Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
pgsql.exe

Overview

General Information

Sample name:pgsql.exe
Analysis ID:1431416
MD5:dc17be1cd14d4671be693887310c64a1
SHA1:a6b37e239aaed421ffac023406483d2c8a14e932
SHA256:d18019064e5903dcf7c29921c10a7a90176cccd55d9cf3ba1e3e9805c1364df1
Tags:exe
Infos:

Detection

Score:25
Range:0 - 100
Whitelisted:false
Confidence:60%

Signatures

Potentially malicious time measurement code found
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to call native functions
Creates or modifies windows services
Detected potential crypto function
Enables debug privileges
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
PE file contains an invalid checksum
PE file contains more sections than normal
PE file contains sections with non-standard names

Classification

Analysis Advice

Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior
Sample may offer command line options, please run it with the 'Execute binary with arguments' cookbook (it's possible that the command line switches require additional characters like: "-", "/", "--")

Process Tree

  • System is w10x64
  • pgsql.exe (PID: 7476 cmdline: "C:\Users\user\Desktop\pgsql.exe" MD5: DC17BE1CD14D4671BE693887310C64A1)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results
Source: pgsql.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: C:\Users\user\Desktop\pgsql.exeCode function: 4x nop then mov rsi, r90_2_00007FF6B51AC4A0
Source: C:\Users\user\Desktop\pgsql.exeCode function: 4x nop then mov rdi, 0000800000000000h0_2_00007FF6B51AAFC0
Source: C:\Users\user\Desktop\pgsql.exeCode function: 0_2_00007FF6B51E8D20 SetWaitableTimer,NtWaitForSingleObject,0_2_00007FF6B51E8D20
Source: C:\Users\user\Desktop\pgsql.exeCode function: 0_2_00007FF6B51E8CE0 NtWaitForSingleObject,0_2_00007FF6B51E8CE0
Source: C:\Users\user\Desktop\pgsql.exeCode function: 0_2_00007FF6B52056600_2_00007FF6B5205660
Source: C:\Users\user\Desktop\pgsql.exeCode function: 0_2_00007FF6B51D866E0_2_00007FF6B51D866E
Source: C:\Users\user\Desktop\pgsql.exeCode function: 0_2_00007FF6B52126A00_2_00007FF6B52126A0
Source: C:\Users\user\Desktop\pgsql.exeCode function: 0_2_00007FF6B52085600_2_00007FF6B5208560
Source: C:\Users\user\Desktop\pgsql.exeCode function: 0_2_00007FF6B51875800_2_00007FF6B5187580
Source: C:\Users\user\Desktop\pgsql.exeCode function: 0_2_00007FF6B51B55C00_2_00007FF6B51B55C0
Source: C:\Users\user\Desktop\pgsql.exeCode function: 0_2_00007FF6B51965C00_2_00007FF6B51965C0
Source: C:\Users\user\Desktop\pgsql.exeCode function: 0_2_00007FF6B521E6200_2_00007FF6B521E620
Source: C:\Users\user\Desktop\pgsql.exeCode function: 0_2_00007FF6B52118600_2_00007FF6B5211860
Source: C:\Users\user\Desktop\pgsql.exeCode function: 0_2_00007FF6B51C88E00_2_00007FF6B51C88E0
Source: C:\Users\user\Desktop\pgsql.exeCode function: 0_2_00007FF6B51A29000_2_00007FF6B51A2900
Source: C:\Users\user\Desktop\pgsql.exeCode function: 0_2_00007FF6B51A77600_2_00007FF6B51A7760
Source: C:\Users\user\Desktop\pgsql.exeCode function: 0_2_00007FF6B521C7400_2_00007FF6B521C740
Source: C:\Users\user\Desktop\pgsql.exeCode function: 0_2_00007FF6B51AD7A00_2_00007FF6B51AD7A0
Source: C:\Users\user\Desktop\pgsql.exeCode function: 0_2_00007FF6B51EE7E00_2_00007FF6B51EE7E0
Source: C:\Users\user\Desktop\pgsql.exeCode function: 0_2_00007FF6B51867E00_2_00007FF6B51867E0
Source: C:\Users\user\Desktop\pgsql.exeCode function: 0_2_00007FF6B51958200_2_00007FF6B5195820
Source: C:\Users\user\Desktop\pgsql.exeCode function: 0_2_00007FF6B52242600_2_00007FF6B5224260
Source: C:\Users\user\Desktop\pgsql.exeCode function: 0_2_00007FF6B521B2A00_2_00007FF6B521B2A0
Source: C:\Users\user\Desktop\pgsql.exeCode function: 0_2_00007FF6B51F92E00_2_00007FF6B51F92E0
Source: C:\Users\user\Desktop\pgsql.exeCode function: 0_2_00007FF6B51C01A00_2_00007FF6B51C01A0
Source: C:\Users\user\Desktop\pgsql.exeCode function: 0_2_00007FF6B520B1C00_2_00007FF6B520B1C0
Source: C:\Users\user\Desktop\pgsql.exeCode function: 0_2_00007FF6B521C2200_2_00007FF6B521C220
Source: C:\Users\user\Desktop\pgsql.exeCode function: 0_2_00007FF6B51C52000_2_00007FF6B51C5200
Source: C:\Users\user\Desktop\pgsql.exeCode function: 0_2_00007FF6B51AB4600_2_00007FF6B51AB460
Source: C:\Users\user\Desktop\pgsql.exeCode function: 0_2_00007FF6B519A4400_2_00007FF6B519A440
Source: C:\Users\user\Desktop\pgsql.exeCode function: 0_2_00007FF6B51AC4A00_2_00007FF6B51AC4A0
Source: C:\Users\user\Desktop\pgsql.exeCode function: 0_2_00007FF6B51BF4800_2_00007FF6B51BF480
Source: C:\Users\user\Desktop\pgsql.exeCode function: 0_2_00007FF6B518D4800_2_00007FF6B518D480
Source: C:\Users\user\Desktop\pgsql.exeCode function: 0_2_00007FF6B52224800_2_00007FF6B5222480
Source: C:\Users\user\Desktop\pgsql.exeCode function: 0_2_00007FF6B51A53600_2_00007FF6B51A5360
Source: C:\Users\user\Desktop\pgsql.exeCode function: 0_2_00007FF6B51B93400_2_00007FF6B51B9340
Source: C:\Users\user\Desktop\pgsql.exeCode function: 0_2_00007FF6B520F3A00_2_00007FF6B520F3A0
Source: C:\Users\user\Desktop\pgsql.exeCode function: 0_2_00007FF6B52153C00_2_00007FF6B52153C0
Source: C:\Users\user\Desktop\pgsql.exeCode function: 0_2_00007FF6B51A84200_2_00007FF6B51A8420
Source: C:\Users\user\Desktop\pgsql.exeCode function: 0_2_00007FF6B51BC4000_2_00007FF6B51BC400
Source: C:\Users\user\Desktop\pgsql.exeCode function: 0_2_00007FF6B51E3EA90_2_00007FF6B51E3EA9
Source: C:\Users\user\Desktop\pgsql.exeCode function: 0_2_00007FF6B519AE800_2_00007FF6B519AE80
Source: C:\Users\user\Desktop\pgsql.exeCode function: 0_2_00007FF6B51E0E800_2_00007FF6B51E0E80
Source: C:\Users\user\Desktop\pgsql.exeCode function: 0_2_00007FF6B5211EE00_2_00007FF6B5211EE0
Source: C:\Users\user\Desktop\pgsql.exeCode function: 0_2_00007FF6B521EEE00_2_00007FF6B521EEE0
Source: C:\Users\user\Desktop\pgsql.exeCode function: 0_2_00007FF6B5210F200_2_00007FF6B5210F20
Source: C:\Users\user\Desktop\pgsql.exeCode function: 0_2_00007FF6B518AD800_2_00007FF6B518AD80
Source: C:\Users\user\Desktop\pgsql.exeCode function: 0_2_00007FF6B51CF0800_2_00007FF6B51CF080
Source: C:\Users\user\Desktop\pgsql.exeCode function: 0_2_00007FF6B51870C00_2_00007FF6B51870C0
Source: C:\Users\user\Desktop\pgsql.exeCode function: 0_2_00007FF6B51A11200_2_00007FF6B51A1120
Source: C:\Users\user\Desktop\pgsql.exeCode function: 0_2_00007FF6B52121200_2_00007FF6B5212120
Source: C:\Users\user\Desktop\pgsql.exeCode function: 0_2_00007FF6B51EEFE00_2_00007FF6B51EEFE0
Source: C:\Users\user\Desktop\pgsql.exeCode function: 0_2_00007FF6B51F7FE00_2_00007FF6B51F7FE0
Source: C:\Users\user\Desktop\pgsql.exeCode function: 0_2_00007FF6B51AAFC00_2_00007FF6B51AAFC0
Source: C:\Users\user\Desktop\pgsql.exeCode function: 0_2_00007FF6B518E0060_2_00007FF6B518E006
Source: C:\Users\user\Desktop\pgsql.exeCode function: 0_2_00007FF6B51BEA400_2_00007FF6B51BEA40
Source: C:\Users\user\Desktop\pgsql.exeCode function: 0_2_00007FF6B519AAA00_2_00007FF6B519AAA0
Source: C:\Users\user\Desktop\pgsql.exeCode function: 0_2_00007FF6B51C1A800_2_00007FF6B51C1A80
Source: C:\Users\user\Desktop\pgsql.exeCode function: 0_2_00007FF6B51B8AE00_2_00007FF6B51B8AE0
Source: C:\Users\user\Desktop\pgsql.exeCode function: 0_2_00007FF6B51F0AE00_2_00007FF6B51F0AE0
Source: C:\Users\user\Desktop\pgsql.exeCode function: 0_2_00007FF6B51D0AE00_2_00007FF6B51D0AE0
Source: C:\Users\user\Desktop\pgsql.exeCode function: 0_2_00007FF6B52059A00_2_00007FF6B52059A0
Source: C:\Users\user\Desktop\pgsql.exeCode function: 0_2_00007FF6B5221C400_2_00007FF6B5221C40
Source: C:\Users\user\Desktop\pgsql.exeCode function: 0_2_00007FF6B5223D200_2_00007FF6B5223D20
Source: C:\Users\user\Desktop\pgsql.exeCode function: 0_2_00007FF6B521ED000_2_00007FF6B521ED00
Source: C:\Users\user\Desktop\pgsql.exeCode function: 0_2_00007FF6B518EB800_2_00007FF6B518EB80
Source: C:\Users\user\Desktop\pgsql.exeCode function: String function: 00007FF6B51CFC00 appears 37 times
Source: C:\Users\user\Desktop\pgsql.exeCode function: String function: 00007FF6B51B7F40 appears 580 times
Source: C:\Users\user\Desktop\pgsql.exeCode function: String function: 00007FF6B51B9900 appears 56 times
Source: C:\Users\user\Desktop\pgsql.exeCode function: String function: 00007FF6B51BA180 appears 569 times
Source: pgsql.exeStatic PE information: Number of sections : 12 > 10
Source: pgsql.exeBinary or memory string: zbuEJo.oOQoGQTtLESMDr.SLnvxsO
Source: pgsql.exeBinary or memory string: sMmNygSDUz.SLNKyjfTkFOOqmCPV.RciXzjq.vXKzeZ
Source: pgsql.exeBinary or memory string: cHmkDZSPVMQxMzhwcCxPUnhdaKIWDAEPDY.nQYbMvdAlM.vbpKEt
Source: classification engineClassification label: sus25.evad.winEXE@1/0@0/0
Source: C:\Users\user\Desktop\pgsql.exeFile opened: C:\Windows\system32\cbcf1d36f29c91c433ae392debd6264f3491cfd0e324f51b0fd96b23beea3c0bAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJump to behavior
Source: pgsql.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\pgsql.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: pgsql.exeString found in binary or memory: &tools/cmd/acc/agent_acc/handler/loader
Source: pgsql.exeString found in binary or memory: tools/cmd/acc/agent_acc/handler/loader.(*handleReflectDllInject).execute.func16
Source: pgsql.exeString found in binary or memory: tools/cmd/acc/agent_acc/handler/loader.(*handleReflectDllInject).execute.func11
Source: pgsql.exeString found in binary or memory: tools/cmd/acc/agent_acc/handler/loader.(*handleReflectDllInject).execute.func10
Source: pgsql.exeString found in binary or memory: tools/cmd/acc/agent_acc/handler/loader.(*handleReflectDllInject).inline.func2
Source: pgsql.exeString found in binary or memory: tools/cmd/acc/agent_acc/handler/loader.(*handleReflectDllInject).inline.func1
Source: pgsql.exeString found in binary or memory: tools/cmd/acc/agent_acc/handler/loader.(*handleReflectDllInject).inline.func3
Source: pgsql.exeString found in binary or memory: tools/cmd/acc/agent_acc/handler/loader.(*handleReflectDllInject).execute.func9
Source: pgsql.exeString found in binary or memory: tools/cmd/acc/agent_acc/handler/loader.(*handleReflectDllInject).execute.func8
Source: pgsql.exeString found in binary or memory: tools/cmd/acc/agent_acc/handler/loader.(*handleReflectDllInject).uninstall.func3
Source: pgsql.exeString found in binary or memory: tools/cmd/acc/agent_acc/handler/loader.VirtualProtect_LoadDLL.func2
Source: pgsql.exeString found in binary or memory: tools/cmd/acc/agent_acc/handler/loader.VirtualProtect_LoadDLL.func1
Source: pgsql.exeString found in binary or memory: tools/cmd/acc/agent_acc/handler/loader.WaitForSingleObject_LoadDLL.func1
Source: pgsql.exeString found in binary or memory: tools/cmd/acc/agent_acc/handler/loader.WaitForSingleObject_LoadDLL.func2
Source: pgsql.exeString found in binary or memory: tools/cmd/acc/agent_acc/handler/loader.(*handleReflectDllInject).inline.func9
Source: pgsql.exeString found in binary or memory: tools/cmd/acc/agent_acc/handler/loader.(*handleReflectDllInject).inline.func4
Source: pgsql.exeString found in binary or memory: tools/cmd/acc/agent_acc/handler/loader.scErase
Source: pgsql.exeString found in binary or memory: ssse3stdinsudogsweeptext/tls: traceuint8usageutf-8write B -> Value addr= alloc base code= ctxt: curg= free goid jobs= list= m->p= max= min= next= p->m= prev= span=% util(...) , i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic B
Source: pgsql.exeString found in binary or memory: ssse3stdinsudogsweeptext/tls: traceuint8usageutf-8write B -> Value addr= alloc base code= ctxt: curg= free goid jobs= list= m->p= max= min= next= p->m= prev= span=% util(...) , i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic B
Source: pgsql.exeString found in binary or memory: sse41sse42ssse3stdinsudogsweeptext/tls: traceuint8usageutf-8write B -> Value addr= alloc base code= ctxt: curg= free goid jobs= list= m->p= max= min= next= p->m= prev= span=% util(...) , i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAug
Source: pgsql.exeString found in binary or memory: sse41sse42ssse3stdinsudogsweeptext/tls: traceuint8usageutf-8write B -> Value addr= alloc base code= ctxt: curg= free goid jobs= list= m->p= max= min= next= p->m= prev= span=% util(...) , i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAug
Source: pgsql.exeString found in binary or memory: sse42ssse3stdinsudogsweeptext/tls: traceuint8usageutf-8write B -> Value addr= alloc base code= ctxt: curg= free goid jobs= list= m->p= max= min= next= p->m= prev= span=% util(...) , i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBa
Source: pgsql.exeString found in binary or memory: sse42ssse3stdinsudogsweeptext/tls: traceuint8usageutf-8write B -> Value addr= alloc base code= ctxt: curg= free goid jobs= list= m->p= max= min= next= p->m= prev= span=% util(...) , i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBa
Source: pgsql.exeString found in binary or memory: scav schedsleepslicesockssse41sse42ssse3stdinsudogsweeptext/tls: traceuint8usageutf-8write B -> Value addr= alloc base code= ctxt: curg= free goid jobs= list= m->p= max= min= next= p->m= prev= span=% util(...) , i = , not , val --help.local.onion390625<-
Source: pgsql.exeString found in binary or memory: scav schedsleepslicesockssse41sse42ssse3stdinsudogsweeptext/tls: traceuint8usageutf-8write B -> Value addr= alloc base code= ctxt: curg= free goid jobs= list= m->p= max= min= next= p->m= prev= span=% util(...) , i = , not , val --help.local.onion390625<-
Source: pgsql.exeString found in binary or memory: m->p= max= min= next= p->m= prev= span=% util(...) , i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLI
Source: pgsql.exeString found in binary or memory: m->p= max= min= next= p->m= prev= span=% util(...) , i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLI
Source: pgsql.exeString found in binary or memory: max= min= next= p->m= prev= span=% util(...) , i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLISTENLe
Source: pgsql.exeString found in binary or memory: max= min= next= p->m= prev= span=% util(...) , i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLISTENLe
Source: pgsql.exeString found in binary or memory: list= m->p= max= min= next= p->m= prev= span=% util(...) , i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGothicHangulHatranHebrewHyphenKaithiKh
Source: pgsql.exeString found in binary or memory: list= m->p= max= min= next= p->m= prev= span=% util(...) , i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGothicHangulHatranHebrewHyphenKaithiKh
Source: pgsql.exeString found in binary or memory: next= p->m= prev= span=% util(...) , i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLISTENLengthLepchaLo
Source: pgsql.exeString found in binary or memory: next= p->m= prev= span=% util(...) , i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLISTENLengthLepchaLo
Source: pgsql.exeString found in binary or memory: min= next= p->m= prev= span=% util(...) , i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLISTENLengthL
Source: pgsql.exeString found in binary or memory: min= next= p->m= prev= span=% util(...) , i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLISTENLengthL
Source: pgsql.exeString found in binary or memory: min= next= p->m= prev= span=% util(...) , i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLISTENLengthLe
Source: pgsql.exeString found in binary or memory: min= next= p->m= prev= span=% util(...) , i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLISTENLengthLe
Source: pgsql.exeString found in binary or memory: curg= free goid jobs= list= m->p= max= min= next= p->m= prev= span=% util(...) , i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGothicHangulHa
Source: pgsql.exeString found in binary or memory: curg= free goid jobs= list= m->p= max= min= next= p->m= prev= span=% util(...) , i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGothicHangulHa
Source: pgsql.exeString found in binary or memory: ctxt: curg= free goid jobs= list= m->p= max= min= next= p->m= prev= span=% util(...) , i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGothicHa
Source: pgsql.exeString found in binary or memory: ctxt: curg= free goid jobs= list= m->p= max= min= next= p->m= prev= span=% util(...) , i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGothicHa
Source: pgsql.exeString found in binary or memory: jobs= list= m->p= max= min= next= p->m= prev= span=% util(...) , i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGothicHangulHatranHebrewHyphenKa
Source: pgsql.exeString found in binary or memory: jobs= list= m->p= max= min= next= p->m= prev= span=% util(...) , i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGothicHangulHatranHebrewHyphenKa
Source: pgsql.exeString found in binary or memory: free goid jobs= list= m->p= max= min= next= p->m= prev= span=% util(...) , i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGothicHangulHatranHe
Source: pgsql.exeString found in binary or memory: free goid jobs= list= m->p= max= min= next= p->m= prev= span=% util(...) , i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGothicHangulHatranHe
Source: pgsql.exeString found in binary or memory: goid jobs= list= m->p= max= min= next= p->m= prev= span=% util(...) , i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGothicHangulHatranHebrewHy
Source: pgsql.exeString found in binary or memory: goid jobs= list= m->p= max= min= next= p->m= prev= span=% util(...) , i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGothicHangulHatranHebrewHy
Source: pgsql.exeString found in binary or memory: addr= alloc base code= ctxt: curg= free goid jobs= list= m->p= max= min= next= p->m= prev= span=% util(...) , i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFr
Source: pgsql.exeString found in binary or memory: addr= alloc base code= ctxt: curg= free goid jobs= list= m->p= max= min= next= p->m= prev= span=% util(...) , i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFr
Source: pgsql.exeString found in binary or memory: B -> Value addr= alloc base code= ctxt: curg= free goid jobs= list= m->p= max= min= next= p->m= prev= span=% util(...) , i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEEx
Source: pgsql.exeString found in binary or memory: B -> Value addr= alloc base code= ctxt: curg= free goid jobs= list= m->p= max= min= next= p->m= prev= span=% util(...) , i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEEx
Source: pgsql.exeString found in binary or memory: Value addr= alloc base code= ctxt: curg= free goid jobs= list= m->p= max= min= next= p->m= prev= span=% util(...) , i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFo
Source: pgsql.exeString found in binary or memory: Value addr= alloc base code= ctxt: curg= free goid jobs= list= m->p= max= min= next= p->m= prev= span=% util(...) , i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFo
Source: pgsql.exeString found in binary or memory: base code= ctxt: curg= free goid jobs= list= m->p= max= min= next= p->m= prev= span=% util(...) , i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGe
Source: pgsql.exeString found in binary or memory: base code= ctxt: curg= free goid jobs= list= m->p= max= min= next= p->m= prev= span=% util(...) , i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGe
Source: pgsql.exeString found in binary or memory: code= ctxt: curg= free goid jobs= list= m->p= max= min= next= p->m= prev= span=% util(...) , i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGo
Source: pgsql.exeString found in binary or memory: code= ctxt: curg= free goid jobs= list= m->p= max= min= next= p->m= prev= span=% util(...) , i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGo
Source: pgsql.exeString found in binary or memory: alloc base code= ctxt: curg= free goid jobs= list= m->p= max= min= next= p->m= prev= span=% util(...) , i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGO
Source: pgsql.exeString found in binary or memory: alloc base code= ctxt: curg= free goid jobs= list= m->p= max= min= next= p->m= prev= span=% util(...) , i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGO
Source: pgsql.exeString found in binary or memory: usageutf-8write B -> Value addr= alloc base code= ctxt: curg= free goid jobs= list= m->p= max= min= next= p->m= prev= span=% util(...) , i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCooki
Source: pgsql.exeString found in binary or memory: usageutf-8write B -> Value addr= alloc base code= ctxt: curg= free goid jobs= list= m->p= max= min= next= p->m= prev= span=% util(...) , i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCooki
Source: pgsql.exeString found in binary or memory: , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLISTENLengthLepchaLockedLycianLydianMondayPADDEDPragmaRejangSC
Source: pgsql.exeString found in binary or memory: , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLISTENLengthLepchaLockedLycianLydianMondayPADDEDPragmaRejangSC
Source: pgsql.exeString found in binary or memory: span=% util(...) , i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLISTENLengthLepchaLockedLycianLydianMo
Source: pgsql.exeString found in binary or memory: span=% util(...) , i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLISTENLengthLepchaLockedLycianLydianMo
Source: pgsql.exeString found in binary or memory: p->m= prev= span=% util(...) , i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLISTENLengthLepchaLockedLy
Source: pgsql.exeString found in binary or memory: p->m= prev= span=% util(...) , i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLISTENLengthLepchaLockedLy
Source: pgsql.exeString found in binary or memory: prev= span=% util(...) , i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLISTENLengthLepchaLockedLycianLy
Source: pgsql.exeString found in binary or memory: prev= span=% util(...) , i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLISTENLengthLepchaLockedLycianLy
Source: pgsql.exeString found in binary or memory: (...) , i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLISTENLengthLepchaLockedLycianLydianMondayPADDEDPr
Source: pgsql.exeString found in binary or memory: (...) , i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLISTENLengthLepchaLockedLycianLydianMondayPADDEDPr
Source: pgsql.exeString found in binary or memory: , i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLISTENLengthLepchaLockedLycianLydianMondayPADDEDPragmaRe
Source: pgsql.exeString found in binary or memory: , i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLISTENLengthLepchaLockedLycianLydianMondayPADDEDPragmaRe
Source: pgsql.exeString found in binary or memory: % util(...) , i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLISTENLengthLepchaLockedLycianLydianMondayPA
Source: pgsql.exeString found in binary or memory: % util(...) , i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLISTENLengthLepchaLockedLycianLydianMondayPA
Source: pgsql.exeString found in binary or memory: (...), i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLISTENLengthLepchaLockedLycianLydianMondayPADDEDPr
Source: pgsql.exeString found in binary or memory: (...), i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLISTENLengthLepchaLockedLycianLydianMondayPADDEDPr
Source: pgsql.exeString found in binary or memory: code= ctxt: curg= free goid jobs= list= m->p= max= min= next= p->m= prev= span=% util(...), i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGo
Source: pgsql.exeString found in binary or memory: code= ctxt: curg= free goid jobs= list= m->p= max= min= next= p->m= prev= span=% util(...), i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGo
Source: pgsql.exeString found in binary or memory: addr= alloc base code= ctxt: curg= free goid jobs= list= m->p= max= min= next= p->m= prev= span=% util(...), i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFr
Source: pgsql.exeString found in binary or memory: addr= alloc base code= ctxt: curg= free goid jobs= list= m->p= max= min= next= p->m= prev= span=% util(...), i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFr
Source: pgsql.exeString found in binary or memory: span=% util(...), i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLISTENLengthLepchaLockedLycianLydianMo
Source: pgsql.exeString found in binary or memory: span=% util(...), i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLISTENLengthLepchaLockedLycianLydianMo
Source: pgsql.exeString found in binary or memory: list= m->p= max= min= next= p->m= prev= span=% util(...), i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGothicHangulHatranHebrewHyphenKaithiKh
Source: pgsql.exeString found in binary or memory: list= m->p= max= min= next= p->m= prev= span=% util(...), i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGothicHangulHatranHebrewHyphenKaithiKh
Source: pgsql.exeString found in binary or memory: prev= span=% util(...), i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLISTENLengthLepchaLockedLycianLy
Source: pgsql.exeString found in binary or memory: prev= span=% util(...), i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLISTENLengthLepchaLockedLycianLy
Source: pgsql.exeString found in binary or memory: B -> Value addr= alloc base code= ctxt: curg= free goid jobs= list= m->p= max= min= next= p->m= prev= span=% util(...), i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEEx
Source: pgsql.exeString found in binary or memory: B -> Value addr= alloc base code= ctxt: curg= free goid jobs= list= m->p= max= min= next= p->m= prev= span=% util(...), i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEEx
Source: pgsql.exeString found in binary or memory: base code= ctxt: curg= free goid jobs= list= m->p= max= min= next= p->m= prev= span=% util(...), i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGe
Source: pgsql.exeString found in binary or memory: base code= ctxt: curg= free goid jobs= list= m->p= max= min= next= p->m= prev= span=% util(...), i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGe
Source: pgsql.exeString found in binary or memory: alloc base code= ctxt: curg= free goid jobs= list= m->p= max= min= next= p->m= prev= span=% util(...), i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGO
Source: pgsql.exeString found in binary or memory: alloc base code= ctxt: curg= free goid jobs= list= m->p= max= min= next= p->m= prev= span=% util(...), i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGO
Source: pgsql.exeString found in binary or memory: scav schedsleepslicesockssse41sse42ssse3stdinsudogsweeptext/tls: traceuint8usageutf-8write B -> Value addr= alloc base code= ctxt: curg= free goid jobs= list= m->p= max= min= next= p->m= prev= span=% util(...), i = , not , val --help.local.onion390625<-
Source: pgsql.exeString found in binary or memory: scav schedsleepslicesockssse41sse42ssse3stdinsudogsweeptext/tls: traceuint8usageutf-8write B -> Value addr= alloc base code= ctxt: curg= free goid jobs= list= m->p= max= min= next= p->m= prev= span=% util(...), i = , not , val --help.local.onion390625<-
Source: pgsql.exeString found in binary or memory: next= p->m= prev= span=% util(...), i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLISTENLengthLepchaLo
Source: pgsql.exeString found in binary or memory: next= p->m= prev= span=% util(...), i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLISTENLengthLepchaLo
Source: pgsql.exeString found in binary or memory: jobs= list= m->p= max= min= next= p->m= prev= span=% util(...), i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGothicHangulHatranHebrewHyphenKa
Source: pgsql.exeString found in binary or memory: jobs= list= m->p= max= min= next= p->m= prev= span=% util(...), i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGothicHangulHatranHebrewHyphenKa
Source: pgsql.exeString found in binary or memory: usageutf-8write B -> Value addr= alloc base code= ctxt: curg= free goid jobs= list= m->p= max= min= next= p->m= prev= span=% util(...), i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCooki
Source: pgsql.exeString found in binary or memory: usageutf-8write B -> Value addr= alloc base code= ctxt: curg= free goid jobs= list= m->p= max= min= next= p->m= prev= span=% util(...), i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCooki
Source: pgsql.exeString found in binary or memory: curg= free goid jobs= list= m->p= max= min= next= p->m= prev= span=% util(...), i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGothicHangulHa
Source: pgsql.exeString found in binary or memory: curg= free goid jobs= list= m->p= max= min= next= p->m= prev= span=% util(...), i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGothicHangulHa
Source: pgsql.exeString found in binary or memory: goid jobs= list= m->p= max= min= next= p->m= prev= span=% util(...), i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGothicHangulHatranHebrewHy
Source: pgsql.exeString found in binary or memory: goid jobs= list= m->p= max= min= next= p->m= prev= span=% util(...), i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGothicHangulHatranHebrewHy
Source: pgsql.exeString found in binary or memory: Value addr= alloc base code= ctxt: curg= free goid jobs= list= m->p= max= min= next= p->m= prev= span=% util(...), i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFo
Source: pgsql.exeString found in binary or memory: Value addr= alloc base code= ctxt: curg= free goid jobs= list= m->p= max= min= next= p->m= prev= span=% util(...), i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFo
Source: pgsql.exeString found in binary or memory: ctxt: curg= free goid jobs= list= m->p= max= min= next= p->m= prev= span=% util(...), i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGothicHa
Source: pgsql.exeString found in binary or memory: ctxt: curg= free goid jobs= list= m->p= max= min= next= p->m= prev= span=% util(...), i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGothicHa
Source: pgsql.exeString found in binary or memory: max= min= next= p->m= prev= span=% util(...), i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLISTENLe
Source: pgsql.exeString found in binary or memory: max= min= next= p->m= prev= span=% util(...), i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLISTENLe
Source: pgsql.exeString found in binary or memory: min= next= p->m= prev= span=% util(...), i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLISTENLengthLe
Source: pgsql.exeString found in binary or memory: min= next= p->m= prev= span=% util(...), i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLISTENLengthLe
Source: pgsql.exeString found in binary or memory: sse41sse42ssse3stdinsudogsweeptext/tls: traceuint8usageutf-8write B -> Value addr= alloc base code= ctxt: curg= free goid jobs= list= m->p= max= min= next= p->m= prev= span=% util(...), i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAug
Source: pgsql.exeString found in binary or memory: sse41sse42ssse3stdinsudogsweeptext/tls: traceuint8usageutf-8write B -> Value addr= alloc base code= ctxt: curg= free goid jobs= list= m->p= max= min= next= p->m= prev= span=% util(...), i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAug
Source: pgsql.exeString found in binary or memory: m->p= max= min= next= p->m= prev= span=% util(...), i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLI
Source: pgsql.exeString found in binary or memory: m->p= max= min= next= p->m= prev= span=% util(...), i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLI
Source: pgsql.exeString found in binary or memory: &tools/cmd/acc/agent_acc/handler/loader
Source: pgsql.exeString found in binary or memory: json:"tls_enable,omitempty"&tools/cmd/acc/agent_acc/handler/loader&bnWYbg/mhgZZS.tWe/x/FNA/nsr/eqUCBjiySn&TEcILS/WFVcyA.jFL/Q/pFH/IBwj/TeGvAavKm&*uCTW.AphXCtplHTjObaWtfGguXdKEIoKDeYqd&*mGKJ.nwMFmMagttjnjpQoDMBEpMYPPxSAXbqS&*nFrW.tftpzwbIozIAUyBiqPtLMpHkyPmGfVzU&*XAXq() (LYLfWG.kapmZOZ, xoNkA, muoOq)&*gYCi(*ZKEd.iDPbWGg) (*GMh.ydH, gVOHA)&*Nfnq(*XQiNNts.G, PagEar.QkNFyJA) itBv&*csoD(UeT, zHFPoNdBq.VAcBOTFqjF) uBnKc&*ZZUW(djTFer, *mLi.IPjnkwLimQkaaiclQA)&*map.bucket[context.canceler]struct {}&*map.bucket[hpack.pairNameValue]uint64&*map.bucket[http.cancelKey]func(error)&*map.bucket[http.http2FrameType]string&*map.bucket[http.http2SettingID]string&*map.bucket[net.hostLookupOrder]string&*map.bucket[runtime.winCallbackKey]int&*map.bucket[string]*http.http2dialCall&*map.bucket[string]*unicode.RangeTable&*map.bucket[uint64]model.HandleRegInfo&*struct { F uintptr; R *net.Resolver }&*struct { F uintptr; errc chan error }
Source: pgsql.exeString found in binary or memory: , i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLISTENLengthLepchaLockedLycianLydianMondayPADDEDPragmaRejangSCHED STREETServerStringSundaySyriacSystemTai_LeTangutTeluguThaanaTypeMXTypeNSUTC+12UTC+13UTC-02UTC-08UTC-09UTC-11WanchoX25519Yezidi[]byteacceptactiveavx512chan<-closedcookiedomainefenceempty exec: expectfinishgopherhangupheaderinternip+netkilledlistenminutenetdnsobjectoriginpopcntrdrandrdseedrdtscpremoverenamereturnrune1 secondselectsendtoserversocketsocks socks5statusstdoutstringstructsweep sysmontelnettimersuint16uint32uint64x86_64 %v=%v, (conn) (scan (scan) MB in Value> allocs dying= flags= len=%d locks= m->g0= nmsys= pad1= pad2= s=nil
Source: pgsql.exeString found in binary or memory: , i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLISTENLengthLepchaLockedLycianLydianMondayPADDEDPragmaRejangSCHED STREETServerStringSundaySyriacSystemTai_LeTangutTeluguThaanaTypeMXTypeNSUTC+12UTC+13UTC-02UTC-08UTC-09UTC-11WanchoX25519Yezidi[]byteacceptactiveavx512chan<-closedcookiedomainefenceempty exec: expectfinishgopherhangupheaderinternip+netkilledlistenminutenetdnsobjectoriginpopcntrdrandrdseedrdtscpremoverenamereturnrune1 secondselectsendtoserversocketsocks socks5statusstdoutstringstructsweep sysmontelnettimersuint16uint32uint64x86_64 %v=%v, (conn) (scan (scan) MB in Value> allocs dying= flags= len=%d locks= m->g0= nmsys= pad1= pad2= s=nil
Source: pgsql.exeString found in binary or memory: tools/cmd/acc/agent_acc/handler/loader.(*handleReflectDllInject).uninstall.func3
Source: pgsql.exeString found in binary or memory: tools/cmd/acc/agent_acc/handler/loader.(*handleReflectDllInject).execute.func8
Source: pgsql.exeString found in binary or memory: tools/cmd/acc/agent_acc/handler/loader.(*handleReflectDllInject).execute.func9
Source: pgsql.exeString found in binary or memory: tools/cmd/acc/agent_acc/handler/loader.(*handleReflectDllInject).execute.func10
Source: pgsql.exeString found in binary or memory: tools/cmd/acc/agent_acc/handler/loader.(*handleReflectDllInject).execute.func11
Source: pgsql.exeString found in binary or memory: tools/cmd/acc/agent_acc/handler/loader.(*handleReflectDllInject).execute.func16
Source: pgsql.exeString found in binary or memory: tools/cmd/acc/agent_acc/handler/loader.(*handleReflectDllInject).inline.func1
Source: pgsql.exeString found in binary or memory: tools/cmd/acc/agent_acc/handler/loader.(*handleReflectDllInject).inline.func2
Source: pgsql.exeString found in binary or memory: tools/cmd/acc/agent_acc/handler/loader.(*handleReflectDllInject).inline.func3
Source: pgsql.exeString found in binary or memory: tools/cmd/acc/agent_acc/handler/loader.(*handleReflectDllInject).inline.func4
Source: pgsql.exeString found in binary or memory: tools/cmd/acc/agent_acc/handler/loader.(*handleReflectDllInject).inline.func9
Source: pgsql.exeString found in binary or memory: tools/cmd/acc/agent_acc/handler/loader.scErase
Source: pgsql.exeString found in binary or memory: tools/cmd/acc/agent_acc/handler/loader.WaitForSingleObject_LoadDLL.func1
Source: pgsql.exeString found in binary or memory: tools/cmd/acc/agent_acc/handler/loader.WaitForSingleObject_LoadDLL.func2
Source: pgsql.exeString found in binary or memory: tools/cmd/acc/agent_acc/handler/loader.VirtualProtect_LoadDLL.func1
Source: pgsql.exeString found in binary or memory: tools/cmd/acc/agent_acc/handler/loader.VirtualProtect_LoadDLL.func2
Source: C:\Users\user\Desktop\pgsql.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\pgsql.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\Desktop\pgsql.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Users\user\Desktop\pgsql.exeSection loaded: umpdc.dllJump to behavior
Source: pgsql.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
Source: pgsql.exeStatic PE information: Image base 0x140000000 > 0x60000000
Source: pgsql.exeStatic file information: File size 6980608 > 1048576
Source: pgsql.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x355600
Source: pgsql.exeStatic PE information: Raw size of .rdata is bigger than: 0x100000 < 0x2f3800
Source: pgsql.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: pgsql.exeStatic PE information: real checksum: 0x6af86d should be: 0x6ab1b0
Source: pgsql.exeStatic PE information: section name: .xdata
Source: C:\Users\user\Desktop\pgsql.exeRegistry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\partmgrJump to behavior
Source: C:\Users\user\Desktop\pgsql.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Users\user\Desktop\pgsql.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\pgsql.exeCode function: 0_2_00007FF6B51E6DE0 rdtscp0_2_00007FF6B51E6DE0
Source: pgsql.exeBinary or memory string: *PLHm.GxVmcIfGt
Source: pgsql.exeBinary or memory string: nfRzEdOpxZLudVweGaeclPihGFsQHwq.BXGrTsJPHVWnMiphnGh.kgoNajGT.svyXL
Source: pgsql.exeBinary or memory string: rLYDmISkQe.FSnOHEKOPrqECGi.KcVeeiwIGhGfSFYycHeBWhzt
Source: pgsql.exe, 00000000.00000002.1641435921.00000264D5FC3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Anti Debugging

barindex
Potentially malicious time measurement code found
Source: C:\Users\user\Desktop\pgsql.exeCode function: 0_2_00007FF6B51E6DE0 Start: 00007FF6B51E6DE9 End: 00007FF6B51E6DFF0_2_00007FF6B51E6DE0
Source: C:\Users\user\Desktop\pgsql.exeCode function: 0_2_00007FF6B51E6DE0 rdtscp0_2_00007FF6B51E6DE0
Source: C:\Users\user\Desktop\pgsql.exeProcess token adjusted: DebugJump to behavior
Source: C:\Users\user\Desktop\pgsql.exeCode function: 0_2_00007FF6B5882674 SetUnhandledExceptionFilter,0_2_00007FF6B5882674
Source: C:\Users\user\Desktop\pgsql.exeCode function: 0_2_00007FF6B5181190 Sleep,Sleep,SetUnhandledExceptionFilter,malloc,strlen,malloc,memcpy,_initterm,GetStartupInfoA,0_2_00007FF6B5181190

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
Command and Scripting Interpreter		1
Windows Service		1
Windows Service		1
Deobfuscate/Decode Files or Information		OS Credential Dumping11
Security Software Discovery		Remote Services1
Archive Collected Data		1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
DLL Side-Loading		1
DLL Side-Loading		1
DLL Side-Loading		LSASS Memory1
System Information Discovery		Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)2
Obfuscated Files or Information		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

World Map of Contacted IPs

No contacted IP infos

General Information

Joe Sandbox version:40.0.0 Tourmaline
Analysis ID:1431416
Start date and time:2024-04-25 03:27:07 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 3m 1s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:default.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:1
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Sample name:pgsql.exe
Detection:SUS
Classification:sus25.evad.winEXE@1/0@0/0
EGA Information:
  • Successful, ratio: 100%
HCA Information:Failed
Cookbook Comments:
  • Found application associated with file extension: .exe
  • Stop behavior analysis, all processes terminated

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASNs

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

No created / dropped files found

Static File Info

General

File type:PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
Entropy (8bit):6.284093165030507
TrID:
  • Win64 Executable (generic) (12005/4) 74.95%
  • Generic Win/DOS Executable (2004/3) 12.51%
  • DOS Executable Generic (2002/1) 12.50%
  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.04%
File name:pgsql.exe
File size:6'980'608 bytes
MD5:dc17be1cd14d4671be693887310c64a1
SHA1:a6b37e239aaed421ffac023406483d2c8a14e932
SHA256:d18019064e5903dcf7c29921c10a7a90176cccd55d9cf3ba1e3e9805c1364df1
SHA512:3831c54dc8aa80c6e7ed69142c2e5a285838a3f0b81367920cfdc66f104d8484814b1ec582035f2f2a7f18869186e617ad44c2c2f23b92be51bd18ee97b440a3
SSDEEP:49152:5kBvM7sEnhrb/TMvO90d7HjmAFd4A64nsfJebrZtrttwUIQFAO167pHWnp3SJNC+:tgrzwUnp0z/EOnrG6
TLSH:92663A07F89155E9C0AAD13486269263BA717C885B3067D32F50FBB82F33BD46E7A354
File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d......................$.V5...j..^.............@.............................Pq.....m.j...`... ............................

File Icon

Icon Hash:90cececece8e8eb0

Static PE Info

General

Entrypoint:0x1400014e0
Entrypoint Section:.text
Digitally signed:false
Imagebase:0x140000000
Subsystem:windows gui
Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, DEBUG_STRIPPED
DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:0x0 [Thu Jan 1 00:00:00 1970 UTC]
TLS Callbacks:0x4034aea0, 0x1, 0x4034ae70, 0x1, 0x4034e8e0, 0x1
CLR (.Net) Version:
OS Version Major:6
OS Version Minor:1
File Version Major:6
File Version Minor:1
Subsystem Version Major:6
Subsystem Version Minor:1
Import Hash:f698cec20af6dfbd582749f6504f5863

Entrypoint Preview

Instruction
dec eax
sub esp, 28h
dec eax
mov eax, dword ptr [00696A95h]
mov dword ptr [eax], 00000000h
call 00007FD888F30C8Fh
nop
nop
dec eax
add esp, 28h
ret
nop dword ptr [eax]
dec eax
sub esp, 28h
call 00007FD889285744h
dec eax
test eax, eax
sete al
movzx eax, al
neg eax
dec eax
add esp, 28h
ret
nop
nop
nop
nop
nop
nop
nop
dec eax
lea ecx, dword ptr [00000009h]
jmp 00007FD888F30FC9h
nop dword ptr [eax+00h]
ret
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
jmp dword ptr [eax]
inc edi
outsd
and byte ptr [edx+75h], ah
imul ebp, dword ptr [esp+20h], 203A4449h
and dh, byte ptr [eax+75h]
push ebx
dec edi
imul ebp, dword ptr [ebp+74h], 49664D5Ah
inc ecx
je 00007FD888F31045h
js 00007FD888F31053h
popad
dec esp
jo 00007FD888F31036h
jns 00007FD888F31064h
push edx
je 00007FD888F31054h
push edi
push esi
dec edi
pop eax
jp 00007FD888F3105Dh
inc edx
je 00007FD888F31037h
inc edi
imul ecx, dword ptr [ecx+56h], 6D564A57h
inc esi
pop edx
jne 00007FD888F3103Fh
dec eax
inc edi
inc edi
insb
imul esi, dword ptr [ebx+ecx*2+76h], 78447251h
bound edx, dword ptr [esi+7Ah]
imul ecx, dword ptr [ebp+64h], 69727969h
push edx
jo 00007FD888F31058h
inc esi
dec esi
imul edx, dword ptr [ecx+41h], 6A646555h
push ebp
imul esp, dword ptr [edx], 0Ah
and bh, bh

Data Directories

NameVirtual AddressVirtual Size Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT0x7010000x5c.edata
IMAGE_DIRECTORY_ENTRY_IMPORT0x7020000x135c.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE0x7060000x4e8.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION0x6990000xe4c.pdata
IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
IMAGE_DIRECTORY_ENTRY_BASERELOC0x7070000xd344.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
IMAGE_DIRECTORY_ENTRY_TLS0x6978c00x28.rdata
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
IMAGE_DIRECTORY_ENTRY_IAT0x7024640x428.idata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

Sections

NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
.text0x10000x3554100x3556002350a4ce4cdac9957d71d1b4090f06e1unknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.data0x3570000x4ded00x4e000319da58f89ba8be97878aeb0bbc8da0aFalse0.3477939703525641dBase III DBT, version number 0, next free block index 10, 1st item "\3745&\315\310\002!\273\0020PI\346C\224F\304\271\007\336\303\361\205p\271-K\257\001s\205$6!\347\034\037\214#j\356\004\324J\343\237\275~\\014\272\247\350\006\023Ws\023\276\225\312\320\231\364e\257\247\257\034\305\336\307\266\007s]\270\310>\215qD\334\005\030\363\004@;\353\2202\324\332q`\214\322\007\024\355\342[\321t\271\261\030\277\026,\326,\331Z"4.689729328857979IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rdata0x3a50000x2f37300x2f3800b887513f3a3856bb8a4a75749218bcb9unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ
.pdata0x6990000xe4c0x10009a73fe3d9147d3a6d996188f0b5369beFalse0.447998046875data4.976194591988394IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ
.xdata0x69a0000xc4c0xe00202893de8f10538a61c627fe45afa6c2False0.23856026785714285data3.9595260757979625IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ
.bss0x69b0000x65ce00x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.edata0x7010000x5c0x200769769c91e15f07f2e3975837fe789d6False0.15625data1.0081942980436513IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ
.idata0x7020000x135c0x1400bfda6ba05af8c7ddf70d816cb71871a7False0.3123046875data4.437886268560913IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.CRT0x7040000x700x20097cacfffeed9013127e0da655edb4c3eFalse0.08203125data0.47139462148086453IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.tls0x7050000x100x200bf619eac0cdf3f68d496ea9344137e8bFalse0.02734375data0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc0x7060000x4e80x6009945d01967cac0ec1c583c5501f34efeFalse0.3333333333333333data4.7805871067859025IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.reloc0x7070000xd3440xd4008069b43e7a92e12e06ae883b2f82b9f0False0.2573334316037736data5.432873664222237IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

NameRVASizeTypeLanguageCountryZLIB Complexity
RT_MANIFEST0x7060580x48fXML 1.0 document, ASCII text0.40102827763496146

Imports

DLLImport
KERNEL32.dllAddAtomA, AddVectoredExceptionHandler, CloseHandle, CreateEventA, CreateFileA, CreateIoCompletionPort, CreateMutexA, CreateSemaphoreA, CreateThread, CreateWaitableTimerExW, DeleteAtom, DeleteCriticalSection, DuplicateHandle, EnterCriticalSection, ExitProcess, FindAtomA, FormatMessageA, FreeEnvironmentStringsW, FreeLibrary, GetAtomNameA, GetConsoleMode, GetCurrentProcess, GetCurrentProcessId, GetCurrentThread, GetCurrentThreadId, GetEnvironmentStringsW, GetHandleInformation, GetLastError, GetProcAddress, GetProcessAffinityMask, GetQueuedCompletionStatusEx, GetStartupInfoA, GetStdHandle, GetSystemDirectoryA, GetSystemInfo, GetSystemTimeAsFileTime, GetThreadContext, GetThreadPriority, GetTickCount, InitializeCriticalSection, IsDBCSLeadByteEx, IsDebuggerPresent, LeaveCriticalSection, LoadLibraryA, LoadLibraryW, LocalFree, MultiByteToWideChar, OpenProcess, OutputDebugStringA, PostQueuedCompletionStatus, QueryPerformanceCounter, QueryPerformanceFrequency, RaiseException, ReleaseMutex, ReleaseSemaphore, RemoveVectoredExceptionHandler, ResetEvent, ResumeThread, SetConsoleCtrlHandler, SetErrorMode, SetEvent, SetLastError, SetProcessAffinityMask, SetProcessPriorityBoost, SetThreadContext, SetThreadPriority, SetUnhandledExceptionFilter, SetWaitableTimer, Sleep, SuspendThread, SwitchToThread, TlsAlloc, TlsGetValue, TlsSetValue, TryEnterCriticalSection, VirtualAlloc, VirtualFree, VirtualProtect, VirtualQuery, WaitForMultipleObjects, WaitForSingleObject, WideCharToMultiByte, WriteConsoleW, WriteFile, __C_specific_handler
msvcrt.dll___lc_codepage_func, ___mb_cur_max_func, __getmainargs, __initenv, __iob_func, __lconv_init, __set_app_type, __setusermatherr, _acmdln, _amsg_exit, _beginthread, _beginthreadex, _cexit, _commode, _endthreadex, _errno, _fmode, _initterm, _lock, _memccpy, _onexit, _setjmp, _strdup, _ultoa, _unlock, abort, calloc, exit, fprintf, fputc, free, fwrite, localeconv, longjmp, malloc, memcpy, memmove, memset, printf, realloc, signal, strerror, strlen, strncmp, vfprintf, wcslen

Exports

NameOrdinalAddress
Log10x140345420
_cgo_dummy_export20x1406fff20

Network Behavior

No network behavior found

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

System Behavior

General

Target ID:0
Start time:03:27:54
Start date:25/04/2024
Path:C:\Users\user\Desktop\pgsql.exe
Wow64 process (32bit):false
Commandline:"C:\Users\user\Desktop\pgsql.exe"
Imagebase:0x7ff6b5180000
File size:6'980'608 bytes
MD5 hash:DC17BE1CD14D4671BE693887310C64A1
Has elevated privileges:true
Has administrator privileges:true
Programmed in:Go lang
Reputation:low
Has exited:true

Disassembly

Reset < >

    Execution Graph

    Execution Coverage:0.1%
    Dynamic/Decrypted Code Coverage:0%
    Signature Coverage:25%
    Total number of Nodes:8
    Total number of Limit Nodes:1
    execution_graph 59194 7ff6b51b53c0 59195 7ff6b51b53c6 59194->59195 59195->59194 59197 7ff6b51b53f9 59195->59197 59198 7ff6b51e8d20 SetWaitableTimer 59195->59198 59199 7ff6b51e8d9f 59198->59199 59199->59197 59200 7ff6b51e8880 59201 7ff6b51e88a8 59200->59201 59202 7ff6b51e88b9 GetProcAddressForCaller 59200->59202 59201->59202

    Executed Functions

    Function 00007FF6B51E8D20 Relevance: 1.5, APIs: 1, Instructions: 28timeCOMMON
    Download Yara Rule

    Control-flow Graph

    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1642009164.00007FF6B5181000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B5180000, based on PE: true
    • Associated: 00000000.00000002.1641992535.00007FF6B5180000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642203470.00007FF6B54D7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642222303.00007FF6B54E4000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642246538.00007FF6B550F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642264043.00007FF6B551D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642280720.00007FF6B5521000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642293731.00007FF6B5522000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642306996.00007FF6B5523000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642320363.00007FF6B5525000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B581B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5843000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B584A000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5871000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642775600.00007FF6B5882000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5883000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5886000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642816438.00007FF6B5887000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff6b5180000_pgsql.jbxd
    Similarity
    • API ID: TimerWaitable
    • String ID:
    • API String ID: 1823812067-0
    • Opcode ID: 2ff2b431a86385008186faba165380e17c52529be98e302b910b617b81337252
    • Instruction ID: 060bac846db10d36341e7a3c05d2ddf1ec80c2928f53fccef9f7eafa6a0a5bcc
    • Opcode Fuzzy Hash: 2ff2b431a86385008186faba165380e17c52529be98e302b910b617b81337252
    • Instruction Fuzzy Hash: C401B676615F4485DB508B4AE89035A6360F7C8FA4F540222EEAD977A8DF3DC5118B40
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF6B51E8880 Relevance: 1.5, APIs: 1, Instructions: 33COMMON
    Download Yara Rule

    Control-flow Graph

    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1642009164.00007FF6B5181000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B5180000, based on PE: true
    • Associated: 00000000.00000002.1641992535.00007FF6B5180000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642203470.00007FF6B54D7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642222303.00007FF6B54E4000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642246538.00007FF6B550F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642264043.00007FF6B551D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642280720.00007FF6B5521000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642293731.00007FF6B5522000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642306996.00007FF6B5523000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642320363.00007FF6B5525000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B581B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5843000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B584A000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5871000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642775600.00007FF6B5882000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5883000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5886000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642816438.00007FF6B5887000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff6b5180000_pgsql.jbxd
    Similarity
    • API ID: AddressCallerProc
    • String ID:
    • API String ID: 2663294120-0
    • Opcode ID: 33b54bf97a7912f954cb5ac1813d54e14e05c2a316259aa94b24e2224a416175
    • Instruction ID: 555836fcf1e2420db02a1a112d665352bfed2a1d6ad6061781602c69bf3dcb5d
    • Opcode Fuzzy Hash: 33b54bf97a7912f954cb5ac1813d54e14e05c2a316259aa94b24e2224a416175
    • Instruction Fuzzy Hash: ECF01976A15B8082EB218B5EE94136873B0F74CBD4F244226DF5DA7B24CF29E592C340
    Uniqueness

    Uniqueness Score: -1.00%

    Non-executed Functions

    Function 00007FF6B51D866E Relevance: 30.0, Strings: 23, Instructions: 1238COMMON
    Download Yara Rule
    Strings
    • fp= in is lr: of on pc= sp: sp=%x&gt;&lt;) = ) m=+Inf-Inf.bat.cmd.com.css.exe.gif.htm.jpg.mjs.pdf.png.svg.xml0x%x10803125: p=ACDTACSTAEDTAESTAKDTAKSTAR1XAWSTAg==AgNTAhomAtoiBlA=BwsCCBE=CESTCallCg==ChamD0gEDATADQo=DashDateDloTE05uEESTEVFAEtagFlVHFromFw==, xrefs: 00007FF6B51D9E7E
    • gentraceback callback cannot be used with non-zero skipmheap.freeSpanLocked - invalid free of user arena chunknet/http: invalid byte %q in %s; dropping invalid bytesnet/http: request canceled while waiting for connectionreflect: internal error: invalid use of , xrefs: 00007FF6B51DA25C
    • tracebackunderflowunhandledurn:uuid:wbufSpanswebsocketwinmm.dllwsasendto} stack=[ netGo = MB goal, flushGen gfreecnt= heapGoal= pages at ptrSize= runqsize= runqueue= s.base()= spinning= stopwait= stream=%d sweepgen sweepgen= targetpc= throwing= until pc, xrefs: 00007FF6B51DA23A
    • runtime: g runtime: p scheddetailsechost.dllsecur32.dllshell32.dllshort writestack tracetls: alert(tracealloc(traffic updunreachableuserenv.dllversion.dllwinpty_freewinpty_openwsarecvfrom (sensitive) B (goal KiB total, MB stacks, PRIVATE KEY [recovered, xrefs: 00007FF6B51D8FAB
    • sp=%x&gt;&lt;) = ) m=+Inf-Inf.bat.cmd.com.css.exe.gif.htm.jpg.mjs.pdf.png.svg.xml0x%x10803125: p=ACDTACSTAEDTAESTAKDTAKSTAR1XAWSTAg==AgNTAhomAtoiBlA=BwsCCBE=CESTCallCg==ChamD0gEDATADQo=DashDateDloTE05uEESTEVFAEtagFlVHFromFw==FxY=GOGCGQ==GoneHUE=Hg==HostI3o=, xrefs: 00007FF6B51D98C5, 00007FF6B51D9E9C
    • panicparsepop3srangerouterune scav schedsleepslicesockssse41sse42ssse3stdinsudogsweeptext/tls: traceuint8usageutf-8write B -> Value addr= alloc base code= ctxt: curg= free goid jobs= list= m->p= max= min= next= p->m= prev= span=% util(...), i = , not , , xrefs: 00007FF6B51D9CC7
    • traceback stuckunexpected typeunknown Go typeunknown networkunknown versionwinpty_set_sizewrite error: %wx-forwarded-for already; errno= mheap.sweepgen= not in ranges: untyped locals %s %s HTTP/1.1, not a function.WithValue(type /etc/resolv.conf0123456789AB, xrefs: 00007FF6B51D990E
    • (...), i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLISTENLengthLepchaLockedLycianLydianMondayPADDEDPr, xrefs: 00007FF6B51D9AC6
    • ] n=allgallpasn1avx2basebg==bindbitsbmi1bmi2boolc2Vxc3NocHBmcallcap cas1cas2cas3cas4cas5cas6chancx16d3U=dGNwdGxzdatedeaddialermsetagfailfg==filefromftpsfuncgziphosthourhttpi386i686ia64icmpidleigmpinetint8itabkA==kindlinkopenpathpipepop3quitreadrootsbrksmtpsse2, xrefs: 00007FF6B51D9832
    • : frame.sp=BLAKE2b-256BLAKE2b-384BLAKE2b-512BLAKE2s-256BackupWriteBad GatewayBad RequestClassHESIODCloseHandleCoGetObjectCreateFileWDeleteFileWDives_AkuruENABLE_PUSHEND_HEADERSESTABLISHEDEarly HintsEnumWindowsExitProcessFreeLibraryGOMEMLIMIT=GOTRACEBACKGetFile, xrefs: 00007FF6B51D9785
    • gentraceback cannot trace user goroutine on its own stackreceived record with version %x when expecting version %xruntime: checkmarks found unexpected unmarked object obj=sync: WaitGroup misuse: Add called concurrently with Waittls: Ed25519 public keys are not, xrefs: 00007FF6B51DA24B
    • top=%s %q%s*%d%s=%s&#34;&#39;&amp;+0330+0430+0530+0545+0630+0845+1030+1245+1345, fp:-0930.avif.html.jpeg.json.wasm.webp1562578125:***@:path<nil>AdlamAprilBamumBatakBuhidCall ClassDograECDSAErrorFoundGreekHTTP/KhmerLatinLimbuLocalLstatMarchNushuOghamOriyaOsage, xrefs: 00007FF6B51D97A5
    • unknown caller pcunknown type kindunrecognized namewait for GC cyclewinpty_config_newwinpty_conin_namewinpty_error_codewinpty_error_freewrong medium typex-forwarded-proto but memory size because dotdotdot in async preempt to non-Go memory , locked to thread, xrefs: 00007FF6B51DA1D4
    • traceback: unexpected SPWRITE function trailing backslash at end of expressiontransport endpoint is already connectedusername/password authentication failedx509: failed to parse URI constraint %qx509: invalid NameConstraints extensionx509: invalid subject alte, xrefs: 00007FF6B51DA20A
    • runtime: traceback stuck. pc=scanobject of a noscan objectsemacquire not on the G stackstring concatenation too longtimeBegin/EndPeriod not foundtls: invalid NextProtos valuetls: invalid server key sharetls: too many ignored recordstoo many open files in syste, xrefs: 00007FF6B51D98A5
    • traceback did not unwind completelytransform: short destination buffertransport endpoint is not connectedunsupported signature algorithm: %vx509: invalid authority info accessx509: malformed extension OID fieldx509: wrong Ed25519 public key size LastStreamID=%, xrefs: 00007FF6B51D987C
    • : unexpected return pc for CertEnumCertificatesInStoreCurveP256CurveP384CurveP521DATA frame with stream ID 0Easter Island Standard TimeFindCloseChangeNotificationG waiting list is corruptedGetSecurityDescriptorLengthGetUserPreferredUILanguagesLookupPrivilegeDi, xrefs: 00007FF6B51D8FC9
    • runtime: gs.state = schedtracesemacquireset-cookiesetsockoptskipping: socks bindstackLarget.Kind == terminatedtracefree(tracegc()unixpacketunknown pcuser-agentuser32.dllwinpty.dllws2_32.dll of size (targetpc= , plugin: ErrCode=%v KiB work, bytes ... exp, xrefs: 00007FF6B51D9765
    • runtime., xrefs: 00007FF6B51D9C92
    • called from flushedWork idlethreads= in host name is nil, not nStackRoots= out of range pluginpath= s.spanclass= span.base()= syscalltick= work.nproc= work.nwait= , gp->status=, not pointer-byte block (3814697265625: unknown pc Accept-RangesAuthorization, xrefs: 00007FF6B51D8FEF
    • stack=[_gatewayaG9zdA==address aml0dGVyanNvbg==avx512bwavx512cdavx512dqavx512eravx512pfavx512vlbXlzcWw=bad instc2VjcmV0c2hlbGw=c3Rscw==cgocheckclQVWAYUcompresscontinuecs dGltZQ==deadlockexecwaitexporterfinishedfs gs hijackedhttp/1.1if-matchif-r, xrefs: 00007FF6B51D97F3
    • max= ms, ptr tab= top=%s %q%s*%d%s=%s&#34;&#39;&amp;+0330+0430+0530+0545+0630+0845+1030+1245+1345, fp:-0930.avif.html.jpeg.json.wasm.webp1562578125:***@:path<nil>AdlamAprilBamumBatakBuhidCall ClassDograECDSAErrorFoundGreekHTTP/KhmerLatinLimbuLocalLstatMarch, xrefs: 00007FF6B51D9852
    • gopa, xrefs: 00007FF6B51D9CA9
    Memory Dump Source
    • Source File: 00000000.00000002.1642009164.00007FF6B5181000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B5180000, based on PE: true
    • Associated: 00000000.00000002.1641992535.00007FF6B5180000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642203470.00007FF6B54D7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642222303.00007FF6B54E4000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642246538.00007FF6B550F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642264043.00007FF6B551D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642280720.00007FF6B5521000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642293731.00007FF6B5522000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642306996.00007FF6B5523000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642320363.00007FF6B5525000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B581B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5843000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B584A000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5871000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642775600.00007FF6B5882000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5883000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5886000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642816438.00007FF6B5887000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff6b5180000_pgsql.jbxd
    Similarity
    • API ID:
    • String ID: stack=[_gatewayaG9zdA==address aml0dGVyanNvbg==avx512bwavx512cdavx512dqavx512eravx512pfavx512vlbXlzcWw=bad instc2VjcmV0c2hlbGw=c3Rscw==cgocheckclQVWAYUcompresscontinuecs dGltZQ==deadlockexecwaitexporterfinishedfs gs hijackedhttp/1.1if-matchif-r$ called from flushedWork idlethreads= in host name is nil, not nStackRoots= out of range pluginpath= s.spanclass= span.base()= syscalltick= work.nproc= work.nwait= , gp->status=, not pointer-byte block (3814697265625: unknown pc Accept-RangesAuthorization$ fp= in is lr: of on pc= sp: sp=%x&gt;&lt;) = ) m=+Inf-Inf.bat.cmd.com.css.exe.gif.htm.jpg.mjs.pdf.png.svg.xml0x%x10803125: p=ACDTACSTAEDTAESTAKDTAKSTAR1XAWSTAg==AgNTAhomAtoiBlA=BwsCCBE=CESTCallCg==ChamD0gEDATADQo=DashDateDloTE05uEESTEVFAEtagFlVHFromFw==$ max= ms, ptr tab= top=%s %q%s*%d%s=%s&#34;&#39;&amp;+0330+0430+0530+0545+0630+0845+1030+1245+1345, fp:-0930.avif.html.jpeg.json.wasm.webp1562578125:***@:path<nil>AdlamAprilBamumBatakBuhidCall ClassDograECDSAErrorFoundGreekHTTP/KhmerLatinLimbuLocalLstatMarch$ sp=%x&gt;&lt;) = ) m=+Inf-Inf.bat.cmd.com.css.exe.gif.htm.jpg.mjs.pdf.png.svg.xml0x%x10803125: p=ACDTACSTAEDTAESTAKDTAKSTAR1XAWSTAg==AgNTAhomAtoiBlA=BwsCCBE=CESTCallCg==ChamD0gEDATADQo=DashDateDloTE05uEESTEVFAEtagFlVHFromFw==FxY=GOGCGQ==GoneHUE=Hg==HostI3o=$ top=%s %q%s*%d%s=%s&#34;&#39;&amp;+0330+0430+0530+0545+0630+0845+1030+1245+1345, fp:-0930.avif.html.jpeg.json.wasm.webp1562578125:***@:path<nil>AdlamAprilBamumBatakBuhidCall ClassDograECDSAErrorFoundGreekHTTP/KhmerLatinLimbuLocalLstatMarchNushuOghamOriyaOsage$(...), i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLISTENLengthLepchaLockedLycianLydianMondayPADDEDPr$: frame.sp=BLAKE2b-256BLAKE2b-384BLAKE2b-512BLAKE2s-256BackupWriteBad GatewayBad RequestClassHESIODCloseHandleCoGetObjectCreateFileWDeleteFileWDives_AkuruENABLE_PUSHEND_HEADERSESTABLISHEDEarly HintsEnumWindowsExitProcessFreeLibraryGOMEMLIMIT=GOTRACEBACKGetFile$: unexpected return pc for CertEnumCertificatesInStoreCurveP256CurveP384CurveP521DATA frame with stream ID 0Easter Island Standard TimeFindCloseChangeNotificationG waiting list is corruptedGetSecurityDescriptorLengthGetUserPreferredUILanguagesLookupPrivilegeDi$] n=allgallpasn1avx2basebg==bindbitsbmi1bmi2boolc2Vxc3NocHBmcallcap cas1cas2cas3cas4cas5cas6chancx16d3U=dGNwdGxzdatedeaddialermsetagfailfg==filefromftpsfuncgziphosthourhttpi386i686ia64icmpidleigmpinetint8itabkA==kindlinkopenpathpipepop3quitreadrootsbrksmtpsse2$gentraceback callback cannot be used with non-zero skipmheap.freeSpanLocked - invalid free of user arena chunknet/http: invalid byte %q in %s; dropping invalid bytesnet/http: request canceled while waiting for connectionreflect: internal error: invalid use of $gentraceback cannot trace user goroutine on its own stackreceived record with version %x when expecting version %xruntime: checkmarks found unexpected unmarked object obj=sync: WaitGroup misuse: Add called concurrently with Waittls: Ed25519 public keys are not$gopa$panicparsepop3srangerouterune scav schedsleepslicesockssse41sse42ssse3stdinsudogsweeptext/tls: traceuint8usageutf-8write B -> Value addr= alloc base code= ctxt: curg= free goid jobs= list= m->p= max= min= next= p->m= prev= span=% util(...), i = , not , $runtime.$runtime: g runtime: p scheddetailsechost.dllsecur32.dllshell32.dllshort writestack tracetls: alert(tracealloc(traffic updunreachableuserenv.dllversion.dllwinpty_freewinpty_openwsarecvfrom (sensitive) B (goal KiB total, MB stacks, PRIVATE KEY [recovered$runtime: gs.state = schedtracesemacquireset-cookiesetsockoptskipping: socks bindstackLarget.Kind == terminatedtracefree(tracegc()unixpacketunknown pcuser-agentuser32.dllwinpty.dllws2_32.dll of size (targetpc= , plugin: ErrCode=%v KiB work, bytes ... exp$runtime: traceback stuck. pc=scanobject of a noscan objectsemacquire not on the G stackstring concatenation too longtimeBegin/EndPeriod not foundtls: invalid NextProtos valuetls: invalid server key sharetls: too many ignored recordstoo many open files in syste$traceback did not unwind completelytransform: short destination buffertransport endpoint is not connectedunsupported signature algorithm: %vx509: invalid authority info accessx509: malformed extension OID fieldx509: wrong Ed25519 public key size LastStreamID=%$traceback stuckunexpected typeunknown Go typeunknown networkunknown versionwinpty_set_sizewrite error: %wx-forwarded-for already; errno= mheap.sweepgen= not in ranges: untyped locals %s %s HTTP/1.1, not a function.WithValue(type /etc/resolv.conf0123456789AB$traceback: unexpected SPWRITE function trailing backslash at end of expressiontransport endpoint is already connectedusername/password authentication failedx509: failed to parse URI constraint %qx509: invalid NameConstraints extensionx509: invalid subject alte$tracebackunderflowunhandledurn:uuid:wbufSpanswebsocketwinmm.dllwsasendto} stack=[ netGo = MB goal, flushGen gfreecnt= heapGoal= pages at ptrSize= runqsize= runqueue= s.base()= spinning= stopwait= stream=%d sweepgen sweepgen= targetpc= throwing= until pc$unknown caller pcunknown type kindunrecognized namewait for GC cyclewinpty_config_newwinpty_conin_namewinpty_error_codewinpty_error_freewrong medium typex-forwarded-proto but memory size because dotdotdot in async preempt to non-Go memory , locked to thread
    • API String ID: 0-3720328572
    • Opcode ID: a9c5870466c8782df83d7fd37632bda78dc96a351e019a2a793190ef600403ec
    • Instruction ID: 92ed34d9568fda754ad3f3e8ff3f588c13c1901251748fd6704b64f835e017eb
    • Opcode Fuzzy Hash: a9c5870466c8782df83d7fd37632bda78dc96a351e019a2a793190ef600403ec
    • Instruction Fuzzy Hash: 36E2D33664DBC585D6B19B19E4843EAA764FB89B94F444126EBCC83B9ECF3CD950CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF6B519AE80 Relevance: 16.9, Strings: 13, Instructions: 692COMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 1642 7ff6b519ae80-7ff6b519ae8c 1643 7ff6b519ae92-7ff6b519aec3 1642->1643 1644 7ff6b519bc08-7ff6b519bc0d call 7ff6b51e4da0 1642->1644 1646 7ff6b519aec5-7ff6b519aeca 1643->1646 1647 7ff6b519aecc-7ff6b519aecf 1643->1647 1644->1642 1649 7ff6b519aed2-7ff6b519aeda 1646->1649 1647->1649 1650 7ff6b519aee3 1649->1650 1651 7ff6b519aedc-7ff6b519aee1 1649->1651 1652 7ff6b519aeea-7ff6b519af55 call 7ff6b51e8de0 1650->1652 1651->1652 1655 7ff6b519af67-7ff6b519af79 call 7ff6b51e70e0 1652->1655 1656 7ff6b519af57-7ff6b519af65 1652->1656 1657 7ff6b519af7c-7ff6b519b04c call 7ff6b51bc400 call 7ff6b51e4c60 * 2 call 7ff6b51bc400 1655->1657 1656->1657 1668 7ff6b519b04e-7ff6b519b062 call 7ff6b51d6ae0 1657->1668 1669 7ff6b519b067-7ff6b519b081 1657->1669 1668->1669 1671 7ff6b519b090-7ff6b519b09a call 7ff6b51e70a0 1669->1671 1672 7ff6b519b083-7ff6b519b08e 1669->1672 1673 7ff6b519b09f-7ff6b519b0a6 1671->1673 1672->1673 1675 7ff6b519bbf6-7ff6b519bc07 call 7ff6b51b7f40 1673->1675 1676 7ff6b519b0ac-7ff6b519b35c call 7ff6b51e4c60 call 7ff6b51e8de0 call 7ff6b51e8e80 call 7ff6b518b040 1673->1676 1675->1644 1687 7ff6b519b35e 1676->1687 1688 7ff6b519b364-7ff6b519b3a6 call 7ff6b518c7c0 call 7ff6b51c09e0 call 7ff6b518c9e0 call 7ff6b519cf80 1676->1688 1687->1688 1697 7ff6b519b3a7-7ff6b519b3e2 1688->1697 1697->1697 1698 7ff6b519b3e4-7ff6b519b3f4 1697->1698 1699 7ff6b519b3f6-7ff6b519b40d 1698->1699 1700 7ff6b519b419-7ff6b519b41f 1698->1700 1699->1698 1702 7ff6b519b40f-7ff6b519b417 1699->1702 1701 7ff6b519b420 1700->1701 1703 7ff6b519bbe5-7ff6b519bbf1 call 7ff6b51b7f40 1701->1703 1704 7ff6b519b426-7ff6b519b4c5 call 7ff6b51e4c60 call 7ff6b51ae940 call 7ff6b51a71c0 call 7ff6b51e4c60 * 2 call 7ff6b51a4a80 1701->1704 1702->1701 1703->1675 1718 7ff6b519bab7-7ff6b519baf2 call 7ff6b518c7c0 1704->1718 1719 7ff6b519b4cb-7ff6b519b522 call 7ff6b51b9880 1704->1719 1725 7ff6b519bb02-7ff6b519bb0b call 7ff6b51e70c0 1718->1725 1726 7ff6b519baf4-7ff6b519bb00 1718->1726 1724 7ff6b519b527-7ff6b519b52b 1719->1724 1727 7ff6b519b533-7ff6b519b558 1724->1727 1728 7ff6b519b52d-7ff6b519b531 1724->1728 1729 7ff6b519bb10-7ff6b519bb28 call 7ff6b518c9e0 1725->1729 1726->1729 1733 7ff6b519b55e-7ff6b519b572 1727->1733 1734 7ff6b519bbd4-7ff6b519bbe0 call 7ff6b51e7420 1727->1734 1728->1727 1732 7ff6b519b583-7ff6b519b587 1728->1732 1741 7ff6b519bb5c-7ff6b519bb67 1729->1741 1739 7ff6b519bbca-7ff6b519bbcf call 7ff6b51e7420 1732->1739 1740 7ff6b519b58d-7ff6b519b6b2 call 7ff6b51cfe20 call 7ff6b51b9880 call 7ff6b51ba180 call 7ff6b51b9e80 call 7ff6b51ba180 * 3 call 7ff6b51b9f80 call 7ff6b51ba180 call 7ff6b51b9900 1732->1740 1737 7ff6b519b524 1733->1737 1738 7ff6b519b574-7ff6b519b581 1733->1738 1734->1703 1737->1724 1738->1737 1739->1734 1774 7ff6b519b720-7ff6b519b724 1740->1774 1744 7ff6b519bb69-7ff6b519bba6 call 7ff6b51ca2e0 * 2 1741->1744 1745 7ff6b519bb2a-7ff6b519bb59 call 7ff6b51847e0 1741->1745 1758 7ff6b519bba8-7ff6b519bbb0 1744->1758 1759 7ff6b519bbba-7ff6b519bbc9 1744->1759 1745->1741 1758->1759 1761 7ff6b519bbb2 1758->1761 1761->1759 1775 7ff6b519b780-7ff6b519b80c call 7ff6b51b9880 call 7ff6b51ba180 call 7ff6b51b9900 1774->1775 1776 7ff6b519b726-7ff6b519b743 1774->1776 1797 7ff6b519b872-7ff6b519b876 1775->1797 1778 7ff6b519b6b4-7ff6b519b71e call 7ff6b519cca0 call 7ff6b51cfe20 call 7ff6b51b9880 call 7ff6b51ba180 call 7ff6b51b9900 1776->1778 1779 7ff6b519b749-7ff6b519b779 call 7ff6b51b9880 call 7ff6b51ba180 call 7ff6b51b9900 1776->1779 1778->1774 1779->1778 1799 7ff6b519b8f4-7ff6b519ba62 call 7ff6b51b9880 call 7ff6b51ba180 call 7ff6b51b9e80 call 7ff6b51ba180 call 7ff6b51b9e80 call 7ff6b51ba180 call 7ff6b51b9e80 call 7ff6b51ba180 call 7ff6b51b9e80 call 7ff6b51ba180 call 7ff6b51b9e80 call 7ff6b51ba180 call 7ff6b51b9e80 call 7ff6b51ba180 call 7ff6b51b9f80 call 7ff6b51ba180 call 7ff6b51b9900 1797->1799 1800 7ff6b519b878-7ff6b519b88e 1797->1800 1865 7ff6b519ba80-7ff6b519baa7 call 7ff6b51b9880 call 7ff6b51b9ae0 call 7ff6b51b9900 1799->1865 1866 7ff6b519ba64-7ff6b519ba7f call 7ff6b51b9880 call 7ff6b51ba180 call 7ff6b51b9900 1799->1866 1802 7ff6b519b890-7ff6b519b894 1800->1802 1803 7ff6b519b896-7ff6b519b8b6 call 7ff6b51b9880 call 7ff6b51ba180 call 7ff6b51b9900 1800->1803 1802->1803 1806 7ff6b519b8c0-7ff6b519b8c3 1802->1806 1812 7ff6b519b80e-7ff6b519b86f call 7ff6b519cca0 call 7ff6b51cfe20 call 7ff6b51b9880 call 7ff6b51ba180 call 7ff6b51b9900 1803->1812 1806->1812 1813 7ff6b519b8c9-7ff6b519b8ef call 7ff6b51b9880 call 7ff6b51ba180 call 7ff6b51b9900 1806->1813 1812->1797 1813->1812 1865->1718 1879 7ff6b519baa9-7ff6b519bab2 call 7ff6b518c9e0 1865->1879 1866->1865 1879->1718
    Strings
    • ms cpu, not in [ runtime= s.limit= s.state= threads= unmarked wbuf1.n= wbuf2.n=%s %q: %s%s %x %x(unknown), newval=, oldval=, size = , tail = 244140625: status=AuthorityBassa_VahBhaiksukiBigEndianClassINETCuneiformDiacriticFindCloseForbiddenHex_DigitInherite, xrefs: 00007FF6B519B95C
    • %: ): *?[+00+01+03+04+05+06+07+08+09+10+11+12+13+14,h1-01-02-03-04-05-06-08-09-11-12....js///0125200204206304400404443500625: `://::1:\/???ACKADTASTAprAugBSTCATCDTCETCSTDSADecDltEATEDTEETEOFESTFebFriGETGMTGetHDTHSTHanIDTISTJSTJanJulJunKSTLaoMD4MD5MDTMSKMSTMa, xrefs: 00007FF6B519B64F
    • MB globals, MB) workers= called from flushedWork idlethreads= in host name is nil, not nStackRoots= out of range pluginpath= s.spanclass= span.base()= syscalltick= work.nproc= work.nwait= , gp->status=, not pointer-byte block (3814697265625: unknown pc , xrefs: 00007FF6B519BA27
    • ., xrefs: 00007FF6B519B574
    • MB goal, flushGen gfreecnt= heapGoal= pages at ptrSize= runqsize= runqueue= s.base()= spinning= stopwait= stream=%d sweepgen sweepgen= targetpc= throwing= until pc=%!Weekday(%-20s: %v%s|%s%s|%s, bound = , limit = .localhost/dev/stdin/etc/hosts1220703125, xrefs: 00007FF6B519B9E9
    • MB stacks, PRIVATE KEY [recovered] allocCount found at *( gcscandone m->gsignal= maxTrigger= nDataRoots= nSpanRoots= pages/byte preemptoff= s.elemsize= s.sweepgen= span.limit= span.state= sysmonwait= wbuf1=<nil> wbuf2=<nil>) p->status=, cons/mark -byte li, xrefs: 00007FF6B519BA08
    • (forced) -> node= B exp.) B work ( as type blocked= in use) lockedg= lockedm= m->curg= marked ms cpu, not in [ runtime= s.limit= s.state= threads= unmarked wbuf1.n= wbuf2.n=%s %q: %s%s %x %x(unknown), newval=, oldval=, size = , tail = 244140625: status, xrefs: 00007FF6B519BA69
    • MB, and cnt= got= max= ms, ptr tab= top=%s %q%s*%d%s=%s&#34;&#39;&amp;+0330+0430+0530+0545+0630+0845+1030+1245+1345, fp:-0930.avif.html.jpeg.json.wasm.webp1562578125:***@:path<nil>AdlamAprilBamumBatakBuhidCall ClassDograECDSAErrorFoundGreekHTTP/KhmerLatin, xrefs: 00007FF6B519B9C7
    • OX'&, xrefs: 00007FF6B519B295
    • gc done but gcphase != _GCoffgfput: bad status (not Gdead)http2: client conn not usablehttp2: client connection losthttp: idle connection timeoutinteger not minimally-encodedinternal error: took too muchinvalid P256 element encodinginvalid character class rang, xrefs: 00007FF6B519BBF6
    • failed to set sweep barrierframe_pushpromise_pad_shortframe_rststream_zero_streamgcstopm: not waiting for gcgrowslice: len out of rangehkdf: entropy limit reachedhttp chunk length too largehttp2: response body closedinput overflows the modulusinsufficient secu, xrefs: 00007FF6B519BBE5
    • gcinggscanhchanhostshttpsi%d86imap2imap3imapsinet4inet6init int16int32int64kind=matchmheapmkdirmonthntohspanicparsepop3srangerouterune scav schedsleepslicesockssse41sse42ssse3stdinsudogsweeptext/tls: traceuint8usageutf-8write B -> Value addr= alloc base code, xrefs: 00007FF6B519AF57, 00007FF6B519AF6D
    • ms clock, nBSSRoots= p->status= s.nelems= schedtick= span.list= timerslen=%d.%d.%d.%d) at entry+, elemsize=, npages = , settings:.WithCancel/dev/stderr/dev/stdout/index.html30517578125: frame.sp=BLAKE2b-256BLAKE2b-384BLAKE2b-512BLAKE2s-256BackupWriteBad Gat, xrefs: 00007FF6B519B785
    Memory Dump Source
    • Source File: 00000000.00000002.1642009164.00007FF6B5181000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B5180000, based on PE: true
    • Associated: 00000000.00000002.1641992535.00007FF6B5180000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642203470.00007FF6B54D7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642222303.00007FF6B54E4000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642246538.00007FF6B550F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642264043.00007FF6B551D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642280720.00007FF6B5521000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642293731.00007FF6B5522000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642306996.00007FF6B5523000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642320363.00007FF6B5525000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B581B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5843000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B584A000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5871000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642775600.00007FF6B5882000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5883000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5886000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642816438.00007FF6B5887000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff6b5180000_pgsql.jbxd
    Similarity
    • API ID:
    • String ID: (forced) -> node= B exp.) B work ( as type blocked= in use) lockedg= lockedm= m->curg= marked ms cpu, not in [ runtime= s.limit= s.state= threads= unmarked wbuf1.n= wbuf2.n=%s %q: %s%s %x %x(unknown), newval=, oldval=, size = , tail = 244140625: status$ MB globals, MB) workers= called from flushedWork idlethreads= in host name is nil, not nStackRoots= out of range pluginpath= s.spanclass= span.base()= syscalltick= work.nproc= work.nwait= , gp->status=, not pointer-byte block (3814697265625: unknown pc $ MB goal, flushGen gfreecnt= heapGoal= pages at ptrSize= runqsize= runqueue= s.base()= spinning= stopwait= stream=%d sweepgen sweepgen= targetpc= throwing= until pc=%!Weekday(%-20s: %v%s|%s%s|%s, bound = , limit = .localhost/dev/stdin/etc/hosts1220703125$ MB stacks, PRIVATE KEY [recovered] allocCount found at *( gcscandone m->gsignal= maxTrigger= nDataRoots= nSpanRoots= pages/byte preemptoff= s.elemsize= s.sweepgen= span.limit= span.state= sysmonwait= wbuf1=<nil> wbuf2=<nil>) p->status=, cons/mark -byte li$ MB, and cnt= got= max= ms, ptr tab= top=%s %q%s*%d%s=%s&#34;&#39;&amp;+0330+0430+0530+0545+0630+0845+1030+1245+1345, fp:-0930.avif.html.jpeg.json.wasm.webp1562578125:***@:path<nil>AdlamAprilBamumBatakBuhidCall ClassDograECDSAErrorFoundGreekHTTP/KhmerLatin$ ms clock, nBSSRoots= p->status= s.nelems= schedtick= span.list= timerslen=%d.%d.%d.%d) at entry+, elemsize=, npages = , settings:.WithCancel/dev/stderr/dev/stdout/index.html30517578125: frame.sp=BLAKE2b-256BLAKE2b-384BLAKE2b-512BLAKE2s-256BackupWriteBad Gat$ ms cpu, not in [ runtime= s.limit= s.state= threads= unmarked wbuf1.n= wbuf2.n=%s %q: %s%s %x %x(unknown), newval=, oldval=, size = , tail = 244140625: status=AuthorityBassa_VahBhaiksukiBigEndianClassINETCuneiformDiacriticFindCloseForbiddenHex_DigitInherite$%: ): *?[+00+01+03+04+05+06+07+08+09+10+11+12+13+14,h1-01-02-03-04-05-06-08-09-11-12....js///0125200204206304400404443500625: `://::1:\/???ACKADTASTAprAugBSTCATCDTCETCSTDSADecDltEATEDTEETEOFESTFebFriGETGMTGetHDTHSTHanIDTISTJSTJanJulJunKSTLaoMD4MD5MDTMSKMSTMa$.$failed to set sweep barrierframe_pushpromise_pad_shortframe_rststream_zero_streamgcstopm: not waiting for gcgrowslice: len out of rangehkdf: entropy limit reachedhttp chunk length too largehttp2: response body closedinput overflows the modulusinsufficient secu$gc done but gcphase != _GCoffgfput: bad status (not Gdead)http2: client conn not usablehttp2: client connection losthttp: idle connection timeoutinteger not minimally-encodedinternal error: took too muchinvalid P256 element encodinginvalid character class rang$gcinggscanhchanhostshttpsi%d86imap2imap3imapsinet4inet6init int16int32int64kind=matchmheapmkdirmonthntohspanicparsepop3srangerouterune scav schedsleepslicesockssse41sse42ssse3stdinsudogsweeptext/tls: traceuint8usageutf-8write B -> Value addr= alloc base code$OX'&
    • API String ID: 0-2261041712
    • Opcode ID: 505c9b32e932b24d6b7c7da8e599413bc4b1dc3158599812b8ed13a2296fa97b
    • Instruction ID: e66621179dec6cfb421f78cf5d55dfdf29622d48d2f2a1863401e0f9a6976793
    • Opcode Fuzzy Hash: 505c9b32e932b24d6b7c7da8e599413bc4b1dc3158599812b8ed13a2296fa97b
    • Instruction Fuzzy Hash: 19723B36A0DA9685E650AB28E4813E96365FB49F80F448136DB9D837AFDF3CE845C710
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF6B51A5360 Relevance: 15.7, Strings: 12, Instructions: 726COMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 1966 7ff6b51a5360-7ff6b51a5369 1967 7ff6b51a536f-7ff6b51a5391 1966->1967 1968 7ff6b51a606d-7ff6b51a6085 call 7ff6b51e4da0 1966->1968 1970 7ff6b51a5393-7ff6b51a539a 1967->1970 1971 7ff6b51a53a9-7ff6b51a53ae 1967->1971 1968->1966 1970->1971 1973 7ff6b51a539c-7ff6b51a53a3 1970->1973 1974 7ff6b51a53b0 1971->1974 1975 7ff6b51a53b7-7ff6b51a53cf 1971->1975 1973->1971 1976 7ff6b51a605b-7ff6b51a606c call 7ff6b51b7f40 1973->1976 1974->1975 1977 7ff6b51a53d5-7ff6b51a53e4 1975->1977 1978 7ff6b51a5fd8-7ff6b51a6056 call 7ff6b51b9880 call 7ff6b51ba180 call 7ff6b51b9e80 call 7ff6b51ba180 call 7ff6b51b9e80 call 7ff6b51ba180 call 7ff6b51b9e80 call 7ff6b51b9ae0 call 7ff6b51b9900 call 7ff6b51b7f40 1975->1978 1976->1968 1977->1978 1981 7ff6b51a53ea-7ff6b51a5402 1977->1981 1978->1976 1984 7ff6b51a5404-7ff6b51a5422 call 7ff6b51d7d40 1981->1984 1985 7ff6b51a5427-7ff6b51a546f 1981->1985 1984->1985 1987 7ff6b51a547a-7ff6b51a5485 1985->1987 1991 7ff6b51a5580-7ff6b51a5583 1987->1991 1992 7ff6b51a548b-7ff6b51a5493 1987->1992 1994 7ff6b51a5613-7ff6b51a561a 1991->1994 1995 7ff6b51a5589-7ff6b51a5591 1991->1995 1996 7ff6b51a5fd3 call 7ff6b51b6460 1992->1996 1997 7ff6b51a5499-7ff6b51a54d5 1992->1997 2000 7ff6b51a5625-7ff6b51a5dc4 1994->2000 2001 7ff6b51a561c-7ff6b51a5623 1994->2001 1995->1994 1999 7ff6b51a5597-7ff6b51a55b6 1995->1999 1996->1978 2002 7ff6b51a5545-7ff6b51a5549 1997->2002 2003 7ff6b51a54d7-7ff6b51a54dc 1997->2003 2006 7ff6b51a5f05-7ff6b51a5f0d call 7ff6b51e7440 1999->2006 2007 7ff6b51a55bc-7ff6b51a55f0 1999->2007 2008 7ff6b51a5673-7ff6b51a567b 2000->2008 2016 7ff6b51a5dca-7ff6b51a5de3 2000->2016 2001->2000 2001->2008 2012 7ff6b51a5f15-7ff6b51a5f18 2002->2012 2009 7ff6b51a54de-7ff6b51a54f2 2003->2009 2010 7ff6b51a54f4-7ff6b51a5530 call 7ff6b51aa000 2003->2010 2033 7ff6b51a5f12 2006->2033 2014 7ff6b51a55f6-7ff6b51a560f 2007->2014 2015 7ff6b51a5efb-7ff6b51a5f00 call 7ff6b51e7440 2007->2015 2018 7ff6b51a56f6-7ff6b51a5710 2008->2018 2019 7ff6b51a567d-7ff6b51a56b2 2008->2019 2017 7ff6b51a5538-7ff6b51a5540 2009->2017 2010->2017 2022 7ff6b51a5f1e-7ff6b51a5f26 2012->2022 2023 7ff6b51a5562 2012->2023 2014->1994 2015->2006 2027 7ff6b51a5e72-7ff6b51a5e84 2016->2027 2028 7ff6b51a5de9-7ff6b51a5df5 2016->2028 2034 7ff6b51a5471-7ff6b51a5475 2017->2034 2024 7ff6b51a5719-7ff6b51a5723 2018->2024 2030 7ff6b51a56b4-7ff6b51a56e8 call 7ff6b51a6140 2019->2030 2031 7ff6b51a56ed-7ff6b51a56f1 2019->2031 2035 7ff6b51a555d-7ff6b51a5560 2022->2035 2036 7ff6b51a5f2c-7ff6b51a5f31 2022->2036 2025 7ff6b51a5564-7ff6b51a5572 2023->2025 2042 7ff6b51a5790-7ff6b51a57a4 2024->2042 2043 7ff6b51a5725-7ff6b51a573b 2024->2043 2038 7ff6b51a5f38-7ff6b51a5f43 2025->2038 2046 7ff6b51a5e86-7ff6b51a5e96 2027->2046 2047 7ff6b51a5e98-7ff6b51a5e9b 2027->2047 2044 7ff6b51a5e11-7ff6b51a5e24 2028->2044 2045 7ff6b51a5df7-7ff6b51a5e0f 2028->2045 2030->2031 2040 7ff6b51a5d48-7ff6b51a5d57 2031->2040 2033->2012 2034->1987 2035->2025 2036->2033 2041 7ff6b51a5f33 2036->2041 2038->2034 2057 7ff6b51a5f49-7ff6b51a5f51 2038->2057 2040->2018 2048 7ff6b51a5d5d-7ff6b51a5d7b 2040->2048 2041->2038 2053 7ff6b51a5c89-7ff6b51a5d40 call 7ff6b51b9880 call 7ff6b51ba180 call 7ff6b51b9e80 call 7ff6b51ba180 call 7ff6b51b9e80 call 7ff6b51ba180 call 7ff6b51b9e80 call 7ff6b51ba180 call 7ff6b51b9e80 call 7ff6b51b9ae0 call 7ff6b51b9900 call 7ff6b51b7f40 2042->2053 2054 7ff6b51a57aa-7ff6b51a57c9 2042->2054 2050 7ff6b51a5744-7ff6b51a578e call 7ff6b5182680 2043->2050 2051 7ff6b51a573d-7ff6b51a5742 2043->2051 2055 7ff6b51a5e65-7ff6b51a5e6c 2044->2055 2056 7ff6b51a5e26-7ff6b51a5e60 call 7ff6b51afb60 2044->2056 2045->2027 2045->2044 2049 7ff6b51a5ea3-7ff6b51a5eb9 2046->2049 2047->2049 2063 7ff6b51a5d45 2048->2063 2064 7ff6b51a5d7d-7ff6b51a5daf call 7ff6b51a6140 2048->2064 2059 7ff6b51a5ed0-7ff6b51a5edb 2049->2059 2060 7ff6b51a5ebb-7ff6b51a5ecb 2049->2060 2065 7ff6b51a5712-7ff6b51a5716 2050->2065 2051->2065 2053->2063 2068 7ff6b51a57cb-7ff6b51a57e5 2054->2068 2069 7ff6b51a57ec-7ff6b51a5823 call 7ff6b51aa140 call 7ff6b5195180 2054->2069 2055->2027 2071 7ff6b51a5e6e-7ff6b51a5e70 2055->2071 2056->2055 2057->2034 2062 7ff6b51a5f57-7ff6b51a5f62 2057->2062 2081 7ff6b51a5ee5-7ff6b51a5eed 2059->2081 2073 7ff6b51a5f7e-7ff6b51a5fce call 7ff6b51aa000 2062->2073 2074 7ff6b51a5f64-7ff6b51a5f66 2062->2074 2063->2040 2064->2063 2065->2024 2068->2069 2098 7ff6b51a5c07-7ff6b51a5c84 call 7ff6b51b9880 call 7ff6b51ba180 call 7ff6b51b9e80 call 7ff6b51ba180 call 7ff6b51b9e80 call 7ff6b51ba180 call 7ff6b51b9e80 call 7ff6b51b9ae0 call 7ff6b51b9900 call 7ff6b51b7f40 2069->2098 2099 7ff6b51a5829-7ff6b51a5832 2069->2099 2080 7ff6b51a5ef1-7ff6b51a5ef4 2071->2080 2073->2038 2074->2073 2084 7ff6b51a5f68-7ff6b51a5f7c 2074->2084 2080->2081 2082 7ff6b51a5ef6 2080->2082 2081->2080 2082->2027 2084->2038 2098->2053 2099->2098 2100 7ff6b51a5838-7ff6b51a5842 2099->2100 2104 7ff6b51a5bf6-7ff6b51a5c02 call 7ff6b51b7f40 2100->2104 2105 7ff6b51a5848-7ff6b51a584d 2100->2105 2104->2098 2105->2104 2110 7ff6b51a5853-7ff6b51a5860 2105->2110 2114 7ff6b51a5942-7ff6b51a594d 2110->2114 2115 7ff6b51a5866-7ff6b51a5871 2110->2115 2121 7ff6b51a5953-7ff6b51a595b 2114->2121 2122 7ff6b51a5abb-7ff6b51a5ac6 2114->2122 2118 7ff6b51a5be5-7ff6b51a5bf1 call 7ff6b51b7f40 2115->2118 2119 7ff6b51a5877-7ff6b51a5883 2115->2119 2118->2104 2126 7ff6b51a58d0-7ff6b51a5941 call 7ff6b51e4c60 2119->2126 2127 7ff6b51a5885-7ff6b51a5890 2119->2127 2129 7ff6b51a596d-7ff6b51a5994 call 7ff6b51b0e20 2121->2129 2130 7ff6b51a595d-7ff6b51a5968 2121->2130 2124 7ff6b51a5b93-7ff6b51a5ba4 2122->2124 2125 7ff6b51a5acc-7ff6b51a5ad4 2122->2125 2133 7ff6b51a5b62-7ff6b51a5b69 2125->2133 2134 7ff6b51a5ada-7ff6b51a5ae1 2125->2134 2135 7ff6b51a5bd6-7ff6b51a5be0 call 7ff6b51e7420 2127->2135 2136 7ff6b51a5896-7ff6b51a58cf call 7ff6b51b0780 2127->2136 2158 7ff6b51a5bc9-7ff6b51a5bd1 call 7ff6b51e7420 2129->2158 2159 7ff6b51a599a-7ff6b51a59f1 call 7ff6b51b0f00 2129->2159 2139 7ff6b51a59f6 2130->2139 2147 7ff6b51a5ba5-7ff6b51a5bac call 7ff6b51e7420 2133->2147 2148 7ff6b51a5b6b-7ff6b51a5b8e call 7ff6b51b0780 2133->2148 2142 7ff6b51a5ae3-7ff6b51a5af9 call 7ff6b5198500 2134->2142 2143 7ff6b51a5afb-7ff6b51a5b02 call 7ff6b51a8f40 2134->2143 2135->2118 2139->2124 2150 7ff6b51a59fc-7ff6b51a5a04 2139->2150 2166 7ff6b51a5b07-7ff6b51a5b61 call 7ff6b51b0e20 call 7ff6b51b0f00 2142->2166 2143->2166 2169 7ff6b51a5bb1-7ff6b51a5bb8 call 7ff6b51e7420 2147->2169 2148->2124 2161 7ff6b51a5a9a-7ff6b51a5aba call 7ff6b51a8f40 2150->2161 2162 7ff6b51a5a0a-7ff6b51a5a11 2150->2162 2158->2135 2159->2139 2170 7ff6b51a5a60-7ff6b51a5a67 2162->2170 2171 7ff6b51a5a13-7ff6b51a5a27 2162->2171 2179 7ff6b51a5bbd-7ff6b51a5bc4 call 7ff6b51e7420 2169->2179 2170->2169 2181 7ff6b51a5a6d-7ff6b51a5a95 call 7ff6b51b0780 2170->2181 2171->2179 2180 7ff6b51a5a2d-7ff6b51a5a55 call 7ff6b51b0780 2171->2180 2179->2158 2180->2124 2181->2124
    Strings
    • swept cached spansync.RWMutex.Lockthread exhaustiontransfer-encodingtruncated headersunknown caller pcunknown type kindunrecognized namewait for GC cyclewinpty_config_newwinpty_conin_namewinpty_error_codewinpty_error_freewrong medium typex-forwarded-proto but, xrefs: 00007FF6B51A5BF6
    • sweepgen= targetpc= throwing= until pc=%!Weekday(%-20s: %v%s|%s%s|%s, bound = , limit = .localhost/dev/stdin/etc/hosts12207031256103515625: parsing :authorityAdditionalBackupReadBad varintCLOSE_WAITCSDVersionCancelIoExChorasmianClassCHAOSClassCSNETConnection, xrefs: 00007FF6B51A5C32, 00007FF6B51A6005
    • sweep increased allocation countsync: Unlock of unlocked RWMutexsync: negative WaitGroup countertls: NextProtos values too largetls: failed to parse private keytls: unknown Renegotiation valueuse of closed network connectionx509: ECDSA verification failurex509, xrefs: 00007FF6B51A5D2F
    • mspan.sweep: m is not lockednewproc1: new g is not Gdeadnewproc1: newg missing stackos: process already finishedpending ASN.1 child too longprotocol driver not attachedreflect.MakeSlice: len > capreflect: In of non-func typeregion exceeds uintptr rangeruntime., xrefs: 00007FF6B51A605B
    • runtime: nelems=schedule: in cgostring too largetime: bad [0-9]*unknown network unpacking headerwinpty_error_msgworkbuf is emptywww-authenticate spinningthreads=%%!%c(big.Int=%s), p.searchAddr = 0123456789ABCDEFX0123456789abcdefx060102150405Z070011920928955078, xrefs: 00007FF6B51A5CA5
    • mspan.sweep: bad span statenet/http: invalid method %qnet/http: use last responsenot a XENIX named type fileprogToPointerMask: overflowreflect.Value.UnsafePointerreflectlite.Value.Interfacereflectlite.Value.NumMethodrunlock of unlocked rwmutexruntime: asyncPre, xrefs: 00007FF6B51A604A
    • previous allocCount=, levelBits[level] = 186264514923095703125931322574615478515625AdjustTokenPrivilegesAlaskan Standard TimeAnatolian_HieroglyphsArabian Standard TimeBelarus Standard TimeCM_Get_DevNode_StatusCentral Standard TimeChangeServiceConfig2WDeregist, xrefs: 00007FF6B51A5CE5
    • sweep: tried to preserve a user arena spansync/atomic: store of nil value into Valuetls: private key does not match public keyunexpected signal during runtime executionx509: %q cannot be encoded as an IA5Stringx509: RSA modulus is not a positive numberError en, xrefs: 00007FF6B51A5BE5
    • mspan.sweep: bad span state after sweepout of memory allocating heap arena mapruntime: blocked write on free polldescruntime: casfrom_Gscanstatus failed gp=stack growth not allowed in system callsuspendG from non-preemptible goroutinetags don't match (%d vs %+, xrefs: 00007FF6B51A5C78
    • nalloc= newval= nfreed= packed= ping=%q pointer stack=[ status %!Month(2.5.4.102.5.4.112.5.4.1748828125AQgBD1U=AcceptExAcceptedArmenianAwUCAQ==BAD RANKBQFWRwE=BQNPAQ==BQtYB1FcBalineseBopomofoBugineseCFxFEFxBCQD//wAACVddAxwXCancelIoCherokeeClassANYConflictCont, xrefs: 00007FF6B51A5CC5
    • mheap.sweepgen= not in ranges: untyped locals %s %s HTTP/1.1, not a function.WithValue(type /etc/resolv.conf0123456789ABCDEF0123456789abcdef2384185791015625: value of type AAENV09UUk4DVg==Already ReportedAwdRU0gJAxlRBQ==B1YfVRwCWgIABg==BlEdRk9NRk5LEUU=BloF, xrefs: 00007FF6B51A5C4F, 00007FF6B51A6025
    • mspan.sweep: state=negative coordinatenetwork unreachablenot implemented yetnotesleep not on g0ntdll.dll not foundnwait > work.nprocspanic during mallocpanic during panicpanic holding lockspanicwrap: no ( in panicwrap: no ) in proxy-authorizationreflect.Value, xrefs: 00007FF6B51A5C14, 00007FF6B51A5FE5
    Memory Dump Source
    • Source File: 00000000.00000002.1642009164.00007FF6B5181000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B5180000, based on PE: true
    • Associated: 00000000.00000002.1641992535.00007FF6B5180000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642203470.00007FF6B54D7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642222303.00007FF6B54E4000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642246538.00007FF6B550F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642264043.00007FF6B551D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642280720.00007FF6B5521000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642293731.00007FF6B5522000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642306996.00007FF6B5523000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642320363.00007FF6B5525000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B581B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5843000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B584A000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5871000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642775600.00007FF6B5882000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5883000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5886000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642816438.00007FF6B5887000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff6b5180000_pgsql.jbxd
    Similarity
    • API ID:
    • String ID: mheap.sweepgen= not in ranges: untyped locals %s %s HTTP/1.1, not a function.WithValue(type /etc/resolv.conf0123456789ABCDEF0123456789abcdef2384185791015625: value of type AAENV09UUk4DVg==Already ReportedAwdRU0gJAxlRBQ==B1YfVRwCWgIABg==BlEdRk9NRk5LEUU=BloF$ nalloc= newval= nfreed= packed= ping=%q pointer stack=[ status %!Month(2.5.4.102.5.4.112.5.4.1748828125AQgBD1U=AcceptExAcceptedArmenianAwUCAQ==BAD RANKBQFWRwE=BQNPAQ==BQtYB1FcBalineseBopomofoBugineseCFxFEFxBCQD//wAACVddAxwXCancelIoCherokeeClassANYConflictCont$ previous allocCount=, levelBits[level] = 186264514923095703125931322574615478515625AdjustTokenPrivilegesAlaskan Standard TimeAnatolian_HieroglyphsArabian Standard TimeBelarus Standard TimeCM_Get_DevNode_StatusCentral Standard TimeChangeServiceConfig2WDeregist$ sweepgen= targetpc= throwing= until pc=%!Weekday(%-20s: %v%s|%s%s|%s, bound = , limit = .localhost/dev/stdin/etc/hosts12207031256103515625: parsing :authorityAdditionalBackupReadBad varintCLOSE_WAITCSDVersionCancelIoExChorasmianClassCHAOSClassCSNETConnection$mspan.sweep: bad span state after sweepout of memory allocating heap arena mapruntime: blocked write on free polldescruntime: casfrom_Gscanstatus failed gp=stack growth not allowed in system callsuspendG from non-preemptible goroutinetags don't match (%d vs %+$mspan.sweep: bad span statenet/http: invalid method %qnet/http: use last responsenot a XENIX named type fileprogToPointerMask: overflowreflect.Value.UnsafePointerreflectlite.Value.Interfacereflectlite.Value.NumMethodrunlock of unlocked rwmutexruntime: asyncPre$mspan.sweep: m is not lockednewproc1: new g is not Gdeadnewproc1: newg missing stackos: process already finishedpending ASN.1 child too longprotocol driver not attachedreflect.MakeSlice: len > capreflect: In of non-func typeregion exceeds uintptr rangeruntime.$mspan.sweep: state=negative coordinatenetwork unreachablenot implemented yetnotesleep not on g0ntdll.dll not foundnwait > work.nprocspanic during mallocpanic during panicpanic holding lockspanicwrap: no ( in panicwrap: no ) in proxy-authorizationreflect.Value$runtime: nelems=schedule: in cgostring too largetime: bad [0-9]*unknown network unpacking headerwinpty_error_msgworkbuf is emptywww-authenticate spinningthreads=%%!%c(big.Int=%s), p.searchAddr = 0123456789ABCDEFX0123456789abcdefx060102150405Z070011920928955078$sweep increased allocation countsync: Unlock of unlocked RWMutexsync: negative WaitGroup countertls: NextProtos values too largetls: failed to parse private keytls: unknown Renegotiation valueuse of closed network connectionx509: ECDSA verification failurex509$sweep: tried to preserve a user arena spansync/atomic: store of nil value into Valuetls: private key does not match public keyunexpected signal during runtime executionx509: %q cannot be encoded as an IA5Stringx509: RSA modulus is not a positive numberError en$swept cached spansync.RWMutex.Lockthread exhaustiontransfer-encodingtruncated headersunknown caller pcunknown type kindunrecognized namewait for GC cyclewinpty_config_newwinpty_conin_namewinpty_error_codewinpty_error_freewrong medium typex-forwarded-proto but
    • API String ID: 0-110723450
    • Opcode ID: fcfa850bf43dc1bd5bb72431bc3c4cbe196f4fe74cc7c2dadfa4fefc105f40be
    • Instruction ID: d22cb489077b5e833df6b1ec1bc47b5defd293ad3eb7b92bb0654b1f00302c9b
    • Opcode Fuzzy Hash: fcfa850bf43dc1bd5bb72431bc3c4cbe196f4fe74cc7c2dadfa4fefc105f40be
    • Instruction Fuzzy Hash: FA727C22A0C69285EB619B19E4403EA77A1FB85B44F454131EB9D83B9FCF3CED59CB10
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF6B51AB460 Relevance: 15.6, Strings: 12, Instructions: 555COMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 2204 7ff6b51ab460-7ff6b51ab46c 2205 7ff6b51ab472-7ff6b51ab4ee 2204->2205 2206 7ff6b51ac019-7ff6b51ac032 call 7ff6b51e4da0 2204->2206 2208 7ff6b51ab511-7ff6b51ab515 2205->2208 2206->2204 2210 7ff6b51ab626-7ff6b51ab634 2208->2210 2211 7ff6b51ab51b-7ff6b51ab565 2208->2211 2214 7ff6b51ab8b0-7ff6b51ab8b8 call 7ff6b51e7440 2210->2214 2215 7ff6b51ab63a-7ff6b51ab669 call 7ff6b51ae0a0 2210->2215 2212 7ff6b51ac010-7ff6b51ac018 call 7ff6b51e74a0 2211->2212 2213 7ff6b51ab56b-7ff6b51ab56e 2211->2213 2212->2206 2218 7ff6b51ab574-7ff6b51ab5e5 2213->2218 2219 7ff6b51ac008-7ff6b51ac00b call 7ff6b51e74e0 2213->2219 2223 7ff6b51ab8bd-7ff6b51ab8c3 2214->2223 2227 7ff6b51ab66f-7ff6b51ab711 call 7ff6b51ab380 2215->2227 2228 7ff6b51ab712-7ff6b51ab72d 2215->2228 2224 7ff6b51ab5f0 2218->2224 2225 7ff6b51ab5e7-7ff6b51ab5ee 2218->2225 2219->2212 2229 7ff6b51ab8cd-7ff6b51ab8d0 2223->2229 2230 7ff6b51ab5f3-7ff6b51ab621 2224->2230 2225->2230 2231 7ff6b51ab733-7ff6b51ab760 2228->2231 2232 7ff6b51ab8ab call 7ff6b51e7420 2228->2232 2233 7ff6b51abb4e-7ff6b51abb51 2229->2233 2234 7ff6b51ab8d6 2229->2234 2230->2229 2237 7ff6b51ab894-7ff6b51ab8a1 2231->2237 2238 7ff6b51ab766-7ff6b51ab775 2231->2238 2232->2214 2241 7ff6b51abe0f-7ff6b51abe80 call 7ff6b51ab380 2233->2241 2242 7ff6b51abb57-7ff6b51abb63 2233->2242 2239 7ff6b51ab8dc-7ff6b51ab8e3 2234->2239 2240 7ff6b51abffd-7ff6b51ac003 call 7ff6b51e7420 2234->2240 2237->2232 2244 7ff6b51ab885-7ff6b51ab88f 2238->2244 2245 7ff6b51ab77b-7ff6b51ab880 call 7ff6b51b9880 call 7ff6b51ba180 call 7ff6b51b9f80 call 7ff6b51ba180 call 7ff6b51b9f80 call 7ff6b51ba180 call 7ff6b51b9e80 call 7ff6b51ba180 call 7ff6b51b9e80 call 7ff6b51ba180 call 7ff6b51b9e80 call 7ff6b51ba180 call 7ff6b51b9900 call 7ff6b51b9880 call 7ff6b51ba180 call 7ff6b51b9e80 call 7ff6b51b9ae0 call 7ff6b51b9900 call 7ff6b51b7f40 2238->2245 2246 7ff6b51ab8e5-7ff6b51ab8e7 2239->2246 2247 7ff6b51ab8e9-7ff6b51ab9a3 2239->2247 2240->2219 2249 7ff6b51abb69-7ff6b51abb96 2242->2249 2250 7ff6b51abdf6-7ff6b51abe0e 2242->2250 2245->2244 2246->2223 2263 7ff6b51ab9a9-7ff6b51ab9b6 2247->2263 2264 7ff6b51abaeb-7ff6b51abb46 2247->2264 2255 7ff6b51abba2-7ff6b51abbbe 2249->2255 2256 7ff6b51abb98-7ff6b51abba0 2249->2256 2257 7ff6b51abbc5-7ff6b51abbcf 2255->2257 2256->2257 2260 7ff6b51abbd1-7ff6b51abbd7 2257->2260 2261 7ff6b51abbd9-7ff6b51abbdd 2257->2261 2265 7ff6b51abbe4-7ff6b51abf63 call 7ff6b51b9880 call 7ff6b51ba180 call 7ff6b51b9f80 call 7ff6b51ba180 call 7ff6b51b9f80 call 7ff6b51ba180 call 7ff6b51b9e80 call 7ff6b51ba180 call 7ff6b51b9e80 call 7ff6b51ba180 call 7ff6b51b9e80 call 7ff6b51b9ae0 call 7ff6b51b9900 call 7ff6b51b9880 call 7ff6b51ba180 call 7ff6b51b9f80 call 7ff6b51ba180 call 7ff6b51b9e80 call 7ff6b51ba180 call 7ff6b51b9f80 call 7ff6b51b9ae0 call 7ff6b51b9900 call 7ff6b51b9880 call 7ff6b51ba180 call 7ff6b51b9fe0 call 7ff6b51ba180 call 7ff6b51b9f80 call 7ff6b51b9ae0 call 7ff6b51b9900 call 7ff6b51b9880 call 7ff6b51ba180 call 7ff6b51b9e80 call 7ff6b51ba180 call 7ff6b51b9e80 call 7ff6b51b9ae0 call 7ff6b51b9900 2260->2265 2261->2265 2267 7ff6b51ab9bf-7ff6b51ab9d0 2263->2267 2268 7ff6b51ab9b8-7ff6b51ab9bd 2263->2268 2264->2233 2386 7ff6b51abf69-7ff6b51abf9a 2265->2386 2387 7ff6b51abfec-7ff6b51abff8 call 7ff6b51b7f40 2265->2387 2269 7ff6b51ab9d3-7ff6b51ab9d6 2267->2269 2268->2269 2272 7ff6b51ab4f0-7ff6b51ab50e 2269->2272 2273 7ff6b51ab9dc-7ff6b51ab9e3 2269->2273 2272->2208 2277 7ff6b51ab9f1-7ff6b51aba0c 2273->2277 2278 7ff6b51ab9e5-7ff6b51ab9ef 2273->2278 2282 7ff6b51aba12 2277->2282 2283 7ff6b51aba93-7ff6b51abae6 2277->2283 2281 7ff6b51aba17 2278->2281 2286 7ff6b51aba25-7ff6b51aba30 2281->2286 2287 7ff6b51aba19-7ff6b51aba23 2281->2287 2282->2281 2283->2223 2290 7ff6b51aba34-7ff6b51aba8e 2286->2290 2287->2290 2290->2223 2388 7ff6b51abfa4-7ff6b51abfbc 2386->2388 2389 7ff6b51abf9c-7ff6b51abfa2 2386->2389 2387->2240 2391 7ff6b51abfbf-7ff6b51abfd1 2388->2391 2389->2391 2392 7ff6b51abfd3-7ff6b51abfd8 2391->2392 2393 7ff6b51abfdd-7ff6b51abfe1 2391->2393 2393->2387
    Strings
    • runtime: npages = runtime: range = {runtime: textAddr segmentation faultsequence truncatedserver misbehavingstopping the worldstreams pipe errorsync.RWMutex.RLocksystem page size (tracebackancestorstruncated sequenceunexpected messageuse of closed filevalue ou, xrefs: 00007FF6B51AB845
    • , i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLISTENLengthLepchaLockedLycianLydianMondayPADDEDPragmaRe, xrefs: 00007FF6B51ABD45
    • , j0 = , type=19531252.5.4.32.5.4.52.5.4.62.5.4.72.5.4.82.5.4.99765625: type ::ffff::method:scheme:statusAvestanBengaliBrailleCLOSINGCONNECTChanDirConvertCopySidCreatedCypriotDeseretEd25519ElbasanElymaicExpiresFreeSidGODEBUGGranthaHEADERSHanunooIM UsedIO waitI, xrefs: 00007FF6B51ABCDA
    • bad summary databad symbol tablebinary.BigEndianc2VjdGlvbl9zaXplc2xlZXBfdGltZQ==cG9ydF9maW5nZXI=cGVyVGFza01zZw==cGx1Z2luX2FsaWFzcastogscanstatuscmF3X3Jlc3VsdA==cmVtb3RlX3BvcnQ=content-encodingcontent-languagecontent-locationcontext canceleddS01Y0BQA3tWWV0=divi, xrefs: 00007FF6B51AB86F, 00007FF6B51ABFEC
    • runtime: p.searchAddr = span has no free objectsstack trace unavailablestreamSafe was not resetstructure needs cleaningtext/html; charset=utf-8unexpected buffer len=%vunpacking Question.Classupdate during transitionwinpty_spawn_config_freex509: malformed vali, xrefs: 00007FF6B51ABD25
    • , levelBits[level] = 186264514923095703125931322574615478515625AdjustTokenPrivilegesAlaskan Standard TimeAnatolian_HieroglyphsArabian Standard TimeBelarus Standard TimeCM_Get_DevNode_StatusCentral Standard TimeChangeServiceConfig2WDeregisterEventSourceDwmGetWi, xrefs: 00007FF6B51ABDC5
    • runtime: levelShift[level] = runtime: marking free object runtime: p.gcMarkWorkerMode= runtime: split stack overflowruntime: sudog with non-nil cruntime: summary max pages = runtime: traceback stuck. pc=scanobject of a noscan objectsemacquire not on the G stac, xrefs: 00007FF6B51ABDA5
    • ] = ] n=allgallpasn1avx2basebg==bindbitsbmi1bmi2boolc2Vxc3NocHBmcallcap cas1cas2cas3cas4cas5cas6chancx16d3U=dGNwdGxzdatedeaddialermsetagfailfg==filefromftpsfuncgziphosthourhttpi386i686ia64icmpidleigmpinetint8itabkA==kindlinkopenpathpipepop3quitreadrootsbrksmtp, xrefs: 00007FF6B51ABC2F
    • runtime: summary[runtime: textOff runtime: typeOff scanobject n == 0select (no cases)socket closed: %wstack: frame={sp:swept cached spansync.RWMutex.Lockthread exhaustiontransfer-encodingtruncated headersunknown caller pcunknown type kindunrecognized namewait , xrefs: 00007FF6B51AB78A, 00007FF6B51ABBEE
    • runtime: level = runtime: nameOff runtime: pointer runtime: summary[runtime: textOff runtime: typeOff scanobject n == 0select (no cases)socket closed: %wstack: frame={sp:swept cached spansync.RWMutex.Lockthread exhaustiontransfer-encodingtruncated headersunkno, xrefs: 00007FF6B51ABC9E
    • , npages = , settings:.WithCancel/dev/stderr/dev/stdout/index.html30517578125: frame.sp=BLAKE2b-256BLAKE2b-384BLAKE2b-512BLAKE2s-256BackupWriteBad GatewayBad RequestClassHESIODCloseHandleCoGetObjectCreateFileWDeleteFileWDives_AkuruENABLE_PUSHEND_HEADERSESTABLI, xrefs: 00007FF6B51ABCBC
    • ] = (allowamd64arraybad nchdirchmodclosecpu%ddeferfalsefaultfilesgcinggscanhchanhostshttpsi%d86imap2imap3imapsinet4inet6init int16int32int64kind=matchmheapmkdirmonthntohspanicparsepop3srangerouterune scav schedsleepslicesockssse41sse42ssse3stdinsudogsweeptext/, xrefs: 00007FF6B51AB7C5
    Memory Dump Source
    • Source File: 00000000.00000002.1642009164.00007FF6B5181000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B5180000, based on PE: true
    • Associated: 00000000.00000002.1641992535.00007FF6B5180000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642203470.00007FF6B54D7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642222303.00007FF6B54E4000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642246538.00007FF6B550F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642264043.00007FF6B551D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642280720.00007FF6B5521000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642293731.00007FF6B5522000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642306996.00007FF6B5523000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642320363.00007FF6B5525000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B581B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5843000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B584A000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5871000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642775600.00007FF6B5882000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5883000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5886000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642816438.00007FF6B5887000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff6b5180000_pgsql.jbxd
    Similarity
    • API ID:
    • String ID: , i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLISTENLengthLepchaLockedLycianLydianMondayPADDEDPragmaRe$, j0 = , type=19531252.5.4.32.5.4.52.5.4.62.5.4.72.5.4.82.5.4.99765625: type ::ffff::method:scheme:statusAvestanBengaliBrailleCLOSINGCONNECTChanDirConvertCopySidCreatedCypriotDeseretEd25519ElbasanElymaicExpiresFreeSidGODEBUGGranthaHEADERSHanunooIM UsedIO waitI$, levelBits[level] = 186264514923095703125931322574615478515625AdjustTokenPrivilegesAlaskan Standard TimeAnatolian_HieroglyphsArabian Standard TimeBelarus Standard TimeCM_Get_DevNode_StatusCentral Standard TimeChangeServiceConfig2WDeregisterEventSourceDwmGetWi$, npages = , settings:.WithCancel/dev/stderr/dev/stdout/index.html30517578125: frame.sp=BLAKE2b-256BLAKE2b-384BLAKE2b-512BLAKE2s-256BackupWriteBad GatewayBad RequestClassHESIODCloseHandleCoGetObjectCreateFileWDeleteFileWDives_AkuruENABLE_PUSHEND_HEADERSESTABLI$] = (allowamd64arraybad nchdirchmodclosecpu%ddeferfalsefaultfilesgcinggscanhchanhostshttpsi%d86imap2imap3imapsinet4inet6init int16int32int64kind=matchmheapmkdirmonthntohspanicparsepop3srangerouterune scav schedsleepslicesockssse41sse42ssse3stdinsudogsweeptext/$] = ] n=allgallpasn1avx2basebg==bindbitsbmi1bmi2boolc2Vxc3NocHBmcallcap cas1cas2cas3cas4cas5cas6chancx16d3U=dGNwdGxzdatedeaddialermsetagfailfg==filefromftpsfuncgziphosthourhttpi386i686ia64icmpidleigmpinetint8itabkA==kindlinkopenpathpipepop3quitreadrootsbrksmtp$bad summary databad symbol tablebinary.BigEndianc2VjdGlvbl9zaXplc2xlZXBfdGltZQ==cG9ydF9maW5nZXI=cGVyVGFza01zZw==cGx1Z2luX2FsaWFzcastogscanstatuscmF3X3Jlc3VsdA==cmVtb3RlX3BvcnQ=content-encodingcontent-languagecontent-locationcontext canceleddS01Y0BQA3tWWV0=divi$runtime: level = runtime: nameOff runtime: pointer runtime: summary[runtime: textOff runtime: typeOff scanobject n == 0select (no cases)socket closed: %wstack: frame={sp:swept cached spansync.RWMutex.Lockthread exhaustiontransfer-encodingtruncated headersunkno$runtime: levelShift[level] = runtime: marking free object runtime: p.gcMarkWorkerMode= runtime: split stack overflowruntime: sudog with non-nil cruntime: summary max pages = runtime: traceback stuck. pc=scanobject of a noscan objectsemacquire not on the G stac$runtime: npages = runtime: range = {runtime: textAddr segmentation faultsequence truncatedserver misbehavingstopping the worldstreams pipe errorsync.RWMutex.RLocksystem page size (tracebackancestorstruncated sequenceunexpected messageuse of closed filevalue ou$runtime: p.searchAddr = span has no free objectsstack trace unavailablestreamSafe was not resetstructure needs cleaningtext/html; charset=utf-8unexpected buffer len=%vunpacking Question.Classupdate during transitionwinpty_spawn_config_freex509: malformed vali$runtime: summary[runtime: textOff runtime: typeOff scanobject n == 0select (no cases)socket closed: %wstack: frame={sp:swept cached spansync.RWMutex.Lockthread exhaustiontransfer-encodingtruncated headersunknown caller pcunknown type kindunrecognized namewait
    • API String ID: 0-3015980474
    • Opcode ID: 2daae98cf8dfe2499b736e002ff1b5676d7132877896355ce0f57ace78ad2acb
    • Instruction ID: daa6c6207b658690e479ddefd8bead1c20dcb9655212095e04000c4cde1a759f
    • Opcode Fuzzy Hash: 2daae98cf8dfe2499b736e002ff1b5676d7132877896355ce0f57ace78ad2acb
    • Instruction Fuzzy Hash: 6C424E76A18AC581EA60AB19E4413EAA365FB85FC0F444132DF9D97B9FCE3CD849C740
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF6B518D480 Relevance: 15.4, Strings: 12, Instructions: 382COMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 2394 7ff6b518d480-7ff6b518d489 2395 7ff6b518d48f-7ff6b518d4e3 2394->2395 2396 7ff6b518dc06-7ff6b518dc33 call 7ff6b51e4da0 2394->2396 2397 7ff6b518d4e5-7ff6b518d4e7 2395->2397 2398 7ff6b518d4ec-7ff6b518d50a call 7ff6b518f0c0 2395->2398 2396->2394 2400 7ff6b518d8b6-7ff6b518d8c3 2397->2400 2407 7ff6b518d531 2398->2407 2408 7ff6b518d50c-7ff6b518d52c 2398->2408 2404 7ff6b518d9d9-7ff6b518d9e8 2400->2404 2405 7ff6b518d8c9-7ff6b518d8ea 2400->2405 2406 7ff6b518d9eb-7ff6b518d9ee 2404->2406 2409 7ff6b518d8fb-7ff6b518d914 2405->2409 2410 7ff6b518d8ec-7ff6b518d8f9 2405->2410 2411 7ff6b518daae-7ff6b518dab8 2406->2411 2412 7ff6b518d9f4-7ff6b518da08 call 7ff6b518dc40 2406->2412 2413 7ff6b518d536-7ff6b518d5a3 2407->2413 2408->2400 2415 7ff6b518d916-7ff6b518d919 2409->2415 2416 7ff6b518d91b-7ff6b518d95e call 7ff6b5198b40 2409->2416 2414 7ff6b518d966-7ff6b518d96c 2410->2414 2420 7ff6b518dad3-7ff6b518daec 2411->2420 2421 7ff6b518daba-7ff6b518dad1 2411->2421 2437 7ff6b518da0e-7ff6b518daab call 7ff6b5199ce0 * 2 2412->2437 2438 7ff6b518db46-7ff6b518db59 2412->2438 2429 7ff6b518d805-7ff6b518d81a 2413->2429 2430 7ff6b518d5a9-7ff6b518d5b4 2413->2430 2422 7ff6b518d96e-7ff6b518d971 2414->2422 2423 7ff6b518d9c5-7ff6b518d9d7 2414->2423 2415->2414 2416->2414 2431 7ff6b518daee-7ff6b518dafb 2420->2431 2432 7ff6b518dafd-7ff6b518db29 2420->2432 2426 7ff6b518db2d-7ff6b518db30 2421->2426 2427 7ff6b518d885-7ff6b518d8b3 2422->2427 2428 7ff6b518d977-7ff6b518d9c0 call 7ff6b5198a00 2422->2428 2423->2406 2435 7ff6b518db32-7ff6b518db39 2426->2435 2436 7ff6b518db6b-7ff6b518dc05 call 7ff6b51b9880 call 7ff6b51ba180 call 7ff6b51b9fe0 call 7ff6b51ba180 call 7ff6b51b9fe0 call 7ff6b51ba180 * 2 call 7ff6b51b9ae0 call 7ff6b51b9900 call 7ff6b51b7f40 2426->2436 2427->2400 2428->2427 2433 7ff6b518d876-7ff6b518d880 call 7ff6b51e7440 2430->2433 2434 7ff6b518d5ba-7ff6b518d5d5 2430->2434 2431->2426 2432->2426 2433->2427 2441 7ff6b518d66a-7ff6b518d683 2434->2441 2442 7ff6b518d5db-7ff6b518d632 call 7ff6b51b5120 2434->2442 2444 7ff6b518db5a-7ff6b518db66 call 7ff6b51b7f40 2435->2444 2445 7ff6b518db3b-7ff6b518db41 2435->2445 2436->2396 2437->2411 2449 7ff6b518d850-7ff6b518d860 call 7ff6b51b7f40 2441->2449 2450 7ff6b518d689-7ff6b518d6b4 call 7ff6b518f0c0 2441->2450 2459 7ff6b518d865-7ff6b518d871 call 7ff6b51b7f40 2442->2459 2460 7ff6b518d638-7ff6b518d660 2442->2460 2444->2436 2445->2413 2449->2459 2465 7ff6b518d6d5-7ff6b518d6e3 2450->2465 2466 7ff6b518d6b6-7ff6b518d6cf call 7ff6b518ece0 2450->2466 2459->2433 2460->2441 2469 7ff6b518d7f3-7ff6b518d7fb 2465->2469 2470 7ff6b518d6e9-7ff6b518d707 2465->2470 2466->2465 2478 7ff6b518d83f-7ff6b518d84b call 7ff6b51b7f40 2466->2478 2469->2429 2473 7ff6b518d7b6-7ff6b518d7cb 2470->2473 2474 7ff6b518d70d-7ff6b518d719 2470->2474 2476 7ff6b518d826-7ff6b518d829 call 7ff6b51e74a0 2473->2476 2477 7ff6b518d7cd-7ff6b518d7e3 2473->2477 2479 7ff6b518d722-7ff6b518d743 call 7ff6b518ece0 2474->2479 2480 7ff6b518d71b 2474->2480 2491 7ff6b518d82e-7ff6b518d83a call 7ff6b51b7f40 2476->2491 2485 7ff6b518d7e5-7ff6b518d7ee 2477->2485 2486 7ff6b518d81b-7ff6b518d821 call 7ff6b51e7420 2477->2486 2478->2449 2479->2491 2493 7ff6b518d749-7ff6b518d78e 2479->2493 2480->2479 2486->2476 2491->2478 2496 7ff6b518d790-7ff6b518d799 call 7ff6b51e7de0 2493->2496 2497 7ff6b518d7a1-7ff6b518d7ae 2493->2497 2496->2497 2497->2473
    Strings
    • ) not in usable address space: ...additional frames elided....lib section in a.out corrupted11368683772161602973937988281255684341886080801486968994140625CLIENT_HANDSHAKE_TRAFFIC_SECRETCentral Brazilian Standard TimeCertDuplicateCertificateContextError gettin, xrefs: 00007FF6B518DBC5
    • region exceeds uintptr rangeruntime.semasleep unexpectedruntime: bad lfnode address runtime: casgstatus: oldval=runtime: no module data for save on system g not allowedunexpected protocol version winpty_config_set_mouse_modex509: invalid DSA parametersx509: in, xrefs: 00007FF6B518DACA
    • runtime: memory allocated by OS [runtime: name offset out of rangeruntime: text offset out of rangeruntime: type offset out of rangescalar has high bit set illegallyskip everything and stop the walkslice bounds out of range [%x:%y]stackalloc not on scheduler s, xrefs: 00007FF6B518DB85
    • out of memory allocating allArenasreflect: ChanDir of non-chan type reflect: Field index out of boundsreflect: Field of non-struct type reflect: string index out of rangeruntime.SetFinalizer: cannot pass runtime: g is running but p is notschedule: spinning wit, xrefs: 00007FF6B518D82E
    • base outside usable address spacebytes.Buffer.Grow: negative countconcurrent map read and map writeconnection not allowed by rulesetcrypto/aes: output not full blockcrypto/des: output not full blockcrypto: requested hash function #ed25519: bad private key leng, xrefs: 00007FF6B518DAF4
    • out of memory allocating heap arena mapruntime: blocked write on free polldescruntime: casfrom_Gscanstatus failed gp=stack growth not allowed in system callsuspendG from non-preemptible goroutinetags don't match (%d vs %+v) %+v %s @%dtls: internal error: wrong, xrefs: 00007FF6B518D865
    • misrounded allocation in sysAllocnet/http: skip alternate protocolpad size larger than data payloadpseudo header field after regularreflect.nameFrom: name too long: reflect: Field index out of rangereflect: NumOut of non-func type reflect: array index out of r, xrefs: 00007FF6B518DB5A
    • out of memory allocating heap arena metadatareflect: funcLayout with interface receiver runtime: lfstack.push invalid packing: node=span on userArena.faultList has invalid sizetls: server sent an incorrect legacy versiontls: server's Finished message was incor, xrefs: 00007FF6B518D83F
    • end outside usable address spaceframe_windowupdate_zero_inc_conngo package net: hostLookupOrder(integer is not minimally encodedinvalid limiter event type foundmime: expected token after slashnumerical argument out of domainpanic while printing panic valueread, xrefs: 00007FF6B518DB22
    • , xrefs: 00007FF6B518DB12
    • memory reservation exceeds address space limitnet/http: internal error: misuse of tryDelivernet/http: too many 1xx informational responsesos: unexpected result from WaitForSingleObjectpanicwrap: unexpected string after type name: protocol error: received DATA , xrefs: 00007FF6B518DBEF
    • arena already initializedbad status in shrinkstackbad system huge page sizechansend: spurious wakeupcheckdead: no m for timercheckdead: no p for timercontext deadline exceededexplicit tag has no childframe_data_pad_byte_shortframe_headers_pad_too_bigframe_head, xrefs: 00007FF6B518D850
    Memory Dump Source
    • Source File: 00000000.00000002.1642009164.00007FF6B5181000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B5180000, based on PE: true
    • Associated: 00000000.00000002.1641992535.00007FF6B5180000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642203470.00007FF6B54D7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642222303.00007FF6B54E4000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642246538.00007FF6B550F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642264043.00007FF6B551D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642280720.00007FF6B5521000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642293731.00007FF6B5522000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642306996.00007FF6B5523000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642320363.00007FF6B5525000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B581B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5843000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B584A000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5871000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642775600.00007FF6B5882000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5883000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5886000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642816438.00007FF6B5887000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff6b5180000_pgsql.jbxd
    Similarity
    • API ID:
    • String ID: $) not in usable address space: ...additional frames elided....lib section in a.out corrupted11368683772161602973937988281255684341886080801486968994140625CLIENT_HANDSHAKE_TRAFFIC_SECRETCentral Brazilian Standard TimeCertDuplicateCertificateContextError gettin$arena already initializedbad status in shrinkstackbad system huge page sizechansend: spurious wakeupcheckdead: no m for timercheckdead: no p for timercontext deadline exceededexplicit tag has no childframe_data_pad_byte_shortframe_headers_pad_too_bigframe_head$base outside usable address spacebytes.Buffer.Grow: negative countconcurrent map read and map writeconnection not allowed by rulesetcrypto/aes: output not full blockcrypto/des: output not full blockcrypto: requested hash function #ed25519: bad private key leng$end outside usable address spaceframe_windowupdate_zero_inc_conngo package net: hostLookupOrder(integer is not minimally encodedinvalid limiter event type foundmime: expected token after slashnumerical argument out of domainpanic while printing panic valueread$memory reservation exceeds address space limitnet/http: internal error: misuse of tryDelivernet/http: too many 1xx informational responsesos: unexpected result from WaitForSingleObjectpanicwrap: unexpected string after type name: protocol error: received DATA $misrounded allocation in sysAllocnet/http: skip alternate protocolpad size larger than data payloadpseudo header field after regularreflect.nameFrom: name too long: reflect: Field index out of rangereflect: NumOut of non-func type reflect: array index out of r$out of memory allocating allArenasreflect: ChanDir of non-chan type reflect: Field index out of boundsreflect: Field of non-struct type reflect: string index out of rangeruntime.SetFinalizer: cannot pass runtime: g is running but p is notschedule: spinning wit$out of memory allocating heap arena mapruntime: blocked write on free polldescruntime: casfrom_Gscanstatus failed gp=stack growth not allowed in system callsuspendG from non-preemptible goroutinetags don't match (%d vs %+v) %+v %s @%dtls: internal error: wrong$out of memory allocating heap arena metadatareflect: funcLayout with interface receiver runtime: lfstack.push invalid packing: node=span on userArena.faultList has invalid sizetls: server sent an incorrect legacy versiontls: server's Finished message was incor$region exceeds uintptr rangeruntime.semasleep unexpectedruntime: bad lfnode address runtime: casgstatus: oldval=runtime: no module data for save on system g not allowedunexpected protocol version winpty_config_set_mouse_modex509: invalid DSA parametersx509: in$runtime: memory allocated by OS [runtime: name offset out of rangeruntime: text offset out of rangeruntime: type offset out of rangescalar has high bit set illegallyskip everything and stop the walkslice bounds out of range [%x:%y]stackalloc not on scheduler s
    • API String ID: 0-1231356984
    • Opcode ID: 6ca53cb49b39365e07e15e1d09dbfa8c9a79f5cde1acb66edb906f42b0086279
    • Instruction ID: 73c062c76de4ac423c766ce3cf6243fafd2af3d3a2f064b26df25a3d228c038d
    • Opcode Fuzzy Hash: 6ca53cb49b39365e07e15e1d09dbfa8c9a79f5cde1acb66edb906f42b0086279
    • Instruction Fuzzy Hash: 60027C22A0DB8582EB609B19E4403EAA7A4FB85F90F444136EF9D8379ECF7CD941C751
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF6B520B1C0 Relevance: 14.8, Strings: 10, Instructions: 2336COMMON
    Download Yara Rule
    Strings
    • secondselectsendtoserversocketsocks socks5statusstdoutstringstructsweep sysmontelnettimersuint16uint32uint64x86_64 %v=%v, (conn) (scan (scan) MB in Value> allocs dying= flags= len=%d locks= m->g0= nmsys= pad1= pad2= s=nil text= using zombie% CPU (, goid, xrefs: 00007FF6B520C5BA
    • hourhttpi386i686ia64icmpidleigmpinetint8itabkA==kindlinkopenpathpipepop3quitreadrootsbrksmtpsse2sse3tcp4tcp6trueudp4udp6uintunixvaryxn-- ... MB, and cnt= got= max= ms, ptr tab= top=%s %q%s*%d%s=%s&#34;&#39;&amp;+0330+0430+0530+0545+0630+0845+1030+1245+134, xrefs: 00007FF6B520C266, 00007FF6B520C771
    • : day-of-year out of rangeBougainville Standard TimeCentral Asia Standard TimeCertFindCertificateInStoreCertFreeCertificateContextE. Australia Standard TimeECDSA verification failureEkaterinburg Standard TimeFindFirstVolumeMountPointWFindNextChangeNotification, xrefs: 00007FF6B520CE64
    • : day-of-year does not match monthCM_Get_Device_Interface_List_SizeWGODEBUG sys/cpu: can not disable "NoDefaultCurrentDirectoryInExePathOther_Default_Ignorable_Code_PointSetFileCompletionNotificationModesTLS 1.3, client CertificateVerify, xrefs: 00007FF6B520CBA6
    • : extra text: <not Stringer>Accept-CharsetCertCloseStoreClearCommBreakClearCommErrorCoInitializeExCoUninitializeComputerNameExContent-LengthControlServiceCreateEventExWCreateMutexExWCreateProcessWCreateServiceWCryptGenRandomDkim-SignatureERR_UNKNOWN_%dEnumPage, xrefs: 00007FF6B520D621
    • out of range pluginpath= s.spanclass= span.base()= syscalltick= work.nproc= work.nwait= , gp->status=, not pointer-byte block (3814697265625: unknown pc Accept-RangesAuthorizationCLIENT_RANDOMCONNECT_ERRORCache-ControlCertOpenStoreCoTaskMemFreeContent-Range, xrefs: 00007FF6B520DB13
    • minutenetdnsobjectoriginpopcntrdrandrdseedrdtscpremoverenamereturnrune1 secondselectsendtoserversocketsocks socks5statusstdoutstringstructsweep sysmontelnettimersuint16uint32uint64x86_64 %v=%v, (conn) (scan (scan) MB in Value> allocs dying= flags= len=%d loc, xrefs: 00007FF6B520C819
    • monthntohspanicparsepop3srangerouterune scav schedsleepslicesockssse41sse42ssse3stdinsudogsweeptext/tls: traceuint8usageutf-8write B -> Value addr= alloc base code= ctxt: curg= free goid jobs= list= m->p= max= min= next= p->m= prev= span=% util(...), i , xrefs: 00007FF6B520BEB2
    • : day out of rangeArab Standard TimeCM_MapCrToWin32ErrCaucasian_AlbanianCertGetNameStringWClosePseudoConsoleCloseServiceHandleCommandLineToArgvWCreateDispTypeInfoCreateFileMappingWCreateWellKnownSidCryptUnprotectDataCuba Standard TimeCurrentBuildNumberEnumProc, xrefs: 00007FF6B520D0AE
    • : day-of-year does not match dayCertAddCertificateContextToStoreCertVerifyCertificateChainPolicyError Launching WinPTY agent, %sFRBZFhNXXxURFUZAFAYSFUIMXF4VBhc=GetVolumePathNamesForVolumeNameWMapIter.Value called before NextNtWow64QueryInformationProcess64V2lu, xrefs: 00007FF6B520CD14
    Memory Dump Source
    • Source File: 00000000.00000002.1642009164.00007FF6B5181000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B5180000, based on PE: true
    • Associated: 00000000.00000002.1641992535.00007FF6B5180000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642203470.00007FF6B54D7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642222303.00007FF6B54E4000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642246538.00007FF6B550F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642264043.00007FF6B551D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642280720.00007FF6B5521000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642293731.00007FF6B5522000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642306996.00007FF6B5523000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642320363.00007FF6B5525000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B581B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5843000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B584A000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5871000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642775600.00007FF6B5882000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5883000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5886000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642816438.00007FF6B5887000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff6b5180000_pgsql.jbxd
    Similarity
    • API ID:
    • String ID: out of range pluginpath= s.spanclass= span.base()= syscalltick= work.nproc= work.nwait= , gp->status=, not pointer-byte block (3814697265625: unknown pc Accept-RangesAuthorizationCLIENT_RANDOMCONNECT_ERRORCache-ControlCertOpenStoreCoTaskMemFreeContent-Range$: day out of rangeArab Standard TimeCM_MapCrToWin32ErrCaucasian_AlbanianCertGetNameStringWClosePseudoConsoleCloseServiceHandleCommandLineToArgvWCreateDispTypeInfoCreateFileMappingWCreateWellKnownSidCryptUnprotectDataCuba Standard TimeCurrentBuildNumberEnumProc$: day-of-year does not match dayCertAddCertificateContextToStoreCertVerifyCertificateChainPolicyError Launching WinPTY agent, %sFRBZFhNXXxURFUZAFAYSFUIMXF4VBhc=GetVolumePathNamesForVolumeNameWMapIter.Value called before NextNtWow64QueryInformationProcess64V2lu$: day-of-year does not match monthCM_Get_Device_Interface_List_SizeWGODEBUG sys/cpu: can not disable "NoDefaultCurrentDirectoryInExePathOther_Default_Ignorable_Code_PointSetFileCompletionNotificationModesTLS 1.3, client CertificateVerify$: day-of-year out of rangeBougainville Standard TimeCentral Asia Standard TimeCertFindCertificateInStoreCertFreeCertificateContextE. Australia Standard TimeECDSA verification failureEkaterinburg Standard TimeFindFirstVolumeMountPointWFindNextChangeNotification$: extra text: <not Stringer>Accept-CharsetCertCloseStoreClearCommBreakClearCommErrorCoInitializeExCoUninitializeComputerNameExContent-LengthControlServiceCreateEventExWCreateMutexExWCreateProcessWCreateServiceWCryptGenRandomDkim-SignatureERR_UNKNOWN_%dEnumPage$hourhttpi386i686ia64icmpidleigmpinetint8itabkA==kindlinkopenpathpipepop3quitreadrootsbrksmtpsse2sse3tcp4tcp6trueudp4udp6uintunixvaryxn-- ... MB, and cnt= got= max= ms, ptr tab= top=%s %q%s*%d%s=%s&#34;&#39;&amp;+0330+0430+0530+0545+0630+0845+1030+1245+134$minutenetdnsobjectoriginpopcntrdrandrdseedrdtscpremoverenamereturnrune1 secondselectsendtoserversocketsocks socks5statusstdoutstringstructsweep sysmontelnettimersuint16uint32uint64x86_64 %v=%v, (conn) (scan (scan) MB in Value> allocs dying= flags= len=%d loc$monthntohspanicparsepop3srangerouterune scav schedsleepslicesockssse41sse42ssse3stdinsudogsweeptext/tls: traceuint8usageutf-8write B -> Value addr= alloc base code= ctxt: curg= free goid jobs= list= m->p= max= min= next= p->m= prev= span=% util(...), i $secondselectsendtoserversocketsocks socks5statusstdoutstringstructsweep sysmontelnettimersuint16uint32uint64x86_64 %v=%v, (conn) (scan (scan) MB in Value> allocs dying= flags= len=%d locks= m->g0= nmsys= pad1= pad2= s=nil text= using zombie% CPU (, goid
    • API String ID: 0-1832566126
    • Opcode ID: 9e72aa22aaebf3e40d2b8dcc9491a89e6a683709ad2f009625b12739da1c2b4b
    • Instruction ID: a4ae890818cec0f45390056f01b0b9719683d12652aa62bdbd13088dee1863ee
    • Opcode Fuzzy Hash: 9e72aa22aaebf3e40d2b8dcc9491a89e6a683709ad2f009625b12739da1c2b4b
    • Instruction Fuzzy Hash: 2E332C7660EAC580E6708B16E9503EAA761F789FD4F495032DF8D97B8EDE7CD8448B00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF6B51CF080 Relevance: 12.9, Strings: 10, Instructions: 374COMMON
    Download Yara Rule
    Strings
    • runtime: pcdata is runtime: preempt g0semaRoot rotateLeftskip this directorystopm holding lockssync.Cond is copiedsysMemStat overflowtoo many open filesunexpected InstFailunexpected g statusunknown Go type: %vunknown certificateunknown cipher typeunknown hash , xrefs: 00007FF6B51CF411, 00007FF6B51CF589
    • runtime: frame runtime: max = runtime: min = runtimer: bad pscan missed a gstartm: m has pstopm holding psync.Mutex.LocktimeBeginPeriodtraceback stuckunexpected typeunknown Go typeunknown networkunknown versionwinpty_set_sizewrite error: %wx-forwarded-for alre, xrefs: 00007FF6B51CF4E6, 00007FF6B51CF654
    • args stack map entries for 18189894035458564758300781259094947017729282379150390625Aus Central W. Standard TimeCanada Central Standard TimeCen. Australia Standard TimeCentral Europe Standard TimeCertCreateCertificateContextEVYBTxkAWUAEExcKXBFEDl1ETA==Ed25519 , xrefs: 00007FF6B51CF44F
    • untyped locals %s %s HTTP/1.1, not a function.WithValue(type /etc/resolv.conf0123456789ABCDEF0123456789abcdef2384185791015625: value of type AAENV09UUk4DVg==Already ReportedAwdRU0gJAxlRBQ==B1YfVRwCWgIABg==BlEdRk9NRk5LEUU=BloFFExJQWYOVBw=Build: %d.%d.%dCQ1d, xrefs: 00007FF6B51CF674
    • untyped args -thread limit.WithDeadline(1907348632812595367431640625: extra text: <not Stringer>Accept-CharsetCertCloseStoreClearCommBreakClearCommErrorCoInitializeExCoUninitializeComputerNameExContent-LengthControlServiceCreateEventExWCreateMutexExWCreatePr, xrefs: 00007FF6B51CF506
    • (targetpc= , plugin: ErrCode=%v KiB work, bytes ... exp.) for freeindex= gcwaiting= idleprocs= in status mallocing= ms clock, nBSSRoots= p->status= s.nelems= schedtick= span.list= timerslen=%d.%d.%d.%d) at entry+, elemsize=, npages = , settings:.WithCa, xrefs: 00007FF6B51CF474, 00007FF6B51CF5E5
    • missing stackmapno colon on lineno renegotiationno route to hostnon-Go functionnon-IPv4 addressnon-IPv6 addressobject is remoteproxy-connectionread_frame_otherreflect mismatchregexp: Compile(remote I/O errorruntime: addr = runtime: base = runtime: head = runt, xrefs: 00007FF6B51CF54F, 00007FF6B51CF6BC
    • bad symbol tablebinary.BigEndianc2VjdGlvbl9zaXplc2xlZXBfdGltZQ==cG9ydF9maW5nZXI=cGVyVGFza01zZw==cGx1Z2luX2FsaWFzcastogscanstatuscmF3X3Jlc3VsdA==cmVtb3RlX3BvcnQ=content-encodingcontent-languagecontent-locationcontext canceleddS01Y0BQA3tWWV0=division by zeroe3t3, xrefs: 00007FF6B51CF4AA, 00007FF6B51CF61B
    • locals stack map entries for 227373675443232059478759765625Central European Standard TimeCentral Standard Time (Mexico)CertDeleteCertificateFromStoreE. South America Standard TimeEastern Standard Time (Mexico)Error getting stdin handle. %sGODEBUG: unknown cpu, xrefs: 00007FF6B51CF5C5
    • and cnt= got= max= ms, ptr tab= top=%s %q%s*%d%s=%s&#34;&#39;&amp;+0330+0430+0530+0545+0630+0845+1030+1245+1345, fp:-0930.avif.html.jpeg.json.wasm.webp1562578125:***@:path<nil>AdlamAprilBamumBatakBuhidCall ClassDograECDSAErrorFoundGreekHTTP/KhmerLatinLimbu, xrefs: 00007FF6B51CF431, 00007FF6B51CF5A6
    Memory Dump Source
    • Source File: 00000000.00000002.1642009164.00007FF6B5181000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B5180000, based on PE: true
    • Associated: 00000000.00000002.1641992535.00007FF6B5180000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642203470.00007FF6B54D7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642222303.00007FF6B54E4000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642246538.00007FF6B550F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642264043.00007FF6B551D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642280720.00007FF6B5521000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642293731.00007FF6B5522000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642306996.00007FF6B5523000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642320363.00007FF6B5525000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B581B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5843000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B584A000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5871000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642775600.00007FF6B5882000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5883000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5886000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642816438.00007FF6B5887000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff6b5180000_pgsql.jbxd
    Similarity
    • API ID:
    • String ID: (targetpc= , plugin: ErrCode=%v KiB work, bytes ... exp.) for freeindex= gcwaiting= idleprocs= in status mallocing= ms clock, nBSSRoots= p->status= s.nelems= schedtick= span.list= timerslen=%d.%d.%d.%d) at entry+, elemsize=, npages = , settings:.WithCa$ and cnt= got= max= ms, ptr tab= top=%s %q%s*%d%s=%s&#34;&#39;&amp;+0330+0430+0530+0545+0630+0845+1030+1245+1345, fp:-0930.avif.html.jpeg.json.wasm.webp1562578125:***@:path<nil>AdlamAprilBamumBatakBuhidCall ClassDograECDSAErrorFoundGreekHTTP/KhmerLatinLimbu$ args stack map entries for 18189894035458564758300781259094947017729282379150390625Aus Central W. Standard TimeCanada Central Standard TimeCen. Australia Standard TimeCentral Europe Standard TimeCertCreateCertificateContextEVYBTxkAWUAEExcKXBFEDl1ETA==Ed25519 $ locals stack map entries for 227373675443232059478759765625Central European Standard TimeCentral Standard Time (Mexico)CertDeleteCertificateFromStoreE. South America Standard TimeEastern Standard Time (Mexico)Error getting stdin handle. %sGODEBUG: unknown cpu$ untyped args -thread limit.WithDeadline(1907348632812595367431640625: extra text: <not Stringer>Accept-CharsetCertCloseStoreClearCommBreakClearCommErrorCoInitializeExCoUninitializeComputerNameExContent-LengthControlServiceCreateEventExWCreateMutexExWCreatePr$ untyped locals %s %s HTTP/1.1, not a function.WithValue(type /etc/resolv.conf0123456789ABCDEF0123456789abcdef2384185791015625: value of type AAENV09UUk4DVg==Already ReportedAwdRU0gJAxlRBQ==B1YfVRwCWgIABg==BlEdRk9NRk5LEUU=BloFFExJQWYOVBw=Build: %d.%d.%dCQ1d$bad symbol tablebinary.BigEndianc2VjdGlvbl9zaXplc2xlZXBfdGltZQ==cG9ydF9maW5nZXI=cGVyVGFza01zZw==cGx1Z2luX2FsaWFzcastogscanstatuscmF3X3Jlc3VsdA==cmVtb3RlX3BvcnQ=content-encodingcontent-languagecontent-locationcontext canceleddS01Y0BQA3tWWV0=division by zeroe3t3$missing stackmapno colon on lineno renegotiationno route to hostnon-Go functionnon-IPv4 addressnon-IPv6 addressobject is remoteproxy-connectionread_frame_otherreflect mismatchregexp: Compile(remote I/O errorruntime: addr = runtime: base = runtime: head = runt$runtime: frame runtime: max = runtime: min = runtimer: bad pscan missed a gstartm: m has pstopm holding psync.Mutex.LocktimeBeginPeriodtraceback stuckunexpected typeunknown Go typeunknown networkunknown versionwinpty_set_sizewrite error: %wx-forwarded-for alre$runtime: pcdata is runtime: preempt g0semaRoot rotateLeftskip this directorystopm holding lockssync.Cond is copiedsysMemStat overflowtoo many open filesunexpected InstFailunexpected g statusunknown Go type: %vunknown certificateunknown cipher typeunknown hash
    • API String ID: 0-2181267761
    • Opcode ID: 72b70bbf1eccb92c67ec3ce77b00f0d51dc907467de03254b3627e6d565d9e16
    • Instruction ID: d1eb6b372b4cab6a804bc2ea9b64b0f7b3c230ce10c463e4c636a1aaebd324c9
    • Opcode Fuzzy Hash: 72b70bbf1eccb92c67ec3ce77b00f0d51dc907467de03254b3627e6d565d9e16
    • Instruction Fuzzy Hash: 2DF15036A1CA8695E650AB19E4407EAB764FB85F80F545031EB8D877AFCF3DD941CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF6B5181190 Relevance: 12.2, APIs: 8, Instructions: 201sleepstringCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1642009164.00007FF6B5181000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B5180000, based on PE: true
    • Associated: 00000000.00000002.1641992535.00007FF6B5180000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642203470.00007FF6B54D7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642222303.00007FF6B54E4000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642246538.00007FF6B550F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642264043.00007FF6B551D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642280720.00007FF6B5521000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642293731.00007FF6B5522000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642306996.00007FF6B5523000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642320363.00007FF6B5525000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B581B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5843000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B584A000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5871000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642775600.00007FF6B5882000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5883000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5886000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642816438.00007FF6B5887000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff6b5180000_pgsql.jbxd
    Similarity
    • API ID: malloc$ExceptionFilterInfoSleepStartupUnhandledmemcpystrlen
    • String ID:
    • API String ID: 649803965-0
    • Opcode ID: cdebac255c9143ee62918824bf315fb201bf8768368cca0fb08461d2e899b05f
    • Instruction ID: 8d9ad7b9e6aa3d4ca617e1acd0448664a31bf2ef29670e91cb909b1dc8c88818
    • Opcode Fuzzy Hash: cdebac255c9143ee62918824bf315fb201bf8768368cca0fb08461d2e899b05f
    • Instruction Fuzzy Hash: 05816732A4962685EB249B6DA4507F923A2AF49F80F844039DF5CC73AFDE6DEC408301
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF6B5208560 Relevance: 9.1, Strings: 6, Instructions: 1574COMMON
    Download Yara Rule
    Strings
    • %!Weekday(%-20s: %v%s|%s%s|%s, bound = , limit = .localhost/dev/stdin/etc/hosts12207031256103515625: parsing :authorityAdditionalBackupReadBad varintCLOSE_WAITCSDVersionCancelIoExChorasmianClassCHAOSClassCSNETConnectionContent-IdCreateFileCreatePipeDSA-SHA256, xrefs: 00007FF6B5209F4B
    • 0, xrefs: 00007FF6B520943D
    • 0, xrefs: 00007FF6B520916C
    • 0, xrefs: 00007FF6B5209213
    • 0, xrefs: 00007FF6B520934F
    • %!Month(2.5.4.102.5.4.112.5.4.1748828125AQgBD1U=AcceptExAcceptedArmenianAwUCAQ==BAD RANKBQFWRwE=BQNPAQ==BQtYB1FcBalineseBopomofoBugineseCFxFEFxBCQD//wAACVddAxwXCancelIoCherokeeClassANYConflictContinueCurveID(CyrillicDNS nameDSA-SHA1DecemberDuployanEEAKRhA=EkRb, xrefs: 00007FF6B520A34B, 00007FF6B520A63E
    Memory Dump Source
    • Source File: 00000000.00000002.1642009164.00007FF6B5181000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B5180000, based on PE: true
    • Associated: 00000000.00000002.1641992535.00007FF6B5180000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642203470.00007FF6B54D7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642222303.00007FF6B54E4000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642246538.00007FF6B550F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642264043.00007FF6B551D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642280720.00007FF6B5521000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642293731.00007FF6B5522000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642306996.00007FF6B5523000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642320363.00007FF6B5525000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B581B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5843000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B584A000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5871000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642775600.00007FF6B5882000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5883000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5886000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642816438.00007FF6B5887000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff6b5180000_pgsql.jbxd
    Similarity
    • API ID:
    • String ID: %!Month(2.5.4.102.5.4.112.5.4.1748828125AQgBD1U=AcceptExAcceptedArmenianAwUCAQ==BAD RANKBQFWRwE=BQNPAQ==BQtYB1FcBalineseBopomofoBugineseCFxFEFxBCQD//wAACVddAxwXCancelIoCherokeeClassANYConflictContinueCurveID(CyrillicDNS nameDSA-SHA1DecemberDuployanEEAKRhA=EkRb$%!Weekday(%-20s: %v%s|%s%s|%s, bound = , limit = .localhost/dev/stdin/etc/hosts12207031256103515625: parsing :authorityAdditionalBackupReadBad varintCLOSE_WAITCSDVersionCancelIoExChorasmianClassCHAOSClassCSNETConnectionContent-IdCreateFileCreatePipeDSA-SHA256$0$0$0$0
    • API String ID: 0-11368702
    • Opcode ID: a3e333d678656527d86b978d6be9a0d06f6a616f578ddb0fca0a952745980fb8
    • Instruction ID: 158c76a9a884d3fece4569199b2be2d655d12d27b17d05db4a68fb3ada554606
    • Opcode Fuzzy Hash: a3e333d678656527d86b978d6be9a0d06f6a616f578ddb0fca0a952745980fb8
    • Instruction Fuzzy Hash: CDF2FA7660ABC580D6748A0AE9553EAA361F789FD0F489022DF8D97B5ECF7CD844DB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF6B518E006 Relevance: 8.0, Strings: 6, Instructions: 515COMMON
    Download Yara Rule
    Strings
    • delayed zeroing on data that may contain pointersecdsa: internal error: truncated hash is too longfully empty unfreed span set block found in resetinternal error: fillWindow called with stale datainvalid memory address or nil pointer dereferenceinvalid or inco, xrefs: 00007FF6B518E757
    • mallocgc called without a P or outside bootstrappingprotocol error: received DATA before a HEADERS frameruntime.SetFinalizer: pointer not in allocated blockruntime: GetQueuedCompletionStatusEx failed (errno= runtime: use of FixAlloc_Alloc before FixAlloc_Init, xrefs: 00007FF6B518E79F
    • malloc deadlockmisaligned maskmissing addressmissing mcache?ms: gomaxprocs=network is downno medium foundno such processnon-minimal tagpreempt SPWRITErecord overflowrecovery failedrecv_rststream_reflectlite.Setruntime error: runtime: frame runtime: max = runti, xrefs: 00007FF6B518E7C5
    • mallocgc called with gcphase == _GCmarkterminationnet/http: HTTP/1.x transport connection broken: %wnet/http: Transport failed to read from server: %vnet/http: cannot rewind body after connection lossrecursive call during initialization - linker skewruntime: u, xrefs: 00007FF6B518E7D6
    • !"#$%%&&''((()))*++,,,,,------....//////0001123333333333444444444455666677777888888888889999999999::::::;;;;;;;;;;;;;;;;<<<<<<<<<<<<<<<<=====>>>>>>>>>>>??????????@@@@@@@@@@@@@@@@@@@@@@AAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC, xrefs: 00007FF6B518E31A
    • malloc during signalnotetsleep not on g0number has no digitsp mcache not flushedpacer: assist ratio=pad length too largepreempt off reason: read_frame_too_largereflect.Value.SetIntreflect.makeFuncStubreflect: cannot use runtime: double waitselectgo: bad wakeup, xrefs: 00007FF6B518E7B0
    Memory Dump Source
    • Source File: 00000000.00000002.1642009164.00007FF6B5181000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B5180000, based on PE: true
    • Associated: 00000000.00000002.1641992535.00007FF6B5180000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642203470.00007FF6B54D7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642222303.00007FF6B54E4000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642246538.00007FF6B550F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642264043.00007FF6B551D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642280720.00007FF6B5521000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642293731.00007FF6B5522000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642306996.00007FF6B5523000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642320363.00007FF6B5525000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B581B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5843000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B584A000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5871000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642775600.00007FF6B5882000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5883000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5886000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642816438.00007FF6B5887000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff6b5180000_pgsql.jbxd
    Similarity
    • API ID:
    • String ID: !"#$%%&&''((()))*++,,,,,------....//////0001123333333333444444444455666677777888888888889999999999::::::;;;;;;;;;;;;;;;;<<<<<<<<<<<<<<<<=====>>>>>>>>>>>??????????@@@@@@@@@@@@@@@@@@@@@@AAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC$delayed zeroing on data that may contain pointersecdsa: internal error: truncated hash is too longfully empty unfreed span set block found in resetinternal error: fillWindow called with stale datainvalid memory address or nil pointer dereferenceinvalid or inco$malloc deadlockmisaligned maskmissing addressmissing mcache?ms: gomaxprocs=network is downno medium foundno such processnon-minimal tagpreempt SPWRITErecord overflowrecovery failedrecv_rststream_reflectlite.Setruntime error: runtime: frame runtime: max = runti$malloc during signalnotetsleep not on g0number has no digitsp mcache not flushedpacer: assist ratio=pad length too largepreempt off reason: read_frame_too_largereflect.Value.SetIntreflect.makeFuncStubreflect: cannot use runtime: double waitselectgo: bad wakeup$mallocgc called with gcphase == _GCmarkterminationnet/http: HTTP/1.x transport connection broken: %wnet/http: Transport failed to read from server: %vnet/http: cannot rewind body after connection lossrecursive call during initialization - linker skewruntime: u$mallocgc called without a P or outside bootstrappingprotocol error: received DATA before a HEADERS frameruntime.SetFinalizer: pointer not in allocated blockruntime: GetQueuedCompletionStatusEx failed (errno= runtime: use of FixAlloc_Alloc before FixAlloc_Init
    • API String ID: 0-702130044
    • Opcode ID: eb92cb328348d8733f5848ab82e1c00b48cead5e9dbc7c98dbdfe295295b2ba9
    • Instruction ID: fe9545f54982bf7fda79d709305152246b5e0b6a32f81e95c9c0c71e6b294cb4
    • Opcode Fuzzy Hash: eb92cb328348d8733f5848ab82e1c00b48cead5e9dbc7c98dbdfe295295b2ba9
    • Instruction Fuzzy Hash: 3E328F62A0CA9182EB60DB19E0407AA6761FB49F94F545231EF9D87B9ECF3CEC44C741
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF6B51B8AE0 Relevance: 7.8, Strings: 6, Instructions: 297COMMON
    Download Yara Rule
    Strings
    • suspendG from non-preemptible goroutinetags don't match (%d vs %+v) %+v %s @%dtls: internal error: wrong nonce lengthtls: unsupported certificate curve (%s)traceback: unexpected SPWRITE function trailing backslash at end of expressiontransport endpoint is alre, xrefs: 00007FF6B51B900B
    • , g->atomicstatus=, gp->atomicstatus=14901161193847656252006-01-02 15:04:0520060102150405Z07007450580596923828125Altai Standard TimeBahia Standard TimeCanadian_AboriginalChina Standard TimeConnection: closeCreatePseudoConsoleCreateSymbolicLinkWCryptReleaseC, xrefs: 00007FF6B51B8FCF
    • , goid=, j0 = , type=19531252.5.4.32.5.4.52.5.4.62.5.4.72.5.4.82.5.4.99765625: type ::ffff::method:scheme:statusAvestanBengaliBrailleCLOSINGCONNECTChanDirConvertCopySidCreatedCypriotDeseretEd25519ElbasanElymaicExpiresFreeSidGODEBUGGranthaHEADERSHanunooIM UsedI, xrefs: 00007FF6B51B8F25, 00007FF6B51B8FAF
    • runtime: gp: gp=runtime: getg: g=runtime: npages = runtime: range = {runtime: textAddr segmentation faultsequence truncatedserver misbehavingstopping the worldstreams pipe errorsync.RWMutex.RLocksystem page size (tracebackancestorstruncated sequenceunexpect, xrefs: 00007FF6B51B8F07
    • invalid g statusinvalid kind, %slength too largemSpanList.insertmSpanList.removemessage too longmissing stackmapno colon on lineno renegotiationno route to hostnon-Go functionnon-IPv4 addressnon-IPv6 addressobject is remoteproxy-connectionread_frame_otherrefl, xrefs: 00007FF6B51B8FFA
    • , gp->atomicstatus=14901161193847656252006-01-02 15:04:0520060102150405Z07007450580596923828125Altai Standard TimeBahia Standard TimeCanadian_AboriginalChina Standard TimeConnection: closeCreatePseudoConsoleCreateSymbolicLinkWCryptReleaseContextDisconnectNam, xrefs: 00007FF6B51B8F45
    Memory Dump Source
    • Source File: 00000000.00000002.1642009164.00007FF6B5181000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B5180000, based on PE: true
    • Associated: 00000000.00000002.1641992535.00007FF6B5180000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642203470.00007FF6B54D7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642222303.00007FF6B54E4000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642246538.00007FF6B550F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642264043.00007FF6B551D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642280720.00007FF6B5521000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642293731.00007FF6B5522000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642306996.00007FF6B5523000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642320363.00007FF6B5525000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B581B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5843000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B584A000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5871000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642775600.00007FF6B5882000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5883000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5886000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642816438.00007FF6B5887000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff6b5180000_pgsql.jbxd
    Similarity
    • API ID:
    • String ID: , g->atomicstatus=, gp->atomicstatus=14901161193847656252006-01-02 15:04:0520060102150405Z07007450580596923828125Altai Standard TimeBahia Standard TimeCanadian_AboriginalChina Standard TimeConnection: closeCreatePseudoConsoleCreateSymbolicLinkWCryptReleaseC$, goid=, j0 = , type=19531252.5.4.32.5.4.52.5.4.62.5.4.72.5.4.82.5.4.99765625: type ::ffff::method:scheme:statusAvestanBengaliBrailleCLOSINGCONNECTChanDirConvertCopySidCreatedCypriotDeseretEd25519ElbasanElymaicExpiresFreeSidGODEBUGGranthaHEADERSHanunooIM UsedI$, gp->atomicstatus=14901161193847656252006-01-02 15:04:0520060102150405Z07007450580596923828125Altai Standard TimeBahia Standard TimeCanadian_AboriginalChina Standard TimeConnection: closeCreatePseudoConsoleCreateSymbolicLinkWCryptReleaseContextDisconnectNam$invalid g statusinvalid kind, %slength too largemSpanList.insertmSpanList.removemessage too longmissing stackmapno colon on lineno renegotiationno route to hostnon-Go functionnon-IPv4 addressnon-IPv6 addressobject is remoteproxy-connectionread_frame_otherrefl$runtime: gp: gp=runtime: getg: g=runtime: npages = runtime: range = {runtime: textAddr segmentation faultsequence truncatedserver misbehavingstopping the worldstreams pipe errorsync.RWMutex.RLocksystem page size (tracebackancestorstruncated sequenceunexpect$suspendG from non-preemptible goroutinetags don't match (%d vs %+v) %+v %s @%dtls: internal error: wrong nonce lengthtls: unsupported certificate curve (%s)traceback: unexpected SPWRITE function trailing backslash at end of expressiontransport endpoint is alre
    • API String ID: 0-4035839667
    • Opcode ID: 6450c14e5763fa0d5f5cee654b75f59224e77ad38cab5e7fb8b1588a27f7c141
    • Instruction ID: d4d6542e4e6a87a26d7e789eeb06cb5235452cc7d6b622e59b1f1851038b258d
    • Opcode Fuzzy Hash: 6450c14e5763fa0d5f5cee654b75f59224e77ad38cab5e7fb8b1588a27f7c141
    • Instruction Fuzzy Hash: 85E13276A0C64592E750EB19E0416EABB61FB89F80F544176EB9D83B9FCE3CD841CB40
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF6B51BF480 Relevance: 6.9, Strings: 5, Instructions: 688COMMON
    Download Yara Rule
    Strings
    • findrunnable: netpoll with pforgetting unknown stream idfound pointer to free objectgcBgMarkWorker: mode not setgcstopm: negative nmspinninggeneral SOCKS server failuregobytes: length out of rangehttp2: Transport received %shttp2: client conn is closedhttp: no, xrefs: 00007FF6B51BFFA5
    • OX'&, xrefs: 00007FF6B51BF70F, 00007FF6B51BFB36, 00007FF6B51BFC02
    • findrunnable: negative nmspinningframe_pushpromise_promiseid_shortfreeing stack not in a stack spango package net: confVal.netCgo = http2: invalid pseudo headers: %vhttp: invalid Read on closed Bodyindefinite length found (not DER)invalid header field value fo, xrefs: 00007FF6B51BFFB6
    • findrunnable: netpoll with spinningflate: corrupt input before offset greyobject: obj not pointer-alignedgzip.Write: Extra data is too largegzip: invalid compression level: %dhpack: invalid Huffman-encoded datahttp: server closed idle connectionmheap.freeSpanL, xrefs: 00007FF6B51BFF8F
    • findrunnable: wrong pframe_ping_has_streamhttp: nil Request.URLinvalid NumericStringinvalid named captureinvalid scalar lengthkey is not comparablelink has been severedlocalhost.localdomainnegative shift amountnet/http: nil Contextpackage not installedpanic on, xrefs: 00007FF6B51BFFC7
    Memory Dump Source
    • Source File: 00000000.00000002.1642009164.00007FF6B5181000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B5180000, based on PE: true
    • Associated: 00000000.00000002.1641992535.00007FF6B5180000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642203470.00007FF6B54D7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642222303.00007FF6B54E4000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642246538.00007FF6B550F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642264043.00007FF6B551D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642280720.00007FF6B5521000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642293731.00007FF6B5522000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642306996.00007FF6B5523000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642320363.00007FF6B5525000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B581B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5843000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B584A000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5871000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642775600.00007FF6B5882000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5883000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5886000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642816438.00007FF6B5887000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff6b5180000_pgsql.jbxd
    Similarity
    • API ID:
    • String ID: findrunnable: negative nmspinningframe_pushpromise_promiseid_shortfreeing stack not in a stack spango package net: confVal.netCgo = http2: invalid pseudo headers: %vhttp: invalid Read on closed Bodyindefinite length found (not DER)invalid header field value fo$findrunnable: netpoll with pforgetting unknown stream idfound pointer to free objectgcBgMarkWorker: mode not setgcstopm: negative nmspinninggeneral SOCKS server failuregobytes: length out of rangehttp2: Transport received %shttp2: client conn is closedhttp: no$findrunnable: netpoll with spinningflate: corrupt input before offset greyobject: obj not pointer-alignedgzip.Write: Extra data is too largegzip: invalid compression level: %dhpack: invalid Huffman-encoded datahttp: server closed idle connectionmheap.freeSpanL$findrunnable: wrong pframe_ping_has_streamhttp: nil Request.URLinvalid NumericStringinvalid named captureinvalid scalar lengthkey is not comparablelink has been severedlocalhost.localdomainnegative shift amountnet/http: nil Contextpackage not installedpanic on$OX'&
    • API String ID: 0-3914619550
    • Opcode ID: 63d1377cf147d6df33e1a6fd783506de67df93abc73592a2417db71009bed965
    • Instruction ID: 6cd92e628f7bd01c58ed8fac77d698631077f475b2afaa70b6414ffd5b8bd5dd
    • Opcode Fuzzy Hash: 63d1377cf147d6df33e1a6fd783506de67df93abc73592a2417db71009bed965
    • Instruction Fuzzy Hash: 11624D22A0DAD285EB61AB19E4403FA63A1EB89F84F444035DB5D87B9FDF6CEC45C740
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF6B520F3A0 Relevance: 5.3, Strings: 4, Instructions: 349COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1642009164.00007FF6B5181000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B5180000, based on PE: true
    • Associated: 00000000.00000002.1641992535.00007FF6B5180000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642203470.00007FF6B54D7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642222303.00007FF6B54E4000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642246538.00007FF6B550F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642264043.00007FF6B551D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642280720.00007FF6B5521000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642293731.00007FF6B5522000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642306996.00007FF6B5523000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642320363.00007FF6B5525000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B581B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5843000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B584A000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5871000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642775600.00007FF6B5882000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5883000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5886000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642816438.00007FF6B5887000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff6b5180000_pgsql.jbxd
    Similarity
    • API ID:
    • String ID: 0$0$m$s
    • API String ID: 0-1604854960
    • Opcode ID: 5cfc6c19fb7c8cb9522ead64d1155771ebfae62f7110df550f119fa870ad6734
    • Instruction ID: eb53c4d0fbec7b58ad85d8254b44965f9695087e231dd519f5d0800550914e96
    • Opcode Fuzzy Hash: 5cfc6c19fb7c8cb9522ead64d1155771ebfae62f7110df550f119fa870ad6734
    • Instruction Fuzzy Hash: 79C1CE41F5F6C642FA64861DAA64AF99681AB45FC0F584032CF0D87BAFDE6CEC058300
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF6B519A440 Relevance: 5.3, Strings: 4, Instructions: 332COMMON
    Download Yara Rule
    Strings
    • != sweepgen MB globals, MB) workers= called from flushedWork idlethreads= in host name is nil, not nStackRoots= out of range pluginpath= s.spanclass= span.base()= syscalltick= work.nproc= work.nwait= , gp->status=, not pointer-byte block (3814697265625, xrefs: 00007FF6B519A985
    • p mcache not flushedpacer: assist ratio=pad length too largepreempt off reason: read_frame_too_largereflect.Value.SetIntreflect.makeFuncStubreflect: cannot use runtime: double waitselectgo: bad wakeupsemaRoot rotateRighttime: invalid numbertrace: out of memory, xrefs: 00007FF6B519A9AA
    • runtime: p scheddetailsechost.dllsecur32.dllshell32.dllshort writestack tracetls: alert(tracealloc(traffic updunreachableuserenv.dllversion.dllwinpty_freewinpty_openwsarecvfrom (sensitive) B (goal KiB total, MB stacks, PRIVATE KEY [recovered] allocCoun, xrefs: 00007FF6B519A946
    • flushGen gfreecnt= heapGoal= pages at ptrSize= runqsize= runqueue= s.base()= spinning= stopwait= stream=%d sweepgen sweepgen= targetpc= throwing= until pc=%!Weekday(%-20s: %v%s|%s%s|%s, bound = , limit = .localhost/dev/stdin/etc/hosts12207031256103515625, xrefs: 00007FF6B519A965
    Memory Dump Source
    • Source File: 00000000.00000002.1642009164.00007FF6B5181000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B5180000, based on PE: true
    • Associated: 00000000.00000002.1641992535.00007FF6B5180000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642203470.00007FF6B54D7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642222303.00007FF6B54E4000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642246538.00007FF6B550F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642264043.00007FF6B551D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642280720.00007FF6B5521000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642293731.00007FF6B5522000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642306996.00007FF6B5523000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642320363.00007FF6B5525000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B581B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5843000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B584A000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5871000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642775600.00007FF6B5882000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5883000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5886000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642816438.00007FF6B5887000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff6b5180000_pgsql.jbxd
    Similarity
    • API ID:
    • String ID: != sweepgen MB globals, MB) workers= called from flushedWork idlethreads= in host name is nil, not nStackRoots= out of range pluginpath= s.spanclass= span.base()= syscalltick= work.nproc= work.nwait= , gp->status=, not pointer-byte block (3814697265625$ flushGen gfreecnt= heapGoal= pages at ptrSize= runqsize= runqueue= s.base()= spinning= stopwait= stream=%d sweepgen sweepgen= targetpc= throwing= until pc=%!Weekday(%-20s: %v%s|%s%s|%s, bound = , limit = .localhost/dev/stdin/etc/hosts12207031256103515625$p mcache not flushedpacer: assist ratio=pad length too largepreempt off reason: read_frame_too_largereflect.Value.SetIntreflect.makeFuncStubreflect: cannot use runtime: double waitselectgo: bad wakeupsemaRoot rotateRighttime: invalid numbertrace: out of memory$runtime: p scheddetailsechost.dllsecur32.dllshell32.dllshort writestack tracetls: alert(tracealloc(traffic updunreachableuserenv.dllversion.dllwinpty_freewinpty_openwsarecvfrom (sensitive) B (goal KiB total, MB stacks, PRIVATE KEY [recovered] allocCoun
    • API String ID: 0-3404427911
    • Opcode ID: 1fbbc9dc4e20642808d8ac0b8a312c16d44b2632de990b233d7550c72e7a517e
    • Instruction ID: 8cc8010c33d7381ebf2d2eab8625ee132f60f94f4ca942bd5765f9095a488cfb
    • Opcode Fuzzy Hash: 1fbbc9dc4e20642808d8ac0b8a312c16d44b2632de990b233d7550c72e7a517e
    • Instruction Fuzzy Hash: ABF14C36A0965286E700DB29E4812E96761FB49BA0F544235DB6D83BEFDF3DEC46C700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF6B51BC400 Relevance: 5.3, Strings: 4, Instructions: 256COMMON
    Download Yara Rule
    Strings
    • casgstatus: bad incoming valuescheckmark found unmarked objectcrypto/ecdh: invalid public keycrypto/rsa: invalid prime valueencoding/hex: invalid byte: %#Uentersyscallblock inconsistent fmt: unknown base; can't happenframe_headers_prio_weight_shorthttp2: conne, xrefs: 00007FF6B51BC80F
    • casgstatus: waiting for Gwaiting but is Grunnablechacha20poly1305: bad nonce length passed to Openchacha20poly1305: bad nonce length passed to Sealcrypto/elliptic: internal error: invalid encodingcrypto/tls: ExportKeyingMaterial context too longdelayed zeroing, xrefs: 00007FF6B51BC785
    • newval= nfreed= packed= ping=%q pointer stack=[ status %!Month(2.5.4.102.5.4.112.5.4.1748828125AQgBD1U=AcceptExAcceptedArmenianAwUCAQ==BAD RANKBQFWRwE=BQNPAQ==BQtYB1FcBalineseBopomofoBugineseCFxFEFxBCQD//wAACVddAxwXCancelIoCherokeeClassANYConflictContinueCurv, xrefs: 00007FF6B51BC7E8
    • runtime: casgstatus: oldval=runtime: no module data for save on system g not allowedunexpected protocol version winpty_config_set_mouse_modex509: invalid DSA parametersx509: invalid DSA public keyx509: invalid RSA public keyx509: unknown elliptic curve cannot , xrefs: 00007FF6B51BC7CD
    Memory Dump Source
    • Source File: 00000000.00000002.1642009164.00007FF6B5181000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B5180000, based on PE: true
    • Associated: 00000000.00000002.1641992535.00007FF6B5180000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642203470.00007FF6B54D7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642222303.00007FF6B54E4000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642246538.00007FF6B550F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642264043.00007FF6B551D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642280720.00007FF6B5521000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642293731.00007FF6B5522000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642306996.00007FF6B5523000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642320363.00007FF6B5525000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B581B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5843000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B584A000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5871000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642775600.00007FF6B5882000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5883000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5886000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642816438.00007FF6B5887000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff6b5180000_pgsql.jbxd
    Similarity
    • API ID:
    • String ID: newval= nfreed= packed= ping=%q pointer stack=[ status %!Month(2.5.4.102.5.4.112.5.4.1748828125AQgBD1U=AcceptExAcceptedArmenianAwUCAQ==BAD RANKBQFWRwE=BQNPAQ==BQtYB1FcBalineseBopomofoBugineseCFxFEFxBCQD//wAACVddAxwXCancelIoCherokeeClassANYConflictContinueCurv$casgstatus: bad incoming valuescheckmark found unmarked objectcrypto/ecdh: invalid public keycrypto/rsa: invalid prime valueencoding/hex: invalid byte: %#Uentersyscallblock inconsistent fmt: unknown base; can't happenframe_headers_prio_weight_shorthttp2: conne$casgstatus: waiting for Gwaiting but is Grunnablechacha20poly1305: bad nonce length passed to Openchacha20poly1305: bad nonce length passed to Sealcrypto/elliptic: internal error: invalid encodingcrypto/tls: ExportKeyingMaterial context too longdelayed zeroing$runtime: casgstatus: oldval=runtime: no module data for save on system g not allowedunexpected protocol version winpty_config_set_mouse_modex509: invalid DSA parametersx509: invalid DSA public keyx509: invalid RSA public keyx509: unknown elliptic curve cannot
    • API String ID: 0-2105969404
    • Opcode ID: 4adcce6bce56a88742f64ad4ea7a20b9b12efc723268a6cc81634cb714dfdd23
    • Instruction ID: 4f6c28a00cf6999712534cd98a5e50a19dee9fede731b19c43519cdb1ddd39de
    • Opcode Fuzzy Hash: 4adcce6bce56a88742f64ad4ea7a20b9b12efc723268a6cc81634cb714dfdd23
    • Instruction Fuzzy Hash: 10C13036A0964685E754EB29E0853AA7761FB4AF84F144132EB9D83B9FDF3DE841C700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF6B51B9340 Relevance: 5.2, Strings: 4, Instructions: 241COMMON
    Download Yara Rule
    Strings
    • reflect., xrefs: 00007FF6B51B95B4
    • runtime/internal/runtime: level = runtime: nameOff runtime: pointer runtime: summary[runtime: textOff runtime: typeOff scanobject n == 0select (no cases)socket closed: %wstack: frame={sp:swept cached spansync.RWMutex.Lockthread exhaustiontransfer-encodingtrunc, xrefs: 00007FF6B51B9583
    • bad restart PCbad span statecontent-lengthdata truncatedfile too largefinalizer waitgcstoptheworldgetprotobynameinternal errorinvalid pid %vinvalid syntaxis a directorylevel 2 haltedlevel 3 haltedneed more datanil elem type!no module datano such deviceprotocol, xrefs: 00007FF6B51B96A2
    • runtime., xrefs: 00007FF6B51B9550
    Memory Dump Source
    • Source File: 00000000.00000002.1642009164.00007FF6B5181000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B5180000, based on PE: true
    • Associated: 00000000.00000002.1641992535.00007FF6B5180000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642203470.00007FF6B54D7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642222303.00007FF6B54E4000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642246538.00007FF6B550F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642264043.00007FF6B551D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642280720.00007FF6B5521000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642293731.00007FF6B5522000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642306996.00007FF6B5523000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642320363.00007FF6B5525000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B581B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5843000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B584A000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5871000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642775600.00007FF6B5882000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5883000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5886000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642816438.00007FF6B5887000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff6b5180000_pgsql.jbxd
    Similarity
    • API ID:
    • String ID: bad restart PCbad span statecontent-lengthdata truncatedfile too largefinalizer waitgcstoptheworldgetprotobynameinternal errorinvalid pid %vinvalid syntaxis a directorylevel 2 haltedlevel 3 haltedneed more datanil elem type!no module datano such deviceprotocol$reflect.$runtime.$runtime/internal/runtime: level = runtime: nameOff runtime: pointer runtime: summary[runtime: textOff runtime: typeOff scanobject n == 0select (no cases)socket closed: %wstack: frame={sp:swept cached spansync.RWMutex.Lockthread exhaustiontransfer-encodingtrunc
    • API String ID: 0-3664723679
    • Opcode ID: 6b6e782e8e382fcf20dc38363b27d959299d08cf03b18ef6d6801ff3a79823be
    • Instruction ID: 8b47ab2c97462b33e5d0491e1ea7e28f9c7b6d1161cb2d986f786c675934da0f
    • Opcode Fuzzy Hash: 6b6e782e8e382fcf20dc38363b27d959299d08cf03b18ef6d6801ff3a79823be
    • Instruction Fuzzy Hash: C7A17672B08A4186EB509F19E0402EAA761FB85F84F584131EB9D8779EDF7CD855CB40
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF6B51867E0 Relevance: 4.1, Strings: 3, Instructions: 382COMMON
    Download Yara Rule
    Strings
    • chansend: spurious wakeupcheckdead: no m for timercheckdead: no p for timercontext deadline exceededexplicit tag has no childframe_data_pad_byte_shortframe_headers_pad_too_bigframe_headers_zero_streamframe_priority_bad_lengthframe_settings_has_streamhttp2: Fra, xrefs: 00007FF6B5186DA2
    • unreachableuserenv.dllversion.dllwinpty_freewinpty_openwsarecvfrom (sensitive) B (goal KiB total, MB stacks, PRIVATE KEY [recovered] allocCount found at *( gcscandone m->gsignal= maxTrigger= nDataRoots= nSpanRoots= pages/byte preemptoff= s.elemsize=, xrefs: 00007FF6B51868DB
    • G waiting list is corruptedGetSecurityDescriptorLengthGetUserPreferredUILanguagesLookupPrivilegeDisplayNameWNAF digits must fit in int8PdhGetFormattedCounterValueSetupDiClassNameFromGuidExWSetupDiGetDeviceInstanceIdWSetupDiGetDriverInfoDetailWStartServiceCtrlD, xrefs: 00007FF6B5186DC6
    Memory Dump Source
    • Source File: 00000000.00000002.1642009164.00007FF6B5181000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B5180000, based on PE: true
    • Associated: 00000000.00000002.1641992535.00007FF6B5180000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642203470.00007FF6B54D7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642222303.00007FF6B54E4000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642246538.00007FF6B550F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642264043.00007FF6B551D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642280720.00007FF6B5521000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642293731.00007FF6B5522000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642306996.00007FF6B5523000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642320363.00007FF6B5525000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B581B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5843000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B584A000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5871000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642775600.00007FF6B5882000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5883000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5886000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642816438.00007FF6B5887000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff6b5180000_pgsql.jbxd
    Similarity
    • API ID:
    • String ID: G waiting list is corruptedGetSecurityDescriptorLengthGetUserPreferredUILanguagesLookupPrivilegeDisplayNameWNAF digits must fit in int8PdhGetFormattedCounterValueSetupDiClassNameFromGuidExWSetupDiGetDeviceInstanceIdWSetupDiGetDriverInfoDetailWStartServiceCtrlD$chansend: spurious wakeupcheckdead: no m for timercheckdead: no p for timercontext deadline exceededexplicit tag has no childframe_data_pad_byte_shortframe_headers_pad_too_bigframe_headers_zero_streamframe_priority_bad_lengthframe_settings_has_streamhttp2: Fra$unreachableuserenv.dllversion.dllwinpty_freewinpty_openwsarecvfrom (sensitive) B (goal KiB total, MB stacks, PRIVATE KEY [recovered] allocCount found at *( gcscandone m->gsignal= maxTrigger= nDataRoots= nSpanRoots= pages/byte preemptoff= s.elemsize=
    • API String ID: 0-790451292
    • Opcode ID: 7525ac060ec4abf27dc26a9daedb79778c93923a5ed9d94b3c7775b72e83639b
    • Instruction ID: 6ede07b99cba0c7916ce2f0c2a185c6adc6cac6975f201498afcc1d17d27dd5b
    • Opcode Fuzzy Hash: 7525ac060ec4abf27dc26a9daedb79778c93923a5ed9d94b3c7775b72e83639b
    • Instruction Fuzzy Hash: 8A02BC32A08B8186E6209B29E4403EA67A1FB55FA4F545235DB9C87BDFCF7CE845C701
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF6B51B55C0 Relevance: 4.0, Strings: 3, Instructions: 271COMMON
    Download Yara Rule
    Strings
    • runtime.preemptM: duplicatehandle failedruntime: SyscallN has too many argumentsruntime: out of memory: cannot allocate runtime: typeBitsBulkBarrier with type ryuFtoaFixed32 called with negative prectime: Stop called on uninitialized Timertls: received empty , xrefs: 00007FF6B51B5A4F
    • self-preemptsetupapi.dllshort bufferspanSetSpinesweepWaiterstraceStringstransmitfileunexpected )unknown portwinpty_spawnwintrust.dllwirep: p->m=worker mode wtsapi32.dllx-powered-by != sweepgen MB globals, MB) workers= called from flushedWork idlethreads= i, xrefs: 00007FF6B51B5A65
    • runtime.preemptM: duplicatehandle failed; errno=runtime: waitforsingleobject unexpected; result=runtime: waitforsingleobject wait_failed; errno=slice bounds out of range [:%x] with capacity %ystrconv: illegal AppendFloat/FormatFloat bitSizesyscall: string with, xrefs: 00007FF6B51B5A25
    Memory Dump Source
    • Source File: 00000000.00000002.1642009164.00007FF6B5181000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B5180000, based on PE: true
    • Associated: 00000000.00000002.1641992535.00007FF6B5180000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642203470.00007FF6B54D7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642222303.00007FF6B54E4000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642246538.00007FF6B550F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642264043.00007FF6B551D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642280720.00007FF6B5521000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642293731.00007FF6B5522000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642306996.00007FF6B5523000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642320363.00007FF6B5525000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B581B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5843000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B584A000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5871000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642775600.00007FF6B5882000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5883000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5886000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642816438.00007FF6B5887000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff6b5180000_pgsql.jbxd
    Similarity
    • API ID:
    • String ID: runtime.preemptM: duplicatehandle failed; errno=runtime: waitforsingleobject unexpected; result=runtime: waitforsingleobject wait_failed; errno=slice bounds out of range [:%x] with capacity %ystrconv: illegal AppendFloat/FormatFloat bitSizesyscall: string with$runtime.preemptM: duplicatehandle failedruntime: SyscallN has too many argumentsruntime: out of memory: cannot allocate runtime: typeBitsBulkBarrier with type ryuFtoaFixed32 called with negative prectime: Stop called on uninitialized Timertls: received empty $self-preemptsetupapi.dllshort bufferspanSetSpinesweepWaiterstraceStringstransmitfileunexpected )unknown portwinpty_spawnwintrust.dllwirep: p->m=worker mode wtsapi32.dllx-powered-by != sweepgen MB globals, MB) workers= called from flushedWork idlethreads= i
    • API String ID: 0-2965204435
    • Opcode ID: 4e009829499c23e504e69a07b9d924d65ef1895c67db1a53f49ca67a75bfff55
    • Instruction ID: 60867f84472b53f0bae0ac0ddee4dfdb62a1195cd76cf48fe459c1f416c941ae
    • Opcode Fuzzy Hash: 4e009829499c23e504e69a07b9d924d65ef1895c67db1a53f49ca67a75bfff55
    • Instruction Fuzzy Hash: 49D12E36A08B8181D651EF19E4413AAB760FB46F95F459236DBAC9379EDF3CD881CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF6B51A1120 Relevance: 3.9, Strings: 3, Instructions: 174COMMON
    Download Yara Rule
    Strings
    • pacer: assist ratio=pad length too largepreempt off reason: read_frame_too_largereflect.Value.SetIntreflect.makeFuncStubreflect: cannot use runtime: double waitselectgo: bad wakeupsemaRoot rotateRighttime: invalid numbertrace: out of memoryunexpected network: , xrefs: 00007FF6B51A1317
    • (scan (scan) MB in Value> allocs dying= flags= len=%d locks= m->g0= nmsys= pad1= pad2= s=nil text= using zombie% CPU (, goid=, j0 = , type=19531252.5.4.32.5.4.52.5.4.62.5.4.72.5.4.82.5.4.99765625: type ::ffff::method:scheme:statusAvestanBengaliBrailleC, xrefs: 00007FF6B51A1337
    • MB) workers= called from flushedWork idlethreads= in host name is nil, not nStackRoots= out of range pluginpath= s.spanclass= span.base()= syscalltick= work.nproc= work.nwait= , gp->status=, not pointer-byte block (3814697265625: unknown pc Accept-Ranges, xrefs: 00007FF6B51A1394
    Memory Dump Source
    • Source File: 00000000.00000002.1642009164.00007FF6B5181000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B5180000, based on PE: true
    • Associated: 00000000.00000002.1641992535.00007FF6B5180000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642203470.00007FF6B54D7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642222303.00007FF6B54E4000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642246538.00007FF6B550F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642264043.00007FF6B551D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642280720.00007FF6B5521000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642293731.00007FF6B5522000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642306996.00007FF6B5523000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642320363.00007FF6B5525000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B581B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5843000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B584A000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5871000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642775600.00007FF6B5882000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5883000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5886000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642816438.00007FF6B5887000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff6b5180000_pgsql.jbxd
    Similarity
    • API ID:
    • String ID: (scan (scan) MB in Value> allocs dying= flags= len=%d locks= m->g0= nmsys= pad1= pad2= s=nil text= using zombie% CPU (, goid=, j0 = , type=19531252.5.4.32.5.4.52.5.4.62.5.4.72.5.4.82.5.4.99765625: type ::ffff::method:scheme:statusAvestanBengaliBrailleC$ MB) workers= called from flushedWork idlethreads= in host name is nil, not nStackRoots= out of range pluginpath= s.spanclass= span.base()= syscalltick= work.nproc= work.nwait= , gp->status=, not pointer-byte block (3814697265625: unknown pc Accept-Ranges$pacer: assist ratio=pad length too largepreempt off reason: read_frame_too_largereflect.Value.SetIntreflect.makeFuncStubreflect: cannot use runtime: double waitselectgo: bad wakeupsemaRoot rotateRighttime: invalid numbertrace: out of memoryunexpected network:
    • API String ID: 0-4257407352
    • Opcode ID: 23a35857a45998d11df94aef7dac84ad84e971280bd5b6c2913235e8418ecd6c
    • Instruction ID: 62077145f968808950f6095c77b10162b4b4778580a8ce8de40bea4d085beab2
    • Opcode Fuzzy Hash: 23a35857a45998d11df94aef7dac84ad84e971280bd5b6c2913235e8418ecd6c
    • Instruction Fuzzy Hash: B781B52291DB4585E712EB29E4402E967A5FF86BC0F048231EB4D9775FDF3CE8458700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF6B51C88E0 Relevance: 3.7, Strings: 2, Instructions: 1171COMMON
    Download Yara Rule
    Strings
    • selectgo: bad wakeupsemaRoot rotateRighttime: invalid numbertrace: out of memoryunexpected network: unknown PSK identityunknown address typewinpty_agent_processwirep: already in goworkbuf is not emptywrite of Go pointer ws2_32.dll not foundx509: malformed spki, xrefs: 00007FF6B51C9689
    • gp.waiting != nilhandshake failureif-modified-sinceillegal parameterindex > windowEndinteger too largeinvalid BMPStringinvalid IA5Stringinvalid bit size invalid stream IDlocked m0 woke upmark - bad statusmarkBits overflowmessage too largemissing closing )missi, xrefs: 00007FF6B51C96B0
    Memory Dump Source
    • Source File: 00000000.00000002.1642009164.00007FF6B5181000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B5180000, based on PE: true
    • Associated: 00000000.00000002.1641992535.00007FF6B5180000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642203470.00007FF6B54D7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642222303.00007FF6B54E4000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642246538.00007FF6B550F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642264043.00007FF6B551D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642280720.00007FF6B5521000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642293731.00007FF6B5522000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642306996.00007FF6B5523000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642320363.00007FF6B5525000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B581B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5843000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B584A000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5871000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642775600.00007FF6B5882000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5883000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5886000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642816438.00007FF6B5887000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff6b5180000_pgsql.jbxd
    Similarity
    • API ID:
    • String ID: gp.waiting != nilhandshake failureif-modified-sinceillegal parameterindex > windowEndinteger too largeinvalid BMPStringinvalid IA5Stringinvalid bit size invalid stream IDlocked m0 woke upmark - bad statusmarkBits overflowmessage too largemissing closing )missi$selectgo: bad wakeupsemaRoot rotateRighttime: invalid numbertrace: out of memoryunexpected network: unknown PSK identityunknown address typewinpty_agent_processwirep: already in goworkbuf is not emptywrite of Go pointer ws2_32.dll not foundx509: malformed spki
    • API String ID: 0-562774127
    • Opcode ID: 4a69174c75431248ba9c38b0c38aa748934019904cdbc0aab42e82f19fc278b5
    • Instruction ID: 775453cfd058a0d21387dd84f36f8db05fa04506a24677ad7a3d9cd244297daf
    • Opcode Fuzzy Hash: 4a69174c75431248ba9c38b0c38aa748934019904cdbc0aab42e82f19fc278b5
    • Instruction Fuzzy Hash: 6DC28D32A08BC192E6609F1AA4403EAA361FB45FD4F449531DB8D8BB9ECF7DE854C700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF6B5187580 Relevance: 2.9, Strings: 2, Instructions: 418COMMON
    Download Yara Rule
    Strings
    • unreachableuserenv.dllversion.dllwinpty_freewinpty_openwsarecvfrom (sensitive) B (goal KiB total, MB stacks, PRIVATE KEY [recovered] allocCount found at *( gcscandone m->gsignal= maxTrigger= nDataRoots= nSpanRoots= pages/byte preemptoff= s.elemsize=, xrefs: 00007FF6B5187730
    • G waiting list is corruptedGetSecurityDescriptorLengthGetUserPreferredUILanguagesLookupPrivilegeDisplayNameWNAF digits must fit in int8PdhGetFormattedCounterValueSetupDiClassNameFromGuidExWSetupDiGetDeviceInstanceIdWSetupDiGetDriverInfoDetailWStartServiceCtrlD, xrefs: 00007FF6B5187AE4
    Memory Dump Source
    • Source File: 00000000.00000002.1642009164.00007FF6B5181000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B5180000, based on PE: true
    • Associated: 00000000.00000002.1641992535.00007FF6B5180000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642203470.00007FF6B54D7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642222303.00007FF6B54E4000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642246538.00007FF6B550F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642264043.00007FF6B551D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642280720.00007FF6B5521000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642293731.00007FF6B5522000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642306996.00007FF6B5523000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642320363.00007FF6B5525000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B581B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5843000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B584A000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5871000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642775600.00007FF6B5882000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5883000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5886000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642816438.00007FF6B5887000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff6b5180000_pgsql.jbxd
    Similarity
    • API ID:
    • String ID: G waiting list is corruptedGetSecurityDescriptorLengthGetUserPreferredUILanguagesLookupPrivilegeDisplayNameWNAF digits must fit in int8PdhGetFormattedCounterValueSetupDiClassNameFromGuidExWSetupDiGetDeviceInstanceIdWSetupDiGetDriverInfoDetailWStartServiceCtrlD$unreachableuserenv.dllversion.dllwinpty_freewinpty_openwsarecvfrom (sensitive) B (goal KiB total, MB stacks, PRIVATE KEY [recovered] allocCount found at *( gcscandone m->gsignal= maxTrigger= nDataRoots= nSpanRoots= pages/byte preemptoff= s.elemsize=
    • API String ID: 0-830506372
    • Opcode ID: 8d5d627d25262fdc960f9dae1ad4237aab21e309c3aad1c06a624378daa75300
    • Instruction ID: 0e6ae919700fa71eea5fbf142afacebf8a058e62cb34a7df5c822cc5ddc38d72
    • Opcode Fuzzy Hash: 8d5d627d25262fdc960f9dae1ad4237aab21e309c3aad1c06a624378daa75300
    • Instruction Fuzzy Hash: 1A126032A08B8185E6609B19E4403E9A7A1FB85FC4F589035DB8C87B9FCFBED845C751
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF6B51F0AE0 Relevance: 2.8, Strings: 2, Instructions: 324COMMON
    Download Yara Rule
    Strings
    • reflectlite.Value.IsNilruntime: internal errorruntime: netpoll failedruntime: s.allocCount= s.allocCount > s.nelemsschedule: holding lockssegment length too longshrinkstack at bad timeskipping Question Classspan has no free stacksstack growth after forksyntax , xrefs: 00007FF6B51F0FF9
    • reflectlite.Value.Typeremote address changedruntime.main not on m0runtime: work.nwait = runtime:scanstack: gp=s.freeindex > s.nelemsscanstack - bad statussend on closed channelskipping Question Nameskipping Question Typespan has no free spacestack not a power , xrefs: 00007FF6B51F102F
    Memory Dump Source
    • Source File: 00000000.00000002.1642009164.00007FF6B5181000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B5180000, based on PE: true
    • Associated: 00000000.00000002.1641992535.00007FF6B5180000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642203470.00007FF6B54D7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642222303.00007FF6B54E4000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642246538.00007FF6B550F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642264043.00007FF6B551D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642280720.00007FF6B5521000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642293731.00007FF6B5522000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642306996.00007FF6B5523000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642320363.00007FF6B5525000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B581B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5843000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B584A000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5871000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642775600.00007FF6B5882000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5883000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5886000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642816438.00007FF6B5887000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff6b5180000_pgsql.jbxd
    Similarity
    • API ID:
    • String ID: reflectlite.Value.IsNilruntime: internal errorruntime: netpoll failedruntime: s.allocCount= s.allocCount > s.nelemsschedule: holding lockssegment length too longshrinkstack at bad timeskipping Question Classspan has no free stacksstack growth after forksyntax $reflectlite.Value.Typeremote address changedruntime.main not on m0runtime: work.nwait = runtime:scanstack: gp=s.freeindex > s.nelemsscanstack - bad statussend on closed channelskipping Question Nameskipping Question Typespan has no free spacestack not a power
    • API String ID: 0-1152108645
    • Opcode ID: adcadd2cf582eefe7a6e8c50e14680b535f408a7d22e05f6e12e9a5b4d6750b6
    • Instruction ID: 4a66c6a99660bbc13b95cb666c2441fb776ab8bd2694dd16ae1c93a99c964631
    • Opcode Fuzzy Hash: adcadd2cf582eefe7a6e8c50e14680b535f408a7d22e05f6e12e9a5b4d6750b6
    • Instruction Fuzzy Hash: 8CE11E76A1DB8581EA61DB19E4403EAA3A5FB84F84F444435DB8E87B6EDF3CE845C700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF6B51C1A80 Relevance: 2.7, Strings: 2, Instructions: 163COMMON
    Download Yara Rule
    Strings
    • internal lockOSThread errorinvalid HTTP header name %qinvalid P224 point encodinginvalid P256 point encodinginvalid P384 point encodinginvalid P521 point encodinginvalid dependent stream IDinvalid profile bucket typekey was rejected by servicemakechan: size ou, xrefs: 00007FF6B51C1D4F
    • invalid m->lockedInt = invalid scalar encodingleft over markroot jobsmakechan: bad alignmentmalformed HTTP responsemissing port in addressmissing protocol schememissing type in runfinqnanotime returning zeronetwork not implementedno application protocolno spac, xrefs: 00007FF6B51C1D26
    Memory Dump Source
    • Source File: 00000000.00000002.1642009164.00007FF6B5181000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B5180000, based on PE: true
    • Associated: 00000000.00000002.1641992535.00007FF6B5180000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642203470.00007FF6B54D7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642222303.00007FF6B54E4000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642246538.00007FF6B550F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642264043.00007FF6B551D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642280720.00007FF6B5521000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642293731.00007FF6B5522000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642306996.00007FF6B5523000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642320363.00007FF6B5525000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B581B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5843000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B584A000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5871000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642775600.00007FF6B5882000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5883000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5886000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642816438.00007FF6B5887000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff6b5180000_pgsql.jbxd
    Similarity
    • API ID:
    • String ID: internal lockOSThread errorinvalid HTTP header name %qinvalid P224 point encodinginvalid P256 point encodinginvalid P384 point encodinginvalid P521 point encodinginvalid dependent stream IDinvalid profile bucket typekey was rejected by servicemakechan: size ou$invalid m->lockedInt = invalid scalar encodingleft over markroot jobsmakechan: bad alignmentmalformed HTTP responsemissing port in addressmissing protocol schememissing type in runfinqnanotime returning zeronetwork not implementedno application protocolno spac
    • API String ID: 0-1257318229
    • Opcode ID: f226128ee05b9dac4e472ab88d4a32e96d00c2a38b20ac5107fde7adaf872794
    • Instruction ID: 66b0b8058cc3f405bc19b6543d7d587fdcc61931d0846f1c119fa1599697061e
    • Opcode Fuzzy Hash: f226128ee05b9dac4e472ab88d4a32e96d00c2a38b20ac5107fde7adaf872794
    • Instruction Fuzzy Hash: E4816A32A48B9282E7119F28E4403EA6361FB45F84F549231DB4D9BB9ECF7DE945C740
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF6B51F92E0 Relevance: 2.6, Strings: 2, Instructions: 150COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1642009164.00007FF6B5181000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B5180000, based on PE: true
    • Associated: 00000000.00000002.1641992535.00007FF6B5180000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642203470.00007FF6B54D7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642222303.00007FF6B54E4000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642246538.00007FF6B550F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642264043.00007FF6B551D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642280720.00007FF6B5521000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642293731.00007FF6B5522000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642306996.00007FF6B5523000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642320363.00007FF6B5525000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B581B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5843000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B584A000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5871000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642775600.00007FF6B5882000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5883000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5886000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642816438.00007FF6B5887000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff6b5180000_pgsql.jbxd
    Similarity
    • API ID:
    • String ID: 2$2
    • API String ID: 0-3784399050
    • Opcode ID: a91d66072c00290702c6736ae677fdd122dc9fcd9703cb3b7cc53dbf564548c2
    • Instruction ID: e01aef7e6d2214e9b02d6096d08aaf5252296140a3cab60561ce722bcffbef36
    • Opcode Fuzzy Hash: a91d66072c00290702c6736ae677fdd122dc9fcd9703cb3b7cc53dbf564548c2
    • Instruction Fuzzy Hash: C6611D36609B8186DB50DF69E5503AAA7A0F789B80F544435EB8D83B6EDF3CD8448F00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF6B51F7FE0 Relevance: 1.9, Strings: 1, Instructions: 679COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1642009164.00007FF6B5181000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B5180000, based on PE: true
    • Associated: 00000000.00000002.1641992535.00007FF6B5180000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642203470.00007FF6B54D7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642222303.00007FF6B54E4000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642246538.00007FF6B550F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642264043.00007FF6B551D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642280720.00007FF6B5521000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642293731.00007FF6B5522000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642306996.00007FF6B5523000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642320363.00007FF6B5525000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B581B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5843000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B584A000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5871000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642775600.00007FF6B5882000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5883000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5886000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642816438.00007FF6B5887000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff6b5180000_pgsql.jbxd
    Similarity
    • API ID:
    • String ID: p
    • API String ID: 0-2181537457
    • Opcode ID: e0549ca43c528152e14841bb0ba4d622e1bc9380a5d834bdcccdd0c5b42adc60
    • Instruction ID: 9b6837c7e44c5e4202dac0fc11340d07e8206f4b8eeb236b8840a18374eac21b
    • Opcode Fuzzy Hash: e0549ca43c528152e14841bb0ba4d622e1bc9380a5d834bdcccdd0c5b42adc60
    • Instruction Fuzzy Hash: 6E72C33660DBC195EAB19B16E4543EAB3A1FB89B80F444136DB8C87B5EDF3CD8558B00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF6B5224260 Relevance: 1.8, Strings: 1, Instructions: 553COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1642009164.00007FF6B5181000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B5180000, based on PE: true
    • Associated: 00000000.00000002.1641992535.00007FF6B5180000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642203470.00007FF6B54D7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642222303.00007FF6B54E4000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642246538.00007FF6B550F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642264043.00007FF6B551D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642280720.00007FF6B5521000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642293731.00007FF6B5522000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642306996.00007FF6B5523000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642320363.00007FF6B5525000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B581B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5843000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B584A000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5871000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642775600.00007FF6B5882000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5883000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5886000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642816438.00007FF6B5887000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff6b5180000_pgsql.jbxd
    Similarity
    • API ID:
    • String ID: \
    • API String ID: 0-2967466578
    • Opcode ID: 16b5dc12d8e9a7ef98e7108ae6680ed93b0a619b83df0f8e21171930a1095709
    • Instruction ID: 6af0f8b3e18c62e1ce4c127cbc695c3c425e4c6cd2a3de41aaf19a5d195967b9
    • Opcode Fuzzy Hash: 16b5dc12d8e9a7ef98e7108ae6680ed93b0a619b83df0f8e21171930a1095709
    • Instruction Fuzzy Hash: 9F32802AB1DAC181EB20DB59E9403EAA761F785FC0F448132DB8D97B8ECE7DD8458740
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF6B5211860 Relevance: 1.6, Strings: 1, Instructions: 335COMMON
    Download Yara Rule
    Strings
    • ,M3.2.0,M11.1.00601021504Z0700476837158203125: cannot parse : no frame (sp=<invalid Value>ASCII_Hex_DigitAccept-EncodingAccept-LanguageAddDllDirectoryCLSIDFromProgIDCLSIDFromStringClientAuthType(CreateHardLinkWDeviceIoControlDuplicateHandleFailed to find Faile, xrefs: 00007FF6B52119AA
    Memory Dump Source
    • Source File: 00000000.00000002.1642009164.00007FF6B5181000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B5180000, based on PE: true
    • Associated: 00000000.00000002.1641992535.00007FF6B5180000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642203470.00007FF6B54D7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642222303.00007FF6B54E4000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642246538.00007FF6B550F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642264043.00007FF6B551D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642280720.00007FF6B5521000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642293731.00007FF6B5522000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642306996.00007FF6B5523000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642320363.00007FF6B5525000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B581B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5843000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B584A000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5871000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642775600.00007FF6B5882000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5883000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5886000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642816438.00007FF6B5887000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff6b5180000_pgsql.jbxd
    Similarity
    • API ID:
    • String ID: ,M3.2.0,M11.1.00601021504Z0700476837158203125: cannot parse : no frame (sp=<invalid Value>ASCII_Hex_DigitAccept-EncodingAccept-LanguageAddDllDirectoryCLSIDFromProgIDCLSIDFromStringClientAuthType(CreateHardLinkWDeviceIoControlDuplicateHandleFailed to find Faile
    • API String ID: 0-3812498421
    • Opcode ID: c9e021d567b81b1597fec655caa2be56f036e330ddb64e7d3e515aef18d8ba89
    • Instruction ID: f63042c4cd668960634f1b6ae7f609c9f54c0cd0cb1bb555cdd36f52db4f5738
    • Opcode Fuzzy Hash: c9e021d567b81b1597fec655caa2be56f036e330ddb64e7d3e515aef18d8ba89
    • Instruction Fuzzy Hash: B2E16C36B09BC581D7708B56EA403EAA365F798BC4F449122DF8C97B9ACF3DD8558B00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF6B51A8420 Relevance: 1.6, Strings: 1, Instructions: 318COMMON
    Download Yara Rule
    Strings
    • grew heap, but no adequate free space foundhttp2: too many 1xx informational responseshttp2: unexpected ALPN protocol %q; want %qinterrupted system call should be restartedmethodValueCallFrameObjs is not in a modulemult64bitPow10: power of 10 is out of rangemu, xrefs: 00007FF6B51A895A
    Memory Dump Source
    • Source File: 00000000.00000002.1642009164.00007FF6B5181000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B5180000, based on PE: true
    • Associated: 00000000.00000002.1641992535.00007FF6B5180000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642203470.00007FF6B54D7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642222303.00007FF6B54E4000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642246538.00007FF6B550F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642264043.00007FF6B551D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642280720.00007FF6B5521000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642293731.00007FF6B5522000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642306996.00007FF6B5523000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642320363.00007FF6B5525000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B581B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5843000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B584A000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5871000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642775600.00007FF6B5882000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5883000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5886000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642816438.00007FF6B5887000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff6b5180000_pgsql.jbxd
    Similarity
    • API ID:
    • String ID: grew heap, but no adequate free space foundhttp2: too many 1xx informational responseshttp2: unexpected ALPN protocol %q; want %qinterrupted system call should be restartedmethodValueCallFrameObjs is not in a modulemult64bitPow10: power of 10 is out of rangemu
    • API String ID: 0-817925779
    • Opcode ID: d4733a74b3d6e65ebc344b77f9e363b2c82c0bf594c65b17290f6d10ac336553
    • Instruction ID: e632d7184e0626d49dd6acfa29095c99abbf17136b1cd26bcdda97526710b8fd
    • Opcode Fuzzy Hash: d4733a74b3d6e65ebc344b77f9e363b2c82c0bf594c65b17290f6d10ac336553
    • Instruction Fuzzy Hash: E2E17F22B0DB8585EAA19B19E4503EAA761FB85F80F445035EF9D83B9EDF3CD854CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF6B51C5200 Relevance: 1.5, Strings: 1, Instructions: 290COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1642009164.00007FF6B5181000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B5180000, based on PE: true
    • Associated: 00000000.00000002.1641992535.00007FF6B5180000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642203470.00007FF6B54D7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642222303.00007FF6B54E4000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642246538.00007FF6B550F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642264043.00007FF6B551D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642280720.00007FF6B5521000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642293731.00007FF6B5522000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642306996.00007FF6B5523000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642320363.00007FF6B5525000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B581B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5843000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B584A000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5871000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642775600.00007FF6B5882000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5883000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5886000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642816438.00007FF6B5887000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff6b5180000_pgsql.jbxd
    Similarity
    • API ID:
    • String ID: OX'&
    • API String ID: 0-3261031550
    • Opcode ID: c9cf6bcaef5d1356ea2c75038e720390ef3b394716ac8e105a508165c1940dac
    • Instruction ID: 5b21c4a4c5994b14c07699078e401b03d573437353c3c074cdd4c078a6192e4a
    • Opcode Fuzzy Hash: c9cf6bcaef5d1356ea2c75038e720390ef3b394716ac8e105a508165c1940dac
    • Instruction Fuzzy Hash: 96C16A32A0D65286E6109B19E4412FAA7A1FB89F80F455131E78DCB7AFDF6DEC44CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF6B521C740 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
    Download Yara Rule
    Strings
    • ParseFloatPhoenicianProcessingPulseEventRIPEMD-160RST_STREAMResetEventSHA256-RSASHA384-RSASHA512-RSASYSTEMROOTSaurashtraSet-CookieTargetNameUser-AgentWSACleanupWSASocketWWSAStartupWindows 10Windows 11[:^alnum:][:^alpha:][:^ascii:][:^blank:][:^cntrl:][:^digit:], xrefs: 00007FF6B521C9C6, 00007FF6B521CAAD, 00007FF6B521CB7F
    Memory Dump Source
    • Source File: 00000000.00000002.1642009164.00007FF6B5181000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B5180000, based on PE: true
    • Associated: 00000000.00000002.1641992535.00007FF6B5180000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642203470.00007FF6B54D7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642222303.00007FF6B54E4000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642246538.00007FF6B550F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642264043.00007FF6B551D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642280720.00007FF6B5521000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642293731.00007FF6B5522000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642306996.00007FF6B5523000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642320363.00007FF6B5525000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B581B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5843000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B584A000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5871000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642775600.00007FF6B5882000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5883000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5886000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642816438.00007FF6B5887000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff6b5180000_pgsql.jbxd
    Similarity
    • API ID:
    • String ID: ParseFloatPhoenicianProcessingPulseEventRIPEMD-160RST_STREAMResetEventSHA256-RSASHA384-RSASHA512-RSASYSTEMROOTSaurashtraSet-CookieTargetNameUser-AgentWSACleanupWSASocketWWSAStartupWindows 10Windows 11[:^alnum:][:^alpha:][:^ascii:][:^blank:][:^cntrl:][:^digit:]
    • API String ID: 0-3961864988
    • Opcode ID: d896d5e0e467a54c28f22a0d073749951d64241887780aa6e1de4044b6debcd6
    • Instruction ID: c881e95724281350f9ede7711d40c570352e9b3cb6c4f23bccd6d26070ba91d1
    • Opcode Fuzzy Hash: d896d5e0e467a54c28f22a0d073749951d64241887780aa6e1de4044b6debcd6
    • Instruction Fuzzy Hash: 63D18D76A0DB8585EA209B19E8403EAA7A0FB89F84F845035DB8C93B5FDF3DD944C700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF6B521C220 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
    Download Yara Rule
    Strings
    • ParseFloatPhoenicianProcessingPulseEventRIPEMD-160RST_STREAMResetEventSHA256-RSASHA384-RSASHA512-RSASYSTEMROOTSaurashtraSet-CookieTargetNameUser-AgentWSACleanupWSASocketWWSAStartupWindows 10Windows 11[:^alnum:][:^alpha:][:^ascii:][:^blank:][:^cntrl:][:^digit:], xrefs: 00007FF6B521C4A6, 00007FF6B521C58D, 00007FF6B521C65F
    Memory Dump Source
    • Source File: 00000000.00000002.1642009164.00007FF6B5181000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B5180000, based on PE: true
    • Associated: 00000000.00000002.1641992535.00007FF6B5180000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642203470.00007FF6B54D7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642222303.00007FF6B54E4000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642246538.00007FF6B550F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642264043.00007FF6B551D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642280720.00007FF6B5521000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642293731.00007FF6B5522000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642306996.00007FF6B5523000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642320363.00007FF6B5525000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B581B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5843000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B584A000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5871000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642775600.00007FF6B5882000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5883000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5886000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642816438.00007FF6B5887000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff6b5180000_pgsql.jbxd
    Similarity
    • API ID:
    • String ID: ParseFloatPhoenicianProcessingPulseEventRIPEMD-160RST_STREAMResetEventSHA256-RSASHA384-RSASHA512-RSASYSTEMROOTSaurashtraSet-CookieTargetNameUser-AgentWSACleanupWSASocketWWSAStartupWindows 10Windows 11[:^alnum:][:^alpha:][:^ascii:][:^blank:][:^cntrl:][:^digit:]
    • API String ID: 0-3961864988
    • Opcode ID: c33e98212f02ec14752e3b8e09d700c524ea07d9257f511e0d9cde5b2d8fff57
    • Instruction ID: 3e537d750c8a6ba6621b4b0f049faea278f8b8e2fd7c5935bbd06a656123bb6d
    • Opcode Fuzzy Hash: c33e98212f02ec14752e3b8e09d700c524ea07d9257f511e0d9cde5b2d8fff57
    • Instruction Fuzzy Hash: 77D16176A0DB8585E6609B1AE4403EAA7A0FB89F80F845035EB8C9375FDF7DD844C700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF6B5195820 Relevance: 1.5, Strings: 1, Instructions: 220COMMON
    Download Yara Rule
    Strings
    • bulkBarrierPreWrite: unaligned argumentsc42d5abc8d316960e8c71ec2a2c690f3dea8459cc981e335f814737e66d998b4aef8056e394b30cccannot free workbufs when work.full != 0cannot represent time as GeneralizedTimechacha20poly1305: invalid buffer overlapcrypto/cipher: messa, xrefs: 00007FF6B5195B0F
    Memory Dump Source
    • Source File: 00000000.00000002.1642009164.00007FF6B5181000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B5180000, based on PE: true
    • Associated: 00000000.00000002.1641992535.00007FF6B5180000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642203470.00007FF6B54D7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642222303.00007FF6B54E4000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642246538.00007FF6B550F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642264043.00007FF6B551D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642280720.00007FF6B5521000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642293731.00007FF6B5522000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642306996.00007FF6B5523000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642320363.00007FF6B5525000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B581B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5843000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B584A000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5871000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642775600.00007FF6B5882000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5883000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5886000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642816438.00007FF6B5887000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff6b5180000_pgsql.jbxd
    Similarity
    • API ID:
    • String ID: bulkBarrierPreWrite: unaligned argumentsc42d5abc8d316960e8c71ec2a2c690f3dea8459cc981e335f814737e66d998b4aef8056e394b30cccannot free workbufs when work.full != 0cannot represent time as GeneralizedTimechacha20poly1305: invalid buffer overlapcrypto/cipher: messa
    • API String ID: 0-255457727
    • Opcode ID: 4450e5e1cfc39106311d60fdb43eb86ff39389dafabedd7b83deaebfc86c8319
    • Instruction ID: f136628db58c34b337b82be9c4ef64d0c2b870f43e0e6a9aad43c4bbb44503ae
    • Opcode Fuzzy Hash: 4450e5e1cfc39106311d60fdb43eb86ff39389dafabedd7b83deaebfc86c8319
    • Instruction Fuzzy Hash: E081A172A09A9582EB509F1AE1442EEA3A6FF44FD0F559032EB4D93B5FDE3CD8518700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF6B51BEA40 Relevance: 1.5, Strings: 1, Instructions: 213COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1642009164.00007FF6B5181000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B5180000, based on PE: true
    • Associated: 00000000.00000002.1641992535.00007FF6B5180000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642203470.00007FF6B54D7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642222303.00007FF6B54E4000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642246538.00007FF6B550F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642264043.00007FF6B551D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642280720.00007FF6B5521000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642293731.00007FF6B5522000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642306996.00007FF6B5523000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642320363.00007FF6B5525000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B581B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5843000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B584A000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5871000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642775600.00007FF6B5882000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5883000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5886000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642816438.00007FF6B5887000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff6b5180000_pgsql.jbxd
    Similarity
    • API ID:
    • String ID: OX'&
    • API String ID: 0-3261031550
    • Opcode ID: 39600c89afd548a76e1386573c706d379a9089834404c283acd74dfaada72bf2
    • Instruction ID: bf7887f0025be3151ac53356154409061c62b246e661e055cbc9b828b66c3fdd
    • Opcode Fuzzy Hash: 39600c89afd548a76e1386573c706d379a9089834404c283acd74dfaada72bf2
    • Instruction Fuzzy Hash: 7F915D21E096228AFB24EB59E4903F96761AF88F48F445635D71D877AFCE2CEC858740
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF6B52059A0 Relevance: 1.4, Strings: 1, Instructions: 189COMMON
    Download Yara Rule
    Strings
    • %SystemRoot%\system32\.localhost.localdomain4656612873077392578125Aleutian Standard TimeAtlantic Standard TimeCaucasus Standard TimeConvertSidToStringSidWConvertStringSidToSidWCreateEnvironmentBlockCreateIoCompletionPortDEBUG_HTTP2_GOROUTINESDateline Standard , xrefs: 00007FF6B5205AA4
    Memory Dump Source
    • Source File: 00000000.00000002.1642009164.00007FF6B5181000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B5180000, based on PE: true
    • Associated: 00000000.00000002.1641992535.00007FF6B5180000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642203470.00007FF6B54D7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642222303.00007FF6B54E4000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642246538.00007FF6B550F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642264043.00007FF6B551D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642280720.00007FF6B5521000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642293731.00007FF6B5522000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642306996.00007FF6B5523000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642320363.00007FF6B5525000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B581B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5843000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B584A000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5871000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642775600.00007FF6B5882000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5883000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5886000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642816438.00007FF6B5887000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff6b5180000_pgsql.jbxd
    Similarity
    • API ID:
    • String ID: %SystemRoot%\system32\.localhost.localdomain4656612873077392578125Aleutian Standard TimeAtlantic Standard TimeCaucasus Standard TimeConvertSidToStringSidWConvertStringSidToSidWCreateEnvironmentBlockCreateIoCompletionPortDEBUG_HTTP2_GOROUTINESDateline Standard
    • API String ID: 0-3344612646
    • Opcode ID: 2ed975aca5b1365278392d16343db784bcafe3e8f2c1c4d1e2f7e174f525043e
    • Instruction ID: 196618989fc6a88e24047ba4cbcb768578650508b8ef1f9eef43e6f3c46ede90
    • Opcode Fuzzy Hash: 2ed975aca5b1365278392d16343db784bcafe3e8f2c1c4d1e2f7e174f525043e
    • Instruction Fuzzy Hash: 5E81563271AA81C5DB649B15E5503EAA3E0FB84B90F998436DBCD83B5EDE3CD8408B40
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF6B51AD7A0 Relevance: 1.4, Strings: 1, Instructions: 172COMMON
    Download Yara Rule
    Strings
    • bad summary databad symbol tablebinary.BigEndianc2VjdGlvbl9zaXplc2xlZXBfdGltZQ==cG9ydF9maW5nZXI=cGVyVGFza01zZw==cGx1Z2luX2FsaWFzcastogscanstatuscmF3X3Jlc3VsdA==cmVtb3RlX3BvcnQ=content-encodingcontent-languagecontent-locationcontext canceleddS01Y0BQA3tWWV0=divi, xrefs: 00007FF6B51ADA25
    Memory Dump Source
    • Source File: 00000000.00000002.1642009164.00007FF6B5181000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B5180000, based on PE: true
    • Associated: 00000000.00000002.1641992535.00007FF6B5180000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642203470.00007FF6B54D7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642222303.00007FF6B54E4000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642246538.00007FF6B550F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642264043.00007FF6B551D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642280720.00007FF6B5521000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642293731.00007FF6B5522000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642306996.00007FF6B5523000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642320363.00007FF6B5525000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B581B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5843000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B584A000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5871000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642775600.00007FF6B5882000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5883000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5886000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642816438.00007FF6B5887000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff6b5180000_pgsql.jbxd
    Similarity
    • API ID:
    • String ID: bad summary databad symbol tablebinary.BigEndianc2VjdGlvbl9zaXplc2xlZXBfdGltZQ==cG9ydF9maW5nZXI=cGVyVGFza01zZw==cGx1Z2luX2FsaWFzcastogscanstatuscmF3X3Jlc3VsdA==cmVtb3RlX3BvcnQ=content-encodingcontent-languagecontent-locationcontext canceleddS01Y0BQA3tWWV0=divi
    • API String ID: 0-1165700329
    • Opcode ID: b9571bf4d6c719d2c0e769a39c63771975145eb6509b94b495f038ad572047e6
    • Instruction ID: d5afbba7683dfd4f9e55fe87dc45791cbc8c0c1206171c0f9bdd537a97c038cf
    • Opcode Fuzzy Hash: b9571bf4d6c719d2c0e769a39c63771975145eb6509b94b495f038ad572047e6
    • Instruction Fuzzy Hash: 5261C0A6A18B8882EB019B19E0403E96760FB89FD4F445236DBAD537DFCE7CD894C740
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF6B519AAA0 Relevance: 1.4, Strings: 1, Instructions: 159COMMON
    Download Yara Rule
    Strings
    • gcinggscanhchanhostshttpsi%d86imap2imap3imapsinet4inet6init int16int32int64kind=matchmheapmkdirmonthntohspanicparsepop3srangerouterune scav schedsleepslicesockssse41sse42ssse3stdinsudogsweeptext/tls: traceuint8usageutf-8write B -> Value addr= alloc base code, xrefs: 00007FF6B519AC12, 00007FF6B519AC29
    Memory Dump Source
    • Source File: 00000000.00000002.1642009164.00007FF6B5181000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B5180000, based on PE: true
    • Associated: 00000000.00000002.1641992535.00007FF6B5180000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642203470.00007FF6B54D7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642222303.00007FF6B54E4000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642246538.00007FF6B550F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642264043.00007FF6B551D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642280720.00007FF6B5521000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642293731.00007FF6B5522000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642306996.00007FF6B5523000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642320363.00007FF6B5525000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B581B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5843000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B584A000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5871000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642775600.00007FF6B5882000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5883000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5886000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642816438.00007FF6B5887000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff6b5180000_pgsql.jbxd
    Similarity
    • API ID:
    • String ID: gcinggscanhchanhostshttpsi%d86imap2imap3imapsinet4inet6init int16int32int64kind=matchmheapmkdirmonthntohspanicparsepop3srangerouterune scav schedsleepslicesockssse41sse42ssse3stdinsudogsweeptext/tls: traceuint8usageutf-8write B -> Value addr= alloc base code
    • API String ID: 0-3599579131
    • Opcode ID: 03ff7c5e681f877c1761b5756589f56b82fae9462e1fa787f5fa22549d91322b
    • Instruction ID: 910a19d45df5b5b3bbbdabcfc5a8ebd3ebe5209aa98ebf25fe4c82327b4efb8f
    • Opcode Fuzzy Hash: 03ff7c5e681f877c1761b5756589f56b82fae9462e1fa787f5fa22549d91322b
    • Instruction Fuzzy Hash: ED814832A0DA5286E7419B29E4813FA67A1BB49F80F448132D75DC36AFDF7DE849C700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF6B52126A0 Relevance: .7, Instructions: 654COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1642009164.00007FF6B5181000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B5180000, based on PE: true
    • Associated: 00000000.00000002.1641992535.00007FF6B5180000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642203470.00007FF6B54D7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642222303.00007FF6B54E4000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642246538.00007FF6B550F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642264043.00007FF6B551D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642280720.00007FF6B5521000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642293731.00007FF6B5522000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642306996.00007FF6B5523000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642320363.00007FF6B5525000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B581B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5843000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B584A000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5871000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642775600.00007FF6B5882000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5883000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5886000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642816438.00007FF6B5887000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff6b5180000_pgsql.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: cc011ebc0f8a4b1b9c908feb18fbf05ed14f870898a62d9efbddb05ab01e8f2d
    • Instruction ID: 055660b547dd3904c1ac51e5d2c83ce58cef356c8651eacb7f654134505a8d1b
    • Opcode Fuzzy Hash: cc011ebc0f8a4b1b9c908feb18fbf05ed14f870898a62d9efbddb05ab01e8f2d
    • Instruction Fuzzy Hash: 8E42B223A0DAD182EB74CA26EA403FB6352F795B84F44D131EF8D8768ADE7DD9458700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF6B51EEFE0 Relevance: .5, Instructions: 542COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1642009164.00007FF6B5181000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B5180000, based on PE: true
    • Associated: 00000000.00000002.1641992535.00007FF6B5180000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642203470.00007FF6B54D7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642222303.00007FF6B54E4000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642246538.00007FF6B550F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642264043.00007FF6B551D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642280720.00007FF6B5521000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642293731.00007FF6B5522000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642306996.00007FF6B5523000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642320363.00007FF6B5525000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B581B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5843000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B584A000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5871000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642775600.00007FF6B5882000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5883000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5886000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642816438.00007FF6B5887000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff6b5180000_pgsql.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 3a7997420dcb9dff67941e17a6be70ff223848ade62449473a837e1feebf62fc
    • Instruction ID: 8bd246c712428f4bf50a3295802869be48d34cda3c83ab6a941ec60d3e313cb5
    • Opcode Fuzzy Hash: 3a7997420dcb9dff67941e17a6be70ff223848ade62449473a837e1feebf62fc
    • Instruction Fuzzy Hash: 02324822A28A8185E6509B2DD4402E967A1F785FA0F944235DFAC97FEFDF2CD851DB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF6B52153C0 Relevance: .5, Instructions: 459COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1642009164.00007FF6B5181000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B5180000, based on PE: true
    • Associated: 00000000.00000002.1641992535.00007FF6B5180000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642203470.00007FF6B54D7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642222303.00007FF6B54E4000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642246538.00007FF6B550F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642264043.00007FF6B551D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642280720.00007FF6B5521000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642293731.00007FF6B5522000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642306996.00007FF6B5523000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642320363.00007FF6B5525000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B581B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5843000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B584A000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5871000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642775600.00007FF6B5882000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5883000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5886000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642816438.00007FF6B5887000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff6b5180000_pgsql.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: d004de028fa3f97a1f9f819f2703b321f6548c60cba74f8cb2618af0e15b2275
    • Instruction ID: fc5716be081698dd2a7f25514ba16079c1b9397682850520ca6548d26d3e1e0f
    • Opcode Fuzzy Hash: d004de028fa3f97a1f9f819f2703b321f6548c60cba74f8cb2618af0e15b2275
    • Instruction Fuzzy Hash: 75120962B0D6A185EB208B18E9403AFA752F741B94F448272DBAD876CEDF7DDC45CB01
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF6B5212120 Relevance: .4, Instructions: 393COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1642009164.00007FF6B5181000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B5180000, based on PE: true
    • Associated: 00000000.00000002.1641992535.00007FF6B5180000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642203470.00007FF6B54D7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642222303.00007FF6B54E4000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642246538.00007FF6B550F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642264043.00007FF6B551D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642280720.00007FF6B5521000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642293731.00007FF6B5522000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642306996.00007FF6B5523000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642320363.00007FF6B5525000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B581B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5843000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B584A000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5871000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642775600.00007FF6B5882000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5883000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5886000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642816438.00007FF6B5887000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff6b5180000_pgsql.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: c0757104719bc0c3b92259a4c9d8fffa19b87684f0c2a2dea9be7803514517dd
    • Instruction ID: 8181695bcd88e6b489087ce2a5c980d6f1aa5a957dc605fca69ca1fab399d2ba
    • Opcode Fuzzy Hash: c0757104719bc0c3b92259a4c9d8fffa19b87684f0c2a2dea9be7803514517dd
    • Instruction Fuzzy Hash: 6EE1C722F0D56546EB64CA66E9407FB9252BB94F80F488131EF4D87B8EDE7DDD018740
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF6B521B2A0 Relevance: .4, Instructions: 371COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1642009164.00007FF6B5181000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B5180000, based on PE: true
    • Associated: 00000000.00000002.1641992535.00007FF6B5180000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642203470.00007FF6B54D7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642222303.00007FF6B54E4000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642246538.00007FF6B550F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642264043.00007FF6B551D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642280720.00007FF6B5521000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642293731.00007FF6B5522000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642306996.00007FF6B5523000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642320363.00007FF6B5525000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B581B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5843000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B584A000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5871000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642775600.00007FF6B5882000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5883000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5886000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642816438.00007FF6B5887000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff6b5180000_pgsql.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: c49819f094af24741e109f0630776e5ef075bf93fdae26d1f81f42675faed134
    • Instruction ID: a21a17e78e5f5c5cf2151a6d374e98c78f3260e3a8f7e78f0ea44d73e35b2154
    • Opcode Fuzzy Hash: c49819f094af24741e109f0630776e5ef075bf93fdae26d1f81f42675faed134
    • Instruction Fuzzy Hash: 1DE1282AB1D1A181F7258719EA107BFAA61A785F80F481471EF8E43BCACE7EDD109710
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF6B51E0E80 Relevance: .4, Instructions: 368COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1642009164.00007FF6B5181000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B5180000, based on PE: true
    • Associated: 00000000.00000002.1641992535.00007FF6B5180000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642203470.00007FF6B54D7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642222303.00007FF6B54E4000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642246538.00007FF6B550F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642264043.00007FF6B551D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642280720.00007FF6B5521000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642293731.00007FF6B5522000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642306996.00007FF6B5523000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642320363.00007FF6B5525000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B581B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5843000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B584A000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5871000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642775600.00007FF6B5882000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5883000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5886000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642816438.00007FF6B5887000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff6b5180000_pgsql.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 2f5b67e7a85a32d3e40480ddc2d6672d4f28e72e642fb870735bccf0468068f6
    • Instruction ID: 84dd7b8f0607494516060e6cc4c69ea2de88888feb2ef2f06e1ed49ce3483dcd
    • Opcode Fuzzy Hash: 2f5b67e7a85a32d3e40480ddc2d6672d4f28e72e642fb870735bccf0468068f6
    • Instruction Fuzzy Hash: 96027332A1D7C192E6598B29E5403EAA3A1FB45B90F445136DB9D83B9ECF7CE864C700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF6B5221C40 Relevance: .4, Instructions: 355COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1642009164.00007FF6B5181000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B5180000, based on PE: true
    • Associated: 00000000.00000002.1641992535.00007FF6B5180000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642203470.00007FF6B54D7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642222303.00007FF6B54E4000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642246538.00007FF6B550F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642264043.00007FF6B551D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642280720.00007FF6B5521000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642293731.00007FF6B5522000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642306996.00007FF6B5523000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642320363.00007FF6B5525000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B581B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5843000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B584A000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5871000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642775600.00007FF6B5882000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5883000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5886000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642816438.00007FF6B5887000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff6b5180000_pgsql.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 2b1baa0dfcf8473fbd3c99c7ca4cd5f3e3e94ebba5b3bd60382efc17c6d197c4
    • Instruction ID: cdd27c97615fc0581cd1eaaabdc5f9daff78e2bcfe466894e82678833b47c7ad
    • Opcode Fuzzy Hash: 2b1baa0dfcf8473fbd3c99c7ca4cd5f3e3e94ebba5b3bd60382efc17c6d197c4
    • Instruction Fuzzy Hash: 37D1D726B1E65581EA648B1AA900BFAA661F794FC0F544031EF8DC7B5ECE7EDD01C740
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF6B5223D20 Relevance: .3, Instructions: 346COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1642009164.00007FF6B5181000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B5180000, based on PE: true
    • Associated: 00000000.00000002.1641992535.00007FF6B5180000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642203470.00007FF6B54D7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642222303.00007FF6B54E4000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642246538.00007FF6B550F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642264043.00007FF6B551D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642280720.00007FF6B5521000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642293731.00007FF6B5522000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642306996.00007FF6B5523000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642320363.00007FF6B5525000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B581B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5843000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B584A000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5871000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642775600.00007FF6B5882000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5883000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5886000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642816438.00007FF6B5887000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff6b5180000_pgsql.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: ebf5c3488fb37ea29c582327706f620717307114b49081e27ccf755275da9388
    • Instruction ID: 786e5975a03c8d0586be1833c2d4502317d1a36278d7b465e912e5925787ec11
    • Opcode Fuzzy Hash: ebf5c3488fb37ea29c582327706f620717307114b49081e27ccf755275da9388
    • Instruction Fuzzy Hash: CFC1C96AF2D54286FF24DF299D402FA9392AB54F40F894836CB0EC369BCD7EED454240
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF6B51965C0 Relevance: .3, Instructions: 327COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1642009164.00007FF6B5181000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B5180000, based on PE: true
    • Associated: 00000000.00000002.1641992535.00007FF6B5180000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642203470.00007FF6B54D7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642222303.00007FF6B54E4000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642246538.00007FF6B550F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642264043.00007FF6B551D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642280720.00007FF6B5521000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642293731.00007FF6B5522000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642306996.00007FF6B5523000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642320363.00007FF6B5525000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B581B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5843000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B584A000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5871000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642775600.00007FF6B5882000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5883000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5886000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642816438.00007FF6B5887000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff6b5180000_pgsql.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 52120ad941f7f16741ddba2d9d02a67c6a5322ba6bca35d8ae5501a4d64cdc74
    • Instruction ID: c7dba7c406a1bcbbedf19f406f38323ca52b60d209b653030934cd518be4c0df
    • Opcode Fuzzy Hash: 52120ad941f7f16741ddba2d9d02a67c6a5322ba6bca35d8ae5501a4d64cdc74
    • Instruction Fuzzy Hash: A4D15266B08BC581D6609B5AA8407EAA761F789FD0F444136EF8D93B9ECF3CD852C710
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF6B51EE7E0 Relevance: .3, Instructions: 321COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1642009164.00007FF6B5181000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B5180000, based on PE: true
    • Associated: 00000000.00000002.1641992535.00007FF6B5180000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642203470.00007FF6B54D7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642222303.00007FF6B54E4000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642246538.00007FF6B550F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642264043.00007FF6B551D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642280720.00007FF6B5521000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642293731.00007FF6B5522000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642306996.00007FF6B5523000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642320363.00007FF6B5525000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B581B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5843000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B584A000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5871000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642775600.00007FF6B5882000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5883000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5886000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642816438.00007FF6B5887000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff6b5180000_pgsql.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 0bf080088704e5570e13d9f803712e6ba14c6f6645e6f0738568b834a61846af
    • Instruction ID: 78126eadce06bd20dcbd1cfae0f962b7452b9ee6b0da4f4daa6f9565bcd0ba76
    • Opcode Fuzzy Hash: 0bf080088704e5570e13d9f803712e6ba14c6f6645e6f0738568b834a61846af
    • Instruction Fuzzy Hash: 63E10C3261DA8585EA64DB19E4413EAB7A1FB89F80F444135EB8D87F9EDF2CD845CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF6B521E620 Relevance: .3, Instructions: 297COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1642009164.00007FF6B5181000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B5180000, based on PE: true
    • Associated: 00000000.00000002.1641992535.00007FF6B5180000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642203470.00007FF6B54D7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642222303.00007FF6B54E4000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642246538.00007FF6B550F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642264043.00007FF6B551D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642280720.00007FF6B5521000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642293731.00007FF6B5522000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642306996.00007FF6B5523000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642320363.00007FF6B5525000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B581B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5843000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B584A000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5871000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642775600.00007FF6B5882000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5883000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5886000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642816438.00007FF6B5887000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff6b5180000_pgsql.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 796dd868754a61f14d19d7f6b616eeb5c99917d22c3b14eeca83d822bd4adac1
    • Instruction ID: 5af045f83c978a57474b4a38f52ffdf960c3c000df506cb15029e74f5160cc29
    • Opcode Fuzzy Hash: 796dd868754a61f14d19d7f6b616eeb5c99917d22c3b14eeca83d822bd4adac1
    • Instruction Fuzzy Hash: C5B1B262E0AA9186FA198B08DE043FA6E95EB58FD0F884530D75D877DFDF3DA9458300
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF6B51870C0 Relevance: .3, Instructions: 260COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1642009164.00007FF6B5181000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B5180000, based on PE: true
    • Associated: 00000000.00000002.1641992535.00007FF6B5180000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642203470.00007FF6B54D7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642222303.00007FF6B54E4000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642246538.00007FF6B550F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642264043.00007FF6B551D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642280720.00007FF6B5521000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642293731.00007FF6B5522000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642306996.00007FF6B5523000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642320363.00007FF6B5525000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B581B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5843000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B584A000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5871000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642775600.00007FF6B5882000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5883000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5886000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642816438.00007FF6B5887000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff6b5180000_pgsql.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 438740fd81c18845f8f50ddd0afa66df90e16e858fe2e3fb0bf1b263c71b21f2
    • Instruction ID: 1397c5b6024d89a46052ec01912de19cd62b64a5abc52acd67c029d23ce9b471
    • Opcode Fuzzy Hash: 438740fd81c18845f8f50ddd0afa66df90e16e858fe2e3fb0bf1b263c71b21f2
    • Instruction Fuzzy Hash: 80C18B32A09B8681EA209B19E5403E967A1FB41FC4F185435DB4D83B9ECFBEEC45C361
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF6B51E3EA9 Relevance: .3, Instructions: 257COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1642009164.00007FF6B5181000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B5180000, based on PE: true
    • Associated: 00000000.00000002.1641992535.00007FF6B5180000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642203470.00007FF6B54D7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642222303.00007FF6B54E4000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642246538.00007FF6B550F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642264043.00007FF6B551D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642280720.00007FF6B5521000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642293731.00007FF6B5522000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642306996.00007FF6B5523000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642320363.00007FF6B5525000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B581B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5843000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B584A000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5871000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642775600.00007FF6B5882000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5883000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5886000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642816438.00007FF6B5887000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff6b5180000_pgsql.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: de4fec32b2ca28800646763b9c855b63e524f12278a023a3172aa5bc88eeb4cf
    • Instruction ID: 9f793d414ade1d66cfb4a8ea16d59c44c3f5e26987a78598d3e6cf25bea53ab6
    • Opcode Fuzzy Hash: de4fec32b2ca28800646763b9c855b63e524f12278a023a3172aa5bc88eeb4cf
    • Instruction Fuzzy Hash: 6FB10E16E1CFDB10E613567C94039766A10AEF3AC4F01D73AFAC6F16A3DB566A00B522
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF6B51C01A0 Relevance: .2, Instructions: 211COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1642009164.00007FF6B5181000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B5180000, based on PE: true
    • Associated: 00000000.00000002.1641992535.00007FF6B5180000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642203470.00007FF6B54D7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642222303.00007FF6B54E4000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642246538.00007FF6B550F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642264043.00007FF6B551D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642280720.00007FF6B5521000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642293731.00007FF6B5522000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642306996.00007FF6B5523000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642320363.00007FF6B5525000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B581B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5843000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B584A000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5871000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642775600.00007FF6B5882000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5883000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5886000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642816438.00007FF6B5887000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff6b5180000_pgsql.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 00b7fbed491b801313a320abe9d3c071a94e4e07cc675273bf6d9da571ee3b11
    • Instruction ID: b2341cdc898164edfd54a3cb773285d3a136a6788320bdf2cb3814dad7588dd7
    • Opcode Fuzzy Hash: 00b7fbed491b801313a320abe9d3c071a94e4e07cc675273bf6d9da571ee3b11
    • Instruction Fuzzy Hash: D591A336A0C69186D751DB1AA0406AEABA5FB89FC0F544035EF8D87B5ECF3DEC408B40
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF6B51AAFC0 Relevance: .2, Instructions: 211COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1642009164.00007FF6B5181000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B5180000, based on PE: true
    • Associated: 00000000.00000002.1641992535.00007FF6B5180000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642203470.00007FF6B54D7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642222303.00007FF6B54E4000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642246538.00007FF6B550F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642264043.00007FF6B551D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642280720.00007FF6B5521000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642293731.00007FF6B5522000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642306996.00007FF6B5523000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642320363.00007FF6B5525000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B581B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5843000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B584A000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5871000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642775600.00007FF6B5882000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5883000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5886000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642816438.00007FF6B5887000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff6b5180000_pgsql.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 5936305c45aaf4d3ec60cf689de0c24c4be1931a3e14579da1f6965fca8fca76
    • Instruction ID: 79669acfd1d5f277ea7f3dffdd45715ee810e58351361d8f89987627a92ebff1
    • Opcode Fuzzy Hash: 5936305c45aaf4d3ec60cf689de0c24c4be1931a3e14579da1f6965fca8fca76
    • Instruction Fuzzy Hash: 9B913E76A18B8582EB108B19F0803AAB7A1FB85BD4F545136EB9D53B9ECF3CD455CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF6B5210F20 Relevance: .2, Instructions: 207COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1642009164.00007FF6B5181000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B5180000, based on PE: true
    • Associated: 00000000.00000002.1641992535.00007FF6B5180000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642203470.00007FF6B54D7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642222303.00007FF6B54E4000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642246538.00007FF6B550F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642264043.00007FF6B551D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642280720.00007FF6B5521000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642293731.00007FF6B5522000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642306996.00007FF6B5523000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642320363.00007FF6B5525000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B581B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5843000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B584A000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5871000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642775600.00007FF6B5882000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5883000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5886000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642816438.00007FF6B5887000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff6b5180000_pgsql.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 0e6193a4b5eb9a5608fa3d4cf74993b9cb7668246115e306e37fae6da33bfb6c
    • Instruction ID: bcc9b177aa6ac86f9f06bf591c416404b76994a1be0b66b878b1c72ce04bd57d
    • Opcode Fuzzy Hash: 0e6193a4b5eb9a5608fa3d4cf74993b9cb7668246115e306e37fae6da33bfb6c
    • Instruction Fuzzy Hash: 2C51E3A1F0B9A642EA28455ADB012FAD1426B55FE0F59C231DF2D9B7CEDE3E9D024240
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF6B51AC4A0 Relevance: .2, Instructions: 192COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1642009164.00007FF6B5181000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B5180000, based on PE: true
    • Associated: 00000000.00000002.1641992535.00007FF6B5180000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642203470.00007FF6B54D7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642222303.00007FF6B54E4000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642246538.00007FF6B550F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642264043.00007FF6B551D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642280720.00007FF6B5521000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642293731.00007FF6B5522000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642306996.00007FF6B5523000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642320363.00007FF6B5525000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B581B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5843000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B584A000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5871000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642775600.00007FF6B5882000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5883000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5886000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642816438.00007FF6B5887000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff6b5180000_pgsql.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: f25b348012d515ec32958ffac61845b4e7a7f0278694b2c6fff21964cc6e2630
    • Instruction ID: 2f88c06fd6dc4455ec22f1b41b532d904b7a7d347b05222bcd7659c899c8388a
    • Opcode Fuzzy Hash: f25b348012d515ec32958ffac61845b4e7a7f0278694b2c6fff21964cc6e2630
    • Instruction Fuzzy Hash: 1371C372B18B8582EB118B19E0403AAA762F785FC4F045135EB9D53BAECF7CD854C700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF6B5222480 Relevance: .2, Instructions: 165COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1642009164.00007FF6B5181000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B5180000, based on PE: true
    • Associated: 00000000.00000002.1641992535.00007FF6B5180000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642203470.00007FF6B54D7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642222303.00007FF6B54E4000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642246538.00007FF6B550F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642264043.00007FF6B551D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642280720.00007FF6B5521000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642293731.00007FF6B5522000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642306996.00007FF6B5523000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642320363.00007FF6B5525000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B581B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5843000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B584A000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5871000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642775600.00007FF6B5882000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5883000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5886000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642816438.00007FF6B5887000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff6b5180000_pgsql.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 625c823e2bfe26dd75c56deeb1c1a0f7844637ec7ee80f97cee3fc21de05409b
    • Instruction ID: 2beb9d13585a3f40ff8fadbe98e424d9ff78767fed4c1d4f99b695166cca9f9c
    • Opcode Fuzzy Hash: 625c823e2bfe26dd75c56deeb1c1a0f7844637ec7ee80f97cee3fc21de05409b
    • Instruction Fuzzy Hash: 95511C2AF2D59242E62CCA0C5A202F96656BB94F94F459139DB0E877DECE7FDC21C340
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF6B518AD80 Relevance: .2, Instructions: 160COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1642009164.00007FF6B5181000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B5180000, based on PE: true
    • Associated: 00000000.00000002.1641992535.00007FF6B5180000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642203470.00007FF6B54D7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642222303.00007FF6B54E4000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642246538.00007FF6B550F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642264043.00007FF6B551D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642280720.00007FF6B5521000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642293731.00007FF6B5522000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642306996.00007FF6B5523000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642320363.00007FF6B5525000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B581B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5843000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B584A000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5871000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642775600.00007FF6B5882000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5883000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5886000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642816438.00007FF6B5887000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff6b5180000_pgsql.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: b7f38295fb6e68a6d059f9c87ba36da48b59704a848d3208b6e13b71c84999ef
    • Instruction ID: 5bb069bcde7b3309c344f07f387ba4ada4fd2f6c9c548104b15f013a9228f2f0
    • Opcode Fuzzy Hash: b7f38295fb6e68a6d059f9c87ba36da48b59704a848d3208b6e13b71c84999ef
    • Instruction Fuzzy Hash: 68414E95B0795543BE208F1A45640BAE361AB0AFE0B58E732CF1DB779EDD2CEC408344
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF6B5211EE0 Relevance: .2, Instructions: 156COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1642009164.00007FF6B5181000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B5180000, based on PE: true
    • Associated: 00000000.00000002.1641992535.00007FF6B5180000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642203470.00007FF6B54D7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642222303.00007FF6B54E4000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642246538.00007FF6B550F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642264043.00007FF6B551D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642280720.00007FF6B5521000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642293731.00007FF6B5522000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642306996.00007FF6B5523000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642320363.00007FF6B5525000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B581B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5843000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B584A000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5871000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642775600.00007FF6B5882000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5883000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5886000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642816438.00007FF6B5887000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff6b5180000_pgsql.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 98283b1fcd23035b3a83dfb1bfad08dabc32f46006b8e3cc253170776fc68a15
    • Instruction ID: 22307ab6cfc942c4b6d12c4700a765e52d25c2bb15d5dde5a62e951b35a47189
    • Opcode Fuzzy Hash: 98283b1fcd23035b3a83dfb1bfad08dabc32f46006b8e3cc253170776fc68a15
    • Instruction Fuzzy Hash: C151F526B19A5186DB208B2AE9001FAE751F799FC4F9C4131EB4E87B9ECF7DD9408740
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF6B51D0AE0 Relevance: .2, Instructions: 155COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1642009164.00007FF6B5181000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B5180000, based on PE: true
    • Associated: 00000000.00000002.1641992535.00007FF6B5180000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642203470.00007FF6B54D7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642222303.00007FF6B54E4000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642246538.00007FF6B550F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642264043.00007FF6B551D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642280720.00007FF6B5521000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642293731.00007FF6B5522000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642306996.00007FF6B5523000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642320363.00007FF6B5525000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B581B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5843000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B584A000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5871000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642775600.00007FF6B5882000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5883000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5886000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642816438.00007FF6B5887000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff6b5180000_pgsql.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 62a672dfb1ed1bc5d2f893a09028e78a729bbdf95e7adfeb27173383b77a673f
    • Instruction ID: 5e8f3db1f80d290284a9af474703bdb7b037550ea6447e7214a2947c2fc0cb08
    • Opcode Fuzzy Hash: 62a672dfb1ed1bc5d2f893a09028e78a729bbdf95e7adfeb27173383b77a673f
    • Instruction Fuzzy Hash: 6B51D816F4CD098AFB15DB6990812FAA3C5AB84B58F884935D76D832CFEE2CDC908604
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF6B521EEE0 Relevance: .1, Instructions: 136COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1642009164.00007FF6B5181000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B5180000, based on PE: true
    • Associated: 00000000.00000002.1641992535.00007FF6B5180000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642203470.00007FF6B54D7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642222303.00007FF6B54E4000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642246538.00007FF6B550F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642264043.00007FF6B551D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642280720.00007FF6B5521000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642293731.00007FF6B5522000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642306996.00007FF6B5523000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642320363.00007FF6B5525000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B581B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5843000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B584A000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5871000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642775600.00007FF6B5882000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5883000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5886000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642816438.00007FF6B5887000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff6b5180000_pgsql.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: f6eb9bff6c82740c3b2d96e671d05fad24b33dcd455b666f32334ed9d5735168
    • Instruction ID: e1a47339d7d7681856c7912588915d26a54eddb8a994d487315233322709b158
    • Opcode Fuzzy Hash: f6eb9bff6c82740c3b2d96e671d05fad24b33dcd455b666f32334ed9d5735168
    • Instruction Fuzzy Hash: 954115A2F166B541EE18853ADE103F592428B59FF0F588331CE3DA7BDDEE2C9C428200
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF6B5205660 Relevance: .1, Instructions: 131COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1642009164.00007FF6B5181000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B5180000, based on PE: true
    • Associated: 00000000.00000002.1641992535.00007FF6B5180000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642203470.00007FF6B54D7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642222303.00007FF6B54E4000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642246538.00007FF6B550F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642264043.00007FF6B551D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642280720.00007FF6B5521000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642293731.00007FF6B5522000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642306996.00007FF6B5523000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642320363.00007FF6B5525000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B581B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5843000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B584A000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5871000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642775600.00007FF6B5882000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5883000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5886000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642816438.00007FF6B5887000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff6b5180000_pgsql.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 5339827f4044d5e57a6c836b387f61395bc6bab9e76a195de73c8ff0c785bf95
    • Instruction ID: b369c7fab07b9784f266614060bc5cb1a452988243e6b30b5dbdc449df3b5961
    • Opcode Fuzzy Hash: 5339827f4044d5e57a6c836b387f61395bc6bab9e76a195de73c8ff0c785bf95
    • Instruction Fuzzy Hash: B7513236B1AB8186D750DB19B9501AAA3A5FB84FC0F585036EF8D93B5EDF3CD8518B00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF6B521ED00 Relevance: .1, Instructions: 130COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1642009164.00007FF6B5181000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B5180000, based on PE: true
    • Associated: 00000000.00000002.1641992535.00007FF6B5180000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642203470.00007FF6B54D7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642222303.00007FF6B54E4000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642246538.00007FF6B550F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642264043.00007FF6B551D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642280720.00007FF6B5521000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642293731.00007FF6B5522000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642306996.00007FF6B5523000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642320363.00007FF6B5525000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B581B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5843000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B584A000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5871000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642775600.00007FF6B5882000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5883000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5886000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642816438.00007FF6B5887000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff6b5180000_pgsql.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 73a5b11d724e13c74b88a3abcb91562aa43df4fc5624bafabe6257cc5de53852
    • Instruction ID: 01b1ce63c0af2f600c2e46f35f6d54ee0fd5d771cf3d760eeba20d4d7d08dc9c
    • Opcode Fuzzy Hash: 73a5b11d724e13c74b88a3abcb91562aa43df4fc5624bafabe6257cc5de53852
    • Instruction Fuzzy Hash: 0841E7A2F1666541EE14C52ADE103F592468F59FE0F589331CE2DA7BDDEE6DEC438200
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF6B51A2900 Relevance: .1, Instructions: 107COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1642009164.00007FF6B5181000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B5180000, based on PE: true
    • Associated: 00000000.00000002.1641992535.00007FF6B5180000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642203470.00007FF6B54D7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642222303.00007FF6B54E4000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642246538.00007FF6B550F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642264043.00007FF6B551D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642280720.00007FF6B5521000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642293731.00007FF6B5522000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642306996.00007FF6B5523000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642320363.00007FF6B5525000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B581B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5843000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B584A000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5871000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642775600.00007FF6B5882000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5883000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5886000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642816438.00007FF6B5887000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff6b5180000_pgsql.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: b4599d93e279ac60f6beada36299f31454f4b5abc1a6f92b34813a3e97d77de1
    • Instruction ID: b36bc88863193a63206338360adca7b3fe4263cd0f900b9adeeba29a8f9e75ac
    • Opcode Fuzzy Hash: b4599d93e279ac60f6beada36299f31454f4b5abc1a6f92b34813a3e97d77de1
    • Instruction Fuzzy Hash: 46411762F0FE1649ED479B3E51111B492065F52FE0B94C731DA3FF69EE9F1DA8468200
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF6B518EB80 Relevance: .1, Instructions: 100COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1642009164.00007FF6B5181000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B5180000, based on PE: true
    • Associated: 00000000.00000002.1641992535.00007FF6B5180000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642203470.00007FF6B54D7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642222303.00007FF6B54E4000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642246538.00007FF6B550F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642264043.00007FF6B551D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642280720.00007FF6B5521000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642293731.00007FF6B5522000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642306996.00007FF6B5523000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642320363.00007FF6B5525000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B581B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5843000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B584A000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5871000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642775600.00007FF6B5882000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5883000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5886000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642816438.00007FF6B5887000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff6b5180000_pgsql.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 2dc4f7d901f8fcb9f7577cc2a534dda6c0b3b5b2279239c153654954e5a7ad50
    • Instruction ID: ec5f0ee1122518e68cd83b7f3c37e929baab0c3e11710539bcd66b04c7560c86
    • Opcode Fuzzy Hash: 2dc4f7d901f8fcb9f7577cc2a534dda6c0b3b5b2279239c153654954e5a7ad50
    • Instruction Fuzzy Hash: 66214CA1E69E454ADA47D73E44102658206AF9ABC0F58C732EE1FB379EEF3CD4C24200
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF6B51A7760 Relevance: .1, Instructions: 78COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1642009164.00007FF6B5181000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B5180000, based on PE: true
    • Associated: 00000000.00000002.1641992535.00007FF6B5180000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642203470.00007FF6B54D7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642222303.00007FF6B54E4000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642246538.00007FF6B550F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642264043.00007FF6B551D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642280720.00007FF6B5521000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642293731.00007FF6B5522000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642306996.00007FF6B5523000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642320363.00007FF6B5525000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B581B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5843000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B584A000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5871000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642775600.00007FF6B5882000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5883000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5886000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642816438.00007FF6B5887000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff6b5180000_pgsql.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 0ea109b1ed695ffcd761dc2d95915c5d69bca188c65f1958c24cfaa12934397c
    • Instruction ID: 9d254025a8b4bcbf696a6f57f1a4a85a953c95edade29c4fce8e2076dd0d40fa
    • Opcode Fuzzy Hash: 0ea109b1ed695ffcd761dc2d95915c5d69bca188c65f1958c24cfaa12934397c
    • Instruction Fuzzy Hash: 7831656AB18B8691EB449B1DE4802E96751EB84BC0F858032DF4F8375FDE7CE94AC700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF6B5882674 Relevance: .0, Instructions: 22COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1642775600.00007FF6B5882000.00000004.00000001.01000000.00000003.sdmp, Offset: 00007FF6B5180000, based on PE: true
    • Associated: 00000000.00000002.1641992535.00007FF6B5180000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642009164.00007FF6B5181000.00000020.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642203470.00007FF6B54D7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642222303.00007FF6B54E4000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642246538.00007FF6B550F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642264043.00007FF6B551D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642280720.00007FF6B5521000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642293731.00007FF6B5522000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642306996.00007FF6B5523000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642320363.00007FF6B5525000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B581B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5843000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B584A000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5871000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5883000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5886000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642816438.00007FF6B5887000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff6b5180000_pgsql.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 14ab425daa742a0473669d9a7bda33a9a36dfc0d2137603a73c877caeb581ec8
    • Instruction ID: 32a9260fdb734ab052aba0d6e97980cef082fe756d6fb826185859466f889bb7
    • Opcode Fuzzy Hash: 14ab425daa742a0473669d9a7bda33a9a36dfc0d2137603a73c877caeb581ec8
    • Instruction Fuzzy Hash: 41F09ECBE5EEE34BF2A2D55C0D6D2E92AD1E772E1570D4077CB5A8628BAC092C154313
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF6B51E8CE0 Relevance: .0, Instructions: 14COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1642009164.00007FF6B5181000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B5180000, based on PE: true
    • Associated: 00000000.00000002.1641992535.00007FF6B5180000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642203470.00007FF6B54D7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642222303.00007FF6B54E4000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642246538.00007FF6B550F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642264043.00007FF6B551D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642280720.00007FF6B5521000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642293731.00007FF6B5522000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642306996.00007FF6B5523000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642320363.00007FF6B5525000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B581B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5843000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B584A000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5871000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642775600.00007FF6B5882000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5883000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5886000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642816438.00007FF6B5887000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff6b5180000_pgsql.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 852cfdc2fd3ac9b7c25d31a735934cee13b04b1e903b7560be99468968d20bef
    • Instruction ID: 30047a1a9c2d29bdd0374c53c5f4cad1e8a3fa0eb7028456e96bb5c9aab6f47c
    • Opcode Fuzzy Hash: 852cfdc2fd3ac9b7c25d31a735934cee13b04b1e903b7560be99468968d20bef
    • Instruction Fuzzy Hash: 00E0EC35624A8480D6204B19E4413967720F788BB4F580322EFBC477F8DE3CC2218F40
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF6B51E6DE0 Relevance: .0, Instructions: 11COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1642009164.00007FF6B5181000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B5180000, based on PE: true
    • Associated: 00000000.00000002.1641992535.00007FF6B5180000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642203470.00007FF6B54D7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642222303.00007FF6B54E4000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642246538.00007FF6B550F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642264043.00007FF6B551D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642280720.00007FF6B5521000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642293731.00007FF6B5522000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642306996.00007FF6B5523000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642320363.00007FF6B5525000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B581B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5843000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B584A000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5871000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642775600.00007FF6B5882000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5883000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5886000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642816438.00007FF6B5887000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff6b5180000_pgsql.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: c874f0b81bb853d142941d87a038aabe4ecee52f87662fd1afe514382570817b
    • Instruction ID: 0079a01fc54eba85c31808ca558df19fb4fa9544e7c4a0145ebbef8d28656d54
    • Opcode Fuzzy Hash: c874f0b81bb853d142941d87a038aabe4ecee52f87662fd1afe514382570817b
    • Instruction Fuzzy Hash: E2C08CE8E1EAA329FB20C308B5003A429C69F04780DC080B4D39C88A6EDE2CBA814104
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF6B54CB050 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 138COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1642009164.00007FF6B5181000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B5180000, based on PE: true
    • Associated: 00000000.00000002.1641992535.00007FF6B5180000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642203470.00007FF6B54D7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642222303.00007FF6B54E4000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642246538.00007FF6B550F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642264043.00007FF6B551D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642280720.00007FF6B5521000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642293731.00007FF6B5522000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642306996.00007FF6B5523000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642320363.00007FF6B5525000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B581B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5843000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B584A000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5871000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642775600.00007FF6B5882000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5883000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5886000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642816438.00007FF6B5887000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff6b5180000_pgsql.jbxd
    Similarity
    • API ID: QueryVirtual
    • String ID: VirtualProtect failed with code 0x%x$ VirtualQuery failed for %d bytes at address %p$Address %p has no image-section$Mingw-w64 runtime failure:
    • API String ID: 1804819252-1534286854
    • Opcode ID: bedc30007405a58d21b30176ab6d1fec7a89e6932beda3d10f6d81b808a714d6
    • Instruction ID: 1c12d6eccbbced68246a6014d00f852b76305b5009e5fb085335a1054b78b9fa
    • Opcode Fuzzy Hash: bedc30007405a58d21b30176ab6d1fec7a89e6932beda3d10f6d81b808a714d6
    • Instruction Fuzzy Hash: A051E172B09A1681EB109B19E8406E97760FF85F94F848134DF1D8779AEF7CE889C700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF6B54CB230 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 183memoryCOMMON
    Download Yara Rule
    APIs
    • VirtualProtect.KERNEL32(00007FF6B58809E0,00007FFE2167ADA0,?,?,?,00000001,00007FF6B5181261), ref: 00007FF6B54CB3D5
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1642009164.00007FF6B5181000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B5180000, based on PE: true
    • Associated: 00000000.00000002.1641992535.00007FF6B5180000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642203470.00007FF6B54D7000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642222303.00007FF6B54E4000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642246538.00007FF6B550F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642264043.00007FF6B551D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642280720.00007FF6B5521000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642293731.00007FF6B5522000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642306996.00007FF6B5523000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642320363.00007FF6B5525000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B581B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5843000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B584A000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642713313.00007FF6B5871000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642775600.00007FF6B5882000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5883000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642790808.00007FF6B5886000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1642816438.00007FF6B5887000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff6b5180000_pgsql.jbxd
    Similarity
    • API ID: ProtectVirtual
    • String ID: Unknown pseudo relocation bit size %d.$ Unknown pseudo relocation protocol version %d.
    • API String ID: 544645111-395989641
    • Opcode ID: 3a214655a2a6150775f536a1d3933437ae127d34ce7b14dca4f05d5019f0c42f
    • Instruction ID: ab156543d5c660708334aeb710c11a8338206823656581e3a1e079a626c3598e
    • Opcode Fuzzy Hash: 3a214655a2a6150775f536a1d3933437ae127d34ce7b14dca4f05d5019f0c42f
    • Instruction Fuzzy Hash: 4461DF72B0965682EA158F19A8401B97765FFD5F94F848230CB6D8739EDF7CE888C700
    Uniqueness

    Uniqueness Score: -1.00%