasn1avx2basebindbmi1bmi2boolcallcas1cas2cas3cas4cas5cas6chanermsfileftpsfunchourhttpicmpigmpint8itabkindopenpathpipe, xrefs: 000E7632
, not 390625; and <-chanAnswerArabicAugustBrahmiCarianChakmaCommonCopticFormatFridayGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLepchaLycianLydianMondayRejangSTREETStringSundaySyriacTai_LeTangutTeluguThaanaTypeMXTypeNSUTC+12UTC+13UTC-02UTC-08UTC-09UTC-11Wa, xrefs: 000E765D

Memory Dump Source

Source File: 00000004.00000002.1222885370.00000000000E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000004.00000002.1222859789.00000000000E0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.0000000000404000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.000000000042B000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.0000000000431000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.000000000043A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1223665680.000000000043F000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_e0000_Keygen.jbxd

Similarity

API ID:
String ID: (types from different packages)WSAGetOverlappedResult not found" not supported for cpu option "invalid limiter event type foundremovespecial on invalid pointerruntime.semasleep wait_abandonedruntime: failed to release pagesruntime: fixalloc size too largerunt$ (types from different scopes)GODEBUG: unknown cpu feature "assignment to entry in nil mapcheckdead: inconsistent countsfailed to get system page sizefreedefer with d._panic != nilinvalid pointer found on stacknotetsleep - waitm out of syncrunqputslow: queue i$ is on +Inf-Inf3125ACDTACSTAEDTAESTAKDTAKSTAWSTAhomAtoiCESTChamDashEESTGOGCJulyJuneLEAFLisuMiaoModeModiNZDTNZSTNameNewaSASTSTARSizeThaiallgallpasn1avx2basebindbmi1bmi2boolcallcas1cas2cas3cas4cas5cas6chanermsfileftpsfunchourhttpicmpigmpint8itabkindopenpathpipe$ is nil, not , not pointerGC sweep waitbad map statedouble unlockload64 failedmin too largenil stackbaseout of memoryprofMemActiveprofMemFuturetraceStackTabvalue method xadd64 failedxchg64 failed to finalizer GC assist waitGC worker initbad allocCountbad resta$ is not pointerBAD RANKdeadlockpollDescrwmutexRrwmutexWscavengetraceBufatomicor8bad prunechan sendctxt != 0hchanLeafinterfacemSpanDeadpanicwaitpclmulqdqpreemptedprofBlockstackpooltracebackwbufSpansBad varintGOMAXPROCSGOMEMLIMITatomicand8debug callexitThreadfl$, not 390625; and <-chanAnswerArabicAugustBrahmiCarianChakmaCommonCopticFormatFridayGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLepchaLycianLydianMondayRejangSTREETStringSundaySyriacTai_LeTangutTeluguThaanaTypeMXTypeNSUTC+12UTC+13UTC-02UTC-08UTC-09UTC-11Wa$: missing method GC assist markingbad TinySizeClassentersyscallblockg already scannedlocked m0 woke upmark - bad statusmarkBits overflownotetsleepg on g0runtime.newosprocruntime/internal/scanobject n == 0select (no cases)swept cached spansync.RWMutex.Lockthrea$interface conversion: kernel32.dll not foundminpc or maxpc invalidoldoverflow is not nilruntime.main not on m0s.freeindex > s.nelemsscanstack - bad statussend on closed channelspan has no free spacestack not a power of 2trace reader (blocked)trace: alloc too l$interfacemSpanDeadpanicwaitpclmulqdqpreemptedprofBlockstackpooltracebackwbufSpansBad varintGOMAXPROCSGOMEMLIMITatomicand8debug callexitThreadfloat32nanfloat64nanmSpanInUsenotifyListprofInsertsemacquirestackLargeunknown pcassistQueuebad m valuebad timedivcgocal
API String ID: 0-4284677830
Opcode ID: 350585428f2bbcf76d6c4c551755e4952da42b24d5612e1c6f5ba3a2c76fe1c5
Instruction ID: 910e52d2d368dac095b2813212eb12ca9dfcf9415ab116e078e4eed0c230d4c2
Opcode Fuzzy Hash: 350585428f2bbcf76d6c4c551755e4952da42b24d5612e1c6f5ba3a2c76fe1c5
Instruction Fuzzy Hash: 9B91E076208BC5D5DB64DB16F4803DAB3A1F788B84F548426DACC57B29EF78C499CB00

Function 000E1060 Relevance: 10.3, Strings: 8, Instructions: 306COMMON

Download Yara Rule

Strings

GODEBUG: value "bad g transitionbad special kindbad summary databad symbol tablecastogscanstatusgc: unswept spaninteger overflowinvalid g statusmSpanList.insertmSpanList.removemissing stackmapreflect mismatchschedule: in cgoworkbuf is empty0123456789ABCDEFX: m, xrefs: 000E1211
GODEBUG: unknown cpu feature "assignment to entry in nil mapcheckdead: inconsistent countsfailed to get system page sizefreedefer with d._panic != nilinvalid pointer found on stacknotetsleep - waitm out of syncrunqputslow: queue is not fullunsafe.Slice: len ou, xrefs: 000E14B5
" not supported for cpu option "invalid limiter event type foundremovespecial on invalid pointerruntime.semasleep wait_abandonedruntime: failed to release pagesruntime: fixalloc size too largeruntime: mcall function returnedruntime: stack split at bad timerunt, xrefs: 000E1234
cpu., xrefs: 000E10F3
GODEBUG: can not enable "_cgo_thread_start missingallgadd: bad status Gidlearena already initializedbad status in shrinkstackbad system huge page sizechansend: spurious wakeupcheckdead: no m for timercheckdead: no p for timermissing stack in newstackmissing tr, xrefs: 000E132C
"msnsupus = | +00+01+03+04+05+06+07+08+09+10+11+12+13+14-01-02-03-04-05-06-08-09-11-12...125625ADTASTAprAugBSTCATCDTCETCSTDecDltEATEDTEETEOFESTFebFriGMTGNUGidHDTHSTHanIDTISTJSTJanJulJunKSTLaoMD4MD5MDTMSKMSTMarMayMonMroNDTNSTNaNNkoNovOctPAXPDTPKTPSTSETSatSepS, xrefs: 000E1254, 000E12A8, 000E14D5
", missing CPU supportchan receive (nil chan)close of closed channelfatal: morestack on g0garbage collection scangcDrain phase incorrectindex out of range [%x]left over markroot jobsmakechan: bad alignmentmissing type in runfinqnanotime returning zeropanic d, xrefs: 000E134C
GODEBUG: no value specified for "concurrent map read and map writefindrunnable: negative nmspinningfreeing stack not in a stack spanmin must be a non-zero power of 2misrounded allocation in sysAllocruntime: failed to decommit pagesruntime: name offset out of r, xrefs: 000E1288

Memory Dump Source

Source File: 00000004.00000002.1222885370.00000000000E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000004.00000002.1222859789.00000000000E0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.0000000000404000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.000000000042B000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.0000000000431000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.000000000043A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1223665680.000000000043F000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_e0000_Keygen.jbxd

Similarity

API ID:
String ID: "msnsupus = | +00+01+03+04+05+06+07+08+09+10+11+12+13+14-01-02-03-04-05-06-08-09-11-12...125625ADTASTAprAugBSTCATCDTCETCSTDecDltEATEDTEETEOFESTFebFriGMTGNUGidHDTHSTHanIDTISTJSTJanJulJunKSTLaoMD4MD5MDTMSKMSTMarMayMonMroNDTNSTNaNNkoNovOctPAXPDTPKTPSTSETSatSepS$" not supported for cpu option "invalid limiter event type foundremovespecial on invalid pointerruntime.semasleep wait_abandonedruntime: failed to release pagesruntime: fixalloc size too largeruntime: mcall function returnedruntime: stack split at bad timerunt$", missing CPU supportchan receive (nil chan)close of closed channelfatal: morestack on g0garbage collection scangcDrain phase incorrectindex out of range [%x]left over markroot jobsmakechan: bad alignmentmissing type in runfinqnanotime returning zeropanic d$GODEBUG: can not enable "_cgo_thread_start missingallgadd: bad status Gidlearena already initializedbad status in shrinkstackbad system huge page sizechansend: spurious wakeupcheckdead: no m for timercheckdead: no p for timermissing stack in newstackmissing tr$GODEBUG: no value specified for "concurrent map read and map writefindrunnable: negative nmspinningfreeing stack not in a stack spanmin must be a non-zero power of 2misrounded allocation in sysAllocruntime: failed to decommit pagesruntime: name offset out of r$GODEBUG: unknown cpu feature "assignment to entry in nil mapcheckdead: inconsistent countsfailed to get system page sizefreedefer with d._panic != nilinvalid pointer found on stacknotetsleep - waitm out of syncrunqputslow: queue is not fullunsafe.Slice: len ou$GODEBUG: value "bad g transitionbad special kindbad summary databad symbol tablecastogscanstatusgc: unswept spaninteger overflowinvalid g statusmSpanList.insertmSpanList.removemissing stackmapreflect mismatchschedule: in cgoworkbuf is empty0123456789ABCDEFX: m$cpu.
API String ID: 0-1065905839
Opcode ID: 1fb7d9609b6bc5c066fe9dffb28ce49eb6c9209adaee021129e2c4b1b1a21764
Instruction ID: 2ebdfe3a6a30ea7b8833f67f95bc58577f2351647ba1de0dbba113366ee46582
Opcode Fuzzy Hash: 1fb7d9609b6bc5c066fe9dffb28ce49eb6c9209adaee021129e2c4b1b1a21764
Instruction Fuzzy Hash: BDC1CD32309BD0C5DB14DB62E4403AEABA5F399BD0F544522EB8E67B69DB78C981C740

Function 000E8020 Relevance: 8.9, Strings: 7, Instructions: 170COMMON

Download Yara Rule

Strings

pointerBAD RANKdeadlockpollDescrwmutexRrwmutexWscavengetraceBufatomicor8bad prunechan sendctxt != 0hchanLeafinterfacemSpanDeadpanicwaitpclmulqdqpreemptedprofBlockstackpooltracebackwbufSpansBad varintGOMAXPROCSGOMEMLIMITatomicand8debug callexitThreadfloat32nan, xrefs: 000E82C1
), xrefs: 000E814E
panicwrap: no ) in runtime: preempt g0semaRoot rotateLeftstopm holding lockssysMemStat overflowunexpected g statusunknown wait reasonwinmm.dll not foundbad system page sizebad use of bucket.bpbad use of bucket.mpchan send (nil chan)close of nil channeldodeltim, xrefs: 000E831F
panicwrap: unexpected string after type name: released less than one physical page of memoryruntime: name offset base pointer out of rangeruntime: text offset base pointer out of rangeruntime: type offset base pointer out of rangeslice bounds out of range [:%x, xrefs: 000E8188
value method xadd64 failedxchg64 failed to finalizer GC assist waitGC worker initbad allocCountbad restart PCbad span statefinalizer waitnil elem type!no module datasemaRoot queuestack overflowstopm spinningstore64 failedsync.Cond.WaituserArenaStatework.full !, xrefs: 000E81F3
panicwrap: no ( in panicwrap: no ) in runtime: preempt g0semaRoot rotateLeftstopm holding lockssysMemStat overflowunexpected g statusunknown wait reasonwinmm.dll not foundbad system page sizebad use of bucket.bpbad use of bucket.mpchan send (nil chan)close of , xrefs: 000E8362
panicwrap: unexpected string after package name: runtime: unexpected waitm - semaphore out of syncs.allocCount != s.nelems && freeIndex == s.nelemsslice bounds out of range [::%x] with capacity %ysweeper left outstanding across sweep generationsattempt to exec, xrefs: 000E80B8

Memory Dump Source

Source File: 00000004.00000002.1222885370.00000000000E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000004.00000002.1222859789.00000000000E0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.0000000000404000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.000000000042B000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.0000000000431000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.000000000043A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1223665680.000000000043F000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_e0000_Keygen.jbxd

Similarity

API ID:
String ID: pointerBAD RANKdeadlockpollDescrwmutexRrwmutexWscavengetraceBufatomicor8bad prunechan sendctxt != 0hchanLeafinterfacemSpanDeadpanicwaitpclmulqdqpreemptedprofBlockstackpooltracebackwbufSpansBad varintGOMAXPROCSGOMEMLIMITatomicand8debug callexitThreadfloat32nan$)$panicwrap: no ( in panicwrap: no ) in runtime: preempt g0semaRoot rotateLeftstopm holding lockssysMemStat overflowunexpected g statusunknown wait reasonwinmm.dll not foundbad system page sizebad use of bucket.bpbad use of bucket.mpchan send (nil chan)close of $panicwrap: no ) in runtime: preempt g0semaRoot rotateLeftstopm holding lockssysMemStat overflowunexpected g statusunknown wait reasonwinmm.dll not foundbad system page sizebad use of bucket.bpbad use of bucket.mpchan send (nil chan)close of nil channeldodeltim$panicwrap: unexpected string after package name: runtime: unexpected waitm - semaphore out of syncs.allocCount != s.nelems && freeIndex == s.nelemsslice bounds out of range [::%x] with capacity %ysweeper left outstanding across sweep generationsattempt to exec$panicwrap: unexpected string after type name: released less than one physical page of memoryruntime: name offset base pointer out of rangeruntime: text offset base pointer out of rangeruntime: type offset base pointer out of rangeslice bounds out of range [:%x$value method xadd64 failedxchg64 failed to finalizer GC assist waitGC worker initbad allocCountbad restart PCbad span statefinalizer waitnil elem type!no module datasemaRoot queuestack overflowstopm spinningstore64 failedsync.Cond.WaituserArenaStatework.full !
API String ID: 0-2110622394
Opcode ID: dc0ddca11687546d2bf789dbb062a0506d94a1f0e99dc9d5c08fe9a8bdc8ca3d
Instruction ID: b4b2d94c2f29feab693c46a91ae6233a1f8449234367911260ed336eba5c0015
Opcode Fuzzy Hash: dc0ddca11687546d2bf789dbb062a0506d94a1f0e99dc9d5c08fe9a8bdc8ca3d
Instruction Fuzzy Hash: 99818A32209BC085CB64DB22F84539EB3A5F789B80F449226EADC57B59EF7CC554CB00

Function 0010B140 Relevance: 8.8, Strings: 7, Instructions: 68COMMON

Download Yara Rule

Strings

gisterSu, xrefs: 0010B1AE
umeNotif, xrefs: 0010B1CC
ication, xrefs: 0010B1DB
rof.dll, xrefs: 0010B175
powrprof, xrefs: 0010B166
PowerReg, xrefs: 0010B19F
spendRes, xrefs: 0010B1BD

Memory Dump Source

Source File: 00000004.00000002.1222885370.00000000000E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000004.00000002.1222859789.00000000000E0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.0000000000404000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.000000000042B000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.0000000000431000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.000000000043A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1223665680.000000000043F000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_e0000_Keygen.jbxd

Similarity

API ID:
String ID: PowerReg$gisterSu$ication$powrprof$rof.dll$spendRes$umeNotif
API String ID: 0-941992356
Opcode ID: db9f496633c786c2f938d8ee8c28872e401ef40274a3c6a1b401cd10bf670bb1
Instruction ID: 7cbc2de54cf51864051b6b280addbf0890504394b527f62628f8863c1a74cc30
Opcode Fuzzy Hash: db9f496633c786c2f938d8ee8c28872e401ef40274a3c6a1b401cd10bf670bb1
Instruction Fuzzy Hash: 003104B6208B8085D620DB11F44039EB7A5F789BC4F98812AEBDC47BAADF78C555CB40

Function 000F5402 Relevance: 7.6, Strings: 6, Instructions: 113COMMON

Download Yara Rule

Strings

runtime.SetFinalizer: second argument is runtime: blocked read on closing polldescruntime: typeBitsBulkBarrier without typestopTheWorld: not stopped (stopwait != 0)acquireSudog: found s.elem != nil in cachefatal error: cgo callback before cgo callnon-empty ma, xrefs: 000F57AC
to finalizer GC assist waitGC worker initbad allocCountbad restart PCbad span statefinalizer waitnil elem type!no module datasemaRoot queuestack overflowstopm spinningstore64 failedsync.Cond.WaituserArenaStatework.full != 0double scavengeforce gc (idle)invali, xrefs: 000F56A1, 000F56F8, 000F5762
, not a function0123456789abcdefGC scavenge waitGC worker (idle)GODEBUG: value "bad g transitionbad special kindbad summary databad symbol tablecastogscanstatusgc: unswept spaninteger overflowinvalid g statusmSpanList.insertmSpanList.removemissing stackmaprefl, xrefs: 000F579D
because dotdotdotGC worker (active)bad lfnode addressbad manualFreeListforEachP: not donegarbage collectionindex out of rangeruntime.semacreateruntime.semawakeupstopping the worldsync.RWMutex.RLock called using nil *GC mark terminationGC work not flushedadjus, xrefs: 000F573C
runtime.SetFinalizer: pointer not at beginning of allocated blockuser arena chunk size is not a mutliple of the physical page sizecannot convert slice with length %y to array or pointer to array with length %xQueryPerformanceFrequency syscall returned zero, ru, xrefs: 000F57BD
runtime.SetFinalizer: cannot pass runtime: g is running but p is notschedule: spinning with local workslice bounds out of range [%x:%y:]slice bounds out of range [:%x:%y]attempt to clear non-empty span setfindrunnable: netpoll with spinninggreyobject: obj not , xrefs: 000F56B6, 000F570D, 000F5777

Memory Dump Source

Source File: 00000004.00000002.1222885370.00000000000E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000004.00000002.1222859789.00000000000E0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.0000000000404000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.000000000042B000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.0000000000431000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.000000000043A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1223665680.000000000043F000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_e0000_Keygen.jbxd

Similarity

API ID:
String ID: because dotdotdotGC worker (active)bad lfnode addressbad manualFreeListforEachP: not donegarbage collectionindex out of rangeruntime.semacreateruntime.semawakeupstopping the worldsync.RWMutex.RLock called using nil *GC mark terminationGC work not flushedadjus$ to finalizer GC assist waitGC worker initbad allocCountbad restart PCbad span statefinalizer waitnil elem type!no module datasemaRoot queuestack overflowstopm spinningstore64 failedsync.Cond.WaituserArenaStatework.full != 0double scavengeforce gc (idle)invali$, not a function0123456789abcdefGC scavenge waitGC worker (idle)GODEBUG: value "bad g transitionbad special kindbad summary databad symbol tablecastogscanstatusgc: unswept spaninteger overflowinvalid g statusmSpanList.insertmSpanList.removemissing stackmaprefl$runtime.SetFinalizer: cannot pass runtime: g is running but p is notschedule: spinning with local workslice bounds out of range [%x:%y:]slice bounds out of range [:%x:%y]attempt to clear non-empty span setfindrunnable: netpoll with spinninggreyobject: obj not $runtime.SetFinalizer: pointer not at beginning of allocated blockuser arena chunk size is not a mutliple of the physical page sizecannot convert slice with length %y to array or pointer to array with length %xQueryPerformanceFrequency syscall returned zero, ru$runtime.SetFinalizer: second argument is runtime: blocked read on closing polldescruntime: typeBitsBulkBarrier without typestopTheWorld: not stopped (stopwait != 0)acquireSudog: found s.elem != nil in cachefatal error: cgo callback before cgo callnon-empty ma
API String ID: 0-2811689014
Opcode ID: d7d2b20008fd10b09fb2639ff7c90cf251603b5bd31933463072125d68d255d4
Instruction ID: c91e24f36d69ced6f0e24df4e934846472c8cb5da1b61027dd11d2921ff156c7
Opcode Fuzzy Hash: d7d2b20008fd10b09fb2639ff7c90cf251603b5bd31933463072125d68d255d4
Instruction Fuzzy Hash: 6A418C32209B88A1D760AF51F8403AEB7A1F784BC0F888436DB8897F59EF38D855D740

Function 000F53DE Relevance: 7.6, Strings: 6, Instructions: 113COMMON

Download Yara Rule

Strings

runtime.SetFinalizer: second argument is runtime: blocked read on closing polldescruntime: typeBitsBulkBarrier without typestopTheWorld: not stopped (stopwait != 0)acquireSudog: found s.elem != nil in cachefatal error: cgo callback before cgo callnon-empty ma, xrefs: 000F57AC
to finalizer GC assist waitGC worker initbad allocCountbad restart PCbad span statefinalizer waitnil elem type!no module datasemaRoot queuestack overflowstopm spinningstore64 failedsync.Cond.WaituserArenaStatework.full != 0double scavengeforce gc (idle)invali, xrefs: 000F56A1, 000F56F8, 000F5762
, not a function0123456789abcdefGC scavenge waitGC worker (idle)GODEBUG: value "bad g transitionbad special kindbad summary databad symbol tablecastogscanstatusgc: unswept spaninteger overflowinvalid g statusmSpanList.insertmSpanList.removemissing stackmaprefl, xrefs: 000F579D
because dotdotdotGC worker (active)bad lfnode addressbad manualFreeListforEachP: not donegarbage collectionindex out of rangeruntime.semacreateruntime.semawakeupstopping the worldsync.RWMutex.RLock called using nil *GC mark terminationGC work not flushedadjus, xrefs: 000F573C
runtime.SetFinalizer: pointer not at beginning of allocated blockuser arena chunk size is not a mutliple of the physical page sizecannot convert slice with length %y to array or pointer to array with length %xQueryPerformanceFrequency syscall returned zero, ru, xrefs: 000F57BD
runtime.SetFinalizer: cannot pass runtime: g is running but p is notschedule: spinning with local workslice bounds out of range [%x:%y:]slice bounds out of range [:%x:%y]attempt to clear non-empty span setfindrunnable: netpoll with spinninggreyobject: obj not , xrefs: 000F56B6, 000F570D, 000F5777

Memory Dump Source

Source File: 00000004.00000002.1222885370.00000000000E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000004.00000002.1222859789.00000000000E0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.0000000000404000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.000000000042B000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.0000000000431000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.000000000043A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1223665680.000000000043F000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_e0000_Keygen.jbxd

Similarity

API ID:
String ID: because dotdotdotGC worker (active)bad lfnode addressbad manualFreeListforEachP: not donegarbage collectionindex out of rangeruntime.semacreateruntime.semawakeupstopping the worldsync.RWMutex.RLock called using nil *GC mark terminationGC work not flushedadjus$ to finalizer GC assist waitGC worker initbad allocCountbad restart PCbad span statefinalizer waitnil elem type!no module datasemaRoot queuestack overflowstopm spinningstore64 failedsync.Cond.WaituserArenaStatework.full != 0double scavengeforce gc (idle)invali$, not a function0123456789abcdefGC scavenge waitGC worker (idle)GODEBUG: value "bad g transitionbad special kindbad summary databad symbol tablecastogscanstatusgc: unswept spaninteger overflowinvalid g statusmSpanList.insertmSpanList.removemissing stackmaprefl$runtime.SetFinalizer: cannot pass runtime: g is running but p is notschedule: spinning with local workslice bounds out of range [%x:%y:]slice bounds out of range [:%x:%y]attempt to clear non-empty span setfindrunnable: netpoll with spinninggreyobject: obj not $runtime.SetFinalizer: pointer not at beginning of allocated blockuser arena chunk size is not a mutliple of the physical page sizecannot convert slice with length %y to array or pointer to array with length %xQueryPerformanceFrequency syscall returned zero, ru$runtime.SetFinalizer: second argument is runtime: blocked read on closing polldescruntime: typeBitsBulkBarrier without typestopTheWorld: not stopped (stopwait != 0)acquireSudog: found s.elem != nil in cachefatal error: cgo callback before cgo callnon-empty ma
API String ID: 0-2811689014
Opcode ID: a15f7d5293d3dcc1477e3b9fb84d621f13e3fb9bb3edcce7bfdaa8056f939c88
Instruction ID: 4fac64064bd86823a123879aef0596ac250ff9328643bbde187019b603916668
Opcode Fuzzy Hash: a15f7d5293d3dcc1477e3b9fb84d621f13e3fb9bb3edcce7bfdaa8056f939c88
Instruction Fuzzy Hash: 4C418C32209B98A1D760AF51F8403AEB7A1F784BC0F888436DB8897F59EF38D855D740

Function 000F53D8 Relevance: 7.6, Strings: 6, Instructions: 113COMMON

Download Yara Rule

Strings

runtime.SetFinalizer: second argument is runtime: blocked read on closing polldescruntime: typeBitsBulkBarrier without typestopTheWorld: not stopped (stopwait != 0)acquireSudog: found s.elem != nil in cachefatal error: cgo callback before cgo callnon-empty ma, xrefs: 000F57AC
to finalizer GC assist waitGC worker initbad allocCountbad restart PCbad span statefinalizer waitnil elem type!no module datasemaRoot queuestack overflowstopm spinningstore64 failedsync.Cond.WaituserArenaStatework.full != 0double scavengeforce gc (idle)invali, xrefs: 000F56A1, 000F56F8, 000F5762
, not a function0123456789abcdefGC scavenge waitGC worker (idle)GODEBUG: value "bad g transitionbad special kindbad summary databad symbol tablecastogscanstatusgc: unswept spaninteger overflowinvalid g statusmSpanList.insertmSpanList.removemissing stackmaprefl, xrefs: 000F579D
because dotdotdotGC worker (active)bad lfnode addressbad manualFreeListforEachP: not donegarbage collectionindex out of rangeruntime.semacreateruntime.semawakeupstopping the worldsync.RWMutex.RLock called using nil *GC mark terminationGC work not flushedadjus, xrefs: 000F573C
runtime.SetFinalizer: pointer not at beginning of allocated blockuser arena chunk size is not a mutliple of the physical page sizecannot convert slice with length %y to array or pointer to array with length %xQueryPerformanceFrequency syscall returned zero, ru, xrefs: 000F57BD
runtime.SetFinalizer: cannot pass runtime: g is running but p is notschedule: spinning with local workslice bounds out of range [%x:%y:]slice bounds out of range [:%x:%y]attempt to clear non-empty span setfindrunnable: netpoll with spinninggreyobject: obj not , xrefs: 000F56B6, 000F570D, 000F5777

Memory Dump Source

Source File: 00000004.00000002.1222885370.00000000000E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000004.00000002.1222859789.00000000000E0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.0000000000404000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.000000000042B000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.0000000000431000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.000000000043A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1223665680.000000000043F000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_e0000_Keygen.jbxd

Similarity

API ID:
String ID: because dotdotdotGC worker (active)bad lfnode addressbad manualFreeListforEachP: not donegarbage collectionindex out of rangeruntime.semacreateruntime.semawakeupstopping the worldsync.RWMutex.RLock called using nil *GC mark terminationGC work not flushedadjus$ to finalizer GC assist waitGC worker initbad allocCountbad restart PCbad span statefinalizer waitnil elem type!no module datasemaRoot queuestack overflowstopm spinningstore64 failedsync.Cond.WaituserArenaStatework.full != 0double scavengeforce gc (idle)invali$, not a function0123456789abcdefGC scavenge waitGC worker (idle)GODEBUG: value "bad g transitionbad special kindbad summary databad symbol tablecastogscanstatusgc: unswept spaninteger overflowinvalid g statusmSpanList.insertmSpanList.removemissing stackmaprefl$runtime.SetFinalizer: cannot pass runtime: g is running but p is notschedule: spinning with local workslice bounds out of range [%x:%y:]slice bounds out of range [:%x:%y]attempt to clear non-empty span setfindrunnable: netpoll with spinninggreyobject: obj not $runtime.SetFinalizer: pointer not at beginning of allocated blockuser arena chunk size is not a mutliple of the physical page sizecannot convert slice with length %y to array or pointer to array with length %xQueryPerformanceFrequency syscall returned zero, ru$runtime.SetFinalizer: second argument is runtime: blocked read on closing polldescruntime: typeBitsBulkBarrier without typestopTheWorld: not stopped (stopwait != 0)acquireSudog: found s.elem != nil in cachefatal error: cgo callback before cgo callnon-empty ma
API String ID: 0-2811689014
Opcode ID: 163d2595fb52334b05b8b8027f382c26bd4ad403a47f8efa05bcd8951f4905c1
Instruction ID: baa2d8f436f6b3a1fca52e28cab98a9528bf7c3a93a499020d12667dba9ed847
Opcode Fuzzy Hash: 163d2595fb52334b05b8b8027f382c26bd4ad403a47f8efa05bcd8951f4905c1
Instruction Fuzzy Hash: 69418C32209B88A1D760AF51F8403AEB7A1F784BC0F888436DB8897F59EF38D855D740

Function 000F53EA Relevance: 7.6, Strings: 6, Instructions: 113COMMON

Download Yara Rule

Strings

runtime.SetFinalizer: second argument is runtime: blocked read on closing polldescruntime: typeBitsBulkBarrier without typestopTheWorld: not stopped (stopwait != 0)acquireSudog: found s.elem != nil in cachefatal error: cgo callback before cgo callnon-empty ma, xrefs: 000F57AC
to finalizer GC assist waitGC worker initbad allocCountbad restart PCbad span statefinalizer waitnil elem type!no module datasemaRoot queuestack overflowstopm spinningstore64 failedsync.Cond.WaituserArenaStatework.full != 0double scavengeforce gc (idle)invali, xrefs: 000F56A1, 000F56F8, 000F5762
, not a function0123456789abcdefGC scavenge waitGC worker (idle)GODEBUG: value "bad g transitionbad special kindbad summary databad symbol tablecastogscanstatusgc: unswept spaninteger overflowinvalid g statusmSpanList.insertmSpanList.removemissing stackmaprefl, xrefs: 000F579D
because dotdotdotGC worker (active)bad lfnode addressbad manualFreeListforEachP: not donegarbage collectionindex out of rangeruntime.semacreateruntime.semawakeupstopping the worldsync.RWMutex.RLock called using nil *GC mark terminationGC work not flushedadjus, xrefs: 000F573C
runtime.SetFinalizer: pointer not at beginning of allocated blockuser arena chunk size is not a mutliple of the physical page sizecannot convert slice with length %y to array or pointer to array with length %xQueryPerformanceFrequency syscall returned zero, ru, xrefs: 000F57BD
runtime.SetFinalizer: cannot pass runtime: g is running but p is notschedule: spinning with local workslice bounds out of range [%x:%y:]slice bounds out of range [:%x:%y]attempt to clear non-empty span setfindrunnable: netpoll with spinninggreyobject: obj not , xrefs: 000F56B6, 000F570D, 000F5777

Memory Dump Source

Source File: 00000004.00000002.1222885370.00000000000E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000004.00000002.1222859789.00000000000E0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.0000000000404000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.000000000042B000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.0000000000431000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.000000000043A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1223665680.000000000043F000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_e0000_Keygen.jbxd

Similarity

API ID:
String ID: because dotdotdotGC worker (active)bad lfnode addressbad manualFreeListforEachP: not donegarbage collectionindex out of rangeruntime.semacreateruntime.semawakeupstopping the worldsync.RWMutex.RLock called using nil *GC mark terminationGC work not flushedadjus$ to finalizer GC assist waitGC worker initbad allocCountbad restart PCbad span statefinalizer waitnil elem type!no module datasemaRoot queuestack overflowstopm spinningstore64 failedsync.Cond.WaituserArenaStatework.full != 0double scavengeforce gc (idle)invali$, not a function0123456789abcdefGC scavenge waitGC worker (idle)GODEBUG: value "bad g transitionbad special kindbad summary databad symbol tablecastogscanstatusgc: unswept spaninteger overflowinvalid g statusmSpanList.insertmSpanList.removemissing stackmaprefl$runtime.SetFinalizer: cannot pass runtime: g is running but p is notschedule: spinning with local workslice bounds out of range [%x:%y:]slice bounds out of range [:%x:%y]attempt to clear non-empty span setfindrunnable: netpoll with spinninggreyobject: obj not $runtime.SetFinalizer: pointer not at beginning of allocated blockuser arena chunk size is not a mutliple of the physical page sizecannot convert slice with length %y to array or pointer to array with length %xQueryPerformanceFrequency syscall returned zero, ru$runtime.SetFinalizer: second argument is runtime: blocked read on closing polldescruntime: typeBitsBulkBarrier without typestopTheWorld: not stopped (stopwait != 0)acquireSudog: found s.elem != nil in cachefatal error: cgo callback before cgo callnon-empty ma
API String ID: 0-2811689014
Opcode ID: 4fd9fa17872103fc3b23e15b98ed18c5703a3dbc4d051cb18682d38b22ffc464
Instruction ID: 4a31776e654b9402df9fedea9ce74e5f3d801215db45ea652753884bc9f0e9a1
Opcode Fuzzy Hash: 4fd9fa17872103fc3b23e15b98ed18c5703a3dbc4d051cb18682d38b22ffc464
Instruction Fuzzy Hash: 76418B32209B88A1D760AF51F8403AEB7A1F784BC0F888436DB8897B59EF38D855D740

Function 000F53E4 Relevance: 7.6, Strings: 6, Instructions: 113COMMON

Download Yara Rule

Strings

runtime.SetFinalizer: second argument is runtime: blocked read on closing polldescruntime: typeBitsBulkBarrier without typestopTheWorld: not stopped (stopwait != 0)acquireSudog: found s.elem != nil in cachefatal error: cgo callback before cgo callnon-empty ma, xrefs: 000F57AC
to finalizer GC assist waitGC worker initbad allocCountbad restart PCbad span statefinalizer waitnil elem type!no module datasemaRoot queuestack overflowstopm spinningstore64 failedsync.Cond.WaituserArenaStatework.full != 0double scavengeforce gc (idle)invali, xrefs: 000F56A1, 000F56F8, 000F5762
, not a function0123456789abcdefGC scavenge waitGC worker (idle)GODEBUG: value "bad g transitionbad special kindbad summary databad symbol tablecastogscanstatusgc: unswept spaninteger overflowinvalid g statusmSpanList.insertmSpanList.removemissing stackmaprefl, xrefs: 000F579D
because dotdotdotGC worker (active)bad lfnode addressbad manualFreeListforEachP: not donegarbage collectionindex out of rangeruntime.semacreateruntime.semawakeupstopping the worldsync.RWMutex.RLock called using nil *GC mark terminationGC work not flushedadjus, xrefs: 000F573C
runtime.SetFinalizer: pointer not at beginning of allocated blockuser arena chunk size is not a mutliple of the physical page sizecannot convert slice with length %y to array or pointer to array with length %xQueryPerformanceFrequency syscall returned zero, ru, xrefs: 000F57BD
runtime.SetFinalizer: cannot pass runtime: g is running but p is notschedule: spinning with local workslice bounds out of range [%x:%y:]slice bounds out of range [:%x:%y]attempt to clear non-empty span setfindrunnable: netpoll with spinninggreyobject: obj not , xrefs: 000F56B6, 000F570D, 000F5777

Memory Dump Source

Source File: 00000004.00000002.1222885370.00000000000E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000004.00000002.1222859789.00000000000E0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.0000000000404000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.000000000042B000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.0000000000431000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.000000000043A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1223665680.000000000043F000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_e0000_Keygen.jbxd

Similarity

API ID:
String ID: because dotdotdotGC worker (active)bad lfnode addressbad manualFreeListforEachP: not donegarbage collectionindex out of rangeruntime.semacreateruntime.semawakeupstopping the worldsync.RWMutex.RLock called using nil *GC mark terminationGC work not flushedadjus$ to finalizer GC assist waitGC worker initbad allocCountbad restart PCbad span statefinalizer waitnil elem type!no module datasemaRoot queuestack overflowstopm spinningstore64 failedsync.Cond.WaituserArenaStatework.full != 0double scavengeforce gc (idle)invali$, not a function0123456789abcdefGC scavenge waitGC worker (idle)GODEBUG: value "bad g transitionbad special kindbad summary databad symbol tablecastogscanstatusgc: unswept spaninteger overflowinvalid g statusmSpanList.insertmSpanList.removemissing stackmaprefl$runtime.SetFinalizer: cannot pass runtime: g is running but p is notschedule: spinning with local workslice bounds out of range [%x:%y:]slice bounds out of range [:%x:%y]attempt to clear non-empty span setfindrunnable: netpoll with spinninggreyobject: obj not $runtime.SetFinalizer: pointer not at beginning of allocated blockuser arena chunk size is not a mutliple of the physical page sizecannot convert slice with length %y to array or pointer to array with length %xQueryPerformanceFrequency syscall returned zero, ru$runtime.SetFinalizer: second argument is runtime: blocked read on closing polldescruntime: typeBitsBulkBarrier without typestopTheWorld: not stopped (stopwait != 0)acquireSudog: found s.elem != nil in cachefatal error: cgo callback before cgo callnon-empty ma
API String ID: 0-2811689014
Opcode ID: f92f514aefb3523712bf1edf560689c8d9b913357eb473602ef39ee28edcfa1d
Instruction ID: 21b3066a63122baed2516adb3559d500a71c5e629d56d7a7d75e90979daa3ba3
Opcode Fuzzy Hash: f92f514aefb3523712bf1edf560689c8d9b913357eb473602ef39ee28edcfa1d
Instruction Fuzzy Hash: E9418C32209B88A1D760AF51F8403AEB7A1F784BC0F888436DB8897F59EF38D855D740

Function 000F53FC Relevance: 7.6, Strings: 6, Instructions: 113COMMON

Download Yara Rule

Strings

runtime.SetFinalizer: second argument is runtime: blocked read on closing polldescruntime: typeBitsBulkBarrier without typestopTheWorld: not stopped (stopwait != 0)acquireSudog: found s.elem != nil in cachefatal error: cgo callback before cgo callnon-empty ma, xrefs: 000F57AC
to finalizer GC assist waitGC worker initbad allocCountbad restart PCbad span statefinalizer waitnil elem type!no module datasemaRoot queuestack overflowstopm spinningstore64 failedsync.Cond.WaituserArenaStatework.full != 0double scavengeforce gc (idle)invali, xrefs: 000F56A1, 000F56F8, 000F5762
, not a function0123456789abcdefGC scavenge waitGC worker (idle)GODEBUG: value "bad g transitionbad special kindbad summary databad symbol tablecastogscanstatusgc: unswept spaninteger overflowinvalid g statusmSpanList.insertmSpanList.removemissing stackmaprefl, xrefs: 000F579D
because dotdotdotGC worker (active)bad lfnode addressbad manualFreeListforEachP: not donegarbage collectionindex out of rangeruntime.semacreateruntime.semawakeupstopping the worldsync.RWMutex.RLock called using nil *GC mark terminationGC work not flushedadjus, xrefs: 000F573C
runtime.SetFinalizer: pointer not at beginning of allocated blockuser arena chunk size is not a mutliple of the physical page sizecannot convert slice with length %y to array or pointer to array with length %xQueryPerformanceFrequency syscall returned zero, ru, xrefs: 000F57BD
runtime.SetFinalizer: cannot pass runtime: g is running but p is notschedule: spinning with local workslice bounds out of range [%x:%y:]slice bounds out of range [:%x:%y]attempt to clear non-empty span setfindrunnable: netpoll with spinninggreyobject: obj not , xrefs: 000F56B6, 000F570D, 000F5777

Memory Dump Source

Source File: 00000004.00000002.1222885370.00000000000E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000004.00000002.1222859789.00000000000E0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.0000000000404000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.000000000042B000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.0000000000431000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.000000000043A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1223665680.000000000043F000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_e0000_Keygen.jbxd

Similarity

API ID:
String ID: because dotdotdotGC worker (active)bad lfnode addressbad manualFreeListforEachP: not donegarbage collectionindex out of rangeruntime.semacreateruntime.semawakeupstopping the worldsync.RWMutex.RLock called using nil *GC mark terminationGC work not flushedadjus$ to finalizer GC assist waitGC worker initbad allocCountbad restart PCbad span statefinalizer waitnil elem type!no module datasemaRoot queuestack overflowstopm spinningstore64 failedsync.Cond.WaituserArenaStatework.full != 0double scavengeforce gc (idle)invali$, not a function0123456789abcdefGC scavenge waitGC worker (idle)GODEBUG: value "bad g transitionbad special kindbad summary databad symbol tablecastogscanstatusgc: unswept spaninteger overflowinvalid g statusmSpanList.insertmSpanList.removemissing stackmaprefl$runtime.SetFinalizer: cannot pass runtime: g is running but p is notschedule: spinning with local workslice bounds out of range [%x:%y:]slice bounds out of range [:%x:%y]attempt to clear non-empty span setfindrunnable: netpoll with spinninggreyobject: obj not $runtime.SetFinalizer: pointer not at beginning of allocated blockuser arena chunk size is not a mutliple of the physical page sizecannot convert slice with length %y to array or pointer to array with length %xQueryPerformanceFrequency syscall returned zero, ru$runtime.SetFinalizer: second argument is runtime: blocked read on closing polldescruntime: typeBitsBulkBarrier without typestopTheWorld: not stopped (stopwait != 0)acquireSudog: found s.elem != nil in cachefatal error: cgo callback before cgo callnon-empty ma
API String ID: 0-2811689014
Opcode ID: f92f514aefb3523712bf1edf560689c8d9b913357eb473602ef39ee28edcfa1d
Instruction ID: 21b3066a63122baed2516adb3559d500a71c5e629d56d7a7d75e90979daa3ba3
Opcode Fuzzy Hash: f92f514aefb3523712bf1edf560689c8d9b913357eb473602ef39ee28edcfa1d
Instruction Fuzzy Hash: E9418C32209B88A1D760AF51F8403AEB7A1F784BC0F888436DB8897F59EF38D855D740

Function 000F53F6 Relevance: 7.6, Strings: 6, Instructions: 113COMMON

Download Yara Rule

Strings

runtime.SetFinalizer: second argument is runtime: blocked read on closing polldescruntime: typeBitsBulkBarrier without typestopTheWorld: not stopped (stopwait != 0)acquireSudog: found s.elem != nil in cachefatal error: cgo callback before cgo callnon-empty ma, xrefs: 000F57AC
to finalizer GC assist waitGC worker initbad allocCountbad restart PCbad span statefinalizer waitnil elem type!no module datasemaRoot queuestack overflowstopm spinningstore64 failedsync.Cond.WaituserArenaStatework.full != 0double scavengeforce gc (idle)invali, xrefs: 000F56A1, 000F56F8, 000F5762
, not a function0123456789abcdefGC scavenge waitGC worker (idle)GODEBUG: value "bad g transitionbad special kindbad summary databad symbol tablecastogscanstatusgc: unswept spaninteger overflowinvalid g statusmSpanList.insertmSpanList.removemissing stackmaprefl, xrefs: 000F579D
because dotdotdotGC worker (active)bad lfnode addressbad manualFreeListforEachP: not donegarbage collectionindex out of rangeruntime.semacreateruntime.semawakeupstopping the worldsync.RWMutex.RLock called using nil *GC mark terminationGC work not flushedadjus, xrefs: 000F573C
runtime.SetFinalizer: pointer not at beginning of allocated blockuser arena chunk size is not a mutliple of the physical page sizecannot convert slice with length %y to array or pointer to array with length %xQueryPerformanceFrequency syscall returned zero, ru, xrefs: 000F57BD
runtime.SetFinalizer: cannot pass runtime: g is running but p is notschedule: spinning with local workslice bounds out of range [%x:%y:]slice bounds out of range [:%x:%y]attempt to clear non-empty span setfindrunnable: netpoll with spinninggreyobject: obj not , xrefs: 000F56B6, 000F570D, 000F5777

Memory Dump Source

Source File: 00000004.00000002.1222885370.00000000000E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000004.00000002.1222859789.00000000000E0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.0000000000404000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.000000000042B000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.0000000000431000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.000000000043A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1223665680.000000000043F000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_e0000_Keygen.jbxd

Similarity

API ID:
String ID: because dotdotdotGC worker (active)bad lfnode addressbad manualFreeListforEachP: not donegarbage collectionindex out of rangeruntime.semacreateruntime.semawakeupstopping the worldsync.RWMutex.RLock called using nil *GC mark terminationGC work not flushedadjus$ to finalizer GC assist waitGC worker initbad allocCountbad restart PCbad span statefinalizer waitnil elem type!no module datasemaRoot queuestack overflowstopm spinningstore64 failedsync.Cond.WaituserArenaStatework.full != 0double scavengeforce gc (idle)invali$, not a function0123456789abcdefGC scavenge waitGC worker (idle)GODEBUG: value "bad g transitionbad special kindbad summary databad symbol tablecastogscanstatusgc: unswept spaninteger overflowinvalid g statusmSpanList.insertmSpanList.removemissing stackmaprefl$runtime.SetFinalizer: cannot pass runtime: g is running but p is notschedule: spinning with local workslice bounds out of range [%x:%y:]slice bounds out of range [:%x:%y]attempt to clear non-empty span setfindrunnable: netpoll with spinninggreyobject: obj not $runtime.SetFinalizer: pointer not at beginning of allocated blockuser arena chunk size is not a mutliple of the physical page sizecannot convert slice with length %y to array or pointer to array with length %xQueryPerformanceFrequency syscall returned zero, ru$runtime.SetFinalizer: second argument is runtime: blocked read on closing polldescruntime: typeBitsBulkBarrier without typestopTheWorld: not stopped (stopwait != 0)acquireSudog: found s.elem != nil in cachefatal error: cgo callback before cgo callnon-empty ma
API String ID: 0-2811689014
Opcode ID: f92f514aefb3523712bf1edf560689c8d9b913357eb473602ef39ee28edcfa1d
Instruction ID: 21b3066a63122baed2516adb3559d500a71c5e629d56d7a7d75e90979daa3ba3
Opcode Fuzzy Hash: f92f514aefb3523712bf1edf560689c8d9b913357eb473602ef39ee28edcfa1d
Instruction Fuzzy Hash: E9418C32209B88A1D760AF51F8403AEB7A1F784BC0F888436DB8897F59EF38D855D740

Function 000F53F0 Relevance: 7.6, Strings: 6, Instructions: 113COMMON

Download Yara Rule

Strings

runtime.SetFinalizer: second argument is runtime: blocked read on closing polldescruntime: typeBitsBulkBarrier without typestopTheWorld: not stopped (stopwait != 0)acquireSudog: found s.elem != nil in cachefatal error: cgo callback before cgo callnon-empty ma, xrefs: 000F57AC
to finalizer GC assist waitGC worker initbad allocCountbad restart PCbad span statefinalizer waitnil elem type!no module datasemaRoot queuestack overflowstopm spinningstore64 failedsync.Cond.WaituserArenaStatework.full != 0double scavengeforce gc (idle)invali, xrefs: 000F56A1, 000F56F8, 000F5762
, not a function0123456789abcdefGC scavenge waitGC worker (idle)GODEBUG: value "bad g transitionbad special kindbad summary databad symbol tablecastogscanstatusgc: unswept spaninteger overflowinvalid g statusmSpanList.insertmSpanList.removemissing stackmaprefl, xrefs: 000F579D
because dotdotdotGC worker (active)bad lfnode addressbad manualFreeListforEachP: not donegarbage collectionindex out of rangeruntime.semacreateruntime.semawakeupstopping the worldsync.RWMutex.RLock called using nil *GC mark terminationGC work not flushedadjus, xrefs: 000F573C
runtime.SetFinalizer: pointer not at beginning of allocated blockuser arena chunk size is not a mutliple of the physical page sizecannot convert slice with length %y to array or pointer to array with length %xQueryPerformanceFrequency syscall returned zero, ru, xrefs: 000F57BD
runtime.SetFinalizer: cannot pass runtime: g is running but p is notschedule: spinning with local workslice bounds out of range [%x:%y:]slice bounds out of range [:%x:%y]attempt to clear non-empty span setfindrunnable: netpoll with spinninggreyobject: obj not , xrefs: 000F56B6, 000F570D, 000F5777

Memory Dump Source

Source File: 00000004.00000002.1222885370.00000000000E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000004.00000002.1222859789.00000000000E0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.0000000000404000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.000000000042B000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.0000000000431000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.000000000043A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1223665680.000000000043F000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_e0000_Keygen.jbxd

Similarity

API ID:
String ID: because dotdotdotGC worker (active)bad lfnode addressbad manualFreeListforEachP: not donegarbage collectionindex out of rangeruntime.semacreateruntime.semawakeupstopping the worldsync.RWMutex.RLock called using nil *GC mark terminationGC work not flushedadjus$ to finalizer GC assist waitGC worker initbad allocCountbad restart PCbad span statefinalizer waitnil elem type!no module datasemaRoot queuestack overflowstopm spinningstore64 failedsync.Cond.WaituserArenaStatework.full != 0double scavengeforce gc (idle)invali$, not a function0123456789abcdefGC scavenge waitGC worker (idle)GODEBUG: value "bad g transitionbad special kindbad summary databad symbol tablecastogscanstatusgc: unswept spaninteger overflowinvalid g statusmSpanList.insertmSpanList.removemissing stackmaprefl$runtime.SetFinalizer: cannot pass runtime: g is running but p is notschedule: spinning with local workslice bounds out of range [%x:%y:]slice bounds out of range [:%x:%y]attempt to clear non-empty span setfindrunnable: netpoll with spinninggreyobject: obj not $runtime.SetFinalizer: pointer not at beginning of allocated blockuser arena chunk size is not a mutliple of the physical page sizecannot convert slice with length %y to array or pointer to array with length %xQueryPerformanceFrequency syscall returned zero, ru$runtime.SetFinalizer: second argument is runtime: blocked read on closing polldescruntime: typeBitsBulkBarrier without typestopTheWorld: not stopped (stopwait != 0)acquireSudog: found s.elem != nil in cachefatal error: cgo callback before cgo callnon-empty ma
API String ID: 0-2811689014
Opcode ID: a4eab2398724d278ee397114228b4d8888b90f1d48bb8be9674c4fc7f47b77c7
Instruction ID: 61e308a5ef24a8470e85505f1435bd87fcfae71e45d5e8b70238f0f9e34ef202
Opcode Fuzzy Hash: a4eab2398724d278ee397114228b4d8888b90f1d48bb8be9674c4fc7f47b77c7
Instruction Fuzzy Hash: 88418B32209B88A1D760AF51F8403AEB7A1F784BC0F888436DB8897F59EF38D855D740

Function 000F5408 Relevance: 7.6, Strings: 6, Instructions: 112COMMON

Download Yara Rule

Strings

runtime.SetFinalizer: second argument is runtime: blocked read on closing polldescruntime: typeBitsBulkBarrier without typestopTheWorld: not stopped (stopwait != 0)acquireSudog: found s.elem != nil in cachefatal error: cgo callback before cgo callnon-empty ma, xrefs: 000F57AC
to finalizer GC assist waitGC worker initbad allocCountbad restart PCbad span statefinalizer waitnil elem type!no module datasemaRoot queuestack overflowstopm spinningstore64 failedsync.Cond.WaituserArenaStatework.full != 0double scavengeforce gc (idle)invali, xrefs: 000F56A1, 000F56F8, 000F5762
, not a function0123456789abcdefGC scavenge waitGC worker (idle)GODEBUG: value "bad g transitionbad special kindbad summary databad symbol tablecastogscanstatusgc: unswept spaninteger overflowinvalid g statusmSpanList.insertmSpanList.removemissing stackmaprefl, xrefs: 000F579D
because dotdotdotGC worker (active)bad lfnode addressbad manualFreeListforEachP: not donegarbage collectionindex out of rangeruntime.semacreateruntime.semawakeupstopping the worldsync.RWMutex.RLock called using nil *GC mark terminationGC work not flushedadjus, xrefs: 000F573C
runtime.SetFinalizer: pointer not at beginning of allocated blockuser arena chunk size is not a mutliple of the physical page sizecannot convert slice with length %y to array or pointer to array with length %xQueryPerformanceFrequency syscall returned zero, ru, xrefs: 000F57BD
runtime.SetFinalizer: cannot pass runtime: g is running but p is notschedule: spinning with local workslice bounds out of range [%x:%y:]slice bounds out of range [:%x:%y]attempt to clear non-empty span setfindrunnable: netpoll with spinninggreyobject: obj not , xrefs: 000F56B6, 000F570D, 000F5777

Memory Dump Source

Source File: 00000004.00000002.1222885370.00000000000E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000004.00000002.1222859789.00000000000E0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.0000000000404000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.000000000042B000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.0000000000431000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.000000000043A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1223665680.000000000043F000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_e0000_Keygen.jbxd

Similarity

API ID:
String ID: because dotdotdotGC worker (active)bad lfnode addressbad manualFreeListforEachP: not donegarbage collectionindex out of rangeruntime.semacreateruntime.semawakeupstopping the worldsync.RWMutex.RLock called using nil *GC mark terminationGC work not flushedadjus$ to finalizer GC assist waitGC worker initbad allocCountbad restart PCbad span statefinalizer waitnil elem type!no module datasemaRoot queuestack overflowstopm spinningstore64 failedsync.Cond.WaituserArenaStatework.full != 0double scavengeforce gc (idle)invali$, not a function0123456789abcdefGC scavenge waitGC worker (idle)GODEBUG: value "bad g transitionbad special kindbad summary databad symbol tablecastogscanstatusgc: unswept spaninteger overflowinvalid g statusmSpanList.insertmSpanList.removemissing stackmaprefl$runtime.SetFinalizer: cannot pass runtime: g is running but p is notschedule: spinning with local workslice bounds out of range [%x:%y:]slice bounds out of range [:%x:%y]attempt to clear non-empty span setfindrunnable: netpoll with spinninggreyobject: obj not $runtime.SetFinalizer: pointer not at beginning of allocated blockuser arena chunk size is not a mutliple of the physical page sizecannot convert slice with length %y to array or pointer to array with length %xQueryPerformanceFrequency syscall returned zero, ru$runtime.SetFinalizer: second argument is runtime: blocked read on closing polldescruntime: typeBitsBulkBarrier without typestopTheWorld: not stopped (stopwait != 0)acquireSudog: found s.elem != nil in cachefatal error: cgo callback before cgo callnon-empty ma
API String ID: 0-2811689014
Opcode ID: e5b1f2c4212cbbf8aa018d75dcb8d0d13e0cfec6aca0a0236d6c8862e4c6b5f7
Instruction ID: 634067fc4966eed137a9833e3f3df360548a474a17b0e592fec4d574d51a8362
Opcode Fuzzy Hash: e5b1f2c4212cbbf8aa018d75dcb8d0d13e0cfec6aca0a0236d6c8862e4c6b5f7
Instruction Fuzzy Hash: 93417C32209B98A1D760AF51F8413EEB7A1F784BC0F888536DB8897B55EF38D855D740

Function 000F543F Relevance: 7.6, Strings: 6, Instructions: 106COMMON

Download Yara Rule

Strings

runtime.SetFinalizer: second argument is runtime: blocked read on closing polldescruntime: typeBitsBulkBarrier without typestopTheWorld: not stopped (stopwait != 0)acquireSudog: found s.elem != nil in cachefatal error: cgo callback before cgo callnon-empty ma, xrefs: 000F57AC
to finalizer GC assist waitGC worker initbad allocCountbad restart PCbad span statefinalizer waitnil elem type!no module datasemaRoot queuestack overflowstopm spinningstore64 failedsync.Cond.WaituserArenaStatework.full != 0double scavengeforce gc (idle)invali, xrefs: 000F56A1, 000F56F8, 000F5762
, not a function0123456789abcdefGC scavenge waitGC worker (idle)GODEBUG: value "bad g transitionbad special kindbad summary databad symbol tablecastogscanstatusgc: unswept spaninteger overflowinvalid g statusmSpanList.insertmSpanList.removemissing stackmaprefl, xrefs: 000F579D
because dotdotdotGC worker (active)bad lfnode addressbad manualFreeListforEachP: not donegarbage collectionindex out of rangeruntime.semacreateruntime.semawakeupstopping the worldsync.RWMutex.RLock called using nil *GC mark terminationGC work not flushedadjus, xrefs: 000F573C
runtime.SetFinalizer: pointer not at beginning of allocated blockuser arena chunk size is not a mutliple of the physical page sizecannot convert slice with length %y to array or pointer to array with length %xQueryPerformanceFrequency syscall returned zero, ru, xrefs: 000F57BD
runtime.SetFinalizer: cannot pass runtime: g is running but p is notschedule: spinning with local workslice bounds out of range [%x:%y:]slice bounds out of range [:%x:%y]attempt to clear non-empty span setfindrunnable: netpoll with spinninggreyobject: obj not , xrefs: 000F56B6, 000F570D, 000F5777

Memory Dump Source

Source File: 00000004.00000002.1222885370.00000000000E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000004.00000002.1222859789.00000000000E0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.0000000000404000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.000000000042B000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.0000000000431000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.000000000043A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1223665680.000000000043F000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_e0000_Keygen.jbxd

Similarity

API ID:
String ID: because dotdotdotGC worker (active)bad lfnode addressbad manualFreeListforEachP: not donegarbage collectionindex out of rangeruntime.semacreateruntime.semawakeupstopping the worldsync.RWMutex.RLock called using nil *GC mark terminationGC work not flushedadjus$ to finalizer GC assist waitGC worker initbad allocCountbad restart PCbad span statefinalizer waitnil elem type!no module datasemaRoot queuestack overflowstopm spinningstore64 failedsync.Cond.WaituserArenaStatework.full != 0double scavengeforce gc (idle)invali$, not a function0123456789abcdefGC scavenge waitGC worker (idle)GODEBUG: value "bad g transitionbad special kindbad summary databad symbol tablecastogscanstatusgc: unswept spaninteger overflowinvalid g statusmSpanList.insertmSpanList.removemissing stackmaprefl$runtime.SetFinalizer: cannot pass runtime: g is running but p is notschedule: spinning with local workslice bounds out of range [%x:%y:]slice bounds out of range [:%x:%y]attempt to clear non-empty span setfindrunnable: netpoll with spinninggreyobject: obj not $runtime.SetFinalizer: pointer not at beginning of allocated blockuser arena chunk size is not a mutliple of the physical page sizecannot convert slice with length %y to array or pointer to array with length %xQueryPerformanceFrequency syscall returned zero, ru$runtime.SetFinalizer: second argument is runtime: blocked read on closing polldescruntime: typeBitsBulkBarrier without typestopTheWorld: not stopped (stopwait != 0)acquireSudog: found s.elem != nil in cachefatal error: cgo callback before cgo callnon-empty ma
API String ID: 0-2811689014
Opcode ID: c3f89be1afa7fcab192b983e60f20490b8f8646d5dc8c7585468440876fa4983
Instruction ID: 5092886455e4c0f061da707cb591deb5cef8e87271fccad14b4c7eed64df54a5
Opcode Fuzzy Hash: c3f89be1afa7fcab192b983e60f20490b8f8646d5dc8c7585468440876fa4983
Instruction Fuzzy Hash: 17418B32209B88A1D760AF91F8407EEB7A0F784BC0F888536DB8897B54EF38D855D740

Function 000F5439 Relevance: 7.6, Strings: 6, Instructions: 106COMMON

Download Yara Rule

Strings

runtime.SetFinalizer: second argument is runtime: blocked read on closing polldescruntime: typeBitsBulkBarrier without typestopTheWorld: not stopped (stopwait != 0)acquireSudog: found s.elem != nil in cachefatal error: cgo callback before cgo callnon-empty ma, xrefs: 000F57AC
to finalizer GC assist waitGC worker initbad allocCountbad restart PCbad span statefinalizer waitnil elem type!no module datasemaRoot queuestack overflowstopm spinningstore64 failedsync.Cond.WaituserArenaStatework.full != 0double scavengeforce gc (idle)invali, xrefs: 000F56A1, 000F56F8, 000F5762
, not a function0123456789abcdefGC scavenge waitGC worker (idle)GODEBUG: value "bad g transitionbad special kindbad summary databad symbol tablecastogscanstatusgc: unswept spaninteger overflowinvalid g statusmSpanList.insertmSpanList.removemissing stackmaprefl, xrefs: 000F579D
because dotdotdotGC worker (active)bad lfnode addressbad manualFreeListforEachP: not donegarbage collectionindex out of rangeruntime.semacreateruntime.semawakeupstopping the worldsync.RWMutex.RLock called using nil *GC mark terminationGC work not flushedadjus, xrefs: 000F573C
runtime.SetFinalizer: pointer not at beginning of allocated blockuser arena chunk size is not a mutliple of the physical page sizecannot convert slice with length %y to array or pointer to array with length %xQueryPerformanceFrequency syscall returned zero, ru, xrefs: 000F57BD
runtime.SetFinalizer: cannot pass runtime: g is running but p is notschedule: spinning with local workslice bounds out of range [%x:%y:]slice bounds out of range [:%x:%y]attempt to clear non-empty span setfindrunnable: netpoll with spinninggreyobject: obj not , xrefs: 000F56B6, 000F570D, 000F5777

Memory Dump Source

Source File: 00000004.00000002.1222885370.00000000000E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000004.00000002.1222859789.00000000000E0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.0000000000404000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.000000000042B000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.0000000000431000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.000000000043A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1223665680.000000000043F000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_e0000_Keygen.jbxd

Similarity

API ID:
String ID: because dotdotdotGC worker (active)bad lfnode addressbad manualFreeListforEachP: not donegarbage collectionindex out of rangeruntime.semacreateruntime.semawakeupstopping the worldsync.RWMutex.RLock called using nil *GC mark terminationGC work not flushedadjus$ to finalizer GC assist waitGC worker initbad allocCountbad restart PCbad span statefinalizer waitnil elem type!no module datasemaRoot queuestack overflowstopm spinningstore64 failedsync.Cond.WaituserArenaStatework.full != 0double scavengeforce gc (idle)invali$, not a function0123456789abcdefGC scavenge waitGC worker (idle)GODEBUG: value "bad g transitionbad special kindbad summary databad symbol tablecastogscanstatusgc: unswept spaninteger overflowinvalid g statusmSpanList.insertmSpanList.removemissing stackmaprefl$runtime.SetFinalizer: cannot pass runtime: g is running but p is notschedule: spinning with local workslice bounds out of range [%x:%y:]slice bounds out of range [:%x:%y]attempt to clear non-empty span setfindrunnable: netpoll with spinninggreyobject: obj not $runtime.SetFinalizer: pointer not at beginning of allocated blockuser arena chunk size is not a mutliple of the physical page sizecannot convert slice with length %y to array or pointer to array with length %xQueryPerformanceFrequency syscall returned zero, ru$runtime.SetFinalizer: second argument is runtime: blocked read on closing polldescruntime: typeBitsBulkBarrier without typestopTheWorld: not stopped (stopwait != 0)acquireSudog: found s.elem != nil in cachefatal error: cgo callback before cgo callnon-empty ma
API String ID: 0-2811689014
Opcode ID: 31227ece86d2f82c11afe7ec1569cc061c7a37dfe725d7a56cc62fa63eaba4e3
Instruction ID: 6e4139151ae79680cdc68a6e5062dd8ee8ac79b9442851a427557979da70c35b
Opcode Fuzzy Hash: 31227ece86d2f82c11afe7ec1569cc061c7a37dfe725d7a56cc62fa63eaba4e3
Instruction Fuzzy Hash: 4E417A32209B88A1D660AF91F8407EEB7A0F784BC0F888536DB8897B54EF38D855D740

Function 000F544B Relevance: 7.6, Strings: 6, Instructions: 106COMMON

Download Yara Rule

Strings

runtime.SetFinalizer: second argument is runtime: blocked read on closing polldescruntime: typeBitsBulkBarrier without typestopTheWorld: not stopped (stopwait != 0)acquireSudog: found s.elem != nil in cachefatal error: cgo callback before cgo callnon-empty ma, xrefs: 000F57AC
to finalizer GC assist waitGC worker initbad allocCountbad restart PCbad span statefinalizer waitnil elem type!no module datasemaRoot queuestack overflowstopm spinningstore64 failedsync.Cond.WaituserArenaStatework.full != 0double scavengeforce gc (idle)invali, xrefs: 000F56A1, 000F56F8, 000F5762
, not a function0123456789abcdefGC scavenge waitGC worker (idle)GODEBUG: value "bad g transitionbad special kindbad summary databad symbol tablecastogscanstatusgc: unswept spaninteger overflowinvalid g statusmSpanList.insertmSpanList.removemissing stackmaprefl, xrefs: 000F579D
because dotdotdotGC worker (active)bad lfnode addressbad manualFreeListforEachP: not donegarbage collectionindex out of rangeruntime.semacreateruntime.semawakeupstopping the worldsync.RWMutex.RLock called using nil *GC mark terminationGC work not flushedadjus, xrefs: 000F573C
runtime.SetFinalizer: pointer not at beginning of allocated blockuser arena chunk size is not a mutliple of the physical page sizecannot convert slice with length %y to array or pointer to array with length %xQueryPerformanceFrequency syscall returned zero, ru, xrefs: 000F57BD
runtime.SetFinalizer: cannot pass runtime: g is running but p is notschedule: spinning with local workslice bounds out of range [%x:%y:]slice bounds out of range [:%x:%y]attempt to clear non-empty span setfindrunnable: netpoll with spinninggreyobject: obj not , xrefs: 000F56B6, 000F570D, 000F5777

Memory Dump Source

Source File: 00000004.00000002.1222885370.00000000000E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000004.00000002.1222859789.00000000000E0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.0000000000404000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.000000000042B000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.0000000000431000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.000000000043A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1223665680.000000000043F000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_e0000_Keygen.jbxd

Similarity

API ID:
String ID: because dotdotdotGC worker (active)bad lfnode addressbad manualFreeListforEachP: not donegarbage collectionindex out of rangeruntime.semacreateruntime.semawakeupstopping the worldsync.RWMutex.RLock called using nil *GC mark terminationGC work not flushedadjus$ to finalizer GC assist waitGC worker initbad allocCountbad restart PCbad span statefinalizer waitnil elem type!no module datasemaRoot queuestack overflowstopm spinningstore64 failedsync.Cond.WaituserArenaStatework.full != 0double scavengeforce gc (idle)invali$, not a function0123456789abcdefGC scavenge waitGC worker (idle)GODEBUG: value "bad g transitionbad special kindbad summary databad symbol tablecastogscanstatusgc: unswept spaninteger overflowinvalid g statusmSpanList.insertmSpanList.removemissing stackmaprefl$runtime.SetFinalizer: cannot pass runtime: g is running but p is notschedule: spinning with local workslice bounds out of range [%x:%y:]slice bounds out of range [:%x:%y]attempt to clear non-empty span setfindrunnable: netpoll with spinninggreyobject: obj not $runtime.SetFinalizer: pointer not at beginning of allocated blockuser arena chunk size is not a mutliple of the physical page sizecannot convert slice with length %y to array or pointer to array with length %xQueryPerformanceFrequency syscall returned zero, ru$runtime.SetFinalizer: second argument is runtime: blocked read on closing polldescruntime: typeBitsBulkBarrier without typestopTheWorld: not stopped (stopwait != 0)acquireSudog: found s.elem != nil in cachefatal error: cgo callback before cgo callnon-empty ma
API String ID: 0-2811689014
Opcode ID: 04281fc1573630717d5c3c999ded9a675e7a6afd266e2284c20a5a673fcc95c7
Instruction ID: b09d8c50b45f912dbfa4ae9ba8ff78e6eecbd49844ccf1648355a67ce2972fbd
Opcode Fuzzy Hash: 04281fc1573630717d5c3c999ded9a675e7a6afd266e2284c20a5a673fcc95c7
Instruction Fuzzy Hash: 99418B32209B88A1D760AF91F8407EEB7A0F784BC0F888536DB8897B54EF38D855D740

Function 000F5445 Relevance: 7.6, Strings: 6, Instructions: 106COMMON

Download Yara Rule

Strings

runtime.SetFinalizer: second argument is runtime: blocked read on closing polldescruntime: typeBitsBulkBarrier without typestopTheWorld: not stopped (stopwait != 0)acquireSudog: found s.elem != nil in cachefatal error: cgo callback before cgo callnon-empty ma, xrefs: 000F57AC
to finalizer GC assist waitGC worker initbad allocCountbad restart PCbad span statefinalizer waitnil elem type!no module datasemaRoot queuestack overflowstopm spinningstore64 failedsync.Cond.WaituserArenaStatework.full != 0double scavengeforce gc (idle)invali, xrefs: 000F56A1, 000F56F8, 000F5762
, not a function0123456789abcdefGC scavenge waitGC worker (idle)GODEBUG: value "bad g transitionbad special kindbad summary databad symbol tablecastogscanstatusgc: unswept spaninteger overflowinvalid g statusmSpanList.insertmSpanList.removemissing stackmaprefl, xrefs: 000F579D
because dotdotdotGC worker (active)bad lfnode addressbad manualFreeListforEachP: not donegarbage collectionindex out of rangeruntime.semacreateruntime.semawakeupstopping the worldsync.RWMutex.RLock called using nil *GC mark terminationGC work not flushedadjus, xrefs: 000F573C
runtime.SetFinalizer: pointer not at beginning of allocated blockuser arena chunk size is not a mutliple of the physical page sizecannot convert slice with length %y to array or pointer to array with length %xQueryPerformanceFrequency syscall returned zero, ru, xrefs: 000F57BD
runtime.SetFinalizer: cannot pass runtime: g is running but p is notschedule: spinning with local workslice bounds out of range [%x:%y:]slice bounds out of range [:%x:%y]attempt to clear non-empty span setfindrunnable: netpoll with spinninggreyobject: obj not , xrefs: 000F56B6, 000F570D, 000F5777

Memory Dump Source

Source File: 00000004.00000002.1222885370.00000000000E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000004.00000002.1222859789.00000000000E0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.0000000000404000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.000000000042B000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.0000000000431000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.000000000043A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1223665680.000000000043F000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_e0000_Keygen.jbxd

Similarity

API ID:
String ID: because dotdotdotGC worker (active)bad lfnode addressbad manualFreeListforEachP: not donegarbage collectionindex out of rangeruntime.semacreateruntime.semawakeupstopping the worldsync.RWMutex.RLock called using nil *GC mark terminationGC work not flushedadjus$ to finalizer GC assist waitGC worker initbad allocCountbad restart PCbad span statefinalizer waitnil elem type!no module datasemaRoot queuestack overflowstopm spinningstore64 failedsync.Cond.WaituserArenaStatework.full != 0double scavengeforce gc (idle)invali$, not a function0123456789abcdefGC scavenge waitGC worker (idle)GODEBUG: value "bad g transitionbad special kindbad summary databad symbol tablecastogscanstatusgc: unswept spaninteger overflowinvalid g statusmSpanList.insertmSpanList.removemissing stackmaprefl$runtime.SetFinalizer: cannot pass runtime: g is running but p is notschedule: spinning with local workslice bounds out of range [%x:%y:]slice bounds out of range [:%x:%y]attempt to clear non-empty span setfindrunnable: netpoll with spinninggreyobject: obj not $runtime.SetFinalizer: pointer not at beginning of allocated blockuser arena chunk size is not a mutliple of the physical page sizecannot convert slice with length %y to array or pointer to array with length %xQueryPerformanceFrequency syscall returned zero, ru$runtime.SetFinalizer: second argument is runtime: blocked read on closing polldescruntime: typeBitsBulkBarrier without typestopTheWorld: not stopped (stopwait != 0)acquireSudog: found s.elem != nil in cachefatal error: cgo callback before cgo callnon-empty ma
API String ID: 0-2811689014
Opcode ID: 02c10b76c10a9c3cd0d07af4d66f55c0a043649619160ad6a0011c816217f54d
Instruction ID: 26b85041f84f553ec82abd99f73df8cc26190eda6414e6372957ee798834047a
Opcode Fuzzy Hash: 02c10b76c10a9c3cd0d07af4d66f55c0a043649619160ad6a0011c816217f54d
Instruction Fuzzy Hash: 9D417A32209B88A1D660AF91F8407AEB7A0F784BC0F888536DB8897B54EF38D855D740

Function 000F545D Relevance: 7.6, Strings: 6, Instructions: 106COMMON

Download Yara Rule

Strings

runtime.SetFinalizer: second argument is runtime: blocked read on closing polldescruntime: typeBitsBulkBarrier without typestopTheWorld: not stopped (stopwait != 0)acquireSudog: found s.elem != nil in cachefatal error: cgo callback before cgo callnon-empty ma, xrefs: 000F57AC
to finalizer GC assist waitGC worker initbad allocCountbad restart PCbad span statefinalizer waitnil elem type!no module datasemaRoot queuestack overflowstopm spinningstore64 failedsync.Cond.WaituserArenaStatework.full != 0double scavengeforce gc (idle)invali, xrefs: 000F56A1, 000F56F8, 000F5762
, not a function0123456789abcdefGC scavenge waitGC worker (idle)GODEBUG: value "bad g transitionbad special kindbad summary databad symbol tablecastogscanstatusgc: unswept spaninteger overflowinvalid g statusmSpanList.insertmSpanList.removemissing stackmaprefl, xrefs: 000F579D
because dotdotdotGC worker (active)bad lfnode addressbad manualFreeListforEachP: not donegarbage collectionindex out of rangeruntime.semacreateruntime.semawakeupstopping the worldsync.RWMutex.RLock called using nil *GC mark terminationGC work not flushedadjus, xrefs: 000F573C
runtime.SetFinalizer: pointer not at beginning of allocated blockuser arena chunk size is not a mutliple of the physical page sizecannot convert slice with length %y to array or pointer to array with length %xQueryPerformanceFrequency syscall returned zero, ru, xrefs: 000F57BD
runtime.SetFinalizer: cannot pass runtime: g is running but p is notschedule: spinning with local workslice bounds out of range [%x:%y:]slice bounds out of range [:%x:%y]attempt to clear non-empty span setfindrunnable: netpoll with spinninggreyobject: obj not , xrefs: 000F56B6, 000F570D, 000F5777

Memory Dump Source

Source File: 00000004.00000002.1222885370.00000000000E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000004.00000002.1222859789.00000000000E0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.0000000000404000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.000000000042B000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.0000000000431000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.000000000043A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1223665680.000000000043F000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_e0000_Keygen.jbxd

Similarity

API ID:
String ID: because dotdotdotGC worker (active)bad lfnode addressbad manualFreeListforEachP: not donegarbage collectionindex out of rangeruntime.semacreateruntime.semawakeupstopping the worldsync.RWMutex.RLock called using nil *GC mark terminationGC work not flushedadjus$ to finalizer GC assist waitGC worker initbad allocCountbad restart PCbad span statefinalizer waitnil elem type!no module datasemaRoot queuestack overflowstopm spinningstore64 failedsync.Cond.WaituserArenaStatework.full != 0double scavengeforce gc (idle)invali$, not a function0123456789abcdefGC scavenge waitGC worker (idle)GODEBUG: value "bad g transitionbad special kindbad summary databad symbol tablecastogscanstatusgc: unswept spaninteger overflowinvalid g statusmSpanList.insertmSpanList.removemissing stackmaprefl$runtime.SetFinalizer: cannot pass runtime: g is running but p is notschedule: spinning with local workslice bounds out of range [%x:%y:]slice bounds out of range [:%x:%y]attempt to clear non-empty span setfindrunnable: netpoll with spinninggreyobject: obj not $runtime.SetFinalizer: pointer not at beginning of allocated blockuser arena chunk size is not a mutliple of the physical page sizecannot convert slice with length %y to array or pointer to array with length %xQueryPerformanceFrequency syscall returned zero, ru$runtime.SetFinalizer: second argument is runtime: blocked read on closing polldescruntime: typeBitsBulkBarrier without typestopTheWorld: not stopped (stopwait != 0)acquireSudog: found s.elem != nil in cachefatal error: cgo callback before cgo callnon-empty ma
API String ID: 0-2811689014
Opcode ID: 02c10b76c10a9c3cd0d07af4d66f55c0a043649619160ad6a0011c816217f54d
Instruction ID: 26b85041f84f553ec82abd99f73df8cc26190eda6414e6372957ee798834047a
Opcode Fuzzy Hash: 02c10b76c10a9c3cd0d07af4d66f55c0a043649619160ad6a0011c816217f54d
Instruction Fuzzy Hash: 9D417A32209B88A1D660AF91F8407AEB7A0F784BC0F888536DB8897B54EF38D855D740

Function 000F5457 Relevance: 7.6, Strings: 6, Instructions: 106COMMON

Download Yara Rule

Strings

runtime.SetFinalizer: second argument is runtime: blocked read on closing polldescruntime: typeBitsBulkBarrier without typestopTheWorld: not stopped (stopwait != 0)acquireSudog: found s.elem != nil in cachefatal error: cgo callback before cgo callnon-empty ma, xrefs: 000F57AC
to finalizer GC assist waitGC worker initbad allocCountbad restart PCbad span statefinalizer waitnil elem type!no module datasemaRoot queuestack overflowstopm spinningstore64 failedsync.Cond.WaituserArenaStatework.full != 0double scavengeforce gc (idle)invali, xrefs: 000F56A1, 000F56F8, 000F5762
, not a function0123456789abcdefGC scavenge waitGC worker (idle)GODEBUG: value "bad g transitionbad special kindbad summary databad symbol tablecastogscanstatusgc: unswept spaninteger overflowinvalid g statusmSpanList.insertmSpanList.removemissing stackmaprefl, xrefs: 000F579D
because dotdotdotGC worker (active)bad lfnode addressbad manualFreeListforEachP: not donegarbage collectionindex out of rangeruntime.semacreateruntime.semawakeupstopping the worldsync.RWMutex.RLock called using nil *GC mark terminationGC work not flushedadjus, xrefs: 000F573C
runtime.SetFinalizer: pointer not at beginning of allocated blockuser arena chunk size is not a mutliple of the physical page sizecannot convert slice with length %y to array or pointer to array with length %xQueryPerformanceFrequency syscall returned zero, ru, xrefs: 000F57BD
runtime.SetFinalizer: cannot pass runtime: g is running but p is notschedule: spinning with local workslice bounds out of range [%x:%y:]slice bounds out of range [:%x:%y]attempt to clear non-empty span setfindrunnable: netpoll with spinninggreyobject: obj not , xrefs: 000F56B6, 000F570D, 000F5777

Memory Dump Source

Source File: 00000004.00000002.1222885370.00000000000E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000004.00000002.1222859789.00000000000E0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.0000000000404000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.000000000042B000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.0000000000431000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.000000000043A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1223665680.000000000043F000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_e0000_Keygen.jbxd

Similarity

API ID:
String ID: because dotdotdotGC worker (active)bad lfnode addressbad manualFreeListforEachP: not donegarbage collectionindex out of rangeruntime.semacreateruntime.semawakeupstopping the worldsync.RWMutex.RLock called using nil *GC mark terminationGC work not flushedadjus$ to finalizer GC assist waitGC worker initbad allocCountbad restart PCbad span statefinalizer waitnil elem type!no module datasemaRoot queuestack overflowstopm spinningstore64 failedsync.Cond.WaituserArenaStatework.full != 0double scavengeforce gc (idle)invali$, not a function0123456789abcdefGC scavenge waitGC worker (idle)GODEBUG: value "bad g transitionbad special kindbad summary databad symbol tablecastogscanstatusgc: unswept spaninteger overflowinvalid g statusmSpanList.insertmSpanList.removemissing stackmaprefl$runtime.SetFinalizer: cannot pass runtime: g is running but p is notschedule: spinning with local workslice bounds out of range [%x:%y:]slice bounds out of range [:%x:%y]attempt to clear non-empty span setfindrunnable: netpoll with spinninggreyobject: obj not $runtime.SetFinalizer: pointer not at beginning of allocated blockuser arena chunk size is not a mutliple of the physical page sizecannot convert slice with length %y to array or pointer to array with length %xQueryPerformanceFrequency syscall returned zero, ru$runtime.SetFinalizer: second argument is runtime: blocked read on closing polldescruntime: typeBitsBulkBarrier without typestopTheWorld: not stopped (stopwait != 0)acquireSudog: found s.elem != nil in cachefatal error: cgo callback before cgo callnon-empty ma
API String ID: 0-2811689014
Opcode ID: 02c10b76c10a9c3cd0d07af4d66f55c0a043649619160ad6a0011c816217f54d
Instruction ID: 26b85041f84f553ec82abd99f73df8cc26190eda6414e6372957ee798834047a
Opcode Fuzzy Hash: 02c10b76c10a9c3cd0d07af4d66f55c0a043649619160ad6a0011c816217f54d
Instruction Fuzzy Hash: 9D417A32209B88A1D660AF91F8407AEB7A0F784BC0F888536DB8897B54EF38D855D740

Function 000F5451 Relevance: 7.6, Strings: 6, Instructions: 106COMMON

Download Yara Rule

Strings

runtime.SetFinalizer: second argument is runtime: blocked read on closing polldescruntime: typeBitsBulkBarrier without typestopTheWorld: not stopped (stopwait != 0)acquireSudog: found s.elem != nil in cachefatal error: cgo callback before cgo callnon-empty ma, xrefs: 000F57AC
to finalizer GC assist waitGC worker initbad allocCountbad restart PCbad span statefinalizer waitnil elem type!no module datasemaRoot queuestack overflowstopm spinningstore64 failedsync.Cond.WaituserArenaStatework.full != 0double scavengeforce gc (idle)invali, xrefs: 000F56A1, 000F56F8, 000F5762
, not a function0123456789abcdefGC scavenge waitGC worker (idle)GODEBUG: value "bad g transitionbad special kindbad summary databad symbol tablecastogscanstatusgc: unswept spaninteger overflowinvalid g statusmSpanList.insertmSpanList.removemissing stackmaprefl, xrefs: 000F579D
because dotdotdotGC worker (active)bad lfnode addressbad manualFreeListforEachP: not donegarbage collectionindex out of rangeruntime.semacreateruntime.semawakeupstopping the worldsync.RWMutex.RLock called using nil *GC mark terminationGC work not flushedadjus, xrefs: 000F573C
runtime.SetFinalizer: pointer not at beginning of allocated blockuser arena chunk size is not a mutliple of the physical page sizecannot convert slice with length %y to array or pointer to array with length %xQueryPerformanceFrequency syscall returned zero, ru, xrefs: 000F57BD
runtime.SetFinalizer: cannot pass runtime: g is running but p is notschedule: spinning with local workslice bounds out of range [%x:%y:]slice bounds out of range [:%x:%y]attempt to clear non-empty span setfindrunnable: netpoll with spinninggreyobject: obj not , xrefs: 000F56B6, 000F570D, 000F5777

Memory Dump Source

Source File: 00000004.00000002.1222885370.00000000000E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000004.00000002.1222859789.00000000000E0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.0000000000404000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.000000000042B000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.0000000000431000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.000000000043A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1223665680.000000000043F000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_e0000_Keygen.jbxd

Similarity

API ID:
String ID: because dotdotdotGC worker (active)bad lfnode addressbad manualFreeListforEachP: not donegarbage collectionindex out of rangeruntime.semacreateruntime.semawakeupstopping the worldsync.RWMutex.RLock called using nil *GC mark terminationGC work not flushedadjus$ to finalizer GC assist waitGC worker initbad allocCountbad restart PCbad span statefinalizer waitnil elem type!no module datasemaRoot queuestack overflowstopm spinningstore64 failedsync.Cond.WaituserArenaStatework.full != 0double scavengeforce gc (idle)invali$, not a function0123456789abcdefGC scavenge waitGC worker (idle)GODEBUG: value "bad g transitionbad special kindbad summary databad symbol tablecastogscanstatusgc: unswept spaninteger overflowinvalid g statusmSpanList.insertmSpanList.removemissing stackmaprefl$runtime.SetFinalizer: cannot pass runtime: g is running but p is notschedule: spinning with local workslice bounds out of range [%x:%y:]slice bounds out of range [:%x:%y]attempt to clear non-empty span setfindrunnable: netpoll with spinninggreyobject: obj not $runtime.SetFinalizer: pointer not at beginning of allocated blockuser arena chunk size is not a mutliple of the physical page sizecannot convert slice with length %y to array or pointer to array with length %xQueryPerformanceFrequency syscall returned zero, ru$runtime.SetFinalizer: second argument is runtime: blocked read on closing polldescruntime: typeBitsBulkBarrier without typestopTheWorld: not stopped (stopwait != 0)acquireSudog: found s.elem != nil in cachefatal error: cgo callback before cgo callnon-empty ma
API String ID: 0-2811689014
Opcode ID: 516484bc9d140743217cf13582e2cf7097a0d79a76a613e0128802ceb837e6e1
Instruction ID: f3c67f1de32e60ca72817175bb366d261a4580426bc6aa7af64b1e401fc82d27
Opcode Fuzzy Hash: 516484bc9d140743217cf13582e2cf7097a0d79a76a613e0128802ceb837e6e1
Instruction Fuzzy Hash: F3417A32209B88A1D660AF91F8407AEB7A1F784BC0F888536DB8897B54EF38D855D740

Function 000F5463 Relevance: 7.6, Strings: 6, Instructions: 106COMMON

Download Yara Rule

Strings

runtime.SetFinalizer: second argument is runtime: blocked read on closing polldescruntime: typeBitsBulkBarrier without typestopTheWorld: not stopped (stopwait != 0)acquireSudog: found s.elem != nil in cachefatal error: cgo callback before cgo callnon-empty ma, xrefs: 000F57AC
to finalizer GC assist waitGC worker initbad allocCountbad restart PCbad span statefinalizer waitnil elem type!no module datasemaRoot queuestack overflowstopm spinningstore64 failedsync.Cond.WaituserArenaStatework.full != 0double scavengeforce gc (idle)invali, xrefs: 000F56A1, 000F56F8, 000F5762
, not a function0123456789abcdefGC scavenge waitGC worker (idle)GODEBUG: value "bad g transitionbad special kindbad summary databad symbol tablecastogscanstatusgc: unswept spaninteger overflowinvalid g statusmSpanList.insertmSpanList.removemissing stackmaprefl, xrefs: 000F579D
because dotdotdotGC worker (active)bad lfnode addressbad manualFreeListforEachP: not donegarbage collectionindex out of rangeruntime.semacreateruntime.semawakeupstopping the worldsync.RWMutex.RLock called using nil *GC mark terminationGC work not flushedadjus, xrefs: 000F573C
runtime.SetFinalizer: pointer not at beginning of allocated blockuser arena chunk size is not a mutliple of the physical page sizecannot convert slice with length %y to array or pointer to array with length %xQueryPerformanceFrequency syscall returned zero, ru, xrefs: 000F57BD
runtime.SetFinalizer: cannot pass runtime: g is running but p is notschedule: spinning with local workslice bounds out of range [%x:%y:]slice bounds out of range [:%x:%y]attempt to clear non-empty span setfindrunnable: netpoll with spinninggreyobject: obj not , xrefs: 000F56B6, 000F570D, 000F5777

Memory Dump Source

Source File: 00000004.00000002.1222885370.00000000000E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000004.00000002.1222859789.00000000000E0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.0000000000404000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.000000000042B000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.0000000000431000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.000000000043A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1223665680.000000000043F000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_e0000_Keygen.jbxd

Similarity

API ID:
String ID: because dotdotdotGC worker (active)bad lfnode addressbad manualFreeListforEachP: not donegarbage collectionindex out of rangeruntime.semacreateruntime.semawakeupstopping the worldsync.RWMutex.RLock called using nil *GC mark terminationGC work not flushedadjus$ to finalizer GC assist waitGC worker initbad allocCountbad restart PCbad span statefinalizer waitnil elem type!no module datasemaRoot queuestack overflowstopm spinningstore64 failedsync.Cond.WaituserArenaStatework.full != 0double scavengeforce gc (idle)invali$, not a function0123456789abcdefGC scavenge waitGC worker (idle)GODEBUG: value "bad g transitionbad special kindbad summary databad symbol tablecastogscanstatusgc: unswept spaninteger overflowinvalid g statusmSpanList.insertmSpanList.removemissing stackmaprefl$runtime.SetFinalizer: cannot pass runtime: g is running but p is notschedule: spinning with local workslice bounds out of range [%x:%y:]slice bounds out of range [:%x:%y]attempt to clear non-empty span setfindrunnable: netpoll with spinninggreyobject: obj not $runtime.SetFinalizer: pointer not at beginning of allocated blockuser arena chunk size is not a mutliple of the physical page sizecannot convert slice with length %y to array or pointer to array with length %xQueryPerformanceFrequency syscall returned zero, ru$runtime.SetFinalizer: second argument is runtime: blocked read on closing polldescruntime: typeBitsBulkBarrier without typestopTheWorld: not stopped (stopwait != 0)acquireSudog: found s.elem != nil in cachefatal error: cgo callback before cgo callnon-empty ma
API String ID: 0-2811689014
Opcode ID: 04281fc1573630717d5c3c999ded9a675e7a6afd266e2284c20a5a673fcc95c7
Instruction ID: b09d8c50b45f912dbfa4ae9ba8ff78e6eecbd49844ccf1648355a67ce2972fbd
Opcode Fuzzy Hash: 04281fc1573630717d5c3c999ded9a675e7a6afd266e2284c20a5a673fcc95c7
Instruction Fuzzy Hash: 99418B32209B88A1D760AF91F8407EEB7A0F784BC0F888536DB8897B54EF38D855D740

Function 000E15C0 Relevance: 5.4, Strings: 4, Instructions: 445COMMON

Download Yara Rule

Strings

sse41sse42ssse3sudogsweeptraceuint8unameusagewrite Value%s: %v, not 390625; and <-chanAnswerArabicAugustBrahmiCarianChakmaCommonCopticFormatFridayGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLepchaLycianLydianMondayRejangSTREETStringSundaySyriacTai_LeTangut, xrefs: 000E1896, 000E18B3
pclmulqdqpreemptedprofBlockstackpooltracebackwbufSpansBad varintGOMAXPROCSGOMEMLIMITatomicand8debug callexitThreadfloat32nanfloat64nanmSpanInUsenotifyListprofInsertsemacquirestackLargeunknown pcassistQueuebad m valuebad timedivcgocall nilfloat32nan2float64nan1, xrefs: 000E1646
popcntrdtscpsecondselectsocketstringstructsysmontelnettimersuint16uint32uint64ustar ustar, xrefs: 000E17E7, 000E1807
avx2basebindbmi1bmi2boolcallcas1cas2cas3cas4cas5cas6chanermsfileftpsfunchourhttpicmpigmpint8itabkindopenpathpipepop3quitreadrootsizesmtpsse3tar, xrefs: 000E1AA9, 000E1AC6

Memory Dump Source

Source File: 00000004.00000002.1222885370.00000000000E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000004.00000002.1222859789.00000000000E0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.0000000000404000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.000000000042B000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.0000000000431000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.000000000043A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1223665680.000000000043F000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_e0000_Keygen.jbxd

Similarity

API ID:
String ID: avx2basebindbmi1bmi2boolcallcas1cas2cas3cas4cas5cas6chanermsfileftpsfunchourhttpicmpigmpint8itabkindopenpathpipepop3quitreadrootsizesmtpsse3tar$pclmulqdqpreemptedprofBlockstackpooltracebackwbufSpansBad varintGOMAXPROCSGOMEMLIMITatomicand8debug callexitThreadfloat32nanfloat64nanmSpanInUsenotifyListprofInsertsemacquirestackLargeunknown pcassistQueuebad m valuebad timedivcgocall nilfloat32nan2float64nan1$popcntrdtscpsecondselectsocketstringstructsysmontelnettimersuint16uint32uint64ustar ustar$sse41sse42ssse3sudogsweeptraceuint8unameusagewrite Value%s: %v, not 390625; and <-chanAnswerArabicAugustBrahmiCarianChakmaCommonCopticFormatFridayGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLepchaLycianLydianMondayRejangSTREETStringSundaySyriacTai_LeTangut
API String ID: 0-3186759360
Opcode ID: cf0cde14f0667b7c0928685ec27ca8771fa83ea987d38dcf14c9aa335512cc77
Instruction ID: 4d5aebee438ec5e1c593053cc8e1abf1a99cca7404013cf07199f96e24cb88b2
Opcode Fuzzy Hash: cf0cde14f0667b7c0928685ec27ca8771fa83ea987d38dcf14c9aa335512cc77
Instruction Fuzzy Hash: 422299B6604A84C6E700EF66F8853D93BA5F755B84FC88627EA8D87321EF78C549C344

Function 000FA060 Relevance: 5.3, Strings: 4, Instructions: 314COMMON

Download Yara Rule

Strings

can't scan our own stackdouble traceGCSweepStartgcDrainN phase incorrecthash of unhashable type pageAlloc: out of memoryqueuefinalizer during GCrange partially overlapsrunqsteal: runq overflowspan has no free objectsupdate during transitionGODEBUG: can not ena, xrefs: 000FA585
scanstack - bad statussend on closed channelspan has no free spacestack not a power of 2trace reader (blocked)trace: alloc too largewirep: invalid p state", missing CPU supportchan receive (nil chan)close of closed channelfatal: morestack on g0garbage collec, xrefs: 000FA5C0
mark - bad statusmarkBits overflownotetsleepg on g0runtime.newosprocruntime/internal/scanobject n == 0select (no cases)swept cached spansync.RWMutex.Lockthread exhaustionunknown caller pcwait for GC cycle because dotdotdotGC worker (active)bad lfnode addressba, xrefs: 000FA264
scanstack: goroutine not stoppedscavenger state is already wiredslice bounds out of range [%x::]slice bounds out of range [:%x:]slice bounds out of range [::%x]sweep increased allocation countGODEBUG: no value specified for "concurrent map read and map writefi, xrefs: 000FA5A7

Memory Dump Source

Source File: 00000004.00000002.1222885370.00000000000E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000004.00000002.1222859789.00000000000E0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.0000000000404000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.000000000042B000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.0000000000431000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.000000000043A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1223665680.000000000043F000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_e0000_Keygen.jbxd

Similarity

API ID:
String ID: can't scan our own stackdouble traceGCSweepStartgcDrainN phase incorrecthash of unhashable type pageAlloc: out of memoryqueuefinalizer during GCrange partially overlapsrunqsteal: runq overflowspan has no free objectsupdate during transitionGODEBUG: can not ena$mark - bad statusmarkBits overflownotetsleepg on g0runtime.newosprocruntime/internal/scanobject n == 0select (no cases)swept cached spansync.RWMutex.Lockthread exhaustionunknown caller pcwait for GC cycle because dotdotdotGC worker (active)bad lfnode addressba$scanstack - bad statussend on closed channelspan has no free spacestack not a power of 2trace reader (blocked)trace: alloc too largewirep: invalid p state", missing CPU supportchan receive (nil chan)close of closed channelfatal: morestack on g0garbage collec$scanstack: goroutine not stoppedscavenger state is already wiredslice bounds out of range [%x::]slice bounds out of range [:%x:]slice bounds out of range [::%x]sweep increased allocation countGODEBUG: no value specified for "concurrent map read and map writefi
API String ID: 0-41691952
Opcode ID: ffb84004d8ec753ec904b33a950464e870b30db018261c9e08dd4fd58ee1ce2a
Instruction ID: d8d4fd9ef39cc7ec61a27e9b161f4e73877d24da60a7f273f2f039054dfc188f
Opcode Fuzzy Hash: ffb84004d8ec753ec904b33a950464e870b30db018261c9e08dd4fd58ee1ce2a
Instruction Fuzzy Hash: 84D16DB2708BC885DB60CB15E0847EEB7A5F78AB84F489026DB8C03B59CF38C545DB42

Function 000F74A0 Relevance: 5.2, Strings: 4, Instructions: 198COMMON

Download Yara Rule

Strings

work.nwait > work.nprocbad defer entry in panicbypassed recovery failedcan't scan our own stackdouble traceGCSweepStartgcDrainN phase incorrecthash of unhashable type pageAlloc: out of memoryqueuefinalizer during GCrange partially overlapsrunqsteal: runq overf, xrefs: 000F77EA
gcBgMarkWorker: blackening not enabledindex out of range [%x] with length %yinternal error: exit hook invoked exitm changed unexpectedly in cgocallbackgmakechan: invalid channel element typeruntime: blocked read on free polldescruntime: sudog with non-false is, xrefs: 000F7820
work.nwait was > work.nprocFixedStack is not power-of-2comparing uncomparable type fatal: morestack on gsignalfindrunnable: netpoll with pfound pointer to free objectgcBgMarkWorker: mode not setgcstopm: negative nmspinninginvalid runtime symbol tablemissing s, xrefs: 000F77FB
GC worker initbad allocCountbad restart PCbad span statefinalizer waitnil elem type!no module datasemaRoot queuestack overflowstopm spinningstore64 failedsync.Cond.WaituserArenaStatework.full != 0double scavengeforce gc (idle)invalid argSizemalloc deadlockmisa, xrefs: 000F74D5, 000F74EC

Memory Dump Source

Source File: 00000004.00000002.1222885370.00000000000E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000004.00000002.1222859789.00000000000E0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.0000000000404000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.000000000042B000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.0000000000431000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.000000000043A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1223665680.000000000043F000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_e0000_Keygen.jbxd

Similarity

API ID:
String ID: GC worker initbad allocCountbad restart PCbad span statefinalizer waitnil elem type!no module datasemaRoot queuestack overflowstopm spinningstore64 failedsync.Cond.WaituserArenaStatework.full != 0double scavengeforce gc (idle)invalid argSizemalloc deadlockmisa$gcBgMarkWorker: blackening not enabledindex out of range [%x] with length %yinternal error: exit hook invoked exitm changed unexpectedly in cgocallbackgmakechan: invalid channel element typeruntime: blocked read on free polldescruntime: sudog with non-false is$work.nwait > work.nprocbad defer entry in panicbypassed recovery failedcan't scan our own stackdouble traceGCSweepStartgcDrainN phase incorrecthash of unhashable type pageAlloc: out of memoryqueuefinalizer during GCrange partially overlapsrunqsteal: runq overf$work.nwait was > work.nprocFixedStack is not power-of-2comparing uncomparable type fatal: morestack on gsignalfindrunnable: netpoll with pfound pointer to free objectgcBgMarkWorker: mode not setgcstopm: negative nmspinninginvalid runtime symbol tablemissing s
API String ID: 0-995344291
Opcode ID: fc916a2597213171210d48745bf12f0853f8500ce95513a86ec1999d91a055a1
Instruction ID: 6de3e431c153b210f6fb09ccbea03d8a3dc82a995f0a1bc11426b993d95fee20
Opcode Fuzzy Hash: fc916a2597213171210d48745bf12f0853f8500ce95513a86ec1999d91a055a1
Instruction Fuzzy Hash: AE91DC76219B8882DB50DB25F4843AE77A5F349B90F548226EF8C43BA4DF78C495C781

Function 001202C0 Relevance: 5.2, Strings: 4, Instructions: 180COMMON

Download Yara Rule

Strings

out of memoryprofMemActiveprofMemFuturetraceStackTabvalue method xadd64 failedxchg64 failed to finalizer GC assist waitGC worker initbad allocCountbad restart PCbad span statefinalizer waitnil elem type!no module datasemaRoot queuestack overflowstopm spinnings, xrefs: 0012043D
stackalloc not on scheduler stackstoplockedm: inconsistent lockingtimer period must be non-negativeVirtualQuery for stack base faileddoaddtimer: P already set in timerforEachP: sched.safePointWait != 0mspan.ensureSwept: m is not lockedout of memory allocating , xrefs: 0012056D
stack size not a power of 2stopTheWorld: holding lockstimer when must be positivetoo many callback functionswork.nwait was > work.nprocFixedStack is not power-of-2comparing uncomparable type fatal: morestack on gsignalfindrunnable: netpoll with pfound pointer, xrefs: 0012055C
out of memory (stackalloc)persistentalloc: size == 0shrinking stack in libcallstartlockedm: locked to meuse of invalid sweepLockerwakep: negative nmspinningG waiting list is corruptedaddress not a stack addresscould not find QPC syscallsfailed to set sweep bar, xrefs: 00120363

Memory Dump Source

Source File: 00000004.00000002.1222885370.00000000000E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000004.00000002.1222859789.00000000000E0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.0000000000404000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.000000000042B000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.0000000000431000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.000000000043A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1223665680.000000000043F000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_e0000_Keygen.jbxd

Similarity

API ID:
String ID: out of memory (stackalloc)persistentalloc: size == 0shrinking stack in libcallstartlockedm: locked to meuse of invalid sweepLockerwakep: negative nmspinningG waiting list is corruptedaddress not a stack addresscould not find QPC syscallsfailed to set sweep bar$out of memoryprofMemActiveprofMemFuturetraceStackTabvalue method xadd64 failedxchg64 failed to finalizer GC assist waitGC worker initbad allocCountbad restart PCbad span statefinalizer waitnil elem type!no module datasemaRoot queuestack overflowstopm spinnings$stack size not a power of 2stopTheWorld: holding lockstimer when must be positivetoo many callback functionswork.nwait was > work.nprocFixedStack is not power-of-2comparing uncomparable type fatal: morestack on gsignalfindrunnable: netpoll with pfound pointer$stackalloc not on scheduler stackstoplockedm: inconsistent lockingtimer period must be non-negativeVirtualQuery for stack base faileddoaddtimer: P already set in timerforEachP: sched.safePointWait != 0mspan.ensureSwept: m is not lockedout of memory allocating
API String ID: 0-4160805717
Opcode ID: a6b082e9cc6500c33c6b58b94f3041bc8fee67251ff26576f916106f82b870b9
Instruction ID: 5bad1df23eaaa57f5cd21b850365e5f81a087756871dccf44130850d976724f0
Opcode Fuzzy Hash: a6b082e9cc6500c33c6b58b94f3041bc8fee67251ff26576f916106f82b870b9
Instruction Fuzzy Hash: 2461D172704B908ADB15EB11F49036EB7A5F789B80F544236EB8D47B6ADF38D851CB40

Function 000EBF60 Relevance: 5.2, Strings: 4, Instructions: 163COMMON

Download Yara Rule

Strings

persistentalloc: align is not a power of 2runtime: blocked write on closing polldescsweep: tried to preserve a user arena spanunexpected signal during runtime executiongcBgMarkWorker: unexpected gcMarkWorkerModegrew heap, but no adequate free space foundmethod, xrefs: 000EC1D0
persistentalloc: size == 0shrinking stack in libcallstartlockedm: locked to meuse of invalid sweepLockerwakep: negative nmspinningG waiting list is corruptedaddress not a stack addresscould not find QPC syscallsfailed to set sweep barriergcstopm: not waiting f, xrefs: 000EC1E5
persistentalloc: align is too largepidleput: P has non-empty run queueruntime: close polldesc w/o unblocktraceback did not unwind completely0123456789abcdefghijklmnopqrstuvwxyzGo pointer stored into non-Go memoryUnable to determine system directorylfstack node, xrefs: 000EC1BF
runtime: cannot allocate memoryruntime: failed to commit pagesslice bounds out of range [%x:]slice bounds out of range [:%x]unsafe.String: len out of rangewriteBytes with unfinished bits (types from different packages)WSAGetOverlappedResult not found" not supp, xrefs: 000EC19E

Memory Dump Source

Source File: 00000004.00000002.1222885370.00000000000E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000004.00000002.1222859789.00000000000E0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.0000000000404000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.000000000042B000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.0000000000431000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.000000000043A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1223665680.000000000043F000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_e0000_Keygen.jbxd

Similarity

API ID:
String ID: persistentalloc: align is not a power of 2runtime: blocked write on closing polldescsweep: tried to preserve a user arena spanunexpected signal during runtime executiongcBgMarkWorker: unexpected gcMarkWorkerModegrew heap, but no adequate free space foundmethod$persistentalloc: align is too largepidleput: P has non-empty run queueruntime: close polldesc w/o unblocktraceback did not unwind completely0123456789abcdefghijklmnopqrstuvwxyzGo pointer stored into non-Go memoryUnable to determine system directorylfstack node$persistentalloc: size == 0shrinking stack in libcallstartlockedm: locked to meuse of invalid sweepLockerwakep: negative nmspinningG waiting list is corruptedaddress not a stack addresscould not find QPC syscallsfailed to set sweep barriergcstopm: not waiting f$runtime: cannot allocate memoryruntime: failed to commit pagesslice bounds out of range [%x:]slice bounds out of range [:%x]unsafe.String: len out of rangewriteBytes with unfinished bits (types from different packages)WSAGetOverlappedResult not found" not supp
API String ID: 0-2972262524
Opcode ID: f3361ef275d2296d7b963a3164b52676fd020683820b460d6d8c2bcb99447e71
Instruction ID: b3e8e988b988cff92c46883bd460896abc273391e63b6e3be9effd58f9cb4658
Opcode Fuzzy Hash: f3361ef275d2296d7b963a3164b52676fd020683820b460d6d8c2bcb99447e71
Instruction Fuzzy Hash: 55617E72705B85C9EB10DF06E48079AB7A5F785BC4F845122EB8D27B2ADF39C585C740

Function 000F3520 Relevance: 5.1, Strings: 4, Instructions: 131COMMON

Download Yara Rule

Strings

out of memoryprofMemActiveprofMemFuturetraceStackTabvalue method xadd64 failedxchg64 failed to finalizer GC assist waitGC worker initbad allocCountbad restart PCbad span statefinalizer waitnil elem type!no module datasemaRoot queuestack overflowstopm spinnings, xrefs: 000F3705
refill of span with free space remainingruntime.SetFinalizer: first argument is runtime.preemptM: duplicatehandle failedruntime: SyscallN has too many argumentsattempted to add zero-sized address rangegcSweep being done but phase is not GCoffmheap.freeSpanLock, xrefs: 000F3736
span has no free spacestack not a power of 2trace reader (blocked)trace: alloc too largewirep: invalid p state", missing CPU supportchan receive (nil chan)close of closed channelfatal: morestack on g0garbage collection scangcDrain phase incorrectindex out of, xrefs: 000F36F1
bad sweepgen in refillcall not at safe pointcompileCallabck: type duplicated defer entryfreeIndex is not validgetenv before env initheadTailIndex overflowinteger divide by zerointerface conversion: kernel32.dll not foundminpc or maxpc invalidoldoverflow is not, xrefs: 000F3725

Memory Dump Source

Source File: 00000004.00000002.1222885370.00000000000E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000004.00000002.1222859789.00000000000E0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.0000000000404000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.000000000042B000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.0000000000431000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.000000000043A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1223665680.000000000043F000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_e0000_Keygen.jbxd

Similarity

API ID:
String ID: bad sweepgen in refillcall not at safe pointcompileCallabck: type duplicated defer entryfreeIndex is not validgetenv before env initheadTailIndex overflowinteger divide by zerointerface conversion: kernel32.dll not foundminpc or maxpc invalidoldoverflow is not$out of memoryprofMemActiveprofMemFuturetraceStackTabvalue method xadd64 failedxchg64 failed to finalizer GC assist waitGC worker initbad allocCountbad restart PCbad span statefinalizer waitnil elem type!no module datasemaRoot queuestack overflowstopm spinnings$refill of span with free space remainingruntime.SetFinalizer: first argument is runtime.preemptM: duplicatehandle failedruntime: SyscallN has too many argumentsattempted to add zero-sized address rangegcSweep being done but phase is not GCoffmheap.freeSpanLock$span has no free spacestack not a power of 2trace reader (blocked)trace: alloc too largewirep: invalid p state", missing CPU supportchan receive (nil chan)close of closed channelfatal: morestack on g0garbage collection scangcDrain phase incorrectindex out of
API String ID: 0-2824194570
Opcode ID: 68ec3f59a6aa856a0cbd71ba17507fd793a49634cf3ee98e84ef5dd64938a300
Instruction ID: 5a48dec86c5d7ddf090bf7a278e5a6517c4ba9625e90ec62896a9fc91a49f4a8
Opcode Fuzzy Hash: 68ec3f59a6aa856a0cbd71ba17507fd793a49634cf3ee98e84ef5dd64938a300
Instruction Fuzzy Hash: 24518DB2204B94C6DB20EF05E49036EB7A5F799B94F489122EB8D03B69DF38CA45D750

Function 000F79E0 Relevance: 5.1, Strings: 4, Instructions: 114COMMON

Download Yara Rule

Strings

in gcMark expecting to see gcphase as _GCmarkterminationprofilealloc called without a P or outside bootstrappinggentraceback cannot trace user goroutine on its own stackaddr range base and limit are not in the same memory segmentmanual span allocation called w, xrefs: 000F7BC9
@@-, xrefs: 000F7BBD
P has cached GC work at end of mark terminationfailed to acquire lock to start a GC transitionfinishGCTransition called without starting one?racy sudog adjustment due to parking on channelslice bounds out of range [::%x] with length %ytried to sleep scavenger , xrefs: 000F7B90
work.full != 0double scavengeforce gc (idle)invalid argSizemalloc deadlockmisaligned maskmissing mcache?preempt SPWRITErecovery failedruntime error: runtimer: bad pscan missed a gstartm: m has pstopm holding psync.Mutex.Locktraceback stuck, not a function01234, xrefs: 000F7BA5

Memory Dump Source

Source File: 00000004.00000002.1222885370.00000000000E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000004.00000002.1222859789.00000000000E0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.0000000000404000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.000000000042B000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.0000000000431000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1222885370.000000000043A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1223665680.000000000043F000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_e0000_Keygen.jbxd

Similarity

API ID:
String ID: @@-$P has cached GC work at end of mark terminationfailed to acquire lock to start a GC transitionfinishGCTransition called without starting one?racy sudog adjustment due to parking on channelslice bounds out of range [::%x] with length %ytried to sleep scavenger $in gcMark expecting to see gcphase as _GCmarkterminationprofilealloc called without a P or outside bootstrappinggentraceback cannot trace user goroutine on its own stackaddr range base and limit are not in the same memory segmentmanual span allocation called w$work.full != 0double scavengeforce gc (idle)invalid argSizemalloc deadlockmisaligned maskmissing mcache?preempt SPWRITErecovery failedruntime error: runtimer: bad pscan missed a gstartm: m has pstopm holding psync.Mutex.Locktraceback stuck, not a function01234
API String ID: 0-315795091
Opcode ID: 7974aeb4b065bda4791bdd82727dc817b398c79faede401126b9280de71909fc
Instruction ID: 06d8ece0b81f49cd0031ef3703d5453b1920f4ce9786b86d5376543d0aed1f5a
Opcode Fuzzy Hash: 7974aeb4b065bda4791bdd82727dc817b398c79faede401126b9280de71909fc
Instruction Fuzzy Hash: DB517A31209B48C5EB22EF11F4913A973A8F785B88F444526EB8D47B62DF7CC685D741

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse rundll32.exe to proxy execution of malicious code. Using rundll32.exe, vice executing directly (i.e. Shared Modules ), may avoid triggering security tools that may not monitor execution of the rundll32.exe process because of allowlists or false positives from normal operations. Rundll32.exe is commonly associated with executing DLL payloads (ex: `rundll32.exe {DLLname, DLLfunction}` ).
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report MDE_File_Sample_a180428075a5fd23e3c8a51395fe04afb13da029.zip

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Software Vulnerabilities

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Network Behavior

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: rundll32.exePID: 4584, Parent PID: 804

General

Chronological Activities

Analysis Process: Keygen.exePID: 1236, Parent PID: 4552

General

Chronological Activities

Analysis Process: conhost.exePID: 4300, Parent PID: 1236

General

Chronological Activities

Analysis Process: Keygen.exePID: 5580, Parent PID: 4552

General

Chronological Activities

Analysis Process: conhost.exePID: 6068, Parent PID: 5580

General

Chronological Activities

Analysis Process: Keygen.exePID: 6304, Parent PID: 4552

General

Chronological Activities

Analysis Process: conhost.exePID: 6312, Parent PID: 6304

General

Chronological Activities

Analysis Process: Keygen.exePID: 6456, Parent PID: 4552

Windows Analysis Report
MDE_File_Sample_a180428075a5fd23e3c8a51395fe04afb13da029.zip